CfnProtectionPropsMixin
- class aws_cdk.mixins_preview.aws_shield.mixins.CfnProtectionPropsMixin(props, *, strategy=None)
Bases:
MixinEnables AWS Shield Advanced for a specific AWS resource.
The resource can be an Amazon CloudFront distribution, Amazon Route 53 hosted zone, AWS Global Accelerator standard accelerator, Elastic IP Address, Application Load Balancer, or a Classic Load Balancer. You can protect Amazon EC2 instances and Network Load Balancers by association with protected Amazon EC2 Elastic IP addresses.
Configure a single ``AWS::Shield::Protection``
Use this protection to protect a single resource at a time.
To configure this Shield Advanced protection through CloudFormation , you must be subscribed to Shield Advanced . You can subscribe through the Shield Advanced console and through the APIs. For more information, see Subscribe to AWS Shield Advanced .
See example templates for Shield Advanced in CloudFormation at aws-samples/aws-shield-advanced-examples .
Configure Shield Advanced using AWS CloudFormation and AWS Firewall Manager
You might be able to use Firewall Manager with AWS CloudFormation to configure Shield Advanced across multiple accounts and protected resources. To do this, your accounts must be part of an organization in AWS Organizations . You can use Firewall Manager to configure Shield Advanced protections for any resource types except for Amazon Route 53 or AWS Global Accelerator .
For an example of this, see the one-click configuration guidance published by the AWS technical community at One-click deployment of Shield Advanced .
Configure multiple protections through the Shield Advanced console
You can add protection to multiple resources at once through the Shield Advanced console . For more information see Getting Started with AWS Shield Advanced and Managing resource protections in AWS Shield Advanced .
- See:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-shield-protection.html
- CloudformationResource:
AWS::Shield::Protection
- Mixin:
true
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview import mixins from aws_cdk.mixins_preview.aws_shield import mixins as shield_mixins # block: Any # count: Any cfn_protection_props_mixin = shield_mixins.CfnProtectionPropsMixin(shield_mixins.CfnProtectionMixinProps( application_layer_automatic_response_configuration=shield_mixins.CfnProtectionPropsMixin.ApplicationLayerAutomaticResponseConfigurationProperty( action=shield_mixins.CfnProtectionPropsMixin.ActionProperty( block=block, count=count ), status="status" ), health_check_arns=["healthCheckArns"], name="name", resource_arn="resourceArn", tags=[CfnTag( key="key", value="value" )] ), strategy=mixins.PropertyMergeStrategy.OVERRIDE )
Create a mixin to apply properties to
AWS::Shield::Protection.- Parameters:
props (
Union[CfnProtectionMixinProps,Dict[str,Any]]) – L1 properties to apply.strategy (
Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE
Methods
- apply_to(construct)
Apply the mixin properties to the construct.
- Parameters:
construct (
IConstruct)- Return type:
- supports(construct)
Check if this mixin supports the given construct.
- Parameters:
construct (
IConstruct)- Return type:
bool
Attributes
- CFN_PROPERTY_KEYS = ['applicationLayerAutomaticResponseConfiguration', 'healthCheckArns', 'name', 'resourceArn', 'tags']
Static Methods
- classmethod is_mixin(x)
(experimental) Checks if
xis a Mixin.- Parameters:
x (
Any) – Any object.- Return type:
bool- Returns:
true if
xis an object created from a class which extendsMixin.- Stability:
experimental
ActionProperty
- class CfnProtectionPropsMixin.ActionProperty(*, block=None, count=None)
Bases:
objectSpecifies the action setting that Shield Advanced should use in the AWS WAF rules that it creates on behalf of the protected resource in response to DDoS attacks.
You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the AWS WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource.
- Parameters:
block (
Any) – Specifies that Shield Advanced should configure its AWS WAF rules with the AWS WAFBlockaction. You must specify exactly one action, eitherBlockorCount. Example JSON:{ "Block": {} }Example YAML:Block: {}count (
Any) – Specifies that Shield Advanced should configure its AWS WAF rules with the AWS WAFCountaction. You must specify exactly one action, eitherBlockorCount. Example JSON:{ "Count": {} }Example YAML:Count: {}
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_shield import mixins as shield_mixins # block: Any # count: Any action_property = shield_mixins.CfnProtectionPropsMixin.ActionProperty( block=block, count=count )
Attributes
- block
Specifies that Shield Advanced should configure its AWS WAF rules with the AWS WAF
Blockaction.You must specify exactly one action, either
BlockorCount.Example JSON:
{ "Block": {} }Example YAML:
Block: {}
- count
Specifies that Shield Advanced should configure its AWS WAF rules with the AWS WAF
Countaction.You must specify exactly one action, either
BlockorCount.Example JSON:
{ "Count": {} }Example YAML:
Count: {}
ApplicationLayerAutomaticResponseConfigurationProperty
- class CfnProtectionPropsMixin.ApplicationLayerAutomaticResponseConfigurationProperty(*, action=None, status=None)
Bases:
objectThe automatic application layer DDoS mitigation settings for a
Protection.This configuration determines whether Shield Advanced automatically manages rules in the web ACL in order to respond to application layer events that Shield Advanced determines to be DDoS attacks.
If you use CloudFormation to manage the web ACLs that you use with Shield Advanced automatic mitigation, see the guidance for the
AWS::WAFv2::WebACLresource.- Parameters:
action (
Union[IResolvable,ActionProperty,Dict[str,Any],None]) – Specifies the action setting that Shield Advanced should use in the AWS WAF rules that it creates on behalf of the protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the AWS WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource.status (
Optional[str]) – Indicates whether automatic application layer DDoS mitigation is enabled for the protection.
- See:
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview.aws_shield import mixins as shield_mixins # block: Any # count: Any application_layer_automatic_response_configuration_property = shield_mixins.CfnProtectionPropsMixin.ApplicationLayerAutomaticResponseConfigurationProperty( action=shield_mixins.CfnProtectionPropsMixin.ActionProperty( block=block, count=count ), status="status" )
Attributes
- action
Specifies the action setting that Shield Advanced should use in the AWS WAF rules that it creates on behalf of the protected resource in response to DDoS attacks.
You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the AWS WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource.
- status
Indicates whether automatic application layer DDoS mitigation is enabled for the protection.