Class: AWSCDK::Shield::CfnDRTAccessProps

Inherits:
Jsii::Struct
  • Object
show all
Defined in:
shield/cfn_drt_access_props.rb

Overview

Properties for defining a CfnDRTAccess.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(role_arn:, log_bucket_list: nil) ⇒ CfnDRTAccessProps

Returns a new instance of CfnDRTAccessProps.

Parameters:

  • role_arn (String)

    Authorizes the Shield Response Team (SRT) using the specified role, to access your AWS account to assist with DDoS attack mitigation during potential attacks.

  • log_bucket_list (Array<String>, nil) (defaults to: nil)

    Authorizes the Shield Response Team (SRT) to access the specified Amazon S3 bucket containing log data such as Application Load Balancer access logs, CloudFront logs, or logs from third party sources.



11
12
13
14
15
16
# File 'shield/cfn_drt_access_props.rb', line 11

def initialize(role_arn:, log_bucket_list: nil)
  @role_arn = role_arn
  Jsii::Type.check_type(@role_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "roleArn")
  @log_bucket_list = log_bucket_list
  Jsii::Type.check_type(@log_bucket_list, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "logBucketList") unless @log_bucket_list.nil?
end

Instance Attribute Details

#log_bucket_listArray<String>? (readonly)

Authorizes the Shield Response Team (SRT) to access the specified Amazon S3 bucket containing log data such as Application Load Balancer access logs, CloudFront logs, or logs from third party sources.

You can associate up to 10 Amazon S3 buckets with your subscription.

Use this to share information with the SRT that's not available in AWS WAF logs.

To use the services of the SRT, you must be subscribed to the Business Support plan or the Enterprise Support plan .



45
46
47
# File 'shield/cfn_drt_access_props.rb', line 45

def log_bucket_list
  @log_bucket_list
end

#role_arnString (readonly)

Authorizes the Shield Response Team (SRT) using the specified role, to access your AWS account to assist with DDoS attack mitigation during potential attacks.

This enables the SRT to inspect your AWS WAF configuration and logs and to create or update AWS WAF rules and web ACLs.

You can associate only one RoleArn with your subscription. If you submit this update for an account that already has an associated role, the new RoleArn will replace the existing RoleArn .

This change requires the following:

The SRT will have access only to your AWS WAF and Shield resources. By submitting this request, you provide permissions to the SRT to inspect your AWS WAF and Shield configuration and logs, and to create and update AWS WAF rules and web ACLs on your behalf. The SRT takes these actions only if explicitly authorized by you.



34
35
36
# File 'shield/cfn_drt_access_props.rb', line 34

def role_arn
  @role_arn
end

Class Method Details

.jsii_propertiesObject



47
48
49
50
51
52
# File 'shield/cfn_drt_access_props.rb', line 47

def self.jsii_properties
  {
    :role_arn => "roleArn",
    :log_bucket_list => "logBucketList",
  }
end

Instance Method Details

#to_jsiiObject



54
55
56
57
58
59
60
61
# File 'shield/cfn_drt_access_props.rb', line 54

def to_jsii
  result = {}
  result.merge!({
    "roleArn" => @role_arn,
    "logBucketList" => @log_bucket_list,
  })
  result.compact
end