Class: AWSCDK::Shield::CfnDRTAccessProps
- Inherits:
-
Jsii::Struct
- Object
- Jsii::Struct
- AWSCDK::Shield::CfnDRTAccessProps
- Defined in:
- shield/cfn_drt_access_props.rb
Overview
Properties for defining a CfnDRTAccess.
Instance Attribute Summary collapse
-
#log_bucket_list ⇒ Array<String>?
readonly
Authorizes the Shield Response Team (SRT) to access the specified Amazon S3 bucket containing log data such as Application Load Balancer access logs, CloudFront logs, or logs from third party sources.
-
#role_arn ⇒ String
readonly
Authorizes the Shield Response Team (SRT) using the specified role, to access your AWS account to assist with DDoS attack mitigation during potential attacks.
Class Method Summary collapse
Instance Method Summary collapse
-
#initialize(role_arn:, log_bucket_list: nil) ⇒ CfnDRTAccessProps
constructor
A new instance of CfnDRTAccessProps.
- #to_jsii ⇒ Object
Constructor Details
#initialize(role_arn:, log_bucket_list: nil) ⇒ CfnDRTAccessProps
Returns a new instance of CfnDRTAccessProps.
11 12 13 14 15 16 |
# File 'shield/cfn_drt_access_props.rb', line 11 def initialize(role_arn:, log_bucket_list: nil) @role_arn = role_arn Jsii::Type.check_type(@role_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "roleArn") @log_bucket_list = log_bucket_list Jsii::Type.check_type(@log_bucket_list, JSON.parse(Base64.strict_decode64("eyJjb2xsZWN0aW9uIjp7ImVsZW1lbnR0eXBlIjp7InByaW1pdGl2ZSI6InN0cmluZyJ9LCJraW5kIjoiYXJyYXkifX0=")), "logBucketList") unless @log_bucket_list.nil? end |
Instance Attribute Details
#log_bucket_list ⇒ Array<String>? (readonly)
Authorizes the Shield Response Team (SRT) to access the specified Amazon S3 bucket containing log data such as Application Load Balancer access logs, CloudFront logs, or logs from third party sources.
You can associate up to 10 Amazon S3 buckets with your subscription.
Use this to share information with the SRT that's not available in AWS WAF logs.
To use the services of the SRT, you must be subscribed to the Business Support plan or the Enterprise Support plan .
45 46 47 |
# File 'shield/cfn_drt_access_props.rb', line 45 def log_bucket_list @log_bucket_list end |
#role_arn ⇒ String (readonly)
Authorizes the Shield Response Team (SRT) using the specified role, to access your AWS account to assist with DDoS attack mitigation during potential attacks.
This enables the SRT to inspect your AWS WAF configuration and logs and to create or update AWS WAF rules and web ACLs.
You can associate only one RoleArn with your subscription. If you submit this update for an account that already has an associated role, the new RoleArn will replace the existing RoleArn .
This change requires the following:
- You must be subscribed to the Business Support plan or the Enterprise Support plan .
- The
AWSShieldDRTAccessPolicymanaged policy must be attached to the role that you specify in the request. You can access this policy in the IAM console at AWSShieldDRTAccessPolicy . For information, see Adding and removing IAM identity permissions . - The role must trust the service principal
drt.shield.amazonaws.com. For information, see IAM JSON policy elements: Principal .
The SRT will have access only to your AWS WAF and Shield resources. By submitting this request, you provide permissions to the SRT to inspect your AWS WAF and Shield configuration and logs, and to create and update AWS WAF rules and web ACLs on your behalf. The SRT takes these actions only if explicitly authorized by you.
34 35 36 |
# File 'shield/cfn_drt_access_props.rb', line 34 def role_arn @role_arn end |
Class Method Details
.jsii_properties ⇒ Object
47 48 49 50 51 52 |
# File 'shield/cfn_drt_access_props.rb', line 47 def self.jsii_properties { :role_arn => "roleArn", :log_bucket_list => "logBucketList", } end |
Instance Method Details
#to_jsii ⇒ Object
54 55 56 57 58 59 60 61 |
# File 'shield/cfn_drt_access_props.rb', line 54 def to_jsii result = {} result.merge!({ "roleArn" => @role_arn, "logBucketList" => @log_bucket_list, }) result.compact end |