Skip to content

Resource: awsShieldProtection

Enables AWS Shield Advanced for a specific AWS resource. The resource can be an Amazon CloudFront distribution, Elastic Load Balancing load balancer, AWS Global Accelerator accelerator, Elastic IP Address, or an Amazon Route 53 hosted zone.

Example Usage

Create protection

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsEipExample = new aws.eip.Eip(this, "example", {
  vpc: true,
});
new aws.dataAwsAvailabilityZones.DataAwsAvailabilityZones(
  this,
  "available",
  {}
);
const dataAwsCallerIdentityCurrent =
  new aws.dataAwsCallerIdentity.DataAwsCallerIdentity(this, "current", {});
const dataAwsRegionCurrent = new aws.dataAwsRegion.DataAwsRegion(
  this,
  "current_3",
  {}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsRegionCurrent.overrideLogicalId("current");
const awsShieldProtectionExample = new aws.shieldProtection.ShieldProtection(
  this,
  "example_4",
  {
    name: "example",
    resourceArn: `arn:aws:ec2:\${${dataAwsRegionCurrent.name}}:\${${dataAwsCallerIdentityCurrent.accountId}}:eip-allocation/\${${awsEipExample.id}}`,
    tags: {
      Environment: "Dev",
    },
  }
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsShieldProtectionExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • name - (Required) A friendly name for the Protection you are creating.
  • resourceArn - (Required) The ARN (Amazon Resource Name) of the resource to be protected.
  • tags - (Optional) Key-value map of resource tags. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The unique identifier (ID) for the Protection object that is created.
  • arn - The ARN of the Protection.
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Import

Shield protection resources can be imported by specifying their ID e.g.,

$ terraform import aws_shield_protection.example ff9592dc-22f3-4e88-afa1-7b29fde9669a