Resource: awsShieldProtectionHealthCheckAssociation
Creates an association between a Route53 Health Check and a Shield Advanced protected resource. This association uses the health of your applications to improve responsiveness and accuracy in attack detection and mitigation.
Blog post: AWS Shield Advanced now supports Health Based Detection
Example Usage
Create an association between a protected EIP and a Route53 Health Check
/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsEipExample = new aws.eip.Eip(this, "example", {
tags: {
Name: "example",
},
vpc: true,
});
const awsRoute53HealthCheckExample =
new aws.route53HealthCheck.Route53HealthCheck(this, "example_1", {
failureThreshold: "3",
ipAddress: awsEipExample.publicIp,
port: 80,
requestInterval: "30",
resourcePath: "/ready",
tags: {
Name: "tf-example-health-check",
},
type: "HTTP",
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsRoute53HealthCheckExample.overrideLogicalId("example");
const dataAwsCallerIdentityCurrent =
new aws.dataAwsCallerIdentity.DataAwsCallerIdentity(this, "current", {});
const dataAwsPartitionCurrent = new aws.dataAwsPartition.DataAwsPartition(
this,
"current_3",
{}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsPartitionCurrent.overrideLogicalId("current");
const dataAwsRegionCurrent = new aws.dataAwsRegion.DataAwsRegion(
this,
"current_4",
{}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
dataAwsRegionCurrent.overrideLogicalId("current");
const awsShieldProtectionExample = new aws.shieldProtection.ShieldProtection(
this,
"example_5",
{
name: "example-protection",
resourceArn: `arn:\${${dataAwsPartitionCurrent.partition}}:ec2:\${${dataAwsRegionCurrent.name}}:\${${dataAwsCallerIdentityCurrent.accountId}}:eip-allocation/\${${awsEipExample.id}}`,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsShieldProtectionExample.overrideLogicalId("example");
const awsShieldProtectionHealthCheckAssociationExample =
new aws.shieldProtectionHealthCheckAssociation.ShieldProtectionHealthCheckAssociation(
this,
"example_6",
{
healthCheckArn: awsRoute53HealthCheckExample.arn,
shieldProtectionId: awsShieldProtectionExample.id,
}
);
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsShieldProtectionHealthCheckAssociationExample.overrideLogicalId("example");
Argument Reference
The following arguments are supported:
healthCheckArn
- (Required) The ARN (Amazon Resource Name) of the Route53 Health Check resource which will be associated to the protected resource.shieldProtectionId
- (Required) The ID of the protected resource.
Attributes Reference
In addition to all arguments above, the following attributes are exported:
id
- The unique identifier (ID) for the Protection object that is created.
Import
Shield protection health check association resources can be imported by specifying the shieldProtectionId
and healthCheckArn
e.g.,