1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. shield
  5. getProtection

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.27.0 published on Monday, Apr 14, 2025 by Pulumi

aws-native.shield.getProtection

Explore with Pulumi AI

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.27.0 published on Monday, Apr 14, 2025 by Pulumi

Enables AWS Shield Advanced for a specific AWS resource. The resource can be an Amazon CloudFront distribution, Amazon Route 53 hosted zone, AWS Global Accelerator standard accelerator, Elastic IP Address, Application Load Balancer, or a Classic Load Balancer. You can protect Amazon EC2 instances and Network Load Balancers by association with protected Amazon EC2 Elastic IP addresses.

Using getProtection

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getProtection(args: GetProtectionArgs, opts?: InvokeOptions): Promise<GetProtectionResult>
function getProtectionOutput(args: GetProtectionOutputArgs, opts?: InvokeOptions): Output<GetProtectionResult>
Copy
def get_protection(protection_arn: Optional[str] = None,
                   opts: Optional[InvokeOptions] = None) -> GetProtectionResult
def get_protection_output(protection_arn: Optional[pulumi.Input[str]] = None,
                   opts: Optional[InvokeOptions] = None) -> Output[GetProtectionResult]
Copy
func LookupProtection(ctx *Context, args *LookupProtectionArgs, opts ...InvokeOption) (*LookupProtectionResult, error)
func LookupProtectionOutput(ctx *Context, args *LookupProtectionOutputArgs, opts ...InvokeOption) LookupProtectionResultOutput
Copy

> Note: This function is named LookupProtection in the Go SDK.

public static class GetProtection 
{
    public static Task<GetProtectionResult> InvokeAsync(GetProtectionArgs args, InvokeOptions? opts = null)
    public static Output<GetProtectionResult> Invoke(GetProtectionInvokeArgs args, InvokeOptions? opts = null)
}
Copy
public static CompletableFuture<GetProtectionResult> getProtection(GetProtectionArgs args, InvokeOptions options)
public static Output<GetProtectionResult> getProtection(GetProtectionArgs args, InvokeOptions options)
Copy
fn::invoke:
  function: aws-native:shield:getProtection
  arguments:
    # arguments dictionary
Copy

The following arguments are supported:

ProtectionArn This property is required. string
The ARN (Amazon Resource Name) of the protection.
ProtectionArn This property is required. string
The ARN (Amazon Resource Name) of the protection.
protectionArn This property is required. String
The ARN (Amazon Resource Name) of the protection.
protectionArn This property is required. string
The ARN (Amazon Resource Name) of the protection.
protection_arn This property is required. str
The ARN (Amazon Resource Name) of the protection.
protectionArn This property is required. String
The ARN (Amazon Resource Name) of the protection.

getProtection Result

The following output properties are available:

ApplicationLayerAutomaticResponseConfiguration Pulumi.AwsNative.Shield.Outputs.ProtectionApplicationLayerAutomaticResponseConfiguration

The automatic application layer DDoS mitigation settings for the protection. This configuration determines whether Shield Advanced automatically manages rules in the web ACL in order to respond to application layer events that Shield Advanced determines to be DDoS attacks.

If you use AWS CloudFormation to manage the web ACLs that you use with Shield Advanced automatic mitigation, see the additional guidance about web ACL management in the AWS::WAFv2::WebACL resource description.

HealthCheckArns List<string>
The Amazon Resource Names (ARNs) of the health check to associate with the protection.
ProtectionArn string
The ARN (Amazon Resource Name) of the protection.
ProtectionId string
The unique identifier (ID) of the protection.
Tags List<Pulumi.AwsNative.Outputs.Tag>
One or more tag key-value pairs for the Protection object.
ApplicationLayerAutomaticResponseConfiguration ProtectionApplicationLayerAutomaticResponseConfiguration

The automatic application layer DDoS mitigation settings for the protection. This configuration determines whether Shield Advanced automatically manages rules in the web ACL in order to respond to application layer events that Shield Advanced determines to be DDoS attacks.

If you use AWS CloudFormation to manage the web ACLs that you use with Shield Advanced automatic mitigation, see the additional guidance about web ACL management in the AWS::WAFv2::WebACL resource description.

HealthCheckArns []string
The Amazon Resource Names (ARNs) of the health check to associate with the protection.
ProtectionArn string
The ARN (Amazon Resource Name) of the protection.
ProtectionId string
The unique identifier (ID) of the protection.
Tags Tag
One or more tag key-value pairs for the Protection object.
applicationLayerAutomaticResponseConfiguration ProtectionApplicationLayerAutomaticResponseConfiguration

The automatic application layer DDoS mitigation settings for the protection. This configuration determines whether Shield Advanced automatically manages rules in the web ACL in order to respond to application layer events that Shield Advanced determines to be DDoS attacks.

If you use AWS CloudFormation to manage the web ACLs that you use with Shield Advanced automatic mitigation, see the additional guidance about web ACL management in the AWS::WAFv2::WebACL resource description.

healthCheckArns List<String>
The Amazon Resource Names (ARNs) of the health check to associate with the protection.
protectionArn String
The ARN (Amazon Resource Name) of the protection.
protectionId String
The unique identifier (ID) of the protection.
tags List<Tag>
One or more tag key-value pairs for the Protection object.
applicationLayerAutomaticResponseConfiguration ProtectionApplicationLayerAutomaticResponseConfiguration

The automatic application layer DDoS mitigation settings for the protection. This configuration determines whether Shield Advanced automatically manages rules in the web ACL in order to respond to application layer events that Shield Advanced determines to be DDoS attacks.

If you use AWS CloudFormation to manage the web ACLs that you use with Shield Advanced automatic mitigation, see the additional guidance about web ACL management in the AWS::WAFv2::WebACL resource description.

healthCheckArns string[]
The Amazon Resource Names (ARNs) of the health check to associate with the protection.
protectionArn string
The ARN (Amazon Resource Name) of the protection.
protectionId string
The unique identifier (ID) of the protection.
tags Tag[]
One or more tag key-value pairs for the Protection object.
application_layer_automatic_response_configuration ProtectionApplicationLayerAutomaticResponseConfiguration

The automatic application layer DDoS mitigation settings for the protection. This configuration determines whether Shield Advanced automatically manages rules in the web ACL in order to respond to application layer events that Shield Advanced determines to be DDoS attacks.

If you use AWS CloudFormation to manage the web ACLs that you use with Shield Advanced automatic mitigation, see the additional guidance about web ACL management in the AWS::WAFv2::WebACL resource description.

health_check_arns Sequence[str]
The Amazon Resource Names (ARNs) of the health check to associate with the protection.
protection_arn str
The ARN (Amazon Resource Name) of the protection.
protection_id str
The unique identifier (ID) of the protection.
tags Sequence[root_Tag]
One or more tag key-value pairs for the Protection object.
applicationLayerAutomaticResponseConfiguration Property Map

The automatic application layer DDoS mitigation settings for the protection. This configuration determines whether Shield Advanced automatically manages rules in the web ACL in order to respond to application layer events that Shield Advanced determines to be DDoS attacks.

If you use AWS CloudFormation to manage the web ACLs that you use with Shield Advanced automatic mitigation, see the additional guidance about web ACL management in the AWS::WAFv2::WebACL resource description.

healthCheckArns List<String>
The Amazon Resource Names (ARNs) of the health check to associate with the protection.
protectionArn String
The ARN (Amazon Resource Name) of the protection.
protectionId String
The unique identifier (ID) of the protection.
tags List<Property Map>
One or more tag key-value pairs for the Protection object.

Supporting Types

ProtectionApplicationLayerAutomaticResponseConfiguration

Action This property is required. Pulumi.AwsNative.Shield.Inputs.ProtectionApplicationLayerAutomaticResponseConfigurationAction0Properties | Pulumi.AwsNative.Shield.Inputs.ProtectionApplicationLayerAutomaticResponseConfigurationAction1Properties
Specifies the action setting that Shield Advanced should use in the AWS WAF rules that it creates on behalf of the protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the AWS WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource.
Status This property is required. Pulumi.AwsNative.Shield.ProtectionApplicationLayerAutomaticResponseConfigurationStatus
Indicates whether automatic application layer DDoS mitigation is enabled for the protection.
Action This property is required. ProtectionApplicationLayerAutomaticResponseConfigurationAction0Properties | ProtectionApplicationLayerAutomaticResponseConfigurationAction1Properties
Specifies the action setting that Shield Advanced should use in the AWS WAF rules that it creates on behalf of the protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the AWS WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource.
Status This property is required. ProtectionApplicationLayerAutomaticResponseConfigurationStatus
Indicates whether automatic application layer DDoS mitigation is enabled for the protection.
action This property is required. ProtectionApplicationLayerAutomaticResponseConfigurationAction0Properties | ProtectionApplicationLayerAutomaticResponseConfigurationAction1Properties
Specifies the action setting that Shield Advanced should use in the AWS WAF rules that it creates on behalf of the protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the AWS WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource.
status This property is required. ProtectionApplicationLayerAutomaticResponseConfigurationStatus
Indicates whether automatic application layer DDoS mitigation is enabled for the protection.
action This property is required. ProtectionApplicationLayerAutomaticResponseConfigurationAction0Properties | ProtectionApplicationLayerAutomaticResponseConfigurationAction1Properties
Specifies the action setting that Shield Advanced should use in the AWS WAF rules that it creates on behalf of the protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the AWS WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource.
status This property is required. ProtectionApplicationLayerAutomaticResponseConfigurationStatus
Indicates whether automatic application layer DDoS mitigation is enabled for the protection.
action This property is required. ProtectionApplicationLayerAutomaticResponseConfigurationAction0Properties | ProtectionApplicationLayerAutomaticResponseConfigurationAction1Properties
Specifies the action setting that Shield Advanced should use in the AWS WAF rules that it creates on behalf of the protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the AWS WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource.
status This property is required. ProtectionApplicationLayerAutomaticResponseConfigurationStatus
Indicates whether automatic application layer DDoS mitigation is enabled for the protection.
action This property is required. Property Map | Property Map
Specifies the action setting that Shield Advanced should use in the AWS WAF rules that it creates on behalf of the protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the AWS WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource.
status This property is required. "ENABLED" | "DISABLED"
Indicates whether automatic application layer DDoS mitigation is enabled for the protection.

ProtectionApplicationLayerAutomaticResponseConfigurationAction0Properties

Count object
Specifies that Shield Advanced should configure its AWS WAF rules with the AWS WAF Count action. You must specify exactly one action, either Block or Count.
Count interface{}
Specifies that Shield Advanced should configure its AWS WAF rules with the AWS WAF Count action. You must specify exactly one action, either Block or Count.
count Object
Specifies that Shield Advanced should configure its AWS WAF rules with the AWS WAF Count action. You must specify exactly one action, either Block or Count.
count any
Specifies that Shield Advanced should configure its AWS WAF rules with the AWS WAF Count action. You must specify exactly one action, either Block or Count.
count Any
Specifies that Shield Advanced should configure its AWS WAF rules with the AWS WAF Count action. You must specify exactly one action, either Block or Count.
count Any
Specifies that Shield Advanced should configure its AWS WAF rules with the AWS WAF Count action. You must specify exactly one action, either Block or Count.

ProtectionApplicationLayerAutomaticResponseConfigurationAction1Properties

Block object
Specifies that Shield Advanced should configure its AWS WAF rules with the AWS WAF Block action. You must specify exactly one action, either Block or Count.
Block interface{}
Specifies that Shield Advanced should configure its AWS WAF rules with the AWS WAF Block action. You must specify exactly one action, either Block or Count.
block Object
Specifies that Shield Advanced should configure its AWS WAF rules with the AWS WAF Block action. You must specify exactly one action, either Block or Count.
block any
Specifies that Shield Advanced should configure its AWS WAF rules with the AWS WAF Block action. You must specify exactly one action, either Block or Count.
block Any
Specifies that Shield Advanced should configure its AWS WAF rules with the AWS WAF Block action. You must specify exactly one action, either Block or Count.
block Any
Specifies that Shield Advanced should configure its AWS WAF rules with the AWS WAF Block action. You must specify exactly one action, either Block or Count.

ProtectionApplicationLayerAutomaticResponseConfigurationStatus

Tag

Key This property is required. string
The key name of the tag
Value This property is required. string
The value of the tag
Key This property is required. string
The key name of the tag
Value This property is required. string
The value of the tag
key This property is required. String
The key name of the tag
value This property is required. String
The value of the tag
key This property is required. string
The key name of the tag
value This property is required. string
The value of the tag
key This property is required. str
The key name of the tag
value This property is required. str
The value of the tag
key This property is required. String
The key name of the tag
value This property is required. String
The value of the tag

Package Details

Repository
AWS Native pulumi/pulumi-aws-native
License
Apache-2.0

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.27.0 published on Monday, Apr 14, 2025 by Pulumi