AWS::Shield::Protection ApplicationLayerAutomaticResponseConfiguration - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::Shield::Protection ApplicationLayerAutomaticResponseConfiguration

The automatic application layer DDoS mitigation settings for a AWS::Shield::Protection. This configuration determines whether Shield Advanced automatically manages rules in the web ACL in order to respond to application layer events that Shield Advanced determines to be DDoS attacks.

If you use Amazon CloudFormation to manage the web ACLs that you use with Shield Advanced automatic mitigation, see the guidance for the AWS::WAFv2::WebACL resource.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "Action" : Action,
  "Status" : String
}

YAML

  Action: 
    Action
  Status: String

Properties

Action

Specifies the action setting that Shield Advanced should use in the Amazon WAF rules that it creates on behalf of the protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the Amazon WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource.

Required: Yes

Type: Action

Update requires: No interruption

Status

Indicates whether automatic application layer DDoS mitigation is enabled for the protection.

Required: Yes

Type: String

Allowed values: ENABLED | DISABLED

Update requires: No interruption