GetProtectionStatus
If you created a Shield Advanced policy, returns policy-level attack summary information in the event of a potential DDoS attack. Other policy types are currently unsupported.
Request Syntax
{
"EndTime": number
,
"MaxResults": number
,
"MemberAccountId": "string
",
"NextToken": "string
",
"PolicyId": "string
",
"StartTime": number
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- EndTime
-
The end of the time period to query for the attacks. This is a
timestamp
type. The request syntax listing indicates anumber
type because the default used by Amazon Firewall Manager is Unix time in seconds. However, any validtimestamp
format is allowed.Type: Timestamp
Required: No
- MaxResults
-
Specifies the number of objects that you want Amazon Firewall Manager to return for this request. If you have more objects than the number that you specify for
MaxResults
, the response includes aNextToken
value that you can use to get another batch of objects.Type: Integer
Valid Range: Minimum value of 1. Maximum value of 100.
Required: No
- MemberAccountId
-
The Amazon account that is in scope of the policy that you want to get the details for.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern:
^[0-9]+$
Required: No
- NextToken
-
If you specify a value for
MaxResults
and you have more objects than the number that you specify forMaxResults
, Amazon Firewall Manager returns aNextToken
value in the response, which you can use to retrieve another group of objects. For the second and subsequentGetProtectionStatus
requests, specify the value ofNextToken
from the previous response to get information about another batch of objects.Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern:
^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$
Required: No
- PolicyId
-
The ID of the policy for which you want to get the attack information.
Type: String
Length Constraints: Fixed length of 36.
Pattern:
^[a-z0-9A-Z-]{36}$
Required: Yes
- StartTime
-
The start of the time period to query for the attacks. This is a
timestamp
type. The request syntax listing indicates anumber
type because the default used by Amazon Firewall Manager is Unix time in seconds. However, any validtimestamp
format is allowed.Type: Timestamp
Required: No
Response Syntax
{
"AdminAccountId": "string",
"Data": "string",
"NextToken": "string",
"ServiceType": "string"
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- AdminAccountId
-
The ID of the Amazon Firewall Manager administrator account for this policy.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 1024.
Pattern:
^[0-9]+$
- Data
-
Details about the attack, including the following:
-
Attack type
-
Account ID
-
ARN of the resource attacked
-
Start time of the attack
-
End time of the attack (ongoing attacks will not have an end time)
The details are in JSON format.
Type: String
-
- NextToken
-
If you have more objects than the number that you specified for
MaxResults
in the request, the response includes aNextToken
value. To list more objects, submit anotherGetProtectionStatus
request, and specify theNextToken
value from the response in theNextToken
value in the next request.Amazon SDKs provide auto-pagination that identify
NextToken
in a response and make subsequent request calls automatically on your behalf. However, this feature is not supported byGetProtectionStatus
. You must submit subsequent requests withNextToken
using your own processes.Type: String
Length Constraints: Minimum length of 1. Maximum length of 4096.
Pattern:
^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$
- ServiceType
-
The service type that is protected by the policy. Currently, this is always
SHIELD_ADVANCED
.Type: String
Valid Values:
WAF | WAFV2 | SHIELD_ADVANCED | SECURITY_GROUPS_COMMON | SECURITY_GROUPS_CONTENT_AUDIT | SECURITY_GROUPS_USAGE_AUDIT | NETWORK_FIREWALL | DNS_FIREWALL | THIRD_PARTY_FIREWALL | IMPORT_NETWORK_FIREWALL | NETWORK_ACL_COMMON
Errors
For information about the errors that are common to all actions, see Common Errors.
- InternalErrorException
-
The operation failed because of a system problem, even though the request was valid. Retry your request.
HTTP Status Code: 400
- InvalidInputException
-
The parameters of the request were invalid.
HTTP Status Code: 400
- ResourceNotFoundException
-
The specified resource was not found.
HTTP Status Code: 400
Examples
Example response
This example illustrates one usage of GetProtectionStatus.
[ { accountId: account1 attackSummaries:[ { attackId: attackId1 resourceARN: resource1 attackVector: [SYC_FLOOD, UDP_REFLECTION] startTime: 1234567890123 endTime: 1234567890123 }, { attackId: attackId2 resourceARN: resource2 attackVector: [SYC_FLOOD] startTime: 1234567890123 endTime: 1234567890123 } ] }, { accountId: account2 attackSummaries:[ { attackId: attackId3 resourceARN: resource3 attackVector: [SYC_FLOOD, UDP_REFLECTION] startTime: 1234567890123 endTime: 1234567890123 }, { attackId: attackId4 resourceARN: resource4 attackVector: [SYC_FLOOD] startTime: 1234567890123 endTime: 1234567890123 } ] }, ]
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: