• Home
• software.amazon.awscdk
• shield
• 1.204.0
• source code
• CfnDRTAccess.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

software.amazon.awscdk.services.shield.CfnDRTAccess Maven / Gradle / Ivy

package software.amazon.awscdk.services.shield;

/**
 * A CloudFormation AWS::Shield::DRTAccess.
 * 

 * Provides permissions for the AWS Shield Advanced Shield response team (SRT) to access your account and your resource protections, to help you mitigate potential distributed denial of service (DDoS) attacks.
 * 

 * 

 * 

 * To configure this resource through AWS CloudFormation , you must be subscribed to AWS Shield Advanced . You can subscribe through the Shield Advanced console and through the APIs. For more information, see Subscribe to AWS Shield Advanced .
 * 

 * 
 * 

 * See example templates for Shield Advanced in AWS CloudFormation at aws-samples/aws-shield-advanced-examples .
 * 

 * Example:
 * 

 * 
 * // The code below shows an example of how to instantiate this type.
 * // The values are placeholders you should change.
 * import software.amazon.awscdk.services.shield.*;
 * CfnDRTAccess cfnDRTAccess = CfnDRTAccess.Builder.create(this, "MyCfnDRTAccess")
 *         .roleArn("roleArn")
 *         // the properties below are optional
 *         .logBucketList(List.of("logBucketList"))
 *         .build();
 * 
 */
@javax.annotation.Generated(value = "jsii-pacmak/1.84.0 (build 5404dcf)", date = "2023-06-19T16:30:35.772Z")
@software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
@software.amazon.jsii.Jsii(module = software.amazon.awscdk.services.shield.$Module.class, fqn = "@aws-cdk/aws-shield.CfnDRTAccess")
public class CfnDRTAccess extends software.amazon.awscdk.core.CfnResource implements software.amazon.awscdk.core.IInspectable {

    protected CfnDRTAccess(final software.amazon.jsii.JsiiObjectRef objRef) {
        super(objRef);
    }

    protected CfnDRTAccess(final software.amazon.jsii.JsiiObject.InitializationMode initializationMode) {
        super(initializationMode);
    }

    static {
        CFN_RESOURCE_TYPE_NAME = software.amazon.jsii.JsiiObject.jsiiStaticGet(software.amazon.awscdk.services.shield.CfnDRTAccess.class, "CFN_RESOURCE_TYPE_NAME", software.amazon.jsii.NativeType.forClass(java.lang.String.class));
    }

    /**
     * Create a new AWS::Shield::DRTAccess.
     * 

     * @param scope 
scope in which this resource is defined.
 This parameter is required.
     * @param id 
scoped id of the resource.
 This parameter is required.
     * @param props 
resource properties.
 This parameter is required.
     */
    @software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
    public CfnDRTAccess(final @org.jetbrains.annotations.NotNull software.amazon.awscdk.core.Construct scope, final @org.jetbrains.annotations.NotNull java.lang.String id, final @org.jetbrains.annotations.NotNull software.amazon.awscdk.services.shield.CfnDRTAccessProps props) {
        super(software.amazon.jsii.JsiiObject.InitializationMode.JSII);
        software.amazon.jsii.JsiiEngine.getInstance().createNewObject(this, new Object[] { java.util.Objects.requireNonNull(scope, "scope is required"), java.util.Objects.requireNonNull(id, "id is required"), java.util.Objects.requireNonNull(props, "props is required") });
    }

    /**
     * Examines the CloudFormation resource and discloses attributes.
     * 

     * @param inspector 
tree inspector to collect and process attributes.
 This parameter is required.
     */
    @software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
    @Override
    public void inspect(final @org.jetbrains.annotations.NotNull software.amazon.awscdk.core.TreeInspector inspector) {
        software.amazon.jsii.Kernel.call(this, "inspect", software.amazon.jsii.NativeType.VOID, new Object[] { java.util.Objects.requireNonNull(inspector, "inspector is required") });
    }

    /**
     * @param props This parameter is required.
     */
    @software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
    @Override
    protected @org.jetbrains.annotations.NotNull java.util.Map renderProperties(final @org.jetbrains.annotations.NotNull java.util.Map props) {
        return java.util.Collections.unmodifiableMap(software.amazon.jsii.Kernel.call(this, "renderProperties", software.amazon.jsii.NativeType.mapOf(software.amazon.jsii.NativeType.forClass(java.lang.Object.class)), new Object[] { java.util.Objects.requireNonNull(props, "props is required") }));
    }

    /**
     * The CloudFormation resource type name for this resource class.
     */
    @software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
    public final static java.lang.String CFN_RESOURCE_TYPE_NAME;

    /**
     * The ID of the account that submitted the template.
     */
    @software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
    public @org.jetbrains.annotations.NotNull java.lang.String getAttrAccountId() {
        return software.amazon.jsii.Kernel.get(this, "attrAccountId", software.amazon.jsii.NativeType.forClass(java.lang.String.class));
    }

    /**
     */
    @Override
    @software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
    protected @org.jetbrains.annotations.NotNull java.util.Map getCfnProperties() {
        return java.util.Collections.unmodifiableMap(software.amazon.jsii.Kernel.get(this, "cfnProperties", software.amazon.jsii.NativeType.mapOf(software.amazon.jsii.NativeType.forClass(java.lang.Object.class))));
    }

    /**
     * Authorizes the Shield Response Team (SRT) using the specified role, to access your AWS account to assist with DDoS attack mitigation during potential attacks.
     * 

     * This enables the SRT to inspect your AWS WAF configuration and logs and to create or update AWS WAF rules and web ACLs.
     * 

     * You can associate only one RoleArn with your subscription. If you submit this update for an account that already has an associated role, the new RoleArn will replace the existing RoleArn .
     * 

     * This change requires the following:
     * 

     * 

     * 
You must be subscribed to the Business Support plan or the Enterprise Support plan .
     * 
You must have the iam:PassRole permission. For more information, see Granting a user permissions to pass a role to an AWS service .
     * 
The AWSShieldDRTAccessPolicy managed policy must be attached to the role that you specify in the request. You can access this policy in the IAM console at AWSShieldDRTAccessPolicy . For information, see Adding and removing IAM identity permissions .
     * 
The role must trust the service principal drt.shield.amazonaws.com . For information, see IAM JSON policy elements: Principal .
     * 
     * 

     * The SRT will have access only to your AWS WAF and Shield resources. By submitting this request, you provide permissions to the SRT to inspect your AWS WAF and Shield configuration and logs, and to create and update AWS WAF rules and web ACLs on your behalf. The SRT takes these actions only if explicitly authorized by you.
     */
    @software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
    public @org.jetbrains.annotations.NotNull java.lang.String getRoleArn() {
        return software.amazon.jsii.Kernel.get(this, "roleArn", software.amazon.jsii.NativeType.forClass(java.lang.String.class));
    }

    /**
     * Authorizes the Shield Response Team (SRT) using the specified role, to access your AWS account to assist with DDoS attack mitigation during potential attacks.
     * 

     * This enables the SRT to inspect your AWS WAF configuration and logs and to create or update AWS WAF rules and web ACLs.
     * 

     * You can associate only one RoleArn with your subscription. If you submit this update for an account that already has an associated role, the new RoleArn will replace the existing RoleArn .
     * 

     * This change requires the following:
     * 

     * 

     * 
You must be subscribed to the Business Support plan or the Enterprise Support plan .
     * 
You must have the iam:PassRole permission. For more information, see Granting a user permissions to pass a role to an AWS service .
     * 
The AWSShieldDRTAccessPolicy managed policy must be attached to the role that you specify in the request. You can access this policy in the IAM console at AWSShieldDRTAccessPolicy . For information, see Adding and removing IAM identity permissions .
     * 
The role must trust the service principal drt.shield.amazonaws.com . For information, see IAM JSON policy elements: Principal .
     * 
     * 

     * The SRT will have access only to your AWS WAF and Shield resources. By submitting this request, you provide permissions to the SRT to inspect your AWS WAF and Shield configuration and logs, and to create and update AWS WAF rules and web ACLs on your behalf. The SRT takes these actions only if explicitly authorized by you.
     */
    @software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
    public void setRoleArn(final @org.jetbrains.annotations.NotNull java.lang.String value) {
        software.amazon.jsii.Kernel.set(this, "roleArn", java.util.Objects.requireNonNull(value, "roleArn is required"));
    }

    /**
     * Authorizes the Shield Response Team (SRT) to access the specified Amazon S3 bucket containing log data such as Application Load Balancer access logs, CloudFront logs, or logs from third party sources.
     * 

     * You can associate up to 10 Amazon S3 buckets with your subscription.
     * 

     * Use this to share information with the SRT that's not available in AWS WAF logs.
     * 

     * To use the services of the SRT, you must be subscribed to the Business Support plan or the Enterprise Support plan .
     */
    @software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
    public @org.jetbrains.annotations.Nullable java.util.List getLogBucketList() {
        return java.util.Optional.ofNullable((java.util.List)(software.amazon.jsii.Kernel.get(this, "logBucketList", software.amazon.jsii.NativeType.listOf(software.amazon.jsii.NativeType.forClass(java.lang.String.class))))).map(java.util.Collections::unmodifiableList).orElse(null);
    }

    /**
     * Authorizes the Shield Response Team (SRT) to access the specified Amazon S3 bucket containing log data such as Application Load Balancer access logs, CloudFront logs, or logs from third party sources.
     * 

     * You can associate up to 10 Amazon S3 buckets with your subscription.
     * 

     * Use this to share information with the SRT that's not available in AWS WAF logs.
     * 

     * To use the services of the SRT, you must be subscribed to the Business Support plan or the Enterprise Support plan .
     */
    @software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
    public void setLogBucketList(final @org.jetbrains.annotations.Nullable java.util.List value) {
        software.amazon.jsii.Kernel.set(this, "logBucketList", value);
    }

    /**
     * A fluent builder for {@link software.amazon.awscdk.services.shield.CfnDRTAccess}.
     */
    @software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
    public static final class Builder implements software.amazon.jsii.Builder {
        /**
         * @return a new instance of {@link Builder}.
         * @param scope 
scope in which this resource is defined.
 This parameter is required.
         * @param id 
scoped id of the resource.
 This parameter is required.
         */
        @software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
        public static Builder create(final software.amazon.awscdk.core.Construct scope, final java.lang.String id) {
            return new Builder(scope, id);
        }

        private final software.amazon.awscdk.core.Construct scope;
        private final java.lang.String id;
        private final software.amazon.awscdk.services.shield.CfnDRTAccessProps.Builder props;

        private Builder(final software.amazon.awscdk.core.Construct scope, final java.lang.String id) {
            this.scope = scope;
            this.id = id;
            this.props = new software.amazon.awscdk.services.shield.CfnDRTAccessProps.Builder();
        }

        /**
         * Authorizes the Shield Response Team (SRT) using the specified role, to access your AWS account to assist with DDoS attack mitigation during potential attacks.
         * 

         * This enables the SRT to inspect your AWS WAF configuration and logs and to create or update AWS WAF rules and web ACLs.
         * 

         * You can associate only one RoleArn with your subscription. If you submit this update for an account that already has an associated role, the new RoleArn will replace the existing RoleArn .
         * 

         * This change requires the following:
         * 

         * 

         * 
You must be subscribed to the Business Support plan or the Enterprise Support plan .
         * 
You must have the iam:PassRole permission. For more information, see Granting a user permissions to pass a role to an AWS service .
         * 
The AWSShieldDRTAccessPolicy managed policy must be attached to the role that you specify in the request. You can access this policy in the IAM console at AWSShieldDRTAccessPolicy . For information, see Adding and removing IAM identity permissions .
         * 
The role must trust the service principal drt.shield.amazonaws.com . For information, see IAM JSON policy elements: Principal .
         * 
         * 

         * The SRT will have access only to your AWS WAF and Shield resources. By submitting this request, you provide permissions to the SRT to inspect your AWS WAF and Shield configuration and logs, and to create and update AWS WAF rules and web ACLs on your behalf. The SRT takes these actions only if explicitly authorized by you.
         * 

         * @return {@code this}
         * @param roleArn Authorizes the Shield Response Team (SRT) using the specified role, to access your AWS account to assist with DDoS attack mitigation during potential attacks. This parameter is required.
         */
        @software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
        public Builder roleArn(final java.lang.String roleArn) {
            this.props.roleArn(roleArn);
            return this;
        }

        /**
         * Authorizes the Shield Response Team (SRT) to access the specified Amazon S3 bucket containing log data such as Application Load Balancer access logs, CloudFront logs, or logs from third party sources.
         * 

         * You can associate up to 10 Amazon S3 buckets with your subscription.
         * 

         * Use this to share information with the SRT that's not available in AWS WAF logs.
         * 

         * To use the services of the SRT, you must be subscribed to the Business Support plan or the Enterprise Support plan .
         * 

         * @return {@code this}
         * @param logBucketList Authorizes the Shield Response Team (SRT) to access the specified Amazon S3 bucket containing log data such as Application Load Balancer access logs, CloudFront logs, or logs from third party sources. This parameter is required.
         */
        @software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
        public Builder logBucketList(final java.util.List logBucketList) {
            this.props.logBucketList(logBucketList);
            return this;
        }

        /**
         * @return a newly built instance of {@link software.amazon.awscdk.services.shield.CfnDRTAccess}.
         */
        @software.amazon.jsii.Stability(software.amazon.jsii.Stability.Level.Stable)
        @Override
        public software.amazon.awscdk.services.shield.CfnDRTAccess build() {
            return new software.amazon.awscdk.services.shield.CfnDRTAccess(
                this.scope,
                this.id,
                this.props.build()
            );
        }
    }
}