aws.shield.ProtectionGroup
Explore with Pulumi AI
Creates a grouping of protected resources so they can be handled as a collective. This resource grouping improves the accuracy of detection and reduces false positives. For more information see Managing AWS Shield Advanced protection groups
Example Usage
Create protection group for all resources
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.shield.ProtectionGroup("example", {
protectionGroupId: "example",
aggregation: "MAX",
pattern: "ALL",
});
import pulumi
import pulumi_aws as aws
example = aws.shield.ProtectionGroup("example",
protection_group_id="example",
aggregation="MAX",
pattern="ALL")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/shield"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := shield.NewProtectionGroup(ctx, "example", &shield.ProtectionGroupArgs{
ProtectionGroupId: pulumi.String("example"),
Aggregation: pulumi.String("MAX"),
Pattern: pulumi.String("ALL"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Shield.ProtectionGroup("example", new()
{
ProtectionGroupId = "example",
Aggregation = "MAX",
Pattern = "ALL",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.shield.ProtectionGroup;
import com.pulumi.aws.shield.ProtectionGroupArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ProtectionGroup("example", ProtectionGroupArgs.builder()
.protectionGroupId("example")
.aggregation("MAX")
.pattern("ALL")
.build());
}
}
resources:
example:
type: aws:shield:ProtectionGroup
properties:
protectionGroupId: example
aggregation: MAX
pattern: ALL
Create protection group for arbitrary number of resources
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const current = aws.getRegion({});
const currentGetCallerIdentity = aws.getCallerIdentity({});
const example = new aws.ec2.Eip("example", {domain: "vpc"});
const exampleProtection = new aws.shield.Protection("example", {
name: "example",
resourceArn: pulumi.all([current, currentGetCallerIdentity, example.id]).apply(([current, currentGetCallerIdentity, id]) => `arn:aws:ec2:${current.name}:${currentGetCallerIdentity.accountId}:eip-allocation/${id}`),
});
const exampleProtectionGroup = new aws.shield.ProtectionGroup("example", {
protectionGroupId: "example",
aggregation: "MEAN",
pattern: "ARBITRARY",
members: [pulumi.all([current, currentGetCallerIdentity, example.id]).apply(([current, currentGetCallerIdentity, id]) => `arn:aws:ec2:${current.name}:${currentGetCallerIdentity.accountId}:eip-allocation/${id}`)],
}, {
dependsOn: [exampleProtection],
});
import pulumi
import pulumi_aws as aws
current = aws.get_region()
current_get_caller_identity = aws.get_caller_identity()
example = aws.ec2.Eip("example", domain="vpc")
example_protection = aws.shield.Protection("example",
name="example",
resource_arn=example.id.apply(lambda id: f"arn:aws:ec2:{current.name}:{current_get_caller_identity.account_id}:eip-allocation/{id}"))
example_protection_group = aws.shield.ProtectionGroup("example",
protection_group_id="example",
aggregation="MEAN",
pattern="ARBITRARY",
members=[example.id.apply(lambda id: f"arn:aws:ec2:{current.name}:{current_get_caller_identity.account_id}:eip-allocation/{id}")],
opts = pulumi.ResourceOptions(depends_on=[example_protection]))
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/shield"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
current, err := aws.GetRegion(ctx, &aws.GetRegionArgs{}, nil)
if err != nil {
return err
}
currentGetCallerIdentity, err := aws.GetCallerIdentity(ctx, &aws.GetCallerIdentityArgs{}, nil)
if err != nil {
return err
}
example, err := ec2.NewEip(ctx, "example", &ec2.EipArgs{
Domain: pulumi.String("vpc"),
})
if err != nil {
return err
}
exampleProtection, err := shield.NewProtection(ctx, "example", &shield.ProtectionArgs{
Name: pulumi.String("example"),
ResourceArn: example.ID().ApplyT(func(id string) (string, error) {
return fmt.Sprintf("arn:aws:ec2:%v:%v:eip-allocation/%v", current.Name, currentGetCallerIdentity.AccountId, id), nil
}).(pulumi.StringOutput),
})
if err != nil {
return err
}
_, err = shield.NewProtectionGroup(ctx, "example", &shield.ProtectionGroupArgs{
ProtectionGroupId: pulumi.String("example"),
Aggregation: pulumi.String("MEAN"),
Pattern: pulumi.String("ARBITRARY"),
Members: pulumi.StringArray{
example.ID().ApplyT(func(id string) (string, error) {
return fmt.Sprintf("arn:aws:ec2:%v:%v:eip-allocation/%v", current.Name, currentGetCallerIdentity.AccountId, id), nil
}).(pulumi.StringOutput),
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleProtection,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var current = Aws.GetRegion.Invoke();
var currentGetCallerIdentity = Aws.GetCallerIdentity.Invoke();
var example = new Aws.Ec2.Eip("example", new()
{
Domain = "vpc",
});
var exampleProtection = new Aws.Shield.Protection("example", new()
{
Name = "example",
ResourceArn = Output.Tuple(current, currentGetCallerIdentity, example.Id).Apply(values =>
{
var current = values.Item1;
var currentGetCallerIdentity = values.Item2;
var id = values.Item3;
return $"arn:aws:ec2:{current.Apply(getRegionResult => getRegionResult.Name)}:{currentGetCallerIdentity.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId)}:eip-allocation/{id}";
}),
});
var exampleProtectionGroup = new Aws.Shield.ProtectionGroup("example", new()
{
ProtectionGroupId = "example",
Aggregation = "MEAN",
Pattern = "ARBITRARY",
Members = new[]
{
Output.Tuple(current, currentGetCallerIdentity, example.Id).Apply(values =>
{
var current = values.Item1;
var currentGetCallerIdentity = values.Item2;
var id = values.Item3;
return $"arn:aws:ec2:{current.Apply(getRegionResult => getRegionResult.Name)}:{currentGetCallerIdentity.Apply(getCallerIdentityResult => getCallerIdentityResult.AccountId)}:eip-allocation/{id}";
}),
},
}, new CustomResourceOptions
{
DependsOn =
{
exampleProtection,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.AwsFunctions;
import com.pulumi.aws.inputs.GetRegionArgs;
import com.pulumi.aws.inputs.GetCallerIdentityArgs;
import com.pulumi.aws.ec2.Eip;
import com.pulumi.aws.ec2.EipArgs;
import com.pulumi.aws.shield.Protection;
import com.pulumi.aws.shield.ProtectionArgs;
import com.pulumi.aws.shield.ProtectionGroup;
import com.pulumi.aws.shield.ProtectionGroupArgs;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var current = AwsFunctions.getRegion();
final var currentGetCallerIdentity = AwsFunctions.getCallerIdentity();
var example = new Eip("example", EipArgs.builder()
.domain("vpc")
.build());
var exampleProtection = new Protection("exampleProtection", ProtectionArgs.builder()
.name("example")
.resourceArn(example.id().applyValue(id -> String.format("arn:aws:ec2:%s:%s:eip-allocation/%s", current.applyValue(getRegionResult -> getRegionResult.name()),currentGetCallerIdentity.applyValue(getCallerIdentityResult -> getCallerIdentityResult.accountId()),id)))
.build());
var exampleProtectionGroup = new ProtectionGroup("exampleProtectionGroup", ProtectionGroupArgs.builder()
.protectionGroupId("example")
.aggregation("MEAN")
.pattern("ARBITRARY")
.members(example.id().applyValue(id -> String.format("arn:aws:ec2:%s:%s:eip-allocation/%s", current.applyValue(getRegionResult -> getRegionResult.name()),currentGetCallerIdentity.applyValue(getCallerIdentityResult -> getCallerIdentityResult.accountId()),id)))
.build(), CustomResourceOptions.builder()
.dependsOn(exampleProtection)
.build());
}
}
resources:
example:
type: aws:ec2:Eip
properties:
domain: vpc
exampleProtection:
type: aws:shield:Protection
name: example
properties:
name: example
resourceArn: arn:aws:ec2:${current.name}:${currentGetCallerIdentity.accountId}:eip-allocation/${example.id}
exampleProtectionGroup:
type: aws:shield:ProtectionGroup
name: example
properties:
protectionGroupId: example
aggregation: MEAN
pattern: ARBITRARY
members:
- arn:aws:ec2:${current.name}:${currentGetCallerIdentity.accountId}:eip-allocation/${example.id}
options:
dependson:
- ${exampleProtection}
variables:
current:
fn::invoke:
Function: aws:getRegion
Arguments: {}
currentGetCallerIdentity:
fn::invoke:
Function: aws:getCallerIdentity
Arguments: {}
Create protection group for a type of resource
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.shield.ProtectionGroup("example", {
protectionGroupId: "example",
aggregation: "SUM",
pattern: "BY_RESOURCE_TYPE",
resourceType: "ELASTIC_IP_ALLOCATION",
});
import pulumi
import pulumi_aws as aws
example = aws.shield.ProtectionGroup("example",
protection_group_id="example",
aggregation="SUM",
pattern="BY_RESOURCE_TYPE",
resource_type="ELASTIC_IP_ALLOCATION")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/shield"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := shield.NewProtectionGroup(ctx, "example", &shield.ProtectionGroupArgs{
ProtectionGroupId: pulumi.String("example"),
Aggregation: pulumi.String("SUM"),
Pattern: pulumi.String("BY_RESOURCE_TYPE"),
ResourceType: pulumi.String("ELASTIC_IP_ALLOCATION"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = new Aws.Shield.ProtectionGroup("example", new()
{
ProtectionGroupId = "example",
Aggregation = "SUM",
Pattern = "BY_RESOURCE_TYPE",
ResourceType = "ELASTIC_IP_ALLOCATION",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.shield.ProtectionGroup;
import com.pulumi.aws.shield.ProtectionGroupArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new ProtectionGroup("example", ProtectionGroupArgs.builder()
.protectionGroupId("example")
.aggregation("SUM")
.pattern("BY_RESOURCE_TYPE")
.resourceType("ELASTIC_IP_ALLOCATION")
.build());
}
}
resources:
example:
type: aws:shield:ProtectionGroup
properties:
protectionGroupId: example
aggregation: SUM
pattern: BY_RESOURCE_TYPE
resourceType: ELASTIC_IP_ALLOCATION
Create ProtectionGroup Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ProtectionGroup(name: string, args: ProtectionGroupArgs, opts?: CustomResourceOptions);
@overload
def ProtectionGroup(resource_name: str,
args: ProtectionGroupArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ProtectionGroup(resource_name: str,
opts: Optional[ResourceOptions] = None,
aggregation: Optional[str] = None,
pattern: Optional[str] = None,
protection_group_id: Optional[str] = None,
members: Optional[Sequence[str]] = None,
resource_type: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None)
func NewProtectionGroup(ctx *Context, name string, args ProtectionGroupArgs, opts ...ResourceOption) (*ProtectionGroup, error)
public ProtectionGroup(string name, ProtectionGroupArgs args, CustomResourceOptions? opts = null)
public ProtectionGroup(String name, ProtectionGroupArgs args)
public ProtectionGroup(String name, ProtectionGroupArgs args, CustomResourceOptions options)
type: aws:shield:ProtectionGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ProtectionGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ProtectionGroupArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ProtectionGroupArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ProtectionGroupArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ProtectionGroupArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var protectionGroupResource = new Aws.Shield.ProtectionGroup("protectionGroupResource", new()
{
Aggregation = "string",
Pattern = "string",
ProtectionGroupId = "string",
Members = new[]
{
"string",
},
ResourceType = "string",
Tags =
{
{ "string", "string" },
},
});
example, err := shield.NewProtectionGroup(ctx, "protectionGroupResource", &shield.ProtectionGroupArgs{
Aggregation: pulumi.String("string"),
Pattern: pulumi.String("string"),
ProtectionGroupId: pulumi.String("string"),
Members: pulumi.StringArray{
pulumi.String("string"),
},
ResourceType: pulumi.String("string"),
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
})
var protectionGroupResource = new ProtectionGroup("protectionGroupResource", ProtectionGroupArgs.builder()
.aggregation("string")
.pattern("string")
.protectionGroupId("string")
.members("string")
.resourceType("string")
.tags(Map.of("string", "string"))
.build());
protection_group_resource = aws.shield.ProtectionGroup("protectionGroupResource",
aggregation="string",
pattern="string",
protection_group_id="string",
members=["string"],
resource_type="string",
tags={
"string": "string",
})
const protectionGroupResource = new aws.shield.ProtectionGroup("protectionGroupResource", {
aggregation: "string",
pattern: "string",
protectionGroupId: "string",
members: ["string"],
resourceType: "string",
tags: {
string: "string",
},
});
type: aws:shield:ProtectionGroup
properties:
aggregation: string
members:
- string
pattern: string
protectionGroupId: string
resourceType: string
tags:
string: string
ProtectionGroup Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ProtectionGroup resource accepts the following input properties:
- Aggregation string
- Defines how AWS Shield combines resource data for the group in order to detect, mitigate, and report events.
- Pattern string
- The criteria to use to choose the protected resources for inclusion in the group.
- Protection
Group stringId - The name of the protection group.
- Members List<string>
- The Amazon Resource Names (ARNs) of the resources to include in the protection group. You must set this when you set
pattern
to ARBITRARY and you must not set it for any otherpattern
setting. - Resource
Type string - The resource type to include in the protection group. You must set this when you set
pattern
to BY_RESOURCE_TYPE and you must not set it for any otherpattern
setting. - Dictionary<string, string>
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- Aggregation string
- Defines how AWS Shield combines resource data for the group in order to detect, mitigate, and report events.
- Pattern string
- The criteria to use to choose the protected resources for inclusion in the group.
- Protection
Group stringId - The name of the protection group.
- Members []string
- The Amazon Resource Names (ARNs) of the resources to include in the protection group. You must set this when you set
pattern
to ARBITRARY and you must not set it for any otherpattern
setting. - Resource
Type string - The resource type to include in the protection group. You must set this when you set
pattern
to BY_RESOURCE_TYPE and you must not set it for any otherpattern
setting. - map[string]string
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- aggregation String
- Defines how AWS Shield combines resource data for the group in order to detect, mitigate, and report events.
- pattern String
- The criteria to use to choose the protected resources for inclusion in the group.
- protection
Group StringId - The name of the protection group.
- members List<String>
- The Amazon Resource Names (ARNs) of the resources to include in the protection group. You must set this when you set
pattern
to ARBITRARY and you must not set it for any otherpattern
setting. - resource
Type String - The resource type to include in the protection group. You must set this when you set
pattern
to BY_RESOURCE_TYPE and you must not set it for any otherpattern
setting. - Map<String,String>
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- aggregation string
- Defines how AWS Shield combines resource data for the group in order to detect, mitigate, and report events.
- pattern string
- The criteria to use to choose the protected resources for inclusion in the group.
- protection
Group stringId - The name of the protection group.
- members string[]
- The Amazon Resource Names (ARNs) of the resources to include in the protection group. You must set this when you set
pattern
to ARBITRARY and you must not set it for any otherpattern
setting. - resource
Type string - The resource type to include in the protection group. You must set this when you set
pattern
to BY_RESOURCE_TYPE and you must not set it for any otherpattern
setting. - {[key: string]: string}
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- aggregation str
- Defines how AWS Shield combines resource data for the group in order to detect, mitigate, and report events.
- pattern str
- The criteria to use to choose the protected resources for inclusion in the group.
- protection_
group_ strid - The name of the protection group.
- members Sequence[str]
- The Amazon Resource Names (ARNs) of the resources to include in the protection group. You must set this when you set
pattern
to ARBITRARY and you must not set it for any otherpattern
setting. - resource_
type str - The resource type to include in the protection group. You must set this when you set
pattern
to BY_RESOURCE_TYPE and you must not set it for any otherpattern
setting. - Mapping[str, str]
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- aggregation String
- Defines how AWS Shield combines resource data for the group in order to detect, mitigate, and report events.
- pattern String
- The criteria to use to choose the protected resources for inclusion in the group.
- protection
Group StringId - The name of the protection group.
- members List<String>
- The Amazon Resource Names (ARNs) of the resources to include in the protection group. You must set this when you set
pattern
to ARBITRARY and you must not set it for any otherpattern
setting. - resource
Type String - The resource type to include in the protection group. You must set this when you set
pattern
to BY_RESOURCE_TYPE and you must not set it for any otherpattern
setting. - Map<String>
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
Outputs
All input properties are implicitly available as output properties. Additionally, the ProtectionGroup resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Protection
Group stringArn - The ARN (Amazon Resource Name) of the protection group.
- Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- Id string
- The provider-assigned unique ID for this managed resource.
- Protection
Group stringArn - The ARN (Amazon Resource Name) of the protection group.
- map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- id String
- The provider-assigned unique ID for this managed resource.
- protection
Group StringArn - The ARN (Amazon Resource Name) of the protection group.
- Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- id string
- The provider-assigned unique ID for this managed resource.
- protection
Group stringArn - The ARN (Amazon Resource Name) of the protection group.
- {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- id str
- The provider-assigned unique ID for this managed resource.
- protection_
group_ strarn - The ARN (Amazon Resource Name) of the protection group.
- Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- id String
- The provider-assigned unique ID for this managed resource.
- protection
Group StringArn - The ARN (Amazon Resource Name) of the protection group.
- Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
Look up Existing ProtectionGroup Resource
Get an existing ProtectionGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ProtectionGroupState, opts?: CustomResourceOptions): ProtectionGroup
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
aggregation: Optional[str] = None,
members: Optional[Sequence[str]] = None,
pattern: Optional[str] = None,
protection_group_arn: Optional[str] = None,
protection_group_id: Optional[str] = None,
resource_type: Optional[str] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None) -> ProtectionGroup
func GetProtectionGroup(ctx *Context, name string, id IDInput, state *ProtectionGroupState, opts ...ResourceOption) (*ProtectionGroup, error)
public static ProtectionGroup Get(string name, Input<string> id, ProtectionGroupState? state, CustomResourceOptions? opts = null)
public static ProtectionGroup get(String name, Output<String> id, ProtectionGroupState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Aggregation string
- Defines how AWS Shield combines resource data for the group in order to detect, mitigate, and report events.
- Members List<string>
- The Amazon Resource Names (ARNs) of the resources to include in the protection group. You must set this when you set
pattern
to ARBITRARY and you must not set it for any otherpattern
setting. - Pattern string
- The criteria to use to choose the protected resources for inclusion in the group.
- Protection
Group stringArn - The ARN (Amazon Resource Name) of the protection group.
- Protection
Group stringId - The name of the protection group.
- Resource
Type string - The resource type to include in the protection group. You must set this when you set
pattern
to BY_RESOURCE_TYPE and you must not set it for any otherpattern
setting. - Dictionary<string, string>
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- Aggregation string
- Defines how AWS Shield combines resource data for the group in order to detect, mitigate, and report events.
- Members []string
- The Amazon Resource Names (ARNs) of the resources to include in the protection group. You must set this when you set
pattern
to ARBITRARY and you must not set it for any otherpattern
setting. - Pattern string
- The criteria to use to choose the protected resources for inclusion in the group.
- Protection
Group stringArn - The ARN (Amazon Resource Name) of the protection group.
- Protection
Group stringId - The name of the protection group.
- Resource
Type string - The resource type to include in the protection group. You must set this when you set
pattern
to BY_RESOURCE_TYPE and you must not set it for any otherpattern
setting. - map[string]string
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- aggregation String
- Defines how AWS Shield combines resource data for the group in order to detect, mitigate, and report events.
- members List<String>
- The Amazon Resource Names (ARNs) of the resources to include in the protection group. You must set this when you set
pattern
to ARBITRARY and you must not set it for any otherpattern
setting. - pattern String
- The criteria to use to choose the protected resources for inclusion in the group.
- protection
Group StringArn - The ARN (Amazon Resource Name) of the protection group.
- protection
Group StringId - The name of the protection group.
- resource
Type String - The resource type to include in the protection group. You must set this when you set
pattern
to BY_RESOURCE_TYPE and you must not set it for any otherpattern
setting. - Map<String,String>
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- aggregation string
- Defines how AWS Shield combines resource data for the group in order to detect, mitigate, and report events.
- members string[]
- The Amazon Resource Names (ARNs) of the resources to include in the protection group. You must set this when you set
pattern
to ARBITRARY and you must not set it for any otherpattern
setting. - pattern string
- The criteria to use to choose the protected resources for inclusion in the group.
- protection
Group stringArn - The ARN (Amazon Resource Name) of the protection group.
- protection
Group stringId - The name of the protection group.
- resource
Type string - The resource type to include in the protection group. You must set this when you set
pattern
to BY_RESOURCE_TYPE and you must not set it for any otherpattern
setting. - {[key: string]: string}
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- aggregation str
- Defines how AWS Shield combines resource data for the group in order to detect, mitigate, and report events.
- members Sequence[str]
- The Amazon Resource Names (ARNs) of the resources to include in the protection group. You must set this when you set
pattern
to ARBITRARY and you must not set it for any otherpattern
setting. - pattern str
- The criteria to use to choose the protected resources for inclusion in the group.
- protection_
group_ strarn - The ARN (Amazon Resource Name) of the protection group.
- protection_
group_ strid - The name of the protection group.
- resource_
type str - The resource type to include in the protection group. You must set this when you set
pattern
to BY_RESOURCE_TYPE and you must not set it for any otherpattern
setting. - Mapping[str, str]
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
- aggregation String
- Defines how AWS Shield combines resource data for the group in order to detect, mitigate, and report events.
- members List<String>
- The Amazon Resource Names (ARNs) of the resources to include in the protection group. You must set this when you set
pattern
to ARBITRARY and you must not set it for any otherpattern
setting. - pattern String
- The criteria to use to choose the protected resources for inclusion in the group.
- protection
Group StringArn - The ARN (Amazon Resource Name) of the protection group.
- protection
Group StringId - The name of the protection group.
- resource
Type String - The resource type to include in the protection group. You must set this when you set
pattern
to BY_RESOURCE_TYPE and you must not set it for any otherpattern
setting. - Map<String>
- Key-value map of resource tags. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.
Import
Using pulumi import
, import Shield protection group resources using their protection group id. For example:
$ pulumi import aws:shield/protectionGroup:ProtectionGroup example example
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
aws
Terraform Provider.