AWS::Shield::DRTAccess

Shield DRTAccess

Config the role and list of Amazon S3 log buckets used by the Shield Response Team (SRT) to access your AWS account while assisting with attack mitigation.

Properties

2 configurable properties. 1 required. Click a row to see details.

Filter:

Property	Type	Flags
`RoleArn`	`string`	Required
`LogBucketList`	`Array<string>`

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

Attribute	Type	Description
`AccountId`	`string`	-

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::Shield::DRTAccess

Resources:
  MyResource:
    Type: AWS::Shield::DRTAccess
    Properties:
      RoleArn: "arn:aws:service:region:account:resource"

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

shield:DescribeDRTAccessshield:AssociateDRTLogBucketshield:AssociateDRTRoleiam:PassRoleiam:GetRoleiam:ListAttachedRolePoliciess3:GetBucketPolicys3:PutBucketPolicy

delete

shield:DescribeDRTAccessshield:DisassociateDRTLogBucketshield:DisassociateDRTRoleiam:PassRoleiam:GetRoleiam:ListAttachedRolePoliciess3:GetBucketPolicys3:PutBucketPolicy

read

shield:DescribeDRTAccess

update

shield:DescribeDRTAccessshield:AssociateDRTLogBucketshield:AssociateDRTRoleshield:DisassociateDRTLogBucketshield:DisassociateDRTRoleiam:PassRoleiam:GetRoleiam:ListAttachedRolePolicies

list

shield:DescribeDRTAccess

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

ServiceShield

Properties3

Required1

TaggingNot supported

Primary IDAccountId

Supported Operations

CreateDeleteReadUpdateList

Related Resources

External Links

AWS Documentation