drt_access
Gets an individual drt_access resource
Overview
| Name | drt_access |
| Type | Resource |
| Description | drt_access |
| Id | awscc.shield.drt_access |
Fields
| Name | Datatype | Description |
|---|---|---|
account_id | string | |
log_bucket_list | array | Authorizes the Shield Response Team (SRT) to access the specified Amazon S3 bucket containing log data such as Application Load Balancer access logs, CloudFront logs, or logs from third party sources. You can associate up to 10 Amazon S3 buckets with your subscription. |
role_arn | string | Authorizes the Shield Response Team (SRT) using the specified role, to access your AWS account to assist with DDoS attack mitigation during potential attacks. This enables the SRT to inspect your AWS WAF configuration and create or update AWS WAF rules and web ACLs. |
region | string | AWS region. |
Methods
Currently only SELECT is supported for this resource resource.
Example
SELECT
region,
account_id,
log_bucket_list,
role_arn
FROM awscc.shield.drt_access
WHERE data__Identifier = '<AccountId>';
Permissions
To operate on the drt_access resource, the following permissions are required:
Delete
shield:DescribeDRTAccess,
shield:DisassociateDRTLogBucket,
shield:DisassociateDRTRole,
iam:PassRole,
iam:GetRole,
iam:ListAttachedRolePolicies,
s3:GetBucketPolicy,
s3:PutBucketPolicy,
s3:DeleteBucketPolicy
Read
shield:DescribeDRTAccess
Update
shield:DescribeDRTAccess,
shield:AssociateDRTLogBucket,
shield:AssociateDRTRole,
shield:DisassociateDRTLogBucket,
shield:DisassociateDRTRole,
iam:PassRole,
iam:GetRole,
iam:ListAttachedRolePolicies,
s3:GetBucketPolicy,
s3:PutBucketPolicy,
s3:DeleteBucketPolicy