DRTAccess

The DRTAccess resource allows you to manage access to the AWS Shield DDoS Response Team (DRT) for your AWS resources. This resource is essential for enabling AWS Shield to log and monitor your resources for potential DDoS attacks. For more information, visit the AWS Shield DRTAccess.

Minimal Example

Create a DRTAccess resource with the required properties and one optional property.

import AWS from "alchemy/aws/control";

const drtAccess = await AWS.Shield.DRTAccess("drtAccessResource", {
  LogBucketList: ["arn:aws:s3:::my-log-bucket"],
  RoleArn: "arn:aws:iam::123456789012:role/myShieldRole"
});

Advanced Configuration

Configure a DRTAccess resource with additional options, such as adopting existing resources.

const advancedDrtAccess = await AWS.Shield.DRTAccess("advancedDrtAccessResource", {
  LogBucketList: ["arn:aws:s3:::my-log-bucket", "arn:aws:s3:::my-additional-log-bucket"],
  RoleArn: "arn:aws:iam::123456789012:role/myAdvancedShieldRole",
  adopt: true
});

Logging Configuration

Set up a DRTAccess resource specifically for logging access with multiple log buckets.

const loggingDrtAccess = await AWS.Shield.DRTAccess("loggingDrtAccessResource", {
  LogBucketList: [
    "arn:aws:s3:::my-log-bucket",
    "arn:aws:s3:::my-backup-log-bucket"
  ],
  RoleArn: "arn:aws:iam::123456789012:role/myLoggingShieldRole"
});

Role Permissions Example

Define a DRTAccess resource with specific IAM role permissions for enhanced security.

const permissionsDrtAccess = await AWS.Shield.DRTAccess("permissionsDrtAccessResource", {
  LogBucketList: ["arn:aws:s3:::my-secure-log-bucket"],
  RoleArn: "arn:aws:iam::123456789012:role/myPermissionsShieldRole",
  adopt: false
});

// IAM Policy for the Role
const policy = {
  Version: "2012-10-17",
  Statement: [
    {
      Effect: "Allow",
      Action: [
        "shield:AssociateDRTAccess",
        "shield:DisassociateDRTAccess",
        "shield:GetDRTAccess",
        "shield:ListDRTAccess"
      ],
      Resource: "*"
    }
  ]
};