Protection

The Protection resource lets you manage AWS Shield Protections to safeguard your applications against DDoS attacks and ensure high availability.

Minimal Example

Create a basic AWS Shield Protection with required properties and common optional ones like health checks and tags.

import AWS from "alchemy/aws/control";

const basicProtection = await AWS.Shield.Protection("basicProtection", {
  resourceArn: "arn:aws:elasticloadbalancing:us-west-2:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188",
  healthCheckArns: [
    "arn:aws:route53:::healthcheck/12345678-1234-1234-1234-123456789012"
  ],
  tags: [
    { key: "Environment", value: "Production" },
    { key: "Project", value: "MyApp" }
  ],
  name: "MyApplicationProtection"
});

Advanced Configuration

Configure advanced settings for application layer automatic responses to enhance security during attacks.

import AWS from "alchemy/aws/control";

const advancedProtection = await AWS.Shield.Protection("advancedProtection", {
  resourceArn: "arn:aws:cloudfront::123456789012:distribution/E1234567890",
  applicationLayerAutomaticResponseConfiguration: {
    automaticResponseStatus: "ENABLED",
    responseAction: {
      action: "BLOCK",
      blockResponse: {
        blockResponse: "MALICIOUS_REQUEST"
      }
    }
  },
  name: "MyAdvancedProtection"
});

Custom Protection with Adoption

Create a protection resource while adopting an existing resource if it already exists.

import AWS from "alchemy/aws/control";

const customProtection = await AWS.Shield.Protection("customProtection", {
  resourceArn: "arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0",
  adopt: true,  // Adopt existing resource instead of failing
  healthCheckArns: [
    "arn:aws:route53:::healthcheck/87654321-4321-4321-4321-abcdefabcdef"
  ],
  tags: [
    { key: "Environment", value: "Staging" },
    { key: "Owner", value: "Team Alpha" }
  ],
  name: "StagingProtection"
});