1. Packages
  2. AWS Classic
  3. API Docs
  4. shield
  5. DrtAccessRoleArnAssociation

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.3.0 published on Thursday, Sep 28, 2023 by Pulumi

aws.shield.DrtAccessRoleArnAssociation

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.3.0 published on Thursday, Sep 28, 2023 by Pulumi

    Authorizes the Shield Response Team (SRT) using the specified role, to access your AWS account to assist with DDoS attack mitigation during potential attacks. For more information see Configure AWS SRT Support

    Example Usage

    Basic Usage

    using System.Collections.Generic;
    using System.Linq;
    using System.Text.Json;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var testRole = new Aws.Iam.Role("testRole", new()
        {
            AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary<string, object?>
            {
                ["Version"] = "2012-10-17",
                ["Statement"] = new[]
                {
                    new Dictionary<string, object?>
                    {
                        ["Sid"] = "",
                        ["Effect"] = "Allow",
                        ["Principal"] = new Dictionary<string, object?>
                        {
                            ["Service"] = "drt.shield.amazonaws.com",
                        },
                        ["Action"] = "sts:AssumeRole",
                    },
                },
            }),
        });
    
        var testRolePolicyAttachment = new Aws.Iam.RolePolicyAttachment("testRolePolicyAttachment", new()
        {
            Role = testRole.Name,
            PolicyArn = "arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy",
        });
    
        var testDrtAccessRoleArnAssociation = new Aws.Shield.DrtAccessRoleArnAssociation("testDrtAccessRoleArnAssociation", new()
        {
            RoleArn = testRole.Arn,
        });
    
    });
    
    package main
    
    import (
    	"encoding/json"
    
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/shield"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		tmpJSON0, err := json.Marshal(map[string]interface{}{
    			"Version": "2012-10-17",
    			"Statement": []map[string]interface{}{
    				map[string]interface{}{
    					"Sid":    "",
    					"Effect": "Allow",
    					"Principal": map[string]interface{}{
    						"Service": "drt.shield.amazonaws.com",
    					},
    					"Action": "sts:AssumeRole",
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		json0 := string(tmpJSON0)
    		testRole, err := iam.NewRole(ctx, "testRole", &iam.RoleArgs{
    			AssumeRolePolicy: pulumi.String(json0),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = iam.NewRolePolicyAttachment(ctx, "testRolePolicyAttachment", &iam.RolePolicyAttachmentArgs{
    			Role:      testRole.Name,
    			PolicyArn: pulumi.String("arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = shield.NewDrtAccessRoleArnAssociation(ctx, "testDrtAccessRoleArnAssociation", &shield.DrtAccessRoleArnAssociationArgs{
    			RoleArn: testRole.Arn,
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.iam.Role;
    import com.pulumi.aws.iam.RoleArgs;
    import com.pulumi.aws.iam.RolePolicyAttachment;
    import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
    import com.pulumi.aws.shield.DrtAccessRoleArnAssociation;
    import com.pulumi.aws.shield.DrtAccessRoleArnAssociationArgs;
    import static com.pulumi.codegen.internal.Serialization.*;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var testRole = new Role("testRole", RoleArgs.builder()        
                .assumeRolePolicy(serializeJson(
                    jsonObject(
                        jsonProperty("Version", "2012-10-17"),
                        jsonProperty("Statement", jsonArray(jsonObject(
                            jsonProperty("Sid", ""),
                            jsonProperty("Effect", "Allow"),
                            jsonProperty("Principal", jsonObject(
                                jsonProperty("Service", "drt.shield.amazonaws.com")
                            )),
                            jsonProperty("Action", "sts:AssumeRole")
                        )))
                    )))
                .build());
    
            var testRolePolicyAttachment = new RolePolicyAttachment("testRolePolicyAttachment", RolePolicyAttachmentArgs.builder()        
                .role(testRole.name())
                .policyArn("arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy")
                .build());
    
            var testDrtAccessRoleArnAssociation = new DrtAccessRoleArnAssociation("testDrtAccessRoleArnAssociation", DrtAccessRoleArnAssociationArgs.builder()        
                .roleArn(testRole.arn())
                .build());
    
        }
    }
    
    import pulumi
    import json
    import pulumi_aws as aws
    
    test_role = aws.iam.Role("testRole", assume_role_policy=json.dumps({
        "Version": "2012-10-17",
        "Statement": [{
            "Sid": "",
            "Effect": "Allow",
            "Principal": {
                "Service": "drt.shield.amazonaws.com",
            },
            "Action": "sts:AssumeRole",
        }],
    }))
    test_role_policy_attachment = aws.iam.RolePolicyAttachment("testRolePolicyAttachment",
        role=test_role.name,
        policy_arn="arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy")
    test_drt_access_role_arn_association = aws.shield.DrtAccessRoleArnAssociation("testDrtAccessRoleArnAssociation", role_arn=test_role.arn)
    
    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const testRole = new aws.iam.Role("testRole", {assumeRolePolicy: JSON.stringify({
        Version: "2012-10-17",
        Statement: [{
            Sid: "",
            Effect: "Allow",
            Principal: {
                Service: "drt.shield.amazonaws.com",
            },
            Action: "sts:AssumeRole",
        }],
    })});
    const testRolePolicyAttachment = new aws.iam.RolePolicyAttachment("testRolePolicyAttachment", {
        role: testRole.name,
        policyArn: "arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy",
    });
    const testDrtAccessRoleArnAssociation = new aws.shield.DrtAccessRoleArnAssociation("testDrtAccessRoleArnAssociation", {roleArn: testRole.arn});
    
    resources:
      testRole:
        type: aws:iam:Role
        properties:
          assumeRolePolicy:
            fn::toJSON:
              Version: 2012-10-17
              Statement:
                - Sid:
                  Effect: Allow
                  Principal:
                    Service: drt.shield.amazonaws.com
                  Action: sts:AssumeRole
      testRolePolicyAttachment:
        type: aws:iam:RolePolicyAttachment
        properties:
          role: ${testRole.name}
          policyArn: arn:aws:iam::aws:policy/service-role/AWSShieldDRTAccessPolicy
      testDrtAccessRoleArnAssociation:
        type: aws:shield:DrtAccessRoleArnAssociation
        properties:
          roleArn: ${testRole.arn}
    

    Create DrtAccessRoleArnAssociation Resource

    new DrtAccessRoleArnAssociation(name: string, args: DrtAccessRoleArnAssociationArgs, opts?: CustomResourceOptions);
    @overload
    def DrtAccessRoleArnAssociation(resource_name: str,
                                    opts: Optional[ResourceOptions] = None,
                                    role_arn: Optional[str] = None,
                                    timeouts: Optional[DrtAccessRoleArnAssociationTimeoutsArgs] = None)
    @overload
    def DrtAccessRoleArnAssociation(resource_name: str,
                                    args: DrtAccessRoleArnAssociationArgs,
                                    opts: Optional[ResourceOptions] = None)
    func NewDrtAccessRoleArnAssociation(ctx *Context, name string, args DrtAccessRoleArnAssociationArgs, opts ...ResourceOption) (*DrtAccessRoleArnAssociation, error)
    public DrtAccessRoleArnAssociation(string name, DrtAccessRoleArnAssociationArgs args, CustomResourceOptions? opts = null)
    public DrtAccessRoleArnAssociation(String name, DrtAccessRoleArnAssociationArgs args)
    public DrtAccessRoleArnAssociation(String name, DrtAccessRoleArnAssociationArgs args, CustomResourceOptions options)
    
    type: aws:shield:DrtAccessRoleArnAssociation
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args DrtAccessRoleArnAssociationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args DrtAccessRoleArnAssociationArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args DrtAccessRoleArnAssociationArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args DrtAccessRoleArnAssociationArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args DrtAccessRoleArnAssociationArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    DrtAccessRoleArnAssociation Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The DrtAccessRoleArnAssociation resource accepts the following input properties:

    RoleArn string

    The Amazon Resource Name (ARN) of the role the SRT will use to access your AWS account. Prior to making the AssociateDRTRole request, you must attach the AWSShieldDRTAccessPolicy managed policy to this role.

    Timeouts DrtAccessRoleArnAssociationTimeouts
    RoleArn string

    The Amazon Resource Name (ARN) of the role the SRT will use to access your AWS account. Prior to making the AssociateDRTRole request, you must attach the AWSShieldDRTAccessPolicy managed policy to this role.

    Timeouts DrtAccessRoleArnAssociationTimeoutsArgs
    roleArn String

    The Amazon Resource Name (ARN) of the role the SRT will use to access your AWS account. Prior to making the AssociateDRTRole request, you must attach the AWSShieldDRTAccessPolicy managed policy to this role.

    timeouts DrtAccessRoleArnAssociationTimeouts
    roleArn string

    The Amazon Resource Name (ARN) of the role the SRT will use to access your AWS account. Prior to making the AssociateDRTRole request, you must attach the AWSShieldDRTAccessPolicy managed policy to this role.

    timeouts DrtAccessRoleArnAssociationTimeouts
    role_arn str

    The Amazon Resource Name (ARN) of the role the SRT will use to access your AWS account. Prior to making the AssociateDRTRole request, you must attach the AWSShieldDRTAccessPolicy managed policy to this role.

    timeouts DrtAccessRoleArnAssociationTimeoutsArgs
    roleArn String

    The Amazon Resource Name (ARN) of the role the SRT will use to access your AWS account. Prior to making the AssociateDRTRole request, you must attach the AWSShieldDRTAccessPolicy managed policy to this role.

    timeouts Property Map

    Outputs

    All input properties are implicitly available as output properties. Additionally, the DrtAccessRoleArnAssociation resource produces the following output properties:

    Id string

    The provider-assigned unique ID for this managed resource.

    Id string

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    id string

    The provider-assigned unique ID for this managed resource.

    id str

    The provider-assigned unique ID for this managed resource.

    id String

    The provider-assigned unique ID for this managed resource.

    Look up Existing DrtAccessRoleArnAssociation Resource

    Get an existing DrtAccessRoleArnAssociation resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: DrtAccessRoleArnAssociationState, opts?: CustomResourceOptions): DrtAccessRoleArnAssociation
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            role_arn: Optional[str] = None,
            timeouts: Optional[DrtAccessRoleArnAssociationTimeoutsArgs] = None) -> DrtAccessRoleArnAssociation
    func GetDrtAccessRoleArnAssociation(ctx *Context, name string, id IDInput, state *DrtAccessRoleArnAssociationState, opts ...ResourceOption) (*DrtAccessRoleArnAssociation, error)
    public static DrtAccessRoleArnAssociation Get(string name, Input<string> id, DrtAccessRoleArnAssociationState? state, CustomResourceOptions? opts = null)
    public static DrtAccessRoleArnAssociation get(String name, Output<String> id, DrtAccessRoleArnAssociationState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    RoleArn string

    The Amazon Resource Name (ARN) of the role the SRT will use to access your AWS account. Prior to making the AssociateDRTRole request, you must attach the AWSShieldDRTAccessPolicy managed policy to this role.

    Timeouts DrtAccessRoleArnAssociationTimeouts
    RoleArn string

    The Amazon Resource Name (ARN) of the role the SRT will use to access your AWS account. Prior to making the AssociateDRTRole request, you must attach the AWSShieldDRTAccessPolicy managed policy to this role.

    Timeouts DrtAccessRoleArnAssociationTimeoutsArgs
    roleArn String

    The Amazon Resource Name (ARN) of the role the SRT will use to access your AWS account. Prior to making the AssociateDRTRole request, you must attach the AWSShieldDRTAccessPolicy managed policy to this role.

    timeouts DrtAccessRoleArnAssociationTimeouts
    roleArn string

    The Amazon Resource Name (ARN) of the role the SRT will use to access your AWS account. Prior to making the AssociateDRTRole request, you must attach the AWSShieldDRTAccessPolicy managed policy to this role.

    timeouts DrtAccessRoleArnAssociationTimeouts
    role_arn str

    The Amazon Resource Name (ARN) of the role the SRT will use to access your AWS account. Prior to making the AssociateDRTRole request, you must attach the AWSShieldDRTAccessPolicy managed policy to this role.

    timeouts DrtAccessRoleArnAssociationTimeoutsArgs
    roleArn String

    The Amazon Resource Name (ARN) of the role the SRT will use to access your AWS account. Prior to making the AssociateDRTRole request, you must attach the AWSShieldDRTAccessPolicy managed policy to this role.

    timeouts Property Map

    Supporting Types

    DrtAccessRoleArnAssociationTimeouts, DrtAccessRoleArnAssociationTimeoutsArgs

    Create string
    Delete string
    Read string
    Create string
    Delete string
    Read string
    create String
    delete String
    read String
    create string
    delete string
    read string
    create str
    delete str
    read str
    create String
    delete String
    read String

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes

    This Pulumi package is based on the aws Terraform Provider.

    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.3.0 published on Thursday, Sep 28, 2023 by Pulumi