Guides

SHIELD

docs.aws.amazon.com
AWS documentation

AssociateDRTLogBucket

valid {
    input.Body.LogBucket == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AssociateDRTRole

valid {
    input.Body.RoleArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AssociateHealthCheck

valid {
    input.Body.ProtectionId == STRING
    input.Body.HealthCheckArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

AssociateProactiveEngagementDetails

valid {
    input.Body.EmergencyContactList[_].EmailAddress == STRING
    input.Body.EmergencyContactList[_].PhoneNumber == STRING
    input.Body.EmergencyContactList[_].ContactNotes == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateProtection

valid {
    input.Body.Name == STRING
    input.Body.ResourceArn == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateProtectionGroup

enum_ProtectedResourceType := [ "CLOUDFRONT_DISTRIBUTION", "ROUTE_53_HOSTED_ZONE", "ELASTIC_IP_ALLOCATION", "CLASSIC_LOAD_BALANCER", "APPLICATION_LOAD_BALANCER", "GLOBAL_ACCELERATOR" ]
enum_ProtectionGroupAggregation := [ "SUM", "MEAN", "MAX" ]
enum_ProtectionGroupPattern := [ "ALL", "ARBITRARY", "BY_RESOURCE_TYPE" ]

valid {
    input.Body.ProtectionGroupId == STRING
    input.Body.Aggregation == enum_ProtectionGroupAggregation[_]
    input.Body.Pattern == enum_ProtectionGroupPattern[_]
    input.Body.ResourceType == enum_ProtectedResourceType[_]
    input.Body.Members[_] == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateSubscription

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteProtection

valid {
    input.Body.ProtectionId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteProtectionGroup

valid {
    input.Body.ProtectionGroupId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteSubscription

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeAttack

valid {
    input.Body.AttackId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeAttackStatistics

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeDRTAccess

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeEmergencyContactSettings

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeProtection

valid {
    input.Body.ProtectionId == STRING
    input.Body.ResourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeProtectionGroup

valid {
    input.Body.ProtectionGroupId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DescribeSubscription

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisableApplicationLayerAutomaticResponse

valid {
    input.Body.ResourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisableProactiveEngagement

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisassociateDRTLogBucket

valid {
    input.Body.LogBucket == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisassociateDRTRole

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisassociateHealthCheck

valid {
    input.Body.ProtectionId == STRING
    input.Body.HealthCheckArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

EnableApplicationLayerAutomaticResponse

valid {
    input.Body.ResourceArn == STRING
    input.Body.Action.Block == {}
    input.Body.Action.Count == {}
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

EnableProactiveEngagement

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetSubscriptionState

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListAttacks

valid {
    input.Body.ResourceArns[_] == STRING
    input.Body.StartTime.FromInclusive == TIMESTAMP
    input.Body.StartTime.ToExclusive == TIMESTAMP
    input.Body.EndTime.FromInclusive == TIMESTAMP
    input.Body.EndTime.ToExclusive == TIMESTAMP
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListProtectionGroups

enum_ProtectedResourceType := [ "CLOUDFRONT_DISTRIBUTION", "ROUTE_53_HOSTED_ZONE", "ELASTIC_IP_ALLOCATION", "CLASSIC_LOAD_BALANCER", "APPLICATION_LOAD_BALANCER", "GLOBAL_ACCELERATOR" ]
enum_ProtectionGroupAggregation := [ "SUM", "MEAN", "MAX" ]
enum_ProtectionGroupPattern := [ "ALL", "ARBITRARY", "BY_RESOURCE_TYPE" ]

valid {
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.Body.InclusionFilters.ProtectionGroupIds[_] == STRING
    input.Body.InclusionFilters.Patterns[_] == enum_ProtectionGroupPattern[_]
    input.Body.InclusionFilters.ResourceTypes[_] == enum_ProtectedResourceType[_]
    input.Body.InclusionFilters.Aggregations[_] == enum_ProtectionGroupAggregation[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListProtections

enum_ProtectedResourceType := [ "CLOUDFRONT_DISTRIBUTION", "ROUTE_53_HOSTED_ZONE", "ELASTIC_IP_ALLOCATION", "CLASSIC_LOAD_BALANCER", "APPLICATION_LOAD_BALANCER", "GLOBAL_ACCELERATOR" ]

valid {
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.Body.InclusionFilters.ResourceArns[_] == STRING
    input.Body.InclusionFilters.ProtectionNames[_] == STRING
    input.Body.InclusionFilters.ResourceTypes[_] == enum_ProtectedResourceType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListResourcesInProtectionGroup

valid {
    input.Body.ProtectionGroupId == STRING
    input.Body.NextToken == STRING
    input.Body.MaxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListTagsForResource

valid {
    input.Body.ResourceARN == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagResource

valid {
    input.Body.ResourceARN == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagResource

valid {
    input.Body.ResourceARN == STRING
    input.Body.TagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateApplicationLayerAutomaticResponse

valid {
    input.Body.ResourceArn == STRING
    input.Body.Action.Block == {}
    input.Body.Action.Count == {}
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateEmergencyContactSettings

valid {
    input.Body.EmergencyContactList[_].EmailAddress == STRING
    input.Body.EmergencyContactList[_].PhoneNumber == STRING
    input.Body.EmergencyContactList[_].ContactNotes == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateProtectionGroup

enum_ProtectedResourceType := [ "CLOUDFRONT_DISTRIBUTION", "ROUTE_53_HOSTED_ZONE", "ELASTIC_IP_ALLOCATION", "CLASSIC_LOAD_BALANCER", "APPLICATION_LOAD_BALANCER", "GLOBAL_ACCELERATOR" ]
enum_ProtectionGroupAggregation := [ "SUM", "MEAN", "MAX" ]
enum_ProtectionGroupPattern := [ "ALL", "ARBITRARY", "BY_RESOURCE_TYPE" ]

valid {
    input.Body.ProtectionGroupId == STRING
    input.Body.Aggregation == enum_ProtectionGroupAggregation[_]
    input.Body.Pattern == enum_ProtectionGroupPattern[_]
    input.Body.ResourceType == enum_ProtectedResourceType[_]
    input.Body.Members[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateSubscription

enum_AutoRenew := [ "ENABLED", "DISABLED" ]

valid {
    input.Body.AutoRenew == enum_AutoRenew[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}