SHIELD
AssociateDRTLogBucket
valid {
input.Body.LogBucket == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AssociateDRTRole
valid {
input.Body.RoleArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AssociateHealthCheck
valid {
input.Body.ProtectionId == STRING
input.Body.HealthCheckArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
AssociateProactiveEngagementDetails
valid {
input.Body.EmergencyContactList[_].EmailAddress == STRING
input.Body.EmergencyContactList[_].PhoneNumber == STRING
input.Body.EmergencyContactList[_].ContactNotes == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateProtection
valid {
input.Body.Name == STRING
input.Body.ResourceArn == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateProtectionGroup
enum_ProtectedResourceType := [ "CLOUDFRONT_DISTRIBUTION", "ROUTE_53_HOSTED_ZONE", "ELASTIC_IP_ALLOCATION", "CLASSIC_LOAD_BALANCER", "APPLICATION_LOAD_BALANCER", "GLOBAL_ACCELERATOR" ]
enum_ProtectionGroupAggregation := [ "SUM", "MEAN", "MAX" ]
enum_ProtectionGroupPattern := [ "ALL", "ARBITRARY", "BY_RESOURCE_TYPE" ]
valid {
input.Body.ProtectionGroupId == STRING
input.Body.Aggregation == enum_ProtectionGroupAggregation[_]
input.Body.Pattern == enum_ProtectionGroupPattern[_]
input.Body.ResourceType == enum_ProtectedResourceType[_]
input.Body.Members[_] == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
CreateSubscription
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteProtection
valid {
input.Body.ProtectionId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteProtectionGroup
valid {
input.Body.ProtectionGroupId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DeleteSubscription
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeAttack
valid {
input.Body.AttackId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeAttackStatistics
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeDRTAccess
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeEmergencyContactSettings
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeProtection
valid {
input.Body.ProtectionId == STRING
input.Body.ResourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeProtectionGroup
valid {
input.Body.ProtectionGroupId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DescribeSubscription
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisableApplicationLayerAutomaticResponse
valid {
input.Body.ResourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisableProactiveEngagement
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisassociateDRTLogBucket
valid {
input.Body.LogBucket == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisassociateDRTRole
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
DisassociateHealthCheck
valid {
input.Body.ProtectionId == STRING
input.Body.HealthCheckArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
EnableApplicationLayerAutomaticResponse
valid {
input.Body.ResourceArn == STRING
input.Body.Action.Block == {}
input.Body.Action.Count == {}
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
EnableProactiveEngagement
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
GetSubscriptionState
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListAttacks
valid {
input.Body.ResourceArns[_] == STRING
input.Body.StartTime.FromInclusive == TIMESTAMP
input.Body.StartTime.ToExclusive == TIMESTAMP
input.Body.EndTime.FromInclusive == TIMESTAMP
input.Body.EndTime.ToExclusive == TIMESTAMP
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListProtectionGroups
enum_ProtectedResourceType := [ "CLOUDFRONT_DISTRIBUTION", "ROUTE_53_HOSTED_ZONE", "ELASTIC_IP_ALLOCATION", "CLASSIC_LOAD_BALANCER", "APPLICATION_LOAD_BALANCER", "GLOBAL_ACCELERATOR" ]
enum_ProtectionGroupAggregation := [ "SUM", "MEAN", "MAX" ]
enum_ProtectionGroupPattern := [ "ALL", "ARBITRARY", "BY_RESOURCE_TYPE" ]
valid {
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.Body.InclusionFilters.ProtectionGroupIds[_] == STRING
input.Body.InclusionFilters.Patterns[_] == enum_ProtectionGroupPattern[_]
input.Body.InclusionFilters.ResourceTypes[_] == enum_ProtectedResourceType[_]
input.Body.InclusionFilters.Aggregations[_] == enum_ProtectionGroupAggregation[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListProtections
enum_ProtectedResourceType := [ "CLOUDFRONT_DISTRIBUTION", "ROUTE_53_HOSTED_ZONE", "ELASTIC_IP_ALLOCATION", "CLASSIC_LOAD_BALANCER", "APPLICATION_LOAD_BALANCER", "GLOBAL_ACCELERATOR" ]
valid {
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.Body.InclusionFilters.ResourceArns[_] == STRING
input.Body.InclusionFilters.ProtectionNames[_] == STRING
input.Body.InclusionFilters.ResourceTypes[_] == enum_ProtectedResourceType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListResourcesInProtectionGroup
valid {
input.Body.ProtectionGroupId == STRING
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
ListTagsForResource
valid {
input.Body.ResourceARN == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
TagResource
valid {
input.Body.ResourceARN == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UntagResource
valid {
input.Body.ResourceARN == STRING
input.Body.TagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateApplicationLayerAutomaticResponse
valid {
input.Body.ResourceArn == STRING
input.Body.Action.Block == {}
input.Body.Action.Count == {}
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateEmergencyContactSettings
valid {
input.Body.EmergencyContactList[_].EmailAddress == STRING
input.Body.EmergencyContactList[_].PhoneNumber == STRING
input.Body.EmergencyContactList[_].ContactNotes == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateProtectionGroup
enum_ProtectedResourceType := [ "CLOUDFRONT_DISTRIBUTION", "ROUTE_53_HOSTED_ZONE", "ELASTIC_IP_ALLOCATION", "CLASSIC_LOAD_BALANCER", "APPLICATION_LOAD_BALANCER", "GLOBAL_ACCELERATOR" ]
enum_ProtectionGroupAggregation := [ "SUM", "MEAN", "MAX" ]
enum_ProtectionGroupPattern := [ "ALL", "ARBITRARY", "BY_RESOURCE_TYPE" ]
valid {
input.Body.ProtectionGroupId == STRING
input.Body.Aggregation == enum_ProtectionGroupAggregation[_]
input.Body.Pattern == enum_ProtectionGroupPattern[_]
input.Body.ResourceType == enum_ProtectedResourceType[_]
input.Body.Members[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
UpdateSubscription
enum_AutoRenew := [ "ENABLED", "DISABLED" ]
valid {
input.Body.AutoRenew == enum_AutoRenew[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}
Updated 6 days ago