SHIELD
AssociateDRTLogBucket
valid {
input.Body.LogBucket == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AssociateDRTRole
valid {
input.Body.RoleArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AssociateHealthCheck
valid {
input.Body.ProtectionId == STRING
input.Body.HealthCheckArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}AssociateProactiveEngagementDetails
valid {
input.Body.EmergencyContactList[_].EmailAddress == STRING
input.Body.EmergencyContactList[_].PhoneNumber == STRING
input.Body.EmergencyContactList[_].ContactNotes == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateProtection
valid {
input.Body.Name == STRING
input.Body.ResourceArn == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateProtectionGroup
enum_ProtectedResourceType := [ "CLOUDFRONT_DISTRIBUTION", "ROUTE_53_HOSTED_ZONE", "ELASTIC_IP_ALLOCATION", "CLASSIC_LOAD_BALANCER", "APPLICATION_LOAD_BALANCER", "GLOBAL_ACCELERATOR" ]
enum_ProtectionGroupAggregation := [ "SUM", "MEAN", "MAX" ]
enum_ProtectionGroupPattern := [ "ALL", "ARBITRARY", "BY_RESOURCE_TYPE" ]
valid {
input.Body.ProtectionGroupId == STRING
input.Body.Aggregation == enum_ProtectionGroupAggregation[_]
input.Body.Pattern == enum_ProtectionGroupPattern[_]
input.Body.ResourceType == enum_ProtectedResourceType[_]
input.Body.Members[_] == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateSubscription
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteProtection
valid {
input.Body.ProtectionId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteProtectionGroup
valid {
input.Body.ProtectionGroupId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteSubscription
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeAttack
valid {
input.Body.AttackId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeAttackStatistics
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeDRTAccess
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeEmergencyContactSettings
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeProtection
valid {
input.Body.ProtectionId == STRING
input.Body.ResourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeProtectionGroup
valid {
input.Body.ProtectionGroupId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeSubscription
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DisableApplicationLayerAutomaticResponse
valid {
input.Body.ResourceArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DisableProactiveEngagement
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DisassociateDRTLogBucket
valid {
input.Body.LogBucket == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DisassociateDRTRole
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DisassociateHealthCheck
valid {
input.Body.ProtectionId == STRING
input.Body.HealthCheckArn == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}EnableApplicationLayerAutomaticResponse
valid {
input.Body.ResourceArn == STRING
input.Body.Action.Block == {}
input.Body.Action.Count == {}
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}EnableProactiveEngagement
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetSubscriptionState
valid {
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListAttacks
valid {
input.Body.ResourceArns[_] == STRING
input.Body.StartTime.FromInclusive == TIMESTAMP
input.Body.StartTime.ToExclusive == TIMESTAMP
input.Body.EndTime.FromInclusive == TIMESTAMP
input.Body.EndTime.ToExclusive == TIMESTAMP
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListProtectionGroups
enum_ProtectedResourceType := [ "CLOUDFRONT_DISTRIBUTION", "ROUTE_53_HOSTED_ZONE", "ELASTIC_IP_ALLOCATION", "CLASSIC_LOAD_BALANCER", "APPLICATION_LOAD_BALANCER", "GLOBAL_ACCELERATOR" ]
enum_ProtectionGroupAggregation := [ "SUM", "MEAN", "MAX" ]
enum_ProtectionGroupPattern := [ "ALL", "ARBITRARY", "BY_RESOURCE_TYPE" ]
valid {
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.Body.InclusionFilters.ProtectionGroupIds[_] == STRING
input.Body.InclusionFilters.Patterns[_] == enum_ProtectionGroupPattern[_]
input.Body.InclusionFilters.ResourceTypes[_] == enum_ProtectedResourceType[_]
input.Body.InclusionFilters.Aggregations[_] == enum_ProtectionGroupAggregation[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListProtections
enum_ProtectedResourceType := [ "CLOUDFRONT_DISTRIBUTION", "ROUTE_53_HOSTED_ZONE", "ELASTIC_IP_ALLOCATION", "CLASSIC_LOAD_BALANCER", "APPLICATION_LOAD_BALANCER", "GLOBAL_ACCELERATOR" ]
valid {
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.Body.InclusionFilters.ResourceArns[_] == STRING
input.Body.InclusionFilters.ProtectionNames[_] == STRING
input.Body.InclusionFilters.ResourceTypes[_] == enum_ProtectedResourceType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListResourcesInProtectionGroup
valid {
input.Body.ProtectionGroupId == STRING
input.Body.NextToken == STRING
input.Body.MaxResults == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListTagsForResource
valid {
input.Body.ResourceARN == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}TagResource
valid {
input.Body.ResourceARN == STRING
input.Body.Tags[_].Key == STRING
input.Body.Tags[_].Value == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UntagResource
valid {
input.Body.ResourceARN == STRING
input.Body.TagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateApplicationLayerAutomaticResponse
valid {
input.Body.ResourceArn == STRING
input.Body.Action.Block == {}
input.Body.Action.Count == {}
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateEmergencyContactSettings
valid {
input.Body.EmergencyContactList[_].EmailAddress == STRING
input.Body.EmergencyContactList[_].PhoneNumber == STRING
input.Body.EmergencyContactList[_].ContactNotes == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateProtectionGroup
enum_ProtectedResourceType := [ "CLOUDFRONT_DISTRIBUTION", "ROUTE_53_HOSTED_ZONE", "ELASTIC_IP_ALLOCATION", "CLASSIC_LOAD_BALANCER", "APPLICATION_LOAD_BALANCER", "GLOBAL_ACCELERATOR" ]
enum_ProtectionGroupAggregation := [ "SUM", "MEAN", "MAX" ]
enum_ProtectionGroupPattern := [ "ALL", "ARBITRARY", "BY_RESOURCE_TYPE" ]
valid {
input.Body.ProtectionGroupId == STRING
input.Body.Aggregation == enum_ProtectionGroupAggregation[_]
input.Body.Pattern == enum_ProtectionGroupPattern[_]
input.Body.ResourceType == enum_ProtectedResourceType[_]
input.Body.Members[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateSubscription
enum_AutoRenew := [ "ENABLED", "DISABLED" ]
valid {
input.Body.AutoRenew == enum_AutoRenew[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}Updated 7 days ago