com.amazonaws.services.shield

Class AWSShieldClient

java.lang.Object

com.amazonaws.AmazonWebServiceClient

com.amazonaws.services.shield.AWSShieldClient

All Implemented Interfaces:

AWSShield

Direct Known Subclasses:

AWSShieldAsyncClient

@ThreadSafe
 @Generated(value="com.amazonaws:aws-java-sdk-code-generator")
public class AWSShieldClient
extends AmazonWebServiceClient
implements AWSShield

Client for accessing AWS Shield. All service calls made using this client are blocking, and will not return until the service call completes.

Shield Advanced

This is the Shield Advanced API Reference. This guide is for developers who need detailed information about the Shield Advanced API actions, data types, and errors. For detailed information about WAF and Shield Advanced features and an overview of how to use the WAF and Shield Advanced APIs, see the WAF and Shield Developer Guide.

Field Summary

Fields inherited from class com.amazonaws.AmazonWebServiceClient

LOGGING_AWS_REQUEST_METRIC

Fields inherited from interface com.amazonaws.services.shield.AWSShield

ENDPOINT_PREFIX

Constructor Summary

Constructors

Constructor and Description
AWSShieldClient() Deprecated. use AWSShieldClientBuilder.defaultClient()
AWSShieldClient(AWSCredentials awsCredentials) Deprecated. use AwsClientBuilder.withCredentials(AWSCredentialsProvider) for example: AWSShieldClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(awsCredentials)).build();
AWSShieldClient(AWSCredentials awsCredentials, ClientConfiguration clientConfiguration) Deprecated. use AwsClientBuilder.withCredentials(AWSCredentialsProvider) and AwsClientBuilder.withClientConfiguration(ClientConfiguration)
AWSShieldClient(AWSCredentialsProvider awsCredentialsProvider) Deprecated. use AwsClientBuilder.withCredentials(AWSCredentialsProvider)
AWSShieldClient(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration) Deprecated. use AwsClientBuilder.withCredentials(AWSCredentialsProvider) and AwsClientBuilder.withClientConfiguration(ClientConfiguration)
AWSShieldClient(AWSCredentialsProvider awsCredentialsProvider, ClientConfiguration clientConfiguration, RequestMetricCollector requestMetricCollector) Deprecated. use AwsClientBuilder.withCredentials(AWSCredentialsProvider) and AwsClientBuilder.withClientConfiguration(ClientConfiguration) and AwsClientBuilder.withMetricsCollector(RequestMetricCollector)
AWSShieldClient(ClientConfiguration clientConfiguration) Deprecated. use AwsClientBuilder.withClientConfiguration(ClientConfiguration)

Method Summary

Modifier and Type	Method and Description
AssociateDRTLogBucketResult	associateDRTLogBucket(AssociateDRTLogBucketRequest request) Authorizes the Shield Response Team (SRT) to access the specified Amazon S3 bucket containing log data such as Application Load Balancer access logs, CloudFront logs, or logs from third party sources.
AssociateDRTRoleResult	associateDRTRole(AssociateDRTRoleRequest request) Authorizes the Shield Response Team (SRT) using the specified role, to access your Amazon Web Services account to assist with DDoS attack mitigation during potential attacks.
AssociateHealthCheckResult	associateHealthCheck(AssociateHealthCheckRequest request) Adds health-based detection to the Shield Advanced protection for a resource.
AssociateProactiveEngagementDetailsResult	associateProactiveEngagementDetails(AssociateProactiveEngagementDetailsRequest request) Initializes proactive engagement and sets the list of contacts for the Shield Response Team (SRT) to use.
static AWSShieldClientBuilder	builder()
CreateProtectionResult	createProtection(CreateProtectionRequest request) Enables Shield Advanced for a specific Amazon Web Services resource.
CreateProtectionGroupResult	createProtectionGroup(CreateProtectionGroupRequest request) Creates a grouping of protected resources so they can be handled as a collective.
CreateSubscriptionResult	createSubscription(CreateSubscriptionRequest request) Activates Shield Advanced for an account.
DeleteProtectionResult	deleteProtection(DeleteProtectionRequest request) Deletes an Shield Advanced Protection.
DeleteProtectionGroupResult	deleteProtectionGroup(DeleteProtectionGroupRequest request) Removes the specified protection group.
DeleteSubscriptionResult	deleteSubscription(DeleteSubscriptionRequest request) Deprecated.
DescribeAttackResult	describeAttack(DescribeAttackRequest request) Describes the details of a DDoS attack.
DescribeAttackStatisticsResult	describeAttackStatistics(DescribeAttackStatisticsRequest request) Provides information about the number and type of attacks Shield has detected in the last year for all resources that belong to your account, regardless of whether you've defined Shield protections for them.
DescribeDRTAccessResult	describeDRTAccess(DescribeDRTAccessRequest request) Returns the current role and list of Amazon S3 log buckets used by the Shield Response Team (SRT) to access your Amazon Web Services account while assisting with attack mitigation.
DescribeEmergencyContactSettingsResult	describeEmergencyContactSettings(DescribeEmergencyContactSettingsRequest request) A list of email addresses and phone numbers that the Shield Response Team (SRT) can use to contact you if you have proactive engagement enabled, for escalations to the SRT and to initiate proactive customer support.
DescribeProtectionResult	describeProtection(DescribeProtectionRequest request) Lists the details of a Protection object.
DescribeProtectionGroupResult	describeProtectionGroup(DescribeProtectionGroupRequest request) Returns the specification for the specified protection group.
DescribeSubscriptionResult	describeSubscription(DescribeSubscriptionRequest request) Provides details about the Shield Advanced subscription for an account.
DisableProactiveEngagementResult	disableProactiveEngagement(DisableProactiveEngagementRequest request) Removes authorization from the Shield Response Team (SRT) to notify contacts about escalations to the SRT and to initiate proactive customer support.
DisassociateDRTLogBucketResult	disassociateDRTLogBucket(DisassociateDRTLogBucketRequest request) Removes the Shield Response Team's (SRT) access to the specified Amazon S3 bucket containing the logs that you shared previously.
DisassociateDRTRoleResult	disassociateDRTRole(DisassociateDRTRoleRequest request) Removes the Shield Response Team's (SRT) access to your Amazon Web Services account.
DisassociateHealthCheckResult	disassociateHealthCheck(DisassociateHealthCheckRequest request) Removes health-based detection from the Shield Advanced protection for a resource.
EnableProactiveEngagementResult	enableProactiveEngagement(EnableProactiveEngagementRequest request) Authorizes the Shield Response Team (SRT) to use email and phone to notify contacts about escalations to the SRT and to initiate proactive customer support.
ResponseMetadata	getCachedResponseMetadata(AmazonWebServiceRequest request) Returns additional metadata for a previously executed successful, request, typically used for debugging issues where a service isn't acting as expected.
GetSubscriptionStateResult	getSubscriptionState(GetSubscriptionStateRequest request) Returns the SubscriptionState, either Active or Inactive.
ListAttacksResult	listAttacks(ListAttacksRequest request) Returns all ongoing DDoS attacks or all DDoS attacks during a specified time period.
ListProtectionGroupsResult	listProtectionGroups(ListProtectionGroupsRequest request) Retrieves the ProtectionGroup objects for the account.
ListProtectionsResult	listProtections(ListProtectionsRequest request) Lists all Protection objects for the account.
ListResourcesInProtectionGroupResult	listResourcesInProtectionGroup(ListResourcesInProtectionGroupRequest request) Retrieves the resources that are included in the protection group.
ListTagsForResourceResult	listTagsForResource(ListTagsForResourceRequest request) Gets information about Amazon Web Services tags for a specified Amazon Resource Name (ARN) in Shield.
void	shutdown() Shuts down this client object, releasing any resources that might be held open.
TagResourceResult	tagResource(TagResourceRequest request) Adds or updates tags for a resource in Shield.
UntagResourceResult	untagResource(UntagResourceRequest request) Removes tags from a resource in Shield.
UpdateEmergencyContactSettingsResult	updateEmergencyContactSettings(UpdateEmergencyContactSettingsRequest request) Updates the details of the list of email addresses and phone numbers that the Shield Response Team (SRT) can use to contact you if you have proactive engagement enabled, for escalations to the SRT and to initiate proactive customer support.
UpdateProtectionGroupResult	updateProtectionGroup(UpdateProtectionGroupRequest request) Updates an existing protection group.
UpdateSubscriptionResult	updateSubscription(UpdateSubscriptionRequest request) Updates the details of an existing subscription.

Methods inherited from class com.amazonaws.AmazonWebServiceClient

addRequestHandler, addRequestHandler, configureRegion, getClientConfiguration, getEndpointPrefix, getMonitoringListeners, getRequestMetricsCollector, getServiceName, getSignerByURI, getSignerOverride, getSignerRegionOverride, getTimeOffset, makeImmutable, removeRequestHandler, removeRequestHandler, setEndpoint, setEndpoint, setRegion, setServiceNameIntern, setSignerRegionOverride, setTimeOffset, withEndpoint, withRegion, withRegion, withTimeOffset

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.amazonaws.services.shield.AWSShield

setEndpoint, setRegion

Constructor Detail

AWSShieldClient

@Deprecated
public AWSShieldClient()

Deprecated. use AWSShieldClientBuilder.defaultClient()

Constructs a new client to invoke service methods on AWS Shield. A credentials provider chain will be used that searches for credentials in this order:

• Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY
• Java System Properties - aws.accessKeyId and aws.secretKey
• Instance profile credentials delivered through the Amazon EC2 metadata service

All service calls made using this new client object are blocking, and will not return until the service call completes.

See Also:

DefaultAWSCredentialsProviderChain

AWSShieldClient

@Deprecated
public AWSShieldClient(ClientConfiguration clientConfiguration)

Deprecated. use AwsClientBuilder.withClientConfiguration(ClientConfiguration)

Constructs a new client to invoke service methods on AWS Shield. A credentials provider chain will be used that searches for credentials in this order:

• Environment Variables - AWS_ACCESS_KEY_ID and AWS_SECRET_KEY
• Java System Properties - aws.accessKeyId and aws.secretKey
• Instance profile credentials delivered through the Amazon EC2 metadata service

All service calls made using this new client object are blocking, and will not return until the service call completes.

Parameters:

clientConfiguration - The client configuration options controlling how this client connects to AWS Shield (ex: proxy settings, retry counts, etc.).

See Also:

DefaultAWSCredentialsProviderChain

AWSShieldClient

@Deprecated
public AWSShieldClient(AWSCredentials awsCredentials)

Deprecated. use AwsClientBuilder.withCredentials(AWSCredentialsProvider) for example: AWSShieldClientBuilder.standard().withCredentials(new AWSStaticCredentialsProvider(awsCredentials)).build();

Constructs a new client to invoke service methods on AWS Shield using the specified AWS account credentials.

All service calls made using this new client object are blocking, and will not return until the service call completes.

Parameters:

awsCredentials - The AWS credentials (access key ID and secret key) to use when authenticating with AWS services.

AWSShieldClient

@Deprecated
public AWSShieldClient(AWSCredentials awsCredentials,
                                   ClientConfiguration clientConfiguration)

Deprecated. use AwsClientBuilder.withCredentials(AWSCredentialsProvider) and AwsClientBuilder.withClientConfiguration(ClientConfiguration)

Constructs a new client to invoke service methods on AWS Shield using the specified AWS account credentials and client configuration options.

All service calls made using this new client object are blocking, and will not return until the service call completes.

Parameters:

awsCredentials - The AWS credentials (access key ID and secret key) to use when authenticating with AWS services.

clientConfiguration - The client configuration options controlling how this client connects to AWS Shield (ex: proxy settings, retry counts, etc.).

AWSShieldClient

@Deprecated
public AWSShieldClient(AWSCredentialsProvider awsCredentialsProvider)

Deprecated. use AwsClientBuilder.withCredentials(AWSCredentialsProvider)

Constructs a new client to invoke service methods on AWS Shield using the specified AWS account credentials provider.

All service calls made using this new client object are blocking, and will not return until the service call completes.

Parameters:

awsCredentialsProvider - The AWS credentials provider which will provide credentials to authenticate requests with AWS services.

AWSShieldClient

@Deprecated
public AWSShieldClient(AWSCredentialsProvider awsCredentialsProvider,
                                   ClientConfiguration clientConfiguration)

Deprecated. use AwsClientBuilder.withCredentials(AWSCredentialsProvider) and AwsClientBuilder.withClientConfiguration(ClientConfiguration)

Constructs a new client to invoke service methods on AWS Shield using the specified AWS account credentials provider and client configuration options.

All service calls made using this new client object are blocking, and will not return until the service call completes.

Parameters:

awsCredentialsProvider - The AWS credentials provider which will provide credentials to authenticate requests with AWS services.

clientConfiguration - The client configuration options controlling how this client connects to AWS Shield (ex: proxy settings, retry counts, etc.).

AWSShieldClient

@Deprecated
public AWSShieldClient(AWSCredentialsProvider awsCredentialsProvider,
                                   ClientConfiguration clientConfiguration,
                                   RequestMetricCollector requestMetricCollector)

Deprecated. use AwsClientBuilder.withCredentials(AWSCredentialsProvider) and AwsClientBuilder.withClientConfiguration(ClientConfiguration) and AwsClientBuilder.withMetricsCollector(RequestMetricCollector)

Constructs a new client to invoke service methods on AWS Shield using the specified AWS account credentials provider, client configuration options, and request metric collector.

All service calls made using this new client object are blocking, and will not return until the service call completes.

Parameters:

awsCredentialsProvider - The AWS credentials provider which will provide credentials to authenticate requests with AWS services.

clientConfiguration - The client configuration options controlling how this client connects to AWS Shield (ex: proxy settings, retry counts, etc.).

requestMetricCollector - optional request metric collector

Method Detail

builder

public static AWSShieldClientBuilder builder()

associateDRTLogBucket

public AssociateDRTLogBucketResult associateDRTLogBucket(AssociateDRTLogBucketRequest request)

Authorizes the Shield Response Team (SRT) to access the specified Amazon S3 bucket containing log data such as Application Load Balancer access logs, CloudFront logs, or logs from third party sources. You can associate up to 10 Amazon S3 buckets with your subscription.

To use the services of the SRT and make an AssociateDRTLogBucket request, you must be subscribed to the Business Support plan or the Enterprise Support plan.

Specified by:

associateDRTLogBucket in interface AWSShield

Parameters:

associateDRTLogBucketRequest -

Returns:

Result of the AssociateDRTLogBucket operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

InvalidOperationException - Exception that indicates that the operation would not cause any change to occur.

NoAssociatedRoleException - The ARN of the role that you specifed does not exist.

LimitsExceededException - Exception that indicates that the operation would exceed a limit.

InvalidParameterException - Exception that indicates that the parameters passed to the API are invalid. If available, this exception includes details in additional properties.

AccessDeniedForDependencyException - In order to grant the necessary access to the Shield Response Team (SRT) the user submitting the request must have the iam:PassRole permission. This error indicates the user did not have the appropriate permissions. For more information, see Granting a User Permissions to Pass a Role to an Amazon Web Services Service.

OptimisticLockException - Exception that indicates that the resource state has been modified by another client. Retrieve the resource and then retry your request.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

See Also:

AWS API Documentation

associateDRTRole

public AssociateDRTRoleResult associateDRTRole(AssociateDRTRoleRequest request)

Authorizes the Shield Response Team (SRT) using the specified role, to access your Amazon Web Services account to assist with DDoS attack mitigation during potential attacks. This enables the SRT to inspect your WAF configuration and create or update WAF rules and web ACLs.

You can associate only one RoleArn with your subscription. If you submit an AssociateDRTRole request for an account that already has an associated role, the new RoleArn will replace the existing RoleArn.

Prior to making the AssociateDRTRole request, you must attach the AWSShieldDRTAccessPolicy managed policy to the role you will specify in the request. For more information see Attaching and Detaching IAM Policies. The role must also trust the service principal drt.shield.amazonaws.com . For more information, see IAM JSON Policy Elements: Principal.

The SRT will have access only to your WAF and Shield resources. By submitting this request, you authorize the SRT to inspect your WAF and Shield configuration and create and update WAF rules and web ACLs on your behalf. The SRT takes these actions only if explicitly authorized by you.

You must have the iam:PassRole permission to make an AssociateDRTRole request. For more information, see Granting a User Permissions to Pass a Role to an Amazon Web Services Service.

To use the services of the SRT and make an AssociateDRTRole request, you must be subscribed to the Business Support plan or the Enterprise Support plan.

Specified by:

associateDRTRole in interface AWSShield

Parameters:

associateDRTRoleRequest -

Returns:

Result of the AssociateDRTRole operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

InvalidOperationException - Exception that indicates that the operation would not cause any change to occur.

InvalidParameterException - Exception that indicates that the parameters passed to the API are invalid. If available, this exception includes details in additional properties.

AccessDeniedForDependencyException - In order to grant the necessary access to the Shield Response Team (SRT) the user submitting the request must have the iam:PassRole permission. This error indicates the user did not have the appropriate permissions. For more information, see Granting a User Permissions to Pass a Role to an Amazon Web Services Service.

OptimisticLockException - Exception that indicates that the resource state has been modified by another client. Retrieve the resource and then retry your request.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

See Also:

AWS API Documentation

associateHealthCheck

public AssociateHealthCheckResult associateHealthCheck(AssociateHealthCheckRequest request)

Adds health-based detection to the Shield Advanced protection for a resource. Shield Advanced health-based detection uses the health of your Amazon Web Services resource to improve responsiveness and accuracy in attack detection and mitigation.

You define the health check in Route 53 and then associate it with your Shield Advanced protection. For more information, see Shield Advanced Health-Based Detection in the WAF Developer Guide.

Specified by:

associateHealthCheck in interface AWSShield

Parameters:

associateHealthCheckRequest -

Returns:

Result of the AssociateHealthCheck operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

LimitsExceededException - Exception that indicates that the operation would exceed a limit.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

InvalidParameterException - Exception that indicates that the parameters passed to the API are invalid. If available, this exception includes details in additional properties.

OptimisticLockException - Exception that indicates that the resource state has been modified by another client. Retrieve the resource and then retry your request.

See Also:

AWS API Documentation

associateProactiveEngagementDetails

public AssociateProactiveEngagementDetailsResult associateProactiveEngagementDetails(AssociateProactiveEngagementDetailsRequest request)

Initializes proactive engagement and sets the list of contacts for the Shield Response Team (SRT) to use. You must provide at least one phone number in the emergency contact list.

After you have initialized proactive engagement using this call, to disable or enable proactive engagement, use the calls DisableProactiveEngagement and EnableProactiveEngagement.

This call defines the list of email addresses and phone numbers that the SRT can use to contact you for escalations to the SRT and to initiate proactive customer support.

The contacts that you provide in the request replace any contacts that were already defined. If you already have contacts defined and want to use them, retrieve the list using DescribeEmergencyContactSettings and then provide it to this call.

Specified by:

associateProactiveEngagementDetails in interface AWSShield

Parameters:

associateProactiveEngagementDetailsRequest -

Returns:

Result of the AssociateProactiveEngagementDetails operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

InvalidOperationException - Exception that indicates that the operation would not cause any change to occur.

InvalidParameterException - Exception that indicates that the parameters passed to the API are invalid. If available, this exception includes details in additional properties.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

OptimisticLockException - Exception that indicates that the resource state has been modified by another client. Retrieve the resource and then retry your request.

See Also:

AWS API Documentation

createProtection

public CreateProtectionResult createProtection(CreateProtectionRequest request)

Enables Shield Advanced for a specific Amazon Web Services resource. The resource can be an Amazon CloudFront distribution, Elastic Load Balancing load balancer, Global Accelerator accelerator, Elastic IP Address, or an Amazon Route 53 hosted zone.

You can add protection to only a single resource with each CreateProtection request. If you want to add protection to multiple resources at once, use the WAF console. For more information see Getting Started with Shield Advanced and Add Shield Advanced Protection to more Amazon Web Services Resources.

Specified by:

createProtection in interface AWSShield

Parameters:

createProtectionRequest -

Returns:

Result of the CreateProtection operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

InvalidResourceException - Exception that indicates that the resource is invalid. You might not have access to the resource, or the resource might not exist.

InvalidOperationException - Exception that indicates that the operation would not cause any change to occur.

LimitsExceededException - Exception that indicates that the operation would exceed a limit.

ResourceAlreadyExistsException - Exception indicating the specified resource already exists. If available, this exception includes details in additional properties.

OptimisticLockException - Exception that indicates that the resource state has been modified by another client. Retrieve the resource and then retry your request.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

InvalidParameterException - Exception that indicates that the parameters passed to the API are invalid. If available, this exception includes details in additional properties.

See Also:

AWS API Documentation

createProtectionGroup

public CreateProtectionGroupResult createProtectionGroup(CreateProtectionGroupRequest request)

Creates a grouping of protected resources so they can be handled as a collective. This resource grouping improves the accuracy of detection and reduces false positives.

Specified by:

createProtectionGroup in interface AWSShield

Parameters:

createProtectionGroupRequest -

Returns:

Result of the CreateProtectionGroup operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

ResourceAlreadyExistsException - Exception indicating the specified resource already exists. If available, this exception includes details in additional properties.

OptimisticLockException - Exception that indicates that the resource state has been modified by another client. Retrieve the resource and then retry your request.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

InvalidParameterException - Exception that indicates that the parameters passed to the API are invalid. If available, this exception includes details in additional properties.

LimitsExceededException - Exception that indicates that the operation would exceed a limit.

See Also:

AWS API Documentation

createSubscription

public CreateSubscriptionResult createSubscription(CreateSubscriptionRequest request)

Activates Shield Advanced for an account.

When you initally create a subscription, your subscription is set to be automatically renewed at the end of the existing subscription period. You can change this by submitting an UpdateSubscription request.

Specified by:

createSubscription in interface AWSShield

Parameters:

createSubscriptionRequest -

Returns:

Result of the CreateSubscription operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

ResourceAlreadyExistsException - Exception indicating the specified resource already exists. If available, this exception includes details in additional properties.

See Also:

AWS API Documentation

deleteProtection

public DeleteProtectionResult deleteProtection(DeleteProtectionRequest request)

Deletes an Shield Advanced Protection.

Specified by:

deleteProtection in interface AWSShield

Parameters:

deleteProtectionRequest -

Returns:

Result of the DeleteProtection operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

OptimisticLockException - Exception that indicates that the resource state has been modified by another client. Retrieve the resource and then retry your request.

See Also:

AWS API Documentation

deleteProtectionGroup

public DeleteProtectionGroupResult deleteProtectionGroup(DeleteProtectionGroupRequest request)

Removes the specified protection group.

Specified by:

deleteProtectionGroup in interface AWSShield

Parameters:

deleteProtectionGroupRequest -

Returns:

Result of the DeleteProtectionGroup operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

OptimisticLockException - Exception that indicates that the resource state has been modified by another client. Retrieve the resource and then retry your request.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

See Also:

AWS API Documentation

deleteSubscription

@Deprecated
public DeleteSubscriptionResult deleteSubscription(DeleteSubscriptionRequest request)

Deprecated.

Removes Shield Advanced from an account. Shield Advanced requires a 1-year subscription commitment. You cannot delete a subscription prior to the completion of that commitment.

Specified by:

deleteSubscription in interface AWSShield

Parameters:

deleteSubscriptionRequest -

Returns:

Result of the DeleteSubscription operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

LockedSubscriptionException - You are trying to update a subscription that has not yet completed the 1-year commitment. You can change the AutoRenew parameter during the last 30 days of your subscription. This exception indicates that you are attempting to change AutoRenew prior to that period.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

See Also:

AWS API Documentation

describeAttack

public DescribeAttackResult describeAttack(DescribeAttackRequest request)

Describes the details of a DDoS attack.

Specified by:

describeAttack in interface AWSShield

Parameters:

describeAttackRequest -

Returns:

Result of the DescribeAttack operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

AccessDeniedException - Exception that indicates the specified AttackId does not exist, or the requester does not have the appropriate permissions to access the AttackId.

See Also:

AWS API Documentation

describeAttackStatistics

public DescribeAttackStatisticsResult describeAttackStatistics(DescribeAttackStatisticsRequest request)

Provides information about the number and type of attacks Shield has detected in the last year for all resources that belong to your account, regardless of whether you've defined Shield protections for them. This operation is available to Shield customers as well as to Shield Advanced customers.

The operation returns data for the time range of midnight UTC, one year ago, to midnight UTC, today. For example, if the current time is 2020-10-26 15:39:32 PDT, equal to 2020-10-26 22:39:32 UTC, then the time range for the attack data returned is from 2019-10-26 00:00:00 UTC to 2020-10-26 00:00:00 UTC.

The time range indicates the period covered by the attack statistics data items.

Specified by:

describeAttackStatistics in interface AWSShield

Parameters:

describeAttackStatisticsRequest -

Returns:

Result of the DescribeAttackStatistics operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

See Also:

AWS API Documentation

describeDRTAccess

public DescribeDRTAccessResult describeDRTAccess(DescribeDRTAccessRequest request)

Returns the current role and list of Amazon S3 log buckets used by the Shield Response Team (SRT) to access your Amazon Web Services account while assisting with attack mitigation.

Specified by:

describeDRTAccess in interface AWSShield

Parameters:

describeDRTAccessRequest -

Returns:

Result of the DescribeDRTAccess operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

See Also:

AWS API Documentation

describeEmergencyContactSettings

public DescribeEmergencyContactSettingsResult describeEmergencyContactSettings(DescribeEmergencyContactSettingsRequest request)

A list of email addresses and phone numbers that the Shield Response Team (SRT) can use to contact you if you have proactive engagement enabled, for escalations to the SRT and to initiate proactive customer support.

Specified by:

describeEmergencyContactSettings in interface AWSShield

Parameters:

describeEmergencyContactSettingsRequest -

Returns:

Result of the DescribeEmergencyContactSettings operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

See Also:

AWS API Documentation

describeProtection

public DescribeProtectionResult describeProtection(DescribeProtectionRequest request)

Lists the details of a Protection object.

Specified by:

describeProtection in interface AWSShield

Parameters:

describeProtectionRequest -

Returns:

Result of the DescribeProtection operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

InvalidParameterException - Exception that indicates that the parameters passed to the API are invalid. If available, this exception includes details in additional properties.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

See Also:

AWS API Documentation

describeProtectionGroup

public DescribeProtectionGroupResult describeProtectionGroup(DescribeProtectionGroupRequest request)

Returns the specification for the specified protection group.

Specified by:

describeProtectionGroup in interface AWSShield

Parameters:

describeProtectionGroupRequest -

Returns:

Result of the DescribeProtectionGroup operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

See Also:

AWS API Documentation

describeSubscription

public DescribeSubscriptionResult describeSubscription(DescribeSubscriptionRequest request)

Provides details about the Shield Advanced subscription for an account.

Specified by:

describeSubscription in interface AWSShield

Parameters:

describeSubscriptionRequest -

Returns:

Result of the DescribeSubscription operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

See Also:

AWS API Documentation

disableProactiveEngagement

public DisableProactiveEngagementResult disableProactiveEngagement(DisableProactiveEngagementRequest request)

Removes authorization from the Shield Response Team (SRT) to notify contacts about escalations to the SRT and to initiate proactive customer support.

Specified by:

disableProactiveEngagement in interface AWSShield

Parameters:

disableProactiveEngagementRequest -

Returns:

Result of the DisableProactiveEngagement operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

InvalidOperationException - Exception that indicates that the operation would not cause any change to occur.

InvalidParameterException - Exception that indicates that the parameters passed to the API are invalid. If available, this exception includes details in additional properties.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

OptimisticLockException - Exception that indicates that the resource state has been modified by another client. Retrieve the resource and then retry your request.

See Also:

AWS API Documentation

disassociateDRTLogBucket

public DisassociateDRTLogBucketResult disassociateDRTLogBucket(DisassociateDRTLogBucketRequest request)

Removes the Shield Response Team's (SRT) access to the specified Amazon S3 bucket containing the logs that you shared previously.

To make a DisassociateDRTLogBucket request, you must be subscribed to the Business Support plan or the Enterprise Support plan. However, if you are not subscribed to one of these support plans, but had been previously and had granted the SRT access to your account, you can submit a DisassociateDRTLogBucket request to remove this access.

Specified by:

disassociateDRTLogBucket in interface AWSShield

Parameters:

disassociateDRTLogBucketRequest -

Returns:

Result of the DisassociateDRTLogBucket operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

InvalidOperationException - Exception that indicates that the operation would not cause any change to occur.

NoAssociatedRoleException - The ARN of the role that you specifed does not exist.

AccessDeniedForDependencyException - In order to grant the necessary access to the Shield Response Team (SRT) the user submitting the request must have the iam:PassRole permission. This error indicates the user did not have the appropriate permissions. For more information, see Granting a User Permissions to Pass a Role to an Amazon Web Services Service.

OptimisticLockException - Exception that indicates that the resource state has been modified by another client. Retrieve the resource and then retry your request.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

See Also:

AWS API Documentation

disassociateDRTRole

public DisassociateDRTRoleResult disassociateDRTRole(DisassociateDRTRoleRequest request)

Removes the Shield Response Team's (SRT) access to your Amazon Web Services account.

To make a DisassociateDRTRole request, you must be subscribed to the Business Support plan or the Enterprise Support plan. However, if you are not subscribed to one of these support plans, but had been previously and had granted the SRT access to your account, you can submit a DisassociateDRTRole request to remove this access.

Specified by:

disassociateDRTRole in interface AWSShield

Parameters:

disassociateDRTRoleRequest -

Returns:

Result of the DisassociateDRTRole operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

InvalidOperationException - Exception that indicates that the operation would not cause any change to occur.

OptimisticLockException - Exception that indicates that the resource state has been modified by another client. Retrieve the resource and then retry your request.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

See Also:

AWS API Documentation

disassociateHealthCheck

public DisassociateHealthCheckResult disassociateHealthCheck(DisassociateHealthCheckRequest request)

Removes health-based detection from the Shield Advanced protection for a resource. Shield Advanced health-based detection uses the health of your Amazon Web Services resource to improve responsiveness and accuracy in attack detection and mitigation.

You define the health check in Route 53 and then associate or disassociate it with your Shield Advanced protection. For more information, see Shield Advanced Health-Based Detection in the WAF Developer Guide.

Specified by:

disassociateHealthCheck in interface AWSShield

Parameters:

disassociateHealthCheckRequest -

Returns:

Result of the DisassociateHealthCheck operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

InvalidParameterException - Exception that indicates that the parameters passed to the API are invalid. If available, this exception includes details in additional properties.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

OptimisticLockException - Exception that indicates that the resource state has been modified by another client. Retrieve the resource and then retry your request.

See Also:

AWS API Documentation

enableProactiveEngagement

public EnableProactiveEngagementResult enableProactiveEngagement(EnableProactiveEngagementRequest request)

Authorizes the Shield Response Team (SRT) to use email and phone to notify contacts about escalations to the SRT and to initiate proactive customer support.

Specified by:

enableProactiveEngagement in interface AWSShield

Parameters:

enableProactiveEngagementRequest -

Returns:

Result of the EnableProactiveEngagement operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

InvalidOperationException - Exception that indicates that the operation would not cause any change to occur.

InvalidParameterException - Exception that indicates that the parameters passed to the API are invalid. If available, this exception includes details in additional properties.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

OptimisticLockException - Exception that indicates that the resource state has been modified by another client. Retrieve the resource and then retry your request.

See Also:

AWS API Documentation

getSubscriptionState

public GetSubscriptionStateResult getSubscriptionState(GetSubscriptionStateRequest request)

Returns the SubscriptionState, either Active or Inactive.

Specified by:

getSubscriptionState in interface AWSShield

Parameters:

getSubscriptionStateRequest -

Returns:

Result of the GetSubscriptionState operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

See Also:

AWS API Documentation

listAttacks

public ListAttacksResult listAttacks(ListAttacksRequest request)

Returns all ongoing DDoS attacks or all DDoS attacks during a specified time period.

Specified by:

listAttacks in interface AWSShield

Parameters:

listAttacksRequest -

Returns:

Result of the ListAttacks operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

InvalidParameterException - Exception that indicates that the parameters passed to the API are invalid. If available, this exception includes details in additional properties.

InvalidOperationException - Exception that indicates that the operation would not cause any change to occur.

See Also:

AWS API Documentation

listProtectionGroups

public ListProtectionGroupsResult listProtectionGroups(ListProtectionGroupsRequest request)

Retrieves the ProtectionGroup objects for the account.

Specified by:

listProtectionGroups in interface AWSShield

Parameters:

listProtectionGroupsRequest -

Returns:

Result of the ListProtectionGroups operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

InvalidPaginationTokenException - Exception that indicates that the NextToken specified in the request is invalid. Submit the request using the NextToken value that was returned in the response.

See Also:

AWS API Documentation

listProtections

public ListProtectionsResult listProtections(ListProtectionsRequest request)

Lists all Protection objects for the account.

Specified by:

listProtections in interface AWSShield

Parameters:

listProtectionsRequest -

Returns:

Result of the ListProtections operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

InvalidPaginationTokenException - Exception that indicates that the NextToken specified in the request is invalid. Submit the request using the NextToken value that was returned in the response.

See Also:

AWS API Documentation

listResourcesInProtectionGroup

public ListResourcesInProtectionGroupResult listResourcesInProtectionGroup(ListResourcesInProtectionGroupRequest request)

Retrieves the resources that are included in the protection group.

Specified by:

listResourcesInProtectionGroup in interface AWSShield

Parameters:

listResourcesInProtectionGroupRequest -

Returns:

Result of the ListResourcesInProtectionGroup operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

InvalidPaginationTokenException - Exception that indicates that the NextToken specified in the request is invalid. Submit the request using the NextToken value that was returned in the response.

See Also:

AWS API Documentation

listTagsForResource

public ListTagsForResourceResult listTagsForResource(ListTagsForResourceRequest request)

Gets information about Amazon Web Services tags for a specified Amazon Resource Name (ARN) in Shield.

Specified by:

listTagsForResource in interface AWSShield

Parameters:

listTagsForResourceRequest -

Returns:

Result of the ListTagsForResource operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

InvalidResourceException - Exception that indicates that the resource is invalid. You might not have access to the resource, or the resource might not exist.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

See Also:

AWS API Documentation

tagResource

public TagResourceResult tagResource(TagResourceRequest request)

Adds or updates tags for a resource in Shield.

Specified by:

tagResource in interface AWSShield

Parameters:

tagResourceRequest -

Returns:

Result of the TagResource operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

InvalidResourceException - Exception that indicates that the resource is invalid. You might not have access to the resource, or the resource might not exist.

InvalidParameterException - Exception that indicates that the parameters passed to the API are invalid. If available, this exception includes details in additional properties.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

See Also:

AWS API Documentation

untagResource

public UntagResourceResult untagResource(UntagResourceRequest request)

Removes tags from a resource in Shield.

Specified by:

untagResource in interface AWSShield

Parameters:

untagResourceRequest -

Returns:

Result of the UntagResource operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

InvalidResourceException - Exception that indicates that the resource is invalid. You might not have access to the resource, or the resource might not exist.

InvalidParameterException - Exception that indicates that the parameters passed to the API are invalid. If available, this exception includes details in additional properties.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

See Also:

AWS API Documentation

updateEmergencyContactSettings

public UpdateEmergencyContactSettingsResult updateEmergencyContactSettings(UpdateEmergencyContactSettingsRequest request)

Updates the details of the list of email addresses and phone numbers that the Shield Response Team (SRT) can use to contact you if you have proactive engagement enabled, for escalations to the SRT and to initiate proactive customer support.

Specified by:

updateEmergencyContactSettings in interface AWSShield

Parameters:

updateEmergencyContactSettingsRequest -

Returns:

Result of the UpdateEmergencyContactSettings operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

InvalidParameterException - Exception that indicates that the parameters passed to the API are invalid. If available, this exception includes details in additional properties.

OptimisticLockException - Exception that indicates that the resource state has been modified by another client. Retrieve the resource and then retry your request.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

See Also:

AWS API Documentation

updateProtectionGroup

public UpdateProtectionGroupResult updateProtectionGroup(UpdateProtectionGroupRequest request)

Updates an existing protection group. A protection group is a grouping of protected resources so they can be handled as a collective. This resource grouping improves the accuracy of detection and reduces false positives.

Specified by:

updateProtectionGroup in interface AWSShield

Parameters:

updateProtectionGroupRequest -

Returns:

Result of the UpdateProtectionGroup operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

OptimisticLockException - Exception that indicates that the resource state has been modified by another client. Retrieve the resource and then retry your request.

InvalidParameterException - Exception that indicates that the parameters passed to the API are invalid. If available, this exception includes details in additional properties.

See Also:

AWS API Documentation

updateSubscription

public UpdateSubscriptionResult updateSubscription(UpdateSubscriptionRequest request)

Updates the details of an existing subscription. Only enter values for parameters you want to change. Empty parameters are not updated.

Specified by:

updateSubscription in interface AWSShield

Parameters:

updateSubscriptionRequest -

Returns:

Result of the UpdateSubscription operation returned by the service.

Throws:

InternalErrorException - Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

LockedSubscriptionException - You are trying to update a subscription that has not yet completed the 1-year commitment. You can change the AutoRenew parameter during the last 30 days of your subscription. This exception indicates that you are attempting to change AutoRenew prior to that period.

ResourceNotFoundException - Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

InvalidParameterException - Exception that indicates that the parameters passed to the API are invalid. If available, this exception includes details in additional properties.

OptimisticLockException - Exception that indicates that the resource state has been modified by another client. Retrieve the resource and then retry your request.

See Also:

AWS API Documentation

getCachedResponseMetadata

public ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request)

Returns additional metadata for a previously executed successful, request, typically used for debugging issues where a service isn't acting as expected. This data isn't considered part of the result data returned by an operation, so it's available through this separate, diagnostic interface.

Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic information for an executed request, you should use this method to retrieve it as soon as possible after executing the request.

Specified by:

getCachedResponseMetadata in interface AWSShield

Parameters:

request - The originally executed request

Returns:

The response metadata for the specified request, or null if none is available.

shutdown

public void shutdown()

Description copied from class: AmazonWebServiceClient

Shuts down this client object, releasing any resources that might be held open. If this method is not invoked, resources may be leaked. Once a client has been shutdown, it should not be used to make any more requests.

Specified by:

shutdown in interface AWSShield

Overrides:

shutdown in class AmazonWebServiceClient