{"id":20475970,"url":"https://github.com/aws-ia/terraform-aws-shield-advanced","last_synced_at":"2025-09-25T01:30:56.143Z","repository":{"id":196932740,"uuid":"678897157","full_name":"aws-ia/terraform-aws-shield-advanced","owner":"aws-ia","description":"Configure and deploy Amazon Shield Advanced","archived":false,"fork":false,"pushed_at":"2023-09-09T00:52:50.000Z","size":116,"stargazers_count":6,"open_issues_count":1,"forks_count":3,"subscribers_count":5,"default_branch":"main","last_synced_at":"2024-12-31T21:34:50.056Z","etag":null,"topics":["aws","aws-security","aws-shield","aws-shield-advanced","protection","security","security-tools","shield","shield-advanced"],"latest_commit_sha":null,"homepage":"https://registry.terraform.io/modules/aws-ia/shield-advanced/aws/latest","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aws-ia.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null}},"created_at":"2023-08-15T16:27:31.000Z","updated_at":"2024-07-06T13:35:38.000Z","dependencies_parsed_at":null,"dependency_job_id":"8cb87aa9-18f1-4e1a-a0cb-ba3cf418fcdc","html_url":"https://github.com/aws-ia/terraform-aws-shield-advanced","commit_stats":null,"previous_names":["aws-ia/terraform-aws-shield-advanced"],"tags_count":1,"template":false,"template_full_name":"aws-ia/terraform-repo-template","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws-ia%2Fterraform-aws-shield-advanced","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws-ia%2Fterraform-aws-shield-advanced/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws-ia%2Fterraform-aws-shield-advanced/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aws-ia%2Fterraform-aws-shield-advanced/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aws-ia","download_url":"https://codeload.github.com/aws-ia/terraform-aws-shield-advanced/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234143351,"owners_count":18786140,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-security","aws-shield","aws-shield-advanced","protection","security","security-tools","shield","shield-advanced"],"created_at":"2024-11-15T15:17:43.433Z","updated_at":"2025-09-25T01:30:55.814Z","avatar_url":"https://github.com/aws-ia.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Terraform Module for AWS Shield Advanced\n\nTerraform module that creates AWS Shield Advanced Resources\n\n- [Terraform Module for AWS Shield Advanced](#terraform-module-for-aws-shield-advanced)\n  - [Usage](#usage)\n  - [Overview Diagrams](#overview-diagrams)\n  - [Terraform Module](#terraform-module)\n    - [Requirements](#requirements)\n    - [Providers](#providers)\n    - [Modules](#modules)\n    - [Resources](#resources)\n    - [Inputs](#inputs)\n    - [Outputs](#outputs)\n\n## Usage\n\n```hcl\nmodule \"shield_advanced\" {\n  source = \"aws-ia/terraform-aws-shield-advanced/aws\"\n\n  name         = \"Example protection\"\n  resource_arn = \"${local.arn_prefix}/${aws_eip.example.id}\"\n\n  protection_group_config = [\n    {\n      id          = \"Arbitrary Resource\"\n      aggregation = \"MEAN\"\n      pattern     = \"ARBITRARY\"\n      members     = \"${local.arn_prefix}/${aws_eip.example.id}\"\n    },\n    {\n      id          = \"All Resources\"\n      aggregation = \"MEAN\"\n      pattern     = \"ALL\"\n    },\n    {\n      id            = \"CloudFront Resource\"\n      aggregation   = \"SUM\"\n      pattern       = \"BY_RESOURCE_TYPE\"\n      resource_type = \"CLOUDFRONT_DISTRIBUTION\"\n    },\n    {\n      id            = \"Route53 Resource\"\n      aggregation   = \"MAX\"\n      pattern       = \"BY_RESOURCE_TYPE\"\n      resource_type = \"ROUTE_53_HOSTED_ZONE\"\n    },\n    {\n      id            = \"GlobalAccelerator Resource\"\n      aggregation   = \"SUM\"\n      pattern       = \"BY_RESOURCE_TYPE\"\n      resource_type = \"GLOBAL_ACCELERATOR\"\n    },\n    {\n      id            = \"ALB Resource\"\n      aggregation   = \"MEAN\"\n      pattern       = \"BY_RESOURCE_TYPE\"\n      resource_type = \"APPLICATION_LOAD_BALANCER\"\n    },\n    {\n      id            = \"CLB Resource\"\n      aggregation   = \"MEAN\"\n      pattern       = \"BY_RESOURCE_TYPE\"\n      resource_type = \"CLASSIC_LOAD_BALANCER\"\n    },\n    {\n      id            = \"ElasticIP Resource\"\n      aggregation   = \"SUM\"\n      pattern       = \"BY_RESOURCE_TYPE\"\n      resource_type = \"ELASTIC_IP_ALLOCATION\"\n    },\n  ]\n}\n```\n\n## Overview Diagrams\n\n![shield-diagram](./docs/Architectures-ShieldAdvanced.png)\n\n## Terraform Module\n\n### Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_terraform\"\u003e\u003c/a\u003e [terraform](#requirement\\_terraform) | \u003e= 1.0.0 |\n| \u003ca name=\"requirement_aws\"\u003e\u003c/a\u003e [aws](#requirement\\_aws) | \u003e= 4.47 |\n\n### Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_aws\"\u003e\u003c/a\u003e [aws](#provider\\_aws) | \u003e= 4.47 |\n\n### Modules\n\nNo modules.\n\n### Resources\n\n| Name | Type |\n|------|------|\n| [aws_route53_health_check.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/route53_health_check) | resource |\n| [aws_shield_protection.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/shield_protection) | resource |\n| [aws_shield_protection_group.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/shield_protection_group) | resource |\n| [aws_shield_protection_health_check_association.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/shield_protection_health_check_association) | resource |\n\n### Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_name\"\u003e\u003c/a\u003e [name](#input\\_name) | A friendly name for the Protection you are creating. | `string` | n/a | yes |\n| \u003ca name=\"input_protection_group_config\"\u003e\u003c/a\u003e [protection\\_group\\_config](#input\\_protection\\_group\\_config) | `id` - The name of the protection group, or protection\\_group\\_id\u003cbr\u003e  `aggregation` - Defines how AWS Shield combines resource data for the group in order to detect, mitigate, and report events.\u003cbr\u003e  `pattern` - The criteria to use to choose the protected resources for inclusion in the group.\u003cbr\u003e  `resource_type` - (Optional) The resource type to include in the protection group. You must set this only when you set pattern to `BY_RESOURCE_TYPE`. | \u003cpre\u003elist(object({\u003cbr\u003e    id            = string\u003cbr\u003e    aggregation   = string\u003cbr\u003e    pattern       = string\u003cbr\u003e    resource_type = optional(string)\u003cbr\u003e  }))\u003c/pre\u003e | n/a | yes |\n| \u003ca name=\"input_resource_arn\"\u003e\u003c/a\u003e [resource\\_arn](#input\\_resource\\_arn) | The ARN (Amazon Resource Name) of the resource to be protected. | `string` | n/a | yes |\n| \u003ca name=\"input_health_check_configuration\"\u003e\u003c/a\u003e [health\\_check\\_configuration](#input\\_health\\_check\\_configuration) | Amazon Route53 Health Check Configuration to be associated to AWS Shield Advanced Protection. | `map(any)` | `null` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | Key-value map of resource tags to apply to all taggable resources created by the module. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. Defaults to `{}`. | `map(string)` | `{}` | no |\n\n### Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_route53_health_check\"\u003e\u003c/a\u003e [route53\\_health\\_check](#output\\_route53\\_health\\_check) | Amazon Route53 Health Check Configuration. |\n| \u003ca name=\"output_shied_protection\"\u003e\u003c/a\u003e [shied\\_protection](#output\\_shied\\_protection) | AWS Shield Advanced Protection and assigned resources. |\n| \u003ca name=\"output_shied_protection_group\"\u003e\u003c/a\u003e [shied\\_protection\\_group](#output\\_shied\\_protection\\_group) | Group of protected resources to be collectivelly handled by AWS Shield Advanced. |\n| \u003ca name=\"output_shield_protection_health_check_association\"\u003e\u003c/a\u003e [shield\\_protection\\_health\\_check\\_association](#output\\_shield\\_protection\\_health\\_check\\_association) | Association between an Amazon Route53 Health Check and an AWS Shield Advanced protected resource. |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faws-ia%2Fterraform-aws-shield-advanced","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faws-ia%2Fterraform-aws-shield-advanced","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faws-ia%2Fterraform-aws-shield-advanced/lists"}