Module Smaws_Client_Shield

Shield client library built on EIO.

Types

type nonrec validation_exception_reason =
  1. | OTHER
  2. | FIELD_VALIDATION_FAILED
type nonrec validation_exception_field = {
  1. message : string;
    (*

    The message describing why the parameter failed validation.

    *)
  2. name : string;
    (*

    The name of the parameter that failed validation.

    *)
}

Provides information about a particular parameter passed inside a request that resulted in an exception.

type nonrec auto_renew =
  1. | DISABLED
  2. | ENABLED
type nonrec update_subscription_request = {
  1. auto_renew : auto_renew option;
    (*

    When you initally create a subscription, AutoRenew is set to ENABLED. If ENABLED, the subscription will be automatically renewed at the end of the existing subscription period. You can change this by submitting an UpdateSubscription request. If the UpdateSubscription request does not included a value for AutoRenew, the existing value for AutoRenew remains unchanged.

    *)
}
type nonrec resource_not_found_exception = {
  1. resource_type : string option;
    (*

    Type of resource.

    *)
  2. message : string option;
}

Exception indicating the specified resource does not exist. If available, this exception includes details in additional properties.

type nonrec optimistic_lock_exception = {
  1. message : string option;
}

Exception that indicates that the resource state has been modified by another client. Retrieve the resource and then retry your request.

type nonrec locked_subscription_exception = {
  1. message : string option;
}

You are trying to update a subscription that has not yet completed the 1-year commitment. You can change the AutoRenew parameter during the last 30 days of your subscription. This exception indicates that you are attempting to change AutoRenew prior to that period.

type nonrec invalid_parameter_exception = {
  1. fields : validation_exception_field list option;
    (*

    Fields that caused the exception.

    *)
  2. reason : validation_exception_reason option;
    (*

    Additional information about the exception.

    *)
  3. message : string option;
}

Exception that indicates that the parameters passed to the API are invalid. If available, this exception includes details in additional properties.

type nonrec internal_error_exception = {
  1. message : string option;
}

Exception that indicates that a problem occurred with the service infrastructure. You can retry the request.

type nonrec protection_group_aggregation =
  1. | MAX
  2. | MEAN
  3. | SUM
type nonrec protection_group_pattern =
  1. | BY_RESOURCE_TYPE
  2. | ARBITRARY
  3. | ALL
type nonrec protected_resource_type =
  1. | GLOBAL_ACCELERATOR
  2. | APPLICATION_LOAD_BALANCER
  3. | CLASSIC_LOAD_BALANCER
  4. | ELASTIC_IP_ALLOCATION
  5. | ROUTE_53_HOSTED_ZONE
  6. | CLOUDFRONT_DISTRIBUTION
type nonrec update_protection_group_request = {
  1. members : string list option;
    (*

    The Amazon Resource Names (ARNs) of the resources to include in the protection group. You must set this when you set Pattern to ARBITRARY and you must not set it for any other Pattern setting.

    *)
  2. resource_type : protected_resource_type option;
    (*

    The resource type to include in the protection group. All protected resources of this type are included in the protection group. You must set this when you set Pattern to BY_RESOURCE_TYPE and you must not set it for any other Pattern setting.

    *)
  3. pattern : protection_group_pattern;
    (*

    The criteria to use to choose the protected resources for inclusion in the group. You can include all resources that have protections, provide a list of resource Amazon Resource Names (ARNs), or include all resources of a specified resource type.

    *)
  4. aggregation : protection_group_aggregation;
    (*

    Defines how Shield combines resource data for the group in order to detect, mitigate, and report events.

    • Sum - Use the total traffic across the group. This is a good choice for most cases. Examples include Elastic IP addresses for EC2 instances that scale manually or automatically.
    • Mean - Use the average of the traffic across the group. This is a good choice for resources that share traffic uniformly. Examples include accelerators and load balancers.
    • Max - Use the highest traffic from each resource. This is useful for resources that don't share traffic and for resources that share that traffic in a non-uniform way. Examples include Amazon CloudFront distributions and origin resources for CloudFront distributions.
    *)
  5. protection_group_id : string;
    (*

    The name of the protection group. You use this to identify the protection group in lists and to manage the protection group, for example to update, delete, or describe it.

    *)
}
type nonrec emergency_contact = {
  1. contact_notes : string option;
    (*

    Additional notes regarding the contact.

    *)
  2. phone_number : string option;
    (*

    The phone number for the contact.

    *)
  3. email_address : string;
    (*

    The email address for the contact.

    *)
}

Contact information that the SRT can use to contact you if you have proactive engagement enabled, for escalations to the SRT and to initiate proactive customer support.

type nonrec update_emergency_contact_settings_request = {
  1. emergency_contact_list : emergency_contact list option;
    (*

    A list of email addresses and phone numbers that the Shield Response Team (SRT) can use to contact you if you have proactive engagement enabled, for escalations to the SRT and to initiate proactive customer support.

    If you have proactive engagement enabled, the contact list must include at least one phone number.

    *)
}
type nonrec response_action = {
  1. count : unit option;
    (*

    Specifies that Shield Advanced should configure its WAF rules with the WAF Count action.

    You must specify exactly one action, either Block or Count.

    *)
  2. block : unit option;
    (*

    Specifies that Shield Advanced should configure its WAF rules with the WAF Block action.

    You must specify exactly one action, either Block or Count.

    *)
}

Specifies the action setting that Shield Advanced should use in the WAF rules that it creates on behalf of the protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource.

type nonrec update_application_layer_automatic_response_request = {
  1. action : response_action;
    (*

    Specifies the action setting that Shield Advanced should use in the WAF rules that it creates on behalf of the protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource.

    *)
  2. resource_arn : string;
    (*

    The ARN (Amazon Resource Name) of the resource.

    *)
}
type nonrec invalid_operation_exception = {
  1. message : string option;
}

Exception that indicates that the operation would not cause any change to occur.

type nonrec untag_resource_request = {
  1. tag_keys : string list;
    (*

    The tag key for each tag that you want to remove from the resource.

    *)
  2. resource_ar_n : string;
    (*

    The Amazon Resource Name (ARN) of the resource that you want to remove tags from.

    *)
}
type nonrec invalid_resource_exception = {
  1. message : string option;
}

Exception that indicates that the resource is invalid. You might not have access to the resource, or the resource might not exist.

type nonrec unit_ =
  1. | REQUESTS
  2. | PACKETS
  3. | BYTES
  4. | BITS
type nonrec contributor = {
  1. value : int option;
    (*

    The contribution of this contributor expressed in Protection units. For example 10,000.

    *)
  2. name : string option;
    (*

    The name of the contributor. The type of name that you'll find here depends on the AttackPropertyIdentifier setting in the AttackProperty where this contributor is defined. For example, if the AttackPropertyIdentifier is SOURCE_COUNTRY, the Name could be United States.

    *)
}

A contributor to the attack and their contribution.

type nonrec time_range = {
  1. to_exclusive : Smaws_Lib.CoreTypes.Timestamp.t option;
    (*

    The end time, in Unix time in seconds.

    *)
  2. from_inclusive : Smaws_Lib.CoreTypes.Timestamp.t option;
    (*

    The start time, in Unix time in seconds.

    *)
}

The time range.

type nonrec tag = {
  1. value : string option;
    (*

    Part of the key:value pair that defines a tag. You can use a tag value to describe a specific value within a category, such as "companyA" or "companyB." Tag values are case-sensitive.

    *)
  2. key : string option;
    (*

    Part of the key:value pair that defines a tag. You can use a tag key to describe a category of information, such as "customer." Tag keys are case-sensitive.

    *)
}

A tag associated with an Amazon Web Services resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing or other management. Typically, the tag key represents a category, such as "environment", and the tag value represents a specific value within that category, such as "test," "development," or "production". Or you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.

type nonrec tag_resource_request = {
  1. tags : tag list;
    (*

    The tags that you want to modify or add to the resource.

    *)
  2. resource_ar_n : string;
    (*

    The Amazon Resource Name (ARN) of the resource that you want to add or update tags for.

    *)
}
type nonrec summarized_counter = {
  1. unit_ : string option;
    (*

    The unit of the counters.

    *)
  2. n : int option;
    (*

    The number of counters for a specified time period.

    *)
  3. sum : float option;
    (*

    The total of counter values for a specified time period.

    *)
  4. average : float option;
    (*

    The average value of the counter for a specified time period.

    *)
  5. max : float option;
    (*

    The maximum value of the counter for a specified time period.

    *)
  6. name : string option;
    (*

    The counter name.

    *)
}

The counter that describes a DDoS attack.

type nonrec summarized_attack_vector = {
  1. vector_counters : summarized_counter list option;
    (*

    The list of counters that describe the details of the attack.

    *)
  2. vector_type : string;
    (*

    The attack type, for example, SNMP reflection or SYN flood.

    *)
}

A summary of information about the attack.

type nonrec subscription_state =
  1. | INACTIVE
  2. | ACTIVE
type nonrec limit = {
  1. max : int option;
    (*

    The maximum number of protections that can be created for the specified Type.

    *)
  2. type_ : string option;
    (*

    The type of protection.

    *)
}

Specifies how many protections of a given type you can create.

type nonrec protection_limits = {
  1. protected_resource_type_limits : limit list;
    (*

    The maximum number of resource types that you can specify in a protection.

    *)
}

Limits settings on protections for your subscription.

type nonrec protection_group_arbitrary_pattern_limits = {
  1. max_members : int;
    (*

    The maximum number of resources you can specify for a single arbitrary pattern in a protection group.

    *)
}

Limits settings on protection groups with arbitrary pattern type.

type nonrec protection_group_pattern_type_limits = {
  1. arbitrary_pattern_limits : protection_group_arbitrary_pattern_limits;
    (*

    Limits settings on protection groups with arbitrary pattern type.

    *)
}

Limits settings by pattern type in the protection groups for your subscription.

type nonrec protection_group_limits = {
  1. pattern_type_limits : protection_group_pattern_type_limits;
    (*

    Limits settings by pattern type in the protection groups for your subscription.

    *)
  2. max_protection_groups : int;
    (*

    The maximum number of protection groups that you can have at one time.

    *)
}

Limits settings on protection groups for your subscription.

type nonrec subscription_limits = {
  1. protection_group_limits : protection_group_limits;
    (*

    Limits settings on protection groups for your subscription.

    *)
  2. protection_limits : protection_limits;
    (*

    Limits settings on protections for your subscription.

    *)
}

Limits settings for your subscription.

type nonrec proactive_engagement_status =
  1. | PENDING
  2. | DISABLED
  3. | ENABLED
type nonrec subscription = {
  1. subscription_arn : string option;
    (*

    The ARN (Amazon Resource Name) of the subscription.

    *)
  2. subscription_limits : subscription_limits;
    (*

    Limits settings for your subscription.

    *)
  3. proactive_engagement_status : proactive_engagement_status option;
    (*

    If ENABLED, the Shield Response Team (SRT) will use email and phone to notify contacts about escalations to the SRT and to initiate proactive customer support.

    If PENDING, you have requested proactive engagement and the request is pending. The status changes to ENABLED when your request is fully processed.

    If DISABLED, the SRT will not proactively notify contacts about escalations or to initiate proactive customer support.

    *)
  4. limits : limit list option;
    (*

    Specifies how many protections of a given type you can create.

    *)
  5. auto_renew : auto_renew option;
    (*

    If ENABLED, the subscription will be automatically renewed at the end of the existing subscription period.

    When you initally create a subscription, AutoRenew is set to ENABLED. You can change this by submitting an UpdateSubscription request. If the UpdateSubscription request does not included a value for AutoRenew, the existing value for AutoRenew remains unchanged.

    *)
  6. time_commitment_in_seconds : int option;
    (*

    The length, in seconds, of the Shield Advanced subscription for the account.

    *)
  7. end_time : Smaws_Lib.CoreTypes.Timestamp.t option;
    (*

    The date and time your subscription will end.

    *)
  8. start_time : Smaws_Lib.CoreTypes.Timestamp.t option;
    (*

    The start time of the subscription, in Unix time in seconds.

    *)
}

Information about the Shield Advanced subscription for an account.

type nonrec sub_resource_type =
  1. | URL
  2. | IP
type nonrec sub_resource_summary = {
  1. counters : summarized_counter list option;
    (*

    The counters that describe the details of the attack.

    *)
  2. attack_vectors : summarized_attack_vector list option;
    (*

    The list of attack types and associated counters.

    *)
  3. id : string option;
    (*

    The unique identifier (ID) of the SubResource.

    *)
  4. type_ : sub_resource_type option;
    (*

    The SubResource type.

    *)
}

The attack information for the specified SubResource.

type nonrec resource_already_exists_exception = {
  1. resource_type : string option;
    (*

    The type of resource that already exists.

    *)
  2. message : string option;
}

Exception indicating the specified resource already exists. If available, this exception includes details in additional properties.

type nonrec application_layer_automatic_response_status =
  1. | DISABLED
  2. | ENABLED
type nonrec application_layer_automatic_response_configuration = {
  1. action : response_action;
    (*

    Specifies the action setting that Shield Advanced should use in the WAF rules that it creates on behalf of the protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource.

    *)
  2. status : application_layer_automatic_response_status;
    (*

    Indicates whether automatic application layer DDoS mitigation is enabled for the protection.

    *)
}

The automatic application layer DDoS mitigation settings for a Protection. This configuration determines whether Shield Advanced automatically manages rules in the web ACL in order to respond to application layer events that Shield Advanced determines to be DDoS attacks.

type nonrec protection = {
  1. application_layer_automatic_response_configuration : application_layer_automatic_response_configuration option;
    (*

    The automatic application layer DDoS mitigation settings for the protection. This configuration determines whether Shield Advanced automatically manages rules in the web ACL in order to respond to application layer events that Shield Advanced determines to be DDoS attacks.

    *)
  2. protection_arn : string option;
    (*

    The ARN (Amazon Resource Name) of the protection.

    *)
  3. health_check_ids : string list option;
    (*

    The unique identifier (ID) for the Route 53 health check that's associated with the protection.

    *)
  4. resource_arn : string option;
    (*

    The ARN (Amazon Resource Name) of the Amazon Web Services resource that is protected.

    *)
  5. name : string option;
    (*

    The name of the protection. For example, My CloudFront distributions.

    *)
  6. id : string option;
    (*

    The unique identifier (ID) of the protection.

    *)
}

An object that represents a resource that is under DDoS protection.

type nonrec protection_group = {
  1. protection_group_arn : string option;
    (*

    The ARN (Amazon Resource Name) of the protection group.

    *)
  2. members : string list;
    (*

    The ARNs (Amazon Resource Names) of the resources to include in the protection group. You must set this when you set Pattern to ARBITRARY and you must not set it for any other Pattern setting.

    *)
  3. resource_type : protected_resource_type option;
    (*

    The resource type to include in the protection group. All protected resources of this type are included in the protection group. You must set this when you set Pattern to BY_RESOURCE_TYPE and you must not set it for any other Pattern setting.

    *)
  4. pattern : protection_group_pattern;
    (*

    The criteria to use to choose the protected resources for inclusion in the group. You can include all resources that have protections, provide a list of resource ARNs (Amazon Resource Names), or include all resources of a specified resource type.

    *)
  5. aggregation : protection_group_aggregation;
    (*

    Defines how Shield combines resource data for the group in order to detect, mitigate, and report events.

    • Sum - Use the total traffic across the group. This is a good choice for most cases. Examples include Elastic IP addresses for EC2 instances that scale manually or automatically.
    • Mean - Use the average of the traffic across the group. This is a good choice for resources that share traffic uniformly. Examples include accelerators and load balancers.
    • Max - Use the highest traffic from each resource. This is useful for resources that don't share traffic and for resources that share that traffic in a non-uniform way. Examples include Amazon CloudFront distributions and origin resources for CloudFront distributions.
    *)
  6. protection_group_id : string;
    (*

    The name of the protection group. You use this to identify the protection group in lists and to manage the protection group, for example to update, delete, or describe it.

    *)
}

A grouping of protected resources that you and Shield Advanced can monitor as a collective. This resource grouping improves the accuracy of detection and reduces false positives.

type nonrec no_associated_role_exception = {
  1. message : string option;
}

The ARN of the role that you specified does not exist.

type nonrec mitigation = {
  1. mitigation_name : string option;
    (*

    The name of the mitigation taken for this attack.

    *)
}

The mitigation applied to a DDoS attack.

type nonrec list_tags_for_resource_response = {
  1. tags : tag list option;
    (*

    A list of tag key and value pairs associated with the specified resource.

    *)
}
type nonrec list_tags_for_resource_request = {
  1. resource_ar_n : string;
    (*

    The Amazon Resource Name (ARN) of the resource to get tags for.

    *)
}
type nonrec list_resources_in_protection_group_response = {
  1. next_token : string option;
    (*

    When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a NextToken value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request.

    You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the MaxResults setting. Shield Advanced will not return more than MaxResults objects, but may return fewer, even if more objects are still available.

    Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a NextToken value.

    *)
  2. resource_arns : string list;
    (*

    The Amazon Resource Names (ARNs) of the resources that are included in the protection group.

    *)
}
type nonrec list_resources_in_protection_group_request = {
  1. max_results : int option;
    (*

    The greatest number of objects that you want Shield Advanced to return to the list request. Shield Advanced might return fewer objects than you indicate in this setting, even if more objects are available. If there are more objects remaining, Shield Advanced will always also return a NextToken value in the response.

    The default setting is 20.

    *)
  2. next_token : string option;
    (*

    When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a NextToken value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request.

    You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the MaxResults setting. Shield Advanced will not return more than MaxResults objects, but may return fewer, even if more objects are still available.

    Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a NextToken value.

    On your first call to a list operation, leave this setting empty.

    *)
  3. protection_group_id : string;
    (*

    The name of the protection group. You use this to identify the protection group in lists and to manage the protection group, for example to update, delete, or describe it.

    *)
}
type nonrec invalid_pagination_token_exception = {
  1. message : string option;
}

Exception that indicates that the NextToken specified in the request is invalid. Submit the request using the NextToken value that was returned in the prior response.

type nonrec list_protections_response = {
  1. next_token : string option;
    (*

    When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a NextToken value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request.

    You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the MaxResults setting. Shield Advanced will not return more than MaxResults objects, but may return fewer, even if more objects are still available.

    Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a NextToken value.

    *)
  2. protections : protection list option;
    (*

    The array of enabled Protection objects.

    *)
}
type nonrec inclusion_protection_filters = {
  1. resource_types : protected_resource_type list option;
    (*

    The type of protected resource whose protections you want to retrieve.

    *)
  2. protection_names : string list option;
    (*

    The name of the protection that you want to retrieve.

    *)
  3. resource_arns : string list option;
    (*

    The ARN (Amazon Resource Name) of the resource whose protection you want to retrieve.

    *)
}

Narrows the set of protections that the call retrieves. You can retrieve a single protection by providing its name or the ARN (Amazon Resource Name) of its protected resource. You can also retrieve all protections for a specific resource type. You can provide up to one criteria per filter type. Shield Advanced returns protections that exactly match all of the filter criteria that you provide.

type nonrec list_protections_request = {
  1. inclusion_filters : inclusion_protection_filters option;
    (*

    Narrows the set of protections that the call retrieves. You can retrieve a single protection by providing its name or the ARN (Amazon Resource Name) of its protected resource. You can also retrieve all protections for a specific resource type. You can provide up to one criteria per filter type. Shield Advanced returns protections that exactly match all of the filter criteria that you provide.

    *)
  2. max_results : int option;
    (*

    The greatest number of objects that you want Shield Advanced to return to the list request. Shield Advanced might return fewer objects than you indicate in this setting, even if more objects are available. If there are more objects remaining, Shield Advanced will always also return a NextToken value in the response.

    The default setting is 20.

    *)
  3. next_token : string option;
    (*

    When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a NextToken value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request.

    You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the MaxResults setting. Shield Advanced will not return more than MaxResults objects, but may return fewer, even if more objects are still available.

    Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a NextToken value.

    On your first call to a list operation, leave this setting empty.

    *)
}
type nonrec list_protection_groups_response = {
  1. next_token : string option;
    (*

    When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a NextToken value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request.

    You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the MaxResults setting. Shield Advanced will not return more than MaxResults objects, but may return fewer, even if more objects are still available.

    Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a NextToken value.

    *)
  2. protection_groups : protection_group list;
}
type nonrec inclusion_protection_group_filters = {
  1. aggregations : protection_group_aggregation list option;
    (*

    The aggregation setting of the protection groups that you want to retrieve.

    *)
  2. resource_types : protected_resource_type list option;
    (*

    The resource type configuration of the protection groups that you want to retrieve. In the protection group configuration, you specify the resource type when you set the group's Pattern to BY_RESOURCE_TYPE.

    *)
  3. patterns : protection_group_pattern list option;
    (*

    The pattern specification of the protection groups that you want to retrieve.

    *)
  4. protection_group_ids : string list option;
    (*

    The ID of the protection group that you want to retrieve.

    *)
}

Narrows the set of protection groups that the call retrieves. You can retrieve a single protection group by its name and you can retrieve all protection groups that are configured with a specific pattern, aggregation, or resource type. You can provide up to one criteria per filter type. Shield Advanced returns the protection groups that exactly match all of the search criteria that you provide.

type nonrec list_protection_groups_request = {
  1. inclusion_filters : inclusion_protection_group_filters option;
    (*

    Narrows the set of protection groups that the call retrieves. You can retrieve a single protection group by its name and you can retrieve all protection groups that are configured with specific pattern or aggregation settings. You can provide up to one criteria per filter type. Shield Advanced returns the protection groups that exactly match all of the search criteria that you provide.

    *)
  2. max_results : int option;
    (*

    The greatest number of objects that you want Shield Advanced to return to the list request. Shield Advanced might return fewer objects than you indicate in this setting, even if more objects are available. If there are more objects remaining, Shield Advanced will always also return a NextToken value in the response.

    The default setting is 20.

    *)
  3. next_token : string option;
    (*

    When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a NextToken value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request.

    You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the MaxResults setting. Shield Advanced will not return more than MaxResults objects, but may return fewer, even if more objects are still available.

    Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a NextToken value.

    On your first call to a list operation, leave this setting empty.

    *)
}
type nonrec attack_vector_description = {
  1. vector_type : string;
    (*

    The attack type. Valid values:

    • UDP_TRAFFIC
    • UDP_FRAGMENT
    • GENERIC_UDP_REFLECTION
    • DNS_REFLECTION
    • NTP_REFLECTION
    • CHARGEN_REFLECTION
    • SSDP_REFLECTION
    • PORT_MAPPER
    • RIP_REFLECTION
    • SNMP_REFLECTION
    • MSSQL_REFLECTION
    • NET_BIOS_REFLECTION
    • SYN_FLOOD
    • ACK_FLOOD
    • REQUEST_FLOOD
    • HTTP_REFLECTION
    • UDS_REFLECTION
    • MEMCACHED_REFLECTION
    *)
}

Describes the attack.

type nonrec attack_summary = {
  1. attack_vectors : attack_vector_description list option;
    (*

    The list of attacks for a specified time period.

    *)
  2. end_time : Smaws_Lib.CoreTypes.Timestamp.t option;
    (*

    The end time of the attack, in Unix time in seconds.

    *)
  3. start_time : Smaws_Lib.CoreTypes.Timestamp.t option;
    (*

    The start time of the attack, in Unix time in seconds.

    *)
  4. resource_arn : string option;
    (*

    The ARN (Amazon Resource Name) of the resource that was attacked.

    *)
  5. attack_id : string option;
    (*

    The unique identifier (ID) of the attack.

    *)
}

Summarizes all DDoS attacks for a specified time period.

type nonrec list_attacks_response = {
  1. next_token : string option;
    (*

    When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a NextToken value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request.

    You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the MaxResults setting. Shield Advanced will not return more than MaxResults objects, but may return fewer, even if more objects are still available.

    Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a NextToken value.

    *)
  2. attack_summaries : attack_summary list option;
    (*

    The attack information for the specified time range.

    *)
}
type nonrec list_attacks_request = {
  1. max_results : int option;
    (*

    The greatest number of objects that you want Shield Advanced to return to the list request. Shield Advanced might return fewer objects than you indicate in this setting, even if more objects are available. If there are more objects remaining, Shield Advanced will always also return a NextToken value in the response.

    The default setting is 20.

    *)
  2. next_token : string option;
    (*

    When you request a list of objects from Shield Advanced, if the response does not include all of the remaining available objects, Shield Advanced includes a NextToken value in the response. You can retrieve the next batch of objects by requesting the list again and providing the token that was returned by the prior call in your request.

    You can indicate the maximum number of objects that you want Shield Advanced to return for a single call with the MaxResults setting. Shield Advanced will not return more than MaxResults objects, but may return fewer, even if more objects are still available.

    Whenever more objects remain that Shield Advanced has not yet returned to you, the response will include a NextToken value.

    On your first call to a list operation, leave this setting empty.

    *)
  3. end_time : time_range option;
    (*

    The end of the time period for the attacks. This is a timestamp type. The request syntax listing for this call indicates a number type, but you can provide the time in any valid timestamp format setting.

    *)
  4. start_time : time_range option;
    (*

    The start of the time period for the attacks. This is a timestamp type. The request syntax listing for this call indicates a number type, but you can provide the time in any valid timestamp format setting.

    *)
  5. resource_arns : string list option;
    (*

    The ARNs (Amazon Resource Names) of the resources that were attacked. If you leave this blank, all applicable resources for this account will be included.

    *)
}
type nonrec limits_exceeded_exception = {
  1. limit : int option;
    (*

    The threshold that would be exceeded.

    *)
  2. type_ : string option;
    (*

    The type of limit that would be exceeded.

    *)
  3. message : string option;
}

Exception that indicates that the operation would exceed a limit.

type nonrec get_subscription_state_response = {
  1. subscription_state : subscription_state;
    (*

    The status of the subscription.

    *)
}
type nonrec enable_application_layer_automatic_response_request = {
  1. action : response_action;
    (*

    Specifies the action setting that Shield Advanced should use in the WAF rules that it creates on behalf of the protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource.

    *)
  2. resource_arn : string;
    (*

    The ARN (Amazon Resource Name) of the protected resource.

    *)
}
type nonrec disassociate_health_check_request = {
  1. health_check_arn : string;
    (*

    The Amazon Resource Name (ARN) of the health check that is associated with the protection.

    *)
  2. protection_id : string;
    (*

    The unique identifier (ID) for the Protection object to remove the health check association from.

    *)
}
type nonrec disassociate_drt_log_bucket_request = {
  1. log_bucket : string;
    (*

    The Amazon S3 bucket that contains the logs that you want to share.

    *)
}
type nonrec access_denied_for_dependency_exception = {
  1. message : string option;
}

In order to grant the necessary access to the Shield Response Team (SRT) the user submitting the request must have the iam:PassRole permission. This error indicates the user did not have the appropriate permissions. For more information, see Granting a User Permissions to Pass a Role to an Amazon Web Services Service.

type nonrec disable_application_layer_automatic_response_request = {
  1. resource_arn : string;
    (*

    The ARN (Amazon Resource Name) of the protected resource.

    *)
}
type nonrec describe_subscription_response = {
  1. subscription : subscription option;
    (*

    The Shield Advanced subscription details for an account.

    *)
}
type nonrec describe_protection_response = {
  1. protection : protection option;
    (*

    The Protection that you requested.

    *)
}
type nonrec describe_protection_request = {
  1. resource_arn : string option;
    (*

    The ARN (Amazon Resource Name) of the protected Amazon Web Services resource. You must provide either the ResourceArn of the protected resource or the ProtectionID of the protection, but not both.

    *)
  2. protection_id : string option;
    (*

    The unique identifier (ID) for the Protection object to describe. You must provide either the ResourceArn of the protected resource or the ProtectionID of the protection, but not both.

    *)
}
type nonrec describe_protection_group_response = {
  1. protection_group : protection_group;
    (*

    A grouping of protected resources that you and Shield Advanced can monitor as a collective. This resource grouping improves the accuracy of detection and reduces false positives.

    *)
}
type nonrec describe_protection_group_request = {
  1. protection_group_id : string;
    (*

    The name of the protection group. You use this to identify the protection group in lists and to manage the protection group, for example to update, delete, or describe it.

    *)
}
type nonrec describe_emergency_contact_settings_response = {
  1. emergency_contact_list : emergency_contact list option;
    (*

    A list of email addresses and phone numbers that the Shield Response Team (SRT) can use to contact you if you have proactive engagement enabled, for escalations to the SRT and to initiate proactive customer support.

    *)
}
type nonrec describe_drt_access_response = {
  1. log_bucket_list : string list option;
    (*

    The list of Amazon S3 buckets accessed by the SRT.

    *)
  2. role_arn : string option;
    (*

    The Amazon Resource Name (ARN) of the role the SRT used to access your Amazon Web Services account.

    *)
}
type nonrec attack_volume_statistics = {
  1. max : float;
    (*

    The maximum attack volume observed for the given unit.

    *)
}

Statistics objects for the various data types in AttackVolume.

type nonrec attack_volume = {
  1. requests_per_second : attack_volume_statistics option;
    (*

    A statistics object that uses requests per second as the unit. This is included for application level attacks, and is only available for accounts that are subscribed to Shield Advanced.

    *)
  2. packets_per_second : attack_volume_statistics option;
    (*

    A statistics object that uses packets per second as the unit. This is included for network level attacks.

    *)
  3. bits_per_second : attack_volume_statistics option;
    (*

    A statistics object that uses bits per second as the unit. This is included for network level attacks.

    *)
}

Information about the volume of attacks during the time period, included in an AttackStatisticsDataItem. If the accompanying AttackCount in the statistics object is zero, this setting might be empty.

type nonrec attack_statistics_data_item = {
  1. attack_count : int;
    (*

    The number of attacks detected during the time period. This is always present, but might be zero.

    *)
  2. attack_volume : attack_volume option;
    (*

    Information about the volume of attacks during the time period. If the accompanying AttackCount is zero, this setting might be empty.

    *)
}

A single attack statistics data record. This is returned by DescribeAttackStatistics along with a time range indicating the time period that the attack statistics apply to.

type nonrec describe_attack_statistics_response = {
  1. data_items : attack_statistics_data_item list;
    (*

    The data that describes the attacks detected during the time period.

    *)
  2. time_range : time_range;
    (*

    The time range of the attack.

    *)
}
type nonrec attack_layer =
  1. | APPLICATION
  2. | NETWORK
type nonrec attack_property_identifier =
  1. | WORDPRESS_PINGBACK_SOURCE
  2. | WORDPRESS_PINGBACK_REFLECTOR
  3. | SOURCE_USER_AGENT
  4. | SOURCE_IP_ADDRESS
  5. | SOURCE_COUNTRY
  6. | SOURCE_ASN
  7. | REFERRER
  8. | DESTINATION_URL
type nonrec attack_property = {
  1. total : int option;
    (*

    The total contributions made to this Shield event by all contributors.

    *)
  2. unit_ : unit_ option;
    (*

    The unit used for the Contributor Value property.

    *)
  3. top_contributors : contributor list option;
    (*

    Contributor objects for the top five contributors to a Shield event. A contributor is a source of traffic that Shield Advanced identifies as responsible for some or all of an event.

    *)
  4. attack_property_identifier : attack_property_identifier option;
    (*

    Defines the Shield event property information that is provided. The WORDPRESS_PINGBACK_REFLECTOR and WORDPRESS_PINGBACK_SOURCE values are valid only for WordPress reflective pingback events.

    *)
  5. attack_layer : attack_layer option;
    (*

    The type of Shield event that was observed. NETWORK indicates layer 3 and layer 4 events and APPLICATION indicates layer 7 events.

    For infrastructure layer events (L3 and L4 events), you can view metrics for top contributors in Amazon CloudWatch metrics. For more information, see Shield metrics and alarms in the WAF Developer Guide.

    *)
}

Details of a Shield event. This is provided as part of an AttackDetail.

type nonrec attack_detail = {
  1. mitigations : mitigation list option;
    (*

    List of mitigation actions taken for the attack.

    *)
  2. attack_properties : attack_property list option;
    (*

    The array of objects that provide details of the Shield event.

    For infrastructure layer events (L3 and L4 events), you can view metrics for top contributors in Amazon CloudWatch metrics. For more information, see Shield metrics and alarms in the WAF Developer Guide.

    *)
  3. attack_counters : summarized_counter list option;
    (*

    List of counters that describe the attack for the specified time period.

    *)
  4. end_time : Smaws_Lib.CoreTypes.Timestamp.t option;
    (*

    The time the attack ended, in Unix time in seconds.

    *)
  5. start_time : Smaws_Lib.CoreTypes.Timestamp.t option;
    (*

    The time the attack started, in Unix time in seconds.

    *)
  6. sub_resources : sub_resource_summary list option;
    (*

    If applicable, additional detail about the resource being attacked, for example, IP address or URL.

    *)
  7. resource_arn : string option;
    (*

    The ARN (Amazon Resource Name) of the resource that was attacked.

    *)
  8. attack_id : string option;
    (*

    The unique identifier (ID) of the attack.

    *)
}

The details of a DDoS attack.

type nonrec describe_attack_response = {
  1. attack : attack_detail option;
    (*

    The attack that you requested.

    *)
}
type nonrec describe_attack_request = {
  1. attack_id : string;
    (*

    The unique identifier (ID) for the attack.

    *)
}
type nonrec access_denied_exception = {
  1. message : string option;
}

Exception that indicates the specified AttackId does not exist, or the requester does not have the appropriate permissions to access the AttackId.

type nonrec delete_protection_request = {
  1. protection_id : string;
    (*

    The unique identifier (ID) for the Protection object to be deleted.

    *)
}
type nonrec delete_protection_group_request = {
  1. protection_group_id : string;
    (*

    The name of the protection group. You use this to identify the protection group in lists and to manage the protection group, for example to update, delete, or describe it.

    *)
}
type nonrec create_protection_response = {
  1. protection_id : string option;
    (*

    The unique identifier (ID) for the Protection object that is created.

    *)
}
type nonrec create_protection_request = {
  1. tags : tag list option;
    (*

    One or more tag key-value pairs for the Protection object that is created.

    *)
  2. resource_arn : string;
    (*

    The ARN (Amazon Resource Name) of the resource to be protected.

    The ARN should be in one of the following formats:

    • For an Application Load Balancer:

      arn:aws:elasticloadbalancing:{i region}:{i account-id}:loadbalancer/app/{i load-balancer-name}/{i load-balancer-id}

    • For an Elastic Load Balancer (Classic Load Balancer):

      arn:aws:elasticloadbalancing:{i region}:{i account-id}:loadbalancer/{i load-balancer-name}

    • For an Amazon CloudFront distribution:

      arn:aws:cloudfront::{i account-id}:distribution/{i distribution-id}

    • For an Global Accelerator standard accelerator:

      arn:aws:globalaccelerator::{i account-id}:accelerator/{i accelerator-id}

    • For Amazon Route 53:

      arn:aws:route53:::hostedzone/{i hosted-zone-id}

    • For an Elastic IP address:

      arn:aws:ec2:{i region}:{i account-id}:eip-allocation/{i allocation-id}
    *)
  3. name : string;
    (*

    Friendly name for the Protection you are creating.

    *)
}
type nonrec create_protection_group_request = {
  1. tags : tag list option;
    (*

    One or more tag key-value pairs for the protection group.

    *)
  2. members : string list option;
    (*

    The Amazon Resource Names (ARNs) of the resources to include in the protection group. You must set this when you set Pattern to ARBITRARY and you must not set it for any other Pattern setting.

    *)
  3. resource_type : protected_resource_type option;
    (*

    The resource type to include in the protection group. All protected resources of this type are included in the protection group. Newly protected resources of this type are automatically added to the group. You must set this when you set Pattern to BY_RESOURCE_TYPE and you must not set it for any other Pattern setting.

    *)
  4. pattern : protection_group_pattern;
    (*

    The criteria to use to choose the protected resources for inclusion in the group. You can include all resources that have protections, provide a list of resource Amazon Resource Names (ARNs), or include all resources of a specified resource type.

    *)
  5. aggregation : protection_group_aggregation;
    (*

    Defines how Shield combines resource data for the group in order to detect, mitigate, and report events.

    • Sum - Use the total traffic across the group. This is a good choice for most cases. Examples include Elastic IP addresses for EC2 instances that scale manually or automatically.
    • Mean - Use the average of the traffic across the group. This is a good choice for resources that share traffic uniformly. Examples include accelerators and load balancers.
    • Max - Use the highest traffic from each resource. This is useful for resources that don't share traffic and for resources that share that traffic in a non-uniform way. Examples include Amazon CloudFront and origin resources for CloudFront distributions.
    *)
  6. protection_group_id : string;
    (*

    The name of the protection group. You use this to identify the protection group in lists and to manage the protection group, for example to update, delete, or describe it.

    *)
}
type nonrec associate_proactive_engagement_details_request = {
  1. emergency_contact_list : emergency_contact list;
    (*

    A list of email addresses and phone numbers that the Shield Response Team (SRT) can use to contact you for escalations to the SRT and to initiate proactive customer support.

    To enable proactive engagement, the contact list must include at least one phone number.

    The contacts that you provide here replace any contacts that were already defined. If you already have contacts defined and want to use them, retrieve the list using DescribeEmergencyContactSettings and then provide it here.

    *)
}
type nonrec associate_health_check_request = {
  1. health_check_arn : string;
    (*

    The Amazon Resource Name (ARN) of the health check to associate with the protection.

    *)
  2. protection_id : string;
    (*

    The unique identifier (ID) for the Protection object to add the health check association to.

    *)
}
type nonrec associate_drt_role_request = {
  1. role_arn : string;
    (*

    The Amazon Resource Name (ARN) of the role the SRT will use to access your Amazon Web Services account.

    Prior to making the AssociateDRTRole request, you must attach the AWSShieldDRTAccessPolicy managed policy to this role. For more information see Attaching and Detaching IAM Policies.

    *)
}
type nonrec associate_drt_log_bucket_request = {
  1. log_bucket : string;
    (*

    The Amazon S3 bucket that contains the logs that you want to share.

    *)
}

Builders

val make_validation_exception_field : message:string -> name:string -> unit -> validation_exception_field
val make_update_subscription_response : unit -> unit
val make_update_subscription_request : ?auto_renew:auto_renew -> unit -> update_subscription_request
val make_update_protection_group_response : unit -> unit
val make_update_protection_group_request : ?members:string list -> ?resource_type:protected_resource_type -> pattern:protection_group_pattern -> aggregation:protection_group_aggregation -> protection_group_id:string -> unit -> update_protection_group_request
val make_update_emergency_contact_settings_response : unit -> unit
val make_emergency_contact : ?contact_notes:string -> ?phone_number:string -> email_address:string -> unit -> emergency_contact
val make_update_emergency_contact_settings_request : ?emergency_contact_list:emergency_contact list -> unit -> update_emergency_contact_settings_request
val make_update_application_layer_automatic_response_response : unit -> unit
val make_block_action : unit -> unit
val make_count_action : unit -> unit
val make_response_action : ?count:unit -> ?block:unit -> unit -> response_action
val make_update_application_layer_automatic_response_request : action:response_action -> resource_arn:string -> unit -> update_application_layer_automatic_response_request
val make_untag_resource_response : unit -> unit
val make_untag_resource_request : tag_keys:string list -> resource_ar_n:string -> unit -> untag_resource_request
val make_contributor : ?value:int -> ?name:string -> unit -> contributor
val make_time_range : ?to_exclusive:Smaws_Lib.CoreTypes.Timestamp.t -> ?from_inclusive:Smaws_Lib.CoreTypes.Timestamp.t -> unit -> time_range
val make_tag_resource_response : unit -> unit
val make_tag : ?value:string -> ?key:string -> unit -> tag
val make_tag_resource_request : tags:tag list -> resource_ar_n:string -> unit -> tag_resource_request
val make_summarized_counter : ?unit_:string -> ?n:int -> ?sum:float -> ?average:float -> ?max:float -> ?name:string -> unit -> summarized_counter
val make_summarized_attack_vector : ?vector_counters:summarized_counter list -> vector_type:string -> unit -> summarized_attack_vector
val make_limit : ?max:int -> ?type_:string -> unit -> limit
val make_protection_limits : protected_resource_type_limits:limit list -> unit -> protection_limits
val make_protection_group_arbitrary_pattern_limits : max_members:int -> unit -> protection_group_arbitrary_pattern_limits
val make_protection_group_pattern_type_limits : arbitrary_pattern_limits:protection_group_arbitrary_pattern_limits -> unit -> protection_group_pattern_type_limits
val make_protection_group_limits : pattern_type_limits:protection_group_pattern_type_limits -> max_protection_groups:int -> unit -> protection_group_limits
val make_subscription_limits : protection_group_limits:protection_group_limits -> protection_limits:protection_limits -> unit -> subscription_limits
val make_subscription : ?subscription_arn:string -> ?proactive_engagement_status:proactive_engagement_status -> ?limits:limit list -> ?auto_renew:auto_renew -> ?time_commitment_in_seconds:int -> ?end_time:Smaws_Lib.CoreTypes.Timestamp.t -> ?start_time:Smaws_Lib.CoreTypes.Timestamp.t -> subscription_limits:subscription_limits -> unit -> subscription
val make_sub_resource_summary : ?counters:summarized_counter list -> ?attack_vectors:summarized_attack_vector list -> ?id:string -> ?type_:sub_resource_type -> unit -> sub_resource_summary
val make_application_layer_automatic_response_configuration : action:response_action -> status:application_layer_automatic_response_status -> unit -> application_layer_automatic_response_configuration
val make_protection : ?application_layer_automatic_response_configuration: application_layer_automatic_response_configuration -> ?protection_arn:string -> ?health_check_ids:string list -> ?resource_arn:string -> ?name:string -> ?id:string -> unit -> protection
val make_protection_group : ?protection_group_arn:string -> ?resource_type:protected_resource_type -> members:string list -> pattern:protection_group_pattern -> aggregation:protection_group_aggregation -> protection_group_id:string -> unit -> protection_group
val make_mitigation : ?mitigation_name:string -> unit -> mitigation
val make_list_tags_for_resource_response : ?tags:tag list -> unit -> list_tags_for_resource_response
val make_list_tags_for_resource_request : resource_ar_n:string -> unit -> list_tags_for_resource_request
val make_list_resources_in_protection_group_response : ?next_token:string -> resource_arns:string list -> unit -> list_resources_in_protection_group_response
val make_list_resources_in_protection_group_request : ?max_results:int -> ?next_token:string -> protection_group_id:string -> unit -> list_resources_in_protection_group_request
val make_list_protections_response : ?next_token:string -> ?protections:protection list -> unit -> list_protections_response
val make_inclusion_protection_filters : ?resource_types:protected_resource_type list -> ?protection_names:string list -> ?resource_arns:string list -> unit -> inclusion_protection_filters
val make_list_protections_request : ?inclusion_filters:inclusion_protection_filters -> ?max_results:int -> ?next_token:string -> unit -> list_protections_request
val make_list_protection_groups_response : ?next_token:string -> protection_groups:protection_group list -> unit -> list_protection_groups_response
val make_inclusion_protection_group_filters : ?aggregations:protection_group_aggregation list -> ?resource_types:protected_resource_type list -> ?patterns:protection_group_pattern list -> ?protection_group_ids:string list -> unit -> inclusion_protection_group_filters
val make_list_protection_groups_request : ?inclusion_filters:inclusion_protection_group_filters -> ?max_results:int -> ?next_token:string -> unit -> list_protection_groups_request
val make_attack_vector_description : vector_type:string -> unit -> attack_vector_description
val make_attack_summary : ?attack_vectors:attack_vector_description list -> ?end_time:Smaws_Lib.CoreTypes.Timestamp.t -> ?start_time:Smaws_Lib.CoreTypes.Timestamp.t -> ?resource_arn:string -> ?attack_id:string -> unit -> attack_summary
val make_list_attacks_response : ?next_token:string -> ?attack_summaries:attack_summary list -> unit -> list_attacks_response
val make_list_attacks_request : ?max_results:int -> ?next_token:string -> ?end_time:time_range -> ?start_time:time_range -> ?resource_arns:string list -> unit -> list_attacks_request
val make_get_subscription_state_response : subscription_state:subscription_state -> unit -> get_subscription_state_response
val make_get_subscription_state_request : unit -> unit
val make_enable_proactive_engagement_response : unit -> unit
val make_enable_proactive_engagement_request : unit -> unit
val make_enable_application_layer_automatic_response_response : unit -> unit
val make_enable_application_layer_automatic_response_request : action:response_action -> resource_arn:string -> unit -> enable_application_layer_automatic_response_request
val make_disassociate_health_check_response : unit -> unit
val make_disassociate_health_check_request : health_check_arn:string -> protection_id:string -> unit -> disassociate_health_check_request
val make_disassociate_drt_role_response : unit -> unit
val make_disassociate_drt_role_request : unit -> unit
val make_disassociate_drt_log_bucket_response : unit -> unit
val make_disassociate_drt_log_bucket_request : log_bucket:string -> unit -> disassociate_drt_log_bucket_request
val make_disable_proactive_engagement_response : unit -> unit
val make_disable_proactive_engagement_request : unit -> unit
val make_disable_application_layer_automatic_response_response : unit -> unit
val make_disable_application_layer_automatic_response_request : resource_arn:string -> unit -> disable_application_layer_automatic_response_request
val make_describe_subscription_response : ?subscription:subscription -> unit -> describe_subscription_response
val make_describe_subscription_request : unit -> unit
val make_describe_protection_response : ?protection:protection -> unit -> describe_protection_response
val make_describe_protection_request : ?resource_arn:string -> ?protection_id:string -> unit -> describe_protection_request
val make_describe_protection_group_response : protection_group:protection_group -> unit -> describe_protection_group_response
val make_describe_protection_group_request : protection_group_id:string -> unit -> describe_protection_group_request
val make_describe_emergency_contact_settings_response : ?emergency_contact_list:emergency_contact list -> unit -> describe_emergency_contact_settings_response
val make_describe_emergency_contact_settings_request : unit -> unit
val make_describe_drt_access_response : ?log_bucket_list:string list -> ?role_arn:string -> unit -> describe_drt_access_response
val make_describe_drt_access_request : unit -> unit
val make_attack_volume_statistics : max:float -> unit -> attack_volume_statistics
val make_attack_volume : ?requests_per_second:attack_volume_statistics -> ?packets_per_second:attack_volume_statistics -> ?bits_per_second:attack_volume_statistics -> unit -> attack_volume
val make_attack_statistics_data_item : ?attack_volume:attack_volume -> attack_count:int -> unit -> attack_statistics_data_item
val make_describe_attack_statistics_response : data_items:attack_statistics_data_item list -> time_range:time_range -> unit -> describe_attack_statistics_response
val make_describe_attack_statistics_request : unit -> unit
val make_attack_property : ?total:int -> ?unit_:unit_ -> ?top_contributors:contributor list -> ?attack_property_identifier:attack_property_identifier -> ?attack_layer:attack_layer -> unit -> attack_property
val make_attack_detail : ?mitigations:mitigation list -> ?attack_properties:attack_property list -> ?attack_counters:summarized_counter list -> ?end_time:Smaws_Lib.CoreTypes.Timestamp.t -> ?start_time:Smaws_Lib.CoreTypes.Timestamp.t -> ?sub_resources:sub_resource_summary list -> ?resource_arn:string -> ?attack_id:string -> unit -> attack_detail
val make_describe_attack_response : ?attack:attack_detail -> unit -> describe_attack_response
val make_describe_attack_request : attack_id:string -> unit -> describe_attack_request
val make_delete_subscription_response : unit -> unit
val make_delete_subscription_request : unit -> unit
val make_delete_protection_response : unit -> unit
val make_delete_protection_request : protection_id:string -> unit -> delete_protection_request
val make_delete_protection_group_response : unit -> unit
val make_delete_protection_group_request : protection_group_id:string -> unit -> delete_protection_group_request
val make_create_subscription_response : unit -> unit
val make_create_subscription_request : unit -> unit
val make_create_protection_response : ?protection_id:string -> unit -> create_protection_response
val make_create_protection_request : ?tags:tag list -> resource_arn:string -> name:string -> unit -> create_protection_request
val make_create_protection_group_response : unit -> unit
val make_create_protection_group_request : ?tags:tag list -> ?members:string list -> ?resource_type:protected_resource_type -> pattern:protection_group_pattern -> aggregation:protection_group_aggregation -> protection_group_id:string -> unit -> create_protection_group_request
val make_associate_proactive_engagement_details_response : unit -> unit
val make_associate_proactive_engagement_details_request : emergency_contact_list:emergency_contact list -> unit -> associate_proactive_engagement_details_request
val make_associate_health_check_response : unit -> unit
val make_associate_health_check_request : health_check_arn:string -> protection_id:string -> unit -> associate_health_check_request
val make_associate_drt_role_response : unit -> unit
val make_associate_drt_role_request : role_arn:string -> unit -> associate_drt_role_request
val make_associate_drt_log_bucket_response : unit -> unit
val make_associate_drt_log_bucket_request : log_bucket:string -> unit -> associate_drt_log_bucket_request

Operations

module AssociateDRTLogBucket : sig ... end

Authorizes the Shield Response Team (SRT) to access the specified Amazon S3 bucket containing log data such as Application Load Balancer access logs, CloudFront logs, or logs from third party sources. You can associate up to 10 Amazon S3 buckets with your subscription.

module AssociateDRTRole : sig ... end

Authorizes the Shield Response Team (SRT) using the specified role, to access your Amazon Web Services account to assist with DDoS attack mitigation during potential attacks. This enables the SRT to inspect your WAF configuration and create or update WAF rules and web ACLs.

module AssociateHealthCheck : sig ... end

Adds health-based detection to the Shield Advanced protection for a resource. Shield Advanced health-based detection uses the health of your Amazon Web Services resource to improve responsiveness and accuracy in attack detection and response.

Initializes proactive engagement and sets the list of contacts for the Shield Response Team (SRT) to use. You must provide at least one phone number in the emergency contact list.

module CreateProtection : sig ... end

Enables Shield Advanced for a specific Amazon Web Services resource. The resource can be an Amazon CloudFront distribution, Amazon Route 53 hosted zone, Global Accelerator standard accelerator, Elastic IP Address, Application Load Balancer, or a Classic Load Balancer. You can protect Amazon EC2 instances and Network Load Balancers by association with protected Amazon EC2 Elastic IP addresses.

module CreateProtectionGroup : sig ... end

Creates a grouping of protected resources so they can be handled as a collective. This resource grouping improves the accuracy of detection and reduces false positives.

module CreateSubscription : sig ... end

Activates Shield Advanced for an account.

module DeleteProtection : sig ... end

Deletes an Shield Advanced Protection.

module DeleteProtectionGroup : sig ... end

Removes the specified protection group.

module DeleteSubscription : sig ... end

Removes Shield Advanced from an account. Shield Advanced requires a 1-year subscription commitment. You cannot delete a subscription prior to the completion of that commitment.

module DescribeAttack : sig ... end

Describes the details of a DDoS attack.

module DescribeAttackStatistics : sig ... end

Provides information about the number and type of attacks Shield has detected in the last year for all resources that belong to your account, regardless of whether you've defined Shield protections for them. This operation is available to Shield customers as well as to Shield Advanced customers.

module DescribeDRTAccess : sig ... end

Returns the current role and list of Amazon S3 log buckets used by the Shield Response Team (SRT) to access your Amazon Web Services account while assisting with attack mitigation.

A list of email addresses and phone numbers that the Shield Response Team (SRT) can use to contact you if you have proactive engagement enabled, for escalations to the SRT and to initiate proactive customer support.

module DescribeProtection : sig ... end

Lists the details of a Protection object.

module DescribeProtectionGroup : sig ... end

Returns the specification for the specified protection group.

module DescribeSubscription : sig ... end

Provides details about the Shield Advanced subscription for an account.

Disable the Shield Advanced automatic application layer DDoS mitigation feature for the protected resource. This stops Shield Advanced from creating, verifying, and applying WAF rules for attacks that it detects for the resource.

module DisableProactiveEngagement : sig ... end

Removes authorization from the Shield Response Team (SRT) to notify contacts about escalations to the SRT and to initiate proactive customer support.

module DisassociateDRTLogBucket : sig ... end

Removes the Shield Response Team's (SRT) access to the specified Amazon S3 bucket containing the logs that you shared previously.

module DisassociateDRTRole : sig ... end

Removes the Shield Response Team's (SRT) access to your Amazon Web Services account.

module DisassociateHealthCheck : sig ... end

Removes health-based detection from the Shield Advanced protection for a resource. Shield Advanced health-based detection uses the health of your Amazon Web Services resource to improve responsiveness and accuracy in attack detection and response.

Enable the Shield Advanced automatic application layer DDoS mitigation for the protected resource.

module EnableProactiveEngagement : sig ... end

Authorizes the Shield Response Team (SRT) to use email and phone to notify contacts about escalations to the SRT and to initiate proactive customer support.

module GetSubscriptionState : sig ... end

Returns the SubscriptionState, either Active or Inactive.

module ListAttacks : sig ... end

Returns all ongoing DDoS attacks or all DDoS attacks during a specified time period.

module ListProtectionGroups : sig ... end

Retrieves ProtectionGroup objects for the account. You can retrieve all protection groups or you can provide filtering criteria and retrieve just the subset of protection groups that match the criteria.

module ListProtections : sig ... end

Retrieves Protection objects for the account. You can retrieve all protections or you can provide filtering criteria and retrieve just the subset of protections that match the criteria.

module ListResourcesInProtectionGroup : sig ... end

Retrieves the resources that are included in the protection group.

module ListTagsForResource : sig ... end

Gets information about Amazon Web Services tags for a specified Amazon Resource Name (ARN) in Shield.

module TagResource : sig ... end

Adds or updates tags for a resource in Shield.

module UntagResource : sig ... end

Removes tags from a resource in Shield.

Updates an existing Shield Advanced automatic application layer DDoS mitigation configuration for the specified resource.

module UpdateEmergencyContactSettings : sig ... end

Updates the details of the list of email addresses and phone numbers that the Shield Response Team (SRT) can use to contact you if you have proactive engagement enabled, for escalations to the SRT and to initiate proactive customer support.

module UpdateProtectionGroup : sig ... end

Updates an existing protection group. A protection group is a grouping of protected resources so they can be handled as a collective. This resource grouping improves the accuracy of detection and reduces false positives.

module UpdateSubscription : sig ... end

Updates the details of an existing subscription. Only enter values for parameters you want to change. Empty parameters are not updated.