AWS::Shield::ProtectionGroupShield ProtectionGroup
A grouping of protected resources so they can be handled as a collective. This resource grouping improves the accuracy of detection and reduces false positives.
Properties
6 configurable properties. 3 required. Click a row to see details.
Filter:
| Property | Type | Flags |
|---|---|---|
Aggregation | string | Required |
Pattern | string | Required |
ProtectionGroupId | string | RequiredCreate-only |
Members | Array<string> | |
ResourceType | string | |
Tags | Array<Tag> |
Return Values
Values returned after the resource is created. Access these with Fn::GetAtt.
| Attribute | Type | Description |
|---|---|---|
ProtectionGroupArn | string | The ARN (Amazon Resource Name) of the protection group. |
Sample CloudFormation Template
A minimal template with required properties and common optional ones.
template.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::Shield::ProtectionGroup
Resources:
MyResource:
Type: AWS::Shield::ProtectionGroup
Properties:
Aggregation: "SUM"
Pattern: "ALL"
ProtectionGroupId: "my-protectiongroupid"
Tags:
- Key: Environment
Value: ProductionRequired IAM Permissions
Permissions CloudFormation needs in your IAM role to manage this resource.
create
shield:CreateProtectionGroupshield:TagResourcedelete
shield:DeleteProtectionGroupshield:UntagResourceread
shield:DescribeProtectionGroupshield:ListTagsForResourceupdate
shield:UpdateProtectionGroupshield:ListTagsForResourceshield:TagResourceshield:UntagResourcelist
shield:ListProtectionGroupsLearn AWS the Practical Way
Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.
Subscribe to NewsletterQuick Facts
ServiceShield
Properties7
Required3
TaggingSupported
Primary ID
ProtectionGroupArnSupported Operations
CreateDeleteReadUpdateList
Immutable After Creation
These properties cannot be changed after the resource is created. Updating them triggers a replacement.
ProtectionGroupId