Shield Attack

AWS Shield Attack represents details about a Distributed Denial of Service (DDoS) attack detected by AWS Shield. It provides information such as the attack’s start and end time, vectors used, and resources targeted. This helps users analyze the nature and impact of the attack for better mitigation and response.

aws.shield_attack

Fields

TitleIDTypeData TypeDescription
_keycorestring
account_idcorestring
attack_counterscorejsonList of counters that describe the attack for the specified time period.
attack_idcorestringThe unique identifier (ID) of the attack.
attack_propertiescorejsonThe array of objects that provide details of the Shield event. For infrastructure layer events (L3 and L4 events), you can view metrics for top contributors in Amazon CloudWatch metrics. For more information, see Shield metrics and alarms in the WAF Developer Guide.
end_timecoretimestampThe time the attack ended, in Unix time in seconds.
mitigationscorejsonList of mitigation actions taken for the attack.
resource_arncorestringThe ARN (Amazon Resource Name) of the resource that was attacked.
start_timecoretimestampThe time the attack started, in Unix time in seconds.
sub_resourcescorejsonIf applicable, additional detail about the resource being attacked, for example, IP address or URL.
tagscorehstore