shield:AssociateDRTRole is a Write access-level action in the shield service. Grants permission to authorize the DDoS Response team using the specified role, to access your AWS account to assist with DDoS attack mitigation during potential attacks
This action does not support resource-level permissions; use "Resource": "*" in your policy.
No condition keys are documented for this action.
To use shield:AssociateDRTRole you may also need to grant:
A minimal policy that allows shield:AssociateDRTRole. Replace "Resource": "*" with a specific ARN to follow least privilege.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowShieldAssociateDRTRole",
"Effect": "Allow",
"Action": "shield:AssociateDRTRole",
"Resource": "*"
}
]
}