shield:DescribeAttack

Read

shield:DescribeAttack is a Read access-level action in the shield service. Grants permission to get attack details. For getting attack details protected by AWS WAF anti-DDoS managed rule group, this action additionally calls wafv2:DescribeTopContributorsByEvent to retrieve application layer attack contributors, which requires to have wafv2:DescribeTopContributorsByEvent permission in IAM policy

Resource types

ARNs that shield:DescribeAttack can be scoped to in an IAM policy.

arn:${Partition}:shield::${Account}:attack/${Id}
attack

Condition keys

No condition keys are documented for this action.

Example IAM policy

A minimal policy that allows shield:DescribeAttack. Replace "Resource": "*" with a specific ARN to follow least privilege.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "AllowShieldDescribeAttack",
      "Effect": "Allow",
      "Action": "shield:DescribeAttack",
      "Resource": "*"
    }
  ]
}

Related actions in shield

View all shield actions →