shield:DescribeAttack is a Read access-level action in the shield service. Grants permission to get attack details. For getting attack details protected by AWS WAF anti-DDoS managed rule group, this action additionally calls wafv2:DescribeTopContributorsByEvent to retrieve application layer attack contributors, which requires to have wafv2:DescribeTopContributorsByEvent permission in IAM policy
ARNs that shield:DescribeAttack can be scoped to in an IAM policy.
No condition keys are documented for this action.
A minimal policy that allows shield:DescribeAttack. Replace "Resource": "*" with a specific ARN to follow least privilege.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowShieldDescribeAttack",
"Effect": "Allow",
"Action": "shield:DescribeAttack",
"Resource": "*"
}
]
}