{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--aws-shield-protection.json",
  "title": "AWSShieldProtectionProperties",
  "description": "Enables AWS Shield Advanced for a specific AWS resource. The resource can be an Amazon CloudFront distribution, Amazon Route 53 hosted zone, AWS Global Accelerator standard accelerator, Elastic IP Address, Application Load Balancer, or a Classic Load Balancer. You can protect Amazon EC2 instances and Network Load Balancers by association with protected Amazon EC2 Elastic IP addresses.. Source:- <https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-shield.git>",
  "x-lintel": {
    "source": "https://raw.githubusercontent.com/lalcebo/json-schema/master/serverless/resources/cloudformation-modified/aws-shield-protection.json",
    "sourceSha256": "d63895a45829b83118307f10e39ab176641aa135e0657861ef3712980b8341f0"
  },
  "type": "object",
  "properties": {
    "Name": {
      "oneOf": [
        {
          "type": "string",
          "minLength": 1,
          "maxLength": 128,
          "pattern": "[ a-zA-Z0-9_\\.\\-]*"
        },
        {
          "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString"
        }
      ],
      "description": "Friendly name for the Protection."
    },
    "ResourceArn": {
      "oneOf": [
        {
          "type": "string",
          "minLength": 1,
          "maxLength": 2048
        },
        {
          "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString"
        }
      ],
      "description": "The ARN (Amazon Resource Name) of the resource to be protected."
    },
    "HealthCheckArns": {
      "description": "The Amazon Resource Names (ARNs) of the health check to associate with the protection.",
      "type": "array",
      "insertionOrder": false,
      "maxItems": 1,
      "items": {
        "type": "string",
        "minLength": 1,
        "maxLength": 2048
      }
    },
    "ApplicationLayerAutomaticResponseConfiguration": {
      "$ref": "#/$defs/ApplicationLayerAutomaticResponseConfiguration"
    },
    "Tags": {
      "description": "One or more tag key-value pairs for the Protection object.",
      "type": "array",
      "insertionOrder": false,
      "maxItems": 200,
      "items": {
        "$ref": "#/$defs/Tag"
      }
    }
  },
  "typeName": "AWS::Shield::Protection",
  "additionalProperties": false,
  "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-shield.git",
  "primaryIdentifier": [
    "/properties/ProtectionArn"
  ],
  "readOnlyProperties": [
    "/properties/ProtectionId",
    "/properties/ProtectionArn"
  ],
  "createOnlyProperties": [
    "/properties/Name",
    "/properties/ResourceArn"
  ],
  "replacementStrategy": "delete_then_create",
  "tagging": {
    "taggable": true,
    "tagProperty": "/properties/Tags",
    "cloudFormationSystemTags": false
  },
  "$defs": {
    "Tag": {
      "description": "A tag associated with an AWS resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing or other management. Typically, the tag key represents a category, such as \"environment\", and the tag value represents a specific value within that category, such as \"test,\" \"development,\" or \"production\". Or you might set the tag key to \"customer\" and the value to the customer name or ID. You can specify one or more tags to add to each AWS resource, up to 50 tags for a resource.",
      "type": "object",
      "title": "AWSShieldProtectionTagDefinition",
      "required": [
        "Key",
        "Value"
      ],
      "properties": {
        "Key": {
          "oneOf": [
            {
              "type": "string",
              "minLength": 1,
              "maxLength": 128
            },
            {
              "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString"
            }
          ],
          "description": "Part of the key:value pair that defines a tag. You can use a tag key to describe a category of information, such as \"customer.\" Tag keys are case-sensitive."
        },
        "Value": {
          "oneOf": [
            {
              "type": "string",
              "minLength": 0,
              "maxLength": 256
            },
            {
              "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString"
            }
          ],
          "description": "Part of the key:value pair that defines a tag. You can use a tag value to describe a specific value within a category, such as \"companyA\" or \"companyB.\" Tag values are case-sensitive."
        }
      },
      "additionalProperties": false
    },
    "ApplicationLayerAutomaticResponseConfiguration": {
      "description": "The automatic application layer DDoS mitigation settings for a Protection. This configuration determines whether Shield Advanced automatically manages rules in the web ACL in order to respond to application layer events that Shield Advanced determines to be DDoS attacks.",
      "type": "object",
      "title": "AWSShieldProtectionApplicationLayerAutomaticResponseConfigurationDefinition",
      "required": [
        "Action",
        "Status"
      ],
      "properties": {
        "Action": {
          "type": "object",
          "description": "Specifies the action setting that Shield Advanced should use in the AWS WAF rules that it creates on behalf of the protected resource in response to DDoS attacks. You specify this as part of the configuration for the automatic application layer DDoS mitigation feature, when you enable or update automatic mitigation. Shield Advanced creates the AWS WAF rules in a Shield Advanced-managed rule group, inside the web ACL that you have associated with the resource.",
          "oneOf": [
            {
              "type": "object",
              "properties": {
                "Count": {
                  "description": "Specifies that Shield Advanced should configure its AWS WAF rules with the AWS WAF `Count` action.\nYou must specify exactly one action, either `Block` or `Count`.",
                  "type": "object",
                  "additionalProperties": false
                }
              },
              "additionalProperties": false
            },
            {
              "type": "object",
              "properties": {
                "Block": {
                  "description": "Specifies that Shield Advanced should configure its AWS WAF rules with the AWS WAF `Block` action.\nYou must specify exactly one action, either `Block` or `Count`.",
                  "type": "object",
                  "additionalProperties": false
                }
              },
              "additionalProperties": false
            }
          ]
        },
        "Status": {
          "oneOf": [
            {
              "type": "string",
              "enum": [
                "ENABLED",
                "DISABLED"
              ]
            },
            {
              "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString"
            }
          ],
          "description": "Indicates whether automatic application layer DDoS mitigation is enabled for the protection."
        }
      },
      "additionalProperties": false
    }
  },
  "required": [
    "Name",
    "ResourceArn"
  ]
}