|
| 1 | +--- |
| 2 | +title: "Shield" |
| 3 | +linkTitle: "Shield" |
| 4 | +description: Get started with Shield on LocalStack |
| 5 | +--- |
| 6 | + |
| 7 | +## Introduction |
| 8 | + |
| 9 | +Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. |
| 10 | +Shield provides always-on detection and inline mitigations that minimize application downtime and latency, by protecting users from L4, L7 and most common L3, L4 network and transport layer DDoS attacks. |
| 11 | +Shield detection and mitigation is designed to protect against threats, including ones that are not known to the service at the time of detection. |
| 12 | + |
| 13 | +LocalStack allows you to use the Shield APIs in your local environment, and provides a simple way to mock and test the Shield service locally. |
| 14 | +The supported APIs are available on our [API coverage page](https://docs.localstack.cloud/references/coverage/coverage_shield/), which provides information on the extent of Shield's integration with LocalStack. |
| 15 | + |
| 16 | +## Getting Started |
| 17 | + |
| 18 | +This guide is designed for users new to Shield and assumes basic knowledge of the AWS CLI and our [`awslocal`](https://github.com/localstack/awscli-local) wrapper script. |
| 19 | + |
| 20 | +Start your LocalStack container using your preferred method. |
| 21 | +We will demonstrate how to create a Shield protection, list all protections, and delete a protection with the AWS CLI. |
| 22 | + |
| 23 | +### Create a Shield Protection |
| 24 | + |
| 25 | +To create a Shield protection, use the [`CreateProtection`](https://docs.aws.amazon.com/cli/latest/reference/shield/create-protection.html) API. |
| 26 | +The following command creates a Shield protection for a resource: |
| 27 | + |
| 28 | +{{< command >}} |
| 29 | +$ awslocal shield create-protection \ |
| 30 | + --name "my-protection" \ |
| 31 | + --resource-arn "arn:aws:elasticloadbalancing:us-east-1:000000000000:loadbalancer/app/my-alb/1234567890" |
| 32 | +{{< /command >}} |
| 33 | + |
| 34 | +The output should look similar to the following: |
| 35 | + |
| 36 | +```bash |
| 37 | +{ |
| 38 | + "ProtectionId": "67908d33-16c0-443d-820a-31c02c4d5976" |
| 39 | +} |
| 40 | +``` |
| 41 | + |
| 42 | +### List all Protections |
| 43 | + |
| 44 | +To list all Shield protections, use the [`ListProtections`](https://docs.aws.amazon.com/cli/latest/reference/shield/list-protections.html) API. |
| 45 | +The following command lists all Shield protections: |
| 46 | + |
| 47 | +{{< command >}} |
| 48 | +$ awslocal shield list-protections |
| 49 | +{{< /command >}} |
| 50 | + |
| 51 | +The output should look similar to the following: |
| 52 | + |
| 53 | +```bash |
| 54 | +{ |
| 55 | + "Protections": [ |
| 56 | + { |
| 57 | + "Id": "67908d33-16c0-443d-820a-31c02c4d5976", |
| 58 | + "Name": "my-protection", |
| 59 | + "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:000000000000:loadbalancer/app/my-alb/1234567890", |
| 60 | + "ProtectionArn": "arn:aws:shield::000000000000:protection/67908d33-16c0-443d-820a-31c02c4d5976" |
| 61 | + } |
| 62 | + ] |
| 63 | +} |
| 64 | +``` |
| 65 | + |
| 66 | +### Describe a Protection |
| 67 | + |
| 68 | +To describe a Shield protection, use the [`DescribeProtection`](https://docs.aws.amazon.com/cli/latest/reference/shield/describe-protection.html) API. |
| 69 | +The following command describes a Shield protection: |
| 70 | + |
| 71 | +{{< command >}} |
| 72 | +$ awslocal shield describe-protection \ |
| 73 | + --protection-id "67908d33-16c0-443d-820a-31c02c4d5976" |
| 74 | +{{< /command >}} |
| 75 | + |
| 76 | +Replace the protection ID with the ID of the protection you want to describe. |
| 77 | +The output should look similar to the following: |
| 78 | + |
| 79 | +```bash |
| 80 | +{ |
| 81 | + "Protection": { |
| 82 | + "Id": "67908d33-16c0-443d-820a-31c02c4d5976", |
| 83 | + "Name": "my-protection", |
| 84 | + "ResourceArn": "arn:aws:elasticloadbalancing:us-east-1:000000000000:loadbalancer/app/my-alb/1234567890", |
| 85 | + "ProtectionArn": "arn:aws:shield::000000000000:protection/67908d33-16c0-443d-820a-31c02c4d5976" |
| 86 | + } |
| 87 | +} |
| 88 | +``` |
| 89 | + |
| 90 | +### Delete a Protection |
| 91 | + |
| 92 | +To delete a Shield protection, use the [`DeleteProtection`](https://docs.aws.amazon.com/cli/latest/reference/shield/delete-protection.html) API. |
| 93 | +The following command deletes a Shield protection: |
| 94 | + |
| 95 | +{{< command >}} |
| 96 | +$ awslocal shield delete-protection \ |
| 97 | + --protection-id "67908d33-16c0-443d-820a-31c02c4d5976" |
| 98 | +{{< /command >}} |
| 99 | + |
| 100 | +## Current Limitations |
| 101 | + |
| 102 | +Shield Config is currently mocked in LocalStack. |
| 103 | +You can create, read, update, and delete Shield protections & subscriptions, but the actual protection or subscription is not applied to any resources. |
| 104 | +If you need this feature, please consider opening a [feature request on GitHub](https://github.com/localstack/localstack/issues/new). |
0 commit comments