2019/07/22 - AWS Shield - 1 updated api methods
Changes Update shield client to latest version
{'Attack': {'AttackProperties': {'AttackPropertyIdentifier': {'WORDPRESS_PINGBACK_REFLECTOR',
'WORDPRESS_PINGBACK_SOURCE'}}}}
Describes the details of a DDoS attack.
See also: AWS API Documentation
Request Syntax
client.describe_attack(
AttackId='string'
)
string
[REQUIRED]
The unique identifier (ID) for the attack that to be described.
dict
Response Syntax
{
'Attack': {
'AttackId': 'string',
'ResourceArn': 'string',
'SubResources': [
{
'Type': 'IP'|'URL',
'Id': 'string',
'AttackVectors': [
{
'VectorType': 'string',
'VectorCounters': [
{
'Name': 'string',
'Max': 123.0,
'Average': 123.0,
'Sum': 123.0,
'N': 123,
'Unit': 'string'
},
]
},
],
'Counters': [
{
'Name': 'string',
'Max': 123.0,
'Average': 123.0,
'Sum': 123.0,
'N': 123,
'Unit': 'string'
},
]
},
],
'StartTime': datetime(2015, 1, 1),
'EndTime': datetime(2015, 1, 1),
'AttackCounters': [
{
'Name': 'string',
'Max': 123.0,
'Average': 123.0,
'Sum': 123.0,
'N': 123,
'Unit': 'string'
},
],
'AttackProperties': [
{
'AttackLayer': 'NETWORK'|'APPLICATION',
'AttackPropertyIdentifier': 'DESTINATION_URL'|'REFERRER'|'SOURCE_ASN'|'SOURCE_COUNTRY'|'SOURCE_IP_ADDRESS'|'SOURCE_USER_AGENT'|'WORDPRESS_PINGBACK_REFLECTOR'|'WORDPRESS_PINGBACK_SOURCE',
'TopContributors': [
{
'Name': 'string',
'Value': 123
},
],
'Unit': 'BITS'|'BYTES'|'PACKETS'|'REQUESTS',
'Total': 123
},
],
'Mitigations': [
{
'MitigationName': 'string'
},
]
}
}
Response Structure
(dict) --
Attack (dict) --
The attack that is described.
AttackId (string) --
The unique identifier (ID) of the attack.
ResourceArn (string) --
The ARN (Amazon Resource Name) of the resource that was attacked.
SubResources (list) --
If applicable, additional detail about the resource being attacked, for example, IP address or URL.
(dict) --
The attack information for the specified SubResource.
Type (string) --
The SubResource type.
Id (string) --
The unique identifier (ID) of the SubResource.
AttackVectors (list) --
The list of attack types and associated counters.
(dict) --
A summary of information about the attack.
VectorType (string) --
The attack type, for example, SNMP reflection or SYN flood.
VectorCounters (list) --
The list of counters that describe the details of the attack.
(dict) --
The counter that describes a DDoS attack.
Name (string) --
The counter name.
Max (float) --
The maximum value of the counter for a specified time period.
Average (float) --
The average value of the counter for a specified time period.
Sum (float) --
The total of counter values for a specified time period.
N (integer) --
The number of counters for a specified time period.
Unit (string) --
The unit of the counters.
Counters (list) --
The counters that describe the details of the attack.
(dict) --
The counter that describes a DDoS attack.
Name (string) --
The counter name.
Max (float) --
The maximum value of the counter for a specified time period.
Average (float) --
The average value of the counter for a specified time period.
Sum (float) --
The total of counter values for a specified time period.
N (integer) --
The number of counters for a specified time period.
Unit (string) --
The unit of the counters.
StartTime (datetime) --
The time the attack started, in Unix time in seconds. For more information see timestamp.
EndTime (datetime) --
The time the attack ended, in Unix time in seconds. For more information see timestamp.
AttackCounters (list) --
List of counters that describe the attack for the specified time period.
(dict) --
The counter that describes a DDoS attack.
Name (string) --
The counter name.
Max (float) --
The maximum value of the counter for a specified time period.
Average (float) --
The average value of the counter for a specified time period.
Sum (float) --
The total of counter values for a specified time period.
N (integer) --
The number of counters for a specified time period.
Unit (string) --
The unit of the counters.
AttackProperties (list) --
The array of AttackProperty objects.
(dict) --
Details of the described attack.
AttackLayer (string) --
The type of distributed denial of service (DDoS) event that was observed. NETWORK indicates layer 3 and layer 4 events and APPLICATION indicates layer 7 events.
AttackPropertyIdentifier (string) --
Defines the DDoS attack property information that is provided. The WORDPRESS_PINGBACK_REFLECTOR and WORDPRESS_PINGBACK_SOURCE values are valid only for WordPress reflective pingback DDoS attacks.
TopContributors (list) --
The array of Contributor objects that includes the top five contributors to an attack.
(dict) --
A contributor to the attack and their contribution.
Name (string) --
The name of the contributor. This is dependent on the AttackPropertyIdentifier. For example, if the AttackPropertyIdentifier is SOURCE_COUNTRY, the Name could be United States.
Value (integer) --
The contribution of this contributor expressed in Protection units. For example 10,000.
Unit (string) --
The unit of the Value of the contributions.
Total (integer) --
The total contributions made to this attack by all contributors, not just the five listed in the TopContributors list.
Mitigations (list) --
List of mitigation actions taken for the attack.
(dict) --
The mitigation applied to a DDoS attack.
MitigationName (string) --
The name of the mitigation taken for this attack.