AWS Shield Advanced Enablement - DRT Role

[dawsonpaul]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

AWS Terraform Provider doesn’t yet have the function to associate the created shield DRT role with Advanced Shield.

This was raised here some time ago but remains outstanding. It is not possible to complete the Advanced Shield setup without doing this manually in the console

1. 'Configure AWS SRT Support' :

2. Manually configure final step (missing from the provider):

or with:

aws shield associate-drt-role --role-arn arn:aws:iam::XXXXXXXXXXXX:role/shield-drt-role

The $3000 pcm cost of enabling the Shield Advanced service may be prohibitive to its development. As we have Advanced Shield requirement for hundreds of sub-accounts and need this functionality within the organisation, I am happy to work with anyone in developing and testing the provider.

New or Affected Resource(s)

• aws_shield_drt_role_association

Potential Terraform Configuration

resource "aws_shield_drt_role_association" "shield_drt" {
  role_arn = "${aws_iam_role.shield_drt.arn}"
}

References

*#10319

[wfgamal]

i have the same issue, trying to attach the role with terraform but can't.

[moopsha]

Is there any update on this issue?
I'm trying to automate shield advanced setup using terraform, but there is no proper documentation available.

[UrfTheManatee]

Is there any update on this?

[ewbankkit]

Closed via #33328.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.