{"slug":"iam-aws-shield","cloud":"aws","service":"shield","title":"AWS Shield (IAM)","description":"AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS.","category":"security","common_permissions":["shield:ListAttacks","shield:DescribeAttack","shield:ListProtections","shield:DescribeProtection","shield:CreateProtection","shield:DeleteProtection","shield:DescribeSubscription","shield:GetSubscriptionState"],"least_privilege_example":"{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"shield:ListAttacks\",\n        \"shield:DescribeAttack\",\n        \"shield:ListProtections\",\n        \"shield:DescribeProtection\",\n        \"shield:CreateProtection\",\n        \"shield:DeleteProtection\",\n        \"shield:DescribeSubscription\",\n        \"shield:GetSubscriptionState\"\n      ],\n      \"Resource\": \"*\"\n    }\n  ]\n}","warnings":["Avoid shield:* — grants full control including delete and modify operations.","Avoid shield:DeleteProtection — can remove DDoS protection from resources."],"docs":"https://servicereference.us-east-1.amazonaws.com/v1/shield/shield.json","tags":["iam","aws"],"last_verified":"2026-06-14T00:00:00.000Z","next_check":"2026-12-11T00:00:00.000Z","created_at":"2026-06-14T04:50:53.444Z","updated_at":"2026-06-14T04:50:53.444Z"}