Choose the AWS Region for the account where you want to run the automation.
Choose Execute Automation.
Enter the following values for the input parameters:
(Optional) AutomationAssumeRole: The ARN of the AWS Identity and Access Management (IAM) role that allows Systems Manager Automation to perform the actions on your behalf. If you don't specify a role, then Systems Manager Automation uses the permissions of the user that started the runbook.
(Optional) AssessmentType: The type of resources to evaluate for the DDoS resiliency assessment. By default, the runbook evaluates global and AWS Regional resources. S3BucketName: The name of the Amazon S3 bucket where you want to save the assessment report. S3BucketOwnerAccount: The ID of the AWS account that owns the Amazon S3 bucket. This is required only if the Amazon S3 belongs to an account other than the account that runs the automation.
(Optional) S3BucketPrefix: The prefix for the path in the Amazon S3 bucket where you want to store the report.
(Optional) S3BucketOwnerRoleArn: The ARN of an IAM role that has permissions to describe the Amazon S3 bucket. If the bucket is in a different account, then this role can also control the public access configuration. If you don't specify this parameter, then the runbook uses the AutomationAssumeRole or the IAM user that started the runbook.
Locate the Amazon S3 bucket URL in the Output section of the report.
Open the URL in a web browser to view the HTML assessment report file.
On the report, view the information about resources that have Shield Advanced Protection activated. To see additional information, choose a resource from the list.
To turn on Shield Advanced protection for resources, select Add Resources to Shield Protected List for the resource on the report.