chore: add aws/shield metadata update to changelog

prowler/CHANGELOG.md

@@ -89,6 +89,8 @@ All notable changes to the **Prowler SDK** are documented in this file.
 - Update AWS ECS service metadata to new format [(#8888)](https://github.com/prowler-cloud/prowler/pull/8888)
 - Update AWS Kinesis service metadata to new format [(#9262)](https://github.com/prowler-cloud/prowler/pull/9262)
 - Update AWS DocumentDB service metadata to new format [(#8862)](https://github.com/prowler-cloud/prowler/pull/8862)
+- Update AWS Shield service metadata to new format [(#9427)](https://github.com/prowler-cloud/prowler/pull/9427)
+
 
 ### Fixed
 - Check `check_name` has no `resource_name` error for GCP provider [(#9169)](https://github.com/prowler-cloud/prowler/pull/9169)

prowler/providers/aws/services/shield/shield_advanced_protection_in_associated_elastic_ips/shield_advanced_protection_in_associated_elastic_ips.metadata.json

@@ -1,29 +1,39 @@
 {
   "Provider": "aws",
   "CheckID": "shield_advanced_protection_in_associated_elastic_ips",
-  "CheckTitle": "Check if Elastic IP addresses with associations are protected by AWS Shield Advanced.",
-  "CheckType": [],
+  "CheckTitle": "Elastic IP address is protected by AWS Shield Advanced",
+  "CheckType": [
+    "Software and Configuration Checks/AWS Security Best Practices/Network Reachability",
+    "Industry and Regulatory Standards/AWS Foundational Security Best Practices",
+    "Effects/Denial of Service"
+  ],
   "ServiceName": "shield",
   "SubServiceName": "",
   "ResourceIdTemplate": "",
   "Severity": "medium",
   "ResourceType": "AwsEc2Eip",
-  "Description": "Check if Elastic IP addresses with associations are protected by AWS Shield Advanced.",
-  "Risk": "AWS Shield Advanced provides expanded DDoS attack protection for your resources.",
-  "RelatedUrl": "https://docs.aws.amazon.com/waf/latest/developerguide/configure-new-protection.html",
+  "Description": "**Elastic IP addresses** are assessed for **AWS Shield Advanced** coverage by verifying they are listed as protected resources.",
+  "Risk": "Without **Shield Advanced**, internet-facing EIPs are more susceptible to **DDoS**, threatening **availability** and driving **cost** spikes.\n\nVolumetric or protocol floods can saturate bandwidth or exhaust connection state, disrupting services behind the EIP and slowing incident response.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://docs.aws.amazon.com/waf/latest/developerguide/configure-new-protection.html"
+  ],
   "Remediation": {
     "Code": {
-      "CLI": "",
-      "NativeIaC": "",
-      "Other": "",
-      "Terraform": ""
+      "CLI": "aws shield create-protection --name <example_resource_name> --resource-arn arn:aws:ec2:<REGION>:<ACCOUNT_ID>:elastic-ip/eipalloc-<ALLOCATION_ID>",
+      "NativeIaC": "```yaml\n# CloudFormation: Add Shield Advanced protection to an Elastic IP\nResources:\n  Protection:\n    Type: AWS::Shield::Protection\n    Properties:\n      Name: <example_resource_name>\n      ResourceArn: arn:aws:ec2:<REGION>:<ACCOUNT_ID>:elastic-ip/eipalloc-<ALLOCATION_ID>  # Critical: ARN of the Elastic IP to protect\n```",
+      "Other": "1. Open the AWS WAF & Shield console\n2. Go to AWS Shield > Protected resources\n3. Click Add resources to protect\n4. Select the Region and resource type: EC2 Elastic IP, then Load resources\n5. Select the target Elastic IP\n6. Click Protect with Shield Advanced",
+      "Terraform": "```hcl\n# Terraform: Add Shield Advanced protection to an Elastic IP\nresource \"aws_shield_protection\" \"<example_resource_name>\" {\n  name         = \"<example_resource_name>\"\n  resource_arn = \"arn:aws:ec2:<REGION>:<ACCOUNT_ID>:elastic-ip/eipalloc-<ALLOCATION_ID>\" # Critical: ARN of the Elastic IP to protect\n}\n```"
     },
     "Recommendation": {
-      "Text": "Add as a protected resource in AWS Shield Advanced.",
-      "Url": "https://docs.aws.amazon.com/waf/latest/developerguide/configure-new-protection.html"
+      "Text": "Register critical EIPs as **Shield Advanced protected resources**.\n\nApply **defense in depth**: minimize public exposure, use application-layer controls (WAF, rate limiting), monitor telemetry, and review protections regularly, aligning network access with **least privilege**.",
+      "Url": "https://hub.prowler.com/check/shield_advanced_protection_in_associated_elastic_ips"
     }
   },
-  "Categories": [],
+  "Categories": [
+    "resilience",
+    "threat-detection"
+  ],
   "DependsOn": [],
   "RelatedTo": [],
   "Notes": ""

prowler/providers/aws/services/shield/shield_advanced_protection_in_classic_load_balancers/shield_advanced_protection_in_classic_load_balancers.metadata.json

@@ -1,29 +1,41 @@
 {
   "Provider": "aws",
   "CheckID": "shield_advanced_protection_in_classic_load_balancers",
-  "CheckTitle": "Check if Classic Load Balancers are protected by AWS Shield Advanced.",
-  "CheckType": [],
+  "CheckTitle": "Classic Load Balancer is protected by AWS Shield Advanced",
+  "CheckType": [
+    "Software and Configuration Checks/AWS Security Best Practices/Network Reachability",
+    "Effects/Denial of Service"
+  ],
   "ServiceName": "shield",
   "SubServiceName": "",
   "ResourceIdTemplate": "",
   "Severity": "medium",
   "ResourceType": "AwsElbLoadBalancer",
-  "Description": "Check if Classic Load Balancers are protected by AWS Shield Advanced.",
-  "Risk": "AWS Shield Advanced provides expanded DDoS attack protection for your resources.",
-  "RelatedUrl": "https://docs.aws.amazon.com/waf/latest/developerguide/configure-new-protection.html",
+  "Description": "**Classic Load Balancers** are evaluated for association with **AWS Shield Advanced** as a protected resource.\n\nIdentifies load balancers without an active Shield Advanced protection when the subscription is enabled.",
+  "Risk": "Unprotected ELB Classic endpoints are more exposed to large L3/L4 DDoS (e.g., SYN/UDP floods), risking **availability loss** from connection exhaustion and failed health checks, plus operational impact from autoscaling and data transfer surges.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://boto3.amazonaws.com/v1/documentation/api/1.18.42/reference/services/shield.html",
+    "http://man.hubwiz.com/docset/Boto3.docset/Contents/Resources/Documents/reference/services/shield.html",
+    "https://www.stormit.cloud/blog/what-is-aws-shield-how-does-it-work/",
+    "https://docs.aws.amazon.com/waf/latest/developerguide/configure-new-protection.html"
+  ],
   "Remediation": {
     "Code": {
-      "CLI": "",
-      "NativeIaC": "",
-      "Other": "",
-      "Terraform": ""
+      "CLI": "aws shield create-protection --name <PROTECTION_NAME> --resource-arn <ELB_ARN>",
+      "NativeIaC": "```yaml\n# CloudFormation: Add Shield Advanced protection to a Classic Load Balancer\nResources:\n  <example_resource_name>:\n    Type: AWS::Shield::Protection\n    Properties:\n      Name: <example_resource_name>\n      ResourceArn: <example_resource_id>  # Critical: ARN of the Classic Load Balancer to protect\n```",
+      "Other": "1. In the AWS Console, open AWS WAF & Shield\n2. Go to Shield > Protected resources and click Add resources to protect\n3. Select the Region and resource type Classic Load Balancer, then Load resources\n4. Select your Classic Load Balancer and click Protect with Shield Advanced\n5. Confirm to create the protection",
+      "Terraform": "```hcl\n# Add Shield Advanced protection to a Classic Load Balancer\nresource \"aws_shield_protection\" \"<example_resource_name>\" {\n  name         = \"<example_resource_name>\"\n  resource_arn = \"<example_resource_id>\" # Critical: ARN of the Classic Load Balancer to protect\n}\n```"
     },
     "Recommendation": {
-      "Text": "Add as a protected resource in AWS Shield Advanced.",
-      "Url": "https://docs.aws.amazon.com/waf/latest/developerguide/configure-new-protection.html"
+      "Text": "Add internet-facing **Classic Load Balancers** as protected resources in **Shield Advanced** to strengthen DDoS resilience and cost protection.\n\nApply defense-in-depth: minimize public exposure, enforce least-privilege network access, enable health-based detection, and use protection groups.",
+      "Url": "https://hub.prowler.com/check/shield_advanced_protection_in_classic_load_balancers"
     }
   },
-  "Categories": [],
+  "Categories": [
+    "resilience",
+    "threat-detection"
+  ],
   "DependsOn": [],
   "RelatedTo": [],
   "Notes": ""

prowler/providers/aws/services/shield/shield_advanced_protection_in_cloudfront_distributions/shield_advanced_protection_in_cloudfront_distributions.metadata.json

@@ -1,29 +1,43 @@
 {
   "Provider": "aws",
   "CheckID": "shield_advanced_protection_in_cloudfront_distributions",
-  "CheckTitle": "Check if Cloudfront distributions are protected by AWS Shield Advanced.",
-  "CheckType": [],
+  "CheckTitle": "CloudFront distribution is protected by AWS Shield Advanced",
+  "CheckType": [
+    "Software and Configuration Checks/AWS Security Best Practices/Network Reachability",
+    "Effects/Denial of Service"
+  ],
   "ServiceName": "shield",
   "SubServiceName": "",
   "ResourceIdTemplate": "",
   "Severity": "medium",
   "ResourceType": "AwsCloudFrontDistribution",
-  "Description": "Check if Cloudfront distributions are protected by AWS Shield Advanced.",
-  "Risk": "AWS Shield Advanced provides expanded DDoS attack protection for your resources.",
-  "RelatedUrl": "https://docs.aws.amazon.com/waf/latest/developerguide/configure-new-protection.html",
+  "Description": "**CloudFront distributions** are associated with **AWS Shield Advanced** as protected resources.\n\nThe assessment identifies distributions that lack this protection mapping.",
+  "Risk": "Missing **Shield Advanced** leaves distributions exposed to large **DDoS** that degrade **availability** via L3/L4 floods and L7 request surges. Effects include edge saturation, latency, and outages, plus loss of **cost protection** and expert support, causing unexpected spend and longer recovery.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://reintech.io/blog/securing-cloudfront-distributions-aws-waf-shield",
+    "https://medium.com/@christopheradamson253/enhancing-application-security-with-aws-shield-advanced-bdd7990e01e1",
+    "https://www.stormit.cloud/blog/what-is-aws-shield-how-does-it-work/",
+    "https://aws.amazon.com/shield/pricing/",
+    "https://nadeeshaliyanage.hashnode.dev/understanding-aws-shield-a-beginners-guide",
+    "https://docs.aws.amazon.com/waf/latest/developerguide/configure-new-protection.html"
+  ],
   "Remediation": {
     "Code": {
-      "CLI": "",
-      "NativeIaC": "",
-      "Other": "",
-      "Terraform": ""
+      "CLI": "aws shield create-protection --region us-east-1 --name <example_resource_name> --resource-arn <example_resource_arn>",
+      "NativeIaC": "```yaml\n# CloudFormation: Add Shield Advanced protection to a CloudFront distribution\nResources:\n  ShieldProtection:\n    Type: AWS::Shield::Protection\n    Properties:\n      Name: <example_resource_name>\n      ResourceArn: <example_resource_arn>  # Critical: associates Shield Advanced protection with the CloudFront distribution ARN\n```",
+      "Other": "1. In the AWS Console, open WAF & Shield\n2. Go to AWS Shield > Protected resources\n3. Click Add resources to protect\n4. Set Scope to Global and select CloudFront distributions, then Load resources\n5. Select the target distribution\n6. Click Protect with Shield Advanced",
+      "Terraform": "```hcl\n# Add Shield Advanced protection to a CloudFront distribution\nresource \"aws_shield_protection\" \"example\" {\n  name         = \"<example_resource_name>\"\n  resource_arn = \"<example_resource_arn>\"  # Critical: associates Shield Advanced protection with the CloudFront distribution ARN\n}\n```"
     },
     "Recommendation": {
-      "Text": "Add as a protected resource in AWS Shield Advanced.",
-      "Url": "https://docs.aws.amazon.com/waf/latest/developerguide/configure-new-protection.html"
+      "Text": "Enroll critical CloudFront distributions in **AWS Shield Advanced** and keep them listed as protected resources.\n\nAdopt layered defense: **AWS WAF**, rate limiting, and continuous monitoring. Maintain DDoS runbooks and use DRT support. Apply **least privilege** to who can modify protections.",
+      "Url": "https://hub.prowler.com/check/shield_advanced_protection_in_cloudfront_distributions"
     }
   },
-  "Categories": [],
+  "Categories": [
+    "resilience",
+    "threat-detection"
+  ],
   "DependsOn": [],
   "RelatedTo": [],
   "Notes": ""

prowler/providers/aws/services/shield/shield_advanced_protection_in_global_accelerators/shield_advanced_protection_in_global_accelerators.metadata.json

@@ -1,29 +1,39 @@
 {
   "Provider": "aws",
   "CheckID": "shield_advanced_protection_in_global_accelerators",
-  "CheckTitle": "Check if Global Accelerators are protected by AWS Shield Advanced.",
-  "CheckType": [],
+  "CheckTitle": "Global Accelerator accelerator is protected by AWS Shield Advanced",
+  "CheckType": [
+    "Software and Configuration Checks/AWS Security Best Practices",
+    "Effects/Denial of Service"
+  ],
   "ServiceName": "shield",
   "SubServiceName": "",
   "ResourceIdTemplate": "",
   "Severity": "medium",
   "ResourceType": "Other",
-  "Description": "Check if Global Accelerators are protected by AWS Shield Advanced.",
-  "Risk": "AWS Shield Advanced provides expanded DDoS attack protection for your resources.",
-  "RelatedUrl": "https://docs.aws.amazon.com/waf/latest/developerguide/configure-new-protection.html",
+  "Description": "**AWS Global Accelerator** accelerators are assessed for enrollment in **Shield Advanced** as `protected resources`, indicating whether enhanced DDoS coverage is configured for each accelerator.",
+  "Risk": "Without **Shield Advanced**, Global Accelerators are more vulnerable to volumetric and protocol **DDoS** that can exhaust capacity, causing **availability** loss, elevated **latency**, and disrupted failover. Limited visibility and no SRT support prolong incidents and can trigger unexpected **cost** spikes from malicious traffic.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html",
+    "https://docs.aws.amazon.com/waf/latest/developerguide/configure-new-protection.html"
+  ],
   "Remediation": {
     "Code": {
-      "CLI": "",
-      "NativeIaC": "",
-      "Other": "",
-      "Terraform": ""
+      "CLI": "aws shield create-protection --name <example_resource_name> --resource-arn <example_resource_id>",
+      "NativeIaC": "```yaml\n# CloudFormation: Add Shield Advanced protection to a Global Accelerator accelerator\nResources:\n  ShieldProtection:\n    Type: AWS::Shield::Protection\n    Properties:\n      Name: <example_resource_name>\n      ResourceArn: <example_resource_id>  # Critical: ARN of the Global Accelerator accelerator to protect\n```",
+      "Other": "1. In the AWS Console, open AWS WAF & Shield\n2. Under AWS Shield, select Protected resources\n3. Click Add resources to protect\n4. Set Scope to Global and select the Global Accelerator resource type\n5. Select the target accelerator and click Protect with Shield Advanced",
+      "Terraform": "```hcl\n# Enable Shield Advanced protection for a Global Accelerator accelerator\nresource \"aws_shield_protection\" \"protection\" {\n  name         = \"<example_resource_name>\"\n  resource_arn = \"<example_resource_id>\"  # Critical: ARN of the Global Accelerator accelerator to protect\n}\n```"
     },
     "Recommendation": {
-      "Text": "Add as a protected resource in AWS Shield Advanced.",
-      "Url": "https://docs.aws.amazon.com/waf/latest/developerguide/configure-new-protection.html"
+      "Text": "Add each Global Accelerator as a `protected resource` in **Shield Advanced**. Apply **defense in depth** with AWS WAF where applicable, enable proactive monitoring and alerting, and use **Firewall Manager** to enforce coverage across accounts. Follow **least privilege** to restrict who can modify protections.",
+      "Url": "https://hub.prowler.com/check/shield_advanced_protection_in_global_accelerators"
     }
   },
-  "Categories": [],
+  "Categories": [
+    "resilience",
+    "threat-detection"
+  ],
   "DependsOn": [],
   "RelatedTo": [],
   "Notes": ""

prowler/providers/aws/services/shield/shield_advanced_protection_in_internet_facing_load_balancers/shield_advanced_protection_in_internet_facing_load_balancers.metadata.json

@@ -1,29 +1,43 @@
 {
   "Provider": "aws",
   "CheckID": "shield_advanced_protection_in_internet_facing_load_balancers",
-  "CheckTitle": "Check if internet-facing Application Load Balancers are protected by AWS Shield Advanced.",
-  "CheckType": [],
+  "CheckTitle": "Internet-facing Application Load Balancer is protected by AWS Shield Advanced",
+  "CheckType": [
+    "Software and Configuration Checks/AWS Security Best Practices/Network Reachability",
+    "Effects/Denial of Service"
+  ],
   "ServiceName": "shield",
   "SubServiceName": "",
   "ResourceIdTemplate": "",
   "Severity": "medium",
   "ResourceType": "AwsElbv2LoadBalancer",
-  "Description": "Check if internet-facing Application Load Balancers are protected by AWS Shield Advanced.",
-  "Risk": "AWS Shield Advanced provides expanded DDoS attack protection for your resources.",
-  "RelatedUrl": "https://docs.aws.amazon.com/waf/latest/developerguide/configure-new-protection.html",
+  "Description": "**Application Load Balancers** that are **internet-facing** are evaluated for an associated **AWS Shield Advanced** protection. Scope includes ALBs of type application with external exposure.",
+  "Risk": "Without enhanced DDoS protection, internet-facing ALBs are exposed to volumetric L3/L4 floods and HTTP L7 floods, compromising **availability** via outages and latency spikes. Sudden scaling can raise **costs**, while reduced visibility and response support extend disruption across dependent services.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://aws.amazon.com/documentation-overview/shield/",
+    "https://wpyoga.dev/boto3-docs-reformat/html/reference/services/shield.html",
+    "http://man.hubwiz.com/docset/Boto3.docset/Contents/Resources/Documents/reference/services/shield.html",
+    "https://www.slideshare.net/slideshow/announcing-aws-shield-protect-web-applications-from-ddos-attacks/70237520",
+    "https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/shield/client/create_protection.html",
+    "https://docs.aws.amazon.com/waf/latest/developerguide/configure-new-protection.html"
+  ],
   "Remediation": {
     "Code": {
-      "CLI": "",
-      "NativeIaC": "",
-      "Other": "",
-      "Terraform": ""
+      "CLI": "aws shield create-protection --name <ALB_NAME> --resource-arn <ALB_ARN>",
+      "NativeIaC": "```yaml\nResources:\n  ShieldProtection:\n    Type: AWS::Shield::Protection\n    Properties:\n      Name: \"<example_resource_name>\"\n      ResourceArn: \"<example_resource_id>\" # CRITICAL: Set to the ALB ARN to enable Shield Advanced protection for it\n```",
+      "Other": "1. In the AWS Console, open AWS WAF & Shield\n2. Go to Shield > Protected resources\n3. Click Add resources to protect\n4. Select the Region and resource type Application Load Balancer\n5. Select your internet-facing ALB\n6. Click Protect with Shield Advanced",
+      "Terraform": "```hcl\nresource \"aws_shield_protection\" \"protect\" {\n  name         = \"<example_resource_name>\"\n  resource_arn = \"<example_resource_id>\" # CRITICAL: ALB ARN; creating this enables Shield Advanced on the ALB\n}\n```"
     },
     "Recommendation": {
-      "Text": "Add as a protected resource in AWS Shield Advanced.",
-      "Url": "https://docs.aws.amazon.com/waf/latest/developerguide/configure-new-protection.html"
+      "Text": "Register internet-facing ALBs as **Shield Advanced protected resources** to strengthen **availability**. Use defense-in-depth: pair with **AWS WAF** for L7 filtering and rate limits, group related assets, enable health-based detection and proactive engagement, and enforce least-privilege IAM with continuous monitoring.",
+      "Url": "https://hub.prowler.com/check/shield_advanced_protection_in_internet_facing_load_balancers"
     }
   },
-  "Categories": [],
+  "Categories": [
+    "internet-exposed",
+    "resilience"
+  ],
   "DependsOn": [],
   "RelatedTo": [],
   "Notes": ""

prowler/providers/aws/services/shield/shield_advanced_protection_in_route53_hosted_zones/shield_advanced_protection_in_route53_hosted_zones.metadata.json

@@ -1,29 +1,39 @@
 {
   "Provider": "aws",
   "CheckID": "shield_advanced_protection_in_route53_hosted_zones",
-  "CheckTitle": "Check if Route53 hosted zones are protected by AWS Shield Advanced.",
-  "CheckType": [],
+  "CheckTitle": "Route53 hosted zone is protected by AWS Shield Advanced",
+  "CheckType": [
+    "Software and Configuration Checks/AWS Security Best Practices/Network Reachability",
+    "Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices",
+    "Effects/Denial of Service"
+  ],
   "ServiceName": "shield",
   "SubServiceName": "",
   "ResourceIdTemplate": "",
   "Severity": "medium",
   "ResourceType": "AwsRoute53HostedZone",
-  "Description": "Check if Route53 hosted zones are protected by AWS Shield Advanced.",
-  "Risk": "AWS Shield Advanced provides expanded DDoS attack protection for your resources.",
-  "RelatedUrl": "https://docs.aws.amazon.com/waf/latest/developerguide/configure-new-protection.html",
+  "Description": "**Route 53 hosted zones** have an active **AWS Shield Advanced** protection registered to the zone's `ARN`.",
+  "Risk": "Without **Shield Advanced**, authoritative DNS is vulnerable to:\n- **Volumetric/reflection** floods\n- **Query/application** layer attacks\n\nEffects: disrupted resolution and app outages (**availability**), latency spikes, and unexpected cost from attack traffic.",
+  "RelatedUrl": "",
+  "AdditionalURLs": [
+    "https://repost.aws/it/questions/QUrhpRSVWDQFGx9nuRBHMaXg/shield-advanced-for-route53-delegated-subdomains",
+    "https://docs.aws.amazon.com/waf/latest/developerguide/configure-new-protection.html"
+  ],
   "Remediation": {
     "Code": {
-      "CLI": "",
-      "NativeIaC": "",
-      "Other": "",
-      "Terraform": ""
+      "CLI": "aws shield create-protection --name <example_resource_name> --resource-arn arn:aws:route53:::hostedzone/<example_resource_id>",
+      "NativeIaC": "```yaml\n# CloudFormation: Add Shield Advanced protection to a Route53 hosted zone\nResources:\n  <example_resource_name>:\n    Type: AWS::Shield::Protection\n    Properties:\n      ResourceArn: arn:aws:route53:::hostedzone/<example_resource_id>  # Critical: Protects the hosted zone with Shield Advanced\n```",
+      "Other": "1. Open the AWS WAF & Shield console\n2. Go to AWS Shield > Protected resources\n3. Click Add resources to protect\n4. Set Scope to Global and select resource type: Amazon Route 53 Hosted Zone\n5. Select the hosted zone and click Protect with Shield Advanced",
+      "Terraform": "```hcl\n# Add Shield Advanced protection to a Route53 hosted zone\nresource \"aws_shield_protection\" \"<example_resource_name>\" {\n  name         = \"<example_resource_name>\"\n  resource_arn = \"arn:aws:route53:::hostedzone/<example_resource_id>\"  # Critical: Protects the hosted zone with Shield Advanced\n}\n```"
     },
     "Recommendation": {
-      "Text": "Add as a protected resource in AWS Shield Advanced.",
-      "Url": "https://docs.aws.amazon.com/waf/latest/developerguide/configure-new-protection.html"
+      "Text": "Add critical **Route 53 hosted zones** as **Shield Advanced protected resources** to apply managed DDoS safeguards. Follow **defense in depth**: limit DNS exposure, enforce least-privilege for protection changes, monitor traffic baselines, and prepare incident runbooks with clear escalation to speed response.",
+      "Url": "https://hub.prowler.com/check/shield_advanced_protection_in_route53_hosted_zones"
     }
   },
-  "Categories": [],
+  "Categories": [
+    "resilience"
+  ],
   "DependsOn": [],
   "RelatedTo": [],
   "Notes": ""