adding a custom domain name to an api gateway via cloudformation. see template below, resource include hosted zone, ssl certificate ... is it possible to aws shield to route 53 .
route53HostedZone:
Type: AWS::Route53::HostedZone
Properties:
HostedZoneName: !Ref Domain
....
cert:
Type: AWS::CertificateManager::Certificate
Properties:
DomainName: !Ref Domain
ValidationMethod: DNS
Alias:
Type: AWS::Route53::Recordset
Properties:
Type: A
Name: !Ref Domain
AliasTarget:
DNSName: !GetAtt ApiConfig
...
ApiConfig:
Type: AWS::ApiGateway::DomainName
Properties:
RegionalCertificateArn:
Ref: cert
DomainName:
Ref: !Ref Domain
....
Shield Standard is enabled by dafeult and you don't have to do anything to use it in your CFN. From docs:
All AWS customers benefit from the automatic protections of AWS Shield Standard, at no additional charge.