AWS Shield provides always-on detection and automatic inline mitigations to minimize application downtime and latency to protect against Distributed Denial of Service (DDoS) attacks.
2 Tiers of AWS Shield
There are 2 tiers to the service, depending on the protection and support needs: Standard, and Advanced.
The Standard tier is automatically on, and protects your web application against 96% of common DDoS attacks, such as HTTP slow reads and volumetric attacks.
- Defends against most common network and transport layer DDoS attacks
- Use with CloudFront and Route 53 to have comprehensive availability protection against all known infrastructure attacks (Layer 3 and 4)
- For higher level protections against EC2, ELB, CloudFront, and Route 53
- Network and transport layer protections (Standard)
- Automated application traffic monitoring (Layer 7)
- Detection and mitigation against sophisticated and large DDoS attacks, near real-time visibility into them, and integration with WAF
- 24×7 access to AWS DDoS Response Team (DRT)
- Financial protection against DDoS related spikes in charges to EC2, ELB, CloudFront, and Route 53
Currently, you can enable the Advanced support directly on Elastic IP or ELB in Northern Virginia, Oregon, Ireland, Tokyo, and Northern California.
You can enable this tier by going to “AWS WAF and AWS Shield” Management console and applying the protection to desired services.
- AWS Shield (AWS)