AWS Shield is a managed service to protect DDoS (Distributed Denial of Service) attacks.
- AWS Shield provides always-on detection and mitigation service to minimize application downtime and latency.
There are 2 tiers of AWS Shield.
AWS Shield Standard
- It is automatically enabled for all AWS accounts for free.
- You can use AWS Shield Standard with CloudFront and Route 53.
- Protects against common layer 3 (Network) and layer 4 (Transport) security attacks
- SYN/UDP floods
- Reflection attacks
AWS Shield Advanced
- It provides more enhanced protection (customized detection based on traffic patterns) for EC2, ELB, CloudFront, Route 53, and Global Accelerator.
- Automated application (layer 7) traffic monitoring
- Near real-time visibility into attacks through flow-based monitoring of network traffic.
- Integration with AWS WAF (Web Application Firewall)
- 24×7 access to the DDoS Response Team (DRT)
- DDoS Cost protection against usage spikes a during DDoS attack