[AWS] AWS Shield

AWS Shield is a managed service to protect DDoS (Distributed Denial of Service) attacks.

  • AWS Shield provides always-on detection and mitigation service to minimize application downtime and latency.

There are 2 tiers of AWS Shield.

AWS Shield Standard

  • It is automatically enabled for all AWS accounts for free.
  • You can use AWS Shield Standard with CloudFront and Route 53.
  • Protects against common layer 3 (Network) and layer 4 (Transport) security attacks
    • SYN/UDP floods
    • Reflection attacks

AWS Shield Advanced

  • It provides more enhanced protection (customized detection based on traffic patterns) for EC2, ELB, CloudFront, Route 53, and Global Accelerator.
    • Automated application (layer 7) traffic monitoring
  • Near real-time visibility into attacks through flow-based monitoring of network traffic.
  • Integration with AWS WAF (Web Application Firewall)
  • 24×7 access to the DDoS Response Team (DRT)
  • DDoS Cost protection against usage spikes a during DDoS attack

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s