In this section, we will learn the details of DDOS and AWS Shield. Here, AWS Shield is a managed Distributed Denial of Solution (DDoS) prevention service for Amazon Web Services (AWS) applications. However, there is no need to contact AWS Support to benefit from DDoS protection since AWS Shield delivers always-on monitoring and automated inline mitigations that minimize application downtime and latency. Further, AWS Shield is divided into two categories: Standard and Advanced.

  • It is a managed DDoS protection service
  • Protects against
    • Volumetric attacks
    • Application and network attacks
    • State-exhaustion or protocol attacks
    • User Datagram Protocol (UDP) reflection attacks
    • SYN flood
    • DNS query flood
    • HTTP flood/cache-busting (layer 7) attacks
  • Available in two tiers: Standard and Advanced.
  • Shield Standard version provides
    • on detection and inline mitigation techniques
    • deterministic packet filtering and priority-based traffic shaping are provided
    • included automatically to ELB load balancers, CloudFront and Route 53 resources, free of cost
  • Shield Advanced version provides
    • access to near real-time metrics and reports
    • gives detailed reporting into infrastructure layer and application layer DDoS attacks.
    • granular detection of DDoSattacks like detect HTTP floods or DNS query floods.
    • includes 24×7 access to AWS DDoS Response Team (DRT)
  • Directly create or update AWS WAF rules
  • Receive improvements to AWS architectures
  • Combine with WAF metrics for comprehensive CloudWatch monitoring and alarming strategy.
DDOS and aws shield

Check here for more.

Menu