AWS Shield

A managed Distributed Denial of Service (DDoS) protection service. It detects and automatically mitigates attacks that could potentially result in downtime for your application.

  A DDoS attack results in increased traffic for your EC2 instances, Elastic Load Balancer, Route 53, or CloudFront. As a result, these services would need to scale up resources to cope with the increased traffic. A DDoS attack usually happens when multiple systems are compromised or infected with a Trojan flooding a target system with an intention to deny a service to intended users by generating traffic and shutting down a resource so it cannot serve more requests.

AWS Shield has two tiers: Standard and Advanced. All protection under the AWS Shield Standard option is available to all AWS customers by default, without any additional charge. The AWS Shield Advanced option is available to customers with business and enterprise support at an additional charge. The advanced option provides protection against more sophisticated attacks on your AWS resources, such as an EC2 instance, ELB, and so on. The following figure shows AWS Shield tiers:

Shield – Advanced versus Standard

  • Cost efficient: AWS provides free protection against network layer attacks for all its customers through AWS Shield Standard. With AWS Shield Advanced, you get protection against DDoS Cost Escalation, which prevents your cost going up in case of DDoS attacks. However, if you are billed for any of your AWS resource usage due to a DDoS attack, you can request credits from AWS through the AWS support channel.

Summary

This was meant to be a quick recap of AWS DDOS Protection options. For a private consultation, please Contact AWS Security Architect