Shield
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. It provides two tiers of protection:
AWS Shield Standard
Automatically included at no extra cost for all AWS customers
Protects against common, frequently occurring network and transport layer DDoS attacks
Integrated with services like:
Amazon CloudFront
Amazon Route 53
Elastic Load Balancing (ELB)
AWS Global Accelerator
Provides always-on detection and automatic inline mitigations.
AWS Shield Advanced
Premium DDoS protection service (additional cost)
Enhanced protection features:
Protection against larger and more sophisticated attacks
Real-time visibility into attacks
Integration with AWS WAF (Web Application Firewall)
24x7 access to AWS DDoS Response Team (DRT)
Financial protection against DDoS-related spikes in charges
Key Benefits
Cost Efficiency:
Standard tier included free
Advanced tier includes cost protection against usage spikes
Integration:
Seamless integration with other AWS services
Works with AWS WAF for enhanced security
CloudWatch metrics for monitoring
Expertise:
Access to AWS DRT (Advanced tier)
AWS-recommended DDoS resilient architectures
Proactive mitigation of complex attacks
Protection Types:
Layer 3 (Network) protection
Layer 4 (Transport) protection
Layer 7 (Application) protection (with Advanced)
Protection against both known and emerging threats
Common Use Cases
Protecting web applications
Safeguarding DNS services
Securing gaming servers
Protecting enterprise applications
APIs and microservices protection
Best Practices
Enable AWS Shield Standard for basic protection
Consider Advanced for:
Business-critical applications
Applications requiring 24/7 availability
Systems processing sensitive transactions
Combine with AWS WAF for comprehensive protection
Implement DDoS-resilient architecture
Regular monitoring and testing of protection measures
Last updated
Was this helpful?