AWS Shield Documentation

AWS Shield is a managed distributed denial of service (DDoS) protection service that is designed to safeguard applications running on AWS. It provides detection and inline mitigations that help with application downtime and latency. There are two tiers of AWS Shield: Standard and Advanced.

AWS Shield Standard is designed to defend against common, frequently occurring network and transport layer DDoS attacks that target your website or applications.

Static threshold DDoS protection for underlying AWS services

AWS Shield Standard is designed to provide network flow monitoring that helps inspect incoming traffic to AWS services and apply a combination of traffic signatures, anomaly algorithms, and other analysis techniques to help detect malicious traffic. Shield Standard is designed to set static thresholds for each AWS resource type.

Inline review mitigation

Mitigation techniques are built into AWS Shield Standard and designed to help protect underlying AWS services against common, frequently occurring infrastructure events. Mitigations are designed to be applied inline to help protect AWS services.

AWS Shield Advanced is designed to provide higher levels of protection against attacks targeting your applications running on protected resources. Shield Advanced is designed to provide additional detection and mitigation against large and sophisticated DDoS attacks, visibility into attacks, and integration a web application firewall.

Detection based on application traffic patterns

AWS Shield Advanced is designed to provide detection based on traffic patterns to your protected Amazon resources. Using region- and resource-specific monitoring techniques, AWS Shield Advanced is designed to help detect and alert you of smaller DDoS attacks. AWS Shield Advanced is also designed to help detect application layer attacks like HTTP floods or DNS query floods.

Health-based detection

AWS Shield Advanced is designed to use the health of your applications to improve responsiveness and accuracy in attack detection and mitigation. You can define a health check and associate it with a resource that is protected by Shield Advanced. You can also apply health-based detection to resource types that Shield Advanced supports.

Event mitigation

AWS Shield Advanced is designed to provide mitigations for events targeting your applications running on protected resources. Using routing techniques, Shield Advanced is designed to deploy mitigation capacity to protect your application against DDoS events.

Application layer DDoS mitigation

AWS Shield Advanced is designed to protect web applications by mitigating application layer (L7) DDoS events.

Proactive event response

AWS Shield Advanced offers proactive engagement from the SRT when a DDoS event is detected. When you activate proactive engagement, the SRT is designed to contact you if a Route 53 health check associated with your protected resource becomes unhealthy during a DDoS event.

Protection groups

AWS Shield Advanced enabled you to bundle resources into protection groups. Reporting can also be consumed at the protection group level.

Visibility and attack notification

AWS Shield Advanced is designed to give you visibility into DDoS events with notification and diagnostics. You can also view a summary of prior events.

DDoS cost protection

AWS Shield Advanced is designed with DDoS cost protection to help avoid scaling charges resulting from DDoS-related usage spikes on protected resources.

Global availability

AWS Shield Advanced is designed to be available globally.

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.