Overview
A Distributed Denial of Service (DDoS) attack attempts to overwhelm a target with excessive traffic to make it unavailable. These can occur at:
- Layer 3/4 (Network/Transport): e.g., SYN floods, UDP floods, reflection attacks
- Layer 7 (Application): e.g., HTTP request floods
AWS Shield Standard
- Free and always on for all AWS customers
- Protects against common network and transport layer attacks
- Mitigates threats such as SYN floods, UDP floods, and reflection attacks
AWS Shield Advanced
- Paid subscription: $3,000/month per organization
- Provides enhanced DDoS protection for services like EC2, ELB, CloudFront, Global Accelerator, and Route 53
- Includes:
- 24/7 access to the AWS DDoS Response Team (DRT)
- Cost protection to prevent unexpected charges from DDoS-induced usage spikes
- Automated Layer 7 mitigation, with AWS WAF rules created and deployed in real time to counter application-layer attacks