AWS Shield, Network Firewall, and WAF

AWS Shield

AWS Shield is a service used to protect websites and applications against Distributed Denial of Service (DDoS) attacks, a type of cyberattack where target servers are flooded with traffic from a large number of compromised systems (bots). These systems bring the website down by overwhelming its server and consuming its resources, making it unable to handle legitimate connections. They can be hard to defend against because they often involve many devices spread across the internet so the attackers can’t be identified. AWS Shield offers two services, Standard and Advanced.

AWS Shield Standard

Let’s look at some key features:

• AWS Shield Standard is free and available to all AWS customers. It defends against the most common, frequently occurring network and transport layer (layers 3 and 4) DDoS attacks that target our website or applications.
• We can view all the events detected and mitigated by AWS Shield in our account.

AWS Shield Advanced

Let’s look at some key features:

• AWS Shield Advanced provides enhanced traffic monitoring and threat detection and mitigation for Elastic IP addresses, ELBs, AWS Global Accelerator, CloudFront, and Route 53 resources.
• It can handle attacks on layers 3, 4, and 7.
• It provides 24/7 access to the AWS DDoS Response Team. To contact the Response Team, the AWS account must have the enterprise or business support levels of AWS Premium Support. The DDoS Response Team can apply custom manual mitigations for complex and sophisticated attacks.
• AWS Shield Advanced is a paid service that costs $3,000 per month per organization.
• It allows us to view the history of all incidents in the last 13 months.
• It comes with a unique feature, “DDoS cost protection.” DDoS cost protection will protect AWS accounts from scaling charges (charges of any extra resources launched and used) resulting from a DDoS attack.