AWS Shield Adds Advanced DDoS Protection for EC2 and Network Load Balancer
Starting today, you can now use AWS Shield Advanced to get higher levels of protection for your applications running on Amazon Elastic Compute Cloud (EC2) or Network Load Balancer (NLB) against Distributed Denial of Service (DDoS) attacks. Simply enable AWS Shield Advanced on an AWS Elastic IP address attached to an internet-facing EC2 instance or NLB. AWS Shield Advanced will automatically detect the type of AWS resource behind the Elastic IP address and apply the relevant DDoS protections.
AWS Shield Advanced previously protected HTTP/TCP applications running on Amazon CloudFront, Elastic Load Balancing, and Amazon Route 53. For non-TCP based applications (for instance, UDP or SIP) that had to run on EC2 or NLB, AWS Shield Standard provided the protection against most common infrastructure layer DDoS attacks. Now, with AWS Shield Advanced on Elastic IP, you get the benefits of AWS Shield Advanced for internet-facing application running directly on EC2, including additional detection and mitigation against large and sophisticated DDoS attacks, near-real-time attack visibility, access to Amazon’s 24x7 DDoS Response Team (DRT), and economic protections against DDoS-related spikes in your EC2 or NLB charges. Working with DRT, you can define custom DDoS mitigation profiles for your applications to ensure optimal response to current or future attacks.
With this release, AWS Shield Advanced customers also gain access to new, near-real time reports and CloudWatch metrics that provide deeper insight into DDoS attack vectors. For infrastructure layer attacks, you see which IPs, ASNs, or countries are the top sources of attack traffic. For application layer attacks, you can get visibility into top referrers, destination URLs and user-agents that sourced the attack. This allows you to craft effective mitigations in AWS WAF or seek DRT help in deploying custom mitigations. We have also updated the recently announced global threat environment dashboard to give you better awareness of the global DDoS environment, including attacks by region and the overall size and frequency of attacks across AWS.
Prices for AWS Shield Advanced for EC2 and NLB are the same as those for Elastic Load Balancing. You pay a monthly fee of $3,000 per account, plus data transfer fees starting at $0.050 per GB. For details, see https://aws.amazon.com/shield/pricing/. AWS Shield Standard continues to provide automatic DDoS protections against common infrastructure layer attacks to all AWS customers, at no additional charge. AWS Shield Advanced can now protect your EC2 and NLB in the following AWS Regions - Northern Virginia, Oregon, Ireland, Tokyo, and Northern California.
You can learn more about AWS Shield by visiting https://aws.amazon.com/shield, by attending one of our upcoming talks at re:Invent, or by joining our upcoming webinar on Cloud-Native DDoS Mitigation.