Posted On: Aug 16, 2018

Starting today, AWS Shield Advanced allows you to easily create Rate-Based Rules (RBRs) with just a few clicks in its upgraded onboarding wizard. Additionally, the wizard also enables you to better monitor your protected resources by allowing you to quickly setup Amazon CloudWatch alarms on Distributed Denial of Service (DDoS) metrics published by the service . 

AWS Shield Advanced introduces two new features in its onboarding wizard, which is a step-by-step tool to help you set up DDoS protections. If you have selected an Application Load Balancer or an Amazon CloudFront distribution to protect, the wizard helps you set up simple Layer 7 protections. You first specify an AWS WAF web Access Control List (ACL) by choosing an existing web ACL or creating a new one. Then, you can add a rate-based rule to the web ACL by either selecting an existing rule or creating a new rule through the console.

In addition, the wizard also helps you monitor your protected resources with Amazon CloudWatch alarms. To create an alarm, you can specify an Amazon Simple Notification Service (SNS) topic for the resources you are protecting. You can either choose an existing topic or use the wizard to create a new one. Once set up, you will get a notification whenever the service issues a DDoSDetected Amazon CloudWatch metric.

You can edit the newly created RBRs and alarms at any time, via the AWS WAF service and the Amazon CloudWatch service, respectively, using the AWS Management Console or API. To learn more, please visit the AWS Shield Developer Guide and API reference.

AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards web applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection. There are two tiers of AWS Shield - Standard and Advanced. To learn more, visit AWS Shield.