Posted On: Oct 26, 2020

AWS Shield now provides global and per-account event summaries to all AWS customers. These summaries provide you an overview of all events detected by AWS Shield, such as Distributed Denial of Service (DDoS) attacks and other volumetric anomalies, for each of your accounts and for all events detected and mitigated on AWS. 

The Getting Started page on the AWS Shield console provides a preview of the global threat environment dashboard, a feature previously included only as part of AWS Shield Advanced. This dashboard shows a global heatmap of event locations, the frequency and volume of events, and the most common events over the past 2 weeks. It includes a threat level that indicates whether the events detected by AWS Shield are within expected parameters. 

You can also view a summary of infrastructure-layer (Layer 3 and 4) events detected across your entire account on Elastic IPs (EIPs), Classic Load Balancers (CLBs), Application Load Balancers (ALBs), AWS Global Accelerator accelerators, Amazon CloudFront distributions, and Amazon Route 53 hosted zones. This summary provides insight into DDoS attacks, or other volumetric anomalies, that may have targeted your application and can help you decide whether to protect your application with AWS Shield Advanced. If you have already subscribed to AWS Shield Advanced, you can also view a summary of application-layer (Layer 7) events and use these summaries to evaluate whether to protect additional resources.  

To see a preview of the global threat environment dashboard and a summary of events for the resources in your account, simply navigate to the ‘Getting Started’ tab of the AWS Shield Console. For a more granular view of the global threat environment dashboard, to receive detailed per event-visibility, or to receive application-layer (Layer 7) event visibility, subscribe to AWS Shield Advanced.