Posted On: Nov 16, 2020

AWS Shield Advanced now allows you to bundle resources into protection groups, giving you a self-service way to customize the scope of detection and mitigation for your application by treating multiple resources as a single unit. Resource grouping improves the accuracy of detection, reduces false positives, eases automatic protection of newly created resources, and accelerates the time to mitigate attacks against multiple resources. For example, if an application consists of four CloudFront distributions, you can add them to one protection group to receive detection and protection for the collection of resources as a whole. Reporting can be consumed at the protection group level, in addition to the resource level, giving a more holistic view of overall application health.

To use the protection groups feature, first ensure the resources you wish to group are protected resources on the ‘Protected resources' page in the Shield Console. Next, create a new protection group on the ‘Protection groups’ tab within the ‘Protected resources’ page. You can then choose which resources to add to the protection group. Once complete, attack summaries will be seen on the protection group, the volume of alarming will be reduced compared to resource level alerts, and automatic group level mitigations can be activated when any resource in the group is attacked.

Protection groups are available to AWS Shield Advanced subscribers at no additional cost. See the AWS Region Table for the list of regions where AWS Shield is currently available. To get started, see the Shield Advanced Developer guide for more details.