Posted On: Jan 25, 2021

The AWS Shield Advanced dashboard now displays additional mitigation metrics and network traffic timeline details for events detected on protected resources. This also includes details about the actions automatically taken to mitigate DDoS attacks. You can use this information to more easily evaluate your applications when an unexpected increase in traffic is detected by Shield Advanced and better understand the actions taken by Shield Advanced to protect your availability.
The new metrics provide detailed event information, such as the detected attack vector and mitigation pass and drop metrics. You can view traffic on dimensions like protocol, destination port, source IP, source ASN, TCP flags. This information makes it easier to investigate anomalies and evaluate the effect of any mitigation placed by Shield Advanced.

To view the new metrics, simply navigate to the “Events” tab of the AWS Shield Console, and choose a detected event. The top of the event tab displays a summary of event information, and below are two new tabs: ‘Detection and Mitigation’ and ‘Top Contributors.’

Mitigation metrics and network traffic timelines are available to AWS Shield Advanced subscribers at no additional cost. See the AWS Region Table for the list of AWS Regions where AWS Shield Advanced is currently available. To get started, see the Shield Advanced Developer guide for more details.