Posted On: Jul 9, 2021

For AWS Shield Advanced customers, the Shield Response Team (SRT) can now monitor AWS WAF request data during web-application layer events to identify anomalous traffic and help craft custom AWS WAF rules to mitigate offending traffic sources. As a result, you no longer need to enable AWS WAF logging and stream AWS WAF logs via Amazon Kinesis to an Amazon S3 bucket in order to receive support from the SRT.

If you have enabled proactive engagement prior to a detected event, the SRT will begin analyzing your AWS WAF request data as soon as a Shield event correlates with an unhealthy Amazon Route 53 health check. The SRT will identify anomalous traffic and contact you directly to recommend AWS WAF rules to mitigate the attack. No additional steps are required to enable this level of support. If the availability of your application is affected by a flood of web requests, you can open an AWS Support case to escalate to the SRT.

All AWS Shield Advanced subscribers now benefit from web-application layer event support without needing to enable AWS WAF logging. To get started, subscribe to AWS Shield Advanced using the AWS Management Console or Shield API, or visit the AWS Shield product detail page to learn more. Visit the Shield Advanced Developer Guide for more details.