Posted On: Dec 1, 2021

AWS Shield Advanced now automatically protects web applications by blocking application layer (Layer 7) DDoS events with no manual intervention needed by you or the AWS Shield Response Team (SRT). When you protect your resources with AWS Shield Advanced and enable automatic application layer DDoS mitigation, Shield Advanced will identify patterns associated with layer 7 DDoS events and isolate this anomalous traffic by automatically creating AWS WAF rules in your web access control lists (ACLs). These rules can be implemented in count mode to observe how they will impact resource traffic and then deployed in block mode. These capabilities enable you to quickly respond to and mitigate DDoS events that threaten the availability of your applications.

With automatic application layer DDoS mitigation, AWS Shield Advanced will create custom WAF rules in a Shield-managed rule group to mitigate layer 7 DDoS events affecting your protected resources. Shield Advanced evaluates each WAF rule it creates against normal traffic into your resources to minimize false positives and deploys them in either count or block mode. The action taken by these WAF rules can be changed to count or block mode at any time. You can also view detection, mitigation, and top contributor metrics associated with application layer DDoS events for further investigation or to assess the effect of any mitigations Shield creates.

Automatic application layer DDoS mitigation is available to AWS Shield Advanced subscribers at no additional cost. To view the list of AWS Regions where AWS Shield Advanced is currently available, see the AWS Region Table. For more details, visit the AWS Shield Advanced Developer guide for more details.