Networking & Content Delivery

AWS Best Practices for DDoS Resiliency – Updated Whitepaper Now Available

You work to protect your business from the impact of Distributed Denial of Service (DDoS) attacks, as well as other cyberattacks. You want to keep your customers’ trust in your service by maintaining the availability and responsiveness of your application. And you want to avoid unnecessary direct costs when your infrastructure must scale in response to an attack.

AWS is committed to providing you with tools, best practices, and services to help ensure high availability, security, and resiliency to defend against bad actors on the internet. We have recently released the 2018 version of the AWS Best Practices for DDoS Resiliency whitepaper. Our updates take into account the following new AWS service developments that can help you harden your posture against DDoS attacks:

  • Additional AWS services: AWS Shield Advanced, AWS Firewall Manager, and the new generation of ELBs like AWS Application Load Balancer
  • Additional AWS service features: AWS WAF Managed Rules, AWS WAF Rate Based Rules, new Amazon EC2 instance generation, and regional endpoints of Amazon API Gateway

In this whitepaper, we provide you with prescriptive DDoS guidance to build applications that are resilient to DDoS attacks. We describe different attack types, such as volumetric attacks and application layer attacks, and explain which best practices are most effective to manage each attack type. We also outline the services and features that fit into a DDoS mitigation strategy, and how each one can be used to help protect your applications.

Blog: Using AWS Client VPN to securely access AWS and on-premises resources
Learn about AWS VPN services
Watch re:Invent 2019: Connectivity to AWS and hybrid AWS network architectures