AWS Security Blog

Updated Whitepaper Available: AWS Best Practices for DDoS Resiliency

AWS is committed to providing you high availability, security, and resiliency in the face of bad actors on the Internet. As part of this commitment, AWS provides tools, best practices, and AWS services that you can use to build distributed denial of services (DDoS)–resilient applications.

We recently released the 2016 version of the AWS Best Practices for DDoS Resiliency Whitepaper, which can be helpful if you have public-facing endpoints that might attract unwanted DDoS activity. You can benefit from reading this whitepaper if you:

  • Are looking for prescriptive DDoS guidance.
  • Need guidance for building new apps resilient to DDoS attacks.
  • Need to verify whether your architecture is optimized for DDoS resiliency and makes the best use of services such as Amazon CloudFront and Elastic Load Balancing.

The updated whitepaper builds on the descriptions of various attack types, such as volumetric attacks and application layer attacks, and explains which best practices are most effective at managing them. We have added explanations about where services and features fit in to the strategy of DDoS mitigation and how they can be used to protect your applications. Also, the whitepaper’s “Summary of best practices” table provides a checklist to help you identify opportunities to improve your architecture by using the whitepaper’s prescriptive guidance.

If you have comments about this updated whitepaper, submit them in the “Comments” section below.

– Andrew