Posted On: Feb 14, 2020
AWS Shield Advanced now uses the health of your applications to improve responsiveness and accuracy in attack detection and mitigation. You can now define a health check in Amazon Route 53 and then associate it with a resource that is protected by Shield Advanced through the console or API. You can apply health-based detection to all resource types that Shield Advanced supports: Elastic IP, Elastic Load Balancing (ELB), Amazon CloudFront, AWS Global Accelerator, or Amazon Route 53.
When you configure health-based detection, Shield Advanced uses the health of your application as an additional signal for attack detection, along with various other traffic attributes. This allows Shield Advanced to detect attacks more quickly and at lower traffic thresholds, improving the DDoS resiliency of your application and preventing false positive notifications. Resource health status will also be available to the DDoS response team.
Health based detection is available in all AWS regions where Shield Advanced is available and can be enabled at no additional cost. You will incur charges for the Route 53 health checks as described in Amazon Route 53 pricing.
For information about Route 53 health checks, see How Amazon Route 53 Checks the Health of Your Resources and Creating and Updating Health Checks. For more information on Shield Advanced Health-Based Detection, see the Shield Advanced Developer guide.