How can I simulate a DDoS attack to test Shield Advanced?
Last updated: 2022-08-26
I want to run a simulation of a Distributed Denial of Service (DDoS) attack to test the responsiveness of AWS Shield Advanced. How can I do this?
AWS Shield Advanced helps you protect your application against DDoS attacks. DDoS attacks occur when attackers use a flood of traffic from multiple sources to attempt to impact the availability of a targeted application. Shield Advanced provides enhanced visibility into DDoS events and attacks. For more information, see Visibility into DDoS events.
You can test the responsiveness of AWS Shield Advanced with:
DDoS simulation testing with an AWS Partner Network Partner
AWS DDoS Test Partners are authorized to conduct DDoS simulation test on your behalf without prior approval from AWS. You must agree to the Terms and Conditions for DDoS simulation tests. Your application must be well-architected prior to DDoS simulation testing as described in the AWS Best Practices for DDoS Resiliency whitepaper.
Note: Don't perform a DDoS simulation without an approved partner.
For more information and to get started, see DDoS Simulation Testing Policy.
DDoS simulation testing with the Shield Response Team
Shield Advanced provides added support with the Shield Response Team that specializes in testing the DDoS response workflow. You can contact the Shield Response Team to request assistance with running a DDoS simulation. The Shield Response Team will create a simulated DDoS attack and trigger the DDoSDetected metric value to 1 during a specific time period.
Before contacting the Shield Response Team to request assistance with running a DDoS simulation, make sure that you have:
- Completed the steps for your environment in Getting started with AWS Shield Advanced.
- Completed the steps for configuring access for the Shield Response Team.
- Reviewed the AWS Best Practices for DDoS Resiliency whitepaper.
- Completed the steps to add resources to protect and configure protections.
- Used Amazon CloudWatch to create a DDoS dashboard and set CloudWatch alarms. For instructions, see Monitoring with Amazon CloudWatch.
Note: The Shield Response Team won't contact you during DDoS simulation testing to report an attack.