Getting started with AWS Shield
Protects networks and applications by analyzing network security configurations and providing managed DDoS protection
Managed DDoS Protection
AWS Shield offers two tiers of DDoS protection to safeguard your applications. AWS Shield Standard, included at no extra cost with AWS services, provides essential DDoS defense. AWS Shield Advanced offers enhanced protection capabilities and expert support. Compare these tiers to find the right protection to fit the needs of your applications.
AWS Shield Standard
For protection against most common DDoS events and access to tools and best practices to build a DDoS resilient architecture. Automatically available on all AWS services.
AWS Shield Advanced
For additional protection against larger and more sophisticated events, visibility into events, and 24x7 access to DDoS experts for complex cases. See the AWS Shield Advanced Service Level Agreement.
Available on:
Amazon Route 53
Amazon CloudFront
Elastic Load Balancing
AWS Global Accelerator
Elastic IP (Amazon Elastic Compute Cloud and Network Load Balancer)
Enable the AWS WAF Application Layer (L7) DDoS protection AWS Managed Rule group to automatically detect and defend against layer 7 DDoS events.
Compare Tiers
AWS Shield Advanced benefits, including DDoS cost protection, are subject to your fulfillment of the 1-year subscription commitment.*
|
FEATURE
|
AWS SHIELD STANDARD
|
AWS SHIELD ADVANCED*
|
|---|---|---|
|
Network flow monitoring
|
Yes |
Yes |
|
Automatic always-on detection
|
Yes |
Yes |
|
Application traffic monitoring
|
x |
Yes |
|
Protection from common DDoS events (e.g. SYN floods, ACK floods, UDP floods, Reflection events)
|
Yes |
Yes |
|
Automatic inline mitigation
|
Yes |
Yes |
|
Additional DDoS mitigation capacity for large events
|
x |
Yes |
|
Automatic application layer (L7) DDoS mitigations
|
Available at an additional cost |
Yes |
|
Self-service application layer (layer 7) mitigations
|
Yes, using AWS WAF |
Yes, using AWS WAF |
|
SRT-driven application layer (layer 7) mitigations
|
x |
Yes, with Shield Response Team |
|
Instant rule updates
|
Yes, using AWS WAF |
Yes, using AWS WAF |
|
AWS WAF for app vulnerability protection
|
Yes, using AWS WAF |
Yes, using AWS WAF |
|
Layer 3/Layer 4 event notification
|
x |
Yes |
|
Layer 7 event notification
|
x |
Yes |
|
Layer 3/Layer 4/ Layer 7 event historical report
|
x |
Yes |
|
Shield Response Team: DDoS protection best practices/architecture review
|
Yes, self-service |
Yes |
|
Shield Response Team: Custom mitigations during events
|
x |
Yes, with Enterprise or Business support |
|
Shield Response Team: Post event analysis
|
x |
Yes, with Enterprise or Business support |
|
DDoS Cost Protection: Amazon Route 53
|
x |
Yes |
|
DDoS Cost Protection: Amazon CloudFront
|
x |
Yes |
|
DDoS Cost Protection: Elastic Load Balancing (ELB)
|
x |
Yes |
|
DDoS Cost Protection: Amazon Elastic Compute Cloud (EC2)
|
x |
Yes |
|
AWF WAF: Self-service
|
Yes |
Yes |
|
AWF WAF: API access/integration
|
Yes |
Yes |
|
AWS WAF: Flexible rules engine
|
Yes |
Yes |
|
AWS WAF: Fast rule propagation
|
Yes |
Yes |
|
AWS WAF: Pricing
|
See Pricing |
Included at no additional charge with AWS Shield Advanced for resources protected up to 50 billion WAF requests per calendar month per subscribed payer account. |
|
AWS WAF: Monthly
|
x |
Yes, see Pricing (Subject to 1-year subscription) |
|
AWS WAF: Usage based
|
x |
Yes, see Pricing |
|
AWS WAF: SLA
|
x |
Yes |