Whether you are running multiple mission-critical web applications on AWS and want visibility and protection from larger and more sophisticated attacks, or you are running a single web application on AWS and looking to get started with protection against common DDoS attacks, AWS Shield provides built-in protection, and access to tools, services and expertise to help you protect your applications on AWS.

AWS Shield is now generally available

Try AWS Shield for Free

 

 

For protection against most common DDoS attacks, and access to tools and best practices to build a DDoS resilient architecture.

 

Automatically available on all AWS services.

For additional protection against larger and more sophisticated attacks, visibility into attacks, and 24X7 access to DDoS experts for complex cases.

Available on,

  • Amazon Route 53
  • Amazon CloudFront
  • Elastic Load Balancing
  • Elastic IP (Amazon Elastic Compute Cloud and Network Load Balancer)
Feature AWS Shield Standard
AWS Shield Advanced*
Active Traffic Monitoring
Network flow monitoring
Yes Yes
Automatic always-on detection Yes Yes
Application traffic monitoring
x Yes
Attack Mitigations
Protection from common DDoS attacks (e.g. SYN floods, ACK floods, UDP floods, Reflection attacks)
Yes Yes
Automatic inline mitigation
Yes
Yes
Additional DDoS mitigation capacity for large attacks
x Yes
Self-service application layer (Layer 7) mitigations
Yes, using AWS WAF
Yes, using AWS WAF
DRT-driven application layer (Layer 7) mitigations
x Yes, with DDoS Response Team
Instant rule updates Yes, using AWS WAF
Yes, using AWS WAF
AWS WAF for app vulnerability protection
Yes, using AWS WAF
Yes, using AWS WAF
Visibility and Reporting
Layer 3/Layer 4 attack notification x Yes
Layer 7 attack notification x Yes
Layer 3/Layer 4/ Layer 7 attack historical report x Yes
DDoS Response Team and Support
DDoS protection best practices/architecture review
Yes, self-service
Yes
Custom mitigations during attacks
x Yes
Post attack analysis x Yes
DDoS Cost Protection (Service credits for DDoS scaling charges)
Amazon Route 53 x Yes
Amazon CloudFront x Yes
Elastic Load Balancing (ELB)
x Yes
Amazon Elastic Compute (EC2)
x Yes
Note: AWS Shield Advanced benefits, including DDoS cost protection, are subject to your fulfillment of the 1-year subscription commitment.
Web Application Firewall (WAF)
   
Self-service Yes Yes
API access/integration Yes Yes
Flexible rules engine
Yes Yes
Fast rule propagation
Yes Yes
Pricing See Pricing Included at no additional charge with AWS Shield Advanced
Cost
Monthly x Yes, See Pricing (Subject to 1-year subscription)
Usage based x Yes, See Pricing
SLA
x Yes

*AWS Shield Advanced is available to customers who are enrolled in either the Enterprise or Business Support levels of AWS Premium Support.