{"id":4001,"date":"2023-11-04T23:13:59","date_gmt":"2023-11-04T23:13:59","guid":{"rendered":"http:\/\/localhost:10003\/defending-against-distributed-denial-of-service-ddos-attacks-with-aws-shield\/"},"modified":"2023-11-05T05:48:24","modified_gmt":"2023-11-05T05:48:24","slug":"defending-against-distributed-denial-of-service-ddos-attacks-with-aws-shield","status":"publish","type":"post","link":"http:\/\/localhost:10003\/defending-against-distributed-denial-of-service-ddos-attacks-with-aws-shield\/","title":{"rendered":"Defending against Distributed Denial-of-Service (DDoS) attacks with AWS Shield"},"content":{"rendered":"

Distributed Denial-of-Service (DDoS) attacks are a growing concern for organizations of all sizes. These attacks aim to overwhelm the target with massive amounts of traffic from multiple sources, rendering the service unavailable to legitimate users.<\/p>\n

AWS Shield is a managed DDoS protection service that provides continuous monitoring and automatic mitigation of DDoS attacks on AWS resources. This tutorial will guide you through the steps to enable AWS Shield Standard and AWS Shield Advanced on your AWS accounts, and how to use AWS Shield to defend against DDoS attacks.<\/p>\n

Prerequisites<\/h2>\n

To use AWS Shield, you need to have an AWS account. If you don’t have an AWS account, sign up at https:\/\/aws.amazon.com\/.<\/p>\n

You also need to have the required permissions to enable and configure AWS Shield. If you are the account owner, you should have these permissions by default. If you are not the account owner, you need to be granted these permissions by the account owner or an administrator.<\/p>\n

Enable AWS Shield Standard<\/h2>\n

AWS Shield Standard is a free service that provides basic protection against common DDoS attacks for all AWS customers. Enabling AWS Shield Standard is easy and can be done in a few clicks.<\/p>\n

    \n
  1. Log in to the AWS Management Console.<\/li>\n
  2. Navigate to the AWS Shield console at https:\/\/console.aws.amazon.com\/wafv2\/home?#ddos.<\/li>\n
  3. Click the Enable AWS Shield Standard button.<\/li>\n
  4. Follow the on-screen instructions to enable AWS Shield Standard on your AWS account.<\/li>\n<\/ol>\n

    Once AWS Shield Standard is enabled, it provides automatic detection and mitigation of common DDoS attacks, such as SYN floods, UDP floods, and HTTP floods. AWS Shield Standard can also protect against some application-layer attacks, such as HTTP request floods.<\/p>\n

    AWS Shield Standard provides protection for all AWS resources that are publicly accessible over the internet, such as Amazon EC2 instances, Elastic Load Balancers, and Amazon S3 buckets.<\/p>\n

    While AWS Shield Standard provides basic protection against DDoS attacks, it may not be sufficient for organizations that require more advanced protection against sophisticated attacks. To enable advanced DDoS protection, you can upgrade to AWS Shield Advanced.<\/p>\n

    Upgrade to AWS Shield Advanced<\/h2>\n

    AWS Shield Advanced is a paid service that provides additional features and protections beyond AWS Shield Standard. AWS Shield Advanced is designed for organizations that require advanced protection against sophisticated DDoS attacks, such as those that have the ability to bypass AWS Shield Standard protections.<\/p>\n

    Enabling AWS Shield Advanced requires a few more steps than enabling AWS Shield Standard, and comes with additional costs.<\/p>\n

      \n
    1. Log in to the AWS Management Console.<\/li>\n
    2. Navigate to the AWS Shield console at https:\/\/console.aws.amazon.com\/wafv2\/home?#ddos.<\/li>\n
    3. Click the Upgrade to AWS Shield Advanced button.<\/li>\n
    4. Follow the on-screen instructions to upgrade to AWS Shield Advanced.<\/li>\n<\/ol>\n

      To use AWS Shield Advanced, you also need to have Amazon CloudFront and Amazon Route 53 enabled in your AWS account. If you don’t have them enabled, follow the on-screen instructions to enable them.<\/p>\n

      AWS Shield Advanced provides the following additional features and protections:<\/p>\n