Maximize application availability and responsiveness with managed DDoS protection

What is a DDoS attack?

A Denial of Service (DoS) attack is a malicious attempt to affect the availability of a targeted system, such as a website or application, to legitimate end users. Typically, attackers generate large volumes of packets or requests ultimately overwhelming the target system. In case of a Distributed Denial of Service (DDoS) attack, and the attacker uses multiple compromised or controlled sources to generate the attack. In general, DDoS attacks can be segregated by which layer of the Open Systems Interconnection (OSI) model they attack. They are most common at the Network (layer 3), Transport (Layer 4), Presentation (Layer 6) and Application (Layer 7) Layers.

Benefits of AWS Shield

Get automatic DDoS protection

Automatically detect and mitigate sophisticated network and application layer Distributed denial of service (DDoS) events.

Customize application protection

Customize application protection against DDoS risks through integrations with Shield Response Team (SRT) protocol or AWS WAF.

Gain insights and cost protections

Gain visibility, insights, and cost savings for DDoS events that impact your AWS resources.

Use cases

Automatically scrub bad traffic at specific layers

Protect applications and APIs from SYN floods, UDP floods, or other reflection attacks.

Minimize application downtime and latency

Deploy inline mitigations such as deterministic packet filtering and priority-based traffic shaping to stop basic network-layer attacks.

Monitor and protect up to 1,000 resource types

Activate automatic detection, mitigation, or protection for each resource type per AWS account.