Whether you are running multiple mission-critical web applications on AWS and want visibility and protection from larger and more sophisticated attacks, or you are running a single web application on AWS and looking to get started with protection against common DDoS attacks, AWS Shield provides built-in protection, and access to tools, services and expertise to help you protect your applications on AWS.
For protection against most common DDoS attacks, and access to tools and best practices to build a DDoS resilient architecture.
For additional protection against larger and more sophisticated attacks, visibility into attacks, and 24X7 access to DDoS experts for complex cases.
| Feature | AWS Shield Standard |
AWS Shield Advanced* |
||
| Active Traffic Monitoring |
||||
| Network flow monitoring |
Yes | Yes | ||
| Automatic always-on detection | Yes | Yes | ||
| Application traffic monitoring |
x | Yes | ||
| Attack Mitigations | ||||
| Protection from common DDoS attacks (e.g. SYN floods, ACK floods, UDP floods, Reflection attacks) |
Yes | Yes | ||
| Automatic inline mitigation |
Yes |
Yes | ||
| Additional DDoS mitigation capacity for large attacks |
x | Yes | ||
| Self-service application layer (Layer 7) mitigations |
Yes, using AWS WAF |
Yes, using AWS WAF | ||
| DRT-driven application layer (Layer 7) mitigations |
x | Yes, with DDoS Response Team |
||
| Instant rule updates | Yes, using AWS WAF |
Yes, using AWS WAF | ||
| AWS WAF for app vulnerability protection |
Yes, using AWS WAF |
Yes, using AWS WAF | ||
| Visibility and Reporting | ||||
| Layer 3/Layer 4 attack notification | x | Yes | ||
| Layer 7 attack notification | x | Yes | ||
| Layer 3/Layer 4/ Layer 7 attack historical report | x | Yes | ||
| DDoS Response Team and Support |
||||
| DDoS protection best practices/architecture review |
Yes, self-service |
Yes | ||
| Custom mitigations during attacks |
x | Yes | ||
| Post attack analysis | x | Yes | ||
| DDoS Cost Protection (Service credits for DDoS scaling charges) |
||||
| Amazon Route 53 | x | Yes | ||
| Amazon CloudFront | x | Yes | ||
| Elastic Load Balancing (ELB) |
x | Yes | ||
| Note: AWS Shield Advanced benefits, including DDoS cost protection, are subject to your fulfillment of the 1-year subscription commitment. |
||||
| Web Application Firewall (WAF) |
||||
| Self-service | Yes | Yes | ||
| API access/integration | Yes | Yes | ||
| Flexible rules engine |
Yes | Yes | ||
| Fast rule propagation |
Yes | Yes | ||
| Pricing | Yes, See Pricing | Included at no additional charge with AWS Shield Advanced |
||
| Cost | ||||
| Monthly | x | Yes, See Pricing (Subject to 1-year subscription) | ||
| Usage based | x | Yes, See Pricing | ||
| SLA |
x | Yes |
||
*AWS Shield Advanced is available to customers who are enrolled in either the Enterprise or Business Support levels of AWS Premium Support.
