AWS Shield is a managed Distributed Denial of Service (DDoS) protection service. It detects and automatically mitigates attacks that could potentially result in downtime for your application and might also increase latency for your applications running on EC2 instances.
A DDoS attack results in increased traffic for your EC2 instances, Elastic Load Balancer, Route 53, or CloudFront. As a result, these services would need to scale up resources to cope with the increased traffic. A DDoS attack usually happens when multiple systems are compromised or infected with a Trojan flooding a target system with an intention to deny a service to intended users by generating traffic and shutting down a resource so it cannot serve more requests.
AWS Shield has two tiers: Standard and Advanced. All protection under the AWS Shield Standard option is available to all AWS customers by default, without any additional charge. The AWS Shield Advanced option is available to customers with business and enterprise support at an additional charge. The advanced option provides protection against more sophisticated attacks on your AWS resources, such as an EC2 instance, ELB, and so on. The following figure shows AWS Shield tiers:
AWS Shield is covered under the AWS suite of services that are eligible for Health Insurance Portability and Accounting Act (HIPAA) compliance. It can be used to protect websites hosted outside of AWS, as it is integrated with AWS CloudFront. Let's look at other benefits of AWS Shield:
The AWS Shield Advanced billing plan starts at USD $3000 per month. Charges for data transfer are calculated separately for all AWS resources selected for the AWS Shield advanced protection.
Let's look at AWS Shield features for Standard and Advanced tiers:
You can also enable AWS Shield advanced on your multiple AWS accounts as long as all of these accounts are under one single billing account and are owned by you, and all AWS resources in these accounts are owned by you.
With AWS Shield advanced, you get a history of all incidents in your AWS account for the past 13 months. As it is integrated with AWS CloudWatch, you get a notification through AWS CloudWatch metrics as soon as an attack happens. This notification will be sent in a matter of a few minutes.
3.145.87.161