Combining Shield Advanced with other Amazon Web Services services - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Combining Shield Advanced with other Amazon Web Services services

You can use Shield Advanced to protect your resources in many types of scenarios. However, in some cases you should use other services or combine other services with Shield Advanced to offer the best protection. Following are examples of how to use Shield Advanced or other Amazon services to help protect your resources.

Goal Suggested services Related service documentation
Protect a web application and RESTful APIs against a DDoS attack Shield Advanced protecting an Amazon CloudFront distribution and an Application Load Balancer Elastic Load Balancing documentation, Amazon CloudFront Documentation
Protect a TCP-based application against a DDoS attack Shield Advanced protecting an Amazon Global Accelerator standard accelerator; attached to an Elastic IP address Amazon Global Accelerator Documentation, Elastic Load Balancing documentation
Protect a UDP-based game server against a DDoS attack Shield Advanced protecting an Amazon EC2 instance attached to an Elastic IP address Amazon Elastic Compute Cloud Documentation

For example, if you use Shield Advanced to protect an Elastic IP address, Shield Advanced protects whatever resource is associated with it. During an attack, Shield Advanced automatically deploys your network ACLs to the border of the Amazon network. When your network ACLs are at the border of the network, Shield Advanced can provide protection against larger DDoS events. Typically, network ACLs are applied near your Amazon EC2 instances within your Amazon VPC. The network ACL can mitigate attacks only as large as your Amazon VPC and instance can handle. If the network interface attached to your Amazon EC2 instance can process up to 10 Gbps, volumes over 10 Gbps slow down and possibly block traffic to that instance. During an attack, Shield Advanced promotes your network ACL to the Amazon border, which can process multiple terabytes of traffic. Your network ACL is able to provide protection for your resource well beyond your network's typical capacity. For more information about network ACLs, see Network ACLs.