How Amazon Shield detects events
Amazon operates service-level detection systems for the Amazon network and individual Amazon services, to ensure that they remain available during a DDoS attack. Additionally, resource-level detection systems monitor each individual Amazon resource to ensure that traffic toward the resource remains within expected parameters. This combination protects both the targeted Amazon resource and Amazon services, by applying mitigations that drop known bad packets, highlight potentially malicious traffic, and prioritize traffic from end users.
Detected events appear in your Shield Advanced event summaries, attack details, and Amazon CloudWatch
metrics as either the name of the DDoS attack vector or as Volumetric
if the
evaluation was based on traffic volume instead of signature. For more information on the
attack vector dimensions that are available within the DDoSDetected
CloudWatch
metric, see Amazon Shield Advanced metrics.