Viewing Amazon Shield Advanced events
This page provides instructions for accessing information about events in Shield Advanced.
When you subscribe to Shield Advanced, and protect your resources, you gain access to additional visibility features for the resources. These include near real-time notification of events that are detected by Shield Advanced and additional information about detected events and mitigations.
Note
Your event information in the Shield Advanced console is based on Shield Advanced metrics. For information about Shield Advanced metrics, see Amazon Shield Advanced metrics
Amazon Shield evaluates traffic to your protected resource along multiple dimensions. When an anomaly is detected, Shield Advanced creates a separate event for each resource that's affected.
You can access event summaries and details through the Events page of the Shield console. The top level Events page provides an overview of current and past events.
The following screenshot shows an example Events page with a single ongoing event. This active event is also flagged in the left navigation pane.
Shield Advanced might also automatically place mitigations against attacks, depending on the traffic type and on your configured protections. These mitigations can protect your resource from receiving excess traffic or traffic that matches a known DDoS attack signature.
The following screenshot shows an example Events listing where all events have been mitigated by Shield Advanced or have subsided on their own.
Protect your resources before an event
Improve the accuracy of event detection by protecting resources with Shield Advanced while they are receiving the normal expected traffic, before they are subject to a DDoS attack.
In order to accurately report events for a protected resource, Shield Advanced must first establish a baseline of expected traffic patterns for it.
-
Shield Advanced reports infrastructure layer events for resources after they've been protected for at least 15 minutes.
-
Shield Advanced reports web application layer events for resources after they've been protected for at least 24 hours. The accuracy of detection for application layer events is best after Shield Advanced has observed expected traffic for 30 days.
To access events information in the Amazon Shield console
Sign in to the Amazon Web Services Management Console and open the Amazon WAF & Shield console at https://console.amazonaws.cn/wafv2/
. -
In the Amazon Shield navigation pane, choose Events. The console shows the Events page.
-
From the Events page, you can select any event in the list to see additional summary information and details for the event.