Contacting the support center during an application layer DDoS attack
This page provides instructions for contacting the support center during an application layer DDoS attack.
If you're an Amazon Shield Advanced customer, you can contact the Amazon Web Services Support Center
To get Shield Response Team (SRT) support, contact the Amazon Web Services Support Center
Select the following options:
Case type: Technical Support
Service: Distributed Denial of Service (DDoS)
Category: Inbound to Amazon
Severity: Choose an appropriate option
When discussing with our representative, explain that you're an Amazon Shield Advanced customer
experiencing a possible DDoS attack. Our representative will direct your call to the
appropriate DDoS experts. If you open a case with the Amazon Web Services Support Center
For application layer attacks, the SRT can help you analyze the suspicious activity. If you have automatic mitigation enabled for your resource, the SRT can review the mitigations that Shield Advanced is automatically placing against the attack. In any case, the SRT can assist you to review and mitigate the issue. Mitigations that the SRT recommends often require the SRT to create or update Amazon WAF web access control lists (web ACLs) in your account. The SRT will need your permission to do this work.
Important
We recommend that as part of enabling Amazon Shield Advanced, you follow the steps in Granting access for the SRT to proactively provide the SRT with the permissions that they need to assist you during an attack. Providing permission ahead of time helps to prevent any delays in the event of an actual attack.
The SRT helps you triage the DDoS attack to identify attack signatures and patterns. With your consent, the SRT creates and deploys Amazon WAF rules to mitigate the attack.
You can also contact the SRT before or during a possible attack to review mitigations and to develop and deploy custom mitigations. For example, if you're running a web application and need only ports 80 and 443 open, you can work with the SRT to preconfigure a web ACL to "allow" only ports 80 and 443.
You authorize and contact the SRT at the account level. That is, if you use Shield Advanced within a Firewall Manager Shield Advanced policy, the account owner, not the Firewall Manager administrator, must contact the SRT for support. The Firewall Manager administrator can contact the SRT only for accounts that they own.