Responding to DDoS events in Amazon - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Responding to DDoS events in Amazon

This page explains how Amazon responds to DDoS attacks, and provides options for how you can further respond.

Amazon automatically mitigates network and transport layer (layer 3 and layer 4) DDoS attacks. If you use Shield Advanced to protect your Amazon EC2 instances, during an attack Shield Advanced automatically deploys your Amazon VPC network ACLs to the border of the Amazon network. This allows Shield Advanced to provide protection against larger DDoS events. For more information about network ACLs, see Network ACLs.

For application layer (layer 7) DDoS attacks, Amazon attempts to detect and notify Amazon Shield Advanced customers through CloudWatch alarms. By default, it doesn't automatically apply mitigations, to avoid inadvertently blocking valid user traffic.

For application layer (layer 7) resources, you have the following options available for responding to an attack.

Additionally, before an attack occurs, you can proactively enable the following mitigation options:

  • Automatic mitigations on Amazon CloudFront distributions – With this option, Shield Advanced defines and manages mitigating rules for you in your web ACL. For information about automatic application layer mitigation, see Automating application layer DDoS mitigation with Shield Advanced .

  • Proactive engagement – When Amazon Shield Advanced detects a large application layer attack against one of your applications, the SRT can proactively contact you. The SRT triages the DDoS event and creates Amazon WAF mitigations. The SRT contacts you and, with your consent, can apply the Amazon WAF rules. For more information about this option, see Setting up proactive engagement for the SRT to contact you directly.