Shield Response Team (SRT) support - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Shield Response Team (SRT) support

The Shield Response Team (SRT) provides added support for Shield Advanced customers. The SRT are security engineers who specialize in DDoS event response. As an additional layer of support to your Amazon Web Services Support plan, you can work directly with the SRT, leveraging their expertise as part of your event response workflow. For information about the options and for configuration guidance, see the topics that follow.


To use the services of the Shield Response Team (SRT), you must be subscribed to the Business Support plan or the Enterprise Support plan.

SRT support activities

The primary goal in an engagement with the SRT is to protect the availability and performance of your application. Depending on the type of DDoS event and the architecture of your application, the SRT may take one or more of the following actions:

  • Amazon WAF log analysis and rules – For resources that use an Amazon WAF web ACL, the SRT can analyze your Amazon WAF logs to identify attack characteristics in your application web requests. With your approval during engagement, the SRT can apply changes to your web ACL to block the attacks that they've identified.

  • Build custom network mitigations – The SRT can write custom mitigations for you for infrastructure layer attacks. The SRT can work with you to understand traffic that's expected for your application, to block unexpected traffic, and to optimize packet per second rate limits. For more information, see Configuring custom mitigations with the Shield Response Team (SRT).

  • Network traffic engineering – The SRT works closely with Amazon networking teams to protect Shield Advanced customers. When required, Amazon can change how internet traffic arrives on the Amazon network in order to allocate more mitigation capacity to your application.

  • Architectural recommendations – The SRT may determine that the best mitigation for an attack requires architectural changes to better align with the Amazon best practices, and they will help support your implementation of these practices. For information, see Amazon Best Practices for DDoS Resiliency.