Visibility into DDoS events with Shield Advanced
Amazon Shield provides visibility into the following categories of events and event activities:
-
Global – All customers can access an aggregated view of global threat activity over the last two weeks. You can see this information under the Getting Started and Global threat dashboard pages of the Amazon Shield console. For more information, see Viewing Amazon Shield global and account activity.
-
Account – All customers can access a summary of the events for their account over the prior year. You can see this information under the Getting Started page of the Amazon Shield console. For more information, see Viewing Amazon Shield global and account activity.
When you subscribe to Shield Advanced and add protections to your resources, you gain access to additional information about the events and DDoS attacks on the protected resources:
-
Events on protected resources – Shield Advanced provides detailed information for each event through the Events page of the Amazon Shield console. For more information, see Viewing Amazon Shield Advanced events.
-
Event metrics for protected resources – Shield Advanced publishes detection, mitigation, and top contributor Amazon CloudWatch metrics for all resources that it protects. You can use these metrics to configure CloudWatch dashboards and alarms. For more information, see Amazon Shield Advanced metrics.
-
Cross-account event visibility for protected resources – If you use Amazon Firewall Manager to manage your Shield Advanced protections, you can enable visibility into protections across multiple accounts by using Firewall Manager combined with Amazon Security Hub. For more information, see Viewing Shield Advanced events across multiple Amazon Web Services accounts with Amazon Firewall Manager and Amazon Security Hub.
If you enable automatic application layer DDoS mitigation for an application layer protection,