Step 3: (Optional) authorize the Shield Response Team (SRT) - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Step 3: (Optional) authorize the Shield Response Team (SRT)

One of the benefits of Amazon Shield Advanced is support from the Shield Response Team (SRT). When you experience a potential DDoS attack, you can contact the Amazon Web Services Support Center. If necessary, the Support Center escalates your issue to the SRT. The SRT helps you analyze the suspicious activity and assists you in mitigating the issue. This mitigation often involves creating or updating Amazon WAF rules and web ACLs in your account. The SRT can inspect your Amazon WAF configuration and create or update Amazon WAF rules and web ACLs for you, but the team needs your authorization to do so. We recommend that as part of setting up Amazon Shield Advanced, you proactively provide the SRT with the needed authorization. Providing authorization ahead of time helps prevent mitigation delays in the event of an actual attack.

You authorize and contact the SRT at the account level. That is, the account owner, not the Firewall Manager administrator, must perform the following steps to authorize the SRT to mitigate potential attacks. The Firewall Manager administrator can authorize the SRT only for accounts that they own. Likewise, only the account owner can contact the SRT for support.


To use the services of the SRT, you must be subscribed to the Business Support plan or the Enterprise Support plan.

To authorize the SRT to mitigate potential attacks on your behalf, follow the instructions in Shield Response Team (SRT) support. You can change SRT access and permissions at any time by using the same steps.

Continue to Step 4: Configure Amazon SNS notifications and Amazon CloudWatch alarms.