Getting started with Amazon Shield Advanced - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Getting started with Amazon Shield Advanced

This tutorial walks you through getting started with Amazon Shield Advanced using the Shield Advanced console.


Shield Advanced requires a subscription, while Amazon Shield Standard does not. The protections provided by Shield Standard are available free of charge to all Amazon customers.

Shield Advanced provides advanced DDoS detection and mitigation protection for network layer (layer 3), transport layer (layer 4), and application layer (layer 7) attacks. For more information about Shield Advanced, see Amazon Shield Advanced overview.

The Amazon technical community has published an example of an automated process for configuring Shield Advanced using the infrastructure as code (IaC) tools, Amazon CloudFormation and Terraform. You can use Amazon Firewall Manager with this solution if your accounts are part of an organization in Amazon Organizations and if you're protecting any resource types except for Amazon Route 53 or Amazon Global Accelerator. To explore this option, see the code repository at aws-samples / aws-shield-advanced-one-click-deployment and the tutorial at One-click deployment of Shield Advanced.


It's important that you fully configure Shield Advanced prior to a Distributed Denial of Service (DDoS) event. Complete the configuration to help ensure that your application is protected and that you are ready to respond if your application is affected by a DDoS attack.

Perform the following steps in sequence to get started using Shield Advanced.