Best Practices for Anti-DDoS - Amazon WAF, Amazon Firewall Manager, Amazon Shield Advanced, and Amazon Shield network security director
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Introducing a new console experience for Amazon WAF

You can now use the updated experience to access Amazon WAF functionality anywhere in the console. For more details, see Working with the console.

Best Practices for Anti-DDoS

  • Enable protection during normal traffic periods – This allows the protection to establish baseline traffic patterns before responding to attacks. Add protection when you are not experiencing an attack and allow time for baseline establishment.

  • Monitor metrics regularly – Review CloudWatch metrics to understand traffic patterns and protection effectiveness.

  • Consider proactive mode for critical applications – While reactive mode is recommended for most use cases, consider using proactive mode for applications that require continuous protection against known threats.

  • Test in staging environments – Before enabling protection in production, test and tune settings in a staging environment to understand the impact on legitimate traffic.