How to trigger a Lambda function when AWS Shield Advanced detects a DDoS attack?
0
I want to trigger a Lambda function whenever the AWS Shield Advanced's DDoSDetected Cloudwatch metric associated with my protected resource changes value to non-zero. How to do that?
Language
English
asked 22 days ago127 views
1 Answer
- Newest
- Most votes
- Most comments
0
Create a CloudWatch Alarm associated with the DDoSDetected metric. The alarm will trigger a Lambda function.
- Go to the CloudWatch Console, and select All Alarms from the left sidebar.
- Click on Create Alarm.
- Click on Select metric, then from AWS/DDoSProtection / ResourceArn, select the DDoSDetected metric of the specific resource and click on Select metric.
- When specifying metric and conditions, make sure that
- Metric name is DDoSDetected,
- ResourceArn is valid,
- for Statistic, select Maximum,
- for Period, select either 1 minute or lower,
- use Static threshold type, and define the alarm condition whenever DDoSDetected is Greater than 0.
- When configuring actions:
- configure the default notification action, or remove it if you don’t want to receive SNS notifications when the alarm is triggered,
- click on Add Lambda action,
- Choose a function from the dropdown or reference it by the ARN if cross-account.
- Click on Next at the bottom of the page, add alarm name, click on Next again, then review and create the alarm.
answered 22 days ago
Relevant content
- asked a year ago
- Accepted Answerasked 7 months ago
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated a year ago
