How can I simulate a DDoS attack to test Shield Advanced?

3 minute read

I want to run a simulation of a Distributed Denial of Service (DDoS) attack to test the responsiveness of AWS Shield Advanced. How can I do this?

Short description

AWS Shield Advanced helps you protect your application against DDoS attacks. DDoS attacks occur when attackers use a flood of traffic from multiple sources to attempt to impact the availability of a targeted application. Shield Advanced provides enhanced visibility into DDoS events and attacks. For more information, see Visibility into DDoS events.

You can test the responsiveness of AWS Shield Advanced with:

A simulated DDoS attack in production traffic with an authorized pre-approved AWS Partner Network (APN) Partner.
A simulated DDoS attack using the DDoSDetected metric value set to 1 with the Shield Response Team (SRT).

Resolution

DDoS simulation testing with an AWS Partner Network Partner

AWS DDoS Test Partners are authorized to conduct DDoS simulation test on your behalf without prior approval from AWS. You must agree to the Terms and Conditions for DDoS simulation tests. Your application must be well-architected prior to DDoS simulation testing as described in the AWS Best Practices for DDoS Resiliency whitepaper.

Note: Don't perform a DDoS simulation without an approved partner.

For more information and to get started, see DDoS Simulation Testing Policy.

DDoS simulation testing with the Shield Response Team

Shield Advanced provides added support with the Shield Response Team that specializes in testing the DDoS response workflow. You can contact the Shield Response Team to request assistance with running a DDoS simulation. The Shield Response Team will create a simulated DDoS attack and trigger the DDoSDetected metric value to 1 during a specific time period.

Before contacting the Shield Response Team to request assistance with running a DDoS simulation, make sure that you have:

Completed the steps for your environment in Getting started with AWS Shield Advanced.
Completed the steps for configuring access for the Shield Response Team.
Reviewed the AWS Best Practices for DDoS Resiliency whitepaper.
Completed the steps to add resources to protect and configure protections.
Used Amazon CloudWatch to create a DDoS dashboard and set CloudWatch alarms. For instructions, see Monitoring with Amazon CloudWatch.

Note: The Shield Response Team won't contact you during DDoS simulation testing to report an attack.

Related information

Best practices for security, identity, & compliance

AWS Shield Advanced capabilities and options

How can I defend against DDoS attacks with Shield Standard?

Topics

Security, Identity, & Compliance

Relevant content

Cost reduction Tips in Shield Advanced
rePost-User-9973473
asked a year ago
Baby DDOS Attacks Triggering AWS Shield Standard Throttling ? Causing ICMP to Fail.
stumped
asked a year ago
Unsubcribe AWS shield Advance
Accepted Answer
oluwabamidele
asked a year ago
AWS Shield Standard not preventing DDOS?
ondemand
asked 2 years ago
how large traffic can ddos shield defend? 500Gbps offen occurs in games industry.
AWS-User-1002523
asked 2 years ago
How many resources can Shield Advanced protect?
AWS OFFICIALUpdated a year ago
How can I defend against DDoS attacks with Shield Standard?
AWS OFFICIALUpdated a year ago
How do I mitigate DDoS attacks using AWS WAF?
AWS OFFICIALUpdated 2 years ago
How do I protect my AWS resources from DDoS attacks?
AWS OFFICIALUpdated 3 months ago
Amazon Redshift Advanced Benchmarking
EXPERT
Jon Roberts
published 3 months ago