- Newest
- Most votes
- Most comments
Yes Lightsail has some protection from L3/4 attacks by default from Shield Standard, however having EC2 instances directly exposed to the internet is not well-architected. In order to protect against layer 7 attacks you would need to front your Lightsail instance with a self-managed ALB or CloudFront distribution with a well-configured AWS WAF WebACL associated.
While Shield Advanced offers many benefits, the $3K per-month subscription cost does not make sense for all customers.
Please look at AWS Best Practices for DDoS Resiliency for more information on being well-architected and configuring useful AWS WAF rules to prevent malicious traffic from reaching your servers.
As AWS Shield Standard protects at level 3 and 4, Lightsail would be protected. But what application is running on your Lightsail server? Would that benefit from level 7 protection? What other services you want to delete from your wishlist?
- additional detection and mitigation against large and sophisticated DDoS attacks
- near real-time visibility into attacks
- integration with AWS WAF
- protection against DDoS-related spikes
- region- and resource-specific monitoring techniques
- 24/7 access to the Shield Response Team
My 2ct: unless 100% sure basic protection will do and/or you can survive outages, use the Advanced version by default.
Rgds, Henk
https://www.google.com/search?client=firefox-b-d&q=aws+lightsail++ddos No DDoS protection by default (but snapshots are available for a fee).
It looks that you got this info from vpsbenchmarks website Do you have other sources ? Why are you talking about snapshot ?
I read here https://console.aws.amazon.com/wafv2/shieldv2 that "Standardized protection for the underlying AWS service" is activated for AWS Shield Standard, and "On by default"/"Free and enabled by default"
I think Lightsail is an underlying AWS service, so I guess that Lightsail instances are protected against DDOS by default using AWS Shield Standard.
If someone can confirm or refute, it would be appreciated.
Relevant content
- asked 6 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 8 months ago
It really looks like yes ... https://docs.aws.amazon.com/waf/latest/developerguide/ddos-standard-summary.html "All AWS customers benefit from the automatic protection of Shield Standard"