Are Lightsail instances protected against DDOS by default using AWS Shield Standard ?

0

Hello

Is my Lightsail instance protected against DDOS by default using AWS Shield Standard ?

Or do I need to setup something for AWS Shield Standard to protect my Lightsail instance against DDOS ?

3 Answers
2
Accepted Answer

Yes Lightsail has some protection from L3/4 attacks by default from Shield Standard, however having EC2 instances directly exposed to the internet is not well-architected. In order to protect against layer 7 attacks you would need to front your Lightsail instance with a self-managed ALB or CloudFront distribution with a well-configured AWS WAF WebACL associated.

While Shield Advanced offers many benefits, the $3K per-month subscription cost does not make sense for all customers.

Please look at AWS Best Practices for DDoS Resiliency for more information on being well-architected and configuring useful AWS WAF rules to prevent malicious traffic from reaching your servers.

AWS
answered 10 months ago
profile picture
EXPERT
reviewed 4 months ago
1

As AWS Shield Standard protects at level 3 and 4, Lightsail would be protected. But what application is running on your Lightsail server? Would that benefit from level 7 protection? What other services you want to delete from your wishlist?

  • additional detection and mitigation against large and sophisticated DDoS attacks
  • near real-time visibility into attacks
  • integration with AWS WAF
  • protection against DDoS-related spikes
  • region- and resource-specific monitoring techniques
  • 24/7 access to the Shield Response Team

My 2ct: unless 100% sure basic protection will do and/or you can survive outages, use the Advanced version by default.

Rgds, Henk

answered 2 years ago
-1

https://www.google.com/search?client=firefox-b-d&q=aws+lightsail++ddos No DDoS protection by default (but snapshots are available for a fee).

answered 2 years ago
  • It looks that you got this info from vpsbenchmarks website Do you have other sources ? Why are you talking about snapshot ?

    I read here https://console.aws.amazon.com/wafv2/shieldv2 that "Standardized protection for the underlying AWS service" is activated for AWS Shield Standard, and "On by default"/"Free and enabled by default"

    I think Lightsail is an underlying AWS service, so I guess that Lightsail instances are protected against DDOS by default using AWS Shield Standard.

    If someone can confirm or refute, it would be appreciated.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions