- Newest
- Most votes
- Most comments
We can make use of ALB (Application Load Balancer) and/or CloudFront to mitigate DDoS. Please refers the the whitepaper for more details: https://d1.awsstatic.com/whitepapers/Security/DDoS_White_Paper.pdf
Suggest looking to front your application with CloudFront or AWS Global Accelerator or Amazon Route 53 as applicable. Some important points when you leverage these services:
Benefits of using CloudFront, AWS Global Accelerator, and Amazon Route 53 include:
• Access to internet and DDoS mitigation capacity across the AWS Global Edge Network. This is useful in mitigating larger volumetric attacks, which can reach terabit scale.
• AWS Shield DDoS mitigation systems are integrated with AWS edge services, reducing time-to-mitigate from minutes to sub second.
• Stateless SYN Flood mitigation techniques proxy and verify incoming connections before passing them to the protected service. This ensures that only valid connections reach your application while protecting your legitimate end users against false positives drops.
• Automatic traffic engineering systems that disperse or isolate the impact of large volumetric DDoS attacks. All of these services isolate attacks at the source before they reach your origin, which means less impact on systems protected by these services.
• Application layer defense when combined with AWS WAF that does not require changing current application architecture (for example, in an AWS Region or on-premises data center).
There is no charge for inbound data transfer on AWS and you do not pay for DDoS attack traffic that is mitigated by AWS Shield
Relevant content
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 9 months ago