Questions tagged with AWS Shield

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

  • 1
  • 2
  • 12 / page
How do i reduce my data transfer out cost in AWS shield Advanced? Any heads up to follow?
2
answers
0
votes
20
views
asked 22 days ago
My api service was up and running on the ec2 instance but suddenly started throwing error message: {"status":false,"message":"failure","result":{"code":0,"message":"Request failed with status code 451","data":{}},"responseCode":500} while any user trying to re-login. The API is allowing new users to register but not allowing to login back. I fear is it something https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/451. If yes how can I verify?
1
answers
0
votes
25
views
asked 2 months ago
Hi, We have an API Gateway with regional endpoints. We have attached WAF to the API Gateway for L7 protection. Researching how we can further protect our system, [this AWS whitepaper suggests we use CloudFront in front of the API Gateway:](https://docs.aws.amazon.com/whitepapers/latest/security-overview-amazon-api-gateway/security-design-principles.html) > Amazon CloudFront distributes traffic across multiple edge locations, and filters requests to help ensure that only valid requests will be forwarded to your API Gateway deployments. I suspect my understanding of the edge network is limited and the answer may be obvious, but can someone expand on this quote or provide further information on why CloudFront helps with DDoS mitigation? Also as far as I know, CloudFront uses Shield for DDoS mitigation and detection at L3/L4. But Shield Standard is also used in all AWS services, including API Gateway. Are there benefits to using CloudFront for DDoS mitigation and protection beyond Shield?
2
answers
0
votes
72
views
asked 2 months ago
Hi, We are looking to see if there is any visibility into if a DDoS attack occurs on our API Gateway service should it occur. The API Gateway will be protected directly by WAF rules at the L7 application layer. While we can monitor AWS/WAFV2 metrics like BlockedRequests, we also want to know if we could do something similar for L3/L4 attacks. I see that Shield Advanced has DDoS metrics: https://docs.aws.amazon.com/waf/latest/developerguide/ddos-cloudwatch-metrics.html We aren't necessarily looking for this level of granularity, but would like to have data on how many times a DDoS attack occurs so we can decide if we want to upgrade to Shield Advanced for greater insight. Also, we are not fronting the API Gateway with CloudFront. The APIGW endpoints are also regional.
Accepted AnswerAWS Shield
2
answers
0
votes
39
views
asked 2 months ago
i am using application balancer , so please tell me how to enable shield standard in my account because when i go to his page , he showing me only 1 button to buy shield advanced , how i can use that help me
1
answers
0
votes
80
views
asked 4 months ago
Hi there, It seems my website is being attacked and AWS Shield Standard is not capable of protecting the site. This is the third time, the website is getting tens of millions of requests in a day. I want to stop getting overcharged due to this AWS shortcoming. Based on the CloudFront usage report, the requests are coming from broad distribution of locations, devices and OS'es. That could be a reason why the standard AWS shield isn't capable of detecting it. Is there any way to limit the rate of requests from an IP? Thanks in advance for any help!
2
answers
0
votes
59
views
asked 5 months ago
Amplify subdomains are not showing up in the list of Shield resources to protect. I have Angular based front-end deployed with AWS Amplify. Since DNS entries are not displayed in Route 53, I was wondering how to protect those endpoints using Shield Advanced.
1
answers
0
votes
86
views
asked 5 months ago
Hi, when enabling AWS Shield Advanced I was unsure if I should enable only for Route 53 or is needed for other services as well. I ask because my infrastructure has CloudFront, Classic Load Balancers and some Elastic IPS which are all behind a Route 53 Hosted Zone. In this scenario enabling AWS Shield Advanced only for Route53 is enough or I need to enable for each of the resources that I have (CF, ELBs, etc)?
1
answers
0
votes
131
views
asked 8 months ago
My website under Route 53 and ALB was flooded once on 12 May but seemed Shield Standard didn't do anything to prevent? Showing 1000 of 9,828,102 records matched: ``` 2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" "-" 2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko" "-" 2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" "-" 2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3599.0 Safari/537.36" "-" 2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko" "-" 2022-05-12T08:01:25.274+08:00 163.172.215.59 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3599.0 Safari/537.36" "-" 2022-05-12T08:01:25.274+08:00 209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3599.0 Safari/537.36" "-" 2022-05-12T08:01:25.274+08:00 51.15.0.133 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3599.0 Safari/537.36" "-" 2022-05-12T08:01:25.274+08:00 51.15.0.133 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3599.0 Safari/537.36" "-" 2022-05-12T08:01:25.274+08:00 51.15.0.133 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Googlebot/2.1; +http://www.google.com/bot.html) Safari/537.36" "-" 2022-05-12T08:01:25.274+08:00 51.15.0.133 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B143 Safari/601.1 (compatible; AdsBot-Google-Mobile; +http://www.google.com/mobile/adsbot.html)" "-" 2022-05-12T08:01:25.274+08:00 175.178.1.47 - - [12/May/2022:00:01:25 +0000] "GET http://azenv.net/ HTTP/1.1" 200 8216 "-" "Go-http-client/1.1" "-" 2022-05-12T08:01:25.274+08:00 20.231.61.213 - - [12/May/2022:00:01:25 +0000] "CONNECT aj-https.my.com:443 HTTP/1.1" 400 157 "-" "-" "-" 2022-05-12T08:01:25.274+08:00 163.172.215.59 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko" "-" 2022-05-12T08:01:25.274+08:00 163.172.215.59 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3599.0 Safari/537.36" "-" 2022-05-12T08:01:25.274+08:00 163.172.215.59 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Linux; Android 5.0; SM-G920A) AppleWebKit (KHTML, like Gecko) Chrome Mobile Safari (compatible; AdsBot-Google-Mobile; +http://www.google.com/mobile/adsbot.html)" "-" 2022-05-12T08:01:25.274+08:00 163.172.215.59 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3599.0 Safari/537.36" "-" 2022-05-12T08:01:25.274+08:00 209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" "-" 2022-05-12T08:01:25.274+08:00 209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3599.0 Safari/537.36" "-" 2022-05-12T08:01:25.274+08:00 209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko" "-" 2022-05-12T08:01:25.274+08:00 209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3599.0 Safari/537.36" "-" 2022-05-12T08:01:25.524+08:00 209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.18247" "-" 2022-05-12T08:01:25.524+08:00 209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like ```
2
answers
0
votes
129
views
asked 8 months ago
Does Shield Advanced include credits for AWS ElastiCache charges in the event of a DDoS attack? ElastiCache auto scaling can scale up in the event of malicious extra demand that can cost the client additional charges.
1
answers
0
votes
64
views
AWS
asked 8 months ago
Hello, I have a S3 bucket with images that should be accessible to an email template which will be sent via AWS Pinpoint. The public access to this S3 bucket is blocked ON. I have created an OAI with CloudFront with which I can access the S3 bucket images on the Pinpoint email template. In the AWS documentation, I see that AWS provides DDoS protection with AWS Shield. Now, there are two options AWS Shield Standards and AWS Shield Advanced. Standard is free of charge for everybody and it says tht it is by default availale to everybody. My question is, does the fact that AWS Shield Standard is free and by default used by everybody, mean that I won't get any DDoS attacks by people trying to access the images from the S3 bucket hidden behind CloudFront distribution? Do I need to explicitly do something with AWS Shield Standard of the protection comes by itself? Thanks you in advance.
1
answers
1
votes
297
views
asked 9 months ago
A customer is asking if they would be charged for queries for a record that does not exists in their authoritative domain. e.g. if they are authoritative for example.com and someone queries for dummy.example.com which doesn't exist, are they charged? I am guessing so but I cannot seem to find this information to make sure I am correct. If the are charged - I know they will ask me how they can prevent someone querying them millions of times for which they would be billed, will Shield Standard protect them from such attacks? Thanks in advance.
1
answers
0
votes
29
views
AWS
Ania_D
asked 3 years ago
  • 1
  • 2
  • 12 / page