Please enable JavaScript.

Coggle requires JavaScript to display documents.

Shield & WAF demo - Coggle Diagram

- - - - Quick detection
        
        AWS Shield Standard provides always-on network flow monitoring that inspects incoming traffic to AWS and uses a combination of traffic signatures, anomaly algorithms, and other analysis techniques to detect malicious traffic in real time.
      - Inline Attack mitigation
        
        Automatic mitigations are applied inline to your applications so that there is no impact to latency. A
        
        WS Shield Standard uses several techniques, such as deterministic packet filtering and priority-based traffic shaping, to automatically mitigate attacks without impact to your applications.
        
        You can also mitigate application-layer DDoS attacks by writing rules using AWS WAF.
        
        When you use AWS Shield Standard with CloudFront and Route 53, you receive comprehensive availability protection against all known infrastructure (Layer 3 and 4) attacks.
  - - - ADvanced detection
        
        you have 24/7 access to the AWS DDoS Response Team (DRT), whom you can engage before, during, or after a DDoS attack. The DRT helps triage the incidents, identify root causes, and apply mitigations on your behalf. You can also engage with the DRT for any post-attack analysis.
      - Advanced Attack Mitigation
        
        provides you with more sophisticated automatic mitigations for attacks targeting your applications running on Amazon EC2, Elastic Load Balancing, CloudFront, and Route 53 resources. Using advanced routing techniques, AWS Shield Advanced provides additional mitigation capacity to protect against larger DDoS attacks.
        
        The DRT also applies manual mitigations for more complex and sophisticated DDoS attacks.
        
        For application-layer attacks, you can use AWS WAF to respond to incidents.
        
        With AWS WAF, you can set up proactive rules like Rate Based Blacklisting to automatically block bad traffic or respond immediately to incidents as they happen.
        
        There is no additional charge for using AWS WAF for application-layer protection. You can also engage directly with the DRT to place AWS WAF rules on your behalf, in response to an application layer DDoS attack. The DRT will diagnose the attack and, with your permission, apply mitigations on your behalf.
        
        DDOS cost protection
        
        Safeguard from scaling charges because of a DDoS attack that causes usage spikes on Amazon EC2, Elastic Load Balancing, CloudFront, or Route 53. If any of these services scale up in response to a DDoS attack, AWS will provide AWS Shield service credits for charges as the result of usage spikes.
      - Attack notificaton
        
        You gain complete visibility into DDoS attacks with near-real-time notification through CloudWatch and detailed diagnostics on the AWS WAF and AWS Shield console. Working with the DRT, you can access post-event analysis and investigation. You can also view a summary of prior attacks from the console.
      - Specilaized Support
        
        AWS Shield Advanced provides enhanced detection, inspecting network flows, and also monitoring application-layer traffic to your Elastic IP address, Elastic Load Balancing, CloudFront, or Route 53 resources. Using additional techniques, such as resource-specific monitoring, AWS Shield Advanced provides granular detection of DDoS attacks and also detects application-layer DDoS attacks, such as HTTP floods or DNS query floods, by baselining traffic on your resource and identifying anomalies.
      - Global Availablity
        
        AWS Shield Advanced is available globally on all CloudFront and Route 53 edge locations. You can protect your web applications hosted anywhere in the world by deploying CloudFront in front of your application. Your origin servers can be Amazon S3, Amazon EC2, Elastic Load Balancing, or a custom server outside of AWS. You can also enable AWS Shield Advanced directly on an Elastic IP address or Elastic Load Balancing load balancer in these AWS Regions: Northern Virginia, Oregon, Ireland, Tokyo, and Northern California.