AWS provides a comprehensive suite of security services to protect your cloud infrastructure. This post covers AWS Shield for DDoS protection, AWS WAF for filtering malicious web traffic, AWS KMS for encryption key management, and security best practices for building a defense-in-depth security posture on AWS.
AWS Security
AWS Shield : Protect from DDoS attack
- DDoS: Distributed Denial of Service - many requests at the same time
- AWS Shield Standard:
- Free Service that is activated for every AWS customer
- Provides protection from attacks such as SYN/UDP Floods, Reflection attacks and other layer 3/ layer 4 attacks
- AWS Shields Advanced:
- Optional DDos mitigation service($3000 per month per organization)
- Protect against more sophisticated attack on Amazon EC2, Elastic Load Balancing (ELB), Amazon Cloudfront, AWS Global Accelerator and Route 53
- 24/7 access to AWS DDos response team (DRP)
- Protect against higher fees during usage spikes due to DDoS
- Shield Advanced automatic application layer DDoS mitigation automatically creates, evaluates and deploys AWS WAF rules to mitigate layer 7 attacks
Frequently Asked Questions
What is AWS Shield?
AWS Shield is a managed DDoS protection service that safeguards AWS applications against Distributed Denial of Service attacks; Shield Standard is free for all AWS customers, while Shield Advanced provides enhanced protection with 24/7 access to the AWS DDoS Response Team.
What is AWS WAF?
AWS WAF (Web Application Firewall) is a security service that lets you create rules to block common web exploits like SQL injection and cross-site scripting (XSS) that could affect application availability or security.