Getting started with AWS Shield

AWS Shield provides expanded DDoS attack protection for your AWS resources. Get 24/7 support from our Shield Response Team and detailed visibility into DDoS events.

Compare Tiers

Whether you are running multiple mission-critical web applications on AWS and want visibility and protection from larger and more sophisticated attacks, or you are running a single web application on AWS and looking to get started with protection against common DDoS attacks, AWS Shield provides built-in protection, and access to tools, services and expertise to help you protect your applications on AWS.

AWS Shield Standard

For protection against most common DDoS attacks, and access to tools and best practices to build a DDoS resilient architecture.
Automatically available on all AWS services.

To detect and automatically mitigate layer 7 DDoS events, enable the application layer (L7) DDoS protection AWS Managed Rule group.

AWS Shield Advanced

For additional protection against larger and more sophisticated attacks, visibility into attacks, and 24x7 access to DDoS experts for complex cases. See the AWS Shield Advanced Service Level Agreement.

Available on:
HAQM Route 53
HAQM CloudFront
Elastic Load Balancing
AWS Global Accelerator
Elastic IP (HAQM Elastic Compute Cloud and Network Load Balancer)

To detect and automatically mitigate layer 7 DDoS events, enable the application layer (L7) DDoS protection AWS Managed Rule group.

FEATURE

AWS SHIELD STANDARD

AWS SHIELD ADVANCED*

Active Traffic Monitoring

Network flow monitoring

Yes

Yes

Automatic always-on detection

Yes

Yes

Application traffic monitoring

x

Yes

Attack Mitigations

Protection from common DDoS attacks (e.g. SYN floods, ACK floods, UDP floods, Reflection attacks)

Yes

Yes

Automatic inline mitigation

Yes

Yes

Additional DDoS mitigation capacity for large attacks

x

Yes

Automatic application layer (L7) DDoS mitigations

x

Yes

Self-service application layer (Layer 7) mitigations

Yes, using AWS WAF

Yes, using AWS WAF

SRT-driven application layer (Layer 7) mitigations

x

Yes, with Shield Response Team

Instant rule updates

Yes, using AWS WAF

Yes, using AWS WAF

AWS WAF for app vulnerability protection

Yes, using AWS WAF

Yes, using AWS WAF

Visibility and Reporting

Layer 3/Layer 4 attack notification

x

Yes

Layer 7 attack notification

x

Yes

Layer 3/Layer 4/ Layer 7 attack historical report

x

Yes

Shield Response Team and Support

DDoS protection best practices/architecture review

Yes, self-service

Yes

Custom mitigations during attacks

x

Yes, with Enterprise or Business support

Post attack analysis

x

Yes, with Enterprise or Business support

DDoS Cost Protection (Service credits for DDoS scaling charges)

HAQM Route 53

x

Yes

HAQM CloudFront

x

Yes

Elastic Load Balancing (ELB)

x

Yes

HAQM Elastic Compute Cloud (EC2)

x

Yes

Note: AWS Shield Advanced benefits, including DDoS cost protection, are subject to your fulfillment of the 1-year subscription commitment.

Web Application Firewall (WAF)

Self-service

Yes

Yes

API access/integration

Yes

Yes

Flexible rules engine

Yes

Yes

Fast rule propagation

Yes

Yes

Pricing

See Pricing

Included at no additional charge with AWS Shield Advanced for resources protected in AWS Shield Advanced

Cost

Monthly

x

Yes, see Pricing (Subject to 1-year subscription)

Usage based

x

Yes, see Pricing

SLA

x

Yes

Read AWS Shield FAQs

Visit the FAQs page
Ready to build?
Get started with AWS Shield
Have more questions?
Contact us