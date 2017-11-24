AWS Shield Advanced previously protected HTTP/TCP applications running on Amazon CloudFront, Elastic Load Balancing, and Amazon Route 53. For non-TCP based applications (for instance, UDP or SIP) that had to run on EC2 or NLB, AWS Shield Standard provided the protection against most common infrastructure layer DDoS attacks. Now, with AWS Shield Advanced on Elastic IP, you get the benefits of AWS Shield Advanced for internet-facing application running directly on EC2, including additional detection and mitigation against large and sophisticated DDoS attacks, near-real-time attack visibility, access to Amazon’s 24×7 DDoS Response Team (DRT), and economic protections against DDoS-related spikes in your EC2 or NLB charges. Working with DRT, you can define custom DDoS mitigation profiles for your applications to ensure optimal response to current or future attacks.

With this release, AWS Shield Advanced customers also gain access to new, near-real time reports and CloudWatch metrics that provide deeper insight into DDoS attack vectors. For infrastructure layer attacks, you see which IPs, ASNs, or countries are the top sources of attack traffic. For application layer attacks, you can get visibility into top referrers, destination URLs and user-agents that sourced the attack. This allows you to craft effective mitigations in AWS WAF or seek DRT help in deploying custom mitigations. We have also updated the recently announced global threat environment dashboard to give you better awareness of the global DDoS environment, including attacks by region and the overall size and frequency of attacks across AWS.

