DDoS Protection on AWS

• AWS Shield Standard: protects against DDoS attack for your website and applications, for all customers at no additional costs
• AWS Shield Advanced: 24/7 premium DDoS protection
• AWS WAF: Filter specific requests based on rules

AWS Shield

• AWS Shield Standard:
  • Free service that is activated for every AWS customer
  • Provides protection from attacks such as SYN/UDP Floods, Reflection attacks and other layer 3/layer 4 attacks
• AWS Shield Advanced:
  • Optional DDoS mitigation service ($3,000 per month per organization)
  • Protect against more sophisticated attack on Amazon EC2, Elastic Load Balancing (ELB), Amazon CloudFront, AWS Global Accelerator, and Route 53
  • 24/7 access to AWS DDoS response team (DRP)

AWS WAF – Web Application Firewall

• Protects your web applications from common web exploits (Layer 7)
• Define Web ACL (Web Access Control List):
  • Rules can include: IP addresses, HTTP headers, HTTP body, or URI strings
  • Protects from common attack - SQL injection and Cross-Site Scripting (XSS)
  • Size constraints, geo-match (block countries)
  • Rate-based rules (to count occurrences of events) – for DDoS protection

Amazon Inspector

• For EC2 instances • Leveraging the AWS System Manager (SSM) agent • Analyze against unintended network accessibility • Analyze the running OS against known vulnerabilities
• For Container Images push to Amazon ECR • Assessment of Container Images as they are pushed
• For Lambda Functions • Identifies software vulnerabilities in function code and package dependencies • Assessment of functions as they are deployed
• Reporting & integration with AWS Security Hub
• Send findings to Amazon Event Bridge

Amazon GuardDuty

• Intelligent Threat discovery to protect your AWS Account

• Analyze Input logs for threat discovery and then send results into EventBridge.

• Inputdat can include:

  • CloudTrail Event logs
  • VPC Flow logs
  • EKS logs
  • DNS logs