Overview

AWS Shield safeguards applications against DDoS attacks, ensuring availability and responsiveness. It offers two tiers: AWS Shield Standard and AWS Shield Advanced.

How It Works

1. Always-On Detection: Automatically detects and mitigates network-level DDoS events.
2. Inline Mitigations: Minimizes application downtime and latency during attacks.
3. Customization: Integrates with Shield Response Team (SRT) protocol or AWS WAF for tailored protection.

Benefits

1. Granular Protection: Safeguard applications and APIs from SYN floods, UDP floods, and reflection attacks.
2. Latency-Sensitive Apps: Deploy inline mitigations like deterministic packet filtering.
3. Resource-Level Control: Monitor and protect up to 1,000 resource types per AWS account.

Limitations

1. Standard vs. Advanced: Shield Standard defends against common DDoS attacks, while Shield Advanced provides more robust protection.
2. No User Groups as Principals: Groups relate to permissions, not authentication.

Use Cases

1. Web Applications and APIs: Scrub bad traffic at specific layers.
2. Latency-Sensitive Services: Prevent basic network-layer attacks.
3. Resource Protection: Activate automatic detection and mitigation for various resource types.