AWS Shield

Definition

AWS Shield is a managed Distributed Denial of Service (DDoS) protection service offered by Amazon Web Services. It provides automatic detection and mitigation of DDoS attacks to safeguard applications running on AWS. AWS Shield comes in two tiers: Standard, which is automatically included at no extra cost for all AWS customers, and Advanced, which offers enhanced protection against more sophisticated attacks and includes additional features such as 24/7 access to the AWS DDoS Response Team (DRT) and detailed attack diagnostics.

Secure Settings Example

{
  "ShieldAdvanced": {
    "ResourceArns": [
      "arn:aws:elasticloadbalancing:us-east-1:123456789012:loadbalancer/app/my-load-balancer/50dc6c495c0c9188"
    ],
    "ProtectionName": "MyLoadBalancerProtection",
    "HealthCheckConfig": {
      "EnableHealthCheck": true,
      "HealthCheckIntervalSeconds": 30
    }
  }
}

Insecure Settings Example

{
  "ShieldAdvanced": {
    "ResourceArns": [],
    "ProtectionName": "MyLoadBalancerProtection",
    "HealthCheckConfig": {
      "EnableHealthCheck": false,
      "HealthCheckIntervalSeconds": 0
    }
  }
}