Skip to main content

AWS Shield

Protects networks and applications by analyzing network security configurations and providing managed DDoS protection

Get started with Shield

What is AWS Shield?

AWS Shield protects networks and applications by identifying network security configuration issues and defending applications against active web exploitation and distributed denial of service (DDoS) events. AWS Shield does this by offering two key capabilities: 

AWS Shield network security director (in preview) performs an analysis of your resources to help you visualize your network topology, identify configuration issues, and receive actionable remediation recommendations.

AWS Shield Advanced offers managed DDoS protection for continuous automatic mitigation of sophisticated DDoS events to minimize application downtime and latency. You can customize your DDoS protection strategy using application-specific security controls and expert guidance from the Shield Response Team during active DDoS incidents. 

      

Benefits of AWS Shield

Discover network security issues through an assessment of your AWS resources and configurations. Get a clear visualization of your network topology that prioritizes misconfigured or overlooked resources, helping you to spot where additional protection is needed. Available with AWS Shield network security director (preview).

Start a network analysis now.

Accelerate response using recommended services and rule sets to mitigate each configuration issue. Together with Amazon Q Developer, you can use natural language to easily get answers and recommendations about your network security posture. Available with AWS Shield network security director (preview).

With AWS Shield Advanced, get automatic inline mitigation that detects and blocks sophisticated DDoS events across layers 3, 4, and 7. This protection leverages AWS global threat intelligence to protect against evolving threats to safeguard applications without manual intervention. This reduces operational overhead of your security teams.

Secure your applications with protection tailored specifically to your traffic patterns. As your applications face evolving threats like HTTP floods or DNS query floods, the system automatically baselines your normal traffic. This allows you to detect anomalies instantly, giving you a dynamic defense that adapts to your unique application behavior.

Use cases

Protect applications against internet-borne threats and overly permissive access by implementing a network security strategy that follows AWS best practices.

View your network topology and configured services through an interactive visualization to quickly identify security issues and understand resource relationships across your environment.
Protect applications and APIs from SYN floods, UDP floods, or other reflection attacks.

Learn more about protecting web applications and APIs
Deploy inline mitigations such as deterministic packet filtering and priority-based traffic shaping to stop basic network-layer attacks.

Learn more about protecting latency-sensitive applications