Skip to main content

Getting started with AWS Shield

Protects networks and applications by analyzing network security configurations and providing managed DDoS protection

Sign in to the AWS Shield Console

Managed DDoS Protection

AWS Shield offers two tiers of DDoS protection to safeguard your applications. AWS Shield Standard, included at no extra cost with AWS services, provides essential DDoS defense. AWS Shield Advanced offers enhanced protection capabilities and expert support. Compare these tiers to find the right protection to fit the needs of your applications.

AWS Shield Standard

For protection against most common DDoS events and access to tools and best practices to build a DDoS resilient architecture. Automatically available on all AWS services.

AWS Shield Advanced

For additional protection against larger and more sophisticated events, visibility into events, and 24x7 access to DDoS experts for complex cases. See the AWS Shield Advanced Service Level Agreement.

Available on:
Amazon Route 53
Amazon CloudFront
Elastic Load Balancing
AWS Global Accelerator
Elastic IP (Amazon Elastic Compute Cloud and Network Load Balancer)

Enable the AWS WAF Application Layer (L7) DDoS protection AWS Managed Rule group to automatically detect and defend against layer 7 DDoS events.

Compare Tiers

AWS Shield Advanced benefits, including DDoS cost protection, are subject to your fulfillment of the 1-year subscription commitment.*

FEATURE
AWS SHIELD STANDARD
AWS SHIELD ADVANCED*
Network flow monitoring

Yes

Yes
Automatic always-on detection

Yes

Yes
Application traffic monitoring

x

Yes
Protection from common DDoS events (e.g. SYN floods, ACK floods, UDP floods, Reflection events)

Yes

Yes
Automatic inline mitigation

Yes

Yes
Additional DDoS mitigation capacity for large events

x

Yes
Automatic application layer (L7) DDoS mitigations

Available at an additional cost

Yes
Self-service application layer (layer 7) mitigations

Yes, using AWS WAF

Yes, using AWS WAF
SRT-driven application layer (layer 7) mitigations

x

Yes, with Shield Response Team
Instant rule updates

Yes, using AWS WAF

Yes, using AWS WAF
AWS WAF for app vulnerability protection

Yes, using AWS WAF

Yes, using AWS WAF
Layer 3/Layer 4 event notification

x

Yes
Layer 7 event notification

x

Yes
Layer 3/Layer 4/ Layer 7 event historical report

x

Yes
Shield Response Team: DDoS protection best practices/architecture review

Yes, self-service

Yes
Shield Response Team: Custom mitigations during events

x

Yes, with Enterprise or Business support
Shield Response Team: Post event analysis

x

Yes, with Enterprise or Business support
DDoS Cost Protection: Amazon Route 53

x

Yes
DDoS Cost Protection: Amazon CloudFront

x

Yes
DDoS Cost Protection: Elastic Load Balancing (ELB)

x

Yes
DDoS Cost Protection: Amazon Elastic Compute Cloud (EC2)

x

Yes
AWF WAF: Self-service

Yes

Yes
AWF WAF: API access/integration

Yes

Yes
AWS WAF: Flexible rules engine

Yes

Yes
AWS WAF: Fast rule propagation

Yes

Yes
AWS WAF: Pricing

See Pricing

Included at no additional charge with AWS Shield Advanced for resources protected up to 50 billion WAF requests per calendar month per subscribed payer account.
AWS WAF: Monthly

x

Yes, see Pricing (Subject to 1-year subscription)
AWS WAF: Usage based

x

Yes, see Pricing
AWS WAF: SLA

x

Yes