AWS Shield | Configuring Protections Flashcards
is AWS Shield HIPAA eligible?
Configuring Protections
AWS Shield | Security, Identity & Compliance
Yes, AWS has expanded its HIPAA compliance program to include AWS Shield as a HIPAA eligible service. If you have an executed Business Associate Agreement (BAA) with AWS, you can use AWS Shield to safeguard your web applications running on AWS from Distributed Denial of Service (DDoS) attacks. For more information, see HIPAA Compliance.
What types of attacks can AWS Shield help me stop?
Configuring Protections
AWS Shield | Security, Identity & Compliance
AWS Shield helps protects your website from all types of DDoS attacks including Infrastructure layer attacks (like UDP floods), State exhaustion attacks (like TCP SYN floods), and Application layer attacks (like HTTP GET or POST floods). See the AWS WAF and AWS Shield Advanced Developer Guide for examples.
What types of attacks can AWS Shield Standard help protect me from?
Configuring Protections
AWS Shield | Security, Identity & Compliance
AWS Shield Standard automatically provides protection for web applications running on AWS against the most common, frequently occurring Infrastructure layer attacks like UDP floods, and State exhaustion attacks like TCP SYN floods. Customers can also use AWS WAF to protect against Application layer attacks like HTTP POST or GET floods. Find more details on how to deploy application layer protections in the AWS WAF and AWS Shield Advanced Developer Guide.
How many resources can I enable for AWS Shield Standard protection?
Configuring Protections
AWS Shield | Security, Identity & Compliance
There is no limit on the number of resources subject to AWS Shield Standard protection. You can get the full benefits of AWS Shield Standard protections by following the best practices of DDoS resiliency on AWS.
How many resources can I enable for AWS Shield Advanced protection?
Configuring Protections
AWS Shield | Security, Identity & Compliance
You can enable up to 100 AWS resources (e.g., load balancers, Amazon CloudFront distributions, Amazon Route 53 delegation sets) for AWS Shield Advanced protection. If you want to enable more than 100, you can request for a limit increase by creating an AWS Support case.
Can I activate AWS Shield Advanced protection via API?
Configuring Protections
AWS Shield | Security, Identity & Compliance
Yes. AWS Shield Advanced can be activated via APIs. You can also add or remove AWS resources from AWS Shield Advanced protection via APIs.