AWS Shield | General Flashcards
What is AWS Shield?
General
AWS Shield | Security, Identity & Compliance
AWS Shield is a managed service that provides protection against DDoS attacks for web applications running on AWS. AWS Shield Standard is available to all AWS customers at no additional cost. AWS Shield Advanced is an optional paid service available to AWS Business Support and AWS Enterprise Support customers. AWS Shield Advanced provides additional protections against larger and more sophisticated attacks for your applications running on Elastic Load Balancing (ELB), Amazon CloudFront and Route 53.
What is AWS Shield Standard?
General
AWS Shield | Security, Identity & Compliance
AWS Shield Standard provides protection for all AWS customers against common and most frequently occurring Infrastructure (layer 3 and 4) attacks like SYN/UDP Floods, Reflection attacks, and others to support high availability of your applications on AWS.
What is AWS Shield Advanced?
General
AWS Shield | Security, Identity & Compliance
AWS Shield Advanced provides enhanced protections for your applications running on Elastic Load Balancing (ELB), Amazon CloudFront and Route 53 against larger and more sophisticated attacks. AWS Shield Advanced is available to AWS Business Support and AWS Enterprise Support customers. AWS Shield Advanced protection provides always-on, flow-based monitoring of network traffic and active application monitoring to provide near real-time notifications of DDoS attacks. AWS Shield Advanced also gives customers highly flexible controls over attack mitigations to take actions instantly. Customers can also engage the DDoS Response Team (DRT) 24X7 to manage and mitigate their application layer DDoS attacks. The DDoS cost protection feature of AWS Shield Advanced protects your AWS bill against higher fees due to Elastic Load Balancing (ELB), Amazon CloudFront and Amazon Route 53 usage spikes during a DDoS attack.
What is DDoS cost protection?
General
AWS Shield | Security, Identity & Compliance
AWS Shield Advanced includes DDoS cost protection, a safeguard from scaling charges as a result of a DDoS attack that causes usage spikes on Elastic Load Balancing (ELB), Amazon CloudFront or Amazon Route 53. If any of these services scale up in response to a DDoS attack, you can request credits via the regular AWS Support channel.
Can I use AWS Shield to protect web sites not hosted in AWS?
General
AWS Shield | Security, Identity & Compliance
Yes, AWS Shield is integrated with Amazon CloudFront, which supports custom origins outside of AWS.
Can I use IPv6 with all AWS Shield features?
General
AWS Shield | Security, Identity & Compliance
Yes. All of AWS Shield’s detection and mitigations work with IPv6 and IPv4 without any discernable changes to performance, scalability or availability of the service.
Are there any pre-requisites to activate AWS Shield Advanced?
General
AWS Shield | Security, Identity & Compliance
Yes. The AWS Account you want to subscribe for AWS Shield Advanced must have AWS Business Support or AWS Enterprise Support. See AWS Support website for more details on support plans.
How can I test AWS Shield?
General
AWS Shield | Security, Identity & Compliance
AWS Acceptable Use Policy describes permitted and prohibited behavior on AWS and includes descriptions of prohibited security violations and network abuse. However, because penetration testing and other simulated events are frequently indistinguishable from these activities, we have established a policy for customers to request permission to conduct penetration tests and vulnerability scans to or originating from the AWS environment. Visit our Penetration testing page to request permissions.
In which AWS regions is AWS Shield Standard available?
General
AWS Shield | Security, Identity & Compliance
AWS Shield Standard is available on all AWS services in every AWS Region and AWS edge location worldwide.
Please refer to Regional Products and Services for details of AWS Shield Standard availability by region.
In which AWS regions is AWS Shield Advanced available?
General
AWS Shield | Security, Identity & Compliance
AWS Shield Advanced is available globally on all Amazon CloudFront and Amazon Route 53 edge locations worldwide. You can protect your web applications hosted anywhere in the world by deploying Amazon CloudFront in front of your application. Your origin servers can be Amazon S3, Amazon EC2, Elastic Load Balancing, or a custom server outside of AWS. You can also enable AWS Shield Advanced directly on Elastic Load Balancing in the following AWS Regions - Northern Virginia, Northern California, Oregon, Ireland, and Tokyo.
Please refer to Regional Products and Services for details of AWS Shield Advanced availability by region.