1. Navigate to AWS Shield in the Management Console
Log in to the AWS Management Console.
From the Services menu, select AWS Shield under the Security, Identity, & Compliance section.
This will take you to the AWS Shield Dashboard, where you can monitor and manage Distributed Denial of Service (DDoS) protection for your AWS resources.
On the AWS Shield Dashboard, view the current protection status. Here, you can see an overview of ongoing or past DDoS attacks, protected resources, and the status of DDoS protections.
Protected Resources:
In the left-hand menu, click on Protected resources to review the list of AWS resources (e.g., Elastic Load Balancers, CloudFront distributions, Route 53 hosted zones) that are protected by AWS Shield.
Events:
Select Events from the left-hand menu to view any DDoS events that have been detected and mitigated. This section provides information about the event’s start and end time, type, and the resources affected.
3. Exploring the AWS Well-Architected Framework Pillars
On the AWS Shield Dashboard, review the status of current and past DDoS events. Regular monitoring of the dashboard ensures that your environment is consistently protected against DDoS attacks, helping you identify patterns or areas that may need operational improvements.
Protected Resources Management:
Under Protected resources, verify that the critical applications (e.g., Elastic Load Balancers, CloudFront distributions) are included in the list of protected resources. Regularly reviewing and updating the list ensures all critical resources have DDoS protection in place, supporting operational resilience.
Event Insights:
In the Events section, review details of past DDoS incidents, including mitigation actions taken by AWS Shield. Understanding the types of attacks and responses provides insights into the operational effectiveness of your DDoS defense strategies.
On the Dashboard, review whether you are using AWS Shield Standard (automatically available at no additional cost) or AWS Shield Advanced. AWS Shield Advanced offers enhanced DDoS protection, cost protection, and 24/7 access to the AWS DDoS Response Team (DRT), providing a stronger security posture.
Protected Resources:
Under Protected resources, verify that mission-critical resources are protected. Shield Advanced users should ensure that resources like Amazon EC2, Elastic Load Balancers, CloudFront distributions, and Route 53 hosted zones are listed as protected resources.
Attack Mitigation and Detection:
In the Events section, review past DDoS events and Shield’s automatic mitigation actions. AWS Shield automatically detects and mitigates common DDoS attacks, which enhances the security of your applications by preventing service interruptions.
AWS WAF Integration:
For Shield Advanced users, check if AWS Web Application Firewall (WAF) is integrated for additional protection against layer 7 attacks. WAF integration with Shield Advanced provides an extra layer of security by filtering malicious traffic at the application level.
AWS Shield Standard automatically protects resources from common DDoS attacks. Under the Events section, review the details of mitigated attacks to ensure that the automatic mitigation capabilities are functioning as expected, maintaining the reliability of your applications.
Shield Advanced Protection:
If using AWS Shield Advanced, review the Protected resources list to confirm that all critical resources have enhanced DDoS protection. Shield Advanced provides additional protections, such as real-time attack visibility and 24/7 access to the AWS DDoS Response Team (DRT), which enhances the overall reliability of your environment.
Attack Analytics:
In the Events section, analyze the details of previous attacks, including their duration, type, and the resources impacted. This analysis can inform strategies to improve your application's reliability by identifying vulnerabilities and enhancing defenses.
If using AWS Shield Advanced, note that it provides cost protection for DDoS-related scaling and data transfer fees. This feature helps mitigate unexpected costs resulting from scaling resources during a DDoS attack.
Evaluate Protection Needs:
Under Protected resources, assess the resources currently protected by AWS Shield. Shield Standard is automatically available at no extra cost, while Shield Advanced incurs additional charges. Protect only those resources that truly require enhanced DDoS protection to optimize costs.
Analyze Event Impact:
In the Events section, review the types and frequency of DDoS attacks. Understanding the attack patterns and impact can help determine if the cost of Shield Advanced is justified for your use case, optimizing your security expenditure.
AWS Shield provides automated DDoS mitigation at both the network and application layers. Review the Events section to analyze how Shield efficiently mitigated attacks, ensuring that your applications remain available and performant during potential disruptions.
Integration with Other AWS Services:
Verify that critical services like CloudFront, Elastic Load Balancing, and Route 53 are listed under Protected resources. Shield's integration with these services helps efficiently manage and distribute incoming traffic, optimizing performance even during DDoS events.
Real-Time Monitoring:
For Shield Advanced users, the Events section provides real-time visibility into ongoing DDoS incidents. Use this real-time data to optimize performance by quickly responding to incidents and adjusting configurations if needed.
Check if Amazon CloudWatch is integrated with AWS Shield (only configurable with Shield Advanced). With CloudWatch, you can set up alarms for DDoS-related events, providing proactive monitoring to ensure your applications are protected efficiently.
AWS Config and Security Hub:
If AWS Config and Security Hub are enabled, review compliance findings related to DDoS protection for your AWS resources. This helps ensure that your Shield configurations align with security best practices.