AWS Shield Advanced: Requesting a credit - AWS WAF, AWS Firewall Manager, and AWS Shield Advanced

AWS Shield Advanced: Requesting a credit

If you're subscribed to AWS Shield Advanced and you think that a DDoS attack has resulted in additional charges for your protected resources or related services, you can apply for a credit for the charges by submitting a billing case through the AWS Support Center.

If the AWS Shield Advanced team determines that the incident is a valid DDoS attack and that the underlying services scaled to absorb the attack, AWS provides account credit for charges incurred due to the attack. For example, if your legitimate CloudFront data transfer usage during the attack period was 20 GB, but due to the attack you incurred charges for 200 GB of incremental data transfer, AWS provides credit to offset the incremental data transfer charges. AWS automatically applies all credits toward your future monthly bills. Credits are applied towards AWS Shield and cannot be used for payment for other AWS services. Credits are valid for 12 months.


To be eligible for a credit, AWS must receive your credit request by the end of the second billing cycle after the incident occurred.

To request your credit, submit a billing query to the AWS Support Center and provide the following in the query:

  • The words "DDoS Concession" in the subject line

  • The dates and times of each incident interruption that you're claiming

  • The AWS services and specific resources that were affected by the DDoS activity