AWS WAF, AWS Firewall Manager, and AWS Shield Advanced
Developer Guide (API Version 2015-08-24)

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

AWS Shield Advanced: Requesting a Credit

If you are subscribed to AWS Shield Advanced and a DDoS attack results in additional charges for your Amazon CloudFront, Elastic Load Balancing, Route 53 or Amazon EC2 services, you can apply for a credit for the charges by submitting a billing case through the AWS Support Center.

If the AWS Shield Advanced team determines that the incident is a valid DDoS attack and that the underlying services scaled to absorb the attack, AWS provides account credit for charges incurred due to the attack. For example, if your legitimate CloudFront data transfer usage during the attack period was 20 GB, but due to the attack you incurred charges for 200 GB of incremental data transfer, AWS provides credit to offset the incremental data transfer charges. AWS automatically applies all credits toward your future monthly bills. Credits are applied towards AWS Shield and cannot be used for payment for other AWS services. Credits are valid for 12 months.


To be eligible for a credit, AWS must receive your credit request by the end of the second billing cycle after the incident occurred.

To request your credit, submit a billing query to the AWS Support Center that contains the following information:

  • The words "DDoS Concession" in the subject line

  • The dates and times of each incident interruption that you are claiming

  • The AWS services (Amazon CloudFront, Elastic Load Balancing, Route 53, Amazon EC2) and specific resources that were affected by the DDoS activity