Best Practices for Anti-DDoS - AWS WAF, AWS Firewall Manager, AWS Shield Advanced, and AWS Shield network security director

Introducing a new console experience for AWS WAF

You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see Working with the updated console experience.

Best Practices for Anti-DDoS

  • Enable protection during normal traffic periods – This allows the protection to establish baseline traffic patterns before responding to attacks. Add protection when you are not experiencing an attack and allow time for baseline establishment.

  • Monitor metrics regularly – Review CloudWatch metrics to understand traffic patterns and protection effectiveness.

  • Consider proactive mode for critical applications – While reactive mode is recommended for most use cases, consider using proactive mode for applications that require continuous protection against known threats.

  • Test in staging environments – Before enabling protection in production, test and tune settings in a staging environment to understand the impact on legitimate traffic.