Document revisions
To be notified about updates to this whitepaper, subscribe to the RSS feed.
| Change | Description | Date |
|---|---|---|
Whitepaper update | Added OAC for CloudFront and DNS wildcard cost protection. Expanded discussion of operational techniques, caching, rate-based rules and managed rule groups. Added on-premises into architecture diagram, removed duplication, and clarified text to remove ambiguity. | August 9, 2023 |
Whitepaper update | Revised for clarity; Updated to include latest recommendations and features: Security group connection tracking and Shield Advanced automatic application layer DDoS mitigation. | April 13, 2022 |
Whitepaper update | Updated to include latest recommendations and features. AWS Global Accelerator is added as part of comprehensive protection at the edge. AWS Firewall Manager for centralized monitoring for DDoS events and auto-remediate non-compliant resources. | September 21, 2021 |
Whitepaper update | Updated to clarify cache busting in Detect and Filter Malicious Web Requests (BP1, BP2) section, and ELB and ALB usage in Scale to Absorb (BP6) section. Updated diagrams and Table 2, marked “Choice of Region.” as BP8. Updated BP7 section with more details. | December 18, 2019 |
Whitepaper update | Updated to include AWS WAF logging as a best practice. | December 1, 2018 |
Whitepaper update | Updated to include AWS Shield, AWS WAF features, AWS Firewall Manager, and related best practices. | June 1, 2018 |
Whitepaper update | Added prescriptive architecture guidance and updated to include AWS WAF. | June 1, 2016 |
Initial publication | Whitepaper published. | June 1, 2015 |
