Engage SRT (Shield Advanced subscribers only)

In addition, when subscribed to Shield Advanced, you can engage the AWS SRT to help you create rules to mitigate an attack that is hurting your application’s availability. You can grant AWS SRT limited access to your account’s AWS Shield Advanced and AWS WAF APIs. AWS SRT accesses these APIs to place mitigations on your account only with your explicit authorization. For more information, refer to the Support section of this document.

You can use AWS Firewall Manager to centrally configure and manage security rules, such as AWS Shield Advanced protections and AWS WAF rules, across your organization. Your AWS Organizations management account can designate an administrator account, which is authorized to create Firewall Manager policies. These policies allow you to define criteria, such as resource type and tags, which determine where rules are applied. This is useful when you have multiple accounts and want to standardize your protection.

For more information about:

AWS Managed Rules for AWS WAF, refer to AWS Managed Rules for AWS WAF.
Using geographic restriction to limit access to your CloudFront distribution, refer to Restricting the geographic distribution of your content.
Using AWS WAF, refer to:
Configuring rate-based rules, refer to Protect Web Sites and Services Using Rate-Based Rules for AWS WAF.
How to manage the deployment of rules across your AWS resources with Firewall Manager, see:
- Getting started with Firewall Manager AWS WAF policies.
- Getting started with Firewall Manager Shield Advanced policies.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Automatically mitigate application-layer DDoS events (BP1, BP2, BP6)

Attack surface reduction