AWS Best Practices for DDoS Resiliency - AWS Best Practices for DDoS Resiliency

AWS Best Practices for DDoS Resiliency

Publication date: December 2019 (Document Revisions)


You work to protect your business from the impact of Distributed Denial of Service (DDoS) attacks, as well as other cyberattacks. You want to keep your customers’ trust in your service by maintaining the availability and responsiveness of your application. And you want to avoid unnecessary direct costs when your infrastructure must scale in response to an attack.

Amazon Web Services (AWS) is committed to providing you with tools, best practices, and services to help ensure high availability, security, and resiliency to defend against bad actors on the internet.

In this whitepaper, we provide you with prescriptive DDoS guidance to improve the resiliency of your applications running on AWS, including a DDoS-resilient reference architecture that can be used as a guide to help protect application availability. We describe different attack types, such as infrastructure layer attacks and application layer attacks, and explain which best practices are most effective to manage each attack type. We also outline the services and features that fit into a DDoS mitigation strategy, and how each one can be used to help protect your applications.

The paper is intended for IT decision makers and security engineers who are familiar with the basic concepts of networking, security, and AWS. Each section has links to AWS documentation that provides more detail on the best practice or capability.