Resilience and availability
Several forms of DDoS mitigation are included automatically with AWS services. All AWS
customers benefit from the automatic protections of AWS Shield Standard at no additional charge.
AWS Shield Standard defends against most common, frequently occurring network and transport layer
Using services like CloudFront, which are part of the Amazon Global Edge Network
The benefits of using CloudFront include:
-
AWS Shield DDoS mitigation systems that are directly integrated with AWS edge services, reducing time-to-mitigate from minutes to sub-seconds.
-
Stateless SYN flood
mitigation techniques that proxy and verify incoming connections before passing them to the protected service. -
Automatic traffic engineering systems that can disperse or isolate the impact of large volumetric DDoS attacks.
-
Application layer defense, when combined with AWS Web Application Firewall
(AWS WAF), that does not require changing your current application architecture (for example, in an AWS Region or on-premises datacenter). -
CloudFront enables you to cache static content and serve it from AWS edge locations, which can help reduce the load on your origin server
. It can also help reduce server load by preventing non-web traffic from reaching your origin server. -
CloudFront can automatically close connections from slow reading
or slow writing attackers (for example, a Slowloris attack ). -
Protection from HTTP desync attacks
, by integration with HTTP Desync Guardian . -
Built-in application layer (L7) attack mitigations
-
There is no charge for data transfer out from AWS services to CloudFront.