Policies: DDoS protection
DDoS Protection
AWS provides protection against common, frequently occurring network and transport layer DDoS attacks that target our web applications through its AWS Shield service.
AWS Shield provides always-on network flow monitoring which inspects incoming traffic to AWS and uses a combination of traffic signatures, anomaly algorithms and other analysis techniques to detect malicious traffic in real-time.
Automated mitigation techniques are built-into AWS Shield, giving us protection against infrastructure (Layer 3 and 4) attacks. Automatic mitigations are applied inline to our applications so there is no latency impact. Always-on detection and inline mitigation minimize application downtime and does not require engagement with AWS Support to receive DDoS protection. AWS Shield uses several techniques including deterministic packet filtering, and priority based traffic shaping to mitigate attacks without impact to our applications.
Download the full policies document in the Information and Security article.