AWS Shield Advanced provides enhanced detection, inspecting network flows and also monitoring application layer traffic to your Elastic Load Balancing (ELB), Amazon CloudFront, or Amazon Route 53 resources. Using additional techniques like resource specific monitoring, AWS Shield Advanced provides granular detection of DDoS attacks. AWS Shield Advanced detects application layer DDoS attacks like HTTP floods or DNS query floods by baselining traffic on your resource and identifying anomalies.
In addition to the benefits of AWS Shield Standard, AWS Shield Advanced provides you with more sophisticated automatic mitigations. The AWS DDoS Response Team (DRT) also applies manual mitigations for more complex and sophisticated DDoS attacks. Using advanced routing techniques, AWS Shield Advanced automatically provides additional mitigation capacity to protect against large DDoS attacks. For application layer attacks, you can use AWS WAF to respond to incidents. With AWS WAF you can set up proactive rules like Rate Based Blacklisting to automatically block bad traffic, or respond immediately to incidents as they happen. There is no additional charge for using AWS WAF for application layer protection. You can also engage with the DRT on a per-incident or prior authorization basis. The DRT will diagnose the attack and, with your permission, apply mitigations on your behalf.
AWS Shield Advanced gives you complete visibility into DDoS attacks with near real-time notification via Amazon CloudWatch. Working with the DDoS Response Team (DRT) you can access post-event analysis and investigation. You can also view a summary of prior attacks from the “AWS WAF and AWS Shield” Management Console.
With AWS Shield Advanced you have access to a 24X7 DDoS Response Team (DRT), who can be engaged before, during, or after a DDoS attack. The DRT will help triage the incidents, identify root causes, and apply mitigations on your behalf. You can also engage with the DRT for any post attack analysis.
AWS Shield Advanced comes with “DDoS cost protection”, a safeguard from scaling charges as a result of a DDoS attack that cause usage spikes on Elastic Load Balancing (ELB), Amazon CloudFront or Amazon Route 53. If any of these services scale up in response to a DDoS attack, AWS will provide service credits for charges due to usage spikes. For more details on how to request service credits, please go to AWS Shield Documentation.