Description:
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection.
Rationale:
Use Amazon Shield Advanced to protect your AWS-powered web applications from Distributed Denial of Service (DDoS) attacks that can affect the application's availability and response time by overwhelming (flooding) them with traffic from multiple sources. Shield works in conjunction with Elastic Load Balancing (ELB), Cloud Front and AWS Route 53 to protect your applications from different types of DDoS attack
Impact:
AWS Shield Advanced provides intelligent attack detection, mitigation for DDoS attacks initiated at application/network layer and additional mitigation capability for volumetric attacks. Once the Advanced tier is activated, you will get 24/7 access to Amazon DDoS Response Team (DRT) for custom mitigation during attacks, detailed visibility into DDoS events with advanced real time metrics and reports, and cost protection to guard against bill spikes in the aftermath of a Distributed Denial of Service (DDoS) attack. service is also included at no additional cost within the AWS Shield Advanced plan
Default Value:
Shield service is implemented by default on all AWS edge locations to mitigate DDoS attacks and provides two tiers of service - Standard and Advanced
Remediation:
Test Plan:
To Verifying if AWS Shield Advanced plan is enabled within your AWS account, perform the following:
Sign in to the AWS Management Console
open the AWS WAF & Shield console at https://console.aws.amazon.com/wafv2/.
Click Go to AWS Shield to access the service dashboard.
If you are being redirected to the AWS Shield subscription page where the Status value for the AWS Shield Advanced, plan is set to "Not activated"
To enable AWS Shield Advanced tier for your AWS account in order to benefit from advanced DDoS detection and mitigation protection for network layer, transport layer, and application layer attacks, you need to perform the following actions:
Using AWS CLI:
aws shield describe-drt-access
If it gives the nothing then DRT is not enabled
Implementation Steps:
Sign in to the AWS Management Console
open the AWS WAF & Shield console at https://console.aws.amazon.com/wafv2/.
Click Go to AWS Shield to access the service dashboard.
On the AWS Shield subscription page, click Activate AWS Shield Advanced button to subscribe to the Advanced tier and initiate the configuration process.
Choose the AWS resource type and the resource to protect, e.g. an Amazon Cloud Front CDN distribution.
For Name, provide a unique name for the AWS resource that you want to protect, e.g. DDoS-protected Cloud front CDN distribution.
For Web DDoS attack option, select Enable. You will be notified to associate an existing AWS WAF web ACL with the specified resource, or create a new web ACL if you don't have one yet.
Click Proactive engagement to enable advanced DDoS protection for the specified AWS resource.
To protect additional AWS resources (ELBs, Route 53 DNS zone, etc) currently available within your AWS account, select Protected resources from the left navigation panel and repeat steps no. 5 – 8.
Using AWS CLI:
aws shield create-protection --name ddos-protected-cloudfront-web-distribution --resource-arn arn:aws:cloudfront::123456789012:distribution/CDOXVBD32B7DS
Backout Plan:
If you want disable or if want didactive then go to implementation step up to 7step choose disable
Reference:
(Optional) Configure AWS SRT support - AWS WAF, AWS Firewall Manager, and AWS Shield Advanced
Getting started with AWS Shield Advanced - AWS WAF, AWS Firewall Manager, and AWS Shield Advanced