AWS Shield is a managed Distributed Denial of Service protection service. It protects against DDoS attacks on Magento sites running on AWS. Shield offers automatic detection and mitigations to minimize Magento downtime and latency.
AWS Shield Standard defends against common network and transport layer DDoS attacks that target Magento websites. It is automatically enabled for all AWS customers at no additional cost.
AWS Shield Advanced offers protection against sophisticated and larger attacks. The sites may run on EC2, Elastic Load Balancing, and CloudFront. It also includes Global Accelerator and Amazon Route 53.
Types of AWS Shield
AWS Shield Standard
The AWS resources automatically have AWS Shield Standard enabled at no charge. It defends against common network and transport layer DDoS attacks targeting your Magento websites.
You can combine the AWS Shield Standard with Amazon CloudFront and Route 53. It provides availability protection against all known AWS infrastructure Layer 3 and 4 attacks.
DDoS protection with a static threshold for underlying AWS services
AWS Shield Standard has always-on network flow monitoring. It inspects incoming traffic to AWS services and applies traffic signatures and anomaly algorithms to detect malicious traffic in real-time.
Inline attack mitigation
AWS Shield Standard tier uses automated mitigation techniques. It protects underlying AWS services from common infrastructure attacks. The mitigations are applied inline to avoid any latency impact. Shield Standard uses packet filtering and priority traffic shaping techniques. It allows you to mitigate all basic network layer attacks automatically.
AWS Shield Advanced
AWS Shield Advanced offers a higher level of defence against attacks on Magento sites. It includes Elastic IP, Elastic Load Balancing, and Amazon CloudFront. Services such as AWS Global Accelerator or Amazon Route 53 are also secured. In addition to the network and transport layer protections, Shield Advanced offers mitigation against more complex DDoS attacks. It includes near real-time visibility for attacks and AWS WAF, a web application firewall. Shield Advanced provides 24/7 access to the AWS Shield Response Team to mitigate edge cases affecting your Magento site availability. It offers protection against DDoS-related spikes for EC2, ELB, CloudFront, Global Accelerator, and Route 53 resources.
Tailored detection based on Magento traffic patterns
Shield Advanced offers detection based on Magento site traffic patterns. It uses region and resource monitoring to alert you on smaller DDoS attacks. The service detects suspicious application layer attacks. The attacks include HTTP floods or DNS query floods. It baselines the traffic on your Magento application to identify any anomalies.
Health-based detection
Define a health check in Route 53 and associate it with resources protected by Shield Advanced. Improve the DDoS resiliency of Magento stores. Apply health-based detection to all resource types that Shield Advanced supports.
Advanced attack mitigation
With advanced routing techniques, Shield Advanced automatically deploys mitigation. It helps to protect Magento sites against DDoS attacks. AWS WAF is used to set up proactive rules like rate-based blocking. It blocks heavy requests from attacking the source IP addresses.
Automatic application layer DDoS mitigation
Automatically protect Magento sites by mitigating application layer DDoS events. Shield Advanced requires no manual intervention by the AWS SRT. Create WAF rules to mitigate attacks automatically. It lets you quickly respond to DDoS events to prevent application downtime.
Proactive event response
Get proactive engagement from the SRT when a DDoS attack is detected. The SRT directly contacts you if there is an unhealthy resource on Route 53 health check.
Protection groups
Bundle resources into protection groups to customize DDoS mitigation for the Magento 2 websites. Resource grouping improves the accuracy of detection. It eases the protection of newly created resources. You can quickly mitigate attacks against multiple resources.
Visibility and attack notification
Shield Advanced gives you complete visibility of DDoS attacks. It offers real-time notifications via Amazon CloudWatch. Get detailed information on the AWS WAF and AWS Shield console or APIs.
DDoS cost protection
The DDoS cost protection is used to avoid scaling charges from DDoS-related spikes. Resources may scale up in response to a DDoS attack. If it happens, you can request Shield Advanced credits via the support channel.
Specialized support
AWS Shield Advanced offers 24/7 support for users on Business or Enterprise support plans. The SRT helps identify the root causes of the attacks. The expert team applies mitigations on your behalf.
Global availability
AWS Shield Advanced is available globally on Amazon CloudFront, Global Accelerator, and Route 53 edge locations. Protect your Magento sites hosted anywhere in the world by deploying CloudFront. The origin server can be Amazon S3, EC2, ELB, or a custom server outside of AWS.
Centralized protection management
The AWS Firewall Manager is used to apply Shield Advanced and AWS WAF protections across the organization. You can configure policies on multiple accounts and resources. The Firewall Manager automatically audits the accounts. It ensures that Shield Advanced and AWS WAF protections are applied. Developers can quickly deploy new Magento Open source and Adobe Commerce site features. The protections are applied automatically with Advanced Shield.