{"id":97779,"date":"2024-10-17T18:07:45","date_gmt":"2024-10-17T12:37:45","guid":{"rendered":"https:\/\/www.whizlabs.com\/blog\/?p=97779"},"modified":"2024-10-17T18:10:20","modified_gmt":"2024-10-17T12:40:20","slug":"mitigating-ddos-attacks-aws-security","status":"publish","type":"post","link":"https:\/\/www.whizlabs.com\/blog\/mitigating-ddos-attacks-aws-security\/","title":{"rendered":"Mitigating DDoS Attacks on AWS with Security Specialty Certification Knowledge"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">In this blog let&#8217;s discuss the various protection measures against DDoS attacks including the AWS Shield in its various forms, edge locations, resilient infrastructure, and integration of best security practices. We will also learn how the <\/span><a href=\"https:\/\/www.whizlabs.com\/aws-certified-security-specialty\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">AWS Certified Security Specialty certification <\/span><\/a><span style=\"font-weight: 400;\">equips professionals with the tools and knowledge necessary to proactively protect their cloud environments.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In a DDoS attack, malicious actors using multiple machines generate large volumes of packets or requests that overwhelm the target system and aim to disrupt the normal traffic of a targeted system.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">AWS cloud environments are susceptible to the adverse effects of distributed denial-of-service (DoS) attacks which attempt to affect the availability of a targeted system to legitimate end users.\u00a0\u00a0<\/span><\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 ez-toc-wrap-left counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #ea7e02;color:#ea7e02\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #ea7e02;color:#ea7e02\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.whizlabs.com\/blog\/mitigating-ddos-attacks-aws-security\/#Amazon_Shield\" >Amazon Shield<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.whizlabs.com\/blog\/mitigating-ddos-attacks-aws-security\/#Amazon_Shield_Standard\" >Amazon Shield Standard<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.whizlabs.com\/blog\/mitigating-ddos-attacks-aws-security\/#Amazon_Shield_Standard-2\" >Amazon Shield Standard<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.whizlabs.com\/blog\/mitigating-ddos-attacks-aws-security\/#Implement_Resilient_DDoS-Resistant_Architecture\" >Implement Resilient DDoS-Resistant Architecture<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.whizlabs.com\/blog\/mitigating-ddos-attacks-aws-security\/#AWS_Security_Best_Practices\" >AWS Security Best Practices<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.whizlabs.com\/blog\/mitigating-ddos-attacks-aws-security\/#Conclusion\" >Conclusion<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Amazon_Shield\"><\/span><span style=\"font-weight: 400;\">Amazon Shield <\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">AWS offers a managed DDoS protection service called AWS Shield, which is dedicated to preventing or mitigating the effects of DDoS attacks by automatically detecting and responding to such attacks. AWS Shield comes in two versions, namely Shield Standard and Shield Advanced, as shown below<\/span><\/p>\n<p><img decoding=\"async\" class=\"aligncenter wp-image-97782 size-large\" src=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/10\/AWS-shield-managed-DDoS-protection-1024x576.webp\" alt=\"AWS-shield-managed-DDoS-protection\" width=\"1024\" height=\"576\" srcset=\"https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/10\/AWS-shield-managed-DDoS-protection-1024x576.webp 1024w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/10\/AWS-shield-managed-DDoS-protection-300x169.webp 300w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/10\/AWS-shield-managed-DDoS-protection-768x432.webp 768w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/10\/AWS-shield-managed-DDoS-protection-150x84.webp 150w, https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/10\/AWS-shield-managed-DDoS-protection.webp 1536w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Amazon_Shield_Standard\"><\/span><span style=\"font-weight: 400;\">Amazon Shield Standard<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The <\/span><a href=\"https:\/\/aws.amazon.com\/shield\/\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">AWS Shield standard<\/span><\/a><span style=\"font-weight: 400;\"> protects the organization against all known layer 4 DDoS attacks. It integrates seamlessly into the entire AWS environment and automatically protects all AWS customers at no additional cost. The protection covers DDoS attacks for various resources including Amazon Route 53 hosted zones, Amazon CloudFront distributions, and AWS Global Accelerator standard accelerators. AWS Shield comprises the following capabilities.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Static threshold DDoS protection: <\/b><span style=\"font-weight: 400;\">The AWS Shield Standard provides continuous network flow monitoring, inspecting incoming traffic to AWS services. It uses a combination of analytical techniques such as traffic signatures and anomaly algorithms to detect DDoS malicious traffic in real time. However, the protection thresholds set for each AWS Shield Standard service are static and the services do not provide custom protections to applications.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Inline attack mitigation<\/b><span style=\"font-weight: 400;\">: This comprises built-in automated mitigation techniques that provide the underlying AWS services with protection against common and frequently occurring infrastructure attacks. The automatic mitigations are deployed inline to protect AWS services against DDoS attacks which eliminates any latency impact. This enables faster detection and resolution of DDoS attacks thereby contributing to a secure AWS environment.\u00a0<\/span><\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Amazon_Shield_Standard-2\"><\/span><span style=\"font-weight: 400;\">Amazon Shield Standard<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">AWS Shield Advanced offers a more extensive service and incorporates a support team, AWS Wireless Application Firewall (WAF), and AWS Firewall Manager. It comes with an additional cost and provides a higher level of protection.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Advanced DDoS detection and mitigation techniques<\/b><span style=\"font-weight: 400;\">: AWS Shield Advanced employs advanced detection and mitigation techniques against complex DDoS attacks based on traffic patterns. It provides customized detection based on traffic patterns to protect elastic IP addresses, ELB, CloudFront, Global Accelerator, and Route 53 resources.\u00a0 This includes protection against DDoS attacks that target the application layer, such as HTTP floods and DNS query floods, which may not be adequately mitigated by the AWS Shield Standard. It adds region- and resource-specific monitoring techniques to detect and alert an organization of smaller DDoS attacks. This feature allows organizations to detect, understand, and respond to DDoS threats more efficiently and effectively.<\/span><\/li>\n<\/ul>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Integration with AWS WAF: <\/b><span style=\"font-weight: 400;\">AWS Shield Advanced seamlessly integrates with AWS WAF, providing an additional layer of DDoS protection at no additional cost. This integration allows for a more comprehensive defense strategy, protecting against more nuanced and sophisticated threats targeting application vulnerabilities. An organization can easily create customized mitigations against illegitimate requests which may indicate impending DDoS attacks. AWS<\/span> <span style=\"font-weight: 400;\">Shield Advanced can create, evaluate, and deploy WAF rules in Web ACLs to automatically mitigate a DDoS attack, or an organization can activate them in count-only mode. The AWS Firewall Manager can also be configured to provide centralized management of security policies at no additional cost<\/span><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Autoscaling<\/b><span style=\"font-weight: 400;\">: DDoS attacks often aim to overwhelm resources by flooding them with traffic. An effective countermeasure is to design the system architecture for scalability. Using AWS Shield\u2019s auto-scaling capabilities ensures that infrastructure can handle sudden spikes in traffic without compromising performance or availability. This not only helps absorb the impact of the DDoS attack but also ensures that legitimate traffic is not adversely affected.<\/span><\/li>\n<\/ul>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>AWS Shield Response Team (SRT): <\/b><span style=\"font-weight: 400;\">AWS Shield Advanced subscribers can also effectively deal with DDoS attacks 24\/7 and have direct access to the AWS SRT<\/span><span style=\"font-weight: 400;\">. This team provides guidance and support, helping to manage and mitigate attacks as they occur. For example, once an organization identifies an indication of a DDoS attack, it can quickly contact the AWS SRT and instantly get the necessary guidance for mitigating it. An organization can also engage directly with the AWS SRT to place custom AWS WAF rules on behalf in response to an application layer DDoS attack. The team will diagnose the attack and, with permission, apply mitigations on behalf of the organization. This reduces the length of time that applications might be affected by an ongoing DDoS attack<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Health-based detection<\/b><span style=\"font-weight: 400;\">: AWS Shield Advanced uses the health of applications to improve responsiveness and accuracy in attack detection and mitigation. Health checks associated with the application improve the detection sensitivity of Shield Advanced. An organization can define a health check in all resource types that Shield Advanced supports such as Elastic IP, ELB, CloudFront, Global Accelerator, and Route 53, and associate it with a resource protected by AWS Shield Advanced through the console or API. This allows AWS Shield Advanced to detect attacks that affect application health more quickly and at lower traffic thresholds, improving the resiliency of the DDoS application and preventing false positive notifications.\u00a0<\/span><\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Implement_Resilient_DDoS-Resistant_Architecture\"><\/span><span style=\"font-weight: 400;\">Implement Resilient DDoS-Resistant Architecture<\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">When building applications, it is critical to ensure a resilient architecture that can prevent DDoS attacks. This architecture should provide an additional layer of network infrastructure that is crucial in mitigating DDoS attacks. This is referred to as edge location DDoS mitigation and is achieved through the use of\u00a0 Amazon CloudFront, Amazon Global Accelerator, and Route 53.<\/span><\/p>\n<p><b>Amazon CloudFront<\/b><span style=\"font-weight: 400;\">: To mitigate against DDoS attacks, an organization can deploy Amazon CloudFront as a Content Delivery Network (CDN) to distribute web application content globally. Amazon CloudFront captures content at edge locations, reducing latency, improving overall application performance, and serving static content from edge locations. This provides DDoS protection at the edge, helping to mitigate common attacks such as SYN floods and UDP reflection attacks. This also helps protect the backend by reducing the load on origin servers during DDoS attacks. <\/span><a href=\"https:\/\/www.whizlabs.com\/blog\/aws-cloudfront-introduction\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Amazon CloudFront <\/span><\/a><span style=\"font-weight: 400;\">also has geo-blocking features to block specific regions if an organization identifies patterns of DDoS attacks originating from those particular regions. One crucial benefit of Amazon CloudFront is that it automatically scales to manage larger DDoS attacks, thus providing an even more resilient architecture.\u00a0<\/span><\/p>\n<p><b>Amazon Global Accelerator: <\/b><span style=\"font-weight: 400;\">The Amazon Global Accelerator can be deployed to access applications from the edge, as it provides static IP addresses that function as a fixed entry point to the application. This feature directs traffic over the AWS global network to the optimal AWS endpoint, reducing latency and improving availability. It integrates with AWS Shield, combining the benefits of any mapped IP address from AWS Global Accelerator with AWS Shield DDoS protection. It can also be deployed as an alternative to Amazon CloudFront and improves the DDoS resilience of the application when serving any type of application traffic from edge locations distributed around the world. An organization can run an application in any AWS Region and use these services to protect application availability and optimize the performance of the application for legitimate end users. This is useful in mitigating larger volumetric DDoS attacks, which can reach the terabit scale.<\/span><\/p>\n<p><b>Route 53: <\/b><span style=\"font-weight: 400;\">Route 53 is a scalable and universally available Domain Name Service (DNS) web service that provides fast and reliable domain name resolution at the edge through a global network of DNS servers. It includes built-in DDoS protection, helping to mitigate DNS-based DDoS attacks. It automatically scales to manage large volumes of queries, providing resiliency against DDoS attacks targeting the DNS infrastructure.\u00a0<\/span><\/p>\n<h2><span class=\"ez-toc-section\" id=\"AWS_Security_Best_Practices\"><\/span><span style=\"font-weight: 400;\">AWS Security Best Practices <\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The following best practices provide another layer for DDoS attacks and should form part of the overall security architecture of an organization.<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Reduce attack surface area: <\/b><span style=\"font-weight: 400;\">Minimizing the DDoS attack surface limits the available options for attackers and allows an organization to concentrate on its mitigation efforts. Reducing the attack surface can be achieved through several techniques including the following.<\/span><\/li>\n<\/ul>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Deny unexpected requests<\/b><span style=\"font-weight: 400;\">: Rules can be implemented to reduce the attack surface of the application by denying any unexpected request patterns. This can be achieved by writing rules to deny requests with URLs that do not adhere to API URL requirements including requests with HTTP verbs that are not supported by API and host header values that are not part of domain names. Such rules block undesired traffic immediately reducing the likelihood of DDoS attacks.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Implement rate-limiting rules:<\/b><span style=\"font-weight: 400;\"> These aggregate requests according to a configured dimension such as IP, then block traffic if the aggregated request volume exceeds configured thresholds within a certain duration. Rate limits block offending traffic until their volume drops below configured thresholds This functionality can be implemented in AWS WAF and significantly reduces the risk of DDoS attacks.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Enforce bot control<\/b><span style=\"font-weight: 400;\">: The objective of bot control is to protect against DDoS attacks caused by evasive bots such as HTTP floods. Bot Management is achieved through several functionalities techniques provided by AWS WAF Bot Control including behavioural detections, ML-based detection, and CAPTCHA challenges. Detection and mitigation of DDoS attacks using bot control occur instantly.\u00a0\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Deploy Amazon CloudWatch<\/b><span style=\"font-weight: 400;\">: It is also crucial to configure Amazon CloudWatch alarms for AWS Shield and AWS WAF to receive notifications when an organization is under DDoS attacks.<\/span> <span style=\"font-weight: 400;\">Amazon CloudWatch provides real-time monitoring and logging, setting up alarms for unusual activity allowing the organization to take immediate actions to prevent further damage.\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Deploy AWS Cloud Trail: <\/b><a href=\"https:\/\/www.whizlabs.com\/blog\/aws-cloudtrail\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">AWS CloudTrail<\/span><\/a><span style=\"font-weight: 400;\"> should be incorporated for the continuous logging, monitoring, and retention of account activity related to actions across the AWS infrastructure. This feature provides deep insight into the operation of the system and potential DDoS threats.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>DDoS Resiliency Assessment Runbook<\/b><span style=\"font-weight: 400;\">: To audit the configuration of AWS Shield Advanced, the organization should run the in-DDoS Resiliency Assessment Runbook in AWS Systems Manager. The runbook collects and analyses a variety of AWS resources including Amazon Route 53, Amazon CloudFront, AWS Global Accelerator, and AWS Elastic IPs<\/span><span style=\"font-weight: 400;\">. It examines their configuration settings in accordance with the recommended best practices that are geared toward DDoS mitigation.\u00a0\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Perform regular systems updates: <\/b><span style=\"font-weight: 400;\">\u00a0Regularly updating and patching systems, encrypting data in transit and at rest, and employing robust authentication and authorization mechanisms are also critical in safeguarding exposed clouding resources against DDoS attacks.\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li aria-level=\"1\"><b>Develop an Incident Response Plan (IRP): <\/b><span style=\"font-weight: 400;\">Despite the best preventive measures, the possibility of a DDoS attack cannot be entirely ruled out in AWS Cloud environments. It is therefore critical to have a well-structured incident response plan as a playbook during these critical times. The IRP should detail the steps to be taken in the event of a DDoS attack and the procedures to be followed in restoring operations.\u00a0<\/span><\/li>\n<\/ul>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Test for DDoS resilience<\/b><span style=\"font-weight: 400;\">: Regular drills and simulations of potential DDoS attack scenarios are also crucial in ensuring that the organization is well prepared to respond effectively and efficiently in a real-world DDoS track situation. An organization can run a simulated DDoS attack in production traffic with an approved AWS Partner or conduct a synthetic simulated DDoS attack with the AWS Shield Response Team.\u00a0<\/span><\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Conclusion\"><\/span><span style=\"font-weight: 400;\">Conclusion <\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><a href=\"https:\/\/aws.amazon.com\/shield\/ddos-attack-protection\/\" target=\"_blank\" rel=\"nofollow noopener\"><span style=\"font-weight: 400;\">DDoS protection<\/span><\/a><span style=\"font-weight: 400;\"> is a critical activity in the AWS cloud environments and there are a number of features to achieve this purpose. The major method of protection is to deploy AWS Shield with its standard and advanced features. The other important method is to protect DDoS attacks at the edge mainly through the deployment of the Amazon CloudFront and the AWS Global Accelerator. These should be deployed in unison to achieve a DDoS-resilient architecture. Best security practices such as reducing the attack surface, performing regular updates, and undertaking continuous monitoring also play a key role in DDoS protection<\/span><b>.\u00a0\u00a0<\/b><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this blog let&#8217;s discuss the various protection measures against DDoS attacks including the AWS Shield in its various forms, edge locations, resilient infrastructure, and integration of best security practices. We will also learn how the AWS Certified Security Specialty certification equips professionals with the tools and knowledge necessary to proactively protect their cloud environments. In a DDoS attack, malicious actors using multiple machines generate large volumes of packets or requests that overwhelm the target system and aim to disrupt the normal traffic of a targeted system. AWS cloud environments are susceptible to the adverse effects of distributed denial-of-service (DoS) [&hellip;]<\/p>\n","protected":false},"author":415,"featured_media":97792,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"default","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[4,10],"tags":[5229,5230,5228],"class_list":["post-97779","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-aws-certifications","category-cloud-computing-certifications","tag-aws-security","tag-aws-shield","tag-ddos-attacks"],"uagb_featured_image_src":{"full":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/10\/mitigating-DDoS-attack-aws-security.webp",1536,864,false],"thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/10\/mitigating-DDoS-attack-aws-security-150x150.webp",150,150,true],"medium":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/10\/mitigating-DDoS-attack-aws-security-300x169.webp",300,169,true],"medium_large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/10\/mitigating-DDoS-attack-aws-security-768x432.webp",768,432,true],"large":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/10\/mitigating-DDoS-attack-aws-security-1024x576.webp",1024,576,true],"1536x1536":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/10\/mitigating-DDoS-attack-aws-security.webp",1536,864,false],"2048x2048":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/10\/mitigating-DDoS-attack-aws-security.webp",1536,864,false],"profile_24":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/10\/mitigating-DDoS-attack-aws-security-24x24.webp",24,24,true],"profile_48":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/10\/mitigating-DDoS-attack-aws-security-48x48.webp",48,48,true],"profile_96":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/10\/mitigating-DDoS-attack-aws-security-96x96.webp",96,96,true],"profile_150":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/10\/mitigating-DDoS-attack-aws-security-150x150.webp",150,150,true],"profile_300":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/10\/mitigating-DDoS-attack-aws-security-300x300.webp",300,300,true],"tptn_thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/10\/mitigating-DDoS-attack-aws-security-250x250.webp",250,250,true],"web-stories-poster-portrait":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/10\/mitigating-DDoS-attack-aws-security-640x853.webp",640,853,true],"web-stories-publisher-logo":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/10\/mitigating-DDoS-attack-aws-security-96x96.webp",96,96,true],"web-stories-thumbnail":["https:\/\/www.whizlabs.com\/blog\/wp-content\/uploads\/2024\/10\/mitigating-DDoS-attack-aws-security-150x84.webp",150,84,true]},"uagb_author_info":{"display_name":"Sudha Maniraj","author_link":"https:\/\/www.whizlabs.com\/blog\/author\/sudha-maniraj\/"},"uagb_comment_info":2,"uagb_excerpt":"In this blog let&#8217;s discuss the various protection measures against DDoS attacks including the AWS Shield in its various forms, edge locations, resilient infrastructure, and integration of best security practices. We will also learn how the AWS Certified Security Specialty certification equips professionals with the tools and knowledge necessary to proactively protect their cloud environments.&hellip;","_links":{"self":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/97779","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/users\/415"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/comments?post=97779"}],"version-history":[{"count":4,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/97779\/revisions"}],"predecessor-version":[{"id":97793,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/posts\/97779\/revisions\/97793"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media\/97792"}],"wp:attachment":[{"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/media?parent=97779"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/categories?post=97779"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whizlabs.com\/blog\/wp-json\/wp\/v2\/tags?post=97779"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}