AWS Shield
Protects networks and applications by analyzing network security configurations and providing managed DDoS protection
What is AWS Shield?
AWS Shield protects networks and applications by identifying network security configuration issues and defending applications against active web exploitation and distributed denial of service (DDoS) events. AWS Shield does this by offering two key capabilities:
AWS Shield network security director (in preview) performs an analysis of your resources to help you visualize your network topology, identify configuration issues, and receive actionable remediation recommendations.
AWS Shield Advanced offers managed DDoS protection for continuous automatic mitigation of sophisticated DDoS events to minimize application downtime and latency. You can customize your DDoS protection strategy using application-specific security controls and expert guidance from the Shield Response Team during active DDoS incidents.
Benefits of AWS Shield
Visualize network resources and configuration issues (preview)
Discover network security issues through an assessment of your AWS resources and configurations. Get a clear visualization of your network topology that prioritizes misconfigured or overlooked resources, helping you to spot where additional protection is needed. Available with AWS Shield network security director (preview).
Quickly respond to network security issues with actionable recommendations (preview)
Accelerate response using recommended services and rule sets to mitigate each configuration issue. Together with Amazon Q Developer, you can use natural language to easily get answers and recommendations about your network security posture. Available with AWS Shield network security director (preview).
Protect applications with automatic DDoS detection and mitigation
With AWS Shield Advanced, get automatic inline mitigation that detects and blocks sophisticated DDoS events across layers 3, 4, and 7. This protection leverages AWS global threat intelligence to protect against evolving threats to safeguard applications without manual intervention. This reduces operational overhead of your security teams.
Reduce risks with customized application protection
Secure your applications with protection tailored specifically to your traffic patterns. As your applications face evolving threats like HTTP floods or DNS query floods, the system automatically baselines your normal traffic. This allows you to detect anomalies instantly, giving you a dynamic defense that adapts to your unique application behavior.
Use cases
Implement network security best practices (preview)
Protect applications against internet-borne threats and overly permissive access by implementing a network security strategy that follows AWS best practices.
Visualize network resources and configuration issues (preview)
View your network topology and configured services through an interactive visualization to quickly identify security issues and understand resource relationships across your environment.