Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Are Lightsail instances protected against DDOS by default using AWS Shield Standard ?

0

Hello

Is my Lightsail instance protected against DDOS by default using AWS Shield Standard ?

Or do I need to setup something for AWS Shield Standard to protect my Lightsail instance against DDOS ?

Themen
KalkulationSicherheit, Identität & Konformität
Tags
Amazon LightsailAWS ShieldDDOS-Schutz
Sprache
English
rePost-User-2758834
gefragt vor einem Jahr1934 Aufrufe
3 Antworten
1
Akzeptierte Antwort

Yes Lightsail has some protection from L3/4 attacks by default from Shield Standard, however having EC2 instances directly exposed to the internet is not well-architected. In order to protect against layer 7 attacks you would need to front your Lightsail instance with a self-managed ALB or CloudFront distribution with a well-configured AWS WAF WebACL associated.

While Shield Advanced offers many benefits, the $3K per-month subscription cost does not make sense for all customers.

Please look at AWS Best Practices for DDoS Resiliency for more information on being well-architected and configuring useful AWS WAF rules to prevent malicious traffic from reaching your servers.

AWS
AWS-User-knoxy
beantwortet vor 5 Monaten
1

As AWS Shield Standard protects at level 3 and 4, Lightsail would be protected. But what application is running on your Lightsail server? Would that benefit from level 7 protection? What other services you want to delete from your wishlist?

  • additional detection and mitigation against large and sophisticated DDoS attacks
  • near real-time visibility into attacks
  • integration with AWS WAF
  • protection against DDoS-related spikes
  • region- and resource-specific monitoring techniques
  • 24/7 access to the Shield Response Team

My 2ct: unless 100% sure basic protection will do and/or you can survive outages, use the Advanced version by default.

Rgds, Henk

rePost-User-6942080
beantwortet vor einem Jahr
-1

https://www.google.com/search?client=firefox-b-d&q=aws+lightsail++ddos No DDoS protection by default (but snapshots are available for a fee).

rePost-User-6942080
beantwortet vor einem Jahr
  • rePost-User-2758834
    vor einem Jahr

    It looks that you got this info from vpsbenchmarks website Do you have other sources ? Why are you talking about snapshot ?

    I read here https://console.aws.amazon.com/wafv2/shieldv2 that "Standardized protection for the underlying AWS service" is activated for AWS Shield Standard, and "On by default"/"Free and enabled by default"

    I think Lightsail is an underlying AWS service, so I guess that Lightsail instances are protected against DDOS by default using AWS Shield Standard.

    If someone can confirm or refute, it would be appreciated.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt