AWS Shield Advanced with Route 53


Hi, when enabling AWS Shield Advanced I was unsure if I should enable only for Route 53 or is needed for other services as well. I ask because my infrastructure has CloudFront, Classic Load Balancers and some Elastic IPS which are all behind a Route 53 Hosted Zone. In this scenario enabling AWS Shield Advanced only for Route53 is enough or I need to enable for each of the resources that I have (CF, ELBs, etc)?

2 Antworten

I think it'd be worth reaching out to your local AWS Solutions Architect and/or account team to discuss your requirements here.

However, to answer your question: Shield Advanced covers all of the services you mention. If you're going to enable it, you wouldn't just enable it for Route 53 (and that's not quite how it works in any case). it covers your entire workload.

profile pictureAWS
beantwortet vor 2 Jahren

Just because the authoritative DNS for an AWS resource is on Route53, does not mean the resource is 'behind a Route 53 Hosted Zone'. That's not how DNS works.

You need to enable Shield Advanced Protection for each resource that you want enhanced detection, mitigation or cost protection for.

beantwortet vor 5 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen