Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Are Lightsail instances protected against DDOS by default using AWS Shield Standard ?

0

Hello

Is my Lightsail instance protected against DDOS by default using AWS Shield Standard ?

Or do I need to setup something for AWS Shield Standard to protect my Lightsail instance against DDOS ?

Argomenti
ComputazionaliSicurezza, identità e conformità
Tag
Amazon LightsailAWS ShieldProtezione DDOS
Lingua
English
rePost-User-2758834
posta un anno fa1934 visualizzazioni
3 Risposte
1
Risposta accettata

Yes Lightsail has some protection from L3/4 attacks by default from Shield Standard, however having EC2 instances directly exposed to the internet is not well-architected. In order to protect against layer 7 attacks you would need to front your Lightsail instance with a self-managed ALB or CloudFront distribution with a well-configured AWS WAF WebACL associated.

While Shield Advanced offers many benefits, the $3K per-month subscription cost does not make sense for all customers.

Please look at AWS Best Practices for DDoS Resiliency for more information on being well-architected and configuring useful AWS WAF rules to prevent malicious traffic from reaching your servers.

AWS
AWS-User-knoxy
con risposta 5 mesi fa
1

As AWS Shield Standard protects at level 3 and 4, Lightsail would be protected. But what application is running on your Lightsail server? Would that benefit from level 7 protection? What other services you want to delete from your wishlist?

  • additional detection and mitigation against large and sophisticated DDoS attacks
  • near real-time visibility into attacks
  • integration with AWS WAF
  • protection against DDoS-related spikes
  • region- and resource-specific monitoring techniques
  • 24/7 access to the Shield Response Team

My 2ct: unless 100% sure basic protection will do and/or you can survive outages, use the Advanced version by default.

Rgds, Henk

rePost-User-6942080
con risposta un anno fa
-1

https://www.google.com/search?client=firefox-b-d&q=aws+lightsail++ddos No DDoS protection by default (but snapshots are available for a fee).

rePost-User-6942080
con risposta un anno fa
  • rePost-User-2758834
    un anno fa

    It looks that you got this info from vpsbenchmarks website Do you have other sources ? Why are you talking about snapshot ?

    I read here https://console.aws.amazon.com/wafv2/shieldv2 that "Standardized protection for the underlying AWS service" is activated for AWS Shield Standard, and "On by default"/"Free and enabled by default"

    I think Lightsail is an underlying AWS service, so I guess that Lightsail instances are protected against DDOS by default using AWS Shield Standard.

    If someone can confirm or refute, it would be appreciated.

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente