How much time does Shield Advanced needed to propagate the protection plan to all edge locations?
A customer is wondering how much time does it need to take effect if they enable Shield Advanced to protect CloudFront?
The customer has a HTTP-based service which wants to leverage CloudFront and Shield Advanced to protect their origin. However, there is an additional data transfer out fee apply to Shield Advanced. They'd like to optimize the cost, thus they proposed the following solution.
- They will manually enable the protection when the data transfer grows up to a certain value. (or automate this by using API)
- They will disable the protection when the attack stops
Does anyone known how much time does it needed to propagate the protection plan to all edge locations?
- 新しい順
- 投票が多い順
- コメントが多い順
AWS Shield Advanced does not change how CloudFront mitigates attacks. Activating or deactivating a Protected Resource during an attack would not have any positive effect.
The benefit of adding the CloudFront distribution as a protected resource is that the traffic to that distribution will be baselined for the purpose of attack detection. This requires the resource to be permanently added as a Protected Resource. Similarly, the other benefits of AWS Shield Advanced, like AWS WAF at no additional cost, Cost Protection, and the SLA require the resource to be continuously subscribed.
関連するコンテンツ
AWS公式更新しました 2年前- AWS公式更新しました 7ヶ月前
- AWS公式更新しました 1年前
- AWS公式更新しました 1年前
