How much time does Shield Advanced needed to propagate the protection plan to all edge locations?
A customer is wondering how much time does it need to take effect if they enable Shield Advanced to protect CloudFront?
The customer has a HTTP-based service which wants to leverage CloudFront and Shield Advanced to protect their origin. However, there is an additional data transfer out fee apply to Shield Advanced. They'd like to optimize the cost, thus they proposed the following solution.
- They will manually enable the protection when the data transfer grows up to a certain value. (or automate this by using API)
- They will disable the protection when the attack stops
Does anyone known how much time does it needed to propagate the protection plan to all edge locations?
- 최신
- 최다 투표
- 가장 많은 댓글
AWS Shield Advanced does not change how CloudFront mitigates attacks. Activating or deactivating a Protected Resource during an attack would not have any positive effect.
The benefit of adding the CloudFront distribution as a protected resource is that the traffic to that distribution will be baselined for the purpose of attack detection. This requires the resource to be permanently added as a Protected Resource. Similarly, the other benefits of AWS Shield Advanced, like AWS WAF at no additional cost, Cost Protection, and the SLA require the resource to be continuously subscribed.
관련 콘텐츠
AWS 공식업데이트됨 일 년 전- AWS 공식업데이트됨 8달 전
