How much time does Shield Advanced needed to propagate the protection plan to all edge locations?
A customer is wondering how much time does it need to take effect if they enable Shield Advanced to protect CloudFront?
The customer has a HTTP-based service which wants to leverage CloudFront and Shield Advanced to protect their origin. However, there is an additional data transfer out fee apply to Shield Advanced. They'd like to optimize the cost, thus they proposed the following solution.
- They will manually enable the protection when the data transfer grows up to a certain value. (or automate this by using API)
- They will disable the protection when the attack stops
Does anyone known how much time does it needed to propagate the protection plan to all edge locations?
- Newest
- Most votes
- Most comments
AWS Shield Advanced does not change how CloudFront mitigates attacks. Activating or deactivating a Protected Resource during an attack would not have any positive effect.
The benefit of adding the CloudFront distribution as a protected resource is that the traffic to that distribution will be baselined for the purpose of attack detection. This requires the resource to be permanently added as a Protected Resource. Similarly, the other benefits of AWS Shield Advanced, like AWS WAF at no additional cost, Cost Protection, and the SLA require the resource to be continuously subscribed.
Relevant content
- Can I cancel Shield Advanced before the minimum subscription period if it doesn't satisfy our needs?Accepted Answerasked a year ago
- asked 2 years ago
- Accepted Answerasked 5 months ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated a year ago
