2 Answers
- Newest
- Most votes
- Most comments
1
- If Shield Advanced is enabled at the Organization level then subscription fees($3K/month) is applied at the Org. level, so no separate shield advanced subscription fee for linked/member accounts under the Org. when enabled
- AWS Shield Advanced Data Transfer Out(DTO) Usage Fees(per GB) by protected resources are NOT included in the subscription fees
- Shield Advanced subscription covers the cost of standard AWS WAF capabilities at no additional cost
- Cost per web ACL, cost per rule, and the base price per million requests for web request inspection, up to 1,500 WCUs and up to the default body size(16KB)
- Shield Advanced does NOT cover the costs of Bot Control, the use of Captcha/Challenge rule action, the use of more than 1,500 WCUs in a web ACL, and request body inspection beyond the default body size(up to 64KB for Global WAF and 32KB for Regional WAF)
- Central configuration and compliance through Firewall Manager
- Charges for only AWS WAF and Shield security policies created by Firewall Manager are included with Shield Advanced subscription. It does NOT cover for NACL, Security group and R53 DNS firewall security policies. AWS config rules/usage that firewall manager uses behind the scenes are NOT included.
0
As part of the Shield Advanced subscription, the following charges and benefits are covered:
- DDoS Attack Cost Protection:
- Cost Protection for Scaling: Shield Advanced can absorb the extra scaling costs that arise from a DDoS attack. AWS provides credits for scaling costs directly attributed to a DDoS event, helping to manage unexpected expenses.
- AWS WAF (Web Application Firewall) Charges: If you're using AWS WAF with Shield Advanced, the charges for WAF WebACLs, rule evaluations, and requests are covered.
- AWS Shield Advanced Fees:
- The flat monthly fee for Shield Advanced is charged per protected resource, and additional fees per GB of data transfer for some resource types.
- Protection Across Multiple AWS Services:
- Route 53: DNS query charges for Route 53 are included for protected domains.
- CloudFront: Additional data transfer costs due to DDoS attacks on CloudFront distributions are covered.
- Elastic Load Balancing (ELB): Additional costs arising from DDoS attacks on ELB instances are also covered.
- Elastic IP Addresses: The protection extends to Elastic IP addresses associated with EC2 instances.
- 24/7 Access to DDoS Response Team (DRT):
- You get access to AWS's DDoS Response Team, who can assist in real-time during an attack and help with post-attack analysis.
- Global Threat Environment Dashboard:
- Access to a dashboard that provides insights into DDoS threats detected by AWS and potential impacts on your resources.
- Enhanced Detection and Attack Mitigation:
- Advanced detection techniques for more sophisticated attacks are included, providing better protection for your applications.
- Detailed Attack Diagnostics:
- You get detailed diagnostics and historical attack information to help understand the attack and improve security posture.
- Shield Advanced primarily adds protection and cost management features over the basic Shield Standard offering, which automatically protects against common and most frequently observed DDoS attacks.
answered a year ago
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated a month ago
This is exactly what I was looking for. Thank you!