Is there any visibility into if a DDoS attack occurs on an API Gateway using WAF & Shield Standard?



We are looking to see if there is any visibility into if a DDoS attack occurs on our API Gateway service should it occur. The API Gateway will be protected directly by WAF rules at the L7 application layer. While we can monitor AWS/WAFV2 metrics like BlockedRequests, we also want to know if we could do something similar for L3/L4 attacks.

I see that Shield Advanced has DDoS metrics:

We aren't necessarily looking for this level of granularity, but would like to have data on how many times a DDoS attack occurs so we can decide if we want to upgrade to Shield Advanced for greater insight.

Also, we are not fronting the API Gateway with CloudFront. The APIGW endpoints are also regional.

asked a year ago576 views
2 Answers
Accepted Answer


All customers can access a summary of the events for their account over the prior year. You can see this information under the Getting Started page of the AWS Shield console. For more information, see AWS Shield global and account activity.

To get detailed visibility into DDoS attacks, you will need AWS Shield Advanced.

Best regards

Ricardo Makino

profile pictureAWS
answered a year ago
profile picture
reviewed 4 days ago

If you are looking for L3/L4 DDoS Visibility with AWS WAF & Shield Standard, it's not possible. As you know, AWS WAF is working at application layer so AWS WAF can't provide any L3/L4 DDoS metric for you. Shield Standard can detect/mitigate L3/L4 DDoS for free but it's not provide data you want. If you need data related to DDoS prior to subscribe Shield Advanced, I'd like to suggest you to contact AWS Account Manager to check if you can have a chance to demo Shield Advanced for specific period.

profile pictureAWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions