By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Urgent Assistance Needed: Persistent DDoS Attacks on my API hosted on AWS EC2 Instance

0

Dear AWS Community,

I am reaching out to you today as I am in desperate need of expert assistance regarding a persistent DDoS (Distributed Denial of Service) attack on my API, which is hosted on an AWS EC2 instance. Despite diligently following various security guides, including those provided by AWS, I continue to experience relentless attacks on my domain and subdomains.

I have taken several measures to protect my infrastructure, such as implementing AWS Shield, configuring AWS WAF (Web Application Firewall), and leveraging Elastic Load Balancers to distribute traffic. However, these efforts have not been sufficient in mitigating the ongoing DDoS attacks. These attacks are adversely affecting the availability and stability of my services, causing significant disruptions to my users and my business.

In light of this situation, I am humbly seeking the expertise and guidance of the AWS community to help me overcome this challenge. I have exhausted my own ideas and resources, and I firmly believe that engaging with knowledgeable experts like yourselves will provide valuable insights and potential solutions.

I kindly request any advice, best practices, or advanced techniques that can be employed to further fortify my API hosted on an AWS EC2 instance against these persistent DDoS attacks. If there are additional security measures, configurations, or AWS services that I may have overlooked, I would greatly appreciate guidance in identifying them.

I understand that AWS provides comprehensive documentation, forums, and support channels, which I have already explored extensively. However, I believe that reaching out directly to the AWS community will provide me with tailored insights specific to my situation and help me navigate this challenging security landscape effectively.

Thank you in advance for your time and consideration.

Sincerely, Kees

Topics
Security, Identity, & Compliance
Tags
Security, Identity, & Compliance
Language
English
rePost-User-9496381
asked a year ago238 views
1 Answer
0

Kees,

Starting with the DDoS-resilient architecture presented in the DDoS White Paper would probably be a good baseline to leverage Amazon CloudFront, AWS Global Accelerator, and Amazon Route 53 to build comprehensive availability protection against all known infrastructure layer attacks. It would enable the following benefits:

  • Access to internet and DDoS mitigation capacity across the AWS Global Edge Network. This is useful in mitigating larger volumetric attacks, which can reach terabit scale.
  • AWS Shield DDoS mitigation systems are integrated with AWS edge services, reducing time-to-mitigate from minutes to sub second.
  • Stateless SYN Flood mitigation techniques proxy and verify incoming connections before passing them to the protected service. This ensures that only valid connections reach your application while protecting your legitimate end users against false positives drops.
  • Automatic traffic engineering systems that disperse or isolate the impact of large volumetric DDoS attacks. All of these services isolate attacks at the source before they reach your origin, which means less impact on systems protected by these services.
  • Application layer defense when combined with AWS WAF that does not require changing current application architecture (for example, in an AWS Region or onpremises data center). There is no charge for inbound data transfer on AWS and you do not pay for DDoS attack traffic that is mitigated by AWS Shield.

Further, you've mentioned that you are using Shield. Have you enabled the Advanced tier which provides additional protections beyond the Standard tier?

AWS
Rajarshi_D
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content