AWS announces AWS Interconnect – multicloud (preview), providing simple, resilient, high-speed private connections to other cloud service providers. AWS Interconnect - multicloud is easy to configure and provides high-speed, resilient connectivity with dedicated bandwidth, enabling customers to interconnect AWS networking services such as AWS Transit Gateway, AWS Cloud WAN, and Amazon VPC to other cloud service providers with ease.
How to trigger a Lambda function when AWS Shield Advanced detects a DDoS attack?
0
I want to trigger a Lambda function whenever the AWS Shield Advanced's DDoSDetected Cloudwatch metric associated with my protected resource changes value to non-zero. How to do that?
- Topics
- ServerlessManagement & GovernanceComputeSecurity, Identity, & ComplianceNetworking & Content Delivery
- Language
- English
asked 2 years ago803 views
1 Answer
- Newest
- Most votes
- Most comments
0
Create a CloudWatch Alarm associated with the DDoSDetected metric. The alarm will trigger a Lambda function.
- Go to the CloudWatch Console, and select All Alarms from the left sidebar.
- Click on Create Alarm.
- Click on Select metric, then from AWS/DDoSProtection / ResourceArn, select the DDoSDetected metric of the specific resource and click on Select metric.
- When specifying metric and conditions, make sure that
- Metric name is DDoSDetected,
- ResourceArn is valid,
- for Statistic, select Maximum,
- for Period, select either 1 minute or lower,
- use Static threshold type, and define the alarm condition whenever DDoSDetected is Greater than 0.
- When configuring actions:
- configure the default notification action, or remove it if you don’t want to receive SNS notifications when the alarm is triggered,
- click on Add Lambda action,
- Choose a function from the dropdown or reference it by the ARN if cross-account.
- Click on Next at the bottom of the page, add alarm name, click on Next again, then review and create the alarm.
answered 2 years ago
Relevant content
- asked a year ago
- AWS OFFICIALUpdated a month ago
- AWS OFFICIALUpdated 5 months ago
While this "How to" is technically correct, AWS does request that the Lambda triggered by a CloudWatch alarm based on 'DDoSDetected' metric should not automatically create a support case- so it should not be the 'Shield Engagement Lambda' for instance.