Questions tagged with AWS Shield
Content language: English
Sort by most recent
I should have access to AWS Shield Advance through EventEngine, unfortunately I am not able to access it. Has anyone run into same problem also? If so how did you overcome it?
Hello
Is my Lightsail instance protected against DDOS by default using AWS Shield Standard ?
Or do I need to setup something for AWS Shield Standard to protect my Lightsail instance against DDOS ?
5 days into this billing cycle, and my Route 53 zone has received over 33 million requests for a particular host that I recently deleted. And the associated DNS record was deleted too. I didn't think I would get billed for a deleted host record, but indeed I am according to the billing dashboard. Some initial query logging suggests that there are clients making many redundant requests for this deleted hostname.
I will most likely add back a record that resolves to 127.0.0.1 with a multi-day TTL. That might make whatever code that's repeating the request to stop asking (as much). But excessive and redundant DNS queries has always been a costly problem that I never could get a handle on. I've dealt with the DDOS attacks on the host service for years, but I've never understood how to firewall Route 53 when these clients make redundant requests.
The ideal solution would be that Route 53 would simply ignore requests for the deleted host name (and not bill me for it).
What are my options?
How do i reduce my data transfer out cost in AWS shield Advanced?
Any heads up to follow?
My api service was up and running on the ec2 instance but suddenly started throwing error message: {"status":false,"message":"failure","result":{"code":0,"message":"Request failed with status code 451","data":{}},"responseCode":500} while any user trying to re-login. The API is allowing new users to register but not allowing to login back.
I fear is it something https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/451. If yes how can I verify?
Hi,
We have an API Gateway with regional endpoints. We have attached WAF to the API Gateway for L7 protection.
Researching how we can further protect our system, [this AWS whitepaper suggests we use CloudFront in front of the API Gateway:](https://docs.aws.amazon.com/whitepapers/latest/security-overview-amazon-api-gateway/security-design-principles.html)
> Amazon CloudFront distributes traffic across multiple edge locations, and filters requests to help ensure that only valid requests will be forwarded to your API Gateway deployments.
I suspect my understanding of the edge network is limited and the answer may be obvious, but can someone expand on this quote or provide further information on why CloudFront helps with DDoS mitigation?
Also as far as I know, CloudFront uses Shield for DDoS mitigation and detection at L3/L4. But Shield Standard is also used in all AWS services, including API Gateway. Are there benefits to using CloudFront for DDoS mitigation and protection beyond Shield?
Hi,
We are looking to see if there is any visibility into if a DDoS attack occurs on our API Gateway service should it occur. The API Gateway will be protected directly by WAF rules at the L7 application layer. While we can monitor AWS/WAFV2 metrics like BlockedRequests, we also want to know if we could do something similar for L3/L4 attacks.
I see that Shield Advanced has DDoS metrics: https://docs.aws.amazon.com/waf/latest/developerguide/ddos-cloudwatch-metrics.html
We aren't necessarily looking for this level of granularity, but would like to have data on how many times a DDoS attack occurs so we can decide if we want to upgrade to Shield Advanced for greater insight.
Also, we are not fronting the API Gateway with CloudFront. The APIGW endpoints are also regional.
i am using application balancer , so please tell me how to enable shield standard in my account because when i go to his page , he showing me only 1 button to buy shield advanced , how i can use that help me
Hi there,
It seems my website is being attacked and AWS Shield Standard is not capable of protecting the site. This is the third time, the website is getting tens of millions of requests in a day. I want to stop getting overcharged due to this AWS shortcoming.
Based on the CloudFront usage report, the requests are coming from broad distribution of locations, devices and OS'es. That could be a reason why the standard AWS shield isn't capable of detecting it.
Is there any way to limit the rate of requests from an IP?
Thanks in advance for any help!
Amplify subdomains are not showing up in the list of Shield resources to protect. I have Angular based front-end deployed with AWS Amplify. Since DNS entries are not displayed in Route 53, I was wondering how to protect those endpoints using Shield Advanced.
Hi, when enabling AWS Shield Advanced I was unsure if I should enable only for Route 53 or is needed for other services as well. I ask because my infrastructure has CloudFront, Classic Load Balancers and some Elastic IPS which are all behind a Route 53 Hosted Zone. In this scenario enabling AWS Shield Advanced only for Route53 is enough or I need to enable for each of the resources that I have (CF, ELBs, etc)?
My website under Route 53 and ALB was flooded once on 12 May but seemed Shield Standard didn't do anything to prevent?
Showing 1000 of 9,828,102 records matched:
```
2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" "-"
2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"
2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" "-"
2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3599.0 Safari/537.36" "-"
2022-05-12T08:01:25.024+08:00 51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko" "-"
2022-05-12T08:01:25.274+08:00 163.172.215.59 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3599.0 Safari/537.36" "-"
2022-05-12T08:01:25.274+08:00 209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3599.0 Safari/537.36" "-"
2022-05-12T08:01:25.274+08:00 51.15.0.133 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3599.0 Safari/537.36" "-"
2022-05-12T08:01:25.274+08:00 51.15.0.133 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3599.0 Safari/537.36" "-"
2022-05-12T08:01:25.274+08:00 51.15.0.133 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Googlebot/2.1; +http://www.google.com/bot.html) Safari/537.36" "-"
2022-05-12T08:01:25.274+08:00 51.15.0.133 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B143 Safari/601.1 (compatible; AdsBot-Google-Mobile; +http://www.google.com/mobile/adsbot.html)" "-"
2022-05-12T08:01:25.274+08:00 175.178.1.47 - - [12/May/2022:00:01:25 +0000] "GET http://azenv.net/ HTTP/1.1" 200 8216 "-" "Go-http-client/1.1" "-"
2022-05-12T08:01:25.274+08:00 20.231.61.213 - - [12/May/2022:00:01:25 +0000] "CONNECT aj-https.my.com:443 HTTP/1.1" 400 157 "-" "-" "-"
2022-05-12T08:01:25.274+08:00 163.172.215.59 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"
2022-05-12T08:01:25.274+08:00 163.172.215.59 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3599.0 Safari/537.36" "-"
2022-05-12T08:01:25.274+08:00 163.172.215.59 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Linux; Android 5.0; SM-G920A) AppleWebKit (KHTML, like Gecko) Chrome Mobile Safari (compatible; AdsBot-Google-Mobile; +http://www.google.com/mobile/adsbot.html)" "-"
2022-05-12T08:01:25.274+08:00 163.172.215.59 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3599.0 Safari/537.36" "-"
2022-05-12T08:01:25.274+08:00 209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" "-"
2022-05-12T08:01:25.274+08:00 209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3599.0 Safari/537.36" "-"
2022-05-12T08:01:25.274+08:00 209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"
2022-05-12T08:01:25.274+08:00 209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3599.0 Safari/537.36" "-"
2022-05-12T08:01:25.524+08:00 209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.18247" "-"
2022-05-12T08:01:25.524+08:00 209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like
```