使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

Are Lightsail instances protected against DDOS by default using AWS Shield Standard ?

0

Hello

Is my Lightsail instance protected against DDOS by default using AWS Shield Standard ?

Or do I need to setup something for AWS Shield Standard to protect my Lightsail instance against DDOS ?

主題
運算安全性、身分識別與合規
標籤
Amazon LightsailAWS ShieldDDOS 防護
語言
English
rePost-User-2758834
已提問 1 年前檢視次數 1934 次
3 個答案
1
已接受的答案

Yes Lightsail has some protection from L3/4 attacks by default from Shield Standard, however having EC2 instances directly exposed to the internet is not well-architected. In order to protect against layer 7 attacks you would need to front your Lightsail instance with a self-managed ALB or CloudFront distribution with a well-configured AWS WAF WebACL associated.

While Shield Advanced offers many benefits, the $3K per-month subscription cost does not make sense for all customers.

Please look at AWS Best Practices for DDoS Resiliency for more information on being well-architected and configuring useful AWS WAF rules to prevent malicious traffic from reaching your servers.

AWS
AWS-User-knoxy
已回答 5 個月前
1

As AWS Shield Standard protects at level 3 and 4, Lightsail would be protected. But what application is running on your Lightsail server? Would that benefit from level 7 protection? What other services you want to delete from your wishlist?

  • additional detection and mitigation against large and sophisticated DDoS attacks
  • near real-time visibility into attacks
  • integration with AWS WAF
  • protection against DDoS-related spikes
  • region- and resource-specific monitoring techniques
  • 24/7 access to the Shield Response Team

My 2ct: unless 100% sure basic protection will do and/or you can survive outages, use the Advanced version by default.

Rgds, Henk

rePost-User-6942080
已回答 1 年前
-1

https://www.google.com/search?client=firefox-b-d&q=aws+lightsail++ddos No DDoS protection by default (but snapshots are available for a fee).

rePost-User-6942080
已回答 1 年前
  • rePost-User-2758834
    1 年前

    It looks that you got this info from vpsbenchmarks website Do you have other sources ? Why are you talking about snapshot ?

    I read here https://console.aws.amazon.com/wafv2/shieldv2 that "Standardized protection for the underlying AWS service" is activated for AWS Shield Standard, and "On by default"/"Free and enabled by default"

    I think Lightsail is an underlying AWS service, so I guess that Lightsail instances are protected against DDOS by default using AWS Shield Standard.

    If someone can confirm or refute, it would be appreciated.

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容