In the wake of a recent large-scale DDoS attack that has locked out millions of people from several websites in Europe and North America, clients have been looking into various ways to secure their data in the cloud. AWS has recommended two services, AWS Route 53 and AWS Shield, along with best practices that will mitigate the risk of such attacks.
Route 53 Edge locations
AWS edge locations are found in most major cities. This allows Route 53 to cover a wide enough area that can withstand large amounts of DNS traffic. Both Amazon WAF and CloudFront are similarly housed in edge locations.
Route 53 uses a number of techniques to maintain its availability to the Internet. For one, it maintains many connections. It also uses shuffle sharding, which increases fault tolerance, and anycast striping, which sends DNS to an optimal location, reducing load and increasing availability.
AWS Shield is already active in CloudFront, Elastic Load Balancers, and Route 53 resources, protecting clients from 96% of threats such as SYN/ACK floods, reflection attacks, and HTTP slow reads. All traffic is inspected in just microseconds.
Finally, AWS offers AWS Shield Advanced, which has its own DDoS mitigation capability, a DDoS Response Team on stand-by, real-time metrics and reports, and DDoS cost protection.
You can learn more about DDoS mitigation from this white paper. If you would like to secure your enterprise from malicious attacks on the cloud, contact our PolarSeven AWS experts today.