0
0
AWScloud~10 mins

AWS Shield for DDoS protection - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - AWS Shield for DDoS protection
Traffic arrives at AWS
AWS Shield detects traffic pattern
Is traffic normal?
NoActivate DDoS mitigation
Mitigate attack
Allow traffic
Traffic reaches resources
AWS Shield monitors incoming traffic, detects unusual patterns, and activates protection to block DDoS attacks before traffic reaches your resources.
Execution Sample
AWS
1. Traffic arrives at AWS endpoint
2. AWS Shield analyzes traffic
3. If attack detected, mitigation starts
4. Normal traffic allowed
5. Attack traffic blocked
This flow shows how AWS Shield processes incoming traffic to protect resources from DDoS attacks.
Process Table
StepTraffic PatternDetection ResultAction TakenEffect on Traffic
1Normal trafficNo attack detectedAllow trafficTraffic passes to resources
2Sudden traffic spikePotential DDoS detectedActivate mitigationAttack traffic blocked
3Attack traffic continuesMitigation activeContinue blockingOnly normal traffic allowed
4Traffic normalizesAttack endsStop mitigationAll traffic allowed
5Normal trafficNo attack detectedAllow trafficTraffic passes to resources
💡 Traffic is allowed only when no attack is detected or after mitigation ends
Status Tracker
VariableStartAfter Step 1After Step 2After Step 3After Step 4Final
Traffic PatternNoneNormalSpike detectedAttack ongoingNormalizingNormal
Detection ResultNoneNo attackAttack detectedMitigation activeAttack endedNo attack
Action TakenNoneAllowActivate mitigationBlock attackStop mitigationAllow
Effect on TrafficNonePassBlock attack trafficBlock attack trafficPass allPass
Key Moments - 3 Insights
How does AWS Shield decide when to activate mitigation?
AWS Shield analyzes traffic patterns each step; when a sudden spike or unusual pattern is detected (see Step 2 in execution_table), it activates mitigation to block attack traffic.
What happens to normal traffic during an active DDoS attack?
During mitigation (Step 3), AWS Shield blocks only attack traffic and allows normal traffic to pass through, ensuring service availability.
When does AWS Shield stop the mitigation process?
Once the attack traffic ends and traffic normalizes (Step 4), AWS Shield stops mitigation and allows all traffic again.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what is the Detection Result at Step 2?
APotential DDoS detected
BNo attack detected
CMitigation active
DAttack ended
💡 Hint
Check the 'Detection Result' column for Step 2 in the execution_table.
At which step does AWS Shield stop mitigation?
AStep 2
BStep 4
CStep 3
DStep 5
💡 Hint
Look at the 'Action Taken' column to find when mitigation stops.
If traffic never spikes, how would the 'Action Taken' column change?
AMitigation activates at Step 3
BMitigation activates at Step 1
CMitigation never activates
DMitigation activates at Step 5
💡 Hint
Refer to the 'Traffic Pattern' and 'Action Taken' columns to see when mitigation activates.
Concept Snapshot
AWS Shield protects AWS resources from DDoS attacks.
It monitors incoming traffic continuously.
When attack patterns appear, it activates mitigation.
Mitigation blocks attack traffic but allows normal traffic.
After attack ends, mitigation stops and all traffic flows normally.
Full Transcript
AWS Shield is a service that protects your AWS resources from DDoS attacks by monitoring incoming traffic. When traffic arrives, AWS Shield checks if the pattern is normal or suspicious. If it detects a potential attack, it activates mitigation to block harmful traffic while allowing normal users through. Once the attack ends and traffic returns to normal, AWS Shield stops mitigation and lets all traffic pass. This process helps keep your applications available and responsive even during attacks.