How to defend against DDoS attacks in AWS

Introduction :

AWS Shield Standard is a managed threat protection service that protects the perimeter of your application. Shield Standard provides automatic threat protection at no additional charge. You can use Shield Standard to protect your application at the edge of the AWS network using Amazon CloudFront, AWS Global Accelerator, and Amazon Route 53. These AWS services receive protection against all known network and transport layer attacks. To defend against layer 7 DDoS attacks, you can use AWS WAF.

To protect your application from DDoS attacks with Shield Standard, it’s a best practice to follow these guidelines for your application architecture:

• Reduce the attack area surface
• Be ready to scale and absorb the attack
• Safeguard exposed resources
• Monitor application behavior
• Create a plan for attacks

Reduce the attack surface area :

• To make sure that only expected traffic reaches your application, use network access control lists (network ACLs) and security groups.
• Use the AWS-managed prefix list for CloudFront. You can limit the inbound HTTP or HTTPS traffic to your origins from only the IP addresses that…