Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Skip to main content

AWS Shield

Protects networks and applications by analyzing network security configurations and providing managed DDoS protection

Get started with Shield

What is AWS Shield?

AWS Shield protects networks and applications by identifying network security configuration issues and defending applications against active web exploitation and distributed denial of service (DDoS) events. Shield network security director (in preview) performs an analysis of your resources to help you visualize your network topology, identify configuration issues, and receive actionable remediation recommendations.

For managed DDoS protection, AWS Shield Advanced offers always-on automatic mitigation of sophisticated DDoS events to minimize application downtime and latency. You can customize your DDoS protection strategy using application-specific security controls and expert guidance from the Shield Response Team during active DDoS incidents. 

      

Transform Your Network Security with AWS Shield Network Security Director

Benefits of AWS Shield

Discover network security issues through an assessment of your AWS resources and configurations. You can get a clear visualization of your network topology that prioritizes misconfigured or overlooked resources, helping you to spot where additional protection is needed.

Accelerate response using recommended services and rule sets to mitigate each configuration issue. Together with Amazon Q Developer, you can use natural language to easily get answers and recommendations about your network security posture.

Automatic inline mitigation detects and blocks sophisticated DDoS events across layers 3, 4, and 7 using AWS global threat intelligence to protect against evolving threats. This safeguards applications without requiring manual intervention and reducing operational overhead of your security teams.

Secure your applications with protection tailored specifically to your traffic patterns. As your applications face evolving threats like HTTP floods or DNS query floods, the system automatically baselines your normal traffic. This allows you to detect anomalies instantly, giving you a dynamic defense that adapts to your unique application behavior.

Use cases

Protect applications against internet-borne threats and overly permissive access by implementing a network security strategy that follows AWS best practices.

View your network topology and configured services through an interactive visualization to quickly identify security issues and understand resource relationships across your environment.
Protect applications and APIs from SYN floods, UDP floods, or other reflection attacks.

Learn more about protecting web applications and APIs
Deploy inline mitigations such as deterministic packet filtering and priority-based traffic shaping to stop basic network-layer attacks.

Learn more about protecting latency-sensitive applications