AWS customers to get free DDoS protection by default

Amazon cloud customers will get free DDoS protection by default under a new scheme called AWS Shield, unveiled by chief technical officer Werner Vogels today.

Werner Vogels

Vogels said feedback showed that DDoS attacks were one of customers' biggest concerns.

AWS customers will not need to do anything to get the base level of protection - AWS Shield Standard - applied to their account.

Shield Standard will defend against volumetric attacks - which Vogels said make up 65 percent of DDoS attacks - and “most” state attacks, which account for 20 percent of all DDoS attacks.

AWS said the free tier is designed to block 96 percent of all DDoS attacks at infrastructure layers three and four, including SYN/ACK floods, reflection attacks, and HTTP slow reads.

It has promised the “always-on” detection and mitigation techniques will not affect latency.

The top tier AWS Shield Advanced will be available for bigger customers fearing “very large, or very sophisticated attacks”.

The premium package will cost users US$3000 (A$4045) a month, plus data transfer costs, but comes with access to a round-the-clock DDoS response and support team, plus protection to level seven, targeted application attacks.

It also offers premium customers cost protection, putting a cap on the amount of paid compute they can become liable for in the event of a resource-intensive hit.

Paid users will also get near-real time attack monitoring and alerts from the AWS team, custom mitigations, and post-attack analysis reports.

“We will let you know if we see this sort of activity on our network and you will work with our DDoS team to create protection at level seven,” Vogels said.

The full comparative breakdown of the services is here.

Paris Cowan travelled to AWS Re:Invent as a guest of Amazon Web Services.