Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • Contact Us
  • Login
  • Home
  • Articles

AWS Shield Advanced DDoS Visibility with CloudWatch

Gain insights on how AWS Shield Advanced enhances DDoS visibility using CloudWatch to improve threat detection and mitigation strategies.

Written by I. Solomon

Updated at February 10th, 2025

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Please fill out the contact form below and we will reply as soon as possible.

  • White Papers
  • Articles
  • DDoS Attack Vectors
+ More

Table of Contents

Introduction CloudWatch Recommended Metrics Configuration Process Alternative Monitoring Approach Conclusion

Introduction

AWS Shield Advanced offers enhanced Distributed Denial of Service (DDoS) protection, enabling organizations to detect, mitigate, and respond to DDoS attacks in real-time. Integration with AWS CloudWatch is a pivotal feature, providing continuous visibility into DDoS activity and aiding in maintaining a robust security posture. This article outlines best practices for deploying AWS Shield Advanced alongside CloudWatch to maximize DDoS visibility.

CloudWatch Recommended Metrics

To optimize DDoS monitoring, it is essential to track specific AWS components and their corresponding metrics:

  1. Application Load Balancer (ALB)
    • Processed Bytes
    • Request Count per Status Code (2xx, 3xx, 4xx, 5xx)
    • Total Requests Across All Load Balancers
    • Top 10 Most Active Load Balancers
  2. Elastic Compute Cloud (EC2)
    • Top 10 Instances by Highest CPU Utilization
    • CPU Utilization Sorted by Highest
  3. Simple Storage Service (S3)
    • Average Latency by S3 Bucket
    • Top 10 Buckets by Bytes Downloaded
  4. AWS Web Application Firewall (WAF)
    • Rate Limit Reached
    • Allowed Requests & Blocked Requests
  5. AWS Shield Advanced
    • DDoS Detected
    • DDoS Attack Bits Per Second
    • DDoS Attack Packets Per Second
    • DDoS Attack Requests Per Second

Configuration Process

To effectively monitor these metrics, follow these steps:

  1. Navigate to AWS CloudWatch Metrics: Access the AWS Management Console and go to the CloudWatch Metrics section.
  2. Create a New Dashboard: Name it 'DDoS_Dashboard' for easy identification.
  3. Add Metrics: Utilize the 'Add Query' feature to filter and select each recommended metric.
  4. Customize the Dashboard: Incorporate all selected metrics to provide a comprehensive view.
  5. Review the Dashboard: Regularly check the dashboard to ensure all metrics are accurately displayed and up-to-date.

Alternative Monitoring Approach

While AWS CloudWatch offers an automatic DDoS Protection dashboard, it may not provide sufficient visibility for all security needs. As an alternative, organizations can enhance this automatic dashboard by manually adding the metrics listed above. This approach ensures more granular visibility and tailored monitoring capabilities.

Conclusion

Integrating AWS Shield Advanced with CloudWatch significantly strengthens an organization’s ability to monitor and respond to DDoS attacks. By configuring a customized DDoS dashboard and tracking critical metrics, businesses can maintain a proactive security stance and swiftly address potential threats.

cloudwatch insights ddos monitoring

Was this article helpful?

Yes
No
Give feedback about this article

Related Articles

  • AWS DDoS Mitigation Best Practices
[email protected]

Services

  • DDoS Testing
  • DDoS 360
  • Technology Hardening
  • DDOS Training
  • Incident Response

Resources

  • Resource Library
  • DDoS Resiliency Score (DRS)
  • DDoS Glossary
  • DDoS Day Conferences

Company

  • About Us
  • Careers
  • Contact
Red Button Inc. All rights reserved
  • Privacy policy
  • Site Terms
Expand