I have a lot of questions/problems with this. Here are two.<p>1.) They mention in the compare tiers "Application traffic monitoring" for Advanced. However in the FAQ: "In addition, customers can also use AWS WAF to protect against Application layer attacks". WAF is only available through CloudFront, and CloudFront charges 600 dollars a month for a custom SSL certificate with dedicated IP.<p>So do they have "Application traffic monitoring" outside of WAF? I'm lead to believe not.<p>2.) They mentioned multiple times you can call on the DRT team to help you. However buried in the FAQ is this little gem: "Response times for DRT depends on the AWS Support plan you are subscribed to".<p>So for 3k/mo I can't get better than 24/hr turnaround when I'm under attack without ALSO having a business/enterprise support plan?
> AWS Shield Advanced comes with “DDoS cost protection”, a safeguard from scaling charges as a result of a DDoS attack that cause usage spikes on Elastic Load Balancing (ELB), Amazon CloudFront or Amazon Route 53. If any of these services scale up in response to a DDoS attack, AWS will provide service credits for charges due to usage spikes.<p>This is a very big deal!
I've been saying for years that AWS has secret DDOS protection. Never confirmed, but I'm pretty sure the basic level is just them admitting that they've always had that service.
Finally. The basic offer is something a lot of other providers already have. Not sure about the advanced one. Sounds quite expensive. $3,000/month plus extra traffic costs.<p>And I don't understand which traffic they bill. Usually AWS bills outgoing traffic, but for DDOS costs only occur ingress, or am I wrong? Can't see from the price list what they'll actually bill (ingress or egress).
So many new named services. AWS will soon get to a point where their product dropdown wont fit on a laptop screen. Maybe it's time to consolidate some of these services into more general products.
If you are willing to pay $thousands per month for DDOS protection, do yourself a favor and talk to DOSArrest. They have been specializing in DDOS protection since 2007, always answer tickets in minutes, and are aggressively committed to beating DDOS attacks. Not sure of their current pricing but I think it is in this range or lower.
So credits are limited to specific services<p>> usage spikes on Elastic Load Balancing (ELB)<p>If traffic has reached the load balancer than it's probably reached your app. No ec2 / storage / traffic credits here.<p>> Amazon CloudFront<p>Neat. Like cloudflare but with less features though.<p>> or Amazon Route 53<p>DNS... Not really sure what to make of this one.
A lot of people are missing the point. AWS has the ability to handle the largest attacks like the one that took out dns for half the net. Its not meant to be compared with the smaller players with limited abilities such as dosarrest and what not.<p>If you are on AWS, you are already protected up to a certain size for free. This you can compare to a dosarrest, small 10,20,30 gbps attacks and yet you are getting it for free, at no cost! The advance opens you up to a team of actual ddos experts 24/7, this is meant for the serious players that cant afford interuptions or downtime.<p>If your worried about blogs and wiki stuff, use google's ddos shield which is free for bloggers and news outfits.<p>This is a huge deal people, i cant understand why there are people out here bashing it, what a joke.
I'm reading all the recent new product announcements from Amazon and can't stop thinking that AWS is what IBM should have been. AWS is becoming "everything IT that a business needs".