AWS Shield Advanced introduces DDoS attack flow logs

AWS Shield Advanced DDoS Attack Flow Logs

AWS Shield Advanced now offers distributed denial-of-service (DDoS) attack flow logs, providing packet-level visibility into traffic hitting Shield Advanced protected resources during a DDoS attack. The log data is published to Amazon S3, Amazon CloudWatch Logs, or Amazon Data Firehose for forensic analysis and compliance purposes.

The DDoS attack flow logs capture critical packet-level details, including source and destination IP addresses, ports, protocols, packet and byte counts, source country information, and more. The log data is automatically published to your chosen destination at 5-minute intervals during active attacks. Once published, you can retrieve and analyze your flow log data using your preferred analytics tools, enabling post-incident investigation, threat intelligence gathering, and compliance reporting.

What to do

• Protect your resources with Shield Advanced.
• Configure log delivery based on your destination.
• Retrieve and analyze your flow log data using your preferred analytics tools.

The feature is available in all regions where AWS Shield Advanced is available. To learn more about configuring and using DDoS attack flow logs, visit the AWS Shield Advanced documentation.

Source: AWS release notes

If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.