Business inherently involves risk, and it's important that services continue to improve. AWS Shield is not an exception. Regarding advanced Shield protection pricing, there should be cost protection for most DDoS events. The pricing model should be based on service usage rather than a flat monthly rate. The advanced technique package, while premium and not available to every user due to cost implications of $3,000 per month, offers valuable features including real-time attack visibility and 24/7 access to the DDoS response team. Integration is paramount, particularly with the Web Application Firewall's rule-based blocking paradigm that helps in balancing routes, especially route 53 and the global accelerator. AWS Shield uses pattern recognition to analyze traffic, and certain attributes are immediately intercepted. The assessment process is profound, and the service maintains consistent availability. From a software perspective, there are improvements needed regarding antivirus and network security. Additional engineering improvement requirements would benefit AWS Shield.
DevOps Engineer at a tech vendor with 1,001-5,000 employees
MSP
Top 5
Oct 8, 2025
AWS Shield can be integrated with CloudWatch. Integrating AWS Shield with CloudWatch allows real-time notifications of what's occurring. With the integration, CloudWatch will capture any malicious activity and, by incorporating SNS, it can send notifications. In my company, we use Slack for alerts. When CloudWatch detects an issue, it publishes findings to Slack, allowing engineers to assess whether the incoming traffic could overwhelm our resources or if it is just normal traffic. CloudWatch functions as a watchdog that gathers insights, and when integrated with SNS, it effectively tracks malicious attacks. AWS Shield is not deployed; it is a service you simply enable. Every AWS account is provided with Shield Standard automatically, but Shield Advanced requires navigation in your console to enable it. It's not an installation; rather, it is activated with a few clicks and involves a payment depending on the services you choose to protect. I recommend AWS Shield because it has proven helpful in tracking DDoS attacks within both my past and present environments. Without AWS Shield, a business could face potential losses, as this tool helps in identifying and mitigating fake traffic that disrupts applications, ultimately supporting business continuity. I rate AWS Shield 9 out of 10.
I have noticed a pattern developing in approximately five minutes. If it were possible to provide these patterns with historical data spanning six months, three months, or two months directly from the console, it would be extremely beneficial. It would allow for easy inquiries and facilitate the retrieval of relevant parts without having to manually check logs or examine movements. Instead, if all historical data were available, I could consult six months' worth of identified patterns efficiently through AWS without relying on external sources. This solution is particularly suitable for startups or medium-sized startups. I would rate the overall solution eight out of ten.
The product is quite good. It would be good if I could use AI for natural language processing. I could ask the AI about the historical data to see patterns. If I see a pattern, I could ask the AI to find similar patterns over the previous six months. It will be helpful to get such details on the console instead of checking the graph and logs to see the patterns manually. If we already use AWS, we do not have to look for an external tool to protect our infrastructure. I recommend the tool for startups. Overall, I rate the solution an eight out of ten.
Cloud Engineer/Cloud Architect at a healthcare company with 10,001+ employees
Real User
Jun 30, 2023
I would rate the product an eight out of ten. I would recommend people go ahead with the standard version, which comes along with the web. If you are looking for DDoS protection, then you would need an advanced version.
I give the solution a ten out of ten. We do not track the number of users who visit our public-facing website, as long as the pages are loading within our expected performance range.
Director of Cybersecurity Solutions at a computer software company with 501-1,000 employees
MSP
Aug 2, 2022
You have to be careful about the architecture. Make sure that you're accounting for the requirements as you build out your environment. Normally, I see people go with third-party solutions instead of AWS when they want to have all their alerting and management awareness in one console, but that's not every customer. Typically, what I see happening is they'll do on-prem solutions for their DDoS or their colo data center environments for DDoS protection, and then they'll turn around and use cloud-native Shield. They work it out at their SOC level or whatever their management construct is for those alerts, but I do have a few customers that are all in with a third-party provider for it. In my opinion, with most cyber incidents, if they're targeting an organization, they tend to not care whether it is on-prem or in the cloud. They're going to target the whole organization. It has to do with that organization's experience in those DDoS attacks. My advice would be to think about how you want to respond to a DDoS attack as an organization. If most of your internet presence from your application side is in AWS, AWS Shield is a great option. You've got one spot to go to. If you're more of a hybrid customer, just think about the mix of possibly two different DDoS solutions. It is very cloud service specific. The service is really good. If I were looking at it, depending on where the ingress points are for my environment, I would want one vendor to alert me across my entire environment instead of two, three, or four. It doesn't matter how good your SOC is; it takes longer to evaluate that because you have different tools, and they may not have alignment on all their settings or alerting at the same time. A great example is that a third party might alert at your colo physical location sooner, and your cloud may take a little while to realize it is under attack and start alerting you there for it, or it can be vice versa. If it were me, I just want green, yellow, or red when something is happening across the environment and orchestrate a response to it if it is across multiple tools. I would rate it a seven out of ten.
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection.
Business inherently involves risk, and it's important that services continue to improve. AWS Shield is not an exception. Regarding advanced Shield protection pricing, there should be cost protection for most DDoS events. The pricing model should be based on service usage rather than a flat monthly rate. The advanced technique package, while premium and not available to every user due to cost implications of $3,000 per month, offers valuable features including real-time attack visibility and 24/7 access to the DDoS response team. Integration is paramount, particularly with the Web Application Firewall's rule-based blocking paradigm that helps in balancing routes, especially route 53 and the global accelerator. AWS Shield uses pattern recognition to analyze traffic, and certain attributes are immediately intercepted. The assessment process is profound, and the service maintains consistent availability. From a software perspective, there are improvements needed regarding antivirus and network security. Additional engineering improvement requirements would benefit AWS Shield.
AWS Shield can be integrated with CloudWatch. Integrating AWS Shield with CloudWatch allows real-time notifications of what's occurring. With the integration, CloudWatch will capture any malicious activity and, by incorporating SNS, it can send notifications. In my company, we use Slack for alerts. When CloudWatch detects an issue, it publishes findings to Slack, allowing engineers to assess whether the incoming traffic could overwhelm our resources or if it is just normal traffic. CloudWatch functions as a watchdog that gathers insights, and when integrated with SNS, it effectively tracks malicious attacks. AWS Shield is not deployed; it is a service you simply enable. Every AWS account is provided with Shield Standard automatically, but Shield Advanced requires navigation in your console to enable it. It's not an installation; rather, it is activated with a few clicks and involves a payment depending on the services you choose to protect. I recommend AWS Shield because it has proven helpful in tracking DDoS attacks within both my past and present environments. Without AWS Shield, a business could face potential losses, as this tool helps in identifying and mitigating fake traffic that disrupts applications, ultimately supporting business continuity. I rate AWS Shield 9 out of 10.
I have noticed a pattern developing in approximately five minutes. If it were possible to provide these patterns with historical data spanning six months, three months, or two months directly from the console, it would be extremely beneficial. It would allow for easy inquiries and facilitate the retrieval of relevant parts without having to manually check logs or examine movements. Instead, if all historical data were available, I could consult six months' worth of identified patterns efficiently through AWS without relying on external sources. This solution is particularly suitable for startups or medium-sized startups. I would rate the overall solution eight out of ten.
The product is quite good. It would be good if I could use AI for natural language processing. I could ask the AI about the historical data to see patterns. If I see a pattern, I could ask the AI to find similar patterns over the previous six months. It will be helpful to get such details on the console instead of checking the graph and logs to see the patterns manually. If we already use AWS, we do not have to look for an external tool to protect our infrastructure. I recommend the tool for startups. Overall, I rate the solution an eight out of ten.
I rate the overall solution a nine out of ten.
I would rate the product an eight out of ten. I would recommend people go ahead with the standard version, which comes along with the web. If you are looking for DDoS protection, then you would need an advanced version.
I give the solution a ten out of ten. We do not track the number of users who visit our public-facing website, as long as the pages are loading within our expected performance range.
You have to be careful about the architecture. Make sure that you're accounting for the requirements as you build out your environment. Normally, I see people go with third-party solutions instead of AWS when they want to have all their alerting and management awareness in one console, but that's not every customer. Typically, what I see happening is they'll do on-prem solutions for their DDoS or their colo data center environments for DDoS protection, and then they'll turn around and use cloud-native Shield. They work it out at their SOC level or whatever their management construct is for those alerts, but I do have a few customers that are all in with a third-party provider for it. In my opinion, with most cyber incidents, if they're targeting an organization, they tend to not care whether it is on-prem or in the cloud. They're going to target the whole organization. It has to do with that organization's experience in those DDoS attacks. My advice would be to think about how you want to respond to a DDoS attack as an organization. If most of your internet presence from your application side is in AWS, AWS Shield is a great option. You've got one spot to go to. If you're more of a hybrid customer, just think about the mix of possibly two different DDoS solutions. It is very cloud service specific. The service is really good. If I were looking at it, depending on where the ingress points are for my environment, I would want one vendor to alert me across my entire environment instead of two, three, or four. It doesn't matter how good your SOC is; it takes longer to evaluate that because you have different tools, and they may not have alignment on all their settings or alerting at the same time. A great example is that a third party might alert at your colo physical location sooner, and your cloud may take a little while to realize it is under attack and start alerting you there for it, or it can be vice versa. If it were me, I just want green, yellow, or red when something is happening across the environment and orchestrate a response to it if it is across multiple tools. I would rate it a seven out of ten.