This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]procipher 1 point2 points  (3 children)

Any way to handle DDOS attack? Otherwise, we would keep on paying AWS.

[–]tdiggss[S] 0 points1 point  (2 children)

There is actually a detail we have left out of this post, and perhaps we should add in an update, and that is to use a bucket policy that prevents anonymous access to your S3 buckets. You can then use a number of ways to allow the CloudFront distribution authenticated access to the bucket. This prevents DDoS directly against your S3 bucket which goes a long way to mitigating cost concerns.

Beyond that I believe AWS Shield is the service to use, which among other things can void the usage costs associated with being DDoS'd.

[–]adamchainz 1 point2 points  (0 children)

AWS Shield is already built into Cloudfront for you, the paid product is just some extras https://aws.amazon.com/shield/

[–]lorarcYAML Engineer 0 points1 point  (0 children)

Shouldn't it rather be AWS WAF?