Notes: Denial of service
Types
- Network
- DNS
- Syn flood
- UDP reflection / amplification
- Application
- HTTP flood
- Bots
- Cache busting
- HTTP flood
Controls
- DNS
- Cdn
- Waf (Can be put out front with cdn, or attached to an elb. Further from origin is better.)
- Filters known attack signatures
- Rate limits
- Global
- Endpoint specific
- Security groups
- Elb, Api gateway
- Autoscaling
Links
- A whitepaper from aws
- Guidelines for Implementing AWS WAF: Good advice regardless of vendor
