is a managed DDoS (Distributed Denial of Service) protection service and safeguards web applications with detection and inline mitigation.

A DoS attack is a malicious attempt to disrupt the normal traffic of a web host by running a huge number of simultaneous requests that can overwhelm the servers until normal legitimate traffic is unable to be processed. Request can come from single connections or from multiple distributed sources (thus DDoS).

A Layer 7 DDoS attack targets the application interface by mimicking real, human behaviour while Layer 3/4 attacks focus on targeting the transport and network layers.

DDoS Attacks

Standard is automatically enabled with Elastic Load Balancing (ELB), Application Load Balancer, Amazon CloudFront and Amazon Route 53. There are not additional costs ( besides those of the services you are using.

It defends against most common network and transport layer (layer 3 and 4) DDoS attacks. It also provides network flow monitoring and sets static thresholds.

Automatic mitigations are applied inline without latency impact

Advanced has of course a broader set of features ( like more sophisticated DDoS Attack detection - Application Layer (7) too - , near real-time visibility and integration with WAF + access to Shield Response Team) but at a cost of 3000 Dollars per month with a min 1 year commitment! (on the other hand, you won't pay for WAF any more)