You are working in an e-commerce company.
It is essential to monitor the stability of its applications continuously and notify the site reliability engineering team when there is an ongoing DDoS attack.
AWS Shield Advanced has been enabled in the AWS account.
How would you configure the notifications for an ongoing DDoS event?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C.
Option A is incorrect because Shield Advanced does not provide the “DDoSDetected” event in CloudWatch Event.
Option B is incorrect because Shield Advanced does not forward its logs to CloudWatch Logs.
Option C is CORRECT because the DDoSDetected CloudWatch metric indicates whether a DDoS event is underway.
Users can set up a CloudWatch alarm to notify the team based on the metric.
Option D is incorrect because users cannot configure alarms or notifications on the dashboard.
The global threat dashboard is a place to provide a summary of the global AWS threat landscape.
Reference:
https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.htmlSure, I can provide a detailed explanation of each answer option.
A. Configure a CloudWatch event rule for the DDoSDetected event of Shield Advanced. Register an AWS SNS topic in the target of the rule. This option is correct. AWS Shield Advanced generates an event named "DDoSDetected" when it detects a DDoS attack. You can configure a CloudWatch event rule to trigger an action, such as sending a notification via an Amazon SNS topic, when this event occurs.
B. Configure a CloudWatch log filter for the Shield Advanced logs. If the logs contain “DDoSDetected”, trigger a CloudWatch alarm to provide notifications. This option is not the best solution for this scenario. While you can use CloudWatch logs to monitor AWS Shield Advanced events, configuring a log filter requires additional steps and does not provide as straightforward a solution as using a CloudWatch event rule directly.
C. Configure a CloudWatch alarm for the DDoSDetected metric of Shield Advanced. Trigger an AWS SNS notification. This option is also correct. You can create a CloudWatch alarm for the DDoSDetected metric of AWS Shield Advanced, and configure it to send a notification via Amazon SNS when the alarm is triggered. However, using a CloudWatch event rule (as in option A) provides a more direct solution for this scenario.
D. Configure a CloudWatch alarm in the global threat dashboard of the AWS Shield Advanced console. This option is not correct. While you can monitor the global threat dashboard of AWS Shield Advanced to view ongoing DDoS events, this option does not provide a way to trigger notifications automatically. You would need to manually monitor the dashboard and take action as needed.
In summary, the best answer to configure notifications for an ongoing DDoS event with AWS Shield Advanced is A. Configure a CloudWatch event rule for the DDoSDetected event of Shield Advanced. Register an AWS SNS topic in the target of the rule.