We had a client recently who had problems with attacks from what could only be described as “State Actors”. Leaving politics aside for a moment, they were publishing information, hosted on AWS in the USA, which was not sitting well with a major government.
The problem was that their WordPress sites were being smashed by automated traffic, and while they didn’t crash (because of a resilient architecture), it was very difficult for legitimate traffic to get through.
We use New Relic to monitor the site’s vitals and it wasn’t hard to see what was going on. They bad guys were just flooding the web server with technically valid requests and keeping it too busy. Ultimately, the workload would trigger an auto-scaling increase, which just got flooded as well.
Our solution was actually very simple. We put Amazon CloudFront distribution in front of the web servers, which also added local distribution points, and then attached AWS Shield Advanced to stop the majority of attacks before they even got to the customer’s services.
Almost immediately we noted that the web services started to scale back in, because the amount of work they had to do dropped dramatically.
Now, there are plenty of folks who will object that Shield is a pretty expensive solution (compared to say, AWS WAF), but the cost of compute resources dropped sufficiently that the customer actually saved money!0 1