Which steps would help achieve this?
(Choose two.)
Enable Amazon GuardDuty to automatically monitor for malicious activity and block unauthorized access.
Subscribe to AWS Shield Advanced and reach out to AWS Support in the event of an attack.
Use VPC Flow Logs to monitor network traffic and an AWS Lambda function to automatically block an attacker’s IP using security groups.
Set up an Amazon CloudWatch Events rule to monitor the AWS CloudTrail events in real time, use AWS Config rules to audit the configuration, and use AWS Systems Manager for remediation.
Use AWS WAF to create rules to respond to such attacks.
Explanations:
While Amazon GuardDuty is beneficial for monitoring and detecting malicious activity, it does not directly prevent DDoS attacks or minimize downtime. It focuses on threat detection rather than proactive mitigation of ongoing attacks.
AWS Shield Advanced provides enhanced DDoS protection and support from AWS Security experts. Subscribing to this service allows for better response strategies during an attack, thereby minimizing downtime. AWS Support can assist in navigating and mitigating the attack’s impact.
While monitoring traffic with VPC Flow Logs and using Lambda for automation can help in identifying and blocking malicious IPs, this approach is reactive and may not be sufficient to handle large-scale DDoS attacks effectively. It does not inherently provide a robust solution for preventing downtime during such attacks.
Setting up CloudWatch Events and AWS Config rules aids in monitoring and compliance but does not specifically target DDoS attacks or ensure immediate response during an active attack scenario. This strategy is more about auditing and less about minimizing downtime during incidents.
AWS WAF (Web Application Firewall) allows for the creation of custom rules that can block or rate-limit traffic based on specific patterns or behaviors. This capability is essential for actively mitigating DDoS attacks and minimizing website downtime during such events.