---
title: AWS Shield
description: >-
  AWS provides AWS Shield Standard and AWS Shield Advanced for protection
  against DDoS attacks.
breadcrumbs: Docs > Integrations > AWS Shield
---

# AWS Shield
Integration version1.0.0
## Overview{% #overview %}

AWS provides Shield Standard and Shield Advanced for protection against DDoS attacks.

Enable this integration to see all your AWS Shield metrics in Datadog.

## Setup{% #setup %}

### Installation{% #installation %}

If you haven't already, set up the [Amazon Web Services integration](https://docs.datadoghq.com/integrations/amazon_web_services/) first.

### Metric collection{% #metric-collection %}

1. In the [AWS integration page](https://app.datadoghq.com/integrations/amazon-web-services), ensure that `DDoSProtection` is enabled under the `Metric Collection` tab.
1. Install the [Datadog - AWS Shield integration](https://app.datadoghq.com/integrations/amazon-shield).

### Log collection{% #log-collection %}

#### Enable logging{% #enable-logging %}

Configure AWS Shield to send logs either to a S3 bucket or to CloudWatch.

**Note**: If you log to a S3 bucket, make sure that `amazon_shield` is set as *Target prefix*.

#### Send logs to Datadog{% #send-logs-to-datadog %}

1. If you haven't already, set up the [Datadog Forwarder Lambda function](https://docs.datadoghq.com/logs/guide/forwarder/).

1. Once the Lambda function is installed, manually add a trigger on the S3 bucket or CloudWatch log group that contains your AWS Shield logs in the AWS console:

   - [Add a manual trigger on the S3 bucket](https://docs.datadoghq.com/logs/guide/send-aws-services-logs-with-the-datadog-lambda-function/#collecting-logs-from-s3-buckets)
   - [Add a manual trigger on the CloudWatch Log Group](https://docs.datadoghq.com/logs/guide/send-aws-services-logs-with-the-datadog-lambda-function/#collecting-logs-from-cloudwatch-log-group)

## Data Collected{% #data-collected %}

### Metrics{% #metrics %}

|  |
|  |
| **aws.ddosprotection.ddo\_sattack\_bits\_per\_second**(gauge)     | The number of bytes observed during a DDoS event for a particular Amazon Resource Name (ARN).*Shown as byte*       |
| **aws.ddosprotection.ddo\_sattack\_packets\_per\_second**(gauge)  | The number of packets observed during a DDoS event for a particular Amazon Resource Name (ARN).*Shown as packet*   |
| **aws.ddosprotection.ddo\_sattack\_requests\_per\_second**(gauge) | The number of requests observed during a DDoS event for a particular Amazon Resource Name (ARN).*Shown as request* |
| **aws.ddosprotection.ddo\_sdetected**(count)                      | Indicates a DDoS event for a particular Amazon Resource Name (ARN).                                                |

### Events{% #events %}

The AWS Shield integration does not include any events.

### Service Checks{% #service-checks %}

The AWS Shield integration does not include any service checks.

## Troubleshooting{% #troubleshooting %}

Need help? Contact [Datadog support](https://docs.datadoghq.com/help/).