Overview
AWS provides Shield Standard and Shield Advanced for protection against DDoS attacks.
Enable this integration to see all your AWS Shield metrics in Datadog.
Setup
Installation
If you haven’t already, set up the Amazon Web Services integration first.
Metric collection
- In the AWS integration page, ensure that
DDoSProtection is enabled under the Metric Collection tab. - Install the Datadog - AWS Shield integration.
Log collection
Enable logging
Configure AWS Shield to send logs either to a S3 bucket or to CloudWatch.
Note: If you log to a S3 bucket, make sure that amazon_shield is set as Target prefix.
Send logs to Datadog
If you haven’t already, set up the Datadog Forwarder Lambda function.
Once the Lambda function is installed, manually add a trigger on the S3 bucket or CloudWatch log group that contains your AWS Shield logs in the AWS console:
Data Collected
Metrics
aws.ddosprotection.ddo_sattack_bits_per_second
(gauge) | The number of bytes observed during a DDoS event for a particular Amazon Resource Name (ARN).
Shown as byte |
aws.ddosprotection.ddo_sattack_packets_per_second
(gauge) | The number of packets observed during a DDoS event for a particular Amazon Resource Name (ARN).
Shown as packet |
aws.ddosprotection.ddo_sattack_requests_per_second
(gauge) | The number of requests observed during a DDoS event for a particular Amazon Resource Name (ARN).
Shown as request |
aws.ddosprotection.ddo_sdetected
(count) | Indicates a DDoS event for a particular Amazon Resource Name (ARN). |
Events
The AWS Shield integration does not include any events.
Service Checks
The AWS Shield integration does not include any service checks.
Troubleshooting
Need help? Contact Datadog support.
