Amazon Shield

Overview

Amazon provides Shield Standard and Shield Advanced for protection against DDoS attacks.

Enable this integration to see all your Shield metrics in Datadog.

If you haven’t already, set up the Amazon Web Services integration first.

In the AWS integration page, ensure that Shield is enabled under the Metric Collection tab.
Install the Datadog - Amazon Shield integration.

Configure Amazon Shield to send logs either to a S3 bucket or to CloudWatch.

Note: If you log to a S3 bucket, make sure that amazon_shield is set as Target prefix.

If you haven’t already, set up the Datadog Forwarder Lambda function.
Once the Lambda function is installed, manually add a trigger on the S3 bucket or CloudWatch log group that contains your Amazon Shield logs in the AWS console:
- Add a manual trigger on the S3 bucket
- Add a manual trigger on the CloudWatch Log Group

aws.ddosprotection.ddo_sdetected (count)	Indicates a DDoS event for a particular Amazon Resource Name (ARN).
aws.ddosprotection.ddo_sattack_bits_per_second (gauge)	The number of bytes observed during a DDoS event for a particular Amazon Resource Name (ARN). Shown as byte
aws.ddosprotection.ddo_sattack_requests_per_second (gauge)	The number of requests observed during a DDoS event for a particular Amazon Resource Name (ARN). Shown as request
aws.ddosprotection.ddo_sattack_packets_per_second (gauge)	The number of packets observed during a DDoS event for a particular Amazon Resource Name (ARN). Shown as packet

The Amazon Shield integration does not include any events.

The Amazon Shield integration does not include any service checks.

Need help? Contact Datadog support.