In that case we would want some kind of "centralized" option where one EC2 instance could act as "master", keeping all the EC2 instances in-sync WRT any IPTables blocks that may be issued. So - what are some of the best options for adding DDOS protection to a NLB-fronted EC2 cluster? Ideally the protection would come into place at / above the NLB itself, but if needed we could handle this in software at the EC2 level. It would be possible to move to multiple ALBs with SAN certs to cover all our domains, but the complexity of that setup seems to outweigh the benefits for our use case. Ideally we would put our entire setup behind WAF, but WAF is not NLB compatible and we are unable to use an ALB due to the number of certificates we have to maintain. This setup works very well for us, but the one downside is a lack of DDOS protection for the EC2 instances. AWS Shield Standard and AWS Shield Advanced provide protections against Distributed Denial of.
A DDoS attack is an attack in which multiple compromised systems try to flood a target with traffic. The certificates (and associated NGINX conf files) are distributed to each EC2 instance, and are synchronized when new instances are added to the NLB-fronted cluster during scaling. AWS Shield Standard and AWS Shield Advanced provide protections against Distributed Denial of Service (DDoS) attacks for AWS resources at the network and transport layers (layer 3 and 4) and the application layer (layer 7). VMware NSX ALB Advanced Load Balancer v20. Our company makes use of a NLB that fronts a series of EC2 instances so we can serve many thousands of websites, each with their own unique SSL certificate. VMware NSX Advanced Load Balancer has displaced 7000+ appliance load balancers and continues its unique ability to address load balancing and WAF use cases across multi-cloud ecosystems (see figure below).
0 kommentar(er)
