AWS had a DDoS attack, is this a bad thing?
Ashish Rajan 🤴🏾🧔🏾♂️
CISO | I help business Leaders solve AI & Cloud Security Challenges!
Amazon Web Services (AWS) had a DDoS attack reported on 23 Oct,2019 and some services were still not reachable on their DNS at the time of writing this article.
The expected behaviour was that some of your products or services using some of the affected AWS services will be unreachable.
Is this a bad thing?
This is not a bad thing if you have planned ahead and architected your product for this. This is also a good time to find out if your business or product's resilient solution architecture in cloud is standing the test of a real life "loss of service provider scenario".
What can you do?
Step by step guide here -
Step 1 - Find the extend of damage in your organisation.
For the moment, find out the extent of the damage in your organisation through your company chat medium - slack, email etc.
Step 2- Possible step to take if still being affected by the AWS DNS outage.
(a) Awesome if you were not affected at all but if you did, see if redirection to friendly page is available instead of a big nothing page or worse error page.
(b) Inform customer(s) or staff through social channel or email about the outage and the work you are doing to resolve this.
(c) Reach out to AWS TAM for updates on our business specific services.
Step 3 -Kick off the Disaster Recovery Plan if the damage is extensive
I would recommend if not already present, add it as a DR scenario in your Disaster Recovery Plan for those products or services. I can help if required but any #cloudsecurity person should be able to help too.
Step 4 - Once the services are back up and running
(a) Look out for an update from AWS on actions they have taken to prevent this in the future
(b) Review your affected services for ways to not be affected from outages like this.
(c) Set Action Plan to include "service outage" scenario in your Disaster Recovery Plan for all services that rely on a 3rd party service.
Where can I check, when the service comes back up?
AWS Service Status page
AWS Twitter is not really talking about this but you can hear from other affected people share their pain there.
If you feel there could something else the affected customers could be doing, feel free to leave a comment and I will include it in.
Stay Safe! or Stay Sharp!
Building new markets, relationships, geographies and industries.
4yStep 2- Possible step to take if still being affected by the AWS DNS outage? Setting a page to resolve through and sit and wait doesn't sound like a great plan of resilience. Concentration risk of going all in something like AWS is always fraught with danger. Sometimes over provisioning with a solution that can withstand the rigours of large scale DDoS on DNS (or overwhelming cloud based WAF's) can also be a strategy. If you can't afford something like Akamai then even switching to a little box in the corner to resolve DNS would be better than going down with the herd.