Amazon’s cloud computing division AWS recently experienced a sustained DDoS attack that appears to have lasted for around eight hours.
The attack itself affected the company’s Router 53 DNS web service though other services also experienced outages as a result. AWS does offer its own DDoS mitigation service called Shield Advanced but it was unable to fully stop the attack.
Google Cloud Platform also simultaneously dealt with a range of issues during the same time, though it and AWS are not understood to be linked. A company spokesperson did tell CBR that its service disruptions were unrelated to any kind of DDoS attack.
As a result of the attack, many AWS customers were unable to access the company’s S3 service and a number of AWS services were forced to rely on external DNS queries.
Amazon has since posted a status update on the AWS Service Health Dashboard with more details on the DDoS attack, which reads:
“Between 10:30 AM and 6:30 PM PDT, we experienced intermittent errors with resolution of some AWS DNS names. Beginning at 5:16 PM, a very small number of specific DNS names experienced a higher error rate. These issues have been resolved.”
An email sent out to AWS customers, during the time of the attack, confirmed that the DNS outage was caused by a DDoS attack. According to Amazon, its Shield Advanced DDoS mitigation did play a role in dealing with the attack. However, the service’s mitigations did end up flagging some legitimate customer queries as malicious ones and left users unable to connect.
Due to the size of AWS and the large amount of web traffic it handles at all times, the DDOS attack that took its services offline was likely massive although we won’t find out more until after a full investigation is complete.