However, we discovered that there were short time intervals when WAF rules were not efficient and CPU utilization was still high (Figure 2). Generally, AWS proposes two kinds of response to DDoS attacks (the 7-layer OSI Model), namely:
Provide your own mitigations;
Contact support – If you're a Shield Advanced customer.
Option 1 is not acceptable in this case of more than 60M blocked requests with geographically distributed origins. The daily budget of our customer was about $50, and you pay for each 1M of blocked requests. Option 2 is good but starts from $3000 for a monthly subscription. Obviously, it would not be the best solution for our customer, a non-profit organization with a very limited budget.
So, we have conducted research on projects and companies that support open society initiatives and help people feel safe when using information technologies. As a result, we have chosen Jigsaw, which is a unit within Google that explores threats to open information systems and creates technology that enables scalable solutions.
You can see the result in Figure 2, presenting the new solution implemented on Jul 25, 2022. Noteworthy, for non-profit organizations and other eligible clients Jigsaw proposes CDN cache (Google infrastructure), reCAPTCHA (should be enabled explicitly), metrics in a single dashboard at no cost at all, as a basic option.