Amazon Web Services has entered the distributed denial of service mitigation business with a new service launched at the re:Invite conference in Las Vegas Thursday.

Called AWS Shield, the new managed service protects web applications against DDoS attacks in conjunction with Elastic Load Balancing, Amazon CloudFront, and Amazon Route 53 and protects users from DDoS attacks of many types, shapes, and sizes.

The basic level, called AWS Shield Standard, is being made available at no extra cost to AWS customers. The company says it protects users from 96 percent of the most common forms of DDoS attacks, including SYN/ACK floods, Reflection attacks, and HTTP slow reads.

The higher level, called AWS Shield Advance, provides additional DDoS protection for volumetric attacks including mitigation at the application & network layers. Customers at the advanced level are offered 24/7 access to Amazon’s DDoS Response Team for custom mitigation during attacks and what Amazon describes as DDoS cost protection to guard against bill spikes caused by the additional bandwidth consumed by an attack.

In addition, AWS Shield Advanced also allows users to write customized rules to mitigate sophisticated application layer attacks with the rules being able to be deployed instantly, allowing users to mitigate attacks quickly. AWS Shield Advanced is available to Enterprise or Business Support levels of AWS Premium Support customers, and requires a 1-year subscription commitment with a $3,000 monthly fee, making it a service suited to larger enterprises.

“I think this will really help you protect yourselves even against the largest and most sophisticated attacks that we’ve seen out there,” Amazon Chief Technology Officer Werner Vogels said at the launch event. “We will work together with DDoS protection teams to create the right level of protection using WAF (web application firewall), Vogels added. “We will also keep an eye on cost, making sure you don’t incur any additional cost by using our service.”

Image credit: Amazon