How do you protect Vapor from DDoS spin ups?

Sounds like what aws shield is for

https://aws.amazon.com/shield/

AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS

If it actually works, is hard to tell :)

@sinnbeck Yeah, I'm just curious if this is a common concern and if there is sort of a go-to way of mitigating this.

I came across this post...

https://laracasts.com/discuss/channels/vapor/our-laravel-vapor-stats?page=1#reply=569779

Seems like they are just footing the bill for any DDoS attacks. That seems kinda rough.

The question might be if it took 1 minute for the shield to get the attack under control.

But I think it would be interesting to contact Amazon and hear if there are any guarantees or if you can end up with a huge bill. In cases like that I would personally not trust a "secondary opinion" or hearsay. If someday you have an issue it is nice to have it on paper from the source.

@sinnbeck I wasn't paying close enough attention to that article I posted. The reason their DDoS attack only lasted a few minutes and cost a whopping $1.15 is because they were using Cloudflare DDoS protection.

That's kind of what I was wondering.

Set a maximum concurrency for your requests. This is a very easy first step to prevent your bill from exploding.

Granted, if a ddos consumes all your available concurrency, your site will still be unreachable for real customers. But your bill will be predictable.

Note that you can also put Cloudflare (for free) in front of your site. This might even be easier (and probably better?) than Shield.