Does AWS Load balancer prevent DDos effectively?
Solution 1:
As @Tim said, AWS offers AWS Shield, so it’s advanced option provides some basic protection. They also have a basic WAF. I would suggest deploying that as a minimum - but it might not be enough, depending on site traffic and where any attacks are actually originating from.
If it’s a small enough site, that’s probably enough but I would recommend doing some research to see if your problem is failover / some other attack or a DDoS attack.
If it’s more complex, you’re going to want a WAF and DDoS protection on top of your AWS server such as Incapsula (apologies: this is a link to a product page) - this will protect against Layer 3 and Layer 7 attacks. This might not be needed on your website but it is something for your servers and for the higher level infrastructure. Most importantly, it’s not just DDoS protection (but the DDoS protection is always-on, unlike something like Cloudflare, where you have to turn it on if you get attacked) but also protection against other web threats.
I don’t want to advertise for any service, but if you’re not sure what’s causing an attack, one of the bigger benefits of a paid service is going to be the NOC so they can monitor the activity that you’re not so sure about.