Late on the 22nd of October 2019, AWS was hit with a DDoS attack, which is reported to have lasted some eight hours. The Route 53 DNS section was crippled, leading to other services attached to the node also being knocked down. The attack raises some critical questions about AWS DDoS prevention through their proprietary Shield Advanced system.
Customers Struggle with Limitations
When the AWS server was hit, several of the company’s S3 systems suffered as a result. Many of the AWS services had to rely on external DNS referencing, resulting in much slower response time. Services such as the Relational Database Service (RDS) and Elastic Load-Balancing (ELB) suffered immensely. Some reports state that users on the East Coast of the United States were hit severely by this DDoS. Many enterprise-level users complained that their own customers were unable to use services for several hours at a time.
AWS addressed the situation by stating that, “Between 10:30 AM and 6:30 PM PDT, we experienced intermittent errors with the resolution of some AWS DNS names. Beginning at 5:16 PM, a very small number of specific DNS names experienced a higher error rate. These issues have been resolved.” In an email to clients, the company stated that the problems stemmed from a DDoS attack on the company’s cloud platform.
Clients eventually managed to get access to their AWS services after changing the location of their buckets on S3. The users had to specify the exact region that their server would have to access for their DNS resolution, allowing for some mitigation of the problem. AWS has not released any further comments so far, but this is subject to change. The Service Level Agreement that AWS has with customers offers a guaranteed 100% uptime for Route 53, and this attack compromises that agreement.