DDoS detection beyond AWS
AWS Shield Advanced costs $3,000/month and only protects AWS resources. Flowtriq deploys on any Linux server in 5 minutes at $9.99/node/month with per-server detection, PCAP forensics, and multi-channel alerting across any infrastructure.
The limitations
Where AWS Shield falls short
AWS Shield Standard provides real, automatic L3/L4 mitigation for free. Shield Advanced adds L7 protection, DRT support, and cost protection for $3,000/month. Both are solid within AWS. But real-world deployments surface structural limitations around visibility, lock-in, and cost.
AWS-only coverage creates infrastructure lock-in
AWS Shield protects AWS resources: CloudFront, ALB, NLB, Elastic IPs, Route 53, and Global Accelerator. It cannot protect bare-metal servers, colocation infrastructure, or servers on GCP, Azure, OVH, Hetzner, Vultr, or any other provider. If your infrastructure spans multiple clouds or includes on-premises equipment, Shield leaves those assets unprotected.
Limited detection data, even with Shield Advanced
Shield Standard provides no alerting, no attack classification, and no historical incident records. Shield Advanced adds CloudWatch metrics with attack vector, approximate start/end time, and estimated magnitude, but still provides no source IPs, no per-second time series, no target port data, and no PCAP captures. For incident response and forensics, this visibility gap is significant.
$3,000/month with a 12-month commitment
Shield Advanced requires a $36,000/year minimum commitment plus data transfer fees. This pricing is publicly documented on aws.amazon.com/shield/pricing. For small and mid-size teams protecting a handful of EC2 instances, this cost is difficult to justify when Shield Standard already provides basic L3/L4 protection for free.
No PCAP or packet-level forensics
Neither Shield Standard nor Shield Advanced provides packet captures. When you need to file an abuse report with an upstream provider, present evidence to law enforcement, diagnose a complex multi-vector attack, or satisfy compliance forensic data retention requirements, Shield cannot produce the evidence. You get aggregate metrics, not raw packet data.
Shield Standard: zero alerting by default
AWS Shield Standard mitigates attacks silently. AWS may be absorbing a significant DDoS attack against your EC2 instance and you will not receive a single notification unless you have separately configured CloudWatch alarms and SNS topics. Small and medium attacks can be mitigated without any record in any dashboard. You are flying blind about your own attack history.
No per-server visibility
Shield operates at the AWS resource level: ALB, CloudFront distribution, or Elastic IP. If you have 20 EC2 instances behind an ALB, Shield tells you the ALB is under attack. It does not tell you which instances receive the most attack traffic, how the traffic distributes across your fleet, or what traffic patterns look like on each individual server.
Side-by-side comparison
AWS Shield vs Flowtriq
A factual comparison covering both Shield Standard (free) and Shield Advanced ($3,000/month) against Flowtriq. Pricing from aws.amazon.com/shield/pricing.
| Capability | Flowtriq | AWS Shield |
|---|---|---|
| Deployment & Coverage | ||
| Infrastructure coverage | Any Linux server (AWS, GCP, Azure, bare metal, VPS, on-prem) | AWS resources only (CloudFront, ALB, NLB, EIP, Route 53) |
| Setup time | 5 minutes per server | Standard: automatic. Advanced: hours to days (console + WAF config) |
| Multi-cloud / hybrid | Single dashboard for all environments | AWS only, no coverage for other providers or on-prem |
| Per-server visibility | Per-node baselines and per-second metrics | Resource-level only (ALB, CloudFront, EIP) |
| Vendor lock-in | Infrastructure-agnostic, no lock-in | Tied to AWS infrastructure |
| Detection & Data | ||
| Detection speed | 1-2 second detection per server | Standard: silent. Advanced: minutes-level CloudWatch metrics |
| Baseline method | Per-server sliding-window p99 baselines | Network-level thresholds at AWS edge |
| Attack classification | Automatic multi-vector with confidence scoring | Standard: none. Advanced: vector type only (e.g. UDP_REFLECTION) |
| Per-second time series | Per-second PPS and BPS for full incident | 5-minute CloudWatch metric windows |
| Source IP analysis | Top source IPs, ASNs, country distribution | Not available |
| Server-side PCAP | Automatic PCAP on every attack | No PCAP capability |
| Mitigation | ||
| Network-edge mitigation | No (detection, alerting, and BGP-triggered mitigation) | Yes, automatic at AWS network edge |
| L7 / WAF protection | L7 detection and classification (no WAF) | Advanced only, via AWS WAF integration |
| Auto-escalation | 4-tier: local > FlowSpec > RTBH > scrubbing | Advanced: DRT engagement (manual request) |
| DDoS cost protection | Not applicable | Advanced: credits for DDoS-induced scaling charges |
| Alerting & Integrations | ||
| Alert channels | Slack, Discord, PagerDuty, OpsGenie, Telegram, SMS, email, Teams, webhook | Standard: none. Advanced: CloudWatch Alarms + SNS |
| BGP integrations | ExaBGP, GoBGP, BIRD 2, FRR, Cloudflare, F5, webhook | Not applicable (AWS manages routing internally) |
| Scrubbing integrations | Cloudflare Magic Transit, OVH, Hetzner, DO, Vultr, Linode | AWS-internal mitigation only |
| Pricing | ||
| Starting cost | $9.99/node/month ($7.99 annual) | Standard: free. Advanced: $3,000/month + data transfer |
| Contract | Monthly or annual, cancel anytime | Advanced: 12-month commitment required |
| Free trial | 14-day free trial, no credit card | Standard is free. Advanced: no trial |
True cost of ownership
AWS Shield vs Flowtriq pricing
Shield Standard is free and automatic. Shield Advanced pricing is publicly documented at aws.amazon.com/shield/pricing: $3,000/month with a 12-month commitment, plus data transfer fees.
Shield Advanced
- Network-edge L3/L4 mitigation (automatic)
- L7 protection via AWS WAF integration
- DDoS Response Team (DRT) access
- DDoS cost protection (auto-scaling credits)
- Proactive engagement during attacks
- AWS resources only, no multi-cloud
- No PCAP captures or packet-level data
- No source IP analysis
- No per-server baselines or per-second metrics
- 12-month commitment required
Flowtriq
- 10 nodes: $99.90/month ($958.80/year annual)
- 50 nodes: $499.50/month ($4,794/year annual)
- 150 nodes: $1,498.50/month ($14,382/year annual)
- Works on any infrastructure, not just AWS
- Per-server PCAP capture and forensics
- Per-second PPS/BPS with source IP analysis
- Automatic multi-vector attack classification
- 4-tier auto-escalation mitigation
- Slack, Discord, PagerDuty, OpsGenie, Telegram, SMS, Teams, webhook
- Built-in dashboard, REST API, Prometheus export
Who each tool serves
Different architectures for different needs
AWS Shield and Flowtriq address different parts of the DDoS problem. The right choice depends on your infrastructure, threat model, and whether you need mitigation capacity or detection depth.
Flowtriq works well for
Hosting providers, ISPs, game server operators, multi-cloud and hybrid deployments, bare-metal and colocation infrastructure, teams that need per-server visibility and PCAP forensics, operators who rely on upstream BGP-based or cloud scrubbing mitigation, and organizations that need DDoS detection across non-AWS infrastructure at a fraction of Shield Advanced's cost.
AWS Shield Advanced works well for
All-AWS organizations with significant auto-scaling exposure where DDoS-induced billing spikes are a real financial risk, teams that need the AWS DDoS Response Team (DRT) for hands-on incident support during attacks, enterprises with regulatory requirements that specifically mandate cloud-provider-managed DDoS protection, and organizations where the $3,000/month cost protection guarantee pays for itself against potential five-figure unexpected AWS charges.
Use both together
The strongest deployment for AWS environments layers Shield Standard (free, automatic L3/L4 mitigation) with Flowtriq agents on every EC2 instance. Shield absorbs volumetric attacks at the AWS edge. Flowtriq provides per-instance detection, below-threshold attack visibility, application-layer detection, server-side PCAP, and instant multi-channel alerting. This combination gives your team both protection and the per-server forensic evidence that Shield lacks.
Flowtriq as Shield Advanced replacement
If your primary reason for Shield Advanced is detection data and visibility rather than DDoS cost protection, Flowtriq delivers richer detection data at a fraction of the cost. A 20-node Flowtriq deployment ($199.80/month) provides per-instance, per-second metrics, automatic classification, and PCAP forensics that Shield Advanced does not offer, at roughly 7% of Shield Advanced's monthly cost. Keep Shield Standard (free) for baseline AWS mitigation.
Common questions
AWS Shield alternatives: FAQ
Related reading
AWS Shield and Flowtriq resources
Flowtriq vs AWS Shield: Comparing DDoS Logs and Detection Data
What Shield Standard, Shield Advanced, and Flowtriq each give you for the same attack.
5 Best AWS Shield Alternatives for DDoS Protection
Alternatives for teams that need multi-cloud coverage, deeper detection data, or more affordable protection.
How to Use AWS Shield with Flowtriq: Layered DDoS Defense
Deploy Flowtriq alongside Shield for per-instance detection, PCAP forensics, and multi-channel alerting on EC2.
Getting started
Deploy Flowtriq in
5 minutes
Whether you are adding Flowtriq behind existing AWS Shield protection or deploying it across multi-cloud infrastructure, the install is the same: one command, no network changes, no IAM configuration, no hardware.
Next Steps
Ready to see how Flowtriq compares?
Two ways to get started. Pick whichever works for you.
AWS and AWS Shield are trademarks of Amazon.com, Inc. or its affiliates. Flowtriq Networks Inc. is not affiliated with, endorsed by, or sponsored by Amazon Web Services.