Cyber attac (DDoS) at Amazon AWS

[German]Amazon Web Services (AWS) has been the target of a distributed DDoS attack on August 23, 2019. Websites and apps were unavailable and customers were affected.


Advertising

The Register has covered that in this article. Parts of Amazon Web Services were effectively kicked out of the Internet on August 23, 2019. In some cases, the websites of some customers were no longer accessible. The reason was a widespread DDoS attack on the Amazon cloud. Internet users were temporarily unable to access websites and other online services due to the ongoing outage.

According to an Amazon support agent, the AWS DNS servers were overloaded by a Distributed Denial of Service (DDoS) attack and were unable to resolve customer requests. Amazon took countermeasures, but as a result, some legitimate domain name queries were inadvertently not executed as part of the countermeasure. This means that attempts by websites and applications to contact Amazon hosted backend systems, such as S3 storage areas, failed. This resulted in error messages or blank pages for users.

The partial outages started at about 09:00 US East Coast times and continued all day. The DDoS attacks are obstructing all connections to Amazon services that rely on external DNS queries. These include Amazon Relational Database Service (RDS), Simple Queue Service (SQS), CloudFront, Elastic Compute Cloud (EC2) and Elastic Load Balancing (ELB). These are services that countless websites and applications rely on to serve visitors and process customer information. Amazon may have published the following status information:

Intermittent DNS Resolution Errors

We are investigating reports of occasional DNS resolution errors with Route 53 and our external DNS providers. We are actively working towards resolution.

AWS customers report that they have received the following message from Amazon Support Agents:

We are investigating reports of occasional DNS resolution errors. The AWS DNS servers are currently under a DDoS attack.

Our DDoS mitigations are absorbing the vast majority of this traffic, but these mitigations are also flagging some legitimate customer queries at this time.

We are actively working on additional mitigations, as well as tracking down the source of the attack to shut it down. Amazon S3 customers experiencing impact from this event can update the configuration of their clients accessing S3 to specify the specific region that their bucket is in when making requests to mitigate impact.

For example, instead of "mybucket.s3.amazonaws.com" a customer would instead specify "mybucket.s3.us-west-2.amazonaws.com" for their bucket in the US-WEST-2 region. If you are using the AWS SDK, you can specify the region as part of the configuration of the Amazon S3 client to make sure your requests use this region-specific endpoint name.

The DNS resolution issues are also intermittently affecting other AWS Service endpoints like ELB, RDS, and EC2 that require public DNS resolution.

The US company is therefore under a DDoS cyber attack, resulting in sporadic outages. The AWS service has announced on Twitter that it is on the topic.


Advertising

DigitalOcean has monitored the status of the failure on a website. About 1 hour ago the status was set to 'fixed'. Any of you affected?


Advertising

This entry was posted in Cloud, issue and tagged , , . Bookmark the permalink.

One Response to Cyber attac (DDoS) at Amazon AWS

  1. Crysta T Lacey says:

    German, a little bit less so….O.o

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).