If there is a Distributed Denial of Service (DDOS) alert in Icinga this means that AWS have detected a probable DDOS attack on one or more of the AWS Shield Advanced protected resources.
You should take the following actions to investigate the issue:
- Contact AWS support https://console.aws.amazon.com/support/home
- Inform them that the DDOSDetected alarm has been triggered
- Enquire about the nature of the attack
- Follow their instructions (if any)
The alert will appear on the Icinga dashboard for 24 hours after it was first triggered due to the sparse metrics.