Table of contents
This page describes what to do in case of an Icinga alert. For more information you could search the govuk-puppet repo for the source of the alert

Icinga alerts

DDOS Detected

If there is a Distributed Denial of Service (DDOS) alert in Icinga this means that AWS have detected a probable DDOS attack on one or more of the AWS Shield Advanced protected resources.

You should take the following actions to investigate the issue:

  1. Contact AWS support https://console.aws.amazon.com/support/home
  2. Inform them that the DDOSDetected alarm has been triggered
  3. Enquire about the nature of the attack
  4. Follow their instructions (if any)

The alert will appear on the Icinga dashboard for 24 hours after it was first triggered due to the sparse metrics.

This page was last reviewed on 24 July 2019. It needs to be reviewed again on 24 January 2020 by the page owner #govuk-2ndline .
This page was set to be reviewed before 24 January 2020 by the page owner #govuk-2ndline. This might mean the content is out of date.