Comparing Security Cloud Tools: Alibaba Cloud Anti-DDoS vs. AWS Shield

To maintain a secure web application, you need to invest in security tools. But because there are so many security tools available, it can be difficult to decide which one to choose. Most cloud platforms offer security services to help protect workloads, and you may not know which one is the best fit for your needs.

In this post, we will walk through the use of two major cloud security services: Alibaba Cloud’s Anti-DDoS tool and AWS Shield. Both solutions offer protection against denial-of-service attacks on cloud workloads. Below, we’ll take a look at how each service is set up, with the goal of determining which is a better fit for a given workload or use case.

Alibaba Cloud Anti-DDoS

Alibaba Cloud Anti-DDoS is available in two tiers: a Basic version and a Pro one. The following table shows how the two offerings compare feature-wise:

As you can see, Anti-DDoS Pro has a wider range of options for attack protection that will guarantee greater security for your web application. It also protects the application and server from the most common attacks, along with the most complex ones. With the Pro version, the mitigation capacity goes from 5 Gbps, which is the capacity defended by Basic, to 2 Tbps.

Tool test

The first impression is that it is not working; however, the service will be available in the region the instance was created in. In my case, it was created in Asia Pacific SE 1 (Singapore). Note that this dashboard shows the South China 1 region preselected, so you may need to modify where the instance is.

After selecting where the instance is, you can see that there is already a level of security in the Basic model for the ECS created.

We can see that the instance has not suffered an attack. We can still see two monitoring tabs, one labeled Traffic (bps) and the other Packets Per Second (pps). In this same screen, we can see that the Basic plan does not support CC attacks, so you should evaluate whether the Basic option is best for you.

Through the following screenshots, I will show the contents of the View Details option.

The Whitelist setting button is for feeding a list of allowed addresses if you have enabled and configured the WAF. Below are some Anti-DDoS settings, starting with the report.

Security report

The web protection configuration can be visualized fully in the official documentation, which is available here.

AWS Shield

A general comparison of the two levels of protection is shown in the table below:

Comparison of Alibaba Cloud Anti-DDoS and AWS Shield Features

Tool test

Choose the service you want to access and configure. I clicked Go to AWS Shield.

To my surprise, I was directed to a different screen that contained the WAF settings.

When I clicked on any icon in AWS Shield, page blocking wasn’t an option, forcing me to activate Advanced to proceed, which costs $ 3,000 per month just for the activation.

Unfortunately, my test of AWS Shield ends here because enabling activation just to test the tool is so costly. But, unlike AWS Shield, Alibaba Cloud offers a $300 credit to test the tool as much as you like, and you can simulate an environment that closely matches your requirements.



Brena Monteiro is a Fixate IO Contributor and a software engineer with experience in the analysis and development of systems. She is a free software enthusiast and an apprentice of new technologies.


Follow me to keep abreast with the latest technology news, industry insights, and developer trends.