If I am an AWS customer I expect AWS to handle/prevent DDoS, same way as they do with S3 to achieve 11 9's availability (the files are saved in multiple AZs in the same region - Glacier IIRC copy files on different regions to avoid data loss in case of physical disaster).
One of the reason for choosing AWS is because AMZ has deep pockets and has the means (financial and technical) to fight against large DDoS attacks, while a smaller provider might not have to do that. Putting clients in a position to have to buy that sort of protection doesn't sound very smart to me.
I see so many people confused about this. Eleven nines is their durability guarantee, their availability that they guarantee is only 99.99%
If you are an AWS customer you should have done your due diligence and know that amazon won't do a very good job at that.
Someone will always have the upper hand in an arms race, and it's not service providers yet. It's just a matter of finding the choke point between their transit and your code.
Offtopic but relevant. One of my customer moved their email to O365 without understanding the differences from being ON-Prem. Now they are struggling to adopt their business processes to then limitations MS imposes.
If the attack is tiny, sure. Otherwise they'll just cut you off.
Amazon might wave the fee, but you are the first party responsible.
> My website is on Blogger, Google Sites, or Google App Engine. Am I eligible?
> As Google products, these sites already have similar DDoS protection to Project Shield. Your website would not need to be set up with Project Shield.