Red Button's AWS DDoS Testing is a managed DDoS simulation service designed for organizations running workloads on AWS. As an authorized AWS Partner, Red Button conducts attack simulations tailored to a customer's specific AWS deployment architecture, accounting for configurations such as CloudFront with ALB and EC2, API Gateway with AWS Lambda, and others. The service covers three categories of DDoS attacks: - Application-layer (Layer 7) attacks, targeting harder-to-detect application-level vulnerabilities - Volumetric attacks, simulating high-traffic flood scenarios - Protocol/network-layer attacks, including SYN floods and UDP floods Testing does not require prior notification to AWS, enabling last-minute or unannounced test scenarios. A typical test session runs approximately three hours, with more extensive multi-vector sessions extending up to six hours. Total customer time commitment is approximately five hours, covering a pre-test interview, the test session itself, and a results/recommendations debrief. Following the simulation, customers receive a detailed report of identified security flaws prioritized by severity, along with AWS-specific remediation recommendations covering areas such as AWS WAF configuration, rate limiting, scanner and probe protection, and auto-scaling. An optional re-testing session is available to validate implemented fixes. Red Button also offers separate support for implementing the recommended mitigations.