AWS Shield Advanced now automatically protects web applications by blocking application layer (Layer 7) DDoS events with no manual intervention needed by you or the AWS Shield Response Team (SRT). When you protect your resources with AWS Shield Advanced and enable automatic application layer DDoS mitigation, Shield Advanced will identify patterns associated with layer 7 DDoS events and isolate this anomalous traffic by automatically creating AWS WAF rules in your web access control lists (ACLs). These rules can be implemented in count mode to observe how they will impact resource traffic and then deployed in block mode. These capabilities enable you to quickly respond to and mitigate DDoS events that threaten the availability of your applications.
Source:: Amazon AWS