Which service is critical for maintaining the uptime of web applications during DDoS attacks?

AWS Shield is designed specifically to protect applications running on AWS from Distributed Denial of Service (DDoS) attacks, making it the critical service for maintaining the uptime of web applications during such events. It provides advanced threat protection and automatically safeguards web applications by detecting and mitigating DDoS attacks in real time. There are two tiers of AWS Shield: the Standard tier, which offers protection against the most common types of DDoS attacks at no additional cost, and the Advanced tier, which provides additional features such as enhanced DDoS attack detection, real-time attack visibility, and 24/7 access to the AWS DDoS Response Team (DRT) for support.

The other services mentioned, while beneficial in their respective areas, do not specifically address DDoS mitigation. AWS Certificate Manager deals with managing SSL/TLS certificates to secure communication but does not provide protection against DDoS. AWS Lambda is a serverless compute service that runs code in response to events, and while it can help scale applications efficiently, it does not specifically mitigate DDoS attacks. Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior, but it is not focused on DDoS protection and would be more applicable for detecting