So instead of DDoSing someone, you could make some not-so-large amount of requests to their APIs and instead of taking down their servers, you'll just take them down by bankrupting them with a huge invoice?
With default settings an attacker can run up-to 10000 req/sec on your api gw which would result in a sizable bill if left unnoticed. So with AWS you have to configure throttling and AWS protects you from low level ddos. How do you save yourself from a huge traffic bill in a VPS?
AWS also has WAF to protect from DDoS , it is expensive but may save a day if you urgently need a protection.
AWS also has WAF to protect from DDoS , it is expensive but may save a day if you urgently need a protection.