Protecting your AWS-hosted applications and APIs from Distributed Denial of Service (DDoS) attacks is crucial to ensure their availability and performance. AWS provides various services and features to help you mitigate and defend against DDoS attacks.

Here are some key measures you can take:

1. Use AWS Shield: AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. It provides automatic protection against common and larger-scale DDoS attacks. AWS Shield Standard is available at no additional cost for all AWS customers, while AWS Shield Advanced offers enhanced protection and additional features for an additional fee.
2. Implement AWS WAF: AWS Web Application Firewall (WAF) helps protect your applications from common web exploits and DDoS attacks. It allows you to define rules to filter and block malicious traffic before it reaches your applications. You can create custom rules to block specific patterns or use managed rule sets provided by AWS and third-party vendors.
3. Utilize AWS CloudFront: Amazon CloudFront is a global content delivery network (CDN) service that can help absorb and mitigate DDoS attacks. By distributing your content across multiple edge locations, CloudFront can help reduce the impact of DDoS attacks by absorbing and dispersing the traffic across its network.
4. Enable AWS Shield Advanced: AWS Shield Advanced provides additional protection against larger and more sophisticated DDoS attacks. It offers features like advanced threat intelligence, real-time DDoS attack visibility, and cost protection against scaling resources during an attack.
5. Implement VPC Security Groups and Network ACLs: Use AWS Virtual Private Cloud (VPC) security groups and network access control lists (ACLs) to control inbound and outbound traffic to your applications. By properly configuring these security measures, you can restrict access to your resources and block malicious traffic.

It's important to note that while these measures can significantly improve your protection against DDoS attacks, it's also recommended to regularly monitor your applications and implement security best practices to stay ahead of evolving threats.

For more detailed information and specific implementation examples, you can refer to the official AWS documentation:

• AWS Shield
• AWS WAF
• Amazon CloudFront
• AWS Virtual Private Cloud (VPC)

By implementing these measures, you can significantly enhance the security and resilience of your AWS-hosted applications and APIs against DDoS attacks.