Does DO still disconnect your droplet from the Internet for three hours if you get DDoSed?
That's what made me switch from DO to AWS a few years ago. I used my droplet as an IRC bouncer to hide my home IP address. I'm an op in an IRC channel and someone started spamming racial slurs, so I banned them. They responded with a DDoS. I could tell my connection was a bit slow, but nothing crashed, but then it dropped offline and I got an e-mail from DO saying they're taking my droplet offline to protect their network.
Made me realize that I could never use them for any sort of game server, since the skids love to fire up LOIC whenever they get upset.
This is why I run anything online-gaming related on OVH (or SoYouStart and Kimsufi, their cheaper offshoots that still use the OVH network) - they are very good about handling the everyday DDoSes you get in that sector without taking the site offline or charging extra. I think they will disconnect a site that draws a very high rate attack, but they've soaked the kiddie DDoSes just fine.
Did you continue to get DDoS after moving to AWS? I figure that AWS would take similar steps if you are not using Shield or one of their other products that would help mitigation.
There are two levels of AWS Shield, "Standard" and "Advanced". You are correct that all instances receive "Standard" protection from Shield by default.
That's what made me switch from DO to AWS a few years ago. I used my droplet as an IRC bouncer to hide my home IP address. I'm an op in an IRC channel and someone started spamming racial slurs, so I banned them. They responded with a DDoS. I could tell my connection was a bit slow, but nothing crashed, but then it dropped offline and I got an e-mail from DO saying they're taking my droplet offline to protect their network.
Made me realize that I could never use them for any sort of game server, since the skids love to fire up LOIC whenever they get upset.