Distributed denial of service mitigation in a container based framework

What is claimed is: 1. A non-transitory computer-readable storage medium storing thereon executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to at least: receive metrics from a software agent executing on a physical host in which a first software container executes, the metrics including information regarding a network communication directed to a first software application executing in the first software container from a second software application executing in a second software container different from the first software container, the first software container and the second software container being managed through a container service provided by a computing resource service provider that controls the computer system; determine, based at least in part on the metrics, that a trigger for initiating migration of the second software application has been met, the migration being a process to move the second software application from a first zone to a second zone in a hierarchy of zones that would result in the second software application being in a more granular hierarchical proximity with respect to at least physical distance or a bandwidth to the first software application; and as a result of the trigger being met: compute, based at least in part on a determination of whether the network communication is associated with a denial of service attack, a denial of service threat level; as a result of the denial of service threat level being of a first severity, cause the second software application to be migrated to the second zone that allows for improved communications between the first software application and the second software application, wherein the denial of service threat level is of the first software application to the second software application; as a result of the denial of service threat level being of a second severity, delay migration of the second software application for a predetermined period; and as a result of the denial of service threat level being of a third severity, cause a denial of service mitigation action to be performed. 2. The non-transitory computer-readable storage medium of claim 1 , wherein the first severity, the second severity, and the third severity are customizable by a customer associated with the first software application. 3. The non-transitory computer-readable storage medium of claim 1 , wherein the second zone is a software container. 4. The non-transitory computer-readable storage medium of claim 1 , wherein the denial of service threat level is further computed based at least in part on one or more of an amount of memory utilization, an amount of usage of one or more processors, or an amount of network usage. 5. The non-transitory computer-readable storage medium of claim 1 , wherein the denial of service threat level is further computed based at least in part on performance metrics of a service utilized by the first software application. 6. A system, comprising: one or more processors; and memory including instructions that, as a result of execution by the one or more processors, cause the system to: receive metrics from a software agent executing on a physical host in which a first software container executes, the metrics including information regarding a network communication directed to a first software application executing in the first software container from a second software application executing in a second software container different from the first software container, the first software container and the second software container being managed through a container service provided by a computing resource service provider; determine, based at least in part on the metrics, that a trigger for initiating migration of the second software application has been met, the migration being a process to move the second software application from a first zone to a second zone in a hierarchy of zones that would result in the second software application being in a more granular hierarchical proximity with respect to at least physical distance or a bandwidth to the first software application; and as a result of the trigger being met: compute, based at least in part on a determination of whether the network communication is associated with a denial of service attack, a denial of service threat level; as a result of the denial of service threat level being of a first severity, cause the second software application to be migrated to the second zone that allows for improved communications between the first software application and the second software application, wherein the denial of service threat level is of the first software application to the second software application; as a result of the denial of service threat level being of a second severity, delay migration of the second software application for a predetermined period; and as a result of the denial of service threat level being of a third severity, cause a mitigation action to be performed. 7. The system of claim 6 , wherein the metrics are received from an agent executing on the physical host that is executing the first software application. 8. The system of claim 6 , wherein the second zone is one of a data center, a server rack, physical computing system, a virtual machine instance, or a software container. 9. The system of claim 6 , wherein the mitigation action includes one or more of: migrating the second software application to a second zone separate from a zone in which the first software application is executing, or blocking the second software application from communicating with the first software application. 10. The system of claim 6 , wherein the instructions further include instructions that cause the system to: determine that the second software application is impairing performance of the first software application beyond a threshold; and identify the second application by causing the system to, for each application of ((the)) a plurality of different applications: migrate the application to the second zone; determine an amount of performance improvement of the first software application resulting from migrating the application; and as a result of the amount of performance improvement reaching a value relative to a threshold, determine that the application is one of the one or more applications impairing the performance of the first software application. 11. The system of claim 6 , wherein the instructions further include instructions that cause the system to: receive additional metrics regarding a second network communication directed to the first software application from the second software application; compute, based at least in part on the additional metrics, a second threat level; and as a result of the second threat level being of a certain severity, cause the second software application to be migrated out of the second zone. 12. The system of claim 6 , wherein: the first software application is hosted on computing resources of a computing resource service provider as a service to a customer of the computing resource service provider; and the service to the customer includes an interface that includes an option for allowing the customer to specify the first severity, the second severity, and the third severity. 13. The system of claim 6 , wherein the instructions further include instructions that cause the system to, as a further result of the denial of service threat level being of the second severity or of the third severity: determine a digital fingerprint of the network communication directed from the second software applicati