Networking & Content Delivery

Preserving client IP address with Proxy protocol v2 and Network Load Balancer

When a load balancer or proxy cannot preserve the client’s original IP address, it may rewrite the IP address or use its own IP address for routing purposes. In this scenario, common practices such as inserting the original IP address into the request headers (for example, X-Forwarded-For) or utilizing Proxy protocol are widely used to […]

Private network for data movement in generative AI

Private network for data movement in generative AI In this post, we cover the architecture patterns for building secure, private network connectivity for data movement in generative artificial intelligence (generative AI) using Amazon Web Services (AWS) and AWS Partner Network (APN) services. Data privacy and security are top of mind for customers exploring generative AI […]

How to identify website performance bottlenecks by measuring time to first byte latency and using Server-Timing header

While website performance issues are a common occurrence, pinpointing their root causes can be a challenging task. In this post, you will learn how to simplify the performance troubleshooting process by unlocking the potential of the Server-Timing header. This header allows backend components to communicate timing metrics and other insights relevant to performance monitoring in […]

Protect against bots with AWS WAF Challenge and CAPTCHA actions

Protecting against bot threats requires insights into the client environment beyond what is available through network-level characteristics of a request, such as TCP or HTTP payload signatures. AWS WAF uses CAPTCHA and Challenge actions to undertake a client-side interaction, whether on a mobile device or browser, to understand this client environment before they can be […]

Best practices for deployment with AWS Global Accelerator

Users everywhere expect stable, consistent, and high-performing applications, regardless of where an application is hosted. However, end users often experience variability and congestion over the public internet, which can be especially problematic when users are geographically distant from the application. These issues can be a major obstacle to providing your users with the online experience […]

Introducing dual-stack without public IPv4 Application Load Balancer

In May 2024, Amazon Web Services (AWS) launched a new feature for internet-facing Application Load Balancers. This enhancement allows you to provision an internet-facing Application Load Balancer without needing public IPv4 addresses, enabling clients to connect using only IPv6 addresses. To connect, clients resolve the AAAA DNS records assigned to the Application Load Balancer. The […]

Tenant routing strategies for SaaS applications on AWS

A key challenge for SaaS providers is designing secure, scalable tenant routing mechanisms to identify tenants and route requests to appropriate resources. Effective tenant routing ensures isolation, scalability, and security. This post explores strategies for routing HTTP requests in multi-tenant SaaS environments on AWS, including considerations, best practices, and example scenarios. For routing strategies at […]

Simplify global security inspection with AWS Cloud WAN Service Insertion

Update: June 28, 2024 – Corrections were made to Figure 5 and the subsequent packet walkthrough.  AWS Cloud WAN is a managed wide-area networking (WAN) service that you can use to build and operate wide area networks that connect your data centers and branch offices, as well as your Amazon Virtual Private Cloud (Amazon VPC) […]

Introducing CloudFront Hosting Toolkit

Today, we released the CloudFront Hosting Toolkit, an open source command line interface (CLI) tool to help you deploy fast and secure front-ends in the cloud. Install the CloudFront Hosting Toolkit CLI through npm, run two commands, and CloudFront Hosting Toolkit CLI automatically creates the deployment pipeline and infrastructure needed to build, deploy, and serve your front-end […]

Monitor BGP status on AWS Direct Connect VIFs and track prefix count advertised over Transit VIF

As businesses transition to cloud-based infrastructure, establishing reliable connectivity between on-premises and cloud environments becomes a critical requirement. AWS Direct Connect provides a dedicated network link that extends a corporate data center network into the Amazon Web Services (AWS) Cloud. At the core of this connection is the Border Gateway Protocol (BGP), a dynamic routing […]