Category: Architecture

For organizations operating multi-tenant environments, regulated environments, or multiple business units, maintaining strict network segmentation between SD-WAN and AWS is essential for meeting security, compliance, and operational requirements. This is Part 2 of the two-part series on extending SD-WAN segmentation into AWS Cloud WAN. In Part 1, the Generic Routing Encapsulation (GRE) based Connect attachment […]

For organizations operating multi-tenant environments, regulated environments, or multiple business units, maintaining strict network segmentation between SD-WAN and AWS is essential for meeting security, compliance, and operational requirements. Deploying SD-WAN virtual appliances and extending your segmentation through AWS Cloud WAN helps unify these segmented environments under a single, scalable global network. That said, segmentation is […]

Organizations securing access to internal applications face a common challenge: traditional VPNs grant broad network access once connected, leaving applications accessible beyond their intended scope and lacking granular traffic inspection. AWS Verified Access (AVA) and AWS Network Firewall (Network Firewall) provide a zero trust solution that addresses these challenges by combining identity-based access control with […]

Amazon VPC Route Server enables dynamic routing within Amazon Virtual Private Cloud (Amazon VPC) using Border Gateway Protocol (BGP). You can use Amazon VPC Route Server for effective and intelligent traffic control between cloud applications and on-premises systems. Amazon VPC Route Server uses BGP to provide advanced control over traffic paths, especially for failures, and […]

Introduction We recently announced that Amazon Route 53 Resolver Endpoint supports Domain Name System (DNS) delegation, allowing you to delegate authority for a subdomain from your on-premises infrastructure to Route 53 and vice versa. Previously, to implement DNS delegation and maintain a unified private DNS namespace across on-premises and in Amazon Web Services (AWS) environments, […]

This post was authored by Ali Yousefi, Senior Security Software Engineer on the Infrastructure Security Team at Pinterest Introduction In part 1 one of this two-part blog series, we demonstrated how Pinterest gained visibility into DNS traffic originating from its VPCs by enabling Amazon Route 53 Resolver query logs across its Amazon Web Services (AWS) […]

This post was authored by Ali Yousefi, Senior Security Software Engineer on the Infrastructure Security Team at Pinterest Introduction Network security has become an increasingly important focus area in cloud security as more organizations shift to the cloud. Organizations can take an active approach in protecting themselves and their data from various threats by strengthening […]

In today’s rapidly evolving cloud landscape, network architects, engineers, and cloud teams need to move faster to design, deploy, and manage complex Amazon Web Services (AWS) networking infrastructure at scale. The emergence of generative AI capabilities, particularly Amazon Bedrock and Amazon Q, offers unprecedented opportunities to transform how we approach these challenges and solve them […]

In this post, we describe how you can use Amazon Web Services (AWS) Cloud WAN with service insertion to centralize your private NAT Gateways and PrivateLink to effectively and efficiently address private IPv4 exhaustion. We demonstrate how you can maximize the usage of available IP space while minimizing cost impact. Private IPv4 space, defined in […]

In this post, we explore how you can use Amazon VPC Lattice to expose shared services and resources across an organization while maintaining security and governance. We cover key architecture concepts, security best practices, and considerations for deploying VPC Lattice in production environments. As organizations grow, managing access to shared services across multiple environments—such as […]