Networking & Content Delivery

Category: Advanced (300)

Running multicast-enabled containers on AWS

Introduction Multicast is a popular IP-based communication mechanism that is actively employed in many industry verticals, including finance, media, telco, transportation, and others. This post describes how to enable multicast in container environments orchestrated by Amazon Elastic Container Service (ECS). Although Amazon ECS is a fully managed container orchestration service, some additional steps must be […]

Read More

Creating Disaster Recovery Mechanisms Using Amazon Route 53

We’ll start by outlining how AWS services provide reliability using control planes and data planes, then share high-level design principles for creating a failover mechanism. Finally, we’ll explain the features of Route 53 that make your DR approach more effective.

Read More

Continuous verification of network compliance using Amazon VPC Network Access Analyzer and AWS Security Hub

Introduction As your distributed application teams operate network infrastructure, it can be challenging for central security, networking, or cloud operations teams to determine whether the correct network controls are in place. Network controls, such as firewall rules, NAT Gateways, network access control lists (ACL’s), security groups, and network segmentation, serve as a critical first line […]

Read More

Calculating data transfer leveraging Amazon VPC flow logs

Introduction There are several factors that contribute towards your overall costs incurred in AWS cloud. When it comes to networking, many customers ask about data transfer charges. You pay a Data Transfer charge when you send data out from AWS to Internet, between AWS Regions, or between Availability Zones (AZ). Today, there are multiple ways […]

Read More

Migrating from Squid Web Proxy to AWS Network Firewall

Introduction Regardless of size or industry, it’s common for organizations to have security and compliance rules for securing internet-bound traffic. AWS customers need control over, and the ability to filter, requests that are initiated by resources in private and public subnets and sent to the internet. This is also known as “egress filtering.” In AWS, […]

Read More

Using Route 53 Resolver DNS Firewall Logs with CloudWatch Contributor Insights and Anomaly Detection

Introduction The Domain Name System (DNS) is one of the most critical components for almost any network as every service relies on a functional DNS service. Amazon Route 53 Resolver (sometimes referred to as “AmazonProvidedDNS” or the “.2/+2 resolver”) provides a highly available and scalable DNS service that customers have come to rely upon for their recursive DNS […]

Read More

Accessing an AWS API Gateway via static IP addresses provided by AWS Global Accelerator

Introduction In this article, I will walk you through the steps to configure Amazon API Gateway in combination with AWS Global Accelerator to present Internet-facing API via static IP addresses to end users. This design addresses the need for static IP safelisting and also provides additional performance benefits to end users by sending user’s traffic […]

Read More

Moving towards DevOps CI/CD approach to configure and manage AWS networking resources

Introduction Organizations are moving from traditional monolithic data center networks to an agile application programming interface (API) driven cloud network. As a result, customers are looking for an efficient and reliable way to make changes to their cloud network infrastructure. They want to adopt a pipeline driven approach to make any network changes following DevOps […]

Read More

Mirror production traffic to test environment with VPC Traffic Mirroring

Many organizations want to replay production traffic to a test environment, with no impact on the end user’s experience. This is known as traffic mirroring or traffic shadowing. Testing the new version of a workload with production traffic is a key step for a successful release. Some tests use scripted requests, but real traffic is […]

Read More

Simulating Site-to-Site VPN customer gateways using strongSwan part 2: Certificate-based authentication

Do you need to either demonstrate or learn more about using certificate-based authentication with AWS Site-to-Site VPN capabilities? In part 1 of this series, we showed how to use an AWS CloudFormation template to deploy the open source strongSwan VPN solution to implement the on-premises side of an AWS Site-to-Site VPN connection. The open source […]

Read More