Category: Advanced (300)

In a typical enterprise network, customers have VPCs across multiple accounts within an AWS Region to segment workloads. This segmentation can take different forms and depends on the company structure, security policy, business functions, and model. The drivers of the segmentation can vary. For example, segmentation could be driven by security and regulatory requirements, costs, […]

Many customers have requirements to leverage existing on-premises firewall technology or want to get started in AWS by using their existing firewall expertise. A large number of firewall vendors have versions of their software in the AWS Marketplace that work in either bring-your-own-license (BYOL) or pay-as-you-go pricing models. This makes it easy to get up and running […]

As IT environments grow, they can become more complex, with additional accounts, VPCs, and the networking between them. AWS Transit Gateway is a service that addresses networking complexity by building a hub-and-spoke network to simplify your network routing and security. With Transit Gateway, you can connect your Virtual Private Clouds (VPCs) that span multiple accounts […]

Introduction Today, viewing video content is a prevalent form of online activity whether in entertainment, education, marketing, or information. For example, as a Solutions Architect at AWS, I tend to watch hours of video a week to learn about technologies, and I also leverage video content to convey ideas and best practices in a scalable […]

AWS Global Accelerator simplifies multi-region cloud deployments while leveraging the AWS vast, highly available, and congestion-free global network. Global Accelerator uses a pair of static anycast IP addresses to direct you to the application that is geographically closest and has healthy endpoints, using routing policies that you configure. This feature makes sure that you have […]

Enterprise customers who host private web apps on Amazon CloudFront may struggle with a challenge: how to prevent unauthenticated users from downloading the web app’s source code (for example, React, Angular, or Vue). In a separate blog post, you can learn one way to provide that security using Amazon Lambda@Edge and Amazon Cognito, with an example […]

I want to take some time to dive more deeply into a use case outlined in NET301 Best Practices for AWS PrivateLink. The use case involves using AWS Transit Gateway, along with Amazon Route 53 Resolver, to share AWS PrivateLink interface endpoints between multiple connected Amazon virtual private clouds (VPCs) and an on-premises environment. We’ve seen […]

Last year, a colleague of mine wrote a blog post about new security measures that Amazon CloudFront was implementing to enhance the security of how domains are used on CloudFront distributions. This included mitigations to prevent the abusive use of domain fronting practices by not allowing SSL handshake requests and subsequent requests over the secured […]