Networking & Content Delivery
Category: Advanced (300)
Running multicast-enabled containers on AWS
Introduction Multicast is a popular IP-based communication mechanism that is actively employed in many industry verticals, including finance, media, telco, transportation, and others. This post describes how to enable multicast in container environments orchestrated by Amazon Elastic Container Service (ECS). Although Amazon ECS is a fully managed container orchestration service, some additional steps must be […]
Read MoreCreating Disaster Recovery Mechanisms Using Amazon Route 53
We’ll start by outlining how AWS services provide reliability using control planes and data planes, then share high-level design principles for creating a failover mechanism. Finally, we’ll explain the features of Route 53 that make your DR approach more effective.
Read MoreContinuous verification of network compliance using Amazon VPC Network Access Analyzer and AWS Security Hub
Introduction As your distributed application teams operate network infrastructure, it can be challenging for central security, networking, or cloud operations teams to determine whether the correct network controls are in place. Network controls, such as firewall rules, NAT Gateways, network access control lists (ACL’s), security groups, and network segmentation, serve as a critical first line […]
Read MoreCalculating data transfer leveraging Amazon VPC flow logs
Introduction There are several factors that contribute towards your overall costs incurred in AWS cloud. When it comes to networking, many customers ask about data transfer charges. You pay a Data Transfer charge when you send data out from AWS to Internet, between AWS Regions, or between Availability Zones (AZ). Today, there are multiple ways […]
Read MoreMigrating from Squid Web Proxy to AWS Network Firewall
Introduction Regardless of size or industry, it’s common for organizations to have security and compliance rules for securing internet-bound traffic. AWS customers need control over, and the ability to filter, requests that are initiated by resources in private and public subnets and sent to the internet. This is also known as “egress filtering.” In AWS, […]
Read MoreUsing Route 53 Resolver DNS Firewall Logs with CloudWatch Contributor Insights and Anomaly Detection
Introduction The Domain Name System (DNS) is one of the most critical components for almost any network as every service relies on a functional DNS service. Amazon Route 53 Resolver (sometimes referred to as “AmazonProvidedDNS” or the “.2/+2 resolver”) provides a highly available and scalable DNS service that customers have come to rely upon for their recursive DNS […]
Read MoreAccessing an AWS API Gateway via static IP addresses provided by AWS Global Accelerator
Introduction In this article, I will walk you through the steps to configure Amazon API Gateway in combination with AWS Global Accelerator to present Internet-facing API via static IP addresses to end users. This design addresses the need for static IP safelisting and also provides additional performance benefits to end users by sending user’s traffic […]
Read MoreMoving towards DevOps CI/CD approach to configure and manage AWS networking resources
Introduction Organizations are moving from traditional monolithic data center networks to an agile application programming interface (API) driven cloud network. As a result, customers are looking for an efficient and reliable way to make changes to their cloud network infrastructure. They want to adopt a pipeline driven approach to make any network changes following DevOps […]
Read MoreMirror production traffic to test environment with VPC Traffic Mirroring
Many organizations want to replay production traffic to a test environment, with no impact on the end user’s experience. This is known as traffic mirroring or traffic shadowing. Testing the new version of a workload with production traffic is a key step for a successful release. Some tests use scripted requests, but real traffic is […]
Read MoreSimulating Site-to-Site VPN customer gateways using strongSwan part 2: Certificate-based authentication
Do you need to either demonstrate or learn more about using certificate-based authentication with AWS Site-to-Site VPN capabilities? In part 1 of this series, we showed how to use an AWS CloudFormation template to deploy the open source strongSwan VPN solution to implement the on-premises side of an AWS Site-to-Site VPN connection. The open source […]
Read More