Category: Networking & Content Delivery

This post was authored by Ali Yousefi, Senior Security Software Engineer on the Infrastructure Security Team at Pinterest Introduction In part 1 one of this two-part blog series, we demonstrated how Pinterest gained visibility into DNS traffic originating from its VPCs by enabling Amazon Route 53 Resolver query logs across its Amazon Web Services (AWS) […]

This post was authored by Ali Yousefi, Senior Security Software Engineer on the Infrastructure Security Team at Pinterest Introduction Network security has become an increasingly important focus area in cloud security as more organizations shift to the cloud. Organizations can take an active approach in protecting themselves and their data from various threats by strengthening […]

Have you ever wondered, “Why did I have this sudden increase in network traffic?” AWS Transit Gateway Flow Logs are a great resource for answering this, but running them continuously can incur processing and storage costs that you don’t need. However, if Flow Logs are run on demand, the traffic anomaly may have already passed […]

Since its launch in 2021, Amazon Route 53 Resolver DNS Firewall has enabled Amazon Web Services (AWS) users to monitor and control outbound DNS queries originating from their Amazon Virtual Private Cloud (Amazon VPC) resources. Configuring domain filtering rules in Route 53 Resolver DNS Firewall helps you mitigate security threats such as data exfiltration through […]

In today’s rapidly evolving cloud landscape, network architects, engineers, and cloud teams need to move faster to design, deploy, and manage complex Amazon Web Services (AWS) networking infrastructure at scale. The emergence of generative AI capabilities, particularly Amazon Bedrock and Amazon Q, offers unprecedented opportunities to transform how we approach these challenges and solve them […]

Introduction In this post, I describe how to use Amazon Web Services (AWS) Verified Access (AVA) to securely access an Amazon FSx for Windows File Server file share. You will learn how to configure and deploy AVA endpoints, and connect to your FSx file share from your remote computer using the AVA Connectivity client. This […]

Managing multi-Region network connectivity at scale is a critical challenge for modern enterprises. At Lemongrass Consulting, we enhanced our Amazon Web Services (AWS) network architecture by implementing AWS Cloud WAN. This implementation enabled intent-based routing between multiple AWS Regions while providing seamless on-premises integration through SD-WAN in our multi-Region AWS environment. Throughout this transformation, we […]

Managing DNS configurations across multiple VPCs and accounts requires thoughtful architectural planning, especially for organizations leveraging AWS PrivateLink interface endpoints for various AWS services. Organizations are continuously looking for ways to streamline these configurations while maintaining operational efficiency and security. For enterprises using Amazon Web Services (AWS) PrivateLink interface endpoints (such as AWS Lambda, Amazon […]

In today’s cloud-first world, resilient connectivity between your on-premises infrastructure and AWS, along with a deep understanding of its implementation, is critical for your business success. For many organizations, AWS Direct Connect serves as their primary connectivity solution. Starting at the physical layer (Layer 1), it operates across the first three layers of the Open […]

In this post we review how Amazon VPC Lattice can provide simple and secure access to an Amazon RDS Multi-AZ deployment using Amazon Resource Names (ARNs). Prerequisites We assume you are familiar with Amazon Virtual Private Cloud (VPC), and VPC Lattice concepts and capabilities. If you are unfamiliar with VPC Lattice please review Amazon VPC […]