Category: Networking & Content Delivery

Many organizations need to review or audit networking information within AWS environments that contain multiple AWS accounts. At scale, questions such as “which accounts have Internet access enabled?”, “which account owns the Elastic IP 198.51.100.101?” and, “what are the IP addresses of my NAT gateways?” can be challenging to answer. Traditionally, within an individual account, […]

Amazon CloudFront Functions now makes it possible to do things that were previously only possible with AWS Lambda@Edge, but in a more performant manner. For example, now you can manipulate the URI path—something that is essential when you want to secure an origin using an Origin Access Identity (OAI) with Amazon CloudFront. In 2017, I […]

Introduction Multicast is a popular IP-based communication mechanism that is actively employed in many industry verticals, including finance, media, telco, transportation, and others. This post describes how to enable multicast in container environments orchestrated by Amazon Elastic Container Service (ECS). Although Amazon ECS is a fully managed container orchestration service, some additional steps must be […]

Happy 2022 AWS Networking & Content Delivery enthusiasts! In December 2021, AWS hosted its 10th annual re:Invent conference. The Networking & Content Delivery team had 14 unique breakout sessions that were recorded and can be found on this playlist. In addition to these sessions, the Networking team had a leadership session presented by David Brown, […]

Introduction Many organizations deploy Amazon Elastic Kubernetes Service (Amazon EKS) clusters into Amazon Virtual Private Cloud (VPC) environments with direct access to the internet and to other VPCs. Connectivity between the VPC hosting the Amazon EKS cluster and other VPCs is typically created using routed networking services, such as VPC Peering or AWS Transit Gateway. […]

AWS Client VPN  is a simple solution that allows users to connect from anywhere to their AWS environments, a capability that has become important to almost every organization over the last year. Single sign-on (SSO) is used widely across organizations of all sizes to authenticate and authorize their users’ access to enterprise applications and IT […]

Introduction Exposing Internet-facing applications requires careful consideration of what security controls are needed to protect against external threats and unwanted access. These security controls can vary depending on the type of application, size of the environment, operational constraints, or required inspection depth. For some scenarios, running Network Access Control Lists (NACL) and Security Groups (SG) […]

AWS customers regularly use the ability to reference another security group in the same Amazon Virtual Private Cloud (VPC), or a peered VPC in the same Region, as a dynamic reference. This ability allows customers who have highly ephemeral workloads to adopt the practice of least privilege more easily. We do not currently support security […]

AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS. With the launch of a new AWS Direct Connect location in the NextDC S2 Sydney data center, you can now establish dedicated 100 Gbps and encrypted connections with resiliency across two Sydney locations. Equinix SY3, an existing location in Sydney, also […]

In this two-part blog series, you will learn how to use email addresses and domain names for user authentication. With this method, you restrict credentials-free user access to a static website. In this second part of the blog series, you will learn how to implement the authorization mechanism. In the previous blog post, you learnt […]