Networking & Content Delivery

Category: *Post Types

Resolve DNS names of Network Load Balancer nodes to limit cross-Zone traffic

Introduction Network Load Balancer (NLB), part of the Elastic Load Balancing Family, is the flagship Layer 4 load balancer for AWS. It offers elastic capacity, high performance, and integration with many other AWS services (such as Amazon EC2 Auto Scaling). NLB is designed to handle millions of requests per second while maintaining ultra-low latency, improving […]

Read More

Best practices for deploying Gateway Load Balancer

Introduction At re:Invent 2020, we launched Gateway Load Balancer (GWLB), a service that makes it easy and cost-effective to deploy, scale, and manage the availability of third-party virtual appliances. These appliances include firewalls (FW), intrusion detection and prevention systems, and deep packet inspection systems in the cloud. Since the launch, a lot of customers have […]

Read More

New APIs and functionality for managing Amazon CloudFront CNAMEs

Today, Amazon CloudFront announced the release of two new APIs, ListConflictingAliases and AssociateAlias. These APIs are useful when you need to locate or move Alternate Domain Names (CNAMEs) when you encounter the CNAMEAlreadyExists error code. In addition, more use cases have been enabled when you are working with wildcard CNAMEs across accounts. Before diving into […]

Read More

Using Route 53 Resolver DNS Firewall Logs with CloudWatch Contributor Insights and Anomaly Detection

Introduction The Domain Name System (DNS) is one of the most critical components for almost any network as every service relies on a functional DNS service. Amazon Route 53 Resolver (sometimes referred to as “AmazonProvidedDNS” or the “.2/+2 resolver”) provides a highly available and scalable DNS service that customers have come to rely upon for their recursive DNS […]

Read More

Accessing an AWS API Gateway via static IP addresses provided by AWS Global Accelerator

Introduction In this article, I will walk you through the steps to configure Amazon API Gateway in combination with AWS Global Accelerator to present Internet-facing API via static IP addresses to end users. This design addresses the need for static IP safelisting and also provides additional performance benefits to end users by sending user’s traffic […]

Read More

Automating service discovery using AWS Transit Gateway Multicast with IGMP

This post will describe how to use multicast and Internet Group Management Protocol (IGMP), two of the newer features of AWS Transit Gateway, to enable applications and services to discover each other automatically when running in Amazon Virtual Private Cloud (Amazon VPC) environments. Service discovery means that a service client, such as a network file […]

Read More

Adding MACsec security to AWS Direct Connect connections

AWS Direct Connect now supports MACsec security (IEEE 802.1AE), giving you a new option for securing your data from when it leaves your network until it arrives at AWS. With this release, Direct Connect delivers native, near line-rate, and point-to-point encryption for 10 Gbps and 100 Gbps links. Available at select locations for dedicated connections […]

Read More

Starting Small with AWS Global Accelerator

In this blog post, we will present an approach to starting small and testing the benefits of AWS Global Accelerator before determining if you would like to transition to a full Global Accelerator enhanced application. Similarly, if you are interested in performing A/B testing or looking for a rolling deployment method for the Global Accelerator, this blog […]

Read More

Mirror production traffic to test environment with VPC Traffic Mirroring

Many organizations want to replay production traffic to a test environment, with no impact on the end user’s experience. This is known as traffic mirroring or traffic shadowing. Testing the new version of a workload with production traffic is a key step for a successful release. Some tests use scripted requests, but real traffic is […]

Read More

Solving DNS zone apex challenges with third-party DNS providers using AWS

Many customers ask us how they can point their zone apex to their web content if it uses a DNS name rather than an IP address. This blog covers three design patterns and approaches that solve zone apex challenges with third-party DNS providers for applications hosted in AWS—and the pros and cons of each approach.

Read More