Networking & Content Delivery

Category: Best Practices

Tenant routing strategies for SaaS applications on AWS

A key challenge for SaaS providers is designing secure, scalable tenant routing mechanisms to identify tenants and route requests to appropriate resources. Effective tenant routing ensures isolation, scalability, and security. This post explores strategies for routing HTTP requests in multi-tenant SaaS environments on AWS, including considerations, best practices, and example scenarios. For routing strategies at […]

IPv6 deployment models for AWS Network Firewall

AWS Network Firewall is a managed, stateful network firewall and intrusion protection service that allows you to implement firewalls rules for fine grained control over your network traffic. If you’re new to AWS Network Firewall, and want to understand its features and use cases, we recommend you review the blog post AWS Network Firewall – […]

How to seamlessly migrate traffic between Direct Connect gateways

In this blog post, we explore a scenario in which Goldman Sachs, wanted to transfer ownership of several of its key network components between teams in a controlled and seamless manner. Specifically, we take a deep dive on migrating traffic between Direct Connect gateways while maintaining end-to-end connectivity. As a multinational investment bank and financial […]

Using Amazon Route 53 Profiles for scalable multi-account AWS environments

Amazon Web Services (AWS) customers implement multi-account strategies so that multiple teams can deploy workloads in separate organizational units (OUs) and AWS accounts. Cloud administrators are using this practice through offerings such as AWS Control Tower and AWS Organizations. These services help them get things done using individual accounts while maintaining centralized control for governance […]

Using latency-based routing with Amazon CloudFront for a multi-Region active-active architecture

An update was made on April 11th, 2024, outlining deployment procedure. This post guides you through setting up the networking layer for a multi-Region active-active application architecture on AWS using latency-based routing in Amazon Route 53 with Amazon CloudFront to deliver a low-latency, reliable experience for your users. Building active-active architectures using AWS networking services improves […]

Orchestrate disaster recovery automation using Amazon Route 53 ARC and AWS Step Functions

Note: To learn more about Amazon Route 53 Application Recovery Controller (Route 53 ARC), we recommend you read Part 1 and Part 2 of the series, and try out the examples. It demonstrates how the ARC service allows you to coordinate failovers and the recovery readiness of your application. In this blog post, we provide […]

Using AWS Transit Gateway Flow Logs to chargeback data processing costs in a multi-account environment

Many AWS customers use consolidated billing, and often need to allocate costs across their internal business units or accounts. This can be challenging when dealing with services that are shared by all accounts. For general chargebacks, some customers use cost allocation tags for this purpose. However, at the time of writing this post, there is […]

How to interconnect AWS Cloud WAN core networks

Introduction AWS Cloud WAN is a managed wide-area networking (WAN) service for building, managing, and monitoring a unified global network, as well as connecting resources running across your cloud and on-premises environments. With AWS Cloud WAN, you have a central place to create and manage your global routing configuration by creating a policy and achieving […]

Use VPC IP Address Manager to manage subnet CIDRs

Amazon VPC IP Address Manager (IPAM) is a VPC feature that allows you to plan, track, and monitor IP addresses for your AWS workloads. Until now, VPC IPAM allowed you to allocate CIDR blocks and monitor them at the VPC level. With a recent feature enhancement in VPC IPAM, you can now manage CIDR allocations […]

How to migrate your VPC endpoint service backend targets

Amazon Virtual Private Cloud (VPC) endpoints – powered by AWS PrivateLink—allow you to securely expose your application to consumers on AWS without using public IP space and without worrying about overlapping private IP space. You also don’t have to worry about creating bidirectional network paths using services like AWS Transit Gateway or Amazon VPC Peering.To […]