Category: Best Practices

The Kubernetes SIG Network and Security Response Committee has announced that Ingress NGINX will be retired in March 2026. If your organization runs workloads on Kubernetes — whether on Amazon Elastic Kubernetes Service (Amazon EKS), self-managed clusters on EC2, or hybrid environments — this upcoming change requires immediate planning and attention. This change impacts approximately […]

Introduction This post demonstrates how to migrate your Amazon CloudFront public origins to Amazon Virtual Private Cloud (Amazon VPC) origins using different strategies. You can also use VPC origins with cross-accounts to support security-first architectures. When designing network architecture for CloudFront workloads, organizations must choose between centralized or distributed models. In a centralized architecture, a […]

Uploading files to Amazon Simple Storage Service (Amazon S3) is a common requirement for modern applications. Although the concept is clear, there are several ways to implement S3 uploads, each with distinct trade-offs in security, user experience, and scalability. Understanding these patterns and their best-fit scenarios is essential for making informed architectural decisions that align […]

As organizations scale globally, balancing user experience with operational costs becomes increasingly complex. Integrating Amazon CloudFront with Application Load Balancer (ALB) addresses this challenge by reducing latency by serving content from over 750 edge locations worldwide and maintaining persistent TCP connections between CloudFront and ALB origins while reducing Data Transfer Out (DTO) expenses through the […]

Geo-restriction is a critical security control for blocking traffic from high-risk regions. Learn how to implement geographic filtering using Amazon CloudFront, Route 53, AWS WAF, and AWS Network Firewall—and discover when to use each service for your specific architecture needs.

Amazon Web Services (AWS) Site-to-Site VPN is a fully managed service that can create a secure connection between your data center or branch office and your AWS resources using IP Security (IPSec) tunnels. A Site-to-Site VPN connection consists of two VPN tunnels for redundancy. As a managed service, Site-to-Site VPN periodically applies updates to your […]

In this post, we provide prescriptive guidance for building resilient and scalable multi-tenant Software-as-a-Service (SaaS) network architectures to address common challenges such as managing overlapping IP addresses, complex CIDR planning, and scaling connectivity to thousands of customers. We explore multiple architectural approaches using Amazon VPC Lattice with TCP resources, and conclude with detailed implementation guidance […]

This is a joint post co-authored with Abhishek Chawla, Chief Product and Technology Officer; Kartik Manimuthu, Director of Cloud Engineering; and Digvijay, Director of Application Engineering at SMC Global Securities Ltd. SMC Global Securities Ltd. (SMC), established in 1990, is a leading Indian financial services company providing trading, wealth advisory, and financial product distribution services […]

IPv6 adoption continues to accelerate worldwide as organizations move beyond the limitations of IPv4 address space. At Amazon Web Services (AWS), we’ve long supported IPv6 from end users to our Amazon CloudFront network, helping end users reduce latency, improve performance, and reach on modern mobile networks. Now, we are excited to take it a step […]

February 2026 Update: AWS WAF has launched an AI Activity Dashboard for enhanced visibility into AI bot management. Learn more. Introduction The first web crawler was created in 1993 to measure the size of web, and they have now evolved into modern bots powered by agentic AI. Today’s internet is increasingly populated and dominated by […]