Category: *Post Types

Starting today, Amazon CloudFront extends its mutual TLS (mTLS) capabilities to customer origins, which enables true end-to-end authentication throughout the entire connection path—from the viewers to the customer origins. CloudFront has supported viewer mTLS between viewers and CloudFront, so that customers can strongly authenticate clients before traffic ever enters their perimeter. With this launch, that […]

Security teams managing multi-account Amazon Web Services (AWS) environments face significant operational challenges when implementing consistent access controls. Traditional approaches necessitate duplicating VPN infrastructure, managing separate bastion hosts in each account, and maintaining fragmented security policies across multiple applications. This operational overhead increases infrastructure costs and attack surfaces. This post walks you through implementing AWS […]

In this post, we examine the ability for Amazon VPC IP Address Manager (IPAM) to automate prefix lists updates with prefix list resolver. This new feature uses the IPAM database to generate groups of IP addresses based on connectivity requirements and automates connectivity configurations by propagating IP addresses to Amazon Web Services (AWS) resources, such […]

It’s 2 AM when your phone alerts you to failing customer transactions in the North Virginia Region. As a network operator managing an Imaging platform on Amazon Web Services (AWS), you’re faced with troubleshooting an architecture that spans multiple Amazon Virtual Private Cloud (Amazon VPC), uses AWS Transit Gateway for interconnectivity, and runs many microservices. […]

Geo-restriction is a critical security control for blocking traffic from high-risk regions. Learn how to implement geographic filtering using Amazon CloudFront, Route 53, AWS WAF, and AWS Network Firewall—and discover when to use each service for your specific architecture needs.

In this post, we demonstrate how to distribute Amazon VPC IP Address Manager (IPAM) costs from the IPAM owner account to the member accounts in AWS Organizations and implement chargeback. We walk through analyzing IPAM usage in AWS Cost Explorer from both member and management accounts. Furthermore, we cover key considerations and best practices for communication and […]

Discover how Rivian optimized network visibility using AWS Transit Gateway Flow Logs. Their innovative solution proactively identifies unrouteable traffic in multi-region & multi-account AWS environments, transforming reactive monitoring into automated detection. Learn how they reduced troubleshooting time and enhanced collaboration between app and network teams using server-less architecture.

As organizations increasingly adopt multicloud architectures, the need for interoperability between cloud service providers has never been greater. Historically, however, connecting these environments has been a challenge, forcing customers to take a complex “do-it-yourself” approach to managing global multi-layered networks at scale. To address these challenges and advance a more open cloud environment, Amazon Web […]

This blog was co-authored by Manchun Yao, Staff Software Engineer at Snap Inc. Snapchat is a popular app used by hundreds of millions of people around the world to communicate with their close friends and family. Snapchat’s focus is on enabling a fast and fun way to communicate by building features such as augmented reality […]

Note: Dec 4, 2025 – expanded with additional section on application networking integrations. Customers who control access out of their AWS environments using self-managed proxies often find it challenging to deploy, scale, and patch their EC2 or container-based proxy fleets. With the recent launch of AWS Network Firewall proxy preview, AWS is taking over the […]