Networking & Content Delivery
Category: *Post Types
Resolve DNS names of Network Load Balancer nodes to limit cross-Zone traffic
Introduction Network Load Balancer (NLB), part of the Elastic Load Balancing Family, is the flagship Layer 4 load balancer for AWS. It offers elastic capacity, high performance, and integration with many other AWS services (such as Amazon EC2 Auto Scaling). NLB is designed to handle millions of requests per second while maintaining ultra-low latency, improving […]
Best practices for deploying Gateway Load Balancer
As of September 5, 2024, GWLB allows you to configure the GWLB transmission control protocol (TCP) idle timeout from 60 seconds to 6000 seconds. And, GWLB uses either a 2-tuple, 3-tuple, or a 5-tuple hash to define a flow and routes all packets of a flow to one of its backend targets. Refer to the […]
New APIs and functionality for managing Amazon CloudFront CNAMEs
Today, Amazon CloudFront announced the release of two new APIs, ListConflictingAliases and AssociateAlias. These APIs are useful when you need to locate or move Alternate Domain Names (CNAMEs) when you encounter the CNAMEAlreadyExists error code. In addition, more use cases have been enabled when you are working with wildcard CNAMEs across accounts. Before diving into […]
Using Route 53 Resolver DNS Firewall Logs with CloudWatch Contributor Insights and Anomaly Detection
Introduction The Domain Name System (DNS) is one of the most critical components for almost any network as every service relies on a functional DNS service. Amazon Route 53 Resolver (sometimes referred to as “AmazonProvidedDNS” or the “.2/+2 resolver”) provides a highly available and scalable DNS service that customers have come to rely upon for their recursive DNS […]
Accessing an AWS API Gateway via static IP addresses provided by AWS Global Accelerator
Introduction In this article, I will walk you through the steps to configure Amazon API Gateway in combination with AWS Global Accelerator to present Internet-facing API via static IP addresses to end users. This design addresses the need for static IP safelisting and also provides additional performance benefits to end users by sending user’s traffic […]
Automating service discovery using AWS Transit Gateway Multicast with IGMP
This post will describe how to use multicast and Internet Group Management Protocol (IGMP), two of the newer features of AWS Transit Gateway, to enable applications and services to discover each other automatically when running in Amazon Virtual Private Cloud (Amazon VPC) environments. Service discovery means that a service client, such as a network file […]
Adding MACsec security to AWS Direct Connect connections
AWS Direct Connect now supports MACsec security (IEEE 802.1AE), giving you a new option for securing your data from when it leaves your network until it arrives at AWS. With this release, Direct Connect delivers native, near line-rate, and point-to-point encryption for 10 Gbps and 100 Gbps links. Available at select locations for dedicated connections […]
Starting Small with AWS Global Accelerator
In this blog post, we will present an approach to starting small and testing the benefits of AWS Global Accelerator before determining if you would like to transition to a full Global Accelerator enhanced application. Similarly, if you are interested in performing A/B testing or looking for a rolling deployment method for the Global Accelerator, this blog […]
Mirror production traffic to test environment with VPC Traffic Mirroring
Many organizations want to replay production traffic to a test environment, with no impact on the end user’s experience. This is known as traffic mirroring or traffic shadowing. Testing the new version of a workload with production traffic is a key step for a successful release. Some tests use scripted requests, but real traffic is […]
Solving DNS zone apex challenges with third-party DNS providers using AWS
Many customers ask us how they can point their zone apex to their web content if it uses a DNS name rather than an IP address. This blog covers three design patterns and approaches that solve zone apex challenges with third-party DNS providers for applications hosted in AWS—and the pros and cons of each approach.