Networking & Content Delivery

Category: Technical How-to

Adding MACsec security to AWS Direct Connect connections

AWS Direct Connect now supports MACsec security (IEEE 802.1AE), giving you a new option for securing your data from when it leaves your network until it arrives at AWS. With this release, Direct Connect delivers native, near line-rate, and point-to-point encryption for 10 Gbps and 100 Gbps links. Available at select locations for dedicated connections […]

Read More

Starting Small with AWS Global Accelerator

In this blog post, we will present an approach to starting small and testing the benefits of AWS Global Accelerator before determining if you would like to transition to a full Global Accelerator enhanced application. Similarly, if you are interested in performing A/B testing or looking for a rolling deployment method for the Global Accelerator, this blog […]

Read More

Mirror production traffic to test environment with VPC Traffic Mirroring

Many organizations want to replay production traffic to a test environment, with no impact on the end user’s experience. This is known as traffic mirroring or traffic shadowing. Testing the new version of a workload with production traffic is a key step for a successful release. Some tests use scripted requests, but real traffic is […]

Read More

Solving DNS zone apex challenges with third-party DNS providers using AWS

Many customers ask us how they can point their zone apex to their web content if it uses a DNS name rather than an IP address. This blog covers three design patterns and approaches that solve zone apex challenges with third-party DNS providers for applications hosted in AWS—and the pros and cons of each approach.

Read More

Centralize access using VPC interface endpoints to access AWS services across multiple VPCs

Security and cost are always a top priority for AWS customers when designing their network. Amazon Virtual Private Cloud (Amazon VPC),  and it’s related networking components, offer many tools for implementing network connectivity. One such tool is VPC endpoints. Powered by AWS PrivateLink, VPC endpoints are private connections between your VPC and another AWS service […]

Read More
Influencing Traffic over Hybrid Networks using Longest Prefix Match

Influencing Traffic over Hybrid Networks using Longest Prefix Match

Introduction Many organizations use hybrid networks to connect on-premises data centers to the cloud. These networks often use both AWS Direct Connect and private WAN MPLS links to connect data centers to cloud resources and to each other. With multiple connections, organizations need to be able to control the path that network traffic will follow […]

Read More

Customize 403 error pages from Amazon CloudFront Origin with Lambda@Edge

AWS Web Application Firewall (AWS WAF) is commonly used to protect HTTP and HTTPS requests forwarded to Amazon CloudFront. When you are using this approach, default 403 error pages do not distinguish whether the error came from AWS WAF or the CloudFront Origin. As an AWS WAF and Amazon CloudFront user, you may want to […]

Read More

Measuring AWS Global Accelerator performance and analyzing results

On the AWS networking team, we’re often asked by customers who use AWS Global Accelerator to provide guidance around how to test and measure the network performance of their applications. To share this information more broadly, we decided to write this blog post. In this post, we discuss the factors that impact network performance and […]

Read More

Leverage Amazon CloudFront geolocation headers for state level geo-targeting

Introduction When you provide content online, personalization is used to improve your customers’ experience, market effectively, and meet regulatory requirements. One common way you can personalize web content is based on the geographical location of your customers. Since 2014, Amazon CloudFront has supported country-level location based personalization with a feature called Geolocation Headers. Using the […]

Read More

Deployment models for AWS Network Firewall

Introduction AWS services and features are built with security as a top priority. With Amazon Virtual Private Cloud (VPC), customers are able to control network security using Network Access Control Lists (NACL) and Security Groups (SG). Many customers have requirements beyond the scope of these network security controls, such as deep packet inspection (DPI), application […]

Read More