Category: Security, Identity, & Compliance

Managing DNS query logging across multiple Amazon Virtual Private Clouds (VPCs) has long been a significant challenge for enterprise teams. The traditional approach required manual configuration of DNS query logging for each VPC individually, creating a cascade of operational problems. This fragmented process led to inconsistent implementation across different environments, compliance gaps due to missed […]

Geo-restriction is a critical security control for blocking traffic from high-risk regions. Learn how to implement geographic filtering using Amazon CloudFront, Route 53, AWS WAF, and AWS Network Firewall—and discover when to use each service for your specific architecture needs.

In this post, we demonstrate how to distribute Amazon VPC IP Address Manager (IPAM) costs from the IPAM owner account to the member accounts in AWS Organizations and implement chargeback. We walk through analyzing IPAM usage in AWS Cost Explorer from both member and management accounts. Furthermore, we cover key considerations and best practices for communication and […]

Note: Dec 4, 2025 – expanded with additional section on application networking integrations. Customers who control access out of their AWS environments using self-managed proxies often find it challenging to deploy, scale, and patch their EC2 or container-based proxy fleets. With the recent launch of AWS Network Firewall proxy preview, AWS is taking over the […]

Today, Amazon Web Services (AWS) is launching flat-rate pricing plans with no overages for website delivery and security. The pricing plans, available with Amazon CloudFront, combine global content delivery (CDN) with multiple AWS services and features into a monthly price with no overage charges, regardless of whether your website or application goes viral or faces […]

Amazon Web Services (AWS) Site-to-Site VPN is a fully managed service that can create a secure connection between your data center or branch office and your AWS resources using IP Security (IPSec) tunnels. A Site-to-Site VPN connection consists of two VPN tunnels for redundancy. As a managed service, Site-to-Site VPN periodically applies updates to your […]

Users wanting to protect themselves from Layer 7 (HTTP) DDoS threats can use the AWS WAF L7 Anti-DDoS managed rule group to detect and mitigate DDoS events in single digit seconds. The Anti-DDoS managed rule group has a default configuration that is appropriate for many applications and clients. However, there are clients that need special […]

Amazon CloudFront is a native AWS Content Delivery Network (CDN) service. CDNs provide web acceleration by using a worldwide network of edge locations closer to end-users, and caching content at the edge. However, CloudFront can do a lot more than that, with functionality at the edge to do geo-filtering, execute functions, perform AWS Web Application […]

Users implement multi-account strategies to support multiple teams to deploy workloads. This post is for Amazon Web Services (AWS) administrators and network engineers who need to manage DNS permissions across multiple teams with shared Amazon Route 53 private hosted zone or public hosted zones. There may be situations where multiple teams shared the same hosted […]

This post was authored by Ali Yousefi, Senior Security Software Engineer on the Infrastructure Security Team at Pinterest Introduction In part 1 one of this two-part blog series, we demonstrated how Pinterest gained visibility into DNS traffic originating from its VPCs by enabling Amazon Route 53 Resolver query logs across its Amazon Web Services (AWS) […]