Networking & Content Delivery

Category: Security, Identity, & Compliance

Automating HTTP/S Redirects and certificate management at scale

Organizations today use many ways to drive traffic to their websites and applications. This is important for new feature launches, marketing campaigns, advertising, and so on. One common approach uses HTTP/S redirects, where you send a user from one domain, or Uniform Resource Locator (URL), to another. Redirects are incredibly useful tools when moving websites, […]

Visitor Prioritization on e-Commerce Websites with CloudFront and CloudFront Functions

When we wrote the previous post (Visitor Prioritization on e-Commerce Websites with CloudFront and Lambda@Edge) five years ago, Visitor Prioritization was a relatively new concept. Since then, we saw a huge need for traffic shaping, throttling, and request prioritizing, especially in the gaming and media industries. Of course, e-Commerce sites still require this capability for […]

Centralizing Domain List Management for AWS Network Firewall and Route 53 Resolver DNS Firewall

Many of our customers take a “defense in depth” approach to secure workloads within their Amazon Virtual Private Clouds (Amazon VPC). Using domain list rules in AWS Network Firewall and Amazon Route 53 Resolver DNS Firewall lets you enforce network security controls at multiple layers based on domain names. Although both DNS Firewall and Network […]

How to enhance CloudFront origin security of on-premise web servers using third-party firewalls

This post provides a solution to enhance the Amazon CloudFront origin security of on-premises web servers by automating the AWS IP prefix update process for some network firewalls. CloudFront is a content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds—all within […]

How to analyze AWS Network Firewall logs using Amazon OpenSearch Service – Part 2

In part 1 of this blog-post series, we walked you through steps to configure Amazon OpenSearch Service to receive logs from AWS Network Firewall using Amazon Kinesis Data Firehose. In this part 2, we cover steps to generate test alerts, validating them and configure dashboards in Amazon OpenSearch Service to visualize and analyze log data. […]

How to analyze AWS Network Firewall logs using Amazon OpenSearch Service – Part 1

This two-part blog series demonstrates how to build network analytics and visualizations using data available through AWS Network Firewall logs. Network Firewall supports Amazon Kinesis Data Firehose as one of the logging destinations, and these logs can be streamed to Amazon OpenSearch Service as a delivery destination. Network Firewall logs contain several data points, such as source […]

Geo-block Content Using Amazon Location and Edge Services

Organizations require methods to restrict access to content to adhere to compliance and regulatory requirements, sanctions, privacy laws, territorial ownership rights, security controls, etc. One way that companies restrict access is by Geo-blocking – restricting access to a website or another piece of content based on a user’s location. A popular method of geo-blocking content is […]

Secure and accelerate Drupal CMS with Amazon CloudFront, AWS WAF, and Edge Functions

In this post, you’ll learn how to secure and accelerate the delivery of Drupal-based websites using Amazon CloudFront, AWS Web Application Firewall (AWS WAF), and Amazon CloudFront Functions. CloudFront is a content delivery network service (CDN) offering improved security and acceleration of the content served through it. This is true for static cacheable content and […]

Analyzing stale security group rules using serverless architecture

Security is a top priority for AWS and customers running workloads in AWS. The previous post Top 10 security items to improve in your AWS account, covered the top security items that AWS customers should pay special attention to if they want to improve their security posture. High on the list is the need to […]

Introducing AWS Gateway Load Balancer Target Failover for Existing Flows

Introduction: AWS Gateway Load Balancer (GWLB) is an Elastic Load Balancing (ELB) service that allows customers to insert third-party virtual appliances such as firewall, intrusion detection and prevention systems (IDS/IPS), network observability and others, transparently into the traffic path. Application Load Balancer (ALB) and Network Load Balancer (NLB) are reverse proxies and traffic is routed […]