Networking & Content Delivery
Introducing dual-stack without public IPv4 Application Load Balancer
In May 2024, Amazon Web Services (AWS) launched a new feature for internet-facing Application Load Balancers. This enhancement allows you to provision an internet-facing Application Load Balancer without needing public IPv4 addresses, enabling clients to connect using only IPv6 addresses. To connect, clients resolve the AAAA DNS records assigned to the Application Load Balancer. The […]
Tenant routing strategies for SaaS applications on AWS
A key challenge for SaaS providers is designing secure, scalable tenant routing mechanisms to identify tenants and route requests to appropriate resources. Effective tenant routing ensures isolation, scalability, and security. This post explores strategies for routing HTTP requests in multi-tenant SaaS environments on AWS, including considerations, best practices, and example scenarios. For routing strategies at […]
Simplify global security inspection with AWS Cloud WAN Service Insertion
Update: June 28, 2024 – Corrections were made to Figure 5 and the subsequent packet walkthrough. AWS Cloud WAN is a managed wide-area networking (WAN) service that you can use to build and operate wide area networks that connect your data centers and branch offices, as well as your Amazon Virtual Private Cloud (Amazon VPC) […]
Introducing CloudFront Hosting Toolkit
Today, we released the CloudFront Hosting Toolkit, an open source command line interface (CLI) tool to help you deploy fast and secure front-ends in the cloud. Install the CloudFront Hosting Toolkit CLI through npm, run two commands, and CloudFront Hosting Toolkit CLI automatically creates the deployment pipeline and infrastructure needed to build, deploy, and serve your front-end […]
Monitor BGP status on AWS Direct Connect VIFs and track prefix count advertised over Transit VIF
As businesses transition to cloud-based infrastructure, establishing reliable connectivity between on-premises and cloud environments becomes a critical requirement. AWS Direct Connect provides a dedicated network link that extends a corporate data center network into the Amazon Web Services (AWS) Cloud. At the core of this connection is the Border Gateway Protocol (BGP), a dynamic routing […]
How to use Amazon Athena queries to analyze AWS WAF logs and provide the visibility needed for threat detection
Web application security is an ongoing process. AWS WAF enables real-time monitoring and blocking of potentially harmful web requests. Bot Control and Fraud Control use machine learning (ML) to detect and prevent sophisticated threats. Bot traffic can make up anywhere from 30% to 50% or even more of total web traffic. After enabling AWS WAF, […]
IPv6 deployment models for AWS Network Firewall
AWS Network Firewall is a managed, stateful network firewall and intrusion protection service that allows you to implement firewalls rules for fine grained control over your network traffic. If you’re new to AWS Network Firewall, and want to understand its features and use cases, we recommend you review the blog post AWS Network Firewall – […]
How to seamlessly migrate traffic between Direct Connect gateways
In this blog post, we explore a scenario in which Goldman Sachs, wanted to transfer ownership of several of its key network components between teams in a controlled and seamless manner. Specifically, we take a deep dive on migrating traffic between Direct Connect gateways while maintaining end-to-end connectivity. As a multinational investment bank and financial […]
Join us at the AWS World IPv6 Day Celebration
The AWS World IPv6 Day Celebration is a free in-person event. Join us for technical presentations from AWS experts plus a workshop and whiteboarding session. You will learn how to get started with IPv6 and hear from customers who have started on the journey of IPv6 adoption. Be ready to ask AWS experts questions on […]
Using connection tracking improvements to increase network performance
Connection tracking (conntrack) is a networking concept where a networking device, like a firewall, router, or NAT device, needs to track and maintain information about the state of IP traffic going through it. The AWS Nitro System that underlies AWS networking does connection tracking for some types of network traffic to implement the stateful nature […]