Networking & Content Delivery

Tag: Security

Leveraging AWS PrivateLink for volumetric data processing

AWS PrivateLink provides private, secure connectivity between VPCs, AWS services, and your on-premises networks, without exposing your traffic to the public internet. AWS PrivateLink offers three primary benefits to customers. First, it provides a way for two parties to establish private connectivity without requiring an Internet Gateway (IGW), thereby helping both parties to deploy airtight […]

Read More

Introduction to Network Transformation on AWS – Part 1

Introduction Your organization may have a sprawling network built with variety of topologies. As your organization begins to embrace cloud, you extend your network to AWS using a hybrid connectivity architecture. Over time, traffic patterns change as more and more of your applications move to the cloud. This means that you can start transforming your […]

Read More

CloudFront Functions – A New Security Paradigm for CDN Edge Computing

CloudFront Functions is a new serverless scripting capability that allows you to run JavaScript code at more than 225 Amazon CloudFront edge locations to perform lightweight HTTP transformations and customize content delivery. This blog details our security journey and the controls we put in place to make CloudFront Functions raise the security bar when it comes to edge computing capabilities.

Read More

Adding MACsec security to AWS Direct Connect connections

AWS Direct Connect now supports MACsec security (IEEE 802.1AE), giving you a new option for securing your data from when it leaves your network until it arrives at AWS. With this release, Direct Connect delivers native, near line-rate, and point-to-point encryption for 10 Gbps and 100 Gbps links. Available at select locations for dedicated connections […]

Read More

Scaling network traffic inspection using AWS Gateway Load Balancer

Updated “Cross-zone load balancing and appliance failures” section on 25th March, 2021 Organizations use next-generation firewalls (NGFW) and intrusion prevention systems (IPS) as part of their defense in depth strategy. In an on-premises network, these often take the form of dedicated hardware or software or virtual “appliances.” As companies move to the cloud, they want […]

Read More

How to integrate third-party firewall appliances into an AWS environment

Update October 11, 2020 – While the implementations described in this post remain valid, it was written before Gateway Load Balancer became available. Gateway Load Balancer is designed specifically for adding firewalls and other virtual network appliances to your AWS network. If you would like to learn more, Introducing AWS Gateway Load Balancer: supported architecture […]

Read More

Creating a single internet exit point from multiple VPCs Using AWS Transit Gateway

In this post, we show you how to centralize outbound internet traffic from many VPCs without compromising VPC isolation. Using AWS Transit Gateway, you can configure a single VPC with multiple NAT gateways to consolidate outbound traffic for numerous VPCs. At the same time, you can use multiple route tables within the transit gateway to […]

Read More

Ten years of securing, accelerating, and scaling apps around the world – Amazon CloudFront marks its 10th anniversary.

First of all, thank you to each and every one of you who use the Amazon CloudFront service every day. CloudFront’s growth and evolution over the past decade would not have been possible without your feedback—input that has shaped the service since day one. We are excited to have just celebrated our 10-year anniversary of […]

Read More

How to use AWS PrivateLink to secure and scale web filtering using explicit proxy

Many customers use web filtering proxy solutions to monitor and control web traffic from their VPCs. When you have many accounts and VPCs, you will need to deploy multiple stacks of these solutions. This increases the complexity and overhead of managing these solutions. By centralizing the web filtering proxy service, you can easily and securely […]

Read More

CloudFront now Supports ECDSA Certificates for HTTPS Connections to Origins

See how you can now use Amazon CloudFront to negotiate HTTPS connections to origins using Elliptic Curve Digital Signature Algorithm (ECDSA). ECDSA uses smaller keys that are faster, yet, just as secure, as the older RSA algorithm. The smaller keys will also increase the number of TLS handshakes that your origins can process per second, thereby saving compute cycles and reducing your cost of cryptography.

Read More