Category: Amazon VPC

Customers with sensitive hybrid workloads can take advantage of an additional security feature available in Amazon Web Services (AWS) Direct Connect dedicated connections: MACsec encryption (IEEE 802.1AE). In this post, we explore how Direct Connect can handle architectural changes, such as adding or isolating different networks. We also cover adding an additional account boundary for security purposes, and how customers can move their Direct Connect connection to that new account.

Malcolm is a powerful, open source network traffic analysis tool suite created by the Cybersecurity and Infrastructure Security Agency (CISA) to aid public and private sector customers in improving their network security monitoring and incident response. Malcolm is most commonly used for incident response, network monitoring, threat hunting, training, and research, but can be adapted for other use cases. In this post, we introduce you to the key components of Malcolm on Amazon Elastic Kubernetes Service (Amazon EKS).

As federal agencies migrate to the Trusted Internet Connections (TIC) 3.0 framework, they will use Amazon Web Services (AWS) to exit to the internet, bypassing the TIC network. This transition requires agencies to plan and coordinate migration activities to verify seamless IPv6 connectivity. Agencies need to coordinate advertising their IPv6 prefixes with AWS, using mechanisms like Bring your own IP addresses (BYOIP). The migration process could involve changes in routing policies, firewall rules, and security controls to accommodate the IPv6 prefix changes. Read this post to learn more.

Managing access to websites and safeguarding users from harmful content is a critical component of a layered cybersecurity approach, especially in educational settings. Schools and institutions of higher learning have a responsibility to provide a secure online experience for their students and staff. Traditionally, this has been accomplished through on-site web filtering appliances. Amazon Web Services ( AWS) Network Firewall allows customers to filter their outbound web traffic from on-premises environments based on fully qualified domain names (FQDN) or Server Name Indication (SNI) for encrypted traffic. This post will use AWS Client VPN to demonstrate routing and filtering traffic from external resources through Network Firewall.

Protective DNS services, commonly known as PDNS, are a go-to solution if you’re aiming to bolster the security of your infrastructure from the ground up. Unlike traditional methods involving software-based agents or devices for traffic filtering, PDNS services take a unique approach – they scrutinise the DNS requests made by users and adjust responses based on predefined rules within the service. In this post, we explore the seamless integration of PDNS services with workloads in the Amazon Web Services (AWS) Cloud, showcasing their effectiveness in enhancing cybersecurity within cloud environments.

Chaos engineering, often misunderstood as intentionally breaking the production environment, aligns with the Amazon Web Services (AWS) Well-Architected Reliability pillar. Its purpose is to methodically simulate real-world disruptions in a controlled manner, spanning service providers, infrastructure, workloads, and individual components. In this blog post, we show how Pearson PLC, an AWS education technology (EdTech) customer, successfully implemented resilient architectures through chaos engineering using AWS Fault Injection Service (FIS).

In the Greater Stockholm Area, SL (Stockholm Public Transport) is responsible for public transport services for more than three million citizens. SL is transforming their ticketing system with a new, “future-proof” alternative built and managed in-house. This major digital transformation project, built on the Amazon Web Services (AWS) Cloud and using microservices, is currently being rolled out across the city. The new ticketing system is an integral part of SL’s commitment to make sure everyone who lives, works in, or visits Stockholm, “has access to well-developed, easily accessible and reliable public transport.”

Several smart cities use FIWARE, an open source framework supporting the development of smart solutions. FIWARE leverages sensing data from Internet of Things (IoT) devices, then collects, stores, and analyzes data with an API call. One FIWARE component, Orion Context Broker, gathers context information from diverse sources such as mobile apps, IoT devices, and social networking services, and manages the lifecycle of this context information, from registrations, updates, queries, and subscriptions. In this blog post, we address building Orion Context Broker on AWS. Learn how to deploy Orion Context Broker and Cygnus on AWS with AWS Cloud Development Kit (AWS CDK) and Docker Compose quickly.