Networking & Content Delivery

Tenant routing strategies for SaaS applications on AWS

A key challenge for SaaS providers is designing secure, scalable tenant routing mechanisms to identify tenants and route requests to appropriate resources. Effective tenant routing ensures isolation, scalability, and security. This post explores strategies for routing HTTP requests in multi-tenant SaaS environments on AWS, including considerations, best practices, and example scenarios. For routing strategies at […]

Simplify global security inspection with AWS Cloud WAN Service Insertion

AWS Cloud WAN is a managed wide-area networking (WAN) service that you can use to build and operate wide area networks that connect your data centers and branch offices, as well as your Amazon Virtual Private Cloud (Amazon VPC) VPCs. You can use network policies to centrally configure and automate network management and security tasks, […]

Introducing CloudFront Hosting Toolkit

Today, we released the CloudFront Hosting Toolkit, an open source command line interface (CLI) tool to help you deploy fast and secure front-ends in the cloud. Install the CloudFront Hosting Toolkit CLI through npm, run two commands, and CloudFront Hosting Toolkit CLI automatically creates the deployment pipeline and infrastructure needed to build, deploy, and serve your front-end […]

Monitor BGP status on AWS Direct Connect VIFs and track prefix count advertised over Transit VIF

As businesses transition to cloud-based infrastructure, establishing reliable connectivity between on-premises and cloud environments becomes a critical requirement. AWS Direct Connect provides a dedicated network link that extends a corporate data center network into the Amazon Web Services (AWS) Cloud. At the core of this connection is the Border Gateway Protocol (BGP), a dynamic routing […]

How to use Amazon Athena queries to analyze AWS WAF logs and provide the visibility needed for threat detection

Web application security is an ongoing process. AWS WAF enables real-time monitoring and blocking of potentially harmful web requests. Bot Control and Fraud Control use machine learning (ML) to detect and prevent sophisticated threats. Bot traffic can make up anywhere from 30% to 50% or even more of total web traffic. After enabling AWS WAF, […]

IPv6 deployment models for AWS Network Firewall

AWS Network Firewall is a managed, stateful network firewall and intrusion protection service that allows you to implement firewalls rules for fine grained control over your network traffic. If you’re new to AWS Network Firewall, and want to understand its features and use cases, we recommend you review the blog post AWS Network Firewall – […]

How to seamlessly migrate traffic between Direct Connect gateways

In this blog post, we explore a scenario in which Goldman Sachs, wanted to transfer ownership of several of its key network components between teams in a controlled and seamless manner. Specifically, we take a deep dive on migrating traffic between Direct Connect gateways while maintaining end-to-end connectivity. As a multinational investment bank and financial […]

Using connection tracking improvements to increase network performance

Connection tracking (conntrack) is a networking concept where a networking device, like a firewall, router, or NAT device, needs to track and maintain information about the state of IP traffic going through it. The AWS Nitro System that underlies AWS networking does connection tracking for some types of network traffic to implement the stateful nature […]

Connecting Saas services within a VPC Lattice service network

Many AWS customers modernizing their applications into modular services to speed up the development process and improve their ability to scale out individual services as part of the architecture. This includes services developed by the customer and SaaS applications developed by partners. Communication between services requires network connectivity across the Amazon Web Services (AWS) environment. […]