デベロッパーセンター / ...
AWS エッジサービス上に構築
パフォーマンスと可用性
インターネットユーザーは、低レイテンシーで可用性の高いレスポンシブな Web アプリケーションと API をますます期待しています。高速で信頼性の高いユーザーエクスペリエンスは、検索エンジンでのランキングの向上とユーザーエンゲージメントの向上に貢献します。
サイバー脅威のリスクへの対処
エッジでのサーバーレス
開発者は、最新のウェブアプリケーションを簡単に構築し、クラウドまたはオンプレミスのオリジンとシームレスに統合するのに役立つツールを探しています。
ウェブアプリケーションのパフォーマンス、耐障害性、安全性を維持したいと考えている開発者は、ホスティングインフラストラクチャに AWS エッジサービスを導入しています。AWS エッジサービスには、グローバルコンテンツ配信ネットワークである Amazon CloudFront 、アプリケーション層の脅威を管理するセキュリティコントロールである AWS WAF 、ウェブアプリケーションの機能を強化する Lambda @Edge や CloudFront Functions などのエッジ機能、ネットワークレベルのアクセラレータである AWS グローバルアクセラレータが含まれます。
AWS エッジサービスをウェブアプリケーション技術スタックに組み込むことには、次のような複数のメリットがあります。
- より高速なウェブ:キャッシュ、画像/テキスト圧縮、HTTP/3やTLS 1.3などの最新のインターネットプロトコルを備えています。静的および動的なアプリケーションは、分散したエッジロケーションから視聴者に近い TLS 接続を終了し、AWS のプライベートバックボーンネットワークを介してオリジンへの永続的な TCP 接続を維持することで高速化されます。
- 信頼性の向上:オリジンフェイルオーバー、接続再試行、マルチリージョンアーキテクチャを備えています。
- セキュリティコントロールの強化:TLS ポリシーの適用、アクセスコントロール、インフラストラクチャ層での DDoS 保護、AWS WAF による HTTP フラッドのブロック、ボットコントロールによる自動ボットトラフィックの管理、AWS 脅威研究チームによる AWS WAF のマネージドルールによる CVE エクスプロイトの防止など。
- エッジでの機能:リダイレクト、承認、A/Bテストなどの操作をエッジのマイクロサービス全体で一元化し、動的なオリジンルーティングやリクエスト適応などを可能にします。
注目の講演
Total results: 29
- 日付
-
Practical applications of edge compute in Amazon CloudFront, with AppsFlyer testimony
With an increasingly more powerful serverless environment coupled with content delivery network (CDN) capabilities, Amazon CloudFront empowers developers to build web applications that execute functions closer to end users, tailoring content delivery to the unique needs of users. This session delves into how to leverage the latest edge compute features while optimizing for both performance and scalability. Learn best practices and patterns for deploying custom logic at the edge, enabling you to harness the full potential of CloudFront's evolving features.AWS re:Invent 20242024-12-09 -
I didn’t know AWS WAF did this
Securing web applications in today’s ever-evolving threat landscape is crucial. As threats evolve, so must security controls and countermeasures. In this chalk talk, dive into how AWS WAF seamlessly integrates with other AWS services, making it possible for you to construct a resilient, multi-layered defense strategy. Learn about uncommon use cases and how to address even the most unconventional threats.AWS re:Invent 20242024-12-08
リファレンスホワイトペーパー
Total results: 5
-
Whitepaper
Implementing a bot control strategy on AWS
The internet as we know it would not be possible without bots. Bots run automated tasks over the internet and simulate human activity or interaction. They allow businesses to build efficiency into processes and tasks. Useful bots, like web crawlers, index information on the internet and help us quickly find the most relevant information for our search queries. Bots are a good mechanism to improve business and provide value to companies. However, with time, bad actors started using bots as a means to abuse existing systems and applications in new and creative ways. Botnets are the best-known mechanism to scale bots and their impact. Botnets are networks of bots that are infected by malware and are under the control of a single party, known as the bot herder or bot operator. From one central point, the operator can command every computer on its botnet to simultaneously carry out a coordinated action, which is why botnets are also referred to as command-and-control (C2) systems. The scale of a botnet can be many millions of bots. A botnet helps the operator to perform large-scale actions. Because botnets remain under the control of a remote operator, infected machines can receive updates and change their behavior on the fly. As a result, for significant financial gain, C2 systems can rent access to segments of their botnet on the black market. The prevalence of botnets has continued to grow. It is considered by experts to be the favorite tool of bad actors. Mirai is one of the biggest botnets. It emerged in 2016, is still operational, and is estimated to have infected up to 350,000 Internet of Things (IoT) devices. This botnet has been adapted and used for many types of activities, including distributed denial of service (DDoS) attacks. More recently, bad actors tried to further obfuscate their activity and source their traffic by obtaining IP addresses through the use of residential proxy services. This creates a legitimate interconnected, peer-to-peer system that adds sophistication to the activity and makes it more challenging to detect and mitigate. This document focuses on the bot landscape, its effect on your applications, and the available strategies and mitigation options. This prescriptive guidance and its best practices help you understand and mitigate different types of bot attacks. In addition, this guide describes the AWS services and features that support a bot mitigation strategy and how each one can help you protect your applications. It also includes an overview of bot monitoring and best practices for optimizing solution costs.2024-02-24 -
Whitepaper
Amazon CloudFront for Media Streaming
This whitepaper is for media organizations interested in delivering streaming media content to their viewers using Amazon CloudFront. Media delivery has a unique set of characteristics requiring low latency, high reliability, and high scalability.2023-09-13 -
Whitepaper
Secure Content Delivery with Amazon CloudFront
This whitepaper describes how Amazon CloudFront, a highly secure, managed service, can help architects and developers secure the delivery of their applications and content by providing useful, security-supporting features.2022-01-11