Networking & Content Delivery
Category: Advanced (300)
Using the AWS CDK and AWS Transit Gateway Inter-Region peering to build a global network
An Amazon VPC is a logically isolated section of the AWS cloud. Some of our largest enterprise customers have global networks containing VPCs that need to communicate across different AWS Regions, even across different AWS accounts. While this can appear like a cumbersome and complex task, with AWS Transit Gateway Inter-Region peering, it can be […]
Automating DNS infrastructure using Route 53 Resolver endpoints
Introduction DNS name resolution is a fundamental part of all on-premises and cloud networks. For customers with hybrid networks, additional infrastructure and configuration are needed for private DNS resolution to work seamlessly across environments. However, building this type of DNS infrastructure in a multi-account environment is complex. In this post, we show how to automate […]
Scale your Remote Access VPN on AWS
AWS gives you the ability to extend existing on-premises remote access VPN solutions to the cloud. This not only allows access to resources within AWS, but using hybrid connectivity, also to on-premises resources. VPN clients use AWS internet connectivity as an entry point, and the flexibility of Amazon EC2 to scale capacity behind remote access […]
Using Microsoft Active Directory MFA with AWS Client VPN
You can now enable multi-factor authentication (MFA) for users connecting to an AWS Client VPN endpoint. This solution is ideal for organizations that want additional security when remote users are accessing AWS or on-premises resources. MFA improves the authentication process by requiring more than a user name, password, and certificate (the first factor). MFA requires […]
Securing VPCs Egress using IDS/IPS leveraging Transit Gateway
In a typical enterprise network, customers have VPCs across multiple accounts within an AWS Region to segment workloads. This segmentation can take different forms and depends on the company structure, security policy, business functions, and model. The drivers of the segmentation can vary. For example, segmentation could be driven by security and regulatory requirements, costs, […]
How to integrate third-party firewall appliances into an AWS environment
Update October 11, 2020 – While the implementations described in this post remain valid, it was written before Gateway Load Balancer became available. Gateway Load Balancer is designed specifically for adding firewalls and other virtual network appliances to your AWS network. If you would like to learn more, Introducing AWS Gateway Load Balancer: supported architecture […]
Automating AWS Transit Gateway attachments to a transit gateway in a central account
As IT environments grow, they can become more complex, with additional accounts, VPCs, and the networking between them. AWS Transit Gateway is a service that addresses networking complexity by building a hub-and-spoke network to simplify your network routing and security. With Transit Gateway, you can connect your Virtual Private Clouds (VPCs) that span multiple accounts […]
Using multiple content delivery networks for video streaming – part 1
Introduction Today, viewing video content is a prevalent form of online activity whether in entertainment, education, marketing, or information. For example, as a Solutions Architect at AWS, I tend to watch hours of video a week to learn about technologies, and I also leverage video content to convey ideas and best practices in a scalable […]
Analyzing and visualizing AWS Global Accelerator flow logs using Amazon Athena and Amazon QuickSight
AWS Global Accelerator simplifies multi-region cloud deployments while leveraging the AWS vast, highly available, and congestion-free global network. Global Accelerator uses a pair of static anycast IP addresses to direct you to the application that is geographically closest and has healthy endpoints, using routing policies that you configure. This feature makes sure that you have […]
Authorization@Edge using cookies: Protect your Amazon CloudFront content from being downloaded by unauthenticated users
Enterprise customers who host private web apps on Amazon CloudFront may struggle with a challenge: how to prevent unauthenticated users from downloading the web app’s source code (for example, React, Angular, or Vue). In a separate blog post, you can learn one way to provide that security using Amazon Lambda@Edge and Amazon Cognito, with an example […]