Category: Amazon VPC

Network architects need the ability to gain insights into real-time traffic between different resources within their VPCs. Since the announcement of VPC Traffic Mirroring in 2019, the VPC feature has provided this by copying network traffic from elastic networking interfaces (ENIs) on customer’s instances as source, and then sending the traffic to a destination target […]

An update was made on October 15, 2024: With the release of Athena engine version 3, native support for IP address functions is available through the Trino project. This eliminates the need for the Lambda function approach outlined in this blog post. To take advantage of this new enhancement, it is necessary to update the […]

Many organizations need to review or audit networking information within AWS environments that contain multiple AWS accounts. At scale, questions such as “which accounts have Internet access enabled?”, “which account owns the Elastic IP 198.51.100.101?” and, “what are the IP addresses of my NAT gateways?” can be challenging to answer. Traditionally, within an individual account, […]

Happy 2022 AWS Networking & Content Delivery enthusiasts! In December 2021, AWS hosted its 10th annual re:Invent conference. The Networking & Content Delivery team had 14 unique breakout sessions that were recorded and can be found on this playlist. In addition to these sessions, the Networking team had a leadership session presented by David Brown, […]

Since the inception of IP networks, network engineers and operators have sought systems, solutions, and procedures to help them efficiently plan and manage IP spaces. AWS recently launched a new service named Amazon VPC IP Address Manager (IPAM) to make it easier for you to plan, track, and monitor IP addresses for your AWS workloads. […]

Introduction As your distributed application teams operate network infrastructure, it can be challenging for central security, networking, or cloud operations teams to determine whether the correct network controls are in place. Network controls, such as firewall rules, NAT Gateways, network access control lists (ACL’s), security groups, and network segmentation, serve as a critical first line […]

Introduction An increasing number of organizations are adopting IPv6 in their environments, driven by the public IPv4 space exhaustion, private IPv4 scarcity, especially within large-scale networks, and the need to provide service availability to IPv6-only clients. An intermediary step in the path to fully supporting IPv6 are dual-stack IPv4/IPv6 designs, which leverage both versions of […]

As AWS customers adopt multi-account strategies, they need to have cross-account networking in their AWS environment. They also need to extend their network across multiple AWS Regions when creating multi-Region applications or disaster recovery environments. AWS has many services and features that allow you do to exactly that with great flexibility. But for users that […]

Introduction This blog post is a continuation of Introduction to Network Transformation on AWS – Part 1. To recap, as your organization begins to embrace cloud, you extend your network to AWS using a hybrid connectivity architecture. When we work with customers, we see that their network traffic patterns have been changing as more applications […]

There are times when your client systems must resolve a Microsoft Active Directory’s Fully Qualified Domain Name (FQDN) before they can join a domain. Each VPC in your AWS environment is provisioned with a DNS resolver powered by Amazon Route 53. We call this an AmazonProvidedDNS. This resolver runs on the second IPv4 address from […]