Networking & Content Delivery
Category: Networking & Content Delivery
Centralizing Domain List Management for AWS Network Firewall and Route 53 Resolver DNS Firewall
Many of our customers take a “defense in depth” approach to secure workloads within their Amazon Virtual Private Clouds (Amazon VPC). Using domain list rules in AWS Network Firewall and Amazon Route 53 Resolver DNS Firewall lets you enforce network security controls at multiple layers based on domain names. Although both DNS Firewall and Network […]
How to enhance CloudFront origin security of on-premise web servers using third-party firewalls
This post provides a solution to enhance the Amazon CloudFront origin security of on-premises web servers by automating the AWS IP prefix update process for some network firewalls. CloudFront is a content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds—all within […]
How to analyze AWS Network Firewall logs using Amazon OpenSearch Service – Part 2
In part 1 of this blog-post series, we walked you through steps to configure Amazon OpenSearch Service to receive logs from AWS Network Firewall using Amazon Kinesis Data Firehose. In this part 2, we cover steps to generate test alerts, validating them and configure dashboards in Amazon OpenSearch Service to visualize and analyze log data. […]
How to analyze AWS Network Firewall logs using Amazon OpenSearch Service – Part 1
This two-part blog series demonstrates how to build network analytics and visualizations using data available through AWS Network Firewall logs. Network Firewall supports Amazon Kinesis Data Firehose as one of the logging destinations, and these logs can be streamed to Amazon OpenSearch Service as a delivery destination. Network Firewall logs contain several data points, such as source […]
Improve web application availability with CloudFront and Route53 hybrid origin failover
Earlier this year, we released technical guidance regarding three advanced design patterns for highly available applications using Amazon CloudFront and Amazon Route 53. In this post, we dive deeper into CloudFront origin failover, Amazon Route 53 DNS failover, and the hybrid origin failover approach to further enhance the availability of your web applications. We also […]
Migrating SD-WAN Appliances to AWS Transit Gateway Connect
Introduction Since its launch in 2020, AWS Transit Gateway Connect has provided a native way for you to connect third-party SD-WAN appliances to an AWS Transit Gateway. Connect attachments use Generic Routing Encapsulation (GRE) tunnels and Border Gateway Protocol (BGP) to exchange routes between the Transit Gateway and an appliance. Prior to Transit Gateway Connect, […]
Geo-block Content Using Amazon Location and Edge Services
Organizations require methods to restrict access to content to adhere to compliance and regulatory requirements, sanctions, privacy laws, territorial ownership rights, security controls, etc. One way that companies restrict access is by Geo-blocking – restricting access to a website or another piece of content based on a user’s location. A popular method of geo-blocking content is […]
Writing and testing CloudFront Functions with production traffic
While maintaining a web application, sometimes we need to build a simple logic that must run in low latency. For example, you may want to set up website redirection based on condition, or quickly verify an incoming header. CloudFront Functions is ideal for these use cases since it lets you write lightweight JavaScript code that […]
AWS Verified Access Integration with 3rd party identity providers
AWS Verified Access (AVA) offers a solution to the challenges faced by enterprises by managing remote workforce connectivity through traditional remote access VPNs. It allows remote employees to securely access corporate applications over the Internet while authenticating and authorizing each request. Unlike traditional VPN systems, which lack granularity for application-level authentication and authorization, AVA implements […]
Manual Failover and Failback Strategy with Amazon Route53
Introduction Customers use multi-region architecture to achieve application resiliency such as Active-Active or Disaster Recovery (DR). Depending on DR strategy, customers may need to have failover from one region to the next. DR strategies are covered off in detail in a prior AWS Blog. DR strategies include either an Active/Passive or Multi-Site Active/Active approaches. Active/Passive […]