Category: Networking & Content Delivery

In this blog, you will learn how to use the Lambda Function URL feature to define a AWS Lambda Function as origin for Amazon CloudFront. Lambda Function URL capability provides a dedicated HTTPS endpoint for your Lambda function deployed in an AWS Region. Function URLs are a great fit for use cases where you must […]

Introduction Amazon CloudFront has recently announced a new feature, Server Timing headers, which provides detailed performance information, such as whether content was served from cache when a request was received, how the request was routed to the CloudFront edge location, and how much time elapsed during each stage of the connection and response process. Server […]

Many organizations need to review or audit networking information within AWS environments that contain multiple AWS accounts. At scale, questions such as “which accounts have Internet access enabled?”, “which account owns the Elastic IP 198.51.100.101?” and, “what are the IP addresses of my NAT gateways?” can be challenging to answer. Traditionally, within an individual account, […]

Amazon CloudFront Functions now makes it possible to do things that were previously only possible with AWS Lambda@Edge, but in a more performant manner. For example, now you can manipulate the URI path—something that is essential when you want to secure an origin using an Origin Access Identity (OAI) with Amazon CloudFront. In 2017, I […]

Introduction Multicast is a popular IP-based communication mechanism that is actively employed in many industry verticals, including finance, media, telco, transportation, and others. This post describes how to enable multicast in container environments orchestrated by Amazon Elastic Container Service (ECS). Although Amazon ECS is a fully managed container orchestration service, some additional steps must be […]

Happy 2022 AWS Networking & Content Delivery enthusiasts! In December 2021, AWS hosted its 10th annual re:Invent conference. The Networking & Content Delivery team had 14 unique breakout sessions that were recorded and can be found on this playlist. In addition to these sessions, the Networking team had a leadership session presented by David Brown, […]

Introduction Many organizations deploy Amazon Elastic Kubernetes Service (Amazon EKS) clusters into Amazon Virtual Private Cloud (VPC) environments with direct access to the internet and to other VPCs. Connectivity between the VPC hosting the Amazon EKS cluster and other VPCs is typically created using routed networking services, such as VPC Peering or AWS Transit Gateway. […]

AWS Client VPN  is a simple solution that allows users to connect from anywhere to their AWS environments, a capability that has become important to almost every organization over the last year. Single sign-on (SSO) is used widely across organizations of all sizes to authenticate and authorize their users’ access to enterprise applications and IT […]

Introduction Exposing Internet-facing applications requires careful consideration of what security controls are needed to protect against external threats and unwanted access. These security controls can vary depending on the type of application, size of the environment, operational constraints, or required inspection depth. For some scenarios, running Network Access Control Lists (NACL) and Security Groups (SG) […]

AWS customers regularly use the ability to reference another security group in the same Amazon Virtual Private Cloud (VPC), or a peered VPC in the same Region, as a dynamic reference. This ability allows customers who have highly ephemeral workloads to adopt the practice of least privilege more easily. We do not currently support security […]