Networking & Content Delivery
DNS best practices for Amazon Route 53
Most web services rely on DNS to resolve names to IP addresses and sometimes other pieces of information. Amazon Route 53 provides highly available and scalable recursive DNS resolution, domain registration, and authoritative DNS-hosted zones that include health check capabilities and a broad array of routing capabilities. When using Amazon Route 53, you can scale […]
Automating the admission of virtual private clouds to AWS Cloud WAN networks
In this blog post, we present an augmented approach of managing AWS Cloud WAN segments in a secure, scalable, and on-demand way. When your organization increases the number of AWS accounts and AWS Regions in use, operational and security complexities related with admitting new user-created virtual private clouds (Amazon VPCs) to the network also increase—from […]
Preserving client IP address with Proxy protocol v2 and Network Load Balancer
When a load balancer or proxy cannot preserve the client’s original IP address, it may rewrite the IP address or use its own IP address for routing purposes. In this scenario, common practices such as inserting the original IP address into the request headers (for example, X-Forwarded-For) or utilizing Proxy protocol are widely used to […]
Private network for data movement in generative AI
Private network for data movement in generative AI In this post, we cover the architecture patterns for building secure, private network connectivity for data movement in generative artificial intelligence (generative AI) using Amazon Web Services (AWS) and AWS Partner Network (APN) services. Data privacy and security are top of mind for customers exploring generative AI […]
How to identify website performance bottlenecks by measuring time to first byte latency and using Server-Timing header
While website performance issues are a common occurrence, pinpointing their root causes can be a challenging task. In this post, you will learn how to simplify the performance troubleshooting process by unlocking the potential of the Server-Timing header. This header allows backend components to communicate timing metrics and other insights relevant to performance monitoring in […]
Protect against bots with AWS WAF Challenge and CAPTCHA actions
Protecting against bot threats requires insights into the client environment beyond what is available through network-level characteristics of a request, such as TCP or HTTP payload signatures. AWS WAF uses CAPTCHA and Challenge actions to undertake a client-side interaction, whether on a mobile device or browser, to understand this client environment before they can be […]
Best practices for deployment with AWS Global Accelerator
Users everywhere expect stable, consistent, and high-performing applications, regardless of where an application is hosted. However, end users often experience variability and congestion over the public internet, which can be especially problematic when users are geographically distant from the application. These issues can be a major obstacle to providing your users with the online experience […]
Introducing dual-stack without public IPv4 Application Load Balancer
In May 2024, Amazon Web Services (AWS) launched a new feature for internet-facing Application Load Balancers. This enhancement allows you to provision an internet-facing Application Load Balancer without needing public IPv4 addresses, enabling clients to connect using only IPv6 addresses. To connect, clients resolve the AAAA DNS records assigned to the Application Load Balancer. The […]
Tenant routing strategies for SaaS applications on AWS
A key challenge for SaaS providers is designing secure, scalable tenant routing mechanisms to identify tenants and route requests to appropriate resources. Effective tenant routing ensures isolation, scalability, and security. This post explores strategies for routing HTTP requests in multi-tenant SaaS environments on AWS, including considerations, best practices, and example scenarios. For routing strategies at […]
Simplify global security inspection with AWS Cloud WAN Service Insertion
Update: June 28, 2024 – Corrections were made to Figure 5 and the subsequent packet walkthrough. AWS Cloud WAN is a managed wide-area networking (WAN) service that you can use to build and operate wide area networks that connect your data centers and branch offices, as well as your Amazon Virtual Private Cloud (Amazon VPC) […]