Category: Amazon VPC

Amazon Virtual Private Cloud (Amazon VPC) Flow Logs helps you understand network traffic patterns on AWS by providing network telemetry data about the IP traffic flowing to and from ENIs in your VPC. It lets you perform numerous analytics tasks, such as diagnosing overly restrictive security group rules, monitoring traffic that is reaching an instance, […]

Traditionally, communication service providers (CSPs) in the telecom industry have used a Virtual Routing and Forwarding (VRF) technique to segregate their data center (DC) networks per each network domains; for examples of domain such as Operation, Administration & Management (OAM), signaling, roaming, and user traffic networks. Each VRF domain in the data center must also […]

AWS Control Tower offers a straightforward way to set up and govern a multi-account AWS environment, following prescriptive best practices to build a secure landing zone quickly. You can provision tens, if not hundreds, of new AWS accounts at one time using AWS Control Tower. Once you provision accounts, you typically require the deployment of Amazon […]

In this post, we’ll discuss the considerations, recommendations, and approach for migrating AWS accounts between AWS Organizations from a networking perspective. We’ll explain the behavior of AWS networking resources when AWS accounts are moved between Organizations. We’ll also analyze the behavior from different viewpoints including service availability, management and governance, as well as commercial and operations. […]

In part one of our series on IPv6 for AWS and hybrid network architectures, we explored some of the most common dual stack designs: dual stack Amazon Virtual Private Cloud (Amazon VPC) and Amazon Elastic Compute Cloud (Amazon EC2) instances, Internet connectivity, Internet-facing Network Load Balancer and Application Load Balancer deployments, as well as VPC […]

In June 2021, we announced our continued commitment and innovation towards the enablement of IPv6 on AWS. Today, we take a monumental step forward with the ability to create an IPv6-only architecture on AWS. With this launch, Amazon Virtual Private Cloud (VPC) now allows you to create IPv6-only subnets in your dual-stack VPCs and launch […]

Network architects need the ability to gain insights into real-time traffic between different resources within their VPCs. Since the announcement of VPC Traffic Mirroring in 2019, the VPC feature has provided this by copying network traffic from elastic networking interfaces (ENIs) on customer’s instances as source, and then sending the traffic to a destination target […]

An update was made on October 15, 2024: With the release of Athena engine version 3, native support for IP address functions is available through the Trino project. This eliminates the need for the Lambda function approach outlined in this blog post. To take advantage of this new enhancement, it is necessary to update the […]

Many organizations need to review or audit networking information within AWS environments that contain multiple AWS accounts. At scale, questions such as “which accounts have Internet access enabled?”, “which account owns the Elastic IP 198.51.100.101?” and, “what are the IP addresses of my NAT gateways?” can be challenging to answer. Traditionally, within an individual account, […]

Happy 2022 AWS Networking & Content Delivery enthusiasts! In December 2021, AWS hosted its 10th annual re:Invent conference. The Networking & Content Delivery team had 14 unique breakout sessions that were recorded and can be found on this playlist. In addition to these sessions, the Networking team had a leadership session presented by David Brown, […]