Networking & Content Delivery

Category: Networking & Content Delivery

Using AWS SSO with AWS Client VPN for authentication and authorization

AWS Client VPN  is a simple solution that allows users to connect from anywhere to their AWS environments, a capability that has become important to almost every organization over the last year. Single sign-on (SSO) is used widely across organizations of all sizes to authenticate and authorize their users’ access to enterprise applications and IT […]

Design your firewall deployment for Internet ingress traffic flows

Introduction Exposing Internet-facing applications requires careful consideration of what security controls are needed to protect against external threats and unwanted access. These security controls can vary depending on the type of application, size of the environment, operational constraints, or required inspection depth. For some scenarios, running Network Access Control Lists (NACL) and Security Groups (SG) […]

Automated VPC prefix list population for cross-Region and in-Region security group referencing

AWS customers regularly use the ability to reference another security group in the same Amazon Virtual Private Cloud (VPC), or a peered VPC in the same Region, as a dynamic reference. This ability allows customers who have highly ephemeral workloads to adopt the practice of least privilege more easily. We do not currently support security […]

AWS Direct Connect expands presence in Australia with 100 Gbps connections and MACsec

AWS Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS. With the launch of a new AWS Direct Connect location in the NextDC S2 Sydney data center, you can now establish dedicated 100 Gbps and encrypted connections with resiliency across two Sydney locations. Equinix SY3, an existing location in Sydney, also […]

Signed cookie-based authentication with Amazon CloudFront and AWS Lambda@Edge: Part 2 – Authorization

In this two-part blog series, you will learn how to use email addresses and domain names for user authentication. With this method, you restrict credentials-free user access to a static website. In this second part of the blog series, you will learn how to implement the authorization mechanism. In the previous blog post, you learnt […]

Signed cookie-based authentication with Amazon CloudFront and AWS Lambda@Edge: Part 1 -Authentication

In this two-part blog series, you will learn how to use email addresses and domain names for user authentication. With this method, you restrict credentials-free user access to a static website. In this first blog, you will learn how to implement the authentication mechanism. In the second blog post, you will learn how to implement […]

Managing IP pools across VPCs and Regions using Amazon VPC IP Address Manager

Since the inception of IP networks, network engineers and operators have sought systems, solutions, and procedures to help them efficiently plan and manage IP spaces. AWS recently launched a new service named Amazon VPC IP Address Manager (IPAM) to make it easier for you to plan, track, and monitor IP addresses for your AWS workloads. […]

AWS Direct Connect monitoring and failover with Anomaly Detection

As enterprises move to the Cloud, having a reliable network connection to their on-premises data centers is fundamental. In this post, I show how to monitor your AWS Direct Connect links and initiate remediation (including automatic failover) when degradation in end-to-end path quality (packet loss, high latency) is detected. Multiple Direct Connect links at separate […]

Bring Your IPv6 Address Space to Amazon VPC IP Address Manager (IPAM)

Introduction Every device, resource, and workload connected to an Internet Protocol-based network depends on its IP address to communicate. The public and private IPv4 addressing space exhaustion, organizational mandates, and the need to provide service availability to IPv6-only clients drive an increasing number of organizations to adopt IPv6 in their environments. A well-managed IP address […]

Running recovery-oriented applications with Amazon Route 53 Application Recovery Controller, AWS CI/CD tools, and Terraform

Introduction AWS customers in different industries have applications that require extremely high availability that run across several AWS Regions so that they can meet latency and business continuity requirements. Amazon Route 53 Application Recovery Controller (Route 53 ARC) supports high availability by allowing customers to continuously audit the recovery readiness of their applications and centrally […]