Category: Technical How-to

This post assumes a certain level of technical knowledge, including familiarity with DNS terminology, Wireshark, and Amazon Route 53 Resolver endpoints. Introduction The Domain Name System (DNS) is a critical service underpinning nearly the entire internet. As nearly every application begins with DNS resolution, a highly available and performant DNS architecture is crucial for application […]

Most web services rely on DNS to resolve names to IP addresses and sometimes other pieces of information. Amazon Route 53 provides highly available and scalable recursive DNS resolution, domain registration, and authoritative DNS-hosted zones that include health check capabilities and a broad array of routing capabilities. When using Amazon Route 53, you can scale […]

In this blog post, we present an augmented approach of managing AWS Cloud WAN segments in a secure, scalable, and on-demand way. When your organization increases the number of AWS accounts and AWS Regions in use, operational and security complexities related with admitting new user-created virtual private clouds (Amazon VPCs) to the network also increase—from […]

When a load balancer or proxy cannot preserve the client’s original IP address, it may rewrite the IP address or use its own IP address for routing purposes. In this scenario, common practices such as inserting the original IP address into the request headers (for example, X-Forwarded-For) or utilizing Proxy protocol are widely used to […]

While website performance issues are a common occurrence, pinpointing their root causes can be a challenging task. In this post, you will learn how to simplify the performance troubleshooting process by unlocking the potential of the Server-Timing header. This header allows backend components to communicate timing metrics and other insights relevant to performance monitoring in […]

Protecting against bot threats requires insights into the client environment beyond what is available through network-level characteristics of a request, such as TCP or HTTP payload signatures. AWS WAF uses CAPTCHA and Challenge actions to undertake a client-side interaction, whether on a mobile device or browser, to understand this client environment before they can be […]

In May 2024, Amazon Web Services (AWS) launched a new feature for internet-facing Application Load Balancers. This enhancement allows you to provision an internet-facing Application Load Balancer without needing public IPv4 addresses, enabling clients to connect using only IPv6 addresses. To connect, clients resolve the AAAA DNS records assigned to the Application Load Balancer. The […]

Web application security is an ongoing process. AWS WAF enables real-time monitoring and blocking of potentially harmful web requests. Bot Control and Fraud Control use machine learning (ML) to detect and prevent sophisticated threats. Bot traffic can make up anywhere from 30% to 50% or even more of total web traffic. After enabling AWS WAF, […]

AWS Network Firewall is a managed, stateful network firewall and intrusion protection service that allows you to implement firewalls rules for fine grained control over your network traffic. If you’re new to AWS Network Firewall, and want to understand its features and use cases, we recommend you review the blog post AWS Network Firewall – […]

In this blog post, we explore a scenario in which Goldman Sachs, wanted to transfer ownership of several of its key network components between teams in a controlled and seamless manner. Specifically, we take a deep dive on migrating traffic between Direct Connect gateways while maintaining end-to-end connectivity. As a multinational investment bank and financial […]