Networking & Content Delivery

Migrating SD-WAN Appliances to AWS Transit Gateway Connect

Introduction Since its launch in 2020, AWS Transit Gateway Connect has provided a native way for you to connect third-party SD-WAN appliances to an AWS Transit Gateway. Connect attachments use Generic Routing Encapsulation (GRE) tunnels and Border Gateway Protocol (BGP) to exchange routes between the Transit Gateway and an appliance. Prior to Transit Gateway Connect, […]

Geo-block Content Using Amazon Location and Edge Services

Organizations require methods to restrict access to content to adhere to compliance and regulatory requirements, sanctions, privacy laws, territorial ownership rights, security controls, etc. One way that companies restrict access is by Geo-blocking – restricting access to a website or another piece of content based on a user’s location. A popular method of geo-blocking content is […]

Writing and testing CloudFront Functions with production traffic

While maintaining a web application, sometimes we need to build a simple logic that must  run in low latency. For example, you may want to set up website redirection based on condition, or quickly verify an incoming header. CloudFront Functions is ideal for these use cases since it lets you write lightweight JavaScript code that […]

AWS Verified Access Integration with 3rd party identity providers

AWS Verified Access (AVA) offers a solution to the challenges faced by enterprises by managing remote workforce connectivity through traditional remote access VPNs. It allows remote employees to securely access corporate applications over the Internet while authenticating and authorizing each request. Unlike traditional VPN systems, which lack granularity for application-level authentication and authorization, AVA implements […]

Manual Failover and Failback Strategy with Amazon Route53

Introduction Customers use multi-region architecture to achieve application resiliency such as Active-Active or Disaster Recovery (DR). Depending on DR strategy, customers may need to have failover from one region to the next. DR strategies are covered off in detail in a prior AWS Blog. DR strategies include either an Active/Passive or Multi-Site Active/Active approaches. Active/Passive […]

World Cup 2022 – Amazon CloudFront retrospective

It was only just over a month ago, yet somehow it already feels like it could have been a dream. Following 4 action-packed weeks of soccer, capped by perhaps the greatest ever final of any major tournament, Lionel Messi lifted the World Cup aloft in the futuristic Lusail Stadium in Qatar. It was a World […]

Centralizing outbound Internet traffic for dual stack IPv4 and IPv6 VPCs

Organizations have been adopting IPv6 in their IPv4 environments to solve IP address exhaustion or meet compliance requirements. Since IPv6 isn’t backward compatible with IPv4, several mechanisms can facilitate communication between hosts that support one or both protocols. One common way is by using dual stack deployments. For architectures where dual stack deployments aren’t the […]

Reduce latency for end-users with multi-region APIs with CloudFront

As organizations grow, they must often serve geographically dispersed users with low latency, prompting them to have a distributed global infrastructure in the cloud. In this article, we describe how to deploy global API endpoints to reduce latency for end-users while increasing an application’s availability. By using the AWS Global Network and Amazon CloudFront to deploy applications into multiple […]

VPC Routing Enhancements and GWLB Deployment Patterns

At re:Invent 2020, AWS introduced  Gateway Load Balancer (GWLB), an AWS service that helps you deploy, scale, and manage third-party virtual network appliances, such as firewalls, intrusion detection and prevention systems, and others. GWLB is a type of load balancer under the Elastic Load Balancing (ELB) family. Other load balancers within the ELB family include […]

Hybrid inspection architectures with AWS Local Zone

Hybrid inspection architectures with AWS Local Zones

Customers often ask about hybrid security inspection architecture patterns for latency-sensitive applications, where they want to run their workloads inside of AWS Local Zones, to perform security inspection but without compromising latency. In this post, we share some hybrid inspection architectures with traffic flows, where both workloads and security inspection appliances run inside of the […]