Networking & Content Delivery
Category: Expert (400)
Encrypt DNS queries using DNS-over-HTTPS (DoH) with Amazon Route 53 Resolver Endpoints
Customers frequently use on-premises DNS infrastructure to resolve DNS queries for internal domains. In 2018, we announced Amazon Route 53 Resolver endpoints, which enable customers to integrate Route 53 with their on-premises DNS infrastructure for hybrid DNS resolution. In 2023, we improved this integration by providing customers the ability to encrypt DNS queries and responses […]
How to identify website performance bottlenecks by measuring time to first byte latency and using Server-Timing header
While website performance issues are a common occurrence, pinpointing their root causes can be a challenging task. In this post, you will learn how to simplify the performance troubleshooting process by unlocking the potential of the Server-Timing header. This header allows backend components to communicate timing metrics and other insights relevant to performance monitoring in […]
Simplify global security inspection with AWS Cloud WAN Service Insertion
AWS Cloud WAN is a managed wide-area networking (WAN) service that you can use to build and operate wide area networks that connect your data centers and branch offices, as well as your Amazon Virtual Private Cloud (Amazon VPC) VPCs. You can use network policies to centrally configure and automate network management and security tasks, […]
Hybrid security inspection architectures with AWS Cloud WAN and AWS Direct Connect
AWS Cloud WAN makes it easy to build and operate wide area networks that connect your data centers and branch offices, as well as your Amazon Virtual Private Clouds (VPCs). With Cloud WAN, you connect to AWS through your choice of local network providers, then use a central dashboard and network policies to create a […]
Inspecting network traffic between Amazon VPCs with AWS Cloud WAN
Update: As of June 11 2024, the Service Insertion feature of AWS Cloud WAN allows users to easily insert firewalls and other security solutions into the traffic flow within a Cloud WAN environment. Rather than manually configuring the underlying routing required to insert these security services, as described in this blog, Service Insertion provides a managed offering that handles this […]
AWS Site-to-Site VPN, choosing the right options to optimize performance
AWS Site-to-Site VPN is a fully-managed performant, scalable, secure, and highly-available way to connect your on-premises users and workloads to AWS. When using Site-to-Site VPN you can connect to both Amazon Virtual Private Clouds (Amazon VPCs) with two tunnels per connection for increased redundancy. For even greater performance with sites further from your AWS Region(s), […]
Solving DNS zone apex challenges with third-party DNS providers using AWS
Many customers ask us how they can point their zone apex to their web content if it uses a DNS name rather than an IP address. This blog covers three design patterns and approaches that solve zone apex challenges with third-party DNS providers for applications hosted in AWS—and the pros and cons of each approach.
Integrating sub-1 Gbps hosted connections with AWS Transit Gateway
Update August 8,2022: AWS Direct Connect now supports connections to AWS Transit Gateway at speeds of 500 megabits per second (Mbps) and lower. The architecture described in this post is no longer needed. AWS Transit Gateway provides you with the ability to connect multiple VPCs, VPNs and scale up to 5,000 attachments. It simplifies management […]
Integrating AWS Transit Gateway with AWS PrivateLink and Amazon Route 53 Resolver
I want to take some time to dive more deeply into a use case outlined in NET301 Best Practices for AWS PrivateLink. The use case involves using AWS Transit Gateway, along with Amazon Route 53 Resolver, to share AWS PrivateLink interface endpoints between multiple connected Amazon virtual private clouds (VPCs) and an on-premises environment. We’ve seen […]
Continually Enhancing Domain Security on Amazon CloudFront
Last year, a colleague of mine wrote a blog post about new security measures that Amazon CloudFront was implementing to enhance the security of how domains are used on CloudFront distributions. This included mitigations to prevent the abusive use of domain fronting practices by not allowing SSL handshake requests and subsequent requests over the secured […]