Category: Amazon VPC

Update: June 28, 2024 – Corrections were made to Figure 5 and the subsequent packet walkthrough.  AWS Cloud WAN is a managed wide-area networking (WAN) service that you can use to build and operate wide area networks that connect your data centers and branch offices, as well as your Amazon Virtual Private Cloud (Amazon VPC) […]

In this blog post, we explore a scenario in which Goldman Sachs, wanted to transfer ownership of several of its key network components between teams in a controlled and seamless manner. Specifically, we take a deep dive on migrating traffic between Direct Connect gateways while maintaining end-to-end connectivity. As a multinational investment bank and financial […]

Connection tracking (conntrack) is a networking concept where a networking device, like a firewall, router, or NAT device, needs to track and maintain information about the state of IP traffic going through it. The AWS Nitro System that underlies AWS networking does connection tracking for some types of network traffic to implement the stateful nature […]

Introduction Amazon Virtual Private Cloud (VPC) is the foundational networking construct used by customers to deploy workloads on AWS. To examine VPC traffic and gain insights into communication patterns, customers collect and analyze VPC Flow Logs, leveraging the capabilities and features AWS has continuously added since 2015. You can get started with Flow Logs by […]

Many AWS customers use consolidated billing, and often need to allocate costs across their internal business units or accounts. This can be challenging when dealing with services that are shared by all accounts. For general chargebacks, some customers use cost allocation tags for this purpose. However, at the time of writing this post, there is […]

Amazon VPC IP Address Manager (IPAM) is a VPC feature that allows you to plan, track, and monitor IP addresses for your AWS workloads. Until now, VPC IPAM allowed you to allocate CIDR blocks and monitor them at the VPC level. With a recent feature enhancement in VPC IPAM, you can now manage CIDR allocations […]

Amazon Web Services (AWS) customers can use the AWS global infrastructure to deploy workloads to multiple AWS Regions. They can create global networks that span multiple AWS Regions to connect these workloads to each other and to on-premises networks. A common design pattern is to use a central networking AWS account to own shared network resources, such as AWS Transit […]

Traffic Mirroring is an Amazon Virtual Private Cloud (VPC) feature you can use to copy network traffic from an elastic network interface of an Amazon Elastic Compute Cloud (EC2) instance and send it to a target storage service for analysis. You can use it for content inspection, threat monitoring, network performance monitoring, and troubleshooting. Through […]

Introduction Since their introduction in 2010, tags have been helping Amazon Web Services (AWS) customers identify, organize, and manage their resources by adding referenceable key/value pairs. In this post, we explore how tags can be used to automate the addition and removal of Amazon VPC Lattice resource associations, and cross account resource shares using Amazon […]

AWS provides hundreds of services to help you easily deploy resources and applications globally in minutes. This helps you rapidly expand your customer base across the world. At the time of writing this post, the AWS Cloud spans 102 Availability Zones (AZs) within 32 geographic AWS Regions around the world. As AWS is continuously growing, […]