Networking & Content Delivery

Streamline in-place application upgrades with Amazon VPC Lattice

Introduction In this post, we review how you can perform in-place application upgrades using Amazon VPC Lattice, while maintaining system reliability, security, and performance. Whether you are upgrading a classic three-tier web application, migrating from Amazon Elastic Compute Cloud (Amazon EC2) to containers, or managing periodic Kubernetes upgrades, one challenge remains consistent: making sure of […]

Charting the life of an Amazon CloudFront request

Charting the life of an Amazon CloudFront request

Amazon CloudFront is a native AWS Content Delivery Network (CDN) service. CDNs provide web acceleration by using a worldwide network of edge locations closer to end-users, and caching content at the edge. However, CloudFront can do a lot more than that, with functionality at the edge to do geo-filtering, execute functions, perform AWS Web Application […]

Introducing URL and host header rewrite with AWS Application Load Balancers

Today we’re announcing the general availability of rewriting URLs and host headers natively on Amazon Web Services (AWS) Application Load Balancers (ALB). You can use this new feature to implement regex matches based on request parameters and rewrite both host headers and URLs before routing to your targets. Operating at Layer 7 (application layer) of […]

How Silverflow modernized network operations by combining AWS Cloud WAN and DevOps

In this post, we dive into how at Silverflow we adopted AWS Cloud WAN and how we used standard DevOps practices, to manage our global network in a compliant and secure way. At Silverflow, our mission to bring payments into the modern era also necessitated that we rethink our network from the ground up. Every […]

Secure customer resource access in multi-tenant SaaS with Amazon VPC Lattice

In this post, we provide prescriptive guidance for building resilient and scalable multi-tenant Software-as-a-Service (SaaS) network architectures to address common challenges such as managing overlapping IP addresses, complex CIDR planning, and scaling connectivity to thousands of customers. We explore multiple architectural approaches using Amazon VPC Lattice with TCP resources, and conclude with detailed implementation guidance […]

Enabling cross-region private access to Amazon S3 with existing application configuration

Many organizations need to maintain strict private network communications between their AWS resources across different Regions, particularly when handling sensitive data or meeting compliance requirements. To optimize performance and minimize costs, it’s an architectural best practice to maintain data flows within AWS’s private network, even when using public IP addresses. However, regulated industries and enterprises […]

AWS Site-to-Site VPN now supports IPv6 on the outside IPs

AWS Site-to-Site VPN now supports IPv6 on the outside IPs

Amazon Web Services (AWS) Site-to-Site VPN is a fully managed service that allows you to create a secure connection between your data center or branch office and your AWS resources using IP Security (IPSec) tunnels. It provides critical connectivity for a variety of workloads: connecting on-premises workloads to the cloud, connecting devices to the cloud, and […]

Building a high-performance exchange market data broadcasting platform on AWS

This is a joint post co-authored with Abhishek Chawla, Chief Product and Technology Officer; Kartik Manimuthu, Director of Cloud Engineering; and Digvijay, Director of Application Engineering at SMC Global Securities Ltd. SMC Global Securities Ltd. (SMC), established in 1990, is a leading Indian financial services company providing trading, wealth advisory, and financial product distribution services […]

Building Resilient Multi-cluster Applications with Amazon EKS, Part 1: Implementing Cross-cluster Load Balancing with NLB

This three-part series explores design patterns and strategies to enhance application resiliency through multi-cluster deployment on Amazon Elastic Kubernetes Service (EKS). In this first part, we address a common challenge when using a Network Load Balancer (NLB) in multi-cluster environments. Organizations increasingly rely on Kubernetes—whether through Amazon Elastic Kubernetes Service (EKS) or self-managed clusters on […]

Redirecting internet bound traffic through a transparent forward proxy

Redirecting internet bound traffic through a transparent forward proxy

Centralized egress is the principle of using a single, common inspection point for all network traffic destined for the internet. This approach is beneficial from a security perspective because it limits exposure to externally accessible malicious resources, such as malware command and control (C&C) infrastructure. This inspection is generally done by a firewall like AWS […]