Category: Architecture

Amazon VPC Route Server enables dynamic routing within Amazon Virtual Private Cloud (Amazon VPC) using Border Gateway Protocol (BGP). You can use Amazon VPC Route Server for effective and intelligent traffic control between cloud applications and on-premises systems. Amazon VPC Route Server uses BGP to provide advanced control over traffic paths, especially for failures, and […]

Introduction We recently announced that Amazon Route 53 Resolver Endpoint supports Domain Name System (DNS) delegation, allowing you to delegate authority for a subdomain from your on-premises infrastructure to Route 53 and vice versa. Previously, to implement DNS delegation and maintain a unified private DNS namespace across on-premises and in Amazon Web Services (AWS) environments, […]

This post was authored by Ali Yousefi, Senior Security Software Engineer on the Infrastructure Security Team at Pinterest Introduction In part 1 one of this two-part blog series, we demonstrated how Pinterest gained visibility into DNS traffic originating from its VPCs by enabling Amazon Route 53 Resolver query logs across its Amazon Web Services (AWS) […]

This post was authored by Ali Yousefi, Senior Security Software Engineer on the Infrastructure Security Team at Pinterest Introduction Network security has become an increasingly important focus area in cloud security as more organizations shift to the cloud. Organizations can take an active approach in protecting themselves and their data from various threats by strengthening […]

In today’s rapidly evolving cloud landscape, network architects, engineers, and cloud teams need to move faster to design, deploy, and manage complex Amazon Web Services (AWS) networking infrastructure at scale. The emergence of generative AI capabilities, particularly Amazon Bedrock and Amazon Q, offers unprecedented opportunities to transform how we approach these challenges and solve them […]

In this post, we describe how you can use Amazon Web Services (AWS) Cloud WAN with service insertion to centralize your private NAT Gateways and PrivateLink to effectively and efficiently address private IPv4 exhaustion. We demonstrate how you can maximize the usage of available IP space while minimizing cost impact. Private IPv4 space, defined in […]

In this post, we explore how you can use Amazon VPC Lattice to expose shared services and resources across an organization while maintaining security and governance. We cover key architecture concepts, security best practices, and considerations for deploying VPC Lattice in production environments. As organizations grow, managing access to shared services across multiple environments—such as […]

Many Amazon Web Services (AWS) customers look to extend their Multiprotocol Label Switching (MPLS) networks into the cloud. MPLS networks offer reliable and performance-optimized routes for data, making them a preferred choice for enterprise connectivity. AWS Direct Connect further enhances this by providing a dedicated network link from an organization’s on-premises networks to AWS. This […]

Anyone who has worked with Microsoft Active Directory Domain Services (AD DS) and domain-joined workloads in the past likely knows how critical proper DNS resolution is to healthy operations. Even if you haven’t worked with AD DS workloads, if you are reading this post, you have likely heard of some outage that was caused by […]

In May 2024, Amazon Web Services (AWS) launched a new feature for internet-facing Application Load Balancers. This enhancement allows you to provision an internet-facing Application Load Balancer without needing public IPv4 addresses, enabling clients to connect using only IPv6 addresses. To connect, clients resolve the AAAA DNS records assigned to the Application Load Balancer. The […]