Category: Learning Levels

This post was authored by Ali Yousefi, Senior Security Software Engineer on the Infrastructure Security Team at Pinterest Introduction In part 1 one of this two-part blog series, we demonstrated how Pinterest gained visibility into DNS traffic originating from its VPCs by enabling Amazon Route 53 Resolver query logs across its Amazon Web Services (AWS) […]

This post was authored by Ali Yousefi, Senior Security Software Engineer on the Infrastructure Security Team at Pinterest Introduction Network security has become an increasingly important focus area in cloud security as more organizations shift to the cloud. Organizations can take an active approach in protecting themselves and their data from various threats by strengthening […]

Since its launch in 2021, Amazon Route 53 Resolver DNS Firewall has enabled Amazon Web Services (AWS) users to monitor and control outbound DNS queries originating from their Amazon Virtual Private Cloud (Amazon VPC) resources. Configuring domain filtering rules in Route 53 Resolver DNS Firewall helps you mitigate security threats such as data exfiltration through […]

In today’s cloud-first world, resilient connectivity between your on-premises infrastructure and AWS, along with a deep understanding of its implementation, is critical for your business success. For many organizations, AWS Direct Connect serves as their primary connectivity solution. Starting at the physical layer (Layer 1), it operates across the first three layers of the Open […]

In this post we review how Amazon VPC Lattice can provide simple and secure access to an Amazon RDS Multi-AZ deployment using Amazon Resource Names (ARNs). Prerequisites We assume you are familiar with Amazon Virtual Private Cloud (VPC), and VPC Lattice concepts and capabilities. If you are unfamiliar with VPC Lattice please review Amazon VPC […]

This post demonstrates how to use a new Amazon CloudWatch metric for Amazon Route 53 Resolver endpoints to make informed scaling decisions. We show you how to monitor Resolver Networking Interface (RNI) capacity and implement a scalable architecture that makes sure of reliable DNS resolution across your hybrid infrastructure. As organizations expand their hybrid cloud […]

Introduction AWS Cloud WAN enables organizations to build and manage a global network across multiple AWS Regions. Through AWS Cloud WAN service insertion, you can integrate security appliances, either AWS-managed (such as AWS Network Firewall) or third-party solutions, to inspect and control traffic between network segments or outbound to the internet. Although AWS Cloud WAN […]

AWS Cloud WAN is a managed wide area networking (WAN) service that helps you build, manage, and monitor a unified global network connecting cloud and on-premises resources. In 2024, we launched service insertion, an AWS Cloud WAN feature that streamlines integrating security and inspection services into global networks. Using AWS Network Manager console or JSON policies, […]

Are you interested in securing your web applications and optimizing their performance to maintain a seamless user experience and safeguard against cyber threats? Application Load Balancers (ALBs) provide a powerful feature for modifying request and response headers, allowing you to fine-tune your application’s behavior in numerous ways. From bolstering security with essential headers such as […]

Information security practitioners use internet protocol (IP) address-based security controls such as block lists and rate-based rules to block malicious traffic. However, blocking malicious traffic solely based on an IP address can unintentionally block legitimate users, resulting in false positives. This is because many users share an IP address behind a network address translation (NAT) […]