Category: Security, Identity, & Compliance

Users implement multi-account strategies to support multiple teams to deploy workloads. This post is for Amazon Web Services (AWS) administrators and network engineers who need to manage DNS permissions across multiple teams with shared Amazon Route 53 private hosted zone or public hosted zones. There may be situations where multiple teams shared the same hosted […]

This post was authored by Ali Yousefi, Senior Security Software Engineer on the Infrastructure Security Team at Pinterest Introduction In part 1 one of this two-part blog series, we demonstrated how Pinterest gained visibility into DNS traffic originating from its VPCs by enabling Amazon Route 53 Resolver query logs across its Amazon Web Services (AWS) […]

This post was authored by Ali Yousefi, Senior Security Software Engineer on the Infrastructure Security Team at Pinterest Introduction Network security has become an increasingly important focus area in cloud security as more organizations shift to the cloud. Organizations can take an active approach in protecting themselves and their data from various threats by strengthening […]

Since its launch in 2021, Amazon Route 53 Resolver DNS Firewall has enabled Amazon Web Services (AWS) users to monitor and control outbound DNS queries originating from their Amazon Virtual Private Cloud (Amazon VPC) resources. Configuring domain filtering rules in Route 53 Resolver DNS Firewall helps you mitigate security threats such as data exfiltration through […]

Introduction The first web crawler was created in 1993 to measure the size of web, and they have now evolved into modern bots powered by agentic AI. Today’s internet is increasingly populated and dominated by automated AI bots that interact with applications to support AI-related tasks. We classified AI bots into three types: AI scrapers, […]

As the global threat landscape shifts and evolves, AWS services that help protect our customers from those threats also evolve to meet their needs. One type of threat that has changed considerably over the past few years is Distributed Denial of Service (DDoS). DDoS attacks have evolved from targeting lower network layers (Layers 3 and […]

Applications face a variety of security threats, such as distributed denial of service (DDoS) attacks, web application exploits like SQL injection and cross-site scripting (XSS), and bot traffic. In this post, to help protect your applications against these threats, we demonstrate how to build your first web access control list (web ACL) in AWS WAF. AWS […]

Modern applications often rely on public APIs to exchange information between trusted clients (such as mobile applications or web browsers) and services. Using a combination of Amazon Web Services (AWS) Edge Services (AWS WAF, AWS Shield Advanced, and Amazon CloudFront) allow Glovo to share how they protect their public-facing APIs from a variety of external […]

Introduction The AWS WAF Bot Control rule group includes rules for detecting and managing bot threats. These threats range from easily identified common bots through to coordinated targeted bots that evade detection by operating across multiple hosts. Like any other security controls, Amazon Web Services (AWS) WAF Bot Control for Targeted Bots rules can also […]

Introduction Unlike traditional VPN-based approaches, AWS Verified Access evaluates multiple dimensions of access, including user identity, device posture, and application-specific policies. This means organizations can ensure that only fully authenticated and authorized users can access sensitive resources, regardless of their physical network location. The result is a more flexible, secure, and manageable approach to enterprise […]