Networking & Content Delivery

Update (May 2026): Amazon CloudFront now natively supports tag-based cache invalidation — no additional infrastructure required. You can tag cached objects via origin response headers or S3 metadata and invalidate them by tag directly through the CloudFront API. For details, see the CloudFront Developer Guide and the launch blog post. If you are starting fresh, […]

Today, Amazon CloudFront is launching Invalidation by Cache Tag, a new capability that transforms how developers manage cached content. With this feature, you can invalidate groups of related cached objects using a single invalidation request, regardless of URL structure—making cache management more precise, efficient, and developer-friendly. In this post, we discuss the benefits of this […]

Introduction This post is intended for networking engineers and architects evaluating AWS VPN options (200-level content). It assumes familiarity with basic AWS networking concepts such as virtual private clouds (VPCs), virtual private gateways (VGWs), and transit gateways (TGWs). If you are new to AWS VPN, the AWS VPN User Guide provides foundational context. Organizations implementing […]

In Part 1 of this series, we demonstrated a scalable solution of using Amazon Web Services Identity and Access Management (AWS IAM) conditional keys and AWS principal tags for fine-grained access control of shared Amazon Route 53 hosted zones, public or private, in the same AWS account. As user environments grow, AWS administrators and network […]

AWS Client VPN now supports native attachment to AWS Transit Gateway, eliminating the need for a dedicated hosting VPC. This post walks through how to configure the integration, preserve source IP addresses end-to-end without SNAT, and centralize remote access across multiple VPCs and on-premises networks in a multi-account architecture.

In this post, we explore architectural patterns for implementing centralized internet ingress with inspection using AWS Cloud WAN. We examine different design considerations and integration strategies with centralized internet egress while walking through practical examples and deployment scenarios. We demonstrate how to use the AWS Cloud WAN core networking capabilities alongside other AWS networking services […]

Your on-call engineer gets paged at 2 AM. A payment service in Workload Account cannot reach a shared database in Shared Services Account. The Amazon CloudWatch alarm fired eight minutes ago. The engineer starts by checking route tables across two accounts, Amazon Virtual Private Cloud (Amazon VPC) attachment states, security group rules on both sides, […]

AWS and Lumen simplify enterprise cloud connectivity with AWS Interconnect – last mile and Lumen Cloud Interconnect This post was jointly written by Rob Kennedy, Vice President of Network Services, Amazon Web Services, and Scott Yow, Senior Vice President of Product, Lumen Technologies For decades, the cloud and the network connecting to it have operated […]

Building resilient and fault-tolerant systems in Amazon Web Services (AWS) is essential for maintaining stable workloads. When designing cloud architecture, the ability to handle sudden traffic surges becomes a critical consideration. Elastic Load Balancing (ELB) serves as the primary entry point for distributing both external and internal traffic efficiently across applications. In this post, we […]

The London Stock Exchange Group (LSEG) is a leading global financial markets infrastructure and data provider, serving over 25,000 customers across 190 countries. The company operates the London Stock Exchange and provides critical market data, analytics, and trading technology to banks, asset managers, hedge funds, and other financial institutions worldwide. Through its Real-Time Optimized (RTO) […]