Read our blog for the latest insights on sales and marketing Take Me There

Webinar: Use Sugar Data to Easily Generate Complex Documents Register

Webinar: Advanced Calendar Solution for Sugar Register

Amazon VPC September 2019 Update

Released on September 19th, 2019

Announcing Amazon VPC Traffic Mirroring for AWS GovCloud (US) Regions

Starting today, Amazon Virtual Private Cloud (Amazon VPC) traffic mirroring will be available in both AWS GovCloud (US) Regions. AWS GovCloud (US) Regions are isolated cloud regions, designed to host sensitive data and regulated workloads for customers with U.S. federal, state, and local government compliance requirements.

Amazon VPC traffic mirroring was introduced in June this year. It allows customers to gain insight into the network traffic across their Amazon VPC infrastructure for content inspection and threat monitoring.  

You can learn more about Amazon VPC traffic mirroring by reading our documentation

Now Add Additional Metadata to Amazon VPC Flow Logs

You can now include additional metadata in Amazon Virtual Private Cloud (Amazon VPC) flow logs to better understand network flows. VPC flow logs enable you to capture information about the IP traffic going to and from network interfaces in your VPC. You can use VPC flow logs to troubleshoot network connectivity issues, monitor VPC traffic, and identify network threats.

Usage of additional metadata fields like vpc-id, subnet-id, Transmission Control Protocol (TCP) bitmask reduce the number of computations and look-ups required to extract meaningful information from the log data. For example, you can use TCP bitmask to identify the resource initiating at TCP connection. Similarly, you can use the packet source and destination IP fields to identify the source resource and the intended target of a connection passing through a network interface attached to NAT Gateway or an AWS Transit Gateway. To learn more about these new metadata fields refer our blog here.

You can deliver Amazon VPC flow logs to Amazon Simple Storage Service (S3) using the AWS Command Line Interface or Management Console. There is no extra cost to capture these additional metadata fields. For more information about VPC flow logs, please refer to the documentation here.

Amazon SQS Now Supports Amazon VPC Endpoints in the GovCloud (US) Regions

AWS customers in the AWS GovCloud (US) Regions can now send messages to an Amazon Simple Queue Service (Amazon SQS) queue from Amazon Virtual Private Cloud (Amazon VPC) using VPC endpoints, without using public IPs and without having to traverse the public internet.  

VPC endpoints for Amazon SQS are powered by AWS PrivateLink, a highly available and scalable technology that lets you privately connect your VPC to supported AWS services. They provide reliable connectivity to Amazon SQS without requiring an internet gateway, Network Address Translation (NAT) instance, or VPN connection. With VPC endpoints, the data between your Amazon VPC and Amazon SQS queue is transmitted within the Amazon network. This helps avoid exposing your instances to internet traffic. 

Amazon SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. Amazon SQS eliminates the complexity and overhead associated with managing and operating message-oriented middleware, and empowers developers to focus on differentiating work. 

To learn more:
• See Amazon Virtual Private Cloud Endpoints for Amazon SQS in the Amazon SQS Developer Guide.
• See Tutorial: Sending a Message to an Amazon SQS Queue from Amazon Virtual Private Cloud in the Amazon SQS Developer Guide.

Amazon VPC Sharing is Now Available in the AWS GovCloud (US-East) Region

Amazon Virtual Private Cloud sharing (VPC sharing) is now available in the AWS GovCloud (US-East) Region. VPC sharing is also available in all commercial AWS Regions except in South America (São Paulo), Asia Pacific (Osaka-Local), and China regions. 

With VPC sharing, you can allow other AWS accounts to create their application resources, such as EC2 instances, Relational Database Service (RDS) databases, Redshift clusters, and Lambda functions, into shared, centrally-managed Amazon Virtual Private Clouds (Amazon VPCs).

Customers create multiple AWS accounts to streamline billing and restrict access to various environments, such as development, staging, and production, across different business and application teams. With the increase in the number of accounts, you need to efficiently manage network and security policies across your application environments. Today, you can create separate Amazon VPCs for each account with the account owner being responsible for connectivity and security of each Amazon VPC. With VPC sharing, your IT team can own and manage your Amazon VPCs and your application developers no longer have to manage or configure Amazon VPCs, but they can access them as needed. 

You can also share Amazon VPCs to leverage the implicit routing within a VPC for applications that require a high degree of interconnectivity and are within the same trust boundaries. This reduces the number of VPCs that need to be created and managed, while you still benefit from using separate accounts for billing and access control. Customers can further simplify network topologies by interconnecting shared Amazon VPCs using connectivity features, such as AWS PrivateLinkAWS Transit Gateway, and Amazon VPC peering.

There are no additional charges for using this feature. For more information about VPC sharing, please visit our documentation.

« Back to Releases