Read our blog for the latest insights on sales and marketing Take Me There
Webinar: Use Sugar Data to Easily Generate Complex Documents Register
Webinar: Advanced Calendar Solution for Sugar Register
Starting today, Amazon Virtual Private Cloud (Amazon VPC) traffic mirroring will be available in both AWS GovCloud (US) Regions. AWS GovCloud (US) Regions are isolated cloud regions, designed to host sensitive data and regulated workloads for customers with U.S. federal, state, and local government compliance requirements.
Amazon VPC traffic mirroring was introduced in June this year. It allows customers to gain insight into the network traffic across their Amazon VPC infrastructure for content inspection and threat monitoring.
You can learn more about Amazon VPC traffic mirroring by reading our documentation.
You can now include additional metadata in Amazon Virtual Private Cloud (Amazon VPC) flow logs to better understand network flows. VPC flow logs enable you to capture information about the IP traffic going to and from network interfaces in your VPC. You can use VPC flow logs to troubleshoot network connectivity issues, monitor VPC traffic, and identify network threats.
Usage of additional metadata fields like vpc-id, subnet-id, Transmission Control Protocol (TCP) bitmask reduce the number of computations and look-ups required to extract meaningful information from the log data. For example, you can use TCP bitmask to identify the resource initiating at TCP connection. Similarly, you can use the packet source and destination IP fields to identify the source resource and the intended target of a connection passing through a network interface attached to NAT Gateway or an AWS Transit Gateway. To learn more about these new metadata fields refer our blog here.
You can deliver Amazon VPC flow logs to Amazon Simple Storage Service (S3) using the AWS Command Line Interface or Management Console. There is no extra cost to capture these additional metadata fields. For more information about VPC flow logs, please refer to the documentation here.
AWS customers in the AWS GovCloud (US) Regions can now send messages to an Amazon Simple Queue Service (Amazon SQS) queue from Amazon Virtual Private Cloud (Amazon VPC) using VPC endpoints, without using public IPs and without having to traverse the public internet.
VPC endpoints for Amazon SQS are powered by AWS PrivateLink, a highly available and scalable technology that lets you privately connect your VPC to supported AWS services. They provide reliable connectivity to Amazon SQS without requiring an internet gateway, Network Address Translation (NAT) instance, or VPN connection. With VPC endpoints, the data between your Amazon VPC and Amazon SQS queue is transmitted within the Amazon network. This helps avoid exposing your instances to internet traffic.
Amazon SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. Amazon SQS eliminates the complexity and overhead associated with managing and operating message-oriented middleware, and empowers developers to focus on differentiating work.
To learn more:
• See Amazon Virtual Private Cloud Endpoints for Amazon SQS in the Amazon SQS Developer Guide.
• See Tutorial: Sending a Message to an Amazon SQS Queue from Amazon Virtual Private Cloud in the Amazon SQS Developer Guide.
Amazon Virtual Private Cloud sharing (VPC sharing) is now available in the AWS GovCloud (US-East) Region. VPC sharing is also available in all commercial AWS Regions except in South America (São Paulo), Asia Pacific (Osaka-Local), and China regions.
With VPC sharing, you can allow other AWS accounts to create their application resources, such as EC2 instances, Relational Database Service (RDS) databases, Redshift clusters, and Lambda functions, into shared, centrally-managed Amazon Virtual Private Clouds (Amazon VPCs).
Customers create multiple AWS accounts to streamline billing and restrict access to various environments, such as development, staging, and production, across different business and application teams. With the increase in the number of accounts, you need to efficiently manage network and security policies across your application environments. Today, you can create separate Amazon VPCs for each account with the account owner being responsible for connectivity and security of each Amazon VPC. With VPC sharing, your IT team can own and manage your Amazon VPCs and your application developers no longer have to manage or configure Amazon VPCs, but they can access them as needed.
You can also share Amazon VPCs to leverage the implicit routing within a VPC for applications that require a high degree of interconnectivity and are within the same trust boundaries. This reduces the number of VPCs that need to be created and managed, while you still benefit from using separate accounts for billing and access control. Customers can further simplify network topologies by interconnecting shared Amazon VPCs using connectivity features, such as AWS PrivateLink, AWS Transit Gateway, and Amazon VPC peering.
There are no additional charges for using this feature. For more information about VPC sharing, please visit our documentation.