AWS Network Security Archives - AWS Security Architect

Archives for AWS Network Security

DNS Isolation on AWS

anuj varma November 25, 2025 DNS Isolation on AWS2025-11-25T20:15:21+00:00 AWS Network Security No Comment

dns isolation aws DNS Isolation on AWS DNS isolation on AWS refers to designing your Amazon Web Services environment so that certain workloads or networks can only resolve DNS names…

AWS Security Hub versus Wiz on AWS

anuj varma November 7, 2025 AWS Security Hub versus Wiz on AWS2025-11-07T15:46:57+00:00 AWS Network Security No Comment

Capabilities AWS Security Hub CSPM Provides That Wiz Cannot 1. ➡️ Only AWS Security Hub can directly inherit & enforce Org-level guardrails. Deep Native Integration With AWS Control APIs (Preventive…

Replace DMZ with Shared VPC in AWS

anuj varma November 3, 2025 Replace DMZ with Shared VPC in AWS2025-11-05T17:38:11+00:00 AWS Network Security No Comment

AWS Firewall Manager Shared VPC Host (Public & Private Subnets) + TGW + Security VPC (GWLB); Participant Accounts place ENIs in Shared Subnets Overview This architecture uses a Shared VPC…

DMZs versus Shared VPCs

anuj varma November 3, 2025 DMZs versus Shared VPCs2025-11-03T22:56:25+00:00 AWS Network Security No Comment

AWS Shared VPC Architecture – Segmentation by Ingress Type In an AWS Shared VPC architecture, the host account owns and manages the VPC, subnets, and routing. It shares specific…

Firewall Manager and Shared VPCs in AWS

anuj varma October 30, 2025 Firewall Manager and Shared VPCs in AWS2025-10-30T03:46:50+00:00 AWS Firewall manager No Comment

Shared VPC Use Cases & Shared VPC vs Transit Gateway This document provides additional Shared VPC use cases for AWS Network Firewall and explains how Shared VPCs differ technically…

AWS Shared VPC vs. Transit Gateways

anuj varma October 24, 2025 AWS Shared VPC vs. Transit Gateways2025-10-24T14:43:16+00:00 AWS Network Security No Comment

AWS Shared VPCs as an Alternative to Transit Gateways How Security Groups behave for resources in shared subnets (Account-level roles, cross-account references, and enforcement path). TL;DR: In a Shared…

API Gateway versus Transit Gateway

anuj varma October 2, 2025 API Gateway versus Transit Gateway2025-10-02T16:36:55+00:00 AWS Network Security No Comment

Transit Gateway vs API Gateway — and a Reference Architecture with NGINX Key Differences Aspect AWS Transit Gateway (TGW) API Gateway Primary purpose Network-level hub to connect VPCs,…

Using Cloudflare and Palo Alto Together on AWS: Pros and Cons

anuj varma June 6, 2025 Using Cloudflare and Palo Alto Together on AWS: Pros and Cons2025-06-06T19:30:08+00:00 AWS Network Security No Comment

Using Cloudflare and Palo Alto Together on AWS ✅ Potential Benefits (Why People Do This) Cloudflare: DDoS protection, WAF, CDN, TLS offload, bot protection — global edge network. Palo Alto…

AWS DMZ Public and Private Subnets, Traffic to Internal VPC

anuj varma May 30, 2025 AWS DMZ Public and Private Subnets, Traffic to Internal VPC2025-10-30T03:34:48+00:00 AWS Network Security No Comment

Cloud DMZ Architecture Overview Yes, a DMZ (Demilitarized Zone) in the cloud can include both a public subnet and a private subnet. This configuration helps to separate internet-facing resources from…

Packet Capture and AWS VPC Flow Logs

anuj varma June 29, 2024 Packet Capture and AWS VPC Flow Logs2024-06-29T04:54:20+00:00 AWS Network Security No Comment

Also read PCAP (Packet Capture) overview AWS VPC Flow Logs do not use PCAP (Packet Capture) format. Instead, VPC Flow Logs capture metadata about the traffic flowing to and from…