With AWS re:Invent 2020 just around the corner and Thanksgiving upon us, it’s easy to assume that the AWS announcements would slow down, but as usual AWS continues to rapidly expand and enhance their services. We’re excited to see what they have in store in the next couple of weeks! This month we’ve seen the announcement of the new AWS Network Firewall, AWS Gateway Load Balancer, multi-region replication for Managed Microsoft Active Directory, and planning for two new regions. As usual, what follows is not an exhaustive list of all the AWS announcements made this month, but is instead a curated selection created to assist enterprise thought leaders who are looking to leverage the cloud and drive efficiency within their organizations.
AWS Network Firewall
The security of their environments is a primary concern for organizations, and while AWS has always allowed control over specific services using tools like Security Groups and the Web Application Firewall, it’s been challenging for organizations to broadly apply deep network protections to their environments. With the new AWS Network Firewall, it is now possible to increase the protection capabilities at the VPC level, applying URL filtering on outbound requests, blocking known bad IP addresses, and using signature-based detection to identify hostile activity. The Network Firewall integrates with many 3rd party security tools and devices to enhance the security of the organization. It exposes its performance and actions through Amazon CloudWatch metrics and logging to Amazon S3 or Amazon Kinesis Firehose for inspection of its performance and impact.
Both stateful and stateless rules can be customized to your needs, and community-maintained open-source rules can even be imported from Suricata, allowing organizations to benefit from the experiences and knowledge of many people around the world.
Using the AWS Network Firewall, organizations can take advantage of the scalability and high availability from an AWS Managed Service to improve the protection of their systems and data. By taking advantage of its integration with the AWS Firewall Manager, they can apply policies across multiple accounts.
To learn more about AWS Network Firewall, check out the product page.
AWS Gateway Load Balancer
Continuing with the focus on security, this month AWS released the AWS Gateway Load Balancer as a means of making it easier to deploy 3rd party appliances like intrusion detection/protection systems or firewalls in a scalable and highly available manner. The AWS Gateway Load Balancer allows organizations to route all ingress and egress traffic for a VPC to virtual appliances that the organization wishes to use. These could contain custom logic or be commercial firewall and network inspection appliances found through the AWS Marketplace.
The AWS Gateway Load Balancer is both a transparent network gateway as well as a load balancer that automatically scales the virtual appliances it distributes traffic to. By relying on the AWS Gateway Load Balancer, organizations can now easily dynamically scale their virtual appliances based on load and health, ensuring that their customers see maximum performance, while making sure that the organization is reducing costs by paying only for the scale necessary at any given time.
More information on the AWS Gateway Load Balancer can be found here.
Multi-Region Replication for Managed Microsoft Active Directory
Microsoft Active Directory is a key component of many enterprise organizations, and AWS has long made running this service easier by providing AWS Directory Service for Microsoft Active Directory, providing their standard high availability and scalability. Despite this, running a globally distributed organization presented a challenge, as independent AD directories would have to be deployed to each region, and a custom built synchronization method would need to be used to keep them aligned.
AWS has now added Multi-Region Replication as a feature for Managed Microsoft AD, taking away all of the overhead and complexity previously needed. Using this feature, domain controllers are automatically deployed, network connectivity is automatically configured, and AD data is replicated across the chosen regions, providing applications with low latency in-region AD services. Replication includes customer directory data, including users, groups, policy objects, and schema. Additionally, AWS CloudWatch and notifications via Amazon SNS allow organizations to closely monitor the health and security of their global AD deployments.
Read the AWS blog for more details on the ins and outs of this feature release.
Planning for Two New Regions
While 2022 may seem far away to some of us, for enterprises planning their global growth, it is just around the corner and an immediate consideration. To this end, AWS has announced that it is working on two new regions, both due to be ready for use in 2020: Hyderabad, and Zurich. Hyderabad will be India’s second region and expands the number of Asian regions to eleven; Zurich will give Europe its eighth region. Both regions allow organizations to launch services closer to customer and staff bases, powering even better performance experiences.
With this and other recent announcements, AWS will have 28 regions around the globe, showing their commitment to building a robust and diverse cloud platform that gives its customers the freedom to operate where the needs of their business dictates.
See the Zurich, Switzerland and Hyderabad, India announcements for more details.
To follow these monthly updates and gain insights on how they can impact your business, subscribe to our blog!