Category: Security, Identity, & Compliance

If you manage DNS across multiple AWS accounts with Amazon Route 53 Profiles, achieving least-privilege access for each team can be challenging. Without fine-grained permissions, one team might inadvertently modify another team’s resources leading to governance gaps, security risks, and slower adoption of centralized DNS management. The new fine-grained AWS Identity and Access Management (AWS […]

Running an internet-facing application means estimating and managing costs across many services and features: content delivery, web application firewall (WAF), DNS, logging, and DDoS protection. Each has its own pricing model, its own metering, its own line item on the bill. Traffic from successful launches, organic growth, and AI bots can spike without warning, increasing […]

In Part 1 of this series, we demonstrated a scalable solution of using Amazon Web Services Identity and Access Management (AWS IAM) conditional keys and AWS principal tags for fine-grained access control of shared Amazon Route 53 hosted zones, public or private, in the same AWS account. As user environments grow, AWS administrators and network […]

Managing security configurations across hundreds or thousands of Amazon Web Services (AWS) accounts present significant challenges for enterprise organizations. Without centralized control, you face manual configuration across accounts, inconsistent security posture, and ongoing maintenance overhead when new accounts are created. When Amazon Virtual Private Cloud (Amazon VPC) introduced VPC Block Public Access (BPA) in November […]

In November 2025, we launched flat-rate pricing plans for Amazon CloudFront. Since launch, customers have shared feedback and we’ve been adding new capabilities. This post covers what’s new: support for Lambda@Edge, CAPTCHA, mutual TLS (mTLS), and an AI activity dashboard for visibility into AI bot and agent traffic. We’ve also clarified how plans handle traffic […]

Betsson Services Limited (or Betsson Group) is a leading global sports betting and gaming operator, delivering entertainment to millions of players through more than 20 award-winning brands, including its flagship brand, Betsson. With a proprietary technology stack and a diverse product offering, Betsson serves customers both directly (B2C) and indirectly (B2B). At Betsson, our vision […]

In November 2025, Amazon CloudFront introduced cross-account support for Virtual Private Cloud (VPC) origins, which allows you to keep Amazon VPC origins and CloudFront distributions in separate Amazon Web Services (AWS) accounts. In turn, organizations with multi-account strategies can use VPC origins while maintaining their desired account structure. This enables a new architectural pattern for […]

Managing DNS query logging across multiple Amazon Virtual Private Clouds (VPCs) has long been a significant challenge for enterprise teams. The traditional approach required manual configuration of DNS query logging for each VPC individually, creating a cascade of operational problems. This fragmented process led to inconsistent implementation across different environments, compliance gaps due to missed […]

Geo-restriction is a critical security control for blocking traffic from high-risk regions. Learn how to implement geographic filtering using Amazon CloudFront, Route 53, AWS WAF, and AWS Network Firewall—and discover when to use each service for your specific architecture needs.

In this post, we demonstrate how to distribute Amazon VPC IP Address Manager (IPAM) costs from the IPAM owner account to the member accounts in AWS Organizations and implement chargeback. We walk through analyzing IPAM usage in AWS Cost Explorer from both member and management accounts. Furthermore, we cover key considerations and best practices for communication and […]