InfoQ Software Architects' Newsletter

A monthly overview of things you need to know as an architect or aspiring architect.

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Unlock the full InfoQ experience

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources.

Don't have an InfoQ account?

Stay updated on topics and peers that matter to youReceive instant alerts on the latest insights and trends.
Quickly access free resources for continuous learningMinibooks, videos with transcripts, and training materials.
Save articles and read at anytimeBookmark articles to read whenever youre ready.

Logo - Back to homepage

News Articles Presentations Podcasts Guides

Topics

Development

Featured in Development

Go Channels: Understanding Happens-Before for Safe Concurrency

This article dives into the happens-before semantics of Go channels, explaining how they relate to memory visibility, synchronization, and concurrency correctness. We'll examine subtle pitfalls, illustrate them with examples, and explore the architectural implications for system designers.

Go Channels: Understanding Happens-Before for Safe Concurrency

All in development

Architecture & Design

Featured in Architecture & Design

Building Resilient Platforms: Insights from Over Twenty Years in Mission-Critical Infrastructure

Building resilient platforms requires understanding the art and science of creating infrastructure that others depend on for critical applications. This perspective applies to anyone who builds software consumed by others at scale. Whether developing infrastructure platforms, software development platforms, or messaging systems, principles address how to build software that others consume at scale

Building Resilient Platforms: Insights from Over Twenty Years in Mission-Critical Infrastructure

All in architecture-design

AI Infrastructure

Featured in AI, ML & Data Engineering

Growing and Cultivating Strong Machine Learning Engineers

Vivek Gupta shares best practices for managing and mentoring ML engineers, from early-career development to senior leadership growth. He breaks down the crucial, distinct skills for Production Machine Learning, including data/model management, building training pipelines, LLM prompt evaluation, privacy/security, and integrating human-in-the-loop processes for reliable, scalable AI systems.

Growing and Cultivating Strong Machine Learning Engineers

All in ai-ml-data-eng

Culture & Methods

Featured in Culture & Methods

Shine Bright as an IC: Growing Yourself as Your Company Grows

Suhail Patel discusses how senior engineers and tech leaders must go beyond technical mastery to achieve staff-plus growth. He explains how to leverage one-to-ones, intentional interviewing (as learning opportunities), and visible writing to build influence and your network. Get practical advice on making ambitious bets and fixing organizational cracks to grow your team and company.

Shine Bright as an IC: Growing Yourself as Your Company Grows

All in culture-methods

DevOps

Featured in DevOps

You Are Asking the Wrong Questions (about Reliability and SRE)

David Blank-Edelman (Microsoft SRE Academy) explains seven essential questions to elevate your reliability practice. He challenges engineering leaders to redefine reliability metrics beyond availability, replace "root cause" with contributing factors, critique the five whys, re-evaluate the true goals of toil automation, and understand SRE's role (firefighting vs. partnership).

You Are Asking the Wrong Questions (about Reliability and SRE)

All in devops

Events

Helpful links

Choose your language

QCon San Francisco 2025

Get production-proven patterns from the leaders who scaled a GenAI search platform to millions, migrated a core ML system without downtime, and architected a global streaming service from the ground up.

Early Bird ends Nov 11.

QCon AI New York 2025

Move beyond AI demos to real engineering impact. Discover how teams embed LLMs, govern models, and scale inference pipelines to accelerate development securely.

Early Bird ends Nov 11.

QCon London 2026

Benchmark your systems against leading engineering teams. See what really works in FinOps, modern Java, and distributed data architectures to balance cost, scale, and reliability.

Early Bird ends Nov 11.

InfoQ Homepage News AWS Shield Network Security Director: Network Topology Visibility and Remediation Guidance

Cloud

AWS Shield Network Security Director: Network Topology Visibility and Remediation Guidance

This item in japanese

Jun 22, 2025 2 min read

Steef-Jan Wiggers

Write for InfoQ

Feed your curiosity. Help 550k+ global
senior developers
each month stay ahead.Get in touch

Listen to this article - 0:00

Audio ready to play

0:00

Reading list

AWS Shield, known for its distributed denial of service (DDoS) protection, has introduced a new capability in preview: AWS Shield Network Security Director, a feature that expands Shield's role beyond DDoS mitigation to provide comprehensive visibility into network configurations, identify security issues, and offer actionable remediation recommendations for AWS resources.

According to the company, organizations frequently struggle to discover all their AWS resources, understand complex interconnections, and assess their security posture against best practices. Hence, the network security director feature aims to simplify these challenges by providing:

Network Topology Visibility: It automatically discovers AWS resources within an account, mapping their connections to each other and the internet. It identifies configured network security services, such as AWS WAF, Amazon Virtual Private Cloud (Amazon VPC) security groups, and Amazon VPC network access control lists (ACLs), evaluating their configurations against AWS best practices and threat intelligence. William Cooper commented in a LinkedIn post: "The more real time and visual the AWS dashboard always the better."
Prioritized Security Findings: The service quickly highlights missing or misconfigured firewalls and other security gaps, presenting network security findings on resources, prioritized by severity (critical, high, medium, low, informational). This helps security teams focus on the most pressing issues.
Actionable Remediation Recommendations: For each identified finding, the network security director provides specific, step-by-step instructions to correctly implement or update the configurations of AWS security services, facilitating immediate corrective action.

A screenshot of a computerAI-generated content may be incorrect.

(Source: AWS News blog post)

A notable integration is with Amazon Q Developer in the AWS Management Console and chat applications. This allows security teams to query their network security configurations using natural language (e.g., "Are any of my Internet-facing resources vulnerable to DDoS?"). Amazon Q Developer then provides relevant findings and recommended remediation steps, streamlining the investigative and response processes.

A screenshot of a computerAI-generated content may be incorrect.

(Source: AWS News blog post)

The announcement of Network Security Director, made ahead of AWS re:Inforce 2025, has been met with positive early feedback. As Will Townsend, a Telco & security principal analyst noted on X "like its observability capability that proactively identifies missing or misconfigured security services within AWS environments and makes remediation recommendations," adding that it's a "smart move to expand the company's Shield capabilities beyond DDoS protection to simplify SecOps."

While other major cloud providers like Microsoft Azure and Google Cloud Platform also offer robust DDoS protection and network security posture management, AWS Shield Network Security Director brings a consolidated approach to network security visibility and remediation, which in Azure and GCP, are typically distributed across a combination of broader security posture management tools (such as Microsoft Defender for Cloud and Google Cloud's Security Command Center) and dedicated network monitoring or diagnostic services (like Azure Network Watcher and GCP's Network Topology/Analyzer).

The network security director's capabilities are currently available in preview in the US East (N. Virginia) and Europe (Stockholm) regions, with Amazon Q Developer integration available in preview in the US East (N. Virginia) region. With this new feature, the company offers organizations enhanced tools to identify, prioritize, and address network and application security configuration issues proactively, thereby bolstering their defenses against evolving threats such as SQL injection and DDoS attacks.

About the Author

Steef-Jan Wiggers

Show moreShow less

This content is in the Cloud topic

The InfoQ Newsletter

A round-up of last week’s content on InfoQ sent out every Tuesday. Join a community of over 250,000 senior developers. View an example

We protect your privacy.

InfoQ Software Architects' Newsletter

AWS Shield Network Security Director: Network Topology Visibility and Remediation Guidance

Write for InfoQ

About the Author

Steef-Jan Wiggers

Rate this Article

This content is in the Cloud topic

Related Topics:

Related Editorial

Related Sponsors

Popular across InfoQ

Related Content

The InfoQ Newsletter