AWS Cloud WAN features

Why AWS Cloud WAN?

AWS Cloud WAN makes it easy to build and operate wide area networks that connect your data centers and branch offices, as well as your Amazon Virtual Private Clouds (VPCs). With Cloud WAN, you connect to AWS through your choice of local network providers, then use a central dashboard and network policies to create a unified network that connects your locations and network types. This eliminates the need to configure and manage different networks individually, even when they are running different technologies. Cloud WAN generates a complete view of your on-premises and AWS networks to help you visualize the health, security, and performance of your entire network.

Features

Cloud WAN provides a central dashboard to connect and manage your branch offices, data centers, VPN connections, and Software-Defined WAN (SD-WAN), as well as your Amazon VPCs and AWS Transit Gateways. The Cloud WAN dashboard helps you track network traffic and events and view the health of your network in one place. This reduces the operational complexity of managing a large global network and simplifies day-to-day operations.

When using Cloud WAN, you define access controls and traffic routing in a central network policy document. When you update a policy, Cloud WAN uses a two-step process to ensure accidental errors do not affect your global network. First you review and validate your changes will work as expected in production. Once the changes are approved, Cloud WAN handles the configuration details for the entire network. You can change your policy document using the AWS Management Console or Cloud WAN APIs.

You can use policies in Cloud WAN to easily segment your network traffic regardless of how many AWS Regions or on-premises locations you add to your network. For example, you can easily isolate network traffic from a retail payment processing from other traffic on your corporate network while still giving both segments access to shared corporate resources. This makes it easier to ensure consistent security policies when connecting large numbers of locations and VPCs, especially when your policies need to apply to large groups with unique security and routing requirements. Cloud WAN maintains a consistent configuration across AWS Regions on your behalf.

Cloud WAN can automatically attach new VPCs and network connections to your network so you do not need to approve each change manually, reducing the operational overhead involved in managing a growing network. You do this by tagging attachments and defining network policies that automatically map attachments with a certain tag to a specific network segment. With this tagging structure in place, you can choose which attachments can join a segment automatically, which segments require manual approval, and if attachments on the same segment can talk to each other—all based on the tags that you choose.

Cloud WAN's service insertion feature streamlines the integration of network services like firewalls, intrusion detection/prevention systems, and other appliances into your global network. You define your security and routing policies in the central policy document, which are then deployed consistently across your Cloud WAN network. This allows you to inspect traffic between Amazon VPCs, AWS Regions, on-premises locations, and the internet efficiently and uniformly, making it easy to add inspection services to your Cloud WAN environment.