AWS re:Inforce 2024
Aws Reinforce Aws Cloud Wan Service Insertion Simplifying Network Inspection Nis203 New

Title: AWS re:Inforce - AWS Cloud WAN service insertion: Simplifying network inspection (NIS203-NEW)

Insights:

  • Introduction of Cloud WAN Service Insertion: AWS launched the Cloud WAN service insertion feature, which simplifies network inspection by automating routing and integrating security appliances into traffic paths.
  • Cloud WAN Overview: Cloud WAN is a managed WAN service that allows customers to build global networks quickly, leveraging the AWS backbone for interconnecting VPCs, data centers, and remote sites.
  • Key Components of Cloud WAN:
    • Core Network: Managed by AWS, includes core network edges for regional connectivity.
    • Segmentation: Allows for isolated, independent routing domains.
    • Monitoring and Visibility: Provides dashboards, events, and alerts for network management.
  • Service Insertion Feature:
    • Network Function Group (NFG): A new component that manages routing for inspection VPCs and integrates security appliances.
    • Simplified Routing: Automates the insertion of AWS Network Firewall or third-party appliances into traffic paths.
    • Policy-Based Management: Users specify their inspection intent in a policy, and AWS handles the routing.
  • Inspection Architectures:
    • Centralized Egress/Ingress Inspection: Integrates inspection for all environments in Cloud WAN segments.
    • Cross-Segment Inspection: Allows for inspection between different segments, maintaining traffic symmetry.
  • Migration Patterns:
    • From Existing Cloud WAN Environments: Step-by-step approach to migrate existing inspection setups to the new service insertion feature.
    • From Transit Gateway Environments: Detailed steps to transition from Transit Gateway-based inspection to Cloud WAN service insertion.
  • Flexibility and Customization: Users can define region priorities and override default settings to suit their specific needs.
  • Partner Ecosystem: AWS collaborates with third-party security appliance providers to enhance the Cloud WAN service insertion feature.

Quotes:

  • "Cloud WAN is a managed WAN service that we offer that lets you build global networks in a matter of minutes."
  • "Segmentation is a first-class feature within Cloud WAN."
  • "We have removed all of that complexity away from you. And we are going back to our first principles where you specify your intent in your policy."
  • "It's single click insertion of AWS network firewall or any third party inspection appliances within your traffic paths."
  • "The default action here is single hop. This means that for any region pair, the second dimension into inspection, not just between segment prod and segment dev, but also when that traffic crosses regions, we've added the capability for you to specify if you want to inspect that traffic only in one of the regions, or if you want to inspect it in both."
  • "You can use APIs in order to see how we are doing the next stop redirects, what are those routes pointing to, where are the inspection VPCs, and so on and so forth."
  • "Traffic within a segment, unless that segment is isolated, should not actually be inspected. It is a routed segment, and everyone should have reachability with everyone else."
  • "We have a really rich partner ecosystem."
Aws Heroes Launch Insights Com220Aws Security Partners Maximize Visibility Accelerate Growth Ptn121