AWS Cloud WAN introduces Service Insertion to simplify security inspection at global scale

Posted on: Jun 11, 2024

Today AWS announces Service Insertion, a new feature of AWS Cloud WAN that simplifies the integration of security and inspection services into the Cloud WAN based global networks. Using this feature, you can easily steer your global network traffic between Amazon VPCs (Virtual Private Cloud), AWS Regions, on-premises locations, and Internet via security appliances or inspection services using central Cloud WAN policy or the AWS management console.

Customers deploy inspection services or security appliances such as firewalls, intrusion detection/protection systems (IDS/IPS) and secure web gateways to inspect and protect their global Cloud WAN traffic. With Service Insertion, customers can easily steer multi-region or multi-segment network traffic to security appliances or services without having to create and manage complex routing configurations or third-party automation tools. Using service insertion, you define your inspection and routing intent in a central policy document and your configuration is consistently deployed across your Cloud WAN network. Service insertion works with both AWS Network Firewall and third-party security solutions, and makes it easy to perform east-west (VPC-to-VPC) and north-south (Internet Ingress/Egress) security inspection across multiple AWS Regions and on-premises locations across the globe.

You can enable Service Insertion on Cloud WAN using the AWS Management Console, Amazon Command Line Interface, and the Amazon Software Development Kit. Service insertion is available in all AWS Regions where Cloud WAN is available. There are no additional charges to enable Service Insertion other than regular Cloud WAN charges.

For additional information, visit the AWS Cloud WAN product page, documentation, and blog post.