ネットワーキング

AWS Network Manager

A service for centralized visualization and management of global networks

About 4 min read

Overview

AWS Network Manager is a service that provides centralized visualization and management of your entire global network, including AWS network resources and on-premises locations. It aggregates network resources such as Transit Gateway, Site-to-Site VPN, Direct Connect, and Cloud WAN into a single dashboard, offering topology maps, route analysis, and network event monitoring. It dramatically simplifies network operations in multi-region, multi-account environments.

Global Networks and Core Networks

The central concept in Network Manager is the global network. A global network is a container that logically groups all network resources across an organization, and multiple global networks can be created in a single AWS account. When you register a Transit Gateway with a global network, its associated VPCs, VPN connections, and Direct Connect gateways are automatically included as managed resources. On-premises locations are registered as sites with physical location information (address, latitude/longitude), which displays them on a geographic topology map. Each site can be associated with devices (routers, firewalls, etc.) and links (circuit information) to document the site's network configuration. When using Cloud WAN, a core network is created within the global network, where you define traffic isolation by segment and inter-region connectivity policies. The core network policy document is written in JSON format and supports version control.

Topology Visualization and Route Analysis

The Network Manager console displays the connectivity relationships of registered resources as an interactive topology map. The connection status of regions, Transit Gateways, VPCs, VPNs, and Direct Connect is reflected in real time, allowing you to immediately identify which paths are affected during an outage. The route analysis feature analyzes the routing path between a specified source and destination, displaying each hop along the path and the route table entries. When a route does not exist or a blackhole route is detected, it pinpoints the cause. Integration with CloudWatch metrics enables monitoring of Transit Gateway byte counts, packet counts, and drop counts, with alarms to detect traffic anomalies. Network events (VPN tunnel down, BGP peering state changes, etc.) are published to EventBridge, enabling automated notification and recovery workflows through Lambda and SNS integration.

Cloud WAN Integration and Policy Management

Cloud WAN is a global wide-area network service built on top of Network Manager, operated directly from the Network Manager console. Core network policies define segments (production, development, shared services, etc.) and declaratively manage inter-segment communication allow/deny rules as policies. Attachments connect VPCs, VPNs, Direct Connect, and Transit Gateway peerings, with each attachment assigned to a segment. Policy changes are saved as versions, and a dry run can verify the impact before applying changes. Integration with Organizations enables an auto-accept feature that automatically connects member account VPCs to the core network. Pricing is usage-based, calculated from the number of core network edge locations, attachments, and data processing volume. While costs are higher compared to a standalone Transit Gateway configuration, for networks spanning dozens of regions and hundreds of VPCs, the operational cost savings from policy-based centralized management outweigh the additional expense.

共有するXB!

Related Terms

AWS Transit GatewayAWS Direct ConnectAmazon VPCAmazon Route 53Amazon CloudWatch

Related Services

AWS Transit GatewayAWS Direct ConnectAmazon VPCAmazon CloudWatch

Related Articles

Building Dedicated Connections with AWS Direct Connect - Redundancy Design and Traffic ControlDesign redundant dedicated connections and connect to VPCs across multiple regions with Direct Connect Gateway. This article also covers bandwidth aggregation with LAG and MACsec encryption.Building a Hub-and-Spoke Network with AWS Transit Gateway - Multi-VPC Connectivity DesignConsolidate multiple VPCs and on-premises networks in a hub-and-spoke topology, establish security boundaries with route table isolation, and enable multi-region connectivity through peering.AWS Global Network Backbone - How Private Submarine Cables and 600+ PoPs Deliver Superior ConnectivityExplore the advantages of AWS's global network built on private submarine cables, dedicated fiber, and 600+ edge locations, compared with GCP's Premium Tier and Azure's network design.The Depth of AWS Networking Services - Enterprise Network Design with VPC, Transit Gateway, and PrivateLinkThis article examines AWS networking services centered on VPC, Transit Gateway, PrivateLink, Direct Connect, and Network Firewall, comparing them with Azure VNet/ExpressRoute and GCP VPC/Cloud Interconnect to explain the flexibility advantages in enterprise network design.Dedicated Connection Design - Achieving Stable Private Network Connectivity with Direct ConnectLearn about dedicated connection design with AWS Direct Connect, including choosing between dedicated and hosted connections, redundancy configurations, and achieving stable private network connectivity through VPC integration.

Similar Terms and Articles

Visualizing Your Global Network with AWS Network Manager - Centralized Topology and Health ManagementLearn how to visualize the topology of your global network including Transit Gateways and VPNs, and verify connectivity with route analysis.AWS Network ManagerA service for centrally managing global networks and visualizing Transit Gateway and SD-WAN connectivityBuilding a Hub-and-Spoke Network with AWS Transit Gateway - Multi-VPC Connectivity DesignConsolidate multiple VPCs and on-premises networks in a hub-and-spoke topology, establish security boundaries with route table isolation, and enable multi-region connectivity through peering.AWS Transit GatewayA network hub that connects multiple VPCs and on-premises networks in a hub-and-spoke topology