AWS network-manager documentation change
Summary
Clarified traffic flow for send via action, explicitly stating traffic undergoes security processing in Inspection VPC before re-entering Cloud WAN core network
Security assessment
The change emphasizes security processing in the traffic flow description but does not address a specific vulnerability. It enhances documentation about existing security features (traffic inspection)
Diff
diff --git a/network-manager/latest/cloudwan/cloudwan-policy-service-insertion.md b/network-manager/latest/cloudwan/cloudwan-policy-service-insertion.md index d1dbfafcc..ea805c170 100644 --- a//network-manager/latest/cloudwan/cloudwan-policy-service-insertion.md +++ b//network-manager/latest/cloudwan/cloudwan-policy-service-insertion.md @@ -35 +35 @@ You can only have one attachment per network function group per Region. -For the service insertion action, you can create a send via action which sends traffic east-west between all VPCs. Or you can create a send to action, which first sends traffic to a security appliance and then out from the appliance. For example, you might create segment action using send via. With this action, traffic is first routed to the Inspection VPC and then to the final destination, which could be another VPC, the Internet, or an on-premises location. See Traffic actions and modes below for more information about traffic actions and modes. +For the service insertion action, you can create a send via action which sends traffic east-west between all VPCs. Or you can create a send to action, which first sends traffic to a security appliance and then out from the appliance. For example, you might create segment action using send via. With send via (east-west traffic), traffic is routed to the Inspection VPC for security processing and then re-enters the Cloud WAN core network to reach its final VPC destination. See Traffic actions and modes below for more information about traffic actions and modes.