Core network policies - AWS Network Manager

Core network policies

You can update, delete, or restore an out-of-date AWS Cloud WAN policy. You can also download a policy as a JSON file, and then edit the JSON file to create a new policy version. For examples of JSON policies, see Core network policy examples.

When you make an update to a policy version, it creates a new change set for that new policy version. When a change set has been created, you can then implement it as your new core network policy.

Update a policy version

Before deploying a new policy version, review the proposed change set.

To access a core network policy change set
  1. Access the Network Manager console at https://console.aws.amazon.com/networkmanager/home/.

  2. Under Connectivity, choose Global Networks.

  3. On the Global networks page, choose the global network ID.

  4. In the navigation pane, choose Core network, and then choose Policy versions.

  5. Under Policy version ID, choose the policy version that you want to edit, and then choose Edit.

  6. Change any information on the Network configuration, Segments, Segment actions, or Attachment policies tabs. For more information about creating policy versions, see Create a core network policy version.

  7. Choose Create policy. This creates a new version of the policy. The policy version is incremented by one from the last version.

    The Change set state of the new version is set to Pending generation on the Policy versions page, and the alias is set to LATEST, indicating that this is the most recent version of the policy. When a policy version has been generated, the Change set state changes to Ready to execute. You can then implement the new policy version as your LIVE policy. See Deploy a policy version.

View a policy change set

View proposed changes to a policy before deploying those changes to become the new live policy.

A policy version is never implemented automatically. After creating a version of a policy, you can implement the policy version as your new LIVE policy.

To view a core policy version change set
  1. Access the Network Manager console at https://console.aws.amazon.com/networkmanager/home/.

  2. Under Connectivity, choose Global Networks.

  3. On the Global networks page, choose the global network ID.

  4. In the navigation pane, choose Core network, and then choose Policy versions.

  5. In the Policy versions section, choose the check box that you want to see policy changes for.

  6. Choose View or apply change set. This creates a new version of the policy. The policy version is incremented by one from the last policy version.

  7. The Change set page displays the Type of change being affected, for example, a core network segment, and the Action that's associated with that type, for example, adding a new segment.

  8. In New Values and Previous values, choose Details to view the change in a JSON format.

  9. In the Compare column, choose Compare to view a line-by-line comparison of the current live policy with the proposed policy change.

Compare policy change set versions

Compare two policy versions against each other using the console. The comparison returns line-by-line changes between the two policies in JSON format with changes highlighted.

To compare policy versions
  1. Access the Network Manager console at https://console.aws.amazon.com/networkmanager/home/.

  2. Under Connectivity, choose Global Networks.

  3. On the Global networks page, choose the global network ID.

  4. In the navigation pane, choose Core network, and then choose Policy versions.

  5. Under Policy version ID, choose the policy version that you want to compare against another policy.

  6. Choose View or apply change set.

  7. On the Change set page, choose Compare with LIVE.

  8. From the Source and Target dropdown lists, choose the policy versions that you want to compare.

  9. (Optional) From the Policy section dropdown list, choose a specific policy section to compare. Options are:

    • All — Compares all policy changes between the two policies. This is the default view.

    • Network configuration — Compares Border Gateway Protocol (BGP), Autonomous System Number (ASN), and core network edge locations.

    • Segments — Compares segment additions, deletions, or modifications.

    • Segment actions — Compares segment sharing and filtering.

    • Attachment policies — Compare how attachments map to segments.

  10. Choose Compare.

    The Results of comparison section displays the changes between the two policies. In the following example, the Segments of a current LIVE Source policy are compared against the segment changes to an undeployed Target policy. The comparison shows that a new segment, sandbox, will be added when deploying the Target policy version.

    A comparison of the Segments section between a LIVE policy and a policy version.
  11. By default, the changes for each policy display in separate policy windows. To see the results of the comparison line-by-line in a single window, turn the Split toggle off.

Deploy a policy version

A policy version is never deployed automatically. After creating a version of a policy, you can deploy the policy version as your new LIVE policy.

To implement a core policy version
  1. Access the Network Manager console at https://console.aws.amazon.com/networkmanager/home/.

  2. Under Connectivity, choose Global Networks.

  3. On the Global networks page, choose the global network ID.

  4. In the navigation pane, choose Core network, and then choose Policy versions.

  5. On the Policy versions page, choose the policy that you want to deploy.

  6. Choose View or apply change set.

  7. (Optional) Do either of the following:

    • To review the proposed changes to the policy, choose Details in the New values column.

    • To review the values of the original policy, choose Details in the Previous values column.

  8. Choose Apply change set to deploy the policy to become the new LIVE policy.

  9. On the Policy versions page, the status of the policy deployment is Executing policy.

  10. To view the deployment details and progress, choose the policy link. The Policy version - X page appears.

    • The Policy details page displays information about the policy that you're deploying.

    • The JSON page displays policy information as a JSON file.

    • The Execution progress page displays the status of the policy deployment. You can view all events related to the deployment or you can view specific events. For example, you might want to view the deployment status of core network edges.

  11. When finished, the Alias changes to LIVE/LATEST and the Change set state changes to Execution succeeded. The Change set state of any previous policies that were in a Ready to execute change set state change to Out of date. This indicates that those policies are now considered older than the current LIVE policy.

Restore an out-of-date policy version

An out-of-date policy can be restored as a new version of a policy.

To restore an out-of-date policy version
  1. Access the Network Manager console at https://console.aws.amazon.com/networkmanager/home/.

  2. Under Connectivity, choose Global Networks.

  3. On the Global networks page, choose the global network ID.

  4. In the navigation pane, choose Core network, and then choose Policy versions.

  5. Under Policy version ID, choose the out-of-date policy version that you want to restore, and then choose Restore.

    The Policy version ID is incremented by one from the last version listed on the Policy versions page, and the Change set state displays as Pending generation.

    When generated, the Change set state changes to Ready to execute, and the Alias changes to LATEST. If any previous policies were in the Ready to execute change set state, those change to Out of date. This indicates that those policies are now considered older than the LATEST.

Delete a policy version

Any policy except your current LIVE policy can be deleted.

To delete a core policy version
  1. Access the Network Manager console at https://console.aws.amazon.com/networkmanager/home/.

  2. Under Connectivity, choose Global Networks.

  3. On the Global networks page, choose the global network ID.

  4. In the navigation pane, choose Core network, and then choose Policy versions.

  5. Under Policy version ID, choose the policy version that you want to delete, and then choose Delete.

  6. Confirm that you want to delete the policy version, and then choose Delete again.

    Deleted policy versions are removed from the Policy versions page.

Download a policy

Download any policy version or your current LIVE policy as a JSON file.

To download a core policy
  1. Access the Network Manager console at https://console.aws.amazon.com/networkmanager/home/.

  2. Under Connectivity, choose Global Networks.

  3. On the Global networks page, choose the global network ID.

  4. In the navigation pane, choose Core network, and then choose Policy versions.

  5. Under Policy version ID, choose the policy version that you want to download, and then choose Download.

    The policy downloads to your system as a JSON file. You can make changes to this JSON file as needed. You can create a new policy version using the contents of this file by pasting them into the Cloud WAN JSON editor. For the steps to create a policy using the JSON editor, see Create a policy version using the JSON editor.