AWS Cloud WAN now supports native integration with AWS Direct Connect, simplifying connectivity between your on-premises networks and the AWS cloud. The new capability enables you to directly attach your Direct Connect gateways to Cloud WAN without the need for an intermediate AWS Transit Gateway, allowing seamless connectivity between your data centers or offices with AWS Virtual Private Clouds (VPCs) across AWS regions globally. Cloud WAN allows you to build, monitor, and manage a unified global network that interconnects your resources in the AWS cloud and your on-premises environments. Direct Connect allows you to create a dedicated network connection to AWS, bypassing the public Internet. Until today, customers needed to deploy an intermediate transit gateway to interconnect their Direct Connect-based networks with Cloud WAN. Starting today, you can directly attach your Direct Connect gateway to a Cloud WAN core network simplifying connectivity between your on-premises locations and VPCs. The new Cloud WAN Direct Connect attachment adds support for automatic route propagation between AWS and on-premises networks using Border Gateway Protocol (BGP). Direct Connect attachments also supports existing Cloud WAN features such as central policy-based management, tag-based attachment automation and segmentation for advanced security. The new Direct Connect attachment for Cloud WAN is initially available in eleven commercial regions. Pricing for Direct Connect attachment is the same as any other Cloud WAN attachment. For additional information, please visit Cloud WAN documentation, pricing page and blog post.

Today, AWS announced Virtual Private Cloud (VPC) Block Public Access (BPA), a new centralized declarative control that enables network and security administrators to authoritatively block Internet traffic for their VPCs. VPC BPA supersedes any other setting and ensures your VPC resources are protected from unfettered Internet access in compliance with your organizations security and governance policy. Amazon VPC allows customers to launch AWS resources in a logically isolated virtual network. Often times customers have thousands of AWS accounts and VPCs that are owned by multiple business units or application developer teams. Central administrators have the critical responsibility to ensure that resources in their VPCs are accessible to the public Internet in a highly controlled fashion. VPC BPA offers a single declarative control that allows admins to easily block Internet access to VPCs via the Internet Gateway or the Egress-only Internet Gateway and ensures that there is no unintended public exposure to their AWS resources regardless of their routing and security configuration. Admins can apply BPA across all or select VPCs in their account, block bi-directional or ingress-only Internet connectivity and exclude select subnets for resources that need Internet access. VPC BPA is integrated with AWS Network Access Analyzer and VPC Flow Logs to support impact analysis, provide advanced visibility and help customers meet audit and compliance requirements. VPC BPA is available in all AWS Regions where Amazon VPC is offered. There is no additional charge for using this feature. For additional information, visit the Amazon VPC documentation and blog post.