Manage the Service VPC/VNet

Use the following procedure to manage a spoke VPC or spoke VNet:

Before you begin

When you protect an AWS service VPC that is configured to utilize the AWS CloudWAN, the table shown in this page has a separate row for each edge region. You can add/remove segments to secure the segment using the service VPC. Each segment can be edited with a list of VPCs that can be attached or dettached from the segment. Any traffic flowing through the segment will be protected by the network function group configured in the VPC. Anything forwarded from the segments seen in this table pass through the network function group configured in the VPC.

Procedure

Step 1	From the Multicloud Defense Controller dashboard, navigate to Infrastructure > Gateways > VPCs/VNets.
Step 2	Select Service VPC or Service VNet and click Actions.
Step 3	Click Manage Spoke VPC/VNet.
Step 4	To add a segment to a region that is attached to the VPC or VNet displayed in the table, click Add.
Step 5	Use the drop-down menu to select an available network segment. This action assigns an existing network segement to a service VPC or the network fucntion group inside your service VPC. Note that Multicloud Defense does not create network segments, you must create network segments as part of the core network in you AWS account.
Step 6	To Remove a network segment, select the segment and then click Remove
Step 7	Click + Add VPC to add a VPC and associate a user VPC to the network segment. In the Add VPC to Segment window, select all spoke VPC or VNets in the left side of the window and click ">" to assign them to the segment. Altenatively, select any existing VPCs or VNets and click "<" to remove it from the segment. Click Save to confirm the VPC changes.
Step 8	Click Save to confirm the network segment changes. Note that it may take up to 30 minutes for these changes to go into effect and for the affected VPC or VNet to become "Active".