VPC attachments in AWS Cloud WAN

When you attach a VPC to a core network edge in AWS Cloud WAN, you must specify one subnet from each Availability Zone to be used by the core network edge to route traffic. Specifying one subnet from an Availability Zone enables traffic to reach resources in every subnet in that Availability Zone. For more information about limits to core network VPC attachments, see Transit Gateway attachment to a VPC in the Transit Gateway User Guide.

Appliance mode

If you plan to configure a stateful network appliance in your VPC, you can enable appliance mode support for the VPC attachment in which the appliance is located when you create an attachment. This ensures that Cloud WAN uses the same Availability Zone for that VPC attachment for the lifetime of the flow of traffic between a source and destination. It also allows Cloud WAN to send traffic to any Availability Zone in the VPC as long as there is a subnet association in that zone. While appliance mode is only supported on VPC attachments, the network flow can enter the core network from any other Cloud WAN attachment type, including VPC, VPN, and Connect attachments. Cloud WAN appliance mode also works for network flows that have sources and destinations across different AWS Regions in your core network. Network flows can potentially be rebalanced across different Availability Zones if you don't initially enable appliance mode but later edit the attachment configuration to enable it.

You can enable or disable appliance mode using either the console or the command line/API.