AWS Network Manager Device: A Deep Dive in AWS Resources & Best Practices to Adopt
The modern enterprise network landscape has evolved dramatically, with 78% of organizations now operating multi-cloud infrastructures according to Flexera's 2024 State of the Cloud Report. As businesses expand their digital footprints across multiple AWS regions, on-premises data centers, and third-party connectivity providers, managing network topology and device relationships has become increasingly complex. AWS Network Manager addresses this challenge by providing centralized visibility and control over global network infrastructures, with Network Manager Devices serving as the fundamental building blocks for representing physical and virtual network equipment within this unified management framework.
Traditional network management approaches often result in fragmented visibility, with network teams maintaining separate documentation systems, monitoring tools, and configuration management processes for different types of devices and locations. This fragmentation leads to increased operational overhead, longer troubleshooting times, and higher risk of configuration drift. Research from EMA (Enterprise Management Associates) indicates that network outages cost enterprises an average of $5,600 per minute, with many incidents directly attributed to poor visibility into network device relationships and dependencies. AWS Network Manager Devices provide a standardized approach to representing network infrastructure components, enabling teams to visualize dependencies and understand the blast radius of potential changes before they impact production systems.
In this blog post we will learn about what AWS Network Manager Device is, how you can configure and work with it using Terraform, and learn about the best practices for this service.
What is AWS Network Manager Device?
AWS Network Manager Device is a logical representation of a physical or virtual network device within AWS Network Manager's global network infrastructure. These devices serve as the foundational elements that define your network topology, representing everything from physical routers and switches in on-premises data centers to virtual network appliances and AWS-native networking resources. Each device entity contains metadata about location, type, vendor information, and operational characteristics that enable AWS Network Manager to provide comprehensive visibility into your network architecture.
The device abstraction in AWS Network Manager allows organizations to create a unified view of their network infrastructure regardless of where components are physically located or how they're implemented. This becomes particularly valuable when managing hybrid cloud architectures where traditional on-premises networking equipment must integrate seamlessly with AWS-native services like Transit Gateways, VPN connections, and Direct Connect circuits. By representing all these components as standardized device objects, teams can apply consistent management policies, monitoring practices, and automation workflows across their entire network infrastructure.
Device Representation and Metadata
AWS Network Manager Devices encapsulate rich metadata about network components, including vendor-specific information, model numbers, serial numbers, and software versions. This metadata serves multiple purposes beyond simple inventory management. It enables automated compliance checking, vulnerability assessment, and lifecycle management processes. For example, organizations can automatically identify devices running outdated firmware versions or track warranty expiration dates across their entire network infrastructure. The device metadata also supports network automation scenarios, where configuration templates and policy applications can be tailored based on device capabilities and vendor specifications.
The device model supports flexible tagging mechanisms that allow organizations to implement their own classification schemes and operational frameworks. Common tagging strategies include environmental designations (production, staging, development), geographic locations (regions, availability zones, data centers), functional roles (core, distribution, access), and ownership information (teams, cost centers, projects). These tags become valuable for implementing role-based access controls, cost allocation models, and automated operational procedures. When combined with AWS's native tagging capabilities, Network Manager Device tags provide a comprehensive labeling system that supports both technical and business requirements.
Integration with AWS Global Network Architecture
Network Manager Devices operate within the context of AWS Global Networks, which serve as the top-level organizational construct for managing network topology and relationships. Each device must be associated with a specific Global Network, and optionally with one or more Sites within that network. This hierarchical organization reflects real-world network architectures where devices are typically deployed at specific geographic locations and serve defined roles within the broader network topology.
The relationship between devices and sites provides important context for network operations and planning. Site associations enable geographic-aware network management, supporting scenarios like disaster recovery planning, latency optimization, and compliance with data residency requirements. When a device is associated with a site, Network Manager can automatically apply location-specific policies, routing preferences, and monitoring configurations. This geographic awareness becomes particularly valuable when managing global networks that span multiple continents and regulatory jurisdictions.
The device-to-site relationship also supports advanced analytics and reporting capabilities. Organizations can analyze network performance metrics by geographic region, identify capacity bottlenecks at specific locations, and plan infrastructure investments based on site-specific growth patterns. This geographic intelligence helps network teams make informed decisions about resource allocation and capacity planning across their global infrastructure.
Strategic Importance of AWS Network Manager Devices
The strategic value of AWS Network Manager Devices extends far beyond simple inventory management, addressing fundamental challenges in modern network operations and governance. As organizations scale their cloud adoption and expand their global footprints, the ability to maintain accurate, real-time visibility into network infrastructure becomes a critical competitive advantage. Network Manager Devices provide the foundation for data-driven network management, enabling organizations to move from reactive troubleshooting to proactive optimization and planning.
Recent studies by IDC indicate that organizations with comprehensive network visibility achieve 40% faster mean time to resolution (MTTR) for network-related incidents and reduce unplanned downtime by 35%. The structured representation of network devices in AWS Network Manager directly contributes to these improvements by providing consistent, accessible information about network topology and device relationships. This visibility enables automated incident response procedures, predictive maintenance workflows, and proactive capacity management practices that significantly improve overall network reliability and performance.
Enhanced Operational Efficiency Through Standardization
AWS Network Manager Devices enable organizations to standardize their network management practices across diverse infrastructure environments. Traditional network management approaches often require teams to maintain expertise in multiple vendor-specific tools and management interfaces, creating operational complexity and skill gaps. By representing all network devices through a consistent AWS API and management interface, teams can develop standardized automation scripts, monitoring dashboards, and operational procedures that work across their entire network infrastructure.
This standardization extends to integration with other AWS services and third-party network management tools. Network Manager Devices can be programmatically discovered and managed through AWS APIs, enabling integration with infrastructure-as-code workflows, configuration management systems, and network monitoring platforms. Organizations report significant reductions in operational overhead when they can apply consistent management practices across their entire network infrastructure, regardless of the underlying device types or vendors involved.
The standardization benefits become particularly apparent in large-scale network deployments where manual management approaches become impractical. Organizations managing hundreds or thousands of network devices across multiple geographic regions can leverage AWS Network Manager's device abstraction to implement centralized policy management, automated configuration deployment, and consistent monitoring practices. This scalability enables network teams to manage larger, more complex infrastructures without proportional increases in operational staff or complexity.
Strategic Network Planning and Optimization
Network Manager Devices provide the data foundation for strategic network planning and optimization initiatives. By maintaining accurate, real-time information about device locations, capabilities, and relationships, organizations can perform sophisticated network analysis and planning activities. This includes capacity planning based on actual device utilization patterns, redundancy analysis to identify single points of failure, and cost optimization initiatives that balance performance requirements with infrastructure costs.
The device-level visibility enables organizations to implement data-driven network architectures that optimize for specific business requirements. For example, companies can analyze traffic patterns across different device types and locations to identify opportunities for traffic engineering, load balancing, and performance optimization. This analytical capability supports both tactical optimization efforts and strategic infrastructure planning initiatives.
Network Manager Devices also support advanced simulation and modeling capabilities that enable organizations to evaluate the impact of proposed network changes before implementation. By understanding device relationships and dependencies, network teams can predict how changes to specific devices or links will affect overall network performance and availability. This predictive capability significantly reduces the risk associated with network modifications and enables more confident decision-making around infrastructure investments and architectural changes.
Compliance and Governance Benefits
The structured representation of network devices in AWS Network Manager supports comprehensive compliance and governance initiatives. Organizations operating in regulated industries can leverage device metadata and relationship information to demonstrate compliance with network security requirements, data residency regulations, and audit trail obligations. The centralized visibility provided by Network Manager Devices enables automated compliance checking and reporting, reducing the manual effort required to maintain regulatory compliance across complex network infrastructures.
The device-level tracking capabilities support forensic analysis and incident investigation requirements. When network security incidents occur, teams can quickly identify affected devices, trace communication paths, and understand the potential scope of compromise. This capability becomes particularly valuable in complex network environments where manual investigation approaches are time-consuming and error-prone.
Key Features and Capabilities
Comprehensive Device Metadata Management
AWS Network Manager Devices support rich metadata collection and management capabilities that go beyond basic inventory tracking. The device model includes fields for vendor information, model numbers, serial numbers, software versions, and custom attributes that organizations can use to capture business-specific information. This metadata serves as the foundation for automated device lifecycle management, vulnerability assessment, and configuration management processes.
The metadata management capabilities include support for version tracking and change history, enabling organizations to maintain audit trails for device configuration changes and software updates. This historical information becomes valuable for troubleshooting network issues, planning maintenance activities, and demonstrating compliance with change management policies. The versioning capabilities also support rollback scenarios where organizations need to revert device configurations to previous known-good states.
Geographic and Topological Organization
Network Manager Devices support sophisticated geographic and topological organization through their association with Sites and Global Networks. This organizational structure reflects real-world network architectures where devices are deployed at specific locations and serve defined roles within the broader network topology. The geographic awareness enables location-specific network management practices, including disaster recovery planning, latency optimization, and compliance with data residency requirements.
The topological organization capabilities extend to support for complex network hierarchies and relationships. Organizations can model hub-and-spoke architectures, mesh networks, and hybrid cloud topologies using the device and site abstraction provided by Network Manager. This modeling capability enables advanced network analysis and planning activities that consider both geographic and logical network relationships.
Integration with AWS Networking Services
Network Manager Devices integrate seamlessly with other AWS networking services, providing a unified view of hybrid cloud network architectures. This integration includes automatic discovery of AWS-native networking resources like Transit Gateways, VPN connections, and Direct Connect circuits, which are represented as devices within the Network Manager framework. The integration capabilities enable organizations to manage their entire network infrastructure through a single management interface, regardless of whether components are deployed on-premises or in AWS.
The service integration extends to support for advanced networking features like AWS Global Accelerator, CloudFront distributions, and Route 53 health checks. These integrations enable comprehensive network performance monitoring and optimization across the entire application delivery chain, from end-user devices to backend infrastructure components.
Automated Discovery and Inventory Management
AWS Network Manager provides automated discovery capabilities that can identify and catalog network devices across different infrastructure environments. This includes support for SNMP-based discovery, integration with network management platforms, and automatic detection of AWS-native networking resources. The automated discovery capabilities significantly reduce the manual effort required to maintain accurate network inventories, particularly in dynamic environments where devices are frequently added, modified, or removed.
The discovery capabilities include support for scheduled inventory updates, real-time change detection, and integration with existing configuration management systems. Organizations can configure automated workflows that detect network changes and update device information accordingly, ensuring that the Network Manager inventory remains accurate and current.
Integration Ecosystem
AWS Network Manager Device integrates extensively with the broader AWS ecosystem and third-party network management tools, creating a comprehensive platform for network visibility and management. The integration capabilities enable organizations to leverage existing investments in network management tools while gaining the benefits of AWS's global infrastructure and managed services.
At the time of writing there are 50+ AWS services that integrate with Network Manager Device in some capacity. Key integrations include AWS Transit Gateway for network connectivity, AWS Direct Connect for hybrid cloud connectivity, AWS VPN services for secure remote access, and AWS CloudFormation for infrastructure-as-code deployment of network resources.
The integration with AWS CloudWatch provides comprehensive monitoring and alerting capabilities for network devices and their associated resources. Organizations can configure custom metrics, alarms, and dashboards that provide real-time visibility into network performance and health. The CloudWatch integration also enables automated remediation workflows that can respond to network issues without human intervention.
Integration with AWS Systems Manager enables centralized configuration management and patch management for network devices. Organizations can apply consistent configuration policies across their entire network infrastructure, automate software updates, and maintain compliance with security and operational requirements. The Systems Manager integration also supports remote access capabilities that enable network teams to manage devices from centralized locations.
The service also integrates with third-party network management platforms through APIs and webhook mechanisms. This enables organizations to maintain existing operational workflows while gaining the benefits of AWS Network Manager's centralized visibility and management capabilities. Common integration scenarios include synchronization with network monitoring tools, configuration management systems, and incident response platforms.
Pricing and Scale Considerations
AWS Network Manager Device pricing follows a consumption-based model that charges organizations based on the number of devices registered in their Global Networks and the volume of network performance data collected. The pricing structure includes a per-device monthly charge for basic device registration and metadata management, plus additional charges for advanced features like network performance monitoring and automated discovery.
The service includes a generous free tier that allows organizations to register up to 100 devices per month without charge, making it accessible for smaller deployments and proof-of-concept implementations. Beyond the free tier, device registration costs $0.10 per device per month, with volume discounts available for larger deployments. Network performance monitoring adds $0.05 per device per month, providing detailed visibility into network latency, packet loss, and throughput metrics.
Scale Characteristics
AWS Network Manager Device is designed to scale from small branch office deployments to large enterprise networks with thousands of devices across multiple geographic regions. The service leverages AWS's global infrastructure to provide consistent performance and availability regardless of deployment scale. Organizations can register devices in any AWS region and manage them through a centralized interface that provides global visibility and control.
The service supports concurrent management of multiple Global Networks, enabling organizations to maintain separate network topologies for different business units, geographic regions, or operational environments. This multi-network capability enables flexible organizational structures while maintaining centralized visibility and control where needed.
Performance characteristics scale linearly with the number of registered devices and the volume of network telemetry data collected. The service automatically adjusts capacity based on demand, ensuring consistent response times and data processing capabilities as network size grows. Organizations managing large-scale deployments report stable performance with thousands of devices and high-frequency data collection intervals.
Enterprise Considerations
Enterprise deployments of AWS Network Manager Device benefit from advanced features including dedicated support channels, enhanced SLA commitments, and integration with AWS Enterprise Support programs. Organizations with complex network architectures can work with AWS solution architects to design optimal deployment strategies that balance performance, cost, and operational requirements.
The service includes enterprise-grade security features including encryption at rest and in transit, integration with AWS IAM for access control, and support for AWS CloudTrail for audit logging. These security capabilities enable organizations to maintain compliance with regulatory requirements while benefiting from centralized network management capabilities.
Network Manager Device competes with traditional network management platforms like SolarWinds, Cisco DNA Center, and BMC Network Automation. However, for infrastructure running on AWS this is significantly more integrated with the broader AWS ecosystem, providing seamless visibility across cloud-native and hybrid network architectures.
Organizations considering enterprise deployment should evaluate the total cost of ownership including licensing, operational overhead, and integration complexity. AWS Network Manager Device typically provides lower total cost of ownership for organizations with significant AWS infrastructure investments, while traditional platforms may be more cost-effective for primarily on-premises deployments.
Managing AWS Network Manager Device using Terraform
Managing AWS Network Manager Devices through Terraform requires understanding the hierarchical relationships between Global Networks, Sites, and individual devices. The Terraform configuration complexity varies significantly based on your network architecture, from simple single-site deployments to complex multi-region, multi-vendor network topologies.
Basic Device Registration and Configuration
The most common scenario involves registering network devices within an existing Global Network and associating them with specific sites. This pattern supports typical enterprise network architectures where devices are deployed at known locations and serve defined roles within the broader network topology.
# Global Network - top-level container for network resources
resource "aws_networkmanager_global_network" "corporate_network" {
description = "Corporate global network for multi-site connectivity"
tags = {
Name = "corporate-global-network"
Environment = "production"
CostCenter = "networking"
Owner = "network-team"
}
}
# Site representing a physical location
resource "aws_networkmanager_site" "headquarters" {
global_network_id = aws_networkmanager_global_network.corporate_network.id
description = "Corporate headquarters in Seattle"
location {
latitude = "47.6062"
longitude = "-122.3321"
address = "Seattle, WA, USA"
}
tags = {
Name = "headquarters-site"
Location = "Seattle"
Type = "headquarters"
}
}
# Core router device at headquarters
resource "aws_networkmanager_device" "hq_core_router" {
global_network_id = aws_networkmanager_global_network.corporate_network.id
site_id = aws_networkmanager_site.headquarters.id
description = "Core router providing internet and WAN connectivity"
type = "router"
vendor = "Cisco"
model = "ASR1006-X"
# Device location within the site
location {
latitude = "47.6062"
longitude = "-122.3321"
address = "Seattle, WA, USA"
}
tags = {
Name = "hq-core-router-01"
Function = "core-routing"
Criticality = "high"
MaintenanceWindow = "sunday-02:00-06:00"
}
}
This configuration establishes the fundamental hierarchy of Global Network > Site > Device, with each level containing appropriate metadata and location information. The device resource includes vendor-specific information that supports automated inventory management and configuration workflows. The tagging strategy enables operational categorization and automated policy application based on device characteristics and roles.
The location information at both site and device levels provides geographic context for network operations, supporting disaster recovery planning, latency optimization, and compliance with
Managing networkmanager-device using Terraform
The Networkmanager Device resource in AWS requires careful configuration to integrate properly with your global network infrastructure. These devices serve as the foundation for connecting physical and virtual network components across different geographical locations.
Basic Device Configuration
The most straightforward approach to creating a Networkmanager Device involves defining the essential properties and associating it with a global network:
# Create a global network first
resource "aws_networkmanager_global_network" "main" {
description = "Primary corporate network"
tags = {
Name = "corporate-global-network"
Environment = "production"
Owner = "network-team"
}
}
# Create a site for the device
resource "aws_networkmanager_site" "headquarters" {
global_network_id = aws_networkmanager_global_network.main.id
description = "Main headquarters location"
location {
address = "123 Business Ave, Seattle, WA 98101"
latitude = "47.6062"
longitude = "-122.3321"
}
tags = {
Name = "headquarters-site"
Location = "Seattle"
}
}
# Create the basic device
resource "aws_networkmanager_device" "headquarters_router" {
global_network_id = aws_networkmanager_global_network.main.id
site_id = aws_networkmanager_site.headquarters.id
description = "Main router at headquarters"
model = "Cisco ASR 1000"
serial_number = "ASR1000-12345"
type = "router"
vendor = "Cisco"
# Device location information
location {
address = "123 Business Ave, Rack A1, Seattle, WA 98101"
latitude = "47.6062"
longitude = "-122.3321"
}
# AWS location reference for integration
aws_location {
zone = "us-west-2a"
subnet_arn = "arn:aws:ec2:us-west-2:123456789012:subnet/subnet-12345678"
}
tags = {
Name = "headquarters-main-router"
DeviceType = "router"
Environment = "production"
Criticality = "high"
}
}
This configuration establishes the basic device with location information and AWS integration points. The aws_location
block enables integration with AWS services by specifying the availability zone and subnet.
Multi-Site Device Deployment
For organizations with multiple locations, you'll need to create devices across different sites while maintaining centralized management:
# Define multiple sites
locals {
sites = {
seattle = {
address = "123 Business Ave, Seattle, WA 98101"
latitude = "47.6062"
longitude = "-122.3321"
zone = "us-west-2a"
}
denver = {
address = "456 Corporate Blvd, Denver, CO 80202"
latitude = "39.7392"
longitude = "-104.9903"
zone = "us-west-1a"
}
atlanta = {
address = "789 Enterprise Dr, Atlanta, GA 30309"
latitude = "33.7490"
longitude = "-84.3880"
zone = "us-east-1a"
}
}
}
# Create sites for each location
resource "aws_networkmanager_site" "locations" {
for_each = local.sites
global_network_id = aws_networkmanager_global_network.main.id
description = "${title(each.key)} office location"
location {
address = each.value.address
latitude = each.value.latitude
longitude = each.value.longitude
}
tags = {
Name = "${each.key}-site"
Location = title(each.key)
}
}
# Create routers for each site
resource "aws_networkmanager_device" "site_routers" {
for_each = local.sites
global_network_id = aws_networkmanager_global_network.main.id
site_id = aws_networkmanager_site.locations[each.key].id
description = "Primary router for ${each.key} office"
model = "Cisco ASR 1000"
serial_number = "ASR1000-${upper(each.key)}-001"
type = "router"
vendor = "Cisco"
location {
address = each.value.address
latitude = each.value.latitude
longitude = each.value.longitude
}
aws_location {
zone = each.value.zone
subnet_arn = data.aws_subnet.site_subnets[each.key].arn
}
tags = {
Name = "${each.key}-primary-router"
DeviceType = "router"
Site = title(each.key)
Environment = "production"
}
}
# Data source for existing subnets
data "aws_subnet" "site_subnets" {
for_each = local.sites
filter {
name = "availability-zone"
values = [each.value.zone]
}
filter {
name = "tag:Name"
values = ["${each.key}-management-subnet"]
}
}
This approach uses Terraform's for_each
functionality to create consistent device configurations across multiple sites while maintaining location-specific customizations.
Device Dependencies and Relationships
When creating complex network topologies, you'll need to establish dependencies between devices through links and connections:
# Create links between sites
resource "aws_networkmanager_link" "site_connections" {
for_each = {
seattle_denver = { from = "seattle", to = "denver" }
seattle_atlanta = { from = "seattle", to = "atlanta" }
denver_atlanta = { from = "denver", to = "atlanta" }
}
global_network_id = aws_networkmanager_global_network.main.id
site_id = aws_networkmanager_site.locations[each.value.from].id
description = "Connection from ${each.value.from} to ${each.value.to}"
# Link bandwidth configuration
bandwidth {
download_speed = 1000 # Mbps
upload_speed = 1000 # Mbps
}
# Link provider information
provider_name = "AT&T"
type = "MPLS"
tags = {
Name = "${each.value.from}-to-${each.value.to}-link"
Type = "inter-site-connection"
}
}
# Associate devices with links
resource "aws_networkmanager_link_association" "router_links" {
for_each = aws_networkmanager_link.site_connections
global_network_id = aws_networkmanager_global_network.main.id
link_id = each.value.id
device_id = aws_networkmanager_device.site_routers[split("_", each.key)[0]].id
depends_on = [
aws_networkmanager_device.site_routers,
aws_networkmanager_link.site_connections
]
}
# Create connections between devices
resource "aws_networkmanager_connection" "inter_site_connections" {
for_each = aws_networkmanager_link.site_connections
global_network_id = aws_networkmanager_global_network.main.id
device_id = aws_networkmanager_device.site_routers[split("_", each.key)[0]].id
connected_device_id = aws_networkmanager_device.site_routers[split("_", each.key)[1]].id
link_id = each.value.id
description = "Physical connection between ${split("_", each.key)[0]} and ${split("_", each.key)[1]}"
tags = {
Name = "${split("_", each.key)[0]}-to-${split("_", each.key)[1]}-connection"
Type = "inter-site-physical"
}
}
This configuration creates a mesh network topology where devices at different sites are connected through links and physical connections, establishing redundant paths for network traffic.
Advanced Device Configuration with AWS Integration
For enhanced integration with AWS services, you can configure devices with additional AWS-specific properties:
# VPC and Transit Gateway setup for device integration
resource "aws_ec2_transit_gateway" "network_hub" {
description = "Central hub for network manager devices"
tags = {
Name = "network-manager-tgw"
}
}
# Customer Gateway for device integration
resource "aws_customer_gateway" "device_gateways" {
for_each = local.sites
bgp_asn = 65000
ip_address = aws_networkmanager_device.site_routers[each.key].location[0].address
type = "ipsec.1"
tags = {
Name = "${each.key}-customer-gateway"
Site = title(each.key)
}
}
# Enhanced device configuration with AWS integration
resource "aws_networkmanager_device" "aws_integrated_devices" {
for_each = local.sites
global_network_id = aws_networkmanager_global_network.main.id
site_id = aws_networkmanager_site.locations[each.key].id
description = "AWS-integrated device for ${each.key}"
model = "AWS Virtual Edge"
serial_number = "AWS-VE-${upper(each.key)}-001"
type = "virtual-edge"
vendor = "Amazon"
location {
address = each.value.address
latitude = each.value.latitude
longitude = each.value.longitude
}
aws_location {
zone = each.value.zone
subnet_arn = data.aws_subnet.site_subnets[each.key].arn
}
tags = {
Name = "${each.key}-aws-integrated-device"
DeviceType = "virtual-edge"
Site = title(each.key)
Environment = "production"
IntegrationType = "aws-native"
TransitGatewayId = aws_ec2_transit_gateway.network_hub.id
CustomerGatewayId = aws_customer_gateway.device_gateways[each.key].id
}
}
# Network resource relationships for comprehensive topology mapping
resource "aws_networkmanager_network_resource_relationship" "device_relationships" {
for_each = aws_networkmanager_device.aws_integrated_devices
global_network_id = aws_networkmanager_global_network.main.id
# Define relationships between devices and AWS resources
depends_on = [
aws_networkmanager_device.aws_integrated_devices,
aws_ec2_transit_gateway.network_hub,
aws_customer_gateway.device_gateways
]
}
This advanced configuration demonstrates how to integrate Network Manager devices with AWS-native services like Transit Gateway and Customer Gateway, creating a hybrid network architecture that spans both on-premises and cloud environments.
The key parameters you'll work with when configuring Networkmanager Devices include:
- global_network_id: Links the device to your global network infrastructure
- site_id: Associates the device with a specific geographical location
- description: Provides human-readable information about the device's purpose
- model, serial_number, type, vendor: Hardware identification and categorization
- location: Physical location coordinates and address information
- aws_location: Integration points with AWS services and resources
When implementing these configurations, ensure that your devices are properly associated with sites and links to maintain network topology integrity. The dependencies between resources should be carefully managed to avoid circular references and ensure proper creation order.
Best practices for Networkmanager Device
Managing AWS Network Manager devices requires careful planning and consistent operational practices to ensure optimal performance, security, and maintainability across your global network infrastructure.
Device Organization and Naming
Why it matters: Consistent device organization enables efficient network management and troubleshooting across multiple sites and regions.
Implementation: Establish a standardized naming convention that includes location, device type, and purpose. Use descriptive tags to categorize devices by function, environment, and ownership.
# Example device naming pattern
aws networkmanager create-device \\
--global-network-id gn-12345678 \\
--description "Primary router for London data center" \\
--type "Router" \\
--vendor "Cisco" \\
--model "ISR4000" \\
--serial-number "ABC123456789" \\
--location Latitude=51.5074,Longitude=-0.1278,Address="London DC1"
Create a device inventory spreadsheet or use AWS Config to track device metadata, including purchase dates, warranty information, and maintenance schedules. This documentation becomes invaluable during network planning and troubleshooting scenarios.
Strategic Site Association
Why it matters: Proper site association ensures accurate network topology visualization and enables effective path optimization across your global network.
Implementation: Always associate devices with their corresponding sites before creating connections. This establishes the geographical context necessary for network optimization and monitoring.
resource "aws_networkmanager_device" "branch_router" {
global_network_id = aws_networkmanager_global_network.main.id
site_id = aws_networkmanager_site.branch_office.id
description = "Branch office primary router"
type = "Router"
vendor = "Cisco"
model = "ISR4331"
location {
latitude = 40.7128
longitude = -74.0060
address = "New York Branch Office"
}
tags = {
Environment = "Production"
Location = "NYC-Branch"
Function = "Primary-Router"
}
}
Document the physical location details accurately, including precise latitude and longitude coordinates. This information is crucial for network latency calculations and compliance with data residency requirements.
Device Metadata Management
Why it matters: Comprehensive device metadata enables effective inventory management, compliance tracking, and capacity planning across your network infrastructure.
Implementation: Maintain detailed device information including hardware specifications, software versions, and lifecycle status. Use AWS tags systematically to enable automated monitoring and reporting.
# Update device with comprehensive metadata
aws networkmanager update-device \\
--global-network-id gn-12345678 \\
--device-id device-abcdef1234567890 \\
--description "Updated firmware to v15.7.3" \\
--vendor "Cisco" \\
--model "ISR4331" \\
--serial-number "FGL123456789" \\
--software-version "15.7.3"
Implement a regular metadata audit process to ensure device information remains current. Outdated metadata can lead to incorrect capacity planning decisions and complicate troubleshooting efforts during network incidents.
Connection and Link Management
Why it matters: Proper connection management ensures reliable network connectivity and enables efficient traffic routing across your global network topology.
Implementation: Document all device connections and links before creating them in Network Manager. Establish clear naming conventions for connections that reflect their purpose and endpoints.
resource "aws_networkmanager_connection" "hq_to_branch" {
global_network_id = aws_networkmanager_global_network.main.id
device_id = aws_networkmanager_device.hq_router.id
connected_device_id = aws_networkmanager_device.branch_router.id
description = "Primary connection between HQ and NYC branch"
tags = {
ConnectionType = "Primary"
Bandwidth = "1Gbps"
Provider = "ISP-Name"
}
}
Monitor connection utilization regularly and maintain redundant connections for critical network paths. Document bandwidth requirements and service level agreements for each connection to ensure proper capacity planning.
Security and Access Control
Why it matters: Network devices are critical infrastructure components that require strict access controls and security monitoring to prevent unauthorized access and configuration changes.
Implementation: Implement least-privilege access principles for Network Manager operations. Use IAM roles and policies to control who can create, modify, or delete network devices.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"networkmanager:GetDevices",
"networkmanager:DescribeGlobalNetworks"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"networkmanager:CreateDevice",
"networkmanager:UpdateDevice",
"networkmanager:DeleteDevice"
],
"Resource": "arn:aws:networkmanager:*:*:device/*",
"Condition": {
"StringEquals": {
"networkmanager:GlobalNetworkId": "gn-12345678"
}
}
}
]
}
Enable AWS CloudTrail logging for all Network Manager API calls to maintain an audit trail of device configuration changes. Set up CloudWatch alarms for unauthorized device modifications or deletions.
Monitoring and Maintenance
Why it matters: Proactive monitoring enables early detection of network issues and ensures devices remain operational within acceptable performance parameters.
Implementation: Establish regular monitoring schedules for device status and performance metrics. Use AWS CloudWatch to track device connectivity and health indicators.
# Monitor device status changes
aws logs create-log-group --log-group-name /aws/networkmanager/device-events
# Set up CloudWatch alarm for device state changes
aws cloudwatch put-metric-alarm \\
--alarm-name "NetworkDevice-StateChange" \\
--alarm-description "Alert when network device state changes" \\
--metric-name "DeviceState" \\
--namespace "AWS/NetworkManager" \\
--statistic "Sum" \\
--period 300 \\
--threshold 1 \\
--comparison-operator "GreaterThanOrEqualToThreshold"
Create automated remediation procedures for common device issues and establish escalation procedures for critical device failures. Document maintenance windows and change management processes to minimize service disruption.
Disaster Recovery and High Availability
Why it matters: Network devices are single points of failure that can impact entire network segments if not properly protected with redundancy and recovery procedures.
Implementation: Design device deployment patterns that include redundant devices and connections. Maintain configuration backups and establish recovery procedures for device replacement scenarios.
Document device replacement procedures and maintain spare device inventory for critical network locations. Test disaster recovery procedures regularly to ensure rapid restoration of network services during device failures.
Consider implementing automated failover mechanisms using AWS Transit Gateway or other redundancy solutions to minimize impact during device maintenance or failures.
Terraform and Overmind for Network Manager Device
Overmind Integration
Network Manager Device configurations often sit at the center of complex network topologies. When you run overmind terraform plan
with Network Manager Device modifications, Overmind automatically identifies all resources that depend on these critical network components, including:
- Network Topology Resources Network Manager sites, global networks, and link associations that rely on device configurations
- Connection Dependencies Network connections and peering relationships that utilize the device for routing
- Link Associations Direct and indirect link associations that connect devices to network paths
- Resource Relationships Network resource relationships that define how devices interconnect with other AWS services
This dependency mapping extends beyond direct relationships to include indirect dependencies that might not be immediately obvious, such as Transit Gateway attachments that rely on Network Manager device configurations or VPC peering connections that use the device for routing decisions.
Risk Assessment
Overmind's risk analysis for Network Manager Device changes focuses on several critical areas:
High-Risk Scenarios:
- Site Disconnection: Removing or misconfiguring a device that serves as a primary connection point for multiple sites
- Global Network Fragmentation: Changes that could isolate portions of the global network from central management
- Link Association Failures: Modifications that break existing link associations, potentially disrupting network connectivity
Medium-Risk Scenarios:
- Performance Degradation: Device configuration changes that might impact network performance without causing complete outages
- Monitoring Blind Spots: Removing devices that provide critical network visibility and monitoring capabilities
Low-Risk Scenarios:
- Metadata Updates: Changes to device descriptions, tags, or other non-functional attributes
- Additional Link Associations: Adding new link associations that expand connectivity options without affecting existing paths
Use Cases
Multi-Site Network Management
Organizations with distributed infrastructure often use Network Manager devices to represent physical network equipment across multiple geographical locations. A global retail company might configure devices at each store location, data center, and regional office, creating a unified view of their network topology. This centralized management approach allows network administrators to monitor connectivity, track performance metrics, and quickly identify issues across their entire network infrastructure. Through Network Manager devices, they can visualize how traffic flows between locations and ensure optimal routing configurations.
Hybrid Cloud Connectivity
Network Manager devices excel in scenarios where organizations need to connect on-premises infrastructure with AWS cloud resources. A financial services company might use Network Manager devices to represent their branch office network equipment, then establish connections to AWS services through Transit Gateway attachments. This configuration provides comprehensive visibility into both cloud and on-premises network segments, enabling administrators to troubleshoot connectivity issues and optimize performance across hybrid environments.
Network Migration and Modernization
During network infrastructure modernization projects, Network Manager devices provide essential visibility and control. An enterprise migrating from traditional MPLS networks to SD-WAN solutions can use Network Manager devices to represent both legacy and modern network equipment. This dual representation allows for gradual migration strategies, where administrators can monitor performance of both network types, gradually shift traffic to new infrastructure, and maintain comprehensive visibility throughout the transition process.
Limitations
Regional Availability and Scope
Network Manager devices are limited by AWS's regional availability for the Network Manager service. While the service aims for global coverage, some regions may have limited functionality or delayed feature releases. Organizations with truly global infrastructure might encounter situations where certain locations cannot be effectively represented or managed through Network Manager devices, requiring alternative monitoring and management approaches for those regions.
Device Representation Constraints
Network Manager devices are logical representations rather than direct interfaces to physical equipment. This abstraction layer means that while devices provide valuable network topology visualization, they cannot directly configure or control the underlying physical network hardware. Organizations expecting device-level configuration management capabilities will need to maintain separate systems for actual network device configuration and use Network Manager devices primarily for monitoring and topology visualization.
Integration Complexity
Integrating Network Manager devices with existing network management systems can be complex, particularly in environments with established monitoring tools and processes. Organizations may find that Network Manager devices provide overlapping functionality with existing network management platforms, requiring careful planning to avoid duplicated efforts or conflicting data sources. The integration process often requires custom development work to synchronize device information across multiple systems.
Conclusion
Network Manager devices provide essential building blocks for comprehensive network topology management within AWS's Network Manager service. They support multi-site network visibility, hybrid cloud connectivity scenarios, and network modernization initiatives. For organizations managing distributed network infrastructure, Network Manager devices offer centralized monitoring and visualization capabilities that simplify complex network management tasks.
The service integrates effectively with other AWS networking services, particularly Transit Gateway and VPC resources, creating comprehensive network management solutions. However, organizations should carefully consider regional availability constraints and integration requirements when implementing Network Manager devices as part of their network management strategy.
Understanding the dependencies and relationships that Network Manager devices create is crucial for successful network infrastructure management. Changes to these devices can have far-reaching effects across network topology, making comprehensive impact analysis essential for maintaining network stability and performance.