AWS Network Manager Site: A Deep Dive in AWS Resources & Best Practices to Adopt
As businesses migrate to the cloud and adopt hybrid architectures, managing network connectivity across multiple AWS regions, on-premises data centers, and branch offices becomes increasingly complex. According to the 2024 State of the Cloud report, 92% of enterprises now operate in a multi-cloud environment, while 84% maintain hybrid infrastructure that spans cloud and on-premises resources. This distributed approach, while offering flexibility and resilience, creates significant challenges for network visibility and management.
Consider a global enterprise with headquarters in New York, manufacturing facilities in Germany, development teams in India, and cloud workloads distributed across multiple AWS regions. Each location requires secure, reliable connectivity to access shared resources, collaborate effectively, and maintain business continuity. Traditional network management tools often provide fragmented views of this complex topology, making it difficult to understand dependencies, troubleshoot issues, or optimize performance.
AWS Network Manager addresses these challenges by providing a centralized platform for managing global networks. A critical component of this service is the Network Manager Site, which represents physical locations within your network topology. These sites serve as logical anchors for your network infrastructure, helping you organize and manage connectivity across your distributed environment. Understanding how to properly configure and utilize Network Manager Sites is essential for organizations looking to gain comprehensive visibility and control over their network infrastructure. You can explore the complete Network Manager ecosystem and its relationships with other AWS services at overmind.tech.
In this blog post we will learn about what AWS Network Manager Site is, how you can configure and work with it using Terraform, and learn about the best practices for this service.
What is AWS Network Manager Site?
AWS Network Manager Site is a foundational component of AWS Network Manager that represents a physical location within your global network topology. It serves as a logical representation of offices, data centers, branches, or any other physical locations that are part of your network infrastructure.
Network Manager Sites provide the structural foundation for organizing your network resources within the AWS Network Manager service. Each site acts as a container for network devices and serves as an endpoint for network links, enabling you to model your real-world network topology within AWS. By creating sites that correspond to your physical locations, you gain the ability to visualize, monitor, and manage your network infrastructure from a centralized console, regardless of whether your resources are hosted in AWS, on-premises, or with other cloud providers.
The service integrates seamlessly with AWS Transit Gateway Network Manager, which provides detailed insights into your network performance and connectivity. When you create a Network Manager Site, you're establishing a reference point that AWS can use to understand the geographical and logical structure of your network. This understanding enables advanced features like network performance monitoring, automated network discovery, and centralized policy management across your entire network infrastructure. You can learn more about these integrations at overmind.tech/types/networkmanager-global-network.
Core Components and Architecture
Network Manager Sites operate within a hierarchical architecture that reflects the structure of modern enterprise networks. At the top level, you have a Global Network, which represents your entire network infrastructure. Within this global network, you create sites that correspond to specific physical locations or logical network segments.
Each site contains several key attributes that define its role within your network topology. The most important of these is the site's association with a specific global network, which establishes the ownership and management context. Sites also include descriptive information such as location details, which can include address information, geographical coordinates, and descriptive tags that help identify the site's purpose and characteristics.
The architecture supports flexibility in how you model your network. You might create sites that represent entire office buildings, specific floors within a building, or even individual network closets, depending on the level of granularity you need for your network management. This flexibility allows you to tailor the site structure to match your organization's specific needs and network design principles.
Integration with Network Devices and Links
Network Manager Sites serve as anchors for network devices and links, creating a comprehensive model of your network topology. When you deploy network devices at a physical location, you associate them with the corresponding Network Manager Site. This association enables AWS to understand the physical placement of your network infrastructure and provide location-aware monitoring and management capabilities.
Network links represent the connections between different sites or between sites and devices. These links can represent various types of connections, including dedicated circuits, VPN connections, or internet-based connections. By modeling these links within Network Manager, you gain visibility into the connectivity patterns of your network and can monitor the performance and health of these connections in real-time.
The integration between sites, devices, and links creates a powerful foundation for network management. AWS Network Manager can automatically discover many of these relationships, particularly for AWS-hosted resources like Transit Gateways and VPN connections. However, you can also manually define relationships for on-premises resources or connections that AWS cannot automatically discover. This comprehensive modeling capability ensures that you have complete visibility into your network topology, regardless of where your resources are hosted. More information about device management can be found at overmind.tech/types/networkmanager-device.
Strategic Network Topology Management
AWS Network Manager Site plays a crucial role in modern network architecture by providing organizations with the tools needed to manage increasingly complex, distributed network topologies. According to Gartner's 2024 Strategic Roadmap for Networking, 75% of enterprises will adopt network-as-a-service models by 2027, requiring sophisticated tools for managing hybrid and multi-cloud network architectures.
The strategic importance of Network Manager Sites extends beyond simple resource organization. These sites enable organizations to implement location-aware network policies, optimize traffic routing based on geographical considerations, and maintain compliance with data residency requirements. By providing a centralized view of network topology, sites help organizations make informed decisions about network investments, capacity planning, and disaster recovery strategies.
Enhanced Network Visibility and Monitoring
Network Manager Sites provide comprehensive visibility into network performance and connectivity across all locations. This visibility is particularly valuable for organizations with distributed workforces or multiple operational sites that need to maintain consistent network performance and reliability.
When you implement Network Manager Sites, you gain access to detailed network metrics and performance data for each location. This includes connection latency, packet loss rates, bandwidth utilization, and availability metrics. The centralized monitoring capabilities enable IT teams to quickly identify performance issues, whether they stem from local network problems, connectivity issues between sites, or broader network infrastructure challenges.
The monitoring capabilities extend beyond basic performance metrics to include advanced analytics and alerting. You can set up custom dashboards that provide real-time visibility into network health across all your sites, configure automated alerts for performance degradation or connectivity issues, and access historical data for trend analysis and capacity planning. This level of visibility is essential for maintaining service level agreements and ensuring optimal user experience across all locations.
Simplified Network Operations and Troubleshooting
Network Manager Sites significantly simplify network operations by providing a unified interface for managing distributed network infrastructure. Instead of using multiple tools and interfaces to monitor different parts of your network, you can access comprehensive network information from a single console.
The operational benefits are particularly evident during troubleshooting scenarios. When network issues occur, Network Manager Sites provide the context needed to quickly identify the scope and impact of the problem. You can see which sites are affected, understand the connectivity patterns that might be impacted, and access detailed performance data to diagnose the root cause of issues.
This unified approach to network operations reduces the time required for troubleshooting and improves the overall reliability of your network infrastructure. IT teams can respond more quickly to network issues, implement targeted fixes, and verify that solutions are working effectively across all affected sites.
Strategic Network Planning and Optimization
Network Manager Sites enable strategic network planning by providing detailed insights into network utilization patterns and performance characteristics. This information is invaluable for making informed decisions about network investments, capacity upgrades, and topology changes.
The planning capabilities include traffic analysis, which helps identify high-utilization links and potential bottlenecks, performance trending, which reveals patterns in network usage and helps predict future capacity needs, and cost optimization opportunities, which identify underutilized links or sites where network resources could be optimized. Organizations can use this information to develop comprehensive network strategies that align with business objectives and support future growth.
Key Features and Capabilities
Flexible Site Definition and Organization
Network Manager Sites provide extensive flexibility in how you define and organize your network locations. You can create sites that represent any physical or logical location within your network infrastructure, from entire buildings to specific network segments within a facility.
The site definition process includes comprehensive location information, descriptive metadata for identification and categorization, geographical coordinates for mapping and visualization, and custom tags for organization and automation. This flexibility ensures that you can model your network topology in a way that matches your organization's specific needs and operational requirements.
Integration with AWS Network Infrastructure
Network Manager Sites integrate seamlessly with AWS network infrastructure, including Transit Gateways, VPN connections, and Direct Connect gateways. This integration provides automatic discovery of AWS-hosted network resources and their relationships to your defined sites.
The integration capabilities include automatic resource discovery for AWS services, real-time synchronization of network topology changes, performance monitoring for AWS-hosted connections, and unified management of hybrid network infrastructure. This tight integration ensures that your Network Manager Sites accurately reflect your complete network topology, including both cloud and on-premises resources.
Advanced Network Analytics and Reporting
Network Manager Sites provide access to advanced analytics and reporting capabilities that help you understand network performance patterns and identify optimization opportunities. These analytics include detailed performance metrics, traffic flow analysis, and customizable reporting options.
The analytics capabilities support various use cases, including network performance optimization, capacity planning and forecasting, compliance reporting and auditing, and cost analysis and optimization. These capabilities enable data-driven decision making about network infrastructure investments and operational changes.
Automated Network Management
Network Manager Sites support automated network management through integration with AWS services and third-party tools. This automation includes automated alert generation based on performance thresholds, integration with AWS CloudWatch for monitoring and alerting, and API access for custom automation solutions.
The automation capabilities help reduce the operational overhead of managing distributed network infrastructure while improving response times for network issues and ensuring consistent network performance across all sites.
Integration Ecosystem
AWS Network Manager Site operates within a comprehensive ecosystem of AWS networking services, providing extensive integration capabilities that enhance its functionality and value. The service is designed to work seamlessly with other AWS networking components, creating a unified platform for managing complex network infrastructures.
At the time of writing there are 15+ AWS services that integrate with Network Manager Site in some capacity. Key integrations include AWS Transit Gateway for centralized routing, AWS Direct Connect for dedicated connectivity, AWS VPN for secure remote access, and AWS CloudWatch for monitoring and alerting.
The integration with AWS Transit Gateway is particularly significant, as it enables Network Manager Sites to provide visibility into inter-VPC connectivity and routing patterns. This integration allows you to understand how traffic flows between different parts of your network and optimize routing policies for better performance and cost efficiency. You can explore these relationships further at overmind.tech/types/networkmanager-link.
Network Manager Sites also integrate with AWS Direct Connect, enabling you to model and monitor dedicated connections between your on-premises infrastructure and AWS. This integration provides detailed performance metrics for Direct Connect connections and helps you understand how these connections fit into your overall network topology.
The integration with monitoring services like CloudWatch enables comprehensive network monitoring and alerting. You can set up custom metrics and alarms based on network performance data collected from your sites, ensuring that you're notified of performance issues or connectivity problems as they occur.
Pricing and Scale Considerations
AWS Network Manager Site follows a straightforward pricing model based on the number of network resources you manage and the volume of monitoring data you generate. The service offers a free tier that includes basic network topology management for up to 5 sites and 10 devices, making it accessible for small organizations and proof-of-concept implementations.
For larger deployments, pricing scales based on the number of sites, devices, and links you manage, as well as the volume of performance data you collect and store. The pricing model is designed to be predictable and cost-effective, with no upfront fees or long-term commitments required.
Scale Characteristics
Network Manager Sites are designed to support enterprise-scale networks with thousands of sites and devices. The service can handle complex network topologies with multiple levels of hierarchy and extensive interconnections between sites.
The scale characteristics include support for thousands of sites per global network, unlimited devices per site, comprehensive performance monitoring across all sites, and high-availability monitoring with 99.9% uptime SLA. These capabilities ensure that the service can support the largest enterprise networks while maintaining consistent performance and reliability.
Enterprise Considerations
For enterprise deployments, Network Manager Sites offer additional features and capabilities that support complex operational requirements. These include advanced security features, compliance reporting capabilities, and integration with enterprise management tools.
Enterprise features also include dedicated support options, professional services for implementation and optimization, and custom integration development for unique requirements. These capabilities ensure that large organizations can successfully deploy and operate Network Manager Sites at scale.
AWS Network Manager Site provides a comprehensive solution for organizations looking to gain visibility and control over their distributed network infrastructure. While alternative solutions exist from vendors like Cisco, Juniper, and other network management providers, Network Manager Site offers unique advantages for organizations already using AWS services. However, for infrastructure running on AWS this is the most integrated and cost-effective solution available.
Organizations considering Network Manager Site should evaluate their specific requirements for network visibility, monitoring, and management. The service is particularly well-suited for organizations with hybrid cloud deployments, multiple AWS regions, or complex network topologies that require centralized management and monitoring.
Managing AWS Network Manager Site using Terraform
Managing Network Manager Sites through Terraform provides a declarative, version-controlled approach to network infrastructure management. The complexity of Network Manager Site configuration can vary significantly depending on your network topology and integration requirements.
Basic Site Configuration
The most common use case for Network Manager Sites is creating a basic site representation for a physical location within your network infrastructure. This scenario typically involves organizations that need to model their office locations or data centers within AWS Network Manager.
# Global Network - Required parent resource
resource "aws_networkmanager_global_network" "enterprise_network" {
description = "Enterprise global network for multi-site connectivity"
tags = {
Name = "enterprise-global-network"
Environment = "production"
ManagedBy = "terraform"
}
}
# Network Manager Site - Main office location
resource "aws_networkmanager_site" "main_office" {
global_network_id = aws_networkmanager_global_network.enterprise_network.id
description = "Main office location in New York"
# Physical location information
location {
address = "123 Business Ave, New York, NY 10001"
latitude = "40.7128"
longitude = "-74.0060"
}
tags = {
Name = "main-office-site"
Location = "new-york"
Type = "headquarters"
Environment = "production"
CostCenter = "infrastructure"
}
}
# Additional site for branch office
resource "aws_networkmanager_site" "branch_office" {
global_network_id = aws_networkmanager_global_network.enterprise_network.id
description = "Branch office in San Francisco"
location {
address = "456 Tech Street, San Francisco, CA 94102"
latitude = "37.7749"
longitude = "-122.4194"
}
tags = {
Name = "branch-office-site"
Location = "san-francisco"
Type = "branch"
Environment = "production"
CostCenter = "infrastructure"
}
}
The global_network_id
parameter establishes the parent relationship and is required for all Network Manager Sites. The location
block provides geographical context that enhances network visualization and monitoring capabilities. The description
field helps identify the site's purpose and characteristics in the Network Manager console.
This configuration creates a hierarchical structure where sites belong to a global network, enabling centralized management while maintaining logical separation between different locations. The tag structure supports operational requirements like cost allocation, environment management, and automated resource discovery.
Advanced Site Configuration with Network Integration
For organizations with complex network topologies, Network Manager Sites often need to integrate with existing network infrastructure including Transit Gateways, VPN connections, and Direct Connect gateways. This scenario demonstrates how to create sites that are fully integrated with AWS networking services.
# Advanced global network with comprehensive monitoring
resource "aws_networkmanager_global_network" "enterprise_network" {
description = "Enterprise network with advanced monitoring and site integration"
tags = {
Name = "enterprise-global-network"
Environment = "production"
Monitoring = "enabled"
ManagedBy = "terraform"
}
}
# Data center site with comprehensive configuration
resource "aws_networkmanager_site" "data_center" {
global_network_id = aws_networkmanager_global_network.enterprise_network.id
description = "Primary data center with Transit Gateway integration"
location {
address = "789 Data Center Drive, Dallas, TX 75201"
latitude = "32.7767"
longitude = "-96.7970"
}
tags = {
Name = "primary-data-center"
Location = "dallas"
Type = "data-center"
Environment = "production"
Criticality = "high"
BackupSite = "secondary-data-center"
NetworkTier = "tier-1"
}
}
# Register Transit Gateway with the site
resource "aws_networkmanager_transit_gateway_registration" "data_center_tgw" {
global_network_id = aws_networkmanager_global_network.enterprise_network.id
transit_gateway_arn = aws_ec2_transit_gateway.main.arn
depends_on = [aws_networkmanager_site.data_center]
}
# Supporting Transit Gateway for the site
resource "aws_ec2_transit_gateway" "main" {
## Managing Networkmanager Site using Terraform
Managing AWS Network Manager sites with Terraform provides a structured approach to deploying and maintaining your global network infrastructure. The configuration varies in complexity depending on your network architecture, from simple single-site deployments to complex multi-region, multi-site environments with sophisticated connectivity patterns.
### Basic Site Configuration
The simplest configuration involves creating a site within an existing global network. This scenario typically applies when you're establishing your first site or adding a straightforward site to an existing network infrastructure.
```hcl
# Global network that will contain our site
resource "aws_networkmanager_global_network" "corporate_network" {
description = "Corporate WAN network spanning multiple regions"
tags = {
Name = "corporate-global-network"
Environment = "production"
Department = "infrastructure"
CostCenter = "IT-001"
}
}
# Basic site configuration
resource "aws_networkmanager_site" "headquarters" {
global_network_id = aws_networkmanager_global_network.corporate_network.id
description = "Corporate headquarters primary site"
location {
address = "123 Corporate Blvd, Seattle, WA 98101"
latitude = "47.6062"
longitude = "-122.3321"
}
tags = {
Name = "headquarters-site"
Environment = "production"
SiteType = "headquarters"
Region = "us-west-2"
BusinessUnit = "corporate"
}
}
This configuration establishes a basic site with geographic location information, which is useful for visualizing your network topology in the AWS Network Manager console. The location data helps with network planning and troubleshooting by providing geographic context for your network components.
Multi-Site Network with Regional Distribution
For organizations with multiple locations, you'll need to configure several sites across different regions. This configuration demonstrates how to manage multiple interconnected sites with consistent naming and tagging strategies.
# Define multiple sites across different regions
locals {
sites = {
headquarters = {
description = "Corporate headquarters and primary data center"
address = "123 Corporate Blvd, Seattle, WA 98101"
latitude = "47.6062"
longitude = "-122.3321"
region = "us-west-2"
site_type = "headquarters"
}
east_coast_office = {
description = "East coast regional office and backup data center"
address = "456 Business Ave, New York, NY 10001"
latitude = "40.7128"
longitude = "-74.0060"
region = "us-east-1"
site_type = "regional_office"
}
european_branch = {
description = "European operations center and regional hub"
address = "789 Enterprise St, London, UK"
latitude = "51.5074"
longitude = "-0.1278"
region = "eu-west-1"
site_type = "regional_office"
}
manufacturing_plant = {
description = "Primary manufacturing facility with edge computing"
address = "321 Industrial Way, Detroit, MI 48201"
latitude = "42.3314"
longitude = "-83.0458"
region = "us-east-2"
site_type = "manufacturing"
}
}
}
# Create all sites using for_each
resource "aws_networkmanager_site" "corporate_sites" {
for_each = local.sites
global_network_id = aws_networkmanager_global_network.corporate_network.id
description = each.value.description
location {
address = each.value.address
latitude = each.value.latitude
longitude = each.value.longitude
}
tags = {
Name = "${each.key}-site"
Environment = "production"
SiteType = each.value.site_type
Region = each.value.region
BusinessUnit = "corporate"
ManagedBy = "terraform"
}
}
This configuration uses Terraform's for_each
functionality to create multiple sites from a single resource definition. The local variable contains all site-specific information, making it easy to add new sites or modify existing ones without duplicating configuration code.
The location information for each site is critical for network planning and helps AWS Network Manager provide accurate geographic representations of your network topology. This becomes particularly valuable when analyzing network performance and planning connectivity between sites.
Advanced Site Configuration with Network Devices and Links
More complex deployments require integrating sites with network devices and links. This configuration shows how to create a comprehensive network setup that includes the physical and logical components of your network infrastructure.
# Create sites with associated network devices and links
resource "aws_networkmanager_site" "primary_datacenter" {
global_network_id = aws_networkmanager_global_network.corporate_network.id
description = "Primary data center with high-availability networking"
location {
address = "100 Data Center Drive, Ashburn, VA 20147"
latitude = "39.0458"
longitude = "-77.5017"
}
tags = {
Name = "primary-datacenter-site"
Environment = "production"
SiteType = "datacenter"
HighAvailability = "true"
ComplianceZone = "enterprise"
}
}
# Network devices at the primary site
resource "aws_networkmanager_device" "primary_router" {
global_network_id = aws_networkmanager_global_network.corporate_network.id
site_id = aws_networkmanager_site.primary_datacenter.id
description = "Primary edge router handling external connectivity"
# Device specifications
model = "Cisco ASR 1000"
serial = "FTX2118A1BC"
type = "router"
vendor = "Cisco"
# Physical location within the site
location {
address = "100 Data Center Drive, Ashburn, VA 20147"
latitude = "39.0458"
longitude = "-77.5017"
}
tags = {
Name = "primary-datacenter-router"
DeviceType = "edge-router"
Criticality = "high"
MaintenanceWindow = "sunday-2am-est"
}
}
# Backup router for redundancy
resource "aws_networkmanager_device" "backup_router" {
global_network_id = aws_networkmanager_global_network.corporate_network.id
site_id = aws_networkmanager_site.primary_datacenter.id
description = "Backup edge router for redundancy and failover"
model = "Cisco ASR 1000"
serial = "FTX2118A2CD"
type = "router"
vendor = "Cisco"
location {
address = "100 Data Center Drive, Ashburn, VA 20147"
latitude = "39.0458"
longitude = "-77.5017"
}
tags = {
Name = "backup-datacenter-router"
DeviceType = "edge-router"
Criticality = "high"
MaintenanceWindow = "sunday-2am-est"
}
}
# Network link connecting primary and backup routers
resource "aws_networkmanager_link" "router_interconnect" {
global_network_id = aws_networkmanager_global_network.corporate_network.id
site_id = aws_networkmanager_site.primary_datacenter.id
description = "High-speed interconnect between primary and backup routers"
# Link characteristics
bandwidth {
download_speed = 10000 # 10 Gbps
upload_speed = 10000 # 10 Gbps
}
provider = "Internal"
type = "ethernet"
tags = {
Name = "router-interconnect-link"
LinkType = "redundancy"
Bandwidth = "10gbps"
Criticality = "high"
}
}
This configuration demonstrates several important concepts:
Device Integration: Network devices are associated with specific sites, creating a logical mapping between physical hardware and geographic locations. This association is crucial for network topology visualization and management.
Link Management: Network links define the connections between devices and sites. The bandwidth configuration helps with capacity planning and network optimization.
Redundancy Planning: The configuration includes both primary and backup routers, which is essential for high-availability network deployments. The link between them provides the redundancy path.
Comprehensive Tagging: Each resource includes detailed tags that support operational requirements like maintenance windows, criticality levels, and device types.
Dependencies and Integration Points
Network Manager sites have several important dependencies that affect deployment planning:
Global Network Dependency: Every site must be associated with a global network, which serves as the parent container for all network resources. This dependency means you must create the global network before creating any sites.
Regional Considerations: While sites can be distributed across multiple regions, the global network itself exists in a single region. This affects how you plan your Terraform state management and provider configuration.
Device and Link Dependencies: When creating comprehensive network configurations, devices depend on sites for their location context, and links depend on both sites and devices for their endpoints.
The Network Manager site configuration integrates with several other AWS services, including Transit Gateway for cross-region connectivity, Direct Connect for hybrid cloud connections, and CloudWAN for advanced network automation. Understanding these integration points helps you plan more effective network architectures.
Best practices for Networkmanager Site
Managing AWS Network Manager sites effectively requires careful planning and adherence to proven operational patterns. These best practices help ensure your network sites are configured for optimal performance, security, and maintainability.
Establish Clear Site Naming and Tagging Standards
Why it matters: As your network grows to include multiple sites across different regions and environments, maintaining consistent naming conventions becomes critical for operational efficiency and troubleshooting.
Implementation: Develop a standardized naming scheme that includes location, environment, and purpose identifiers. Use tags to categorize sites by business unit, cost center, and operational responsibility.
# Example naming convention
aws networkmanager create-site \\
--global-network-id $GLOBAL_NETWORK_ID \\
--description "Production datacenter - US East" \\
--location Latitude=40.7128,Longitude=-74.0060,Address="New York, NY" \\
--tags "Environment=Production,Location=US-East,CostCenter=IT-OPS,Owner=NetworkTeam"
Include metadata that helps identify the site's role in your network topology, such as whether it's a primary datacenter, branch office, or edge location. This information becomes invaluable when analyzing network performance or planning capacity changes.
Implement Proper Location Data Management
Why it matters: Accurate location information enables Network Manager to provide meaningful geographical visualizations and helps with compliance requirements for data residency and network optimization.
Implementation: Always provide precise latitude and longitude coordinates along with descriptive address information. Validate location data during site creation and establish processes for updating coordinates when facilities move.
resource "aws_networkmanager_site" "branch_office" {
global_network_id = aws_networkmanager_global_network.main.id
description = "Branch office - Chicago"
location {
address = "123 Business District, Chicago, IL 60601"
latitude = "41.8781"
longitude = "-87.6298"
}
tags = {
Type = "branch-office"
Region = "midwest"
Employees = "50-100"
BusinessUnit = "sales"
}
}
Consider implementing validation rules to ensure location data meets your organization's standards and regulatory requirements. Document the process for updating location information when sites are relocated or expanded.
Design for High Availability and Redundancy
Why it matters: Network sites often represent critical infrastructure components. Proper planning for redundancy and failover scenarios prevents single points of failure that could impact business operations.
Implementation: When creating sites that represent physical locations, plan for multiple connectivity options and backup systems. Use Network Manager's topology features to document primary and secondary paths.
# Create redundant connectivity documentation through site tags
aws networkmanager create-site \\
--global-network-id $GLOBAL_NETWORK_ID \\
--description "Primary datacenter with redundant connections" \\
--tags "ConnectivityType=redundant,BackupPath=available,SLA=99.9"
Document dependencies between sites and plan for scenarios where primary sites become unavailable. Use Network Manager's visualization capabilities to identify potential bottlenecks or single points of failure in your network topology.
Establish Monitoring and Alerting Strategies
Why it matters: Proactive monitoring of site status and performance helps prevent issues before they impact users and enables faster resolution when problems occur.
Implementation: Set up CloudWatch metrics and alarms for site-related events. Monitor site creation, deletion, and modification activities to detect unauthorized changes.
resource "aws_cloudwatch_metric_alarm" "site_modifications" {
alarm_name = "networkmanager-site-changes"
comparison_operator = "GreaterThanThreshold"
evaluation_periods = "1"
metric_name = "SiteModifications"
namespace = "AWS/NetworkManager"
period = "300"
statistic = "Sum"
threshold = "0"
alarm_description = "Alert when Network Manager sites are modified"
alarm_actions = [aws_sns_topic.network_alerts.arn]
}
Implement automated reporting to track site inventory changes and ensure all modifications are authorized and documented. Use AWS Config rules to monitor compliance with your site configuration standards.
Optimize Site Organization and Hierarchy
Why it matters: Well-organized sites make it easier to manage large networks, implement consistent policies, and troubleshoot connectivity issues across multiple locations.
Implementation: Group sites logically based on your organization's structure and network architecture. Consider factors like geographical proximity, business function, and technical requirements when organizing sites.
# Example of hierarchical organization using tags
aws networkmanager create-site \\
--global-network-id $GLOBAL_NETWORK_ID \\
--description "Regional hub - West Coast" \\
--tags "Tier=regional-hub,Region=west-coast,ConnectedSites=branch-sf,branch-la,branch-seattle"
Establish clear relationships between hub sites and spoke sites to optimize traffic flow and simplify network management. Use consistent tagging strategies to identify site types and their roles in your network hierarchy.
Implement Security and Access Controls
Why it matters: Network Manager sites contain sensitive information about your network topology and infrastructure. Proper access controls prevent unauthorized modifications and information disclosure.
Implementation: Use IAM policies to restrict access to Network Manager operations based on job function and need-to-know principles. Implement resource-based policies where appropriate.
resource "aws_iam_policy" "networkmanager_readonly" {
name = "NetworkManagerReadOnly"
description = "Read-only access to Network Manager sites"
policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Effect = "Allow"
Action = [
"networkmanager:GetSites",
"networkmanager:DescribeSites",
"networkmanager:GetNetworkResources"
]
Resource = "*"
}
]
})
}
Regularly audit access permissions and remove unnecessary privileges. Use CloudTrail to monitor all Network Manager API calls and establish alerting for suspicious activities.
Plan for Disaster Recovery and Business Continuity
Why it matters: Sites often represent critical infrastructure components. Having clear recovery procedures ensures business continuity during outages or disasters.
Implementation: Document recovery procedures for each site type and maintain current contact information for site administrators. Use Network Manager's export capabilities to maintain backups of your network topology.
# Export network topology for backup
aws networkmanager get-network-resources \\
--global-network-id $GLOBAL_NETWORK_ID \\
--type sites \\
--output json > network-topology-backup.json
Test recovery procedures regularly and update documentation based on lessons learned. Ensure that site recovery plans align with your overall disaster recovery strategy and business continuity requirements.
Maintain Accurate Documentation and Change Management
Why it matters: Network topologies change frequently, and maintaining accurate documentation prevents configuration drift and supports effective troubleshooting.
Implementation: Establish processes for documenting all site changes and maintaining up-to-date network diagrams. Use Network Manager's tagging capabilities to embed operational information directly in your site configurations.
Implement change management procedures that require documentation updates whenever sites are modified. Regular audits should verify that site configurations match your documented network topology and business requirements.
These best practices form the foundation for effective Network Manager site management. By implementing these recommendations, you'll create a robust, scalable network management framework that supports your organization's growth and operational requirements.
Product Integration
The Networkmanager Site service integrates with over 15 AWS services to provide comprehensive network management capabilities. This integration enables centralised oversight of complex network architectures spanning multiple environments.
AWS Transit Gateway Integration
Networkmanager Sites connect directly with AWS Transit Gateway to provide automated network topology discovery. When Transit Gateway attachments are created, Network Manager automatically populates site information, reducing manual configuration overhead. This integration supports up to 5,000 route tables per Transit Gateway and enables real-time monitoring of cross-region connectivity patterns.
AWS Direct Connect Integration
Sites integrate with AWS Direct Connect to monitor dedicated network connections. Network Manager tracks connection utilisation, latency metrics, and failover patterns across Direct Connect locations. This integration provides visibility into hybrid connectivity performance and helps optimise bandwidth allocation across multiple connections.
AWS VPC and Route Table Integration
Each site maintains relationships with VPC route tables and VPC endpoints to track routing decisions. Network Manager correlates site-level policies with VPC-level routing, enabling administrators to understand how traffic flows between on-premises sites and AWS resources. This integration supports complex multi-VPC architectures with thousands of route entries.
Amazon CloudWatch Integration
Sites automatically publish metrics to CloudWatch for monitoring network performance. Standard metrics include connection state, bandwidth utilisation, and latency measurements. Custom metrics can be configured to track site-specific KPIs, with alarm thresholds set to trigger automated responses when performance degrades.
Use Cases
Multi-Site Enterprise Network Management
Large enterprises with distributed operations use Networkmanager Sites to centrally manage hundreds of branch offices. A global retail chain might configure sites for each store location, distribution center, and regional headquarters. Network Manager provides unified visibility across all locations, enabling IT teams to identify connectivity issues, optimise traffic routing, and ensure consistent network policies.
The centralised dashboard shows real-time status of all sites, connection health, and performance metrics. This visibility reduces mean time to resolution (MTTR) for network issues from hours to minutes, as administrators can quickly identify affected sites and routing paths.
Hybrid Cloud Network Orchestration
Organizations migrating to AWS use Networkmanager Sites to orchestrate hybrid connectivity between on-premises data centers and AWS regions. Each data center becomes a site within the Network Manager topology, with connections tracked through Direct Connect or VPN links.
This approach enables gradual migration strategies where workloads can be moved between sites based on performance requirements, compliance needs, or cost optimisation. Network Manager provides the visibility needed to ensure applications maintain connectivity during migration phases.
SD-WAN Integration and Management
Software-defined WAN (SD-WAN) deployments leverage Networkmanager Sites to integrate with AWS networking services. Each SD-WAN edge device location becomes a site, with connections automatically discovered and monitored through Network Manager APIs.
This integration enables centralized policy management across both SD-WAN and AWS network components. Traffic can be dynamically routed based on application requirements, with Network Manager providing the monitoring and control plane for end-to-end network optimisation.
Limitations
Regional Availability and Scaling Constraints
AWS Network Manager is available in limited regions, which restricts where sites can be managed. The service supports up to 200 sites per global network, which may be insufficient for large multinational organizations with thousands of locations. Additionally, each site can have a maximum of 100 devices, potentially limiting complex site architectures.
Real-Time Monitoring Limitations
Network Manager provides near real-time monitoring with a 5-minute granularity for most metrics. For applications requiring sub-minute network monitoring, this latency may be insufficient. The service also has API rate limits of 100 requests per second, which can impact automated monitoring systems that need to poll multiple sites frequently.
Integration Complexity with Third-Party Systems
While Network Manager integrates well with AWS services, connecting to third-party network monitoring and management systems requires custom development. The service lacks pre-built connectors for popular network management platforms like SolarWinds or Nagios, requiring organizations to build and maintain custom integration layers.
Limited Automation Capabilities
Networkmanager Sites primarily provide monitoring and visibility functions with limited automation capabilities. The service cannot automatically remediate network issues, rebalance traffic, or implement configuration changes based on performance metrics. Organizations must build custom automation using AWS Lambda or other services to achieve automated network management.
Conclusion
The Networkmanager Site service provides powerful centralised network management capabilities for complex, distributed network architectures. It effectively bridges the gap between traditional network management tools and cloud-native networking services, offering comprehensive visibility across hybrid environments.
The service's strength lies in its deep integration with AWS networking services, providing automated discovery and monitoring of network resources. For organizations with significant AWS footprints, Network Manager simplifies network operations and reduces the complexity of managing multi-site connectivity.
However, the service's limitations around regional availability, real-time monitoring granularity, and automation capabilities mean it works best as part of a broader network management strategy rather than as a standalone solution. Organizations should evaluate their specific requirements around site scale, monitoring needs, and integration complexity before implementing Network Manager.
For hybrid cloud environments with moderate complexity, Networkmanager Sites offer compelling value through reduced operational overhead and improved network visibility. The service continues to evolve with additional AWS integrations and enhanced monitoring capabilities, making it an increasingly valuable tool for modern network management strategies.