| CPC H04L 45/02 (2013.01) [H04L 45/28 (2013.01); H04L 45/42 (2013.01)] | 20 Claims |
|
1. A computer-implemented method comprising:
receiving, by a gateway management service of a cloud provider network, a traffic policy, the traffic policy identifying a path to a gateway to an external network, wherein the path identifies at least one network function in the path by a resource identifier of the cloud provider network, and wherein the network function is at least one of a firewall, a network address translation gateway, a load balancer, or an access control list filter;
receiving traffic policy association data, wherein the traffic policy association data includes a rule indicating that if a virtual network is tagged with metadata having a particular value, the traffic policy applies to the virtual network;
obtaining a metadata tag of a first virtual network;
determining that a value of the obtained metadata tag matches the particular value of the rule;
updating a network configuration of the cloud provider network to route network traffic from the first virtual network to the gateway to the external network through the network function, wherein updating the network configuration of the cloud provider network includes obtaining a network address associated with the at least one network function based at least in part on the resource identifier; and
routing network traffic from the first virtual network to the gateway to the external network through the network function.
|