The advent of virtualization technologies for commodity hardware has provided benefits with respect to managing large-scale computing resources for many customers with diverse needs, allowing various computing resources to be efficiently and securely shared by multiple customers. For example, virtualization technologies may allow a single physical computing machine to be shared among multiple users by providing each user with one or more virtual machines hosted by the single physical computing machine, with each such virtual machine being a software simulation acting as a distinct logical computing system that provides users with the illusion that they are the sole operators and administrators of a given hardware computing resource, while also providing application isolation and security among the various virtual machines. As another example, virtualization technologies may allow data storage hardware to be shared among multiple users by providing each user with a virtualized data store which may be distributed across multiple data storage devices, with each such virtualized data store acting as a distinct logical data store that provides users with the illusion that they are the sole operators and administrators of the data storage resource.
Virtualization technologies may be leveraged to create many different types of services or perform different functions for client systems or devices. For example, virtual machines may be used to implement a network-based service for external customers, such as an e-commerce platform. Virtual machines may also be used to implement a service or tool for internal customers, such as information technology (IT) service implemented as part of an internal network for a corporation. Network traffic may therefore be directed to these virtual machines in order to perform the various functions or tasks provided by the services or functions performed utilizing the virtual machines. In order to ensure that authorized or controlled access is enforced against network traffic received at virtual machines, network traffic policies may be employed that control the network traffic both to and from virtual machines. As the network environment in which virtual machines operate may change, network traffic policies may change correspondingly. However, managing traffic policies for a diverse set of virtual machines, the numbers of which may be scaled up or down on, may prove burdensome when implementing multiple changes to network traffic policies.
While embodiments are described herein by way of example for several embodiments and illustrative drawings, those skilled in the art will recognize that the embodiments are not limited to the embodiments or drawings described. It should be understood, that the drawings and detailed description thereto are not intended to limit embodiments to the particular form disclosed, but on the contrary, the intention is to cover all modifications, equivalents and alternatives falling within the spirit and scope as defined by the appended claims. The headings used herein are for organizational purposes only and are not meant to be used to limit the scope of the description or the claims. As used throughout this application, the word “may” is used in a permissive sense (i.e., meaning having the potential to), rather than the mandatory sense (i.e., meaning must). Similarly, the words “include”, “including”, and “includes” mean including, but not limited to.