Network configuration analysis and management

What is claimed is: 1 . A computer-implemented method comprising: under control of a computing system comprising memory and one or more computer processors configured to execute specific instructions: obtaining policy data associated with a private network implemented at least within a cloud provider network; establishing, based on the policy data, a first segment within the private network; obtaining attachment metadata indicating a first isolated network of the cloud provider network is associated with the first segment; enabling, based on the attachment metadata, the first isolated network to communicate over the first segment; preventing, based on the policy data, the first isolated network from communicating with a second isolated network associated with the first segment; enabling, based on the policy data, communications between the first isolated network and a shared resource segment; and enabling, based on the policy data, communications between the second isolated network and the shared resource segment. 2 . The computer-implemented method of claim 1 , wherein establishing the first segment comprises: configuring, based on the policy data, a first gateway node in a first geographic region of a plurality of geographic regions of the cloud provider network; and configuring, based on the policy data, a second gateway node in a second geographic region of the plurality of geographic regions to isolate at least a portion of traffic associated with the first segment from at least a portion of traffic associated with a different segment of the private network. 3 . The computer-implemented method of claim 2 , further comprising: configuring the first gateway node to route packets associated with the first segment using a first route table associated with the first segment; and configuring the first gateway node to route packets associated with a second segment using a second route table different from the first route table. 4 . The computer-implemented method of claim 2 , further comprising determining, based on the policy data, a subset of the plurality of geographic regions in which the first segment is to be established, wherein the subset of the plurality of geographic regions comprises fewer than all of the plurality of geographic regions. 5 . The computer-implemented method of claim 4 , further comprising determining, based on the policy data, a second subset of the plurality of geographic regions in which a second segment is to be established, wherein the second subset of the plurality of geographic regions is different than the subset of the plurality of geographic regions. 6 . The computer-implemented method of claim 1 , further comprising generating a graphical user interface comprising: a first display object representing the first segment; a second display object representing a second segment; a third display object representing an attachment of the first isolated network to the first segment; and a fourth display object representing a path shared between the first segment and the second segment. 7 . The computer-implemented method of claim 1 , further comprising: determining that the policy data indicates acceptance is required to enable the first isolated network to communicate over the first segment; and receiving acceptance data representing approval to enable the first isolated network to communicate over the first segment, wherein the first isolated network is enabled to communicate over the first segment in response to receiving the acceptance data. 8 . The computer-implemented method of claim 1 , further comprising determining, based on the policy data, that isolated networks enabled to communicate over the first segment are prohibited from communicating with each other over the first segment. 9 . The computer-implemented method of claim 1 , further comprising determining, based on the policy data, to deny sharing of a route from a second segment with the first segment. 10 . The computer-implemented method of claim 1 , further comprising determining, based on the policy data, to permit sharing of a route from a second segment with the first segment. 11 . A system comprising: computer-readable memory storing executable instructions; and one or more processors in communication with the computer-readable memory and programmed by the executable instructions to: obtain policy data associated with a private network implemented at least within a cloud provider network; establish, based on the policy data, a first segment within the private network; obtain attachment metadata indicating a first isolated network of the cloud provider network is associated with the first segment; enable, based on the attachment metadata, the first isolated network to communicate over the first segment; prevent, based on the policy data, the first isolated network from communicating with a second isolated network associated with the first segment; enable, based on the policy data, communications between the first isolated network and a shared resource segment; and enable, based on the policy data, communications between the second isolated network and the shared resource segment. 12 . The system of claim 11 , wherein to establish the first segment, the one or more processors are further programmed by the executable instructions to: configure, based on the policy data, a first gateway node in a first geographic region of a plurality of geographic regions of the cloud provider network; and configure, based on the policy data, a second gateway node in a second geographic region of the plurality of geographic regions to isolate at least a portion of traffic associated with the first segment from at least a portion of traffic associated with a different segment of the private network. 13 . The system of claim 12 , wherein the one or more processors are further programmed by the executable instructions to: configuring the first gateway node to route packets associated with the first segment using a first route table associated with the first segment; and configuring the first gateway node to route packets associated with a second segment using a second route table different from the first route table. 14 . The system of claim 12 , wherein the one or more processors are further programmed by the executable instructions to determine,, based on the policy data, a subset of the plurality of geographic regions in which the first segment is to be established, wherein the subset of the plurality of geographic regions comprises fewer than all of the plurality of geographic regions. 15 . The system of claim 14 , wherein the one or more processors are further programmed by the executable instructions to determine,, based on the policy data, a second subset of the plurality of geographic regions in which a second segment is to be established, wherein the second subset of the plurality of geographic regions is different than the subset of the plurality of geographic regions. 16 . The system of claim 11 , wherein the one or more processors are further programmed by the executable instructions to generate a graphical user interface comprising: a first display object representing the first segment; a second display object representing a second segment; a third display object representing an attachment of the first isolated network to the first segment; and a fourth display object representing a path shared between the first segment and the second segment. 17 . The system of claim 11 , wherein the one or more processors