Prisma Access
Onboard a ZTNA Connector in Amazon Web Services
Table of Contents
Onboard a ZTNA Connector in Amazon Web Services
Onboard a ZTNA Connector in Amazon Web Services.
- Review the requirements and guidelines and the FQDNs and ports you need to configure to use ZTNA Connector in Amazon Web Services (AWS).
- On the Prisma SASE Platform, retrieve and copy the Connector key and secret
values: , find the Connector object you created in Prisma Access to
associate with this VM, and select Copy Token; then, copy
the Key and Secret values.
![]()
- For Prisma Access ZTNA Connector 1-Arm Auto-Scaling deployment, you
must retrieve and copy the Connector Group key and secret values: , find the Connector Group object you created in Prisma Access
to associate with this VM, and select Copy Token; then,
copy the Key and Secret.
![]()
After you’ve met all the prerequisites, follow these steps to onboard a Prisma Access
ZTNA Connector in AWS.
- Go to AWS Marketplace and search for Prisma Access ZTNA Connector.Choose the software plan that best suits your requirement.
Deploy ZTNA Connector 1-Arm in AWS
Follow these steps to deploy ZTNA Connector 1-Arm in AWS.- Select Prisma Access ZTNA Connector 1-Arm cloud formation template.Configure these on the Specify stack details page:
- Enter the Stack name to identify the stack.
- In the Parameters section, specify the
parameters defined in the stack template.
- Select Which VPC should ZTNA Connector be deployed to.
- Specify the subnet for the single port, where you've provisioned applications to onboard to this Connector. You need to have access to the internet from this subnet via a NAT Gateway.
- Enter the Prisma ZTNA Connector License Key and Prisma ZTNA Connector License Secret values you retrieved from the Prisma SASE Portal.
![]()
Deploy ZTNA Connector 1-Arm with Autoscale in AWS
Follow these steps to deploy ZTNA Connector 1-Arm with Autoscale in AWS.- Select Prisma Access ZTNA Connector 1-Arm Auto-Scaling cloud formation template.Configure these parameters on the Specify stack details page:
- Enter the unique Stack name for the deployment.
- Specify the parameters defined in the stack template in the
Parameters section:
- Select Which VPC should ZTNA Connector be deployed to.
- Specify the subnet for the single port, where you've provisioned applications to onboard to this Connector. You need to have access to internet from this subnet via a NAT Gateway.
- In the Required Auto Scaling Group
Configuration:
- Enter the Minimum ZTNA Connectors required in the auto-scaling group.
- Enter the Maximum ZTNA Connectors required in the auto-scaling group. The maximum number of ZTNA Connectors allowed in the Connector Group is 4.
- Set the Percentage of Network Bandwidth for Scale Out. The default and recommended value is 70%.
- Enter the Prisma ZTNA Connector License Key and ZTNA Connector License Secret values you retrieved from the Prisma SASE Portal.
![]()
Deploy ZTNA Connector 2-Arm in AWS
Follow these steps to deploy ZTNA Connector 2-Arm in AWS.- Select Prisma Access ZTNA Connector 1-Arm Deployment cloud formation template.On the Specify stack details page:
- Enter the Stack name for the deployment.
- Specify the parameters defined in your stack template In the
Parameters section.
- Select Which VPC should ZTNA Connector be deployed to.
- Specify the public subnet for the Internet port for WAN connectivity to IPSec. This subnet needs to be associated with a NAT Gateway for internet connectivity.
- Specify the private subnet for Data Center LAN port, where you've provisioned applications to onboard to this Connector.
- Enter the Instance Name
- Enter the Prisma ZTNA Connector License Key and Prisma ZTNA Connector License Secret values you retrieved from the Prisma SASE Portal.
![]()
