Learn about the AWS resource Monitoring options that
are available to help you monitor assets in your AWS deployment.
As you deploy or terminate resources in the AWS public
cloud, you can either use the Panorama plugin for AWS or use the
AWS resource information sources on the firewall to consistently
enforce security policy rules on these workloads. See the Compatibility Matrix for
Panorama plugin version information.
The Panorama plugin for AWS is built for scale and allows you
to monitor up to 1000 AWS VPCs on the AWS public cloud. With this
plugin, you use Panorama as an anchor to poll your AWS accounts
for tags, and then distribute the metadata (IP address-to-tag mapping)
to many firewalls in a device group. Because Panorama communicates
with your AWS accounts to retrieve AWS resource information, you’re
able to streamline the number of API calls made to the cloud environment.
When using Panorama and the AWS plugin, you can centralize the retrieval
of tags and Security policy management to ensure consistent policies
for hybrid and cloud-native architectures. See AWS
Resource Monitoring with the AWS Plugin on Panorama.
If you do not have Panorama or you have a simpler deployment
and need to monitor 10 VPCs or fewer, you can use the VM Information
Source on the firewall (hardware or VM-Series firewall) to monitor
your AWS workloads. You can use the metadata, which the firewall
retrieves, in Dynamic Address Groups and reference them in Security policies
to secure your VM workloads as they spin up or down and IP addresses
change frequently. See Use
Case: Use Dynamic Address Groups to Secure New EC2 Instances within