List of Attributes Monitored on the AWS VPC

As you provision or modify virtual machines in your AWS VPCs, you have two ways of monitoring these instances and retrieving the tags for use as match criteria in dynamic address groups.
  • VM Information Source—On a next-gen firewall, you can monitor up to a total of 32 tags—14 pre-defined and 18 user-defined key-value pairs (tags).
  • AWS Plugin on Panorama—The Panorama plugin for Microsoft AWS allows you to connect Panorama to your AWS VPC on the public cloud and retrieve the IP address-to-tag mapping for your virtual machines. Panorama then registers the VM information to the managed Palo Alto Networks® firewall(s) that you have configured for notification. With the plugin, Panorama can retrieve a total of 32 tags for each virtual machine, 11 predefined tags and up to 21 user-defined tags.
    The maximum length of a tag can be 127 characters. If a tag is longer than 127 characters, Panorama does not retrieve the tag and register it on the firewalls.
Attributes Monitored on the AWS-VPC
VM Information Source on the FirewallAWS Plugin on Panorama
Architecture
Architecture.<Architecture string>
YesNo
Guest OS
GuestOS.<guest OS name>
YesNo
AMI ID
ImageId.<ImageId string>
YesYes
IAM Instance Profile
Iam-instance-profile.<instanceProfileArn>
NoYes
Instance ID
InstanceId.<InstanceId string>
YesNo
Instance State
InstanceState.<instance state>
YesNo
Instance Type
InstanceType.<instance type>
YesNo
Key Name
KeyName.<KeyName string>
YesYes
Owner ID
The value for this attribute is fetched from the ENI.
Account-number.<OwnerId>
NoYes
Placement—Tenancy, Group Name, Availability Zone
Placement.Tenancy.<string>
Placement.GroupName.<string>
Placement.AvailabilityZone.<string>
YesYes
Private DNS Name
PrivateDnsName.<Private DNS Name>
YesNo
Public DNS Name
PublicDnsName.<Public DNS Name>
YesYes
Subnet ID
SubnetID.<subnetID string>
YesYes
Security Group ID
Sg-id.<sg-xxxx>
NoYes
Security Group Name
Sg-name.<SecurityGroupName>
NoYes
VPC ID
VpcId.<VpcId string>
YesYes
Tag (key, value)
aws-tag.<key>.<value>
Yes;
Up to a maximum of 18 user defined tags are supported. The user-defined tags are sorted alphabetically, and the first 18 tags are available for use on the firewalls.
Yes;
Up to a maximum of 21 user defined tags are supported. The user-defined tags are sorted alphabetically, and the first 21 tags are available for use on Panorama and the firewalls.

Related Documentation