Learn about the VM Monitoring options that are available
to help you monitor assets in your AWS deployment.
As you deploy or terminate virtual machines in the AWS
public cloud, you can either use the Panorama plugin for AWS or
use the VM Information sources on the firewall to consistently enforce
security policy rules on these workloads. See the Compatibility Matrix for
Panorama plugin version information.
The Panorama plugin for AWS is built for scale and allows you
to monitor up to 1000 AWS VPCs on the AWS public cloud. With this
plugin, you use Panorama as an anchor to poll your AWS accounts
for tags, and then distribute the metadata (IP address-to-tag mapping)
to many firewalls in a device group. Because Panorama communicates
with your AWS accounts to retrieve VM information, you’re able to
streamline the number of API calls made to the cloud environment.
When using Panorama and the AWS plugin, you can centralize the retrieval
of tags and Security policy management to ensure consistent policies
for hybrid and cloud-native architectures. See VM
Monitoring with the AWS Plugin on Panorama.
If you do not have Panorama or you have a simpler deployment
and need to monitor 10 VPCs or fewer, you can use the VM Information Source
on the firewall (hardware or VM-Series firewall) to monitor your
AWS workloads. You can use the metadata, which the firewall retrieves,
in Dynamic Address Groups and reference them in Security policies
to secure your VM workloads as they spin up or down and IP addresses
change frequently. See Use
Case: Use Dynamic Address Groups to Secure New EC2 Instances within
the VPC.