Learn about the VM Monitoring options that are available
to help you monitor assets in your AWS deployment.
As you deploy or terminate virtual machines in the AWS
public cloud, you can either use the Panorama plugin for AWS or
use the VM Information sources on the firewall to consistently enforce
security policy rules on these workloads. See the
Compatibility Matrix for
Panorama plugin version information.
The Panorama plugin for AWS is built for scale and allows you
to monitor up to 1000 AWS VPCs on the AWS public cloud. With this
plugin, you use Panorama as an anchor to poll your AWS accounts
for tags, and then distribute the metadata (IP address-to-tag mapping)
to many firewalls in a device group. Because Panorama communicates
with your AWS accounts to retrieve VM information, you’re able to
streamline the number of API calls made to the cloud environment.
When using Panorama and the AWS plugin, you can centralize the retrieval
of tags and Security policy management to ensure consistent policies
for hybrid and cloud-native architectures. See
Monitoring with the AWS Plugin on Panorama.
If you do not have Panorama or you have a simpler deployment
and need to monitor 10 VPCs or fewer, you can use the VM Information
Source on the firewall (hardware or VM-Series firewall) to monitor
your AWS workloads. You can use the metadata, which the firewall
retrieves, in Dynamic Address Groups and reference them in Security
policies to secure your VM workloads as they spin up or down and
IP addresses change frequently. See
Case: Use Dynamic Address Groups to Secure New EC2 Instances within