1. Home
    2. VM-Series
    3. VM-Series Deployment Guide
    4. Set Up the VM-Series Firewall on AWS
    5. List of Attributes Monitored on the AWS VPC
    6. IAM Permissions Required for Monitoring the AWS VPC

    IAM Permissions Required for Monitoring the AWS VPC

    In order to enable VM Monitoring the user’s AWS login credentials tied to the AWS Access Key and Secret Access Key must have permissions for the attributes listed above. These privileges allow the firewall to initiate API calls for monitoring the virtual machines in the AWS VPC.
    The IAM policy associated with the user must either have global read-only access such as AmazonEC2ReadOnlyAccess, or must include individual permissions for all of the monitored attributes. The following IAM policy example lists the permissions for initiating the API actions for monitoring the resources in the AWS VPC:
    { 
    "Version": "2012-10-17", 
    "Statement": [ 
        { 
            "Effect": "Allow", 
            "Action": [ 
                "ec2:DescribeAvailabilityZones", 
                "ec2:DescribeImages", 
                "ec2:DescribeInstances", 
                "ec2:DescribeInstanceStatus", 
                "ec2:DescribeKeyPairs", 
                "ec2:DescribePlacementGroups", 
                "ec2:DescribeRegions", 
                "ec2:DescribeSubnets", 
                "ec2:DescribeTags", 
                "ec2:DescribeVpcs" 
            ], 
            "Resource": [ 
                "*" 
            ] 
} 
    ] 
}

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo