Cloud integration for AWS allows the firewall instance to access APIs in the cloud fabric. It is recommended to deploy the firewall with an IAM role and to assign the IAM role the necessary permissions to access the AWS services actually used by the firewall. It is also possible to manually configure an IAM user.
IAM Role for a CloudGen Firewall in AWS
If the firewall is using an IAM role, cloud integration automatically uses these credentials to access the AWS API. Permissions assigned to the IAM role can be changed on the fly.
For more information, see How to Create an IAM Role for a CloudGen Firewall in AWS.
AWS Cloud Integration for Firewalls not Running in AWS
To allow an on-premises firewall or a firewall not running in AWS to connect to AWS services such as AWS CloudWatch, you must manually configure authentication credentials. For firewalls running in AWS, use IAM roles instead. Cloud integration allows your firewall to exchange information with the underlying cloud platform for things like streaming logs to AWS CloudWatch. The IAM user uses the same IAM policies that are assigned to the AWS IAM role.
For more information, see How to Manually Configure Cloud Integration for AWS.
Log Streaming to AWS CloudWatch
To stream log data from your firewall to AWS CloudWatch, you must configure AWS Cloud integration and configure syslog streaming on the firewall. The destination is AWS CloudWatch. The configured log group is automatically created, and the logs are placed into a folder using either the instance ID or the hostname as the name.
For more information, see How to Configure Log Streaming to AWS CloudWatch.