To allow an on-premises firewall or a firewall not running in AWS to connect to AWS services such as AWS CloudWatch, you must manually configure authentication credentials. For firewalls running in AWS, use IAM roles instead. Cloud integration allows your firewall to exchange information with the underlying cloud platform for things like streaming logs to AWS CloudWatch. The IAM user uses the same IAM policies that are assigned to the AWS IAM role.
Before You Begin
Create the required IAM policies for your firewall. For more information, see How to Create an IAM Role for an F-Series Firewall in AWS.
Step 1. Create the IAM User
Create the IAM user that is used to connect the firewall instance to the cloud fabric.
- Go to AWS IAM: https://console.aws.amazon.com/iam.
- In the left menu, click Users.
- Click Create New Users.
- Enter the User name.
- In the Select AWS access type section, select the Programmatic access check box.
- Click Next: Permissions.
- Click Attach existing policies directly.
- From the Filter drop-down list, select Customer Managed.
- Select the IAM policies required for the AWS services you need to access. E.g., NGF_CloudWatch to send logs to AWS CloudWatch
- Click Next: Review.
- Review the settings, and click Create user.
- Download or click show to write down the user's security credentials (access key ID and secret access key).
Step 2. Configure Cloud Integration
Add the access key ID and secret access key to allow the firewall to connect to the AWS cloud fabric.
- Log into the firewall instance.
- Go to CONFIGURATION > Configuration Tree > Box > Advanced Configuration > Cloud Integration.
- Click Lock.
- In the left menu, click AWS Networking.
- From the Enable AWS networking list, select Enabled.
- Enter the Access Key ID from the IAM user created in Step 2.
- Enter the Access Key Value from the IAM user created in Step 2.
- Enter the Route Check Interval between 10 and 300 seconds.
- Click Send Changes and Activate.
The firewall instance can now connect to the AWS APIs allowed by the IAM policies.