• SonicOSX 7 Profile Objects
• Endpoint Security
• Bandwidth
  • Understanding Bandwidth Profiles
  • Bandwidth Profiles
    • Configuring Bandwidth Object Settings
      • Elemental Bandwidth Object Settings
    • Configuring BWM on an Interface
    • Configuring BWM in a Security Rule Action
    • Editing Bandwidth Profiles
    • Deleting Bandwidth Profiles
• Block Page
  • Customizing Block Page Settings
  • Cloning Block Pages
  • Deleting Block Pages
• Log and Alerts
  • Adding Log and Alerts Profiles
    • About Event Profiles
  • Editing Log and Alert Profiles
  • Deleting Log and Alert Profiles
• Intrusion Prevention
  • Configuring Intrusion Prevention Profiles
  • Deleting Intrusion Prevention Profiles
• QoS Marking
  • Classification
  • Marking
  • Conditioning
    • Site to Site VPN over QoS Capable Networks
    • Site to Site VPN over Public Networks
  • 802.1p and DSCP QoS
    • Enabling 802.1p
    • DSCP Marking
      • DSCP Marking and Mixed VPN Traffic
      • Configure for 802.1p CoS 4 – Controlled Load
      • QoS Mapping
      • Managing QoS Marking
  • Configuring QoS Marking
• DHCP Option
  • Configuring DHCP Option Objects
    • RFC-Defined DHCPV4 Option Numbers
    • RFC-Defined DHCPV6 Option Numbers
  • Editing DHCP Option Objects
  • Deleting DHCP Option Objects
• AWS
  • AWS Objects
    • About Address Object Mapping with AWS
    • Viewing Instance Properties in SonicOSX
    • Creating a New Address Object Mapping
    • Enable Mapping
    • Configuring Synchronization
    • Configuring Regions to Monitor
    • Verifying AWS Address Objects and Groups
• SonicWall Support
  • About This Document

About Address Object Mapping with AWS

EC2 Instances are virtual machines (VMs) running on AWS. Each instance can be one of a number of different available types, depending on the resources required for that instance by the customer. The virtual machine is an instance of a particular Amazon Machine Image (AMI), essentially a template and a specification for VMs that are created from it. All EC2 Instances have a number of properties including:

• Instance type
• AMI used in their creation
• Running state
• ID used for identification
• ID of the Virtual Private Cloud (VPC) where the Instance is located
• A set of user defined tags

You can use any or all of those properties to map matching Instances to address groups that a SonicOS administrator has previously configured on the firewall. Those address groups can be used in Route, VPN and Firewall Policies which can affect how the firewall interacts with AWS hosted machines.

In order to map EC2 Instances to firewall address groups, the Administrator configures any number of mappings between sets of instance properties and pre-existing address groups. If an EC2 Instance, in any of the monitored AWS Regions, matches a set of specified properties, one or more address objects and a single address group are created to represent that Instance and that address group is added to the target address group of the relevant mapping.

EC2 Instances can have multiple private and public IP addresses depending on the number of virtual network interfaces and the use of Elastic IP Addresses. When an Instance matches the properties specified in a mapping, address objects are created for each of its IP addresses, both public and private. Those address objects are then added into one address group which represents the EC2 Instance as a whole. It is that “Instance address group” that is then added to the mapping's target address group, an existing address group used in the configuration of the various firewall policies. Any one EC2 Instance may match the criteria of more than one mapping, in which case the Instance address group is added to more than one target address group. There are no limits.

Tagging an EC2 Instance on AWS

There are multiple ways to tag an EC2 Instance. This section describes how to do so manually.

To manually add a tag to an existing EC2 Instance

1. On the AWS Console, navigate to the EC2 Dashboard and turn to the Instances page.

2. Select the Instance that you wish to tag by selecting the check box in the first column of the table.

   

3. With the Instance selected, click on the Actions button to launch the popup menu.

4. Select Instance Settings and then select Add/Edit Tags.

   

   The Add/Edit Tags dialog is displayed.

5. In the Add/Edit Tags dialog, enter descriptive values in the Key and Value fields.

   

6. Click Save to tag the Instance with this key and value.

7. Verify the tag on the Instances page under the EC2 Dashboard. With the Instance still selected, view the associated tags by clicking the Tags tab in the panel at the bottom of the page. This provides confirmation that the EC2 Instance has been tagged.

   

   You can now use that tag when defining address object mappings in the SonicOS management interface.