vSEC Controller integrates the Amazon Web Services (AWS) cloud with Check Point security. The Check Point Data Center Server connects to the AWS cloud and retrieves object data. vSEC Controller updates IP addresses and other object properties in the Data Center Objects group.
AWS Authentication
User Authentication - Uses Access Key ID and Secret Access Key credentials.
Role Authentication - Uses the AWS IAM role. You can use this option only when Security Management is deployed in AWS.
Minimal permissions from the User or Role
Allow
ec2:DescribeInstances
ec2:DescribeNetworkInterfaces
ec2:DescribeSubnets
ec2:DescribeVpcs
ec2:DescribeSecurityGroups
All ("*")
For more information about Roles and the IAM policy, see Amazon Web Services documentation.
To connect to an AWS Data Center server:
Use one of these options to import AWS objects to your policy:
Notes:
Object Names
Object names are the same as those in the AWS console. VPC, subnet, instance, and Security Group are named as follows:
Imported Properties |
Description |
---|---|
Name |
Resource name as shown in the AWS console. User can edit the name after importing the object. |
Name in Server |
Resource name as shown in the AWS console. |
Type in Server |
Resource type. |
IP |
Associated private and public IP addresses. |
Note |
CIDR for subnets and VPC objects. |
URI |
Object path. |
Tags |
Tags (Keys and Values) that are attached to the object. |
The AWS Auto Scaling service with the Check Point Auto Scaling group can increase or decrease the number of vSEC Gateways according to the current load.
vSEC Controller for AWS works with the Check Point Auto Scaling Group. The Check Point Security Management Server updates Data Center objects automatically on the Check Point Auto Scaling group.
Enable the Identity Awareness Blade as explained in Auto Scaling in AWS (Amazon Web Services), sk112575, Section 5-E - Enabling additional Software Blades.