Sharing Objects Between AWS and other Managed Devices

Which Objects Can You Use With an AWS Security Group in Security Cloud Control?

While security group objects are exclusive and unique to an Amazon Web Services (AWS) Virtual Private Cloud (VPC), Security Cloud Control allows you to use objects that are also supported on other device types: ASA and FTD. You can share existing objects that are currently associated with other device types or create an object that is not used by any other device and use it specifically with an AWS security group rule. Because the VPC is not a Cisco product, it is not fully compatible with ASA or FTD objects; as such, there may be a few limitations that affect how the objects can be used.

Note that, while you cannot share AWS VPC security group objects across device types, you can associate ASA or FTD objects with AWS security group rules. If you associate an ASA or FTD object with an AWS VPC and that object is currently used in an existing policy, that object becomes shared. Any changes to that object will affect all the devices it is shared with and the affected devices' configuration status appears as Not Synced. See Shared Objects for more information. For additional object states that could affect your objects, see the Related Articles section listed at the bottom of this page.

Use the following table as a guide as to what objects are compatible with an AWS VPC:

Object in Security Cloud Control

AWS Compatible

Protocol Objects

Yes

Network Objects

Yes

Network Group Objects

Yes

Service Objects

Yes

ASA Service Group Objects

No

FTD Service Group Objects

Yes