Access to the Cloud NGFW for AWS console must be enabled when using Terraform templates with a
Cloud next-generation firewall (NGFW) for Amazon Web Services (AWS). Terraform is an open-source
tool that allows users to define and provision infrastructure as code using declarative configuration
files. Terraform templates are files that specify the resources and configuration for deploying and
managing infrastructure components, such as firewalls, load balancers, networks, or servers. Cloud
NGFW for AWS is a cloud-native solution that provides comprehensive security and visibility across
AWS environments, including VPCs, regions, accounts, and workloads. Cloud NGFW for AWS is
deployed and managed by Palo Alto Networks as a service, eliminating the need for customers to
provision, configure, or maintain any infrastructure or software. Access to the Cloud NGFW for AWS
console must be enabled when using Terraform templates with a Cloud NGFW for AWS, as the
console is the web-based interface that allows customers to view and manage their Cloud NGFW for
AWS instances, policies, logs, alerts, and reports. The console also provides the necessary
information and credentials for integrating with Terraform, such as the API endpoint, access key ID,
secret access key, and customer ID. AWS CloudWatch logging, access to the Palo Alto Networks
Customer Support Portal, and AWS Firewall Manager console access do not need to be enabled when
using Terraform templates with a Cloud NGFW for AWS, as those are not required or relevant
components for Terraform integration. Reference: [Palo Alto Networks Certified Software Firewall
Engineer (PCSFE)], [Terraform Overview], [Cloud Next-Generation Firewall Datasheet], [Cloud Next-
Generation Firewall Deployment Guide], [Cloud Next-Generation Firewall Console Guide]
