topic PA outbound security policy - Terraform to AWS console in Next-Generation Firewall Discussions https://live.paloaltonetworks.com/t5/next-generation-firewall/pa-outbound-security-policy-terraform-to-aws-console/m-p/1231238#M5966 <P>We have an on-prem dev environment with outbound access through a PA-3220 running&nbsp;<SPAN>11.0.4-h6.&nbsp; We are trying to craft a rule to allow an on-prem src to connect to AWS console to run terraform scripts.<BR /><BR />We've tried using application type amazon-aws-console with and without the web+ssl dependencies.&nbsp; Also tried restricting it to just http+https with a URL category list including<BR />sts.amazonaws.com<BR />*.aws.amazon.com<BR />*.console.aws.amazon.com<BR /><BR />It only works reliably if we simply allow http+https to any destination.&nbsp; Browsing test traffic I would suspect it is all the redirects on the AWS side causing issues.<BR /><BR />Can anyone offer guidance or point to a KB that would detail the best way to handle this traffic?&nbsp; Given the search terms I get a flood of results specific to running NGFW in AWS.<BR /><BR />Note also we have URL filtering license.<BR /><BR /><BR /></SPAN></P> Fri, 06 Jun 2025 21:16:13 GMT patrick.smith 2025-06-06T21:16:13Z PA outbound security policy - Terraform to AWS console https://live.paloaltonetworks.com/t5/next-generation-firewall/pa-outbound-security-policy-terraform-to-aws-console/m-p/1231238#M5966 <P>We have an on-prem dev environment with outbound access through a PA-3220 running&nbsp;<SPAN>11.0.4-h6.&nbsp; We are trying to craft a rule to allow an on-prem src to connect to AWS console to run terraform scripts.<BR /><BR />We've tried using application type amazon-aws-console with and without the web+ssl dependencies.&nbsp; Also tried restricting it to just http+https with a URL category list including<BR />sts.amazonaws.com<BR />*.aws.amazon.com<BR />*.console.aws.amazon.com<BR /><BR />It only works reliably if we simply allow http+https to any destination.&nbsp; Browsing test traffic I would suspect it is all the redirects on the AWS side causing issues.<BR /><BR />Can anyone offer guidance or point to a KB that would detail the best way to handle this traffic?&nbsp; Given the search terms I get a flood of results specific to running NGFW in AWS.<BR /><BR />Note also we have URL filtering license.<BR /><BR /><BR /></SPAN></P> Fri, 06 Jun 2025 21:16:13 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/pa-outbound-security-policy-terraform-to-aws-console/m-p/1231238#M5966 patrick.smith 2025-06-06T21:16:13Z