Skip to main content



Cisco Defense Orchestrator

Sharing Objects Between AWS and other Managed Devices

Which Objects Can You Use With an AWS Security Group in CDO? 

While security group objects are exclusive and unique to an Amazon Web Services (AWS) Virtual Private Cloud (VPC), CDO allows you to use objects that are also supported on other device types: ASA and FTD. You can share existing objects that are currently associated with other device types or create an object that is not used by any other device and use it specifically with an AWS security group rule. Because the VPC is not a Cisco product, it is not fully compatible with ASA or FTD objects; as such, there may be a few limitations that affect how the objects can be used. 

Note that, while you cannot share AWS VPC security group objects across device types, you can associate ASA or FTD objects with AWS security group rules. If you associate an ASA or FTD object with an AWS VPC and that object is currently used in an existing policy, that object becomes shared. Any changes to that object will affect all the devices it is shared with and the affected devices' configuration status appears as Not Synced. See Shared Objects for more information. For additional object states that could affect your objects, see the Related Articles section listed at the bottom of this page. 

Use the following table as a guide as to what objects are compatible with an AWS VPC: 

Object in CDO AWS Compatible
Protocol Objects Yes
Network Objects Yes
Network Group Objects Yes
Service Objects Yes
ASA Service Group Objects No
FTD Service Group Objects Yes


Related Articles:

  • Was this article helpful?