---
title: "AWS"
slug: "whitelisting-your-perimeter-gateway-at-the-aws-management-console"
tags: ["Essentials", "Premium", "Enterprise"]
updated: 2026-04-07T08:59:11Z
published: 2026-04-07T08:59:11Z
canonical: "support.perimeter81.com/whitelisting-your-perimeter-gateway-at-the-aws-management-console"
stale: true
---

> ## Documentation Index
> Fetch the complete documentation index at: https://support.perimeter81.com/llms.txt
> Use this file to discover all available pages before exploring further.

# AWS

This article describes how to [whitelist](https://support.perimeter81.com/v1/docs/360004369673-whitelisting-cloud-applications) your Check Point SASE Gateway at the AWS Management Console, which will allow you to restrict access to a certain resource within a VPC to users connected to the secure Check Point SASE gateway only. While this method needs to be applied to every particular resource, it is a good alternative for those who'd like to avoid setting up a Site-to-Site connection to a VPC.

- Create a security group
- Attach resources to the security group

Please follow the steps below:

### Create a security group

1. Open the AWS Management Console EC2 dashboard.
2. Navigate to **Security Groups**.  
![360011092079ScreenShot2020-04-16at165719.png](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/360011092079ScreenShot2020-04-16at165719.png)
3. Select **Create** and fill in the following information:  
![360011098640ScreenShot2020-04-16at165944.png](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/360011098640ScreenShot2020-04-16at165944.png)

- **Security group name****:** Enter a name of your choice.
- **Description****:** Describe the use case of the group. The description can be up to 255 characters long.
- **VPC****:** Select the appropriate VPC. If you are using VPC peering, you can later update the rules for your VPC security groups to [reference security groups in the peered VPC](https://docs.aws.amazon.com/vpc/latest/peering/vpc-peering-security-groups.html). In case you are using a Transit Gateway, note that spoke Amazon VPCs cannot reference security groups in other spokes connected to the same AWS Transit Gateway.
- **Add** an inbound rule with the following information:
  - **Type****:** All traffic
  - **Protocol****:** All
  - **Port range****:** All
  - **Source****:** Custom; Insert your Check Point SASE Gateway IP
  - **Description:** (optional)

![360011101140ScreenShot2020-04-16at172605.png](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/360011101140ScreenShot2020-04-16at172605.png)

- Select **Create security group**.

### Attach resources to the security group

1. Return to the EC2 dashboard.
2. Select the **Instances** tab within the **Instances** section.  
![360011166420ScreenShot2020-04-19at122601.png](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/360011166420ScreenShot2020-04-19at122601.png)
3. Select the instance you'd like to apply the Security Group to. Select **Actions** /**Networking** /**Change Security Groups**.  
![360011161359ScreenShot2020-04-19at122957.png](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/360011161359ScreenShot2020-04-19at122957.png)
4. Select the newly created security group, then select **Assign security group**.  
![360011161459ScreenShot2020-04-19at123442.png](https://cdn.document360.io/44667c0c-50d7-412a-acbd-20d4a41c952e/Images/Documentation/360011161459ScreenShot2020-04-19at123442.png)