VMware Cloud on AWS network administrators can use NSX inventory objects to define collections of services, groups, context profiles, and virtual machines to use in firewall rules.
Firewall rules typically apply to a group of VMs that have certain common characteristics including:
- names that follow a naming convention (like Win* for Windows VMs or Photon* for Photon VMs)
- IP addresses within a specific range or CIDR block
- tags
VMware Cloud on AWS creates management groups and a service inventory in all new SDDCs. It also maintains a list of your workload VMs and their tags. You can add or modify your own inventory groups of management or compute VMs.
See Inventory in the NSX Data Center Administration Guide.