Why do I need to authorize Cloud Firewall to access other resources before I can use it?

Before you can view the requests to the cloud services, responses to the requests, and access between the cloud services over an internal network in the Cloud Firewall console, you must authorize your Cloud Firewall to access resources. These resources include Elastic Compute Service (ECS) instances, virtual private clouds (VPCs), and Server Load Balancer (SLB) instances. Then, you can use the analysis results to configure access control polices. You need to authorize Cloud Firewall to access resources. Otherwise, Cloud Firewall cannot collect data from the resources. When Cloud Firewall is authorized to access resources, you can collect data and view analysis results in the Cloud Firewall console.

To authorize Cloud Firewall to access cloud resources, you must use an Alibaba Cloud account or a RAM user that has the AliyunRAMFullAccess permission. For more information about how to authorize Cloud Firewall to access resources, see Authorize Cloud Firewall to access other cloud resources.

When I create a VPC firewall for a Cloud Enterprise Network (CEN) instance, the system prompts that I do not have permissions. Why?

The CEN instance within your Alibaba Cloud account is attached a VPC that belongs to a different Alibaba Cloud account and your Cloud Firewall is not authorized to access the cloud resources within the Alibaba Cloud account to which the VPC belongs.

When you create a VPC firewall before the authorization is complete, the It is not allowed to be created because of the existing unauthorized network instance message appears.