pro tip: When using NSM, the test will "run" prior to deploying the config and fail. If you DEPLOY the config, then test, it works.
I created a policy group in AWS for "firewalls" and gave them the permissions described in this article. Then I created a user per firewall and put them in the group. Then I created an access key for that user. Then I put that access key and private in the configuration section of the firewall. Yes, I downloaded the csv…