packet capture for AWS and on-prem firewall

If you don't really need the data packets, you should take a look at VPC Flow Logs. You can turn it on for an individual Instance (ENI) and publish the data to CloudWatch Logs.

I would use the follwing feature : https://aws.amazon.com/blogs/aws/new-vpc-traffic-mirroring/ to get your the data you need. On the onprem firewall you can initiate a packet pacture for the outbound interface using the provided tools of yoru oprem firewall.