AWS Firewall Manager
- Simplifies your AWS WAF administration and maintenance tasks across multiple accounts and resources. You set up your firewall rules just once, and the service automatically applies your rules across your accounts and resources.
- Firewall Manager allows you to apply WAF rules, as well as Managed Rules for AWS WAF, on a group of resources.
- Firewall Manager is integrated with AWS Organizations, so you can apply protections to resources across accounts.
- Firewall Manager allows you can apply protection policies in a hierarchical manner, so you can delegate the creation of application-specific rules while retaining the ability to enforce certain rules centrally.
- It also lets you use your own custom rules, or purchase managed rules from AWS Marketplace.
- A rule group is a set of rules that you add to a web ACL or an AWS Firewall Manager policy. You can create your own rule group, or you can purchase a managed rule group from AWS Marketplace.
- An AWS Firewall Manager policy contains the rule group that you want to apply to your resources. If you add a new account to your organization, Firewall Manager automatically applies the policy to the specified resources in that account. Firewall Manager protection policies are region-specific.
- You can configure logging on your WAF web ACLs centrally using a Firewall Manager policy.
- You can configure and audit your security groups on Application Load Balancers and Classic Load Balancers across multiple accounts in your organization. This is in addition to being able to manage security groups associated with EC2 instances and ENIs.
- AWS Firewall Manager has pre-configured rules to help you audit your VPC security groups and get detailed reports of non-compliance.
- For Shield Advanced customers, Firewall Manager is included at no additional charge. Shield Advanced customers will be charged for the AWS Config rules created to monitor any changes in resource configurations.
- For WAF and Shield Standard customers, Firewall Manager has these main pricing components:
- Firewall Manager protection policy – Monthly fee per Region.
- WAF WebACLs or Rules – Those created by Firewall Manager will be charged based on current pricing.
- AWS Config Rules – Those created by Firewall Manager to monitor changes in resource configurations are charged based on current pricing.
Note: If you are studying for the AWS Certified Security Specialty exam, we highly recommend that you take our AWS Certified Security – Specialty Practice Exams and read our Security Specialty exam study guide.