Posted On: Sep 12, 2018

AWS Firewall Manager now supports account inclusion or exclusion when defining the policy scope. This allows customers to enforce AWS WAF rules only on a subset of accounts instead of all accounts in their AWS Organizations.

With this feature, customers can now scope their Firewall Manager policies to only include Prod and Stage accounts, or exclude certain whitelisted Dev accounts. Customers can also use this feature with their existing tag-based resource inclusion or exclusion rules. For instance, customers can enforce Open Web Application Security Project (OWASP) rules (like SQL injection or cross-site scripting) on only the PCI-tagged resources within their Prod accounts.

AWS Firewall Manager is a security management tool that simplifies your AWS WAF administration and maintenance tasks across multiple accounts and resources. With Firewall Manager, you set up your firewall rules just once. The service automatically applies your rules across your accounts and resources, even as you add new resources.

This new feature is available today at no additional cost. Learn more by visiting the AWS Firewall Manager documentation.