Posted On: Jul 8, 2020
AWS Firewall Manager has introduced new pre-configured rules to help customers audit their VPC security groups and get detailed reports of non-compliance from a central administrator account. This feature makes it easier for customers to centrally audit their security groups using pre-configured rules they can readily enable out of box across their accounts and resources, taking away the heavy-lifting of configuring custom audit checks manually.
Firewall Manager will automatically audit new resources and rules, as customers add resources or security group rule(s) to their accounts. At launch, customers can enable audit checks for two common use cases. First, customers can audit for overly permissive security group rules such as rules with wide range of ports or CIDR ranges or rules that have enabled all protocols to access resources. Second, customers can audit for high-risk applications that are open to wide CIDR ranges (eg. 0.0.0.0/0. ::/0) or open to local CIDR ranges (eg. 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12). Customers can choose from pre-defined application and protocol lists or customize their own. In addition, customers will also get a detailed report of violations that enlist security group rules within customer accounts that are non-compliant with the audit checks. Besides managed audit rules, customers can still continue configuring custom audit checks for security group rules using Firewall Manager.
Available globally, AWS Firewall Manager is a security management service which allows customers to centrally configure and manage firewall rules across their accounts and applications in AWS Organization. With Firewall Manager, customers can centrally manage AWS WAF, AWS Shield Advanced, or VPC security groups across their entire AWS Organization. Firewall Manager ensures that all security rules are consistently enforced, even as new accounts or applications are created.