Posted On: Jul 30, 2020

AWS Firewall Manager (FMS) now allows you to configure logging on your AWS WAF web ACLs centrally using an FMS policy. When you set up an FMS policy for AWS WAF, you can now enable logging on web ACLs for all the in-scope accounts and have the logs centralized under a single account.

After you enable centralized logging, logs from each web ACL are delivered to a single storage destination of your choosing through Kinesis Data Firehose. The logs provide information such as timestamp, AWS resource name, action taken by AWS WAF, and request details. This feature makes it easier to enable logging for AWS WAF across multiple accounts and web ACLs through a single FMS policy. This feature will be supported for Firewall Manager policies configured for the latest version of AWS WAF.

Available globally, AWS Firewall Manager is a security management service which allows customers to centrally configure and manage firewall rules across their accounts and resources in AWS Organization. With Firewall Manager, customers can manage AWS WAF, AWS Shield Advanced, and VPC security groups across their entire AWS Organization, while ensuring that all security rules are consistently enforced, even as new accounts and resources are created.  

To get started, see the documentation for more details. See the AWS Region Table for the list of regions where AWS Firewall Manager is currently available. To learn more about AWS Firewall Manager, its features and pricing, please visit the website.