Posted On: Sep 30, 2020

We’re excited to announce the launch of the AWS Centralized WAF and VPC Security Group Management solution, a reference implementation that makes it easier to centrally configure, manage, and audit firewall rules across your accounts and applications in AWS Organizations. The solution uses AWS Firewall Manager to automatically deploy a set of Managed Rules for AWS Web Application Firewall (WAF) and audit checks for VPC security groups across all your AWS accounts from a single place. The solution also gives Shield Advanced customers the option to deploy DDoS protections across accounts.

With AWS Firewall Manager, customers can centrally manage firewall rules, DDoS Shield protections and VPC security groups across their AWS environment. However, many customers find the process to define policies and configure managed rule sets difficult and time consuming. The AWS Centralized WAF and VPC Security Group Management solution simplifies this process by deploying a set of AWS managed firewall rules and security group audit checks on behalf of customers. Managed firewall rules provide customers a set of pre-configured rules to protect web applications running on AWS CloudFront, AWS Application Load Balancers, or Amazon API Gateway. Security group audit checks continuously monitor and detect overly permissive security group rules to protect your VPC resources and improve your firewall posture. The solution also automates the AWS Firewall Manager onboarding process for AWS Organizations and AWS Config, making it faster and easier for customers to begin using these services. To get started with the AWS Centralized WAF and VPC Security Group Management solution, visit the AWS Solution Library or GitHub.