Posted On: Sep 13, 2021
AWS Firewall Manager now enables customers to centrally deploy AWS WAF rate-based rules across accounts in their organization. An AWS WAF rate-based rule allows customers to track the rate of requests for each originating IP address and trigger a rule action on IPs once it goes over the limit. With this launch, security administrators on AWS Firewall Manager can now deploy rate-based rules across accounts, mandating request limits per account, using Firewall Manager security policy for AWS WAF.
To get started, you can configure a AWS WAF rule group containing the rate-based rule(s), using your Firewall Manager security administrator account, and reference it in the Firewall Manager security policy for AWS WAF, along with the accounts and resources where you want the rules to be applied. Firewall Manager policy ensures the rate-based rules are consistently enforced, even as new accounts and resources are created across an organization. Each rate-based rule is applied to the AWS WAF web access control list (web ACL) in each account, calculating the incoming web requests per account in a trailing, continuously updated 5-minute time span. If an IP address breaches the configured limit specified in the rule, AWS WAF applies the rule action to additional requests from the IP address until the request rate falls below the limit.
Firewall Manager is a security management service that allows customers a central place to configure and deploy firewall rules from, across accounts and resources in their organization. With Firewall Manager, customers can deploy and monitor rules for AWS WAF, AWS Shield Advanced, VPC security groups, AWS Network Firewall, and Amazon Route 53 Resolver DNS Firewall across their entire organization. Firewall Manager ensures that all firewall rules are consistently enforced, even as new accounts and resources are created.