Posted On: Feb 24, 2022

AWS Firewall Manager now allows you to deploy AWS Network Firewall to inspect traffic using a centralized deployment model. Previously, Firewall Manager could deploy AWS Network Firewall only in a decentralized deployment model, where we deploy AWS Network Firewall into each VPC which requires protection. With this release, customers can now use Firewall Manager to deploy AWS Network Firewall in either a distributed deployment model or a centralized deployment model.

When you deploy an AWS Network Firewall policy using a centralized deployment model, Firewall Manager creates Network Firewall endpoints in an Inspection VPC that you select. You can either choose the availability zones in which the firewall endpoints will be created for your in-scope VPCs or allow Firewall Manager to automatically create endpoints in availability zones with public subnets. These options provide granular control over the deployment of your Network Firewall endpoints. This feature is now available in all AWS regions where Network Firewall is offered.

AWS Firewall Manager is a security management service that acts as a central place for you to configure and deploy firewall rules across accounts and resources in your organization. With Firewall Manager, you can deploy and monitor rules for AWS WAF, AWS Shield Advanced, VPC security groups, AWS Network Firewall, and Amazon Route 53 Resolver DNS Firewall across your entire organization. Firewall Manager ensures that all firewall rules are consistently enforced, even as new accounts and resources are created.

To get started, see the AWS Firewall Manager documentation for more details and the AWS Region Table for the list of regions where AWS Firewall Manager is currently available. To learn more about AWS Firewall Manager, its features, and its pricing, visit the AWS Firewall Manager website.