Posted On: Jul 11, 2022

AWS Firewall Manager now supports centrally distributing VPC security group tags when creating a common security group policy.

A primary security group is a set of security group rules defined by the AWS Firewall Manager administrator that is replicated to all in-scope accounts when deploying a policy to those accounts. With this release, you can configure AWS Firewall Manager to distribute tags associated with the primary security group when creating a common security group policy. Every security group created by Firewall Manager in the member accounts will include the same tags as the primary security group, enabling easier distribution of security group tags. Optionally, you can have additional tags on member accounts, in addition to the base tags created on primary Security Groups. Firewall Manager will track compliance of the distributed security group tags in the member accounts and alert you if any of the primary security group tags are deleted or modified. You can optionally enable auto-remediation, and Firewall Manager will add the deleted tag to the non-compliant security groups.

AWS Firewall Manager is a security management service that acts as a central place for you to configure and deploy firewall rules across accounts and resources in your organization. With Firewall Manager, you can deploy and monitor rules for AWS WAF, AWS Shield Advanced, VPC security groups, AWS Network Firewall, Amazon Route 53 Resolver DNS Firewall, and third-part firewalls across your entire organization. Firewall Manager ensures that all firewall rules are consistently enforced, even as new accounts and resources are created.

To get started, see the AWS Firewall Manager documentation for more details and the AWS Region Table for the list of regions where AWS Firewall Manager is currently available. To learn more about AWS Firewall Manager, its features, and its pricing, visit the AWS Firewall Manager website.