Posted On: Feb 15, 2023

AWS Network Firewall now supports tag-based resource groups to simplify management of your firewall rules. AWS Network Firewall is a managed firewall service that makes it easy to deploy essential network protections for all your Amazon VPCs. With this launch, you can tag and filter AWS resources to centrally manage and reference sets of resources in your stateful firewall rules, instead of manually updating your rule groups every time you make changes to a set of resources.

Starting today, you can organize and tag your EC2 instances and elastic network interfaces (ENI) as a resource group and reference the tag in your AWS Network Firewall rule groups. Referencing tags for resource groups within AWS Network Firewall rule groups ensures your firewall rules are applied consistently as your resources change. Previously you needed to manually update individual firewall rules as you added, deleted, or modified your resources, which is time-consuming and hard to maintain. Now AWS Network Firewall automatically updates your rule group with the IP addresses and CIDR ranges of the resources in the resource groups.

There is no additional cost to use tag-based resource groups in AWS Network Firewall. This feature is supported in all AWS Regions where AWS Network Firewall is available today, including the AWS GovCloud (US) Regions. For more information on availability, please see the AWS Region table.

You can get started using tags-based resource groups with AWS Network Firewall from the AWS Management Console or AWS CLI. To learn more, please refer to the service documentation.