AWS Firewall Manager now supports retrofitting of existing AWS WAF WebACLs

Posted on: Oct 25, 2024

Starting today, AWS Firewall Manager enables customers to centrally create policies for AWS WAF that add baseline rule sets to existing WAF WebACLs associated with their resources. Security administrators can now use Firewall Manager policies for WAF to insert first and last rule groups or centrally configure a logging destination for existing WebACLs while leaving custom rule sets intact.

By enabling the “retrofit“ setting on a Firewall Manager WAF policy, security administrators can centrally define baseline protection that applies to resources protected by WAF while ensuring it is enforced by the WebACLs that are already associated with those resources. This allows customers to rapidly deploy a standard set of WAF rules to all web applications before, during, or after a security event without affecting existing WAF deployments, such as those with application-specific rule sets or infrastructure-as-code (IaC) pipelines.

To learn more about the feature, see documentation. For more details on the service and region availability, please visit the service website and AWS Region Table.