AWS Firewall Manager
AWS Firewall Manager is a security management service which allows you to centrally configure and manage firewall rules across your accounts and applications in AWS Organization. As new applications are created, Firewall Manager makes it easy to bring new applications and resources into compliance by enforcing a common set of security rules. Now you have a single service to build firewall rules, create security policies, and enforce them in a consistent, hierarchical manner across your entire infrastructure.
Using AWS Firewall Manager, you can easily roll out AWS WAF rules for your Application Load Balancers, API Gateways, and Amazon CloudFront distributions. Similarly, you can create AWS Shield Advanced protections for your Application Load Balancers, ELB Classic Load Balancers, Elastic IP Addresses and CloudFront distributions. Finally, with AWS Firewall Manager, you can enable security groups for your Amazon EC2 and ENI resource types in Amazon VPCs.
Simplify management of firewall rules across your accounts
AWS Firewall Manager is integrated with AWS Organizations so you can enable AWS WAF rules, AWS Shield Advanced protections and security groups for your Amazon VPC across multiple AWS accounts and resources from a single place. You can group rules, build policies, and centrally apply those policies across your entire infrastructure. For example, you can delegate the creation of application-specific rules within an account while retaining the ability to enforce global security policies across accounts.
Ensure compliance of existing and new applications
AWS Firewall Manager automatically enforces mandatory security policies that you define across existing and newly created resources. The service discovers new resources as they are created across accounts. For example, if you are required to meet US Department of Treasury’s Office of Foreign Assets Control (OFAC) regulations, you can use Firewall Manager to deploy an AWS WAF rule to block traffic from embargoed countries across your Application Load Balancer, API Gateway, and Amazon CloudFront accounts. As new resources are created, they will automatically be brought under the policy scope.
Easily deploy managed rules across accounts
AWS Firewall Manager integrates with Managed Rules for AWS WAF, which gives you an easy way to deploy pre-configured WAF rules on your applications. You can choose a Managed Rule from an AWS Marketplace Seller and deploy it consistently across your Application Load Balancer, API Gateway, and Amazon CloudFront infrastructure with just a few clicks in the console. For example, you can easily protect your entire organization from zero-day vulnerabilities by subscribing to a Managed Rule for WAF from the AWS Marketplace that provides CVE patch updates. For Advanced Shield protections, you can use AWS Firewall Manager to automatically protect against various types of DDoS attacks such as UDP reflection attacks, SYN flood, DNS query flood and HTTP flood attacks across accounts. For security groups in your Amazon VPC, we provide pre-configured rules that identify unused and redundant Security Groups across your organization.
Enable rapid response to internet attacks
With AWS Firewall Manager, your security team can be notified of threats so they can respond and rapidly mitigate an attack. For example, when Amazon GuardDuty discovers a malicious IP address accessing your application, you can quickly deploy a firewall protection policy to apply a block for the IP address across all your Application Load Balancers, API Gateway, and Amazon CloudFront distributions across your entire organization.