Automatic application of AWS WAF rules & AWS Shield Advanced protections

You can automatically enforce AWS WAF rules and AWS Shield Advanced protections on AWS resources that currently exist or are created in the future, thereby ensuring compliance with firewall rules across the organization. AWS Firewall Manager gives customers the ability to apply AWS WAF rules, as well as Managed Rules for AWS WAF, on Application Load Balancers, API Gateways, and Amazon CloudFront accounts. Similarly, you can apply AWS Shield Advanced protections on Application or Classic Load Balances, Elastic IP addresses or CloudFront distributions. You can choose to automatically enforce the rule on a newly created resource, or you can choose to be notified when the new resource is created.

Multi-account resource groups

Within AWS Firewall Manager, you are able to group resources by Account, by Resource Type, and by Tag. Now, your security team can write AWS WAF rules or enable AWS Shield Advanced protections easily for all resources within a particular group or across accounts in the organization. Firewall Manager integrates with AWS Organizations to automatically fetch the list of AWS accounts in the organization to enable you to group resources across accounts.

Cross-account protection policies

AWS Firewall Manager is integrated with AWS Organizations, so you can protect your resources across accounts. First, you build protection policies, which define a group of resources and associate the group with a set of AWS WAF rules or AWS Shield Advanced protections. Then, you specify the scope of the policy to cover a specific set of AWS accounts, or all of your Organizations’ accounts. Now, Firewall Manager will deploy the AWS WAF rules or AWS Shield Advanced protections only on the resources in the accounts based on the scope of the policy.

Hierarchical rule enforcement

AWS Firewall Manager allows you can apply protection policies in a hierarchical manner, so you can delegate the creation of application-specific rules while retaining the ability to enforce certain rules centrally. Centrally applied rules are constantly monitored for any accidental removal or mishandling, thereby ensuring they are applied consistently.  

Dashboard with compliance notifications

AWS Firewall Manager provides a visual dashboard for both AWS WAF rules and AWS Shield Advanced protections, where you can quickly view which AWS resources are protected, identify non-compliant resources, and take appropriate action. You can also get notified when there are changes to your configurations through SNS notification streams.  

Read the Firewall Manager documentation
Learn more about Firewall Manager

Learn more about AWS Firewall Manager by reading the documentation.

Read documentation 
Sign up for an AWS account
Sign up for a free account

Instantly get access to the AWS Free Tier. 

Sign up 
Start building with Firewall Manager in the console
Start building in the console

Get started building with AWS Firewall Manager in the console.

Sign in 

Learn more about AWS Firewall Manager pricing

Visit the pricing page
Ready to build?
Get started with AWS Firewall Manager
Have more questions?
Contact us