Overview
![](https://d1.awsstatic.com/colorset-3A_blue-to-green_gradient_divider.81459b38a56091aebc8c9b5310826c4ef397b007.png)
Automations for AWS Firewall Manager allows you to centrally configure, manage, and audit firewall rules across all your AWS Organizations accounts and resources in an automated way. By using this AWS Solution, you can maintain a consistent security posture across your organization.
This solution provides preset rules to configure application-level firewalls for AWS WAF, audit unused and overly permissive Amazon Virtual Private Cloud (Amazon VPC) security groups, and set up a DNS firewall to block queries for bad domains.
This solution optionally helps you create a quick baseline of firewall security rules and protect against distributed denial of service (DDoS) attacks through integration with AWS Shield Advanced. You can also automate proactive event response and health-based detection with this capability.
Note: You can use this solution if you already use Firewall Manager in your organization; however, you must install the solution in your Firewall Manager admin account. If you have not already set up Firewall Manager, refer to the implementation guide for the steps.
Benefits
![](https://d1.awsstatic.com/colorset-3A_blue-to-green_gradient_divider.81459b38a56091aebc8c9b5310826c4ef397b007.png)
Easily configure and audit AWS WAF, DNS, and security group rules in your multi-account AWS environments using AWS Firewall Manager.
Leverage this solution to install the prerequisites needed to use Firewall Manager, so you can spend more time focusing on your specific security needs.
Leverage your AWS Shield Advanced subscription to deploy DDoS protection across accounts in AWS Organizations, set up health checks, and enable proactive event response from the Shield Response Team.
Technical details
![](https://d1.awsstatic.com/colorset-3A_blue-to-green_gradient_divider.81459b38a56091aebc8c9b5310826c4ef397b007.png)
You can automatically deploy this architecture using the implementation guide and the accompanying AWS CloudFormation template.
The solution includes two architectures that show the primary stack and an optional stack with Shield Advanced features. Deploying all of the solution’s stacks with the default parameters deploys the following components in your AWS account.
-
Primary Stack
-
Optional stacks with automations for Shield Advanced
-
Primary Stack
-
Step 1: Policy manager
Parameter Store, a capability of AWS Systems Manager, contains three parameters: /FMS/OUs, /FMS/Regions, and /FMS/Tags. Update these parameters using Systems Manager.
-
Optional stacks with automations for Shield Advanced
Related content
![](https://d1.awsstatic.com/colorset-3A_blue-to-green_gradient_divider.81459b38a56091aebc8c9b5310826c4ef397b007.png)
This course provides an overview of AWS security technology, use cases, benefits, and services. The infrastructure protection section covers AWS WAF for traffic filtering.
This course introduces you to AWS Organizations, the service that offers policy-based management for multiple AWS accounts. We discuss key features and terminology, review how access and use the service, and provide a demonstration.
This exam tests your technical expertise in securing the AWS platform. This is for anyone in an experienced security role.
Was this page helpful?
Total results: 3
- Headline
-
Cloud Foundations
-
Small & Medium Business
-
Cloud Foundations
Total results: 1
- Publish Date
-
- Version: 2.1.2
- Released: 2/2025
- Author: AWS
- Est. deployment time: 5 mins
- Estimated cost: See details