Q: What does this solution do?
A: This solution helps customers configure, deploy and manage a baseline of firewall rules in their AWS environment. A foundational security posture is provided across their applications, including network security for multiple accounts in AWS Organizations. A single administrator account is able to monitor this security posture.
This solution saves time and effort of having to learn and define the security policies manually, and provides a simple mechanism to alter these defaults to suit customers’ needs. Use this solution’s resources to protect network resources from the most common security attacks immediately after installing it.
Q: Who should use this solution?
A: Any customer who is currently using AWS WAF, Security Groups, or DNS Firewall in their AWS Organizations accounts will benefit from this solution. Additionally, customers who are not currently using AWS WAF or Security Groups for their networking security requirements but have a multi-account AWS Organizations can use this solution.
Q: What is the difference between the AWS Firewall Manager Automations for AWS Organizations solution and AWS Firewall Manager?
A: This solution provides installation automation and a prescribed configuration for AWS Firewall Manager. This solution also provides additional automation on top of Firewall Manager to make it easier to update and deploy your policy resources. Some of the offered automations include:
- Get a baseline security posture pre-configured with the solution deployment
- Create and manage AWS FMS policies across multiple AWS Organizational Units and Regions using SSM Parameter Store parameters.
- Customize FMS policies using a policy manifest file in your S3 bucket. The policy manifest is version controlled, allowing you to revert back to previous policy configurations at any point of time.
If you are new to Firewall Manager, the solution provides a prerequisite template to help you install the prerequisites needed to use Firewall Manager.
Q: Can I incorporate this solution into my existing Firewall Manager configuration?
A: Yes, you can use this solution even if you already use Firewall Manager in your organization by deploying the primary solution template (aws-fms-automations.template) in your Firewall Manager admin account.
Q: Can I deploy this solution in any AWS Region?
A: No, this solution uses AWS Firewall Manager which is currently available in specific AWS Regions only. Therefore, you must launch this solution in an AWS Region where this service is available. For the most current availability by Region, refer to AWS service offerings by Region.
Training and Certification
AWS Training and Certification builds your competence, confidence, and credibility through practical cloud skills that help you innovate and build your future. Learn more »
Getting Started with AWS Security, Identity, and Compliance
This course provides an overview of AWS security technology, use cases, benefits, and services. The infrastructure protection section covers AWS WAF for traffic filtering.
Introduction to AWS Organizations
This course introduces you to AWS Organizations, the service that offers policy-based management for multiple AWS accounts. We discuss key features and terminology, review how access and use the service, and provide a demonstration.
AWS Certified Security – Specialty
This exam tests your technical expertise in securing the AWS platform. This is for anyone in an experienced security role.
The AWS Partner Network (APN) is focused on helping partners build successful AWS-based businesses to drive superb solutions and customer experiences. APN Partners are focused on customer success, helping you take full advantage of all the business benefits that AWS has to offer. With their deep expertise on AWS, APN Partners are uniquely positioned to help your company at any stage of your Cloud Adoption Journey and to help you solve some of your most complex problems.