Automations for AWS Firewall Manager

Centrally configure, manage, and audit firewall rules across all your accounts and resources


The Automations for AWS Firewall Manager solution allows you to centrally configure, manage, and audit firewall rules across all your accounts and resources in AWS Organizations. This solution is a reference implementation to automate the process to set up AWS Firewall Manager security policies.

This solution provides preconfigured rules that can be deployed across AWS Organizations to complete the following:

  1. Configure application-level firewalls for AWS WAF.
  2. Audit unused and overly permissive Amazon Virtual Private Cloud (Amazon VPC) security groups.
  3. Configure domain name system (DNS) firewall to block queries for bad domains.

This solution helps you to create a quick baseline of firewall security rules across Layers 3-7 resources and maintain a consistent security posture within their organization. Additionally, this solution deploys Shield Advanced policies for customers who subscribe to AWS Shield Advanced, to protect against Distributed Denial of Service (DDoS) attacks to their AWS accounts.

Note: You can use this solution if you already use Firewall Manager in your organization; however, you must install the solution in your Firewall Manager admin account. If you have not already set up Firewall Manager, refer to the Implementation Guide for the steps.


Configure WAF, DNS, and Security Group policies

Easily configure and audit WAF, DNS, and Security Group rules in your multi-account AWS environments using AWS Firewall Manager.

Automate AWS Firewall Manager installation

Leverage this solution to install the prerequisites needed to use Firewall Manager, so you can spend more time focusing on your specific security needs.

Deploy DDoS protection across accounts

Leverage your AWS Shield Advanced subscription to deploy DDoS protection across accounts in AWS Organizations.

Technical details

The AWS CloudFormation template deploys an architecture that can be grouped into two separate workflows: Policy manager and Compliance report generator.

Getting Started with AWS Security, Identity, and Compliance

This course provides an overview of AWS security technology, use cases, benefits, and services. The infrastructure protection section covers AWS WAF for traffic filtering.

Enroll now 
Introduction to AWS Organizations

This course introduces you to AWS Organizations, the service that offers policy-based management for multiple AWS accounts. We discuss key features and terminology, review how access and use the service, and provide a demonstration.

Enroll now 
AWS Certified Security – Specialty

This exam tests your technical expertise in securing the AWS platform. This is for anyone in an experienced security role.

Schedule your exam 
Use cases for this AWS Solution
Application Security Network Security
About this deployment
Est. deployment time
5 mins
Estimated cost
Download implementation guide  Source code  CloudFormation template  Subscribe to RSS feed 
Deployment options
Ready to get started?
Deploy this solution by launching it in your AWS Console

Need help? Deploy with a partner.
Find an AWS Certified third-party expert to assist with this deployment
Did this AWS Solution help you?
Provide feedback