Amazon Firewall Manager
Centrally configure and manage firewall rules across accounts and applications
Amazon Firewall Manager is a security management service which allows you to centrally configure and manage firewall rules across your accounts and applications in Amazon Organizations. As new applications are created, Firewall Manager makes it easy to bring new applications and resources into compliance by enforcing a common set of security rules. Now you have a single service to build firewall rules, create security policies, and enforce them in a consistent, hierarchical manner across your entire infrastructure, from a central administrator account. Using Amazon Firewall Manager, you can easily roll out rules for Amazon WAF for your Application Load Balancers and API Gateways. You choose from Managed Rules for Amazon WAF, a pre-configured set of rules managed by Amazon Web Services, or customize your own rules that filter out specific traffic patterns.
Benefits
Simplify management of firewall rules across your accounts
Automatically deploy rules on existing and new applications
Amazon Firewall Manager automatically enforces mandatory security policies that you define across existing and newly created resources. The service discovers new resources as they are created across accounts. As new resources are created, they will automatically be brought under the policy scope.
Easily deploy managed rules across accounts
Amazon Firewall Manager integrates with Managed Rules for Amazon WAF, which gives you an easy way to deploy pre-configured WAF rules on your applications. You can choose a Managed Rule, managed by Amazon Web Services, and deploy it consistently across your Application Load Balancers and API Gateways infrastructure with just a few clicks in the console. For example, you can easily protect your entire organization from zero-day vulnerabilities by subscribing to a Managed Rule for Amazon WAF.
Easily monitor for non-compliant resources and accounts
With Amazon Firewall Manager, you get visibility into accounts and resources that are non-compliant with your policy configuration. Within the Amazon Firewall Manager console, you can monitor the status of accounts and resources that are missing WAF rule coverage and resources and take appropriate action. You can also get notified when there are changes to your configurations through SNS notification streams or through Amazon Security Hub.