Posted On: Sep 22, 2021
Amazon Firewall Manager now enables customers to centrally deploy Amazon WAF rate-based rules across accounts in their organization. An Amazon WAF rate-based rule allows customers to track the rate of requests for each originating IP address and trigger a rule action on IPs once it goes over the limit. With this launch, security administrators on Amazon Firewall Manager can now deploy rate-based rules across accounts, mandating request limits per account, using Firewall Manager security policy for Amazon WAF.
To get started, you can configure a Amazon WAF rule group containing the rate-based rule(s), using your Firewall Manager security administrator account, and reference it in the Firewall Manager security policy for Amazon WAF, along with the accounts and resources where you want the rules to be applied. Firewall Manager policy ensures the rate-based rules are consistently enforced, even as new accounts and resources are created across an organization. Each rate-based rule is applied to the Amazon WAF web access control list (web ACL) in each account, calculating the incoming web requests per account in a trailing, continuously updated 5-minute time span. If an IP address breaches the configured limit specified in the rule, Amazon WAF applies the rule action to additional requests from the IP address until the request rate falls below the limit.
Firewall Manager is a security management service that allows customers a central place to configure and deploy firewall rules from, across accounts and resources in their organization. With Firewall Manager, customers can deploy and monitor rules for Amazon WAF across their entire organization. Firewall Manager ensures that all firewall rules are consistently enforced, even as new accounts and resources are created.