BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News Amazon Launches a New Cloud Security Service: AWS Firewall Manager

Amazon Launches a New Cloud Security Service: AWS Firewall Manager

Bookmarks

Amazon has launched a new service called AWS Firewall Manager, providing AWS customers a way to configure AWS Web Application Firewall (WAF) rules across multiple accounts centrally. The AWS Firewall Manager is a part of Amazon’s recent launch of several services for security and compliance.

Amazon made this service available responding to customer demand. Jeff Barr, chief evangelist AWS, stated in a blog post on the launch of Firewall Manager:

Over the last couple of years, we have provided our customers with an increasingly broad set of options for protection including AWS WAF and AWS Shield. Our customers are making great use of all of these options, and have asked for the ability to manage them from a single, central location.

With Firewall Manager, AWS customers will have access to a single service to create firewall protection policies and enforce them consistently across their Application Load Balancer (ALB) and Amazon CloudFront infrastructure. Furthermore, this security service enables users to apply custom WAF rules and Managed Rules for WAF available in the AWS Marketplace through various vendors like Imperva, F5, and Trend Micro. 

To be able to use AWS Firewall Manager customers must satisfy a few prerequisites:

  • Their organization must use AWS Organizations to manage their accounts, and all features must be enabled. 
  • One of the accounts in the organization needs to be designated administrator account for the Firewall manager to be able to deploy WS WAF rules organization-wide.
  • Enable the AWS Config for all the accounts in their organization so that Firewall Manager can detect any newly created resources.

Once prerequisites are satisfied, the designated administrator can create policies. A console will guide the administrator through the process of policy creation. The process includes creating rules and a rule group, defining a policy with the rule group, defining the scope of the policy, and then creating the actual policy. 


Image source: https://aws.amazon.com/blogs/aws/aws-firewall-manager-central-management-for-your-web-application-portfolio/

With rolling out policies, organization can reap the benefits from a central AWS Firewall manager. For instance, all resources and accounts can comply with a mandatory set of policies. Barr stated in the same blog post:

With automated policy enforcement across accounts & applications, your security team can be confident that new and existing applications comply with organization-wide security policies when they use Firewall Manager. They can find applications and AWS resources that don’t measure up and bring them into compliance in minutes.

Customers using AWS Shield Advanced will have access to AWS Firewall Manager and AWS WAF at no extra charge. Otherwise, customers are charged a monthly fee for each policy in each region, along with the usual charges for WAF Web ACLs, WAF Rules, and AWS Config Rules. For more details on pricing for AWS Firewall manager see the pricing page. The service is currently available in US East (Northern Virginia), US West (Oregon), and globally at all Amazon CloudFront edge locations. Further detail of the AWS Firewall Manager is available on the AWS Website.

Rate this Article

Adoption
Style

BT