Amazon managed policies for Amazon Network Firewall - Amazon Network Firewall
Policy updates
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon managed policies for Amazon Network Firewall

To add permissions to users, groups, and roles, it is easier to use Amazon managed policies than to write policies yourself. It takes time and expertise to create IAM customer managed policies that provide your team with only the permissions they need. To get started quickly, you can use our Amazon managed policies. These policies cover common use cases and are available in your Amazon Web Services account. For more information about Amazon managed policies, see Amazon managed policies in the IAM User Guide.

Amazon services maintain and update Amazon managed policies. You can't change the permissions in Amazon managed policies. Services occasionally add additional permissions to an Amazon managed policy to support new features. This type of update affects all identities (users, groups, and roles) where the policy is attached. Services are most likely to update an Amazon managed policy when a new feature is launched or when new operations become available. Services do not remove permissions from an Amazon managed policy, so policy updates won't break your existing permissions.

Additionally, Amazon supports managed policies for job functions that span multiple services. For example, the ReadOnlyAccess Amazon managed policy provides read-only access to all Amazon services and resources. When a service launches a new feature, Amazon adds read-only permissions for new operations and resources. For a list and descriptions of job function policies, see Amazon managed policies for job functions in the IAM User Guide.

Network Firewall updates to Amazon managed policies

View details about updates to Amazon managed policies for Network Firewall since this service began tracking these changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the Network Firewall Document history page.

Change Description Date

AWSNetworkFirewallServiceRolePolicy – Update to the existing policy

Updated the AWSNetworkFirewallServiceRolePolicy to support describing ACM certificates for use with TLS inspection configurations.

For policy details, see AWSNetworkFirewallServiceRolePolicy.

March 31, 2023

AWSNetworkFirewallServiceRolePolicy – Update to the existing policy

Amazon Network Firewall expanded availability of the policy to the Amazon GovCloud (US) Regions, Amazon GovCloud (US-East) and Amazon GovCloud (US-West).

AWSNetworkFirewallServiceRolePolicy is an access policy that allows Network Firewall to manage Network Firewall related resources on behalf of your Amazon Web Services account. Network Firewall uses this policy to create, describe, and delete VPC endpoints in support of your firewall management activities.

For policy details, see AWSNetworkFirewallServiceRolePolicy.

This policy uses the service-linked role AWSServiceRoleForNetworkFirewall. For more information, see Using service-linked roles for Network Firewall.

 June 24, 2021

Network Firewall started tracking changes

Network Firewall started tracking changes for its Amazon managed policies.

 June 24, 2021