Viewing Shield Advanced events across multiple Amazon Web Services accounts with Amazon Firewall Manager and Amazon Security Hub
You can use Amazon Firewall Manager and Amazon Security Hub to manage and monitor Amazon Shield Advanced protected resources across multiple accounts.
With Firewall Manager, you can create a Shield Advanced security policy that reports and enforces DDoS protection compliance across all of your accounts. Firewall Manager monitors your protected resources, including adding protections to new resources that come into scope of the Shield Advanced policy.
You can integrate Firewall Manager with Amazon Security Hub to get a single dashboard that reports DDoS events that are detected by Shield Advanced and Firewall Manager compliance findings, when Firewall Manager identifies a resource that's out of compliance with your Shield Advanced security policy.
The following figure depicts a typical architecture for monitoring Shield Advanced protected resources with Firewall Manager and Security Hub.
When you integrate Firewall Manager with Security Hub, you can view security findings in a single place, alongside other alerts and compliance status information for the applications that you run on Amazon.
The following screenshot highlights the information that you can see for a Shield Advanced event inside the Security Hub console when you have an integration of this type.
To learn how to integrate Firewall Manager and Security Hub with Shield Advanced to centralize event and
compliance monitoring across your protected accounts, see the Amazon security blog Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources