Creating an Amazon Firewall Manager default administrator account
This page provides instructions for creating an Amazon Firewall Manager default administrator account.
Note
This procedure uses the account and organization that you chose and configured in the preceding step.
Only the organization's management account can create Firewall Manager default administrator accounts. The first administrator account that you create is the default admininstrator account. The default administrator account can manage third-party firewalls and has full administrative scope. When you set the default administrator account, Firewall Manager automatically sets it as an Amazon Organizations delegated administrator for Firewall Manager. This allows Firewall Manager to access information about the organizational units (OUs) in the organization. You can use OUs to specify the scope of your Firewall Manager policies. For more information about setting policy scope, see the guidance for the individual policy types under Creating an Amazon Firewall Manager policy. For more information about Organizations and management accounts, see Managing the Amazon Accounts in Your Organization.
Required settings for the organization's management account
The organization's management account must have the following settings in order to onboard the organization to Firewall Manager and create a default administrator:
It must be a member of the organization in Amazon Organizations where you want to apply your Firewall Manager policies.
To set the default administrator account
Sign in to the Firewall Manager Amazon Web Services Management Console using an existing Amazon Organizations management account.
Open the Firewall Manager console at https://console.aws.amazon.com/wafv2/fmsv2
. In the navigation pane, choose Settings.
Type the Amazon account ID of the account that you've chosen to use as the Firewall Manager administrator.
Note
The default administrator has full administrative scope. Full administrative scope means that this account can apply policies to all accounts and organizational units (OUs) within the organization, take actions in all Regions, and manage all Firewall Manager policy types.
Choose Create administrator account to create the account.
For more information about managing the Firewall Manager administrator account, see Using Amazon Firewall Manager administrators.