Amazon Firewall Manager - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon Firewall Manager

Amazon Firewall Manager simplifies your administration and maintenance tasks across multiple accounts and resources for a variety of protections, including Amazon WAF, Amazon Shield Advanced, Amazon VPC security groups and network ACLs, Amazon Network Firewall, and Amazon Route 53 Resolver DNS Firewall. With Firewall Manager, you set up your protections just once and the service automatically applies them across your accounts and resources, even as you add new accounts and resources.

Firewall Manager provides these benefits:

  • Helps to protect resources across accounts

  • Helps to protect all resources of a particular type, such as all Amazon CloudFront distributions

  • Helps to protect all resources with specific tags

  • Automatically adds protection to resources that are added to your account

  • Allows you to subscribe all member accounts in an Amazon Organizations organization to Amazon Shield Advanced, and automatically subscribes new in-scope accounts that join the organization

  • Allows you to apply security group rules to all member accounts or specific subsets of accounts in an Amazon Organizations organization, and automatically applies the rules to new in-scope accounts that join the organization

  • Lets you use your own rules, or purchase managed rules from Amazon Web Services Marketplace

Firewall Manager is particularly useful when you want to protect your entire organization rather than a small number of specific accounts and resources, or if you frequently add new resources that you want to protect. Firewall Manager also provides centralized monitoring of DDoS attacks across your organization.