Deleting a Firewall Manager network ACL policy
This section describes what happens in Firewall Manager when you delete a Firewall Manager network ACL policy.
When you delete a Firewall Manager network ACL policy, Firewall Manager changes the FMManaged
tag values to false
on all network ACLs that it's been managing for the policy.
Additionally, you can choose whether to clean up the resources created by the policy. If you choose clean up, Firewall Manager tries the following steps in order:
Put the association back to the original – Firewall Manager tries to associate the subnet back to the network ACL that it was associated with before Firewall Manager started managing it.
Remove first and last rules from the network ACL – If it can't change the association, Firewall Manager tries to remove the policy's first and last rules, leaving only the custom rules in the network ACL that's associated with the subnet.
Do nothing to the rules or the association – If it can't do either of the above things, Firewall Manager leaves the network ACL and its association as they are.
If you don't choose the cleanup option, you'll need to manually manage each network ACL after the policy is deleted. For most situations, choosing the cleanup option is the simplest approach.