Using Amazon WAF policies with Firewall Manager
This section explains how to use Amazon WAF policies with Firewall Manager. In a Firewall Manager Amazon WAF policy, you specify the Amazon WAF rule groups that you want to use to protect all resources that are within policy scope. When you apply the policy, Firewall Manager begins managing web ACLs for in-scope resources, using the specified rule groups and other policy configurations.
You can configure the policy to create and manage all new web ACLs for in-scope resources, replacing any web ACLs that are already in use. Alternately, you can configure the policy to keep any web ACLs that are already associated with in-scope resources, and retrofit them for use by the policy. With this second option, Firewall Manager only creates new web ACLs for resources that don't already have a web ACL association.
Regardless of how they're created, in the web ACLs that Firewall Manager manages, individual accounts can manage their own rules and rule groups, in addition to the rule groups that you define in the Firewall Manager policy.
For the procedure to create a Firewall Manager Amazon WAF policy, see Creating an Amazon Firewall Manager policy for Amazon WAF.