Firewall Manager

AWS Firewall Manager is a centralized security management service in AWS thatthat helps you enforce security policies across multiple AWS services and accounts from a single location. These services include:

  1. AWS WAF
  2. AWS Shield Advanced
  3. Amazon VPC Security Groups and Network ACLs
  4. AWS Network Firewall
  5. Amazon Route 53 Resolver DNS Firewall

It provides centralized management of these security policies, but it does not create rules for traffic inspection directly. AWS Network Firewall is the tool that actually allows detailed traffic inspection and filtering. So, Firewall Manager helps manage these policies at scale, but Network Firewall performs the actual inspection and filtering.

alt text

1. AWS Network Firewall

AWS Network Firewall provides both traffic inspection (deep packet inspection, threat matching, etc.) and traffic filtering (defining allow/deny rules based on traffic characteristics).

2. Firewall Manager and Integration

Firewall Manager works closely with AWS Config and AWS Organizations:

  1. AWS Config tracks resource compliance based on the security policies set by Firewall Manager.
  2. AWS Organizations allows Firewall Manager to apply security policies across all accounts in the organization.

3. Key Benefits of AWS Firewall Manager

  1. Ease of Management: Centralized security enforcement across multiple AWS accounts.
  2. Consistency: Ensures uniform implementation of security policies.
  3. Scalability: Automatically applies security policies to new accounts.
  4. Compliance Monitoring: Continuous tracking of compliance through AWS Config.

4. Question

A global company is using Amazon API Gateway to design REST APIs for its loyalty club users in the us-east-1 Region and the ap-southeast-2 Region. A solutions architect must design a solution to protect these API Gateway managed REST APIs across multiple accounts from SQL injection and cross-site scripting attacks. Which solution will meet these requirements with the LEAST amount of administrative effort?

  1. Set up AWS WAF in both Regions. Associate Regional web ACLs with an API stage.
  2. Set up AWS Firewall Manager in both Regions. Centrally configure AWS WAF rules.
  3. Set up AWS Shield in bath Regions. Associate Regional web ACLs with an API stage.
  4. Set up AWS Shield in one of the Regions. Associate Regional web ACLs with an API stage.

Note - If you want to use AWS WAF across accounts, accelerate WAF configuration, automate the protection of new resources, use Firewall Manager with AWS WAF

5. Question: Use AWS Network Firewall

A company recently migrated to AWS and wants to implement a solution to protect the traffic that flows in and out of the production VPC. The company had an inspection server in its on-premises data center. The inspection server performed specific operations such as traffic flow inspection and traffic filtering. The company wants to have the same functionalities in the AWS Cloud. Which solution will meet these requirements?

  1. Use Amazon GuardDuty for traffic inspection and traffic filtering in the production VPC.
  2. Use Traffic Mirroring to mirror traffic from the production VPC for traffic inspection and filtering.
  3. Use AWS Network Firewall to create the required rules for traffic inspection and traffic filtering for the production VPC. (Correct Ans)
  4. Use AWS Firewall Manager to create the required rules for traffic inspection and traffic filtering for the production VPC.