What's new at AWS 📢
🔱 AWS Firewall Manager now supports retrofitting of existing AWS WAF #WebACLs
🔱 It enables customers to centrally create policies for AWS WAF that add baseline rule sets to existing WAF WebACLs associated with their resources.
🔱 With this, security administrators can now use Firewall Manager policies for WAF to insert first and last rule groups
🔱 Also centrally configure a logging destination for existing WebACLs while leaving custom rule sets intact.
🔱 To centrally define baseline protection that applies to resources protected by WAF while ensuring it is enforced by the WebACLs, By enabling the “retrofit“ setting on a Firewall Manager WAF policy.
🔱 It helps customers to rapidly deploy a standard set of WAF rules to all web applications at any time without affecting existing WAF deployments.
📌 Some of the AWS best practices of AWS Firewall manager NACL:
⚜️ Start with automatic remediation disabled
⚜️ Don't modify the value of the FMManaged tag on a network ACL
⚜️ Don't modify the rules that are managed by Firewall Manager
⚜️ Don't modify the associations for subnets that have Firewall Manager managed network ACLs
⚜️ Don't modify the pre-configured rules that are managed by Firewall Manager
📌 Complete guide to setup Centrally manage AWS WAF rules with Firewall Manager:
https://aws.amazon.com/blogs/security/centrally-manage-aws-waf-api-v2-and-aws-managed-rules-at-scale-with-firewall-manager/
📌 Explore more about AWS Firewall Manager:
https://aws.amazon.com/firewall-manager/
Top comments (0)