Table of Contents

Centrally manage your AWS WAF rules setup

In the previous blog, we shared how you can secure your web applications, portals and API’s with the help of AWS WAS and AWS Shield. In this blog, we will illustrate how you can configure the newly launched AWS Firewall Manager.
This year, on April the 4th, Amazon launched a new product. AWS Firewall Manager, a service which can be used to configuring and managing AWS WAF rules centrally and still use those rules across multiple accounts and regions.
The Firewall Manager helps us in rolling out the AWS WAF changes across ELBs and CloudFront distributions in multiple accounts which are covered by AWS Organizations. For e.g., we can configure “Block-certain-IP-ranges” or “allow-geographical-location” rule in the main account and then roll out these changes to all other WAFs configured in AWS accounts for Dev, Test, Staging, Customer 1-n, etc.
You must be wondering what is the benefit we get because of this new service

  • Centrally manage the rules at one place
  • Rapid response to newly discovered attacks.
  • Compliance – all WAFs have the same set of tested/ verified rules and configurations
  • Different applications/ services can be protected easily now with less hassle of redoing the steps

Before illustrating steps to configuring your Firewall Manager, let’s take a look at how the AWS WAF Manager works in an ideal scenario.

Source: Amazon AWS

In the above illustration, AWS WAF is used with AWS Lambda to block requests from
specific IP addresses.

How to configure Firewall Manager

Prerequisite

  1. AWS account should be covered under AWS Organizations
  2. AWS account should be set as ‘AWS Firewall Manager administrator’
  1. AWS Config should be enabled for all accounts under AWS Organizations

Setup Steps
Most of the steps are similar to what we do in AWS WAF setup
Create Rule Group

  • A rule group is nothing but WAF rule sets
  • We can create our own custom rule group or use available rule group in AWS marketplace

Create Policy

  • In policy, we need to specify that what resources we need to protect with rule group policy

More options
Choose whether you want to add existing groups to policy or create new groups and choose the region
Name your policy and set/ add rule groupsScope
Define the scope of your policy – basically what is covered by this (ELBs or Cloudfront distributions) and whether you want to apply to all existing resources or not.Review and confirm
A final confirmation is needed.This will take a few minutes to complete and after that, you will be shown a status screen that shows all the resources where Policy was applied.
This is part II of the series of blogs on AWS’ application security offerings and how you can use them to secure your applications. In the next blog, we will test the validity and performance of the setup we discussed in part I on Web Application Security using AWS WAF andAWS Shield. Stay tuned.

Learn More about Encora

We are the software development company fiercely committed and uniquely equipped to enable companies to do what they can’t do now.

Learn More

Global Delivery

READ MORE

Careers

READ MORE

Industries

READ MORE

Related Insights

Enabling Transformation in Hospitality through Technology-Led Innovation

As the exclusive sponsor of the 2024 Hotel Visionary Awards, we support organizations leading ...

Read More

Key Insights from HLTH 2024: The Future of Patient-Centered Healthcare

Discover key insights from HLTH 2024 on digital health, AI in diagnostics, data interoperability, ...

Read More

Data-Driven Engineering: Transforming Operations and Products from Insight to Impact

Discover how data-driven engineering transforms operations and product development, enhancing team ...

Read More
Previous Previous
Next

Accelerate Your Path
to Market Leadership 

Encora logo

Santa Clara, CA

+1 669-236-2674

letstalk@encora.com

Innovation Acceleration

Speak With an Expert

Encora logo

Santa Clara, CA

+1 (480) 991 3635

letstalk@encora.com

Innovation Acceleration