DEV Community

Karthik Sakthivel
Karthik Sakthivel

Posted on

AWS Firewall Manager now supports retrofitting of existing AWS WAF Web ACLs

What's new at AWS πŸ“’

πŸ”± AWS Firewall Manager now supports retrofitting of existing AWS WAF #WebACLs

πŸ”± It enables customers to centrally create policies for AWS WAF that add baseline rule sets to existing WAF WebACLs associated with their resources.

πŸ”± With this, security administrators can now use Firewall Manager policies for WAF to insert first and last rule groups

πŸ”± Also centrally configure a logging destination for existing WebACLs while leaving custom rule sets intact.

πŸ”± To centrally define baseline protection that applies to resources protected by WAF while ensuring it is enforced by the WebACLs, By enabling the β€œretrofitβ€œ setting on a Firewall Manager WAF policy.

πŸ”± It helps customers to rapidly deploy a standard set of WAF rules to all web applications at any time without affecting existing WAF deployments.

πŸ“Œ Some of the AWS best practices of AWS Firewall manager NACL:
⚜️ Start with automatic remediation disabled
⚜️ Don't modify the value of the FMManaged tag on a network ACL
⚜️ Don't modify the rules that are managed by Firewall Manager
⚜️ Don't modify the associations for subnets that have Firewall Manager managed network ACLs
⚜️ Don't modify the pre-configured rules that are managed by Firewall Manager

πŸ“Œ Complete guide to setup Centrally manage AWS WAF rules with Firewall Manager:
https://aws.amazon.com/blogs/security/centrally-manage-aws-waf-api-v2-and-aws-managed-rules-at-scale-with-firewall-manager/

πŸ“Œ Explore more about AWS Firewall Manager:
https://aws.amazon.com/firewall-manager/

Top comments (0)