DEV Community

Karthik Sakthivel
Karthik Sakthivel

Posted on

AWS Firewall Manager now supports retrofitting of existing AWS WAF Web ACLs

What's new at AWS ๐Ÿ“ข

๐Ÿ”ฑ AWS Firewall Manager now supports retrofitting of existing AWS WAF #WebACLs

๐Ÿ”ฑ It enables customers to centrally create policies for AWS WAF that add baseline rule sets to existing WAF WebACLs associated with their resources.

๐Ÿ”ฑ With this, security administrators can now use Firewall Manager policies for WAF to insert first and last rule groups

๐Ÿ”ฑ Also centrally configure a logging destination for existing WebACLs while leaving custom rule sets intact.

๐Ÿ”ฑ To centrally define baseline protection that applies to resources protected by WAF while ensuring it is enforced by the WebACLs, By enabling the โ€œretrofitโ€œ setting on a Firewall Manager WAF policy.

๐Ÿ”ฑ It helps customers to rapidly deploy a standard set of WAF rules to all web applications at any time without affecting existing WAF deployments.

๐Ÿ“Œ Some of the AWS best practices of AWS Firewall manager NACL:
โšœ๏ธ Start with automatic remediation disabled
โšœ๏ธ Don't modify the value of the FMManaged tag on a network ACL
โšœ๏ธ Don't modify the rules that are managed by Firewall Manager
โšœ๏ธ Don't modify the associations for subnets that have Firewall Manager managed network ACLs
โšœ๏ธ Don't modify the pre-configured rules that are managed by Firewall Manager

๐Ÿ“Œ Complete guide to setup Centrally manage AWS WAF rules with Firewall Manager:
https://aws.amazon.com/blogs/security/centrally-manage-aws-waf-api-v2-and-aws-managed-rules-at-scale-with-firewall-manager/

๐Ÿ“Œ Explore more about AWS Firewall Manager:
https://aws.amazon.com/firewall-manager/

Top comments (0)