EDUCBA

Home Data Science Data Science Tutorials AWS Tutorial AWS Firewall Manager

AWS Firewall Manager

Princy Victor
Article byPrincy Victor
Priya Pedamkar
Reviewed byRavi Rathore

Updated March 21, 2023

AWS Firewall Manager

 

 

Introduction to AWS Firewall Manager

AWS Firewall Manager is a management service for the security purpose of your Amazon service centrally where firewall manager makes it easy to set some common security rules on your newly created application, which ensures some security for your application; you can also change these rules according to your requirements and put the new policy to access your services for all the applications or particular application in a hierarchical manner across your entire infrastructure.

Start Your Free Data Science Course

Hadoop, Data Science, Statistics & others

Pre-requisites

Before starting to use the Firewall Manager, make sure the following steps are already performed:

1. Join Amazon Web Services Organizations

In order to use the Firewall Manager, the user account has to be in the AWS organization. If the account of the user is already a member, step ii can be directly performed. If the user account is not a member, create the organization as the user account is a master account. Once the organization is created, add other accounts to it and also enable the features.

2. Set the Administrator Account of AWS Firewall Manager

Firewall managers have to be linked with the master account of the organization you have created. Then, the account is known as AWS Firewall Manager Administrator Account.

  • Log in to the console of AWS using the master account of the AWS organization. If any other account has the permissions to do so, it can also be used to log in.
  • Open the console of the Firewall Manager.
  • Select Get started.
  • Provide the Account ID that has to be linked with the Firewall Manager. Then the Firewall Manager Administrator account will be created.
  • Select Set administrator.

3. Enable AWS Config

AWS Config account has to be enabled for each account in the AWS organization. The config can be enabled manually or using templates. Also, the resources that you have to firewall protect has to be specified.

How to Use the AWS Firewall Manager?

It performs mainly two operations.

  • Enable Web Application Firewall Rules.
  • Enable Shield Advanced Protection.

Let us see how these are done in the below steps:

Steps to enable WAF rules with AWS firewall manager

WAF rules can be enabled using AWS Firewall Manager.

The following are the steps to do the same.

Step 1: Complete the prerequisites mentioned in the above section.

Step 2: Create Rules.

For that, create conditions based on the user’s requirement.

Requests Condition
To block or permit requests with malicious scripts Cross-site scripting match conditions.
To block or permit requests based on IP addresses IP match conditions.
To block or permit requests based on the country Geo match conditions.
To block or permit requests based on length Size constraint conditions.
To block or permit requests based on malicious SQL code SQL injection match conditions.
To block or permit requests based on strings String match conditions.
To block or permit requests based on a regex pattern Regex match conditions.

Then, create the rules using the AWS web Application Firewall and add conditions to it.

To create a rule, perform the below steps:

  • Log in to the AWS console and open the WAF console.
  • Select Rules from the navigation pane.
  • Select Create Rule.
  • Enter the values such as Name, Cloud Watch Metric Name, Rule type, Rate limit.
  • Add the conditions by specifying whether it has to be blocked or not.
  • If more than one condition has to be added, then select Add another Condition and repeat the above step.
  • After completing the above steps, Select Create.

Step 3: Create a Rule group

Set of rules that explain what actions to be performed when specific conditions are met is known as a Rule group. It is possible to purchase rule groups or create them manually.

To create a Rule group, the following steps have to be performed.

  • Log in to the AWS console using the administrator account created in the prerequisite step.
  • Open the console of the Firewall manager.
  • Select Security Policies from the navigation pane.
  • If all the prerequisites are not completed, the console instructs the user to fix it. Once the prerequisites are completed, Select
  • Select Create Policy.
  • Select Create an AWS Firewall Manager policy and add a new rule group.
  • Select Next after selecting an AWS Region.
  • Select Next since rules and conditions are already created.
  • Select Create rule group.
  • Enter a name.
  • Enter a CloudWatch metric name to associate with the ruling group. Naming conventions must follow. i.e. name should have alphanumeric characters such as A-Z, a-z, 0-9 or special characters such as _-!”#`+*},./. White space should not be present.
  • Choose a rule
  • Select Add Rule.
  • Select Create.

Step 4: Create and Apply policy for AWS WAF with AWS Firewall Manager.

To create a policy for this, perform the below steps.

  • Since the rule groups are already created, a Rule group summary page will be displayed. Select Next.
  • Enter name.
  • Select WAF for the Policy Type.
  • Select an AWS region.
  • Select the Add rule group.
  • The policy can perform two actions. Count or Action set by rule group.

Select Count; if the policy and rule group has to be tested, select Action set by rule group. As of now, for demo purposes, select Count.

  • Select Next.
  • Based on the requirement, select the account that has to be included or excluded from the policy and select OK.
  • Select the resource types that have to be protected. If resources with tags have to be protected, select Use tags to include/exclude resources.
  • Select Create and apply this policy to existing and new resources.
  • Select Next.
  • Preview the policy created and edit it if needed.
  • Select Create policy.

Steps to enable shield advanced protection with AWS firewall manager

Step 1: Complete the pre-requisites.

Step 2: Create and Apply policy for Shield Advanced Protection with AWS Firewall Manager.

  • Log in to the AWS console using the administrator account created in the prerequisite step.
  • Open the console of the Firewall manager.
  • Select Security Policies from the navigation pane.
  • Select Create Policy.
  • Select Shield Advanced.
  • Enter a name.
  • Based on the requirement, select the account that has to be included or excluded from the policy and select OK.
  • Select the resource types that have to be protected. If resources with tags have to be protected, select Use tags to include/exclude resources.
  • Select Create and apply this policy to existing and new resources.
  • Select Next.
  • Preview the policy created and edit it if needed.
  • Select Create policy.

Step 3: The DDoS team can be authorized depends on the requirement. This is an optional step.

Step 4: Set AWS Cloud Watch Alarms and SNS notifications.

Step 5: Deploy the Rules that are created and track the dashboard for the Global Threat Environment.

Advantages

Given below are the advantages mentioned:

  • Shield advanced protection can be used for CloudFront distributions, applications, Classic Elastic Load Balancers.
  • WAF rules that are pre-configured are easy to deploy on the applications since the Firewall manager is in connection with the AWS WAF-managed rules.
  • Shield advanced protection and AWS WAF rules can be enabled across one or more accounts from the same place since it is in connection with AWS organizations.
  • The security team can get threat notifications with its help, and the team can respond and avoid the attack.

AWS Firewall Manager Pricing

Pricing for it depends on the resources of the user. If the customer has Amazon Web Services Shield Advanced, the Firewall manager will be provided at no extra cost. However, if they change the AWS config rules used to track the changes in the configurations of resources, the Firewall manager will be charged. The following pricing criteria will be present if the customer has both Amazon Web Services Web Application Firewall and Shield Standard.

  • Protection Policy for Firewall Manager: Each region has a monthly fee.
  • AWS Web Application Firewall Web Access Control List or Rules: The firewall manager who creates these will be asked in payment based on the current pricing.
  • Config Rules of AWS: The firewall manager who creates these will be asked in payment based on the current pricing.

As we know, AWS supports ‘Pay per Use’. So there won’t be any minimum fee or pricing, and upfront commitments also won’t be there.

Let us try to understand the above-mentioned details using a table.

Basic of Comparison AWS WAF

AWS Shield Standard

AWS Shield Advanced

 
All public regions $100.00 per policy per Region Included in this. No charge per policy per Region.
Global (Amazon CloudFront locations) $100.00 per policy per Region Included in this. No charge per policy per Region.
AWS WAF WebACLs or Rules Based on current pricing. Included. No extra cost.
AWS Config rules Based on current pricing. Based on current Pricing.

Conclusion

It is a service that offers security management that mainly performs two tasks – Enabling Web Application Firewall rules in order to manage and configure the rules, and also, AWS Advanced Shield protection. This document clearly explains the prerequisites, working, pricing and advantages of the Amazon Web Services Firewall Manager.

Recommended Articles

This is a guide to AWS Firewall Manager. Here we discussed pre-requisites, how to use AWS firewall manager, its advantages and pricing in detail. You can also go through our other related articles to learn more –

  1. AWS Services
  2. Benefits Of AWS
  3. What is AWS?
  4. AWS Storage Services
quiz