What's new at AWS π’
π± AWS Firewall Manager now supports retrofitting of existing AWS WAF #WebACLs
π± It enables customers to centrally create policies for AWS WAF that add baseline rule sets to existing WAF WebACLs associated with their resources.
π± With this, security administrators can now use Firewall Manager policies for WAF to insert first and last rule groups
π± Also centrally configure a logging destination for existing WebACLs while leaving custom rule sets intact.
π± To centrally define baseline protection that applies to resources protected by WAF while ensuring it is enforced by the WebACLs, By enabling the βretrofitβ setting on a Firewall Manager WAF policy.
π± It helps customers to rapidly deploy a standard set of WAF rules to all web applications at any time without affecting existing WAF deployments.
π Some of the AWS best practices of AWS Firewall manager NACL:
βοΈ Start with automatic remediation disabled
βοΈ Don't modify the value of the FMManaged tag on a network ACL
βοΈ Don't modify the rules that are managed by Firewall Manager
βοΈ Don't modify the associations for subnets that have Firewall Manager managed network ACLs
βοΈ Don't modify the pre-configured rules that are managed by Firewall Manager
π Complete guide to setup Centrally manage AWS WAF rules with Firewall Manager:
https://aws.amazon.com/blogs/security/centrally-manage-aws-waf-api-v2-and-aws-managed-rules-at-scale-with-firewall-manager/
π Explore more about AWS Firewall Manager:
https://aws.amazon.com/firewall-manager/