desaiyang
commented
2 years ago You can use Firewall Manager to centrally manage security groups in the following ways:
Configure common baseline security groups across your organization: You can use a common security group policy to provide a centrally controlled association of security groups to accounts and resources across your organization. You specify where and how to apply the policy in your organization.
Audit existing security groups in your organization: You can use an audit security group policy to check the existing rules that are in use in your organization's security groups. You can scope the policy to audit all accounts, specific accounts, or resources tagged within your organization. Firewall Manager automatically detects new accounts and resources and audits them. You can create audit rules to set guardrails on which security group rules to allow or disallow within your organization, and to check for unused or redundant security groups.
Get reports on non-compliant resources and remediate them: You can get reports and alerts for non-compliant resources for your baseline and audit policies. You can also set auto-remediation workflows to remediate any non-compliant resources that Firewall Manager detects.
To learn more about using Firewall Manager to manage your security groups, see the following topics in the AWS WAF Developer Guide:
AWS Firewall Manager prerequisites
Getting started with AWS Firewall Manager Amazon VPC security group policies
Centrally manage VPC security groups using AWS Firewall Manager AWS Firewall Manager simplifies your VPC security groups administration and maintenance tasks across multiple accounts and resources. With Firewall Manager, you can configure and audit your security groups for your organization from a single central administrator account. Firewall Manager automatically applies the rules and protections across your accounts and resources, even as you add new resources. Firewall Manager is particularly useful when you want to protect your entire organization, or if you frequently add new resources that you want to protect from a central administrator account.