Posted On: Jan 7, 2022

AWS Firewall Manager now enables you to centrally deploy AWS Shield Advanced automatic application layer (L7) DDoS protections across accounts in your organization. AWS Shield Advanced automatic L7 DDoS protections block application layer DDoS events with no manual intervention needed. With this launch, security administrators for AWS Firewall Manager can now enable automatic L7 DDoS protections across accounts using the Firewall Manager security policy for AWS Shield Advanced.

To get started, enable automatic L7 DDoS mitigation on a Firewall Manager Shield Advanced policy. A Shield-managed WAF rule group will then be added to a WAF web access control list (web ACL) for the resources under protection. Shield Advanced evaluates each WAF rule it creates against normal traffic into your resources to minimize false positives and deploys them in either count, allow, or block mode.

AWS Firewall Manager is a security management service that acts as a central place for you to configure and deploy firewall rules across accounts and resources in your organization. With Firewall Manager, you can deploy and monitor rules for AWS WAF, AWS Shield Advanced, VPC security groups, AWS Network Firewall, and Amazon Route 53 Resolver DNS Firewall across your entire organization. Firewall Manager ensures that all firewall rules are consistently enforced, even as new accounts and resources are created. 

To get started, see the AWS Firewall Manager documentation for more details and the AWS Region Table for the list of regions where AWS Firewall Manager is currently available. To learn more about AWS Firewall Manager, its features and its pricing, visit the AWS Firewall Manager website.