SlideShare una empresa de Scribd logo

Introducing AWS Firewall Manager - AWS Online Tech Talks

Amazon Web Services
Amazon Web Services

Learning Objectives: - Learn about requirements for AWS Firewall Manager, like AWS Organizations - Learn how to keep new Web applications in compliance across the org from day one - Learn how Firewall Manager supports your custom WAF rules as well as Managed Rules for AWS WAF

1 de 43
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Centrally configure and manage your firewall rules across accounts and applications Venkat Vijayaraghavan, Product Manager
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda Introduction to AWS Firewall Manager Getting Started Demo Intro 101
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Web Application Threats Application Vulnerabilities Bots & ScrapersHTTP Floods
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Challenges Customers Face Large Number of Accounts and Resources New applications created all the time Hard to manage security policies centrally across all Accounts and resources Difficult to ensure that all applications are consistently protected on day 1 Central Organization-wide Visibility into Threats No single place to monitor and respond to any threats across the Organization
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager is a security management tool to centrally configure and manage web application firewall rules across all accounts and applications in your Organization. AWS Firewall Manager
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager AWS WAF Web application firewall to help detect and block malicious web requests targeted at your web applications AWS Firewall Manager Easily configure AWS WAF rules across all ALB or CloudFront distributions in your Organization
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is AWS WAF (Web Application Firewall) Web traffic filtering with custom rules & automations Managed Rules to block malicious request Active monitoring and tuning
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Key Benefits
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Key Benefits Ensure Compliance to Mandatory Rules Across Organization Simplify Management of Rules Across Accounts & Applications Easily Deploy WAF Rules from AWS Marketplace Enable Rapid Response to Internet Attacks
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Key Benefits  Integrated with AWS Organizations so you can enable AWS WAF rules across multiple AWS accounts.  Firewall Manager Policies can span across Accounts and across resources.  Supports Hierarchical rules - Security administrator can create organization-wide rules, while delegating application-specific rules to individual Account owners. Simplify Firewall Rules Management Across Accounts & Resources
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Key Benefits Ensure Compliance of Existing and New Applications  Ensure All your resources comply with a mandatory set of security policies  Automatically discover new Accounts, or resources like ALB or CloudFront distribution as they are created  Easily block traffic from embargoed countries across your Organization to adhere to the US Dept. of Treasury’s Office of Foreign Assets Control (OFAC) regulations
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Key Benefits  Integrated with Managed Rules for AWS WAF, an easy way to deploy pre-configured WAF rules for your applications  Consistently deploy a managed rule group from any Marketplace vendor across your Organization  Easily deploy a OWASP top 10 rule group to protect your PCI workloads or deploy a bad IP reputation list to prevent bad actors from accessing your applications Easily Deploy WAF rules from AWS Marketplace
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Key Benefits  Security administrator have a single console to receive real- time threats, and respond within minutes  Quickly apply CVE Patches across all applications in your Organization, or block malicious IP addresses detected by GuardDuty across entire Organization GuardDuty CloudWatch Events Lambda Amazon GuardDuty Amazon CloudWatch CloudWatch Event Lambda Function AWS Lambda Firewall Manager Enable Rapid Response to Internet Attacks Account 2 Account 3 Account 1 AWS WAF
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Key Features
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Other Key Features  Integration with AWS Organization for cross-account protection policies  Continuous monitoring of policy drift, with automatic remediation of WAF rules  Multi-account resource groups, using specifiers like Resource type or Tagris Tags  Hierarchical rule enforcement; Globally mandated rules with customized local rules  Dashboard with compliance notifications for auditing  Receive notifications via SNS for non-compliance events  Central visibility of threats across the entire Organization
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Typical Use Cases • Block traffic from embargoed countries to adhere to OFAC regulations. • Deploy an IP Reputation list across the organization to automatically block traffic from known bad IP addresses Mandatory Rules Across Organization
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Typical Use Cases Deploy OWASP rules for PCI compliance • PCI DSS 3.0 Requirement 6 suggests customers deploy a WAF, with rules like OWASP top 10 • Subscribe to Managed Rules from AWS Marketplace • Ensure the OWASP rule is applied across all PCI-tagged resources
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting Started & Demo
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Firewall Manager Pre-Requisites 1. Enable AWS Organizations Full Features 2. Enable AWS Config Recorder in All Accounts 3. Designate an Account as Firewall Manager Admin
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo: Firewall Manager DemoMaster Account DemoSecurityAdmin Account DemoMember Account ALB1 ALB2 ALB1 ALB2 ALB1 ALB2 ALB3
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to get started? Security Admin creates RuleGroup Subscribe to Managed Rules from AWS Marketplace OR Create Custom RuleGroup Specify Policy Scope Customer specifies the scope of resources included in the policy. Use Resource Type (Ex: ALB or CloudFront) or Tags to choose resources Create Policy Verify the scope and Save. Creates the necessary AWS WAF Rules, and also Config rules for monitoring.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Pricing With AWS WAF / Shield Standard ALL PUBLIC REGIONS • $100 per policy per Region GLOBAL (AMAZON CLOUDFRONT LOCATIONS) • $100 per policy per Region. AWS WAF • WebACLs or Rules created by Firewall Manager - See AWS WAF pricing AWS Config rules created by Firewall Manager - See AWS Config pricing With AWS Shield Advanced ALL PUBLIC REGIONS • Included. No charge per policy per Region GLOBAL (AMAZON CLOUDFRONT LOCATIONS) • Included. No charge per policy per Region. AWS WAF • Included. No charge for AWS Shield Advanced. AWS Config rules created by Firewall Manager - See AWS Config pricing
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Region Availability  US East (Virginia)  US West (Oregon)  Global (All CloudFront edge locations)
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you! www.aws.amazon.com/firewall-manager
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Q: Why Does Firewall Manager Create Config Rules? • Monitor changes in resource configurations. • Know when new resources are created. • Know when WAF rules are accidently deleted.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting Started Prerequisites
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting Started In the AWS Organizations Console. - AWS Organization master needs to do this Prerequisites
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting Started Set in the AWS Firewall Manager console. - AWS Organization master needs to do this. Prerequisites
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting Started Step 1: Go to AWS WAF & Shield Console.
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting Started Step 2: Create RuleGroup
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting Started Step 3: Define Firewall Manager Policy
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting Started Step 4: Define Policy Exceptions “ALL ALBs except those that are Tagged Dev”
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting Started Step 5: Review and create
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Additional Slides
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. As of 01/31/2018
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Using AWS Firewall Manager vs CloudFormation Stacksets CloudFormation Stacksets • Central configuration of distributed WAFs • Rules owned by individual Accounts • Account-specific visibility of threats Firewall Manager • Central configuration & management of distribution WAFs • Rules owned by security admin Account • Central visibility of threats across Accounts • Use AWS Firewall Manager when your Security Administrators want to write WAF rules centrally and configure it across all Accounts, while getting visibility centrally. • Use CloudFormation StackSets when you want same WAF rules deployed across Accounts
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What are custom RuleGroups? • RuleGroups are a collection of WAF Rules • Customers can package a set of rules in a RuleGroup • Customers add the RuleGroup to their WebACL (just like they add Rules) • Default: 10 Rules per RuleGroup • RuleGroups can be shared across Accounts. Rules are Account-specific
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Pricing Pricing Example 1: AWS Firewall Manager Policy in IAD with 1 Account In this example, let’s assume you created a new protection policy in IAD for an Organization that has 1 AWS Account. AWS Firewall Manager have created 2 AWS Config rules, one AWS WAF Rule in single AWS WAF WebACL . Back
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Pricing # of AWS Regions Global # of AWS Accounts # Units Unit Cost Total AWS Firewall Manager Policy in IAD 1 N/A 1 $100 $100 AWS Config rule N/A 1 2 $2 $4 AWS WAF WebACL N/A 1 1 $5 $5 WAF Rule per month N/A 1 1 $1 $1 Total $ / Month $110 Pricing Example 1: Back
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Pricing Pricing Example 2: AWS Firewall Manager Policy in Global (CloudFront) with 7 Accounts In this example, let’s assume you created a new protection policy for Global (for CloudFront) for an Organization that has 7 AWS Accounts. AWS Firewall Manager created 2 AWS Config rules in each AWS Account. 1 AWS WAF WebACL and WAF Rule in each AWS Account. Back
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Pricing # of AWS Regions Global # of AWS Accounts # Units Unit Cost Total AWS Firewall Manager Policy in Global (CloudFront) 1 N/A 1 $100 $100 AWS Config rule N/A 7 2 $2 $28 AWS WAF WebACL N/A 7 1 $5 $35 WAF Rule per month N/A 7 1 $1 $7 Total $ / Month $170 Pricing Example 2: Back
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Pricing Pricing Example 3: AWS Firewall Manager Policies in IAD & Global (CloudFront) with 10 Accounts In this example, let’s assume you created a new protection policies for IAD & Global (CloudFront) for an Organization that has 10 AWS Accounts. AWS Firewall Manager created 2 AWS Config rules in each AWS Account. 1 AWS WAF WebACL and WAF Rule in each AWS Account. Back
© 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Pricing # of AWS Regions Global # of AWS Accounts # Units Unit Cost Total AWS Firewall Manager Policy in Global (CloudFront) 2 N/A 1 $100 $200 AWS Config rule N/A 10 2 $2 $40 AWS WAF WebACL N/A 10 1 $5 $50 WAF Rule per month N/A 10 1 $1 $10 Total $ / Month $300 Pricing Example 3: Back

Recomendados

AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & Compliance
Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Introduction to AWS Organizations
Introduction to AWS OrganizationsIntroduction to AWS Organizations
Introduction to AWS Organizations
Amazon Web Services
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
Amazon Web Services
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWS
Amazon Web Services
 
Amazon GuardDuty Lab
Amazon GuardDuty LabAmazon GuardDuty Lab
Amazon GuardDuty Lab
Amazon Web Services
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
Amazon Web Services
 

Recomendados

AWS Security & Compliance
AWS Security & ComplianceAWS Security & Compliance
AWS Security & Compliance
Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
Introduction to AWS Organizations
Introduction to AWS OrganizationsIntroduction to AWS Organizations
Introduction to AWS Organizations
Amazon Web Services
 
AWS Security by Design
AWS Security by Design AWS Security by Design
AWS Security by Design
Amazon Web Services
 
Encryption and Key Management in AWS
Encryption and Key Management in AWSEncryption and Key Management in AWS
Encryption and Key Management in AWS
Amazon Web Services
 
Amazon GuardDuty Lab
Amazon GuardDuty LabAmazon GuardDuty Lab
Amazon GuardDuty Lab
Amazon Web Services
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
Amazon Web Services
 
AWS Security Checklist
AWS Security ChecklistAWS Security Checklist
AWS Security Checklist
Amazon Web Services
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
Amazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
Crishantha Nanayakkara
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Web Services
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
Amazon Web Services
 
AWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro TipsAWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro Tips
Shiva Narayanaswamy
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
CloudHesive
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Amazon Web Services
 
AWS WAF - A Web App Firewall
AWS WAF - A Web App FirewallAWS WAF - A Web App Firewall
AWS WAF - A Web App Firewall
Amazon Web Services
 
AWS Cloud Security & Compliance Basics Webinar
AWS Cloud Security & Compliance Basics WebinarAWS Cloud Security & Compliance Basics Webinar
AWS Cloud Security & Compliance Basics Webinar
Amazon Web Services
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
Amazon Web Services
 
AWS Cloud Watch
AWS Cloud WatchAWS Cloud Watch
AWS Cloud Watch
zekeLabs Technologies
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAM
Knoldus Inc.
 
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Amazon Web Services
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
Amazon Web Services
 
Data Protection in Transit and at Rest
Data Protection in Transit and at RestData Protection in Transit and at Rest
Data Protection in Transit and at Rest
Amazon Web Services
 
Aws VPC
Aws VPCAws VPC
Aws VPC
Abhishek Amralkar
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: Security
Amazon Web Services
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon Web Services
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
Amazon Web Services
 
How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdf
Amazon Web Services
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Amazon Web Services
 

Más contenido relacionado

La actualidad más candente

Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Amazon Web Services
 
AWS WAF - A Web App Firewall
AWS WAF - A Web App FirewallAWS WAF - A Web App Firewall
AWS WAF - A Web App Firewall
Amazon Web Services
 
AWS Cloud Watch
AWS Cloud WatchAWS Cloud Watch
AWS Cloud Watch
zekeLabs Technologies
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: Security
Amazon Web Services
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon Web Services
 

La actualidad más candente (20)

AWS Security Checklist
AWS Security ChecklistAWS Security Checklist
AWS Security Checklist
 
Identity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS SecurityIdentity and Access Management: The First Step in AWS Security
Identity and Access Management: The First Step in AWS Security
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
 
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
Amazon Virtual Private Cloud (VPC): Networking Fundamentals and Connectivity ...
 
AWS Security Hub
AWS Security HubAWS Security Hub
AWS Security Hub
 
AWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro TipsAWS Connectivity, VPC Design and Security Pro Tips
AWS Connectivity, VPC Design and Security Pro Tips
 
AWS Control Tower
AWS Control TowerAWS Control Tower
AWS Control Tower
 
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
Introduction to AWS Cloud Computing | AWS Public Sector Summit 2016
 
AWS WAF - A Web App Firewall
AWS WAF - A Web App FirewallAWS WAF - A Web App Firewall
AWS WAF - A Web App Firewall
 
AWS Cloud Security & Compliance Basics Webinar
AWS Cloud Security & Compliance Basics WebinarAWS Cloud Security & Compliance Basics Webinar
AWS Cloud Security & Compliance Basics Webinar
 
Introduction to AWS Security
Introduction to AWS SecurityIntroduction to AWS Security
Introduction to AWS Security
 
AWS Cloud Watch
AWS Cloud WatchAWS Cloud Watch
AWS Cloud Watch
 
Introduction to AWS IAM
Introduction to AWS IAMIntroduction to AWS IAM
Introduction to AWS IAM
 
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
Security at Scale: Security Hub and the Well Architected Framework - AWS Summ...
 
Deep dive into AWS IAM
Deep dive into AWS IAMDeep dive into AWS IAM
Deep dive into AWS IAM
 
Data Protection in Transit and at Rest
Data Protection in Transit and at RestData Protection in Transit and at Rest
Data Protection in Transit and at Rest
 
Aws VPC
Aws VPCAws VPC
Aws VPC
 
Intro to AWS: Security
Intro to AWS: SecurityIntro to AWS: Security
Intro to AWS: Security
 
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
Amazon GuardDuty: Intelligent Threat Detection and Continuous Monitoring to P...
 
Deploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control TowerDeploy and Govern at Scale with AWS Control Tower
Deploy and Govern at Scale with AWS Control Tower
 

Similar a Introducing AWS Firewall Manager - AWS Online Tech Talks

Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Amazon Web Services
 
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdfSecuring Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Amazon Web Services
 

Similar a Introducing AWS Firewall Manager - AWS Online Tech Talks (20)

How to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdfHow to Implement a Well-Architected Security Solution.pdf
How to Implement a Well-Architected Security Solution.pdf
 
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's AccountsLock it Down: How to Secure your AWS Account and your Organization's Accounts
Lock it Down: How to Secure your AWS Account and your Organization's Accounts
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best PracticesSecurity Framework Shakedown: Chart Your Journey with AWS Best Practices
Security Framework Shakedown: Chart Your Journey with AWS Best Practices
 
Compliance and Security Mitigation Techniques
Compliance and Security Mitigation TechniquesCompliance and Security Mitigation Techniques
Compliance and Security Mitigation Techniques
 
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útokyAWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
AWS CZSK Webinář 2019.05: Jak chránit vaše webové aplikace před DDoS útoky
 
Infrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security BaselineInfrastructure Security: Your Minimum Security Baseline
Infrastructure Security: Your Minimum Security Baseline
 
Mitigating techniques
Mitigating techniquesMitigating techniques
Mitigating techniques
 
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
Security Framework Shakedown: Chart Your Journey with AWS Best Practices (SEC...
 
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
Operational Excellence for Identity & Access Management (SEC334) - AWS re:Inv...
 
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day OneAWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
AWS STARTUP DAY 2018 I Securing Your Customer Data From Day One
 
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
Layered Perimeter Protection for Apps Running on AWS (CTD201-R1) - AWS re:Inv...
 
Security Framework Shakedown
Security Framework ShakedownSecurity Framework Shakedown
Security Framework Shakedown
 
How AI is disrupting the world
How AI is disrupting the world How AI is disrupting the world
How AI is disrupting the world
 
Securing Your Customers Data From Day One
Securing Your Customers Data From Day OneSecuring Your Customers Data From Day One
Securing Your Customers Data From Day One
 
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOneAWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
AWS18_StartupDayToronto_SecuringYourCustomersDataFromDayOne
 
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdfSecuring Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
Securing Customer Data from Day 1 - AWS Startup Day Boston 2018.pdf
 
Securing Your Customers Data From Day One
Securing Your Customers Data From Day OneSecuring Your Customers Data From Day One
Securing Your Customers Data From Day One
 
SecuringYourCustomersDataFromDayOne_SFStartupDay
SecuringYourCustomersDataFromDayOne_SFStartupDaySecuringYourCustomersDataFromDayOne_SFStartupDay
SecuringYourCustomersDataFromDayOne_SFStartupDay
 
Deep Dive on AWS CloudFormation
Deep Dive on AWS CloudFormationDeep Dive on AWS CloudFormation
Deep Dive on AWS CloudFormation
 
Security Automation using AWS Management Tools
Security Automation using AWS Management ToolsSecurity Automation using AWS Management Tools
Security Automation using AWS Management Tools
 

Más de Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Amazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Amazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
Amazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Amazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
Amazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Amazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
Amazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
Amazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
Amazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
Amazon Web Services
 

Más de Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Introducing AWS Firewall Manager - AWS Online Tech Talks

  • 1. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Centrally configure and manage your firewall rules across accounts and applications Venkat Vijayaraghavan, Product Manager
  • 2. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Agenda Introduction to AWS Firewall Manager Getting Started Demo Intro 101
  • 3. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Web Application Threats Application Vulnerabilities Bots & ScrapersHTTP Floods
  • 4. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Challenges Customers Face Large Number of Accounts and Resources New applications created all the time Hard to manage security policies centrally across all Accounts and resources Difficult to ensure that all applications are consistently protected on day 1 Central Organization-wide Visibility into Threats No single place to monitor and respond to any threats across the Organization
  • 5. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager is a security management tool to centrally configure and manage web application firewall rules across all accounts and applications in your Organization. AWS Firewall Manager
  • 6. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager AWS WAF Web application firewall to help detect and block malicious web requests targeted at your web applications AWS Firewall Manager Easily configure AWS WAF rules across all ALB or CloudFront distributions in your Organization
  • 7. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is AWS WAF (Web Application Firewall) Web traffic filtering with custom rules & automations Managed Rules to block malicious request Active monitoring and tuning
  • 8. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Key Benefits
  • 9. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Key Benefits Ensure Compliance to Mandatory Rules Across Organization Simplify Management of Rules Across Accounts & Applications Easily Deploy WAF Rules from AWS Marketplace Enable Rapid Response to Internet Attacks
  • 10. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Key Benefits  Integrated with AWS Organizations so you can enable AWS WAF rules across multiple AWS accounts.  Firewall Manager Policies can span across Accounts and across resources.  Supports Hierarchical rules - Security administrator can create organization-wide rules, while delegating application-specific rules to individual Account owners. Simplify Firewall Rules Management Across Accounts & Resources
  • 11. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Key Benefits Ensure Compliance of Existing and New Applications  Ensure All your resources comply with a mandatory set of security policies  Automatically discover new Accounts, or resources like ALB or CloudFront distribution as they are created  Easily block traffic from embargoed countries across your Organization to adhere to the US Dept. of Treasury’s Office of Foreign Assets Control (OFAC) regulations
  • 12. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Key Benefits  Integrated with Managed Rules for AWS WAF, an easy way to deploy pre-configured WAF rules for your applications  Consistently deploy a managed rule group from any Marketplace vendor across your Organization  Easily deploy a OWASP top 10 rule group to protect your PCI workloads or deploy a bad IP reputation list to prevent bad actors from accessing your applications Easily Deploy WAF rules from AWS Marketplace
  • 13. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Key Benefits  Security administrator have a single console to receive real- time threats, and respond within minutes  Quickly apply CVE Patches across all applications in your Organization, or block malicious IP addresses detected by GuardDuty across entire Organization GuardDuty CloudWatch Events Lambda Amazon GuardDuty Amazon CloudWatch CloudWatch Event Lambda Function AWS Lambda Firewall Manager Enable Rapid Response to Internet Attacks Account 2 Account 3 Account 1 AWS WAF
  • 14. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Key Features
  • 15. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Other Key Features  Integration with AWS Organization for cross-account protection policies  Continuous monitoring of policy drift, with automatic remediation of WAF rules  Multi-account resource groups, using specifiers like Resource type or Tagris Tags  Hierarchical rule enforcement; Globally mandated rules with customized local rules  Dashboard with compliance notifications for auditing  Receive notifications via SNS for non-compliance events  Central visibility of threats across the entire Organization
  • 16. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Typical Use Cases • Block traffic from embargoed countries to adhere to OFAC regulations. • Deploy an IP Reputation list across the organization to automatically block traffic from known bad IP addresses Mandatory Rules Across Organization
  • 17. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Typical Use Cases Deploy OWASP rules for PCI compliance • PCI DSS 3.0 Requirement 6 suggests customers deploy a WAF, with rules like OWASP top 10 • Subscribe to Managed Rules from AWS Marketplace • Ensure the OWASP rule is applied across all PCI-tagged resources
  • 18. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting Started & Demo
  • 19. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Firewall Manager Pre-Requisites 1. Enable AWS Organizations Full Features 2. Enable AWS Config Recorder in All Accounts 3. Designate an Account as Firewall Manager Admin
  • 20. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Demo: Firewall Manager DemoMaster Account DemoSecurityAdmin Account DemoMember Account ALB1 ALB2 ALB1 ALB2 ALB1 ALB2 ALB3
  • 21. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How to get started? Security Admin creates RuleGroup Subscribe to Managed Rules from AWS Marketplace OR Create Custom RuleGroup Specify Policy Scope Customer specifies the scope of resources included in the policy. Use Resource Type (Ex: ALB or CloudFront) or Tags to choose resources Create Policy Verify the scope and Save. Creates the necessary AWS WAF Rules, and also Config rules for monitoring.
  • 22. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Pricing With AWS WAF / Shield Standard ALL PUBLIC REGIONS • $100 per policy per Region GLOBAL (AMAZON CLOUDFRONT LOCATIONS) • $100 per policy per Region. AWS WAF • WebACLs or Rules created by Firewall Manager - See AWS WAF pricing AWS Config rules created by Firewall Manager - See AWS Config pricing With AWS Shield Advanced ALL PUBLIC REGIONS • Included. No charge per policy per Region GLOBAL (AMAZON CLOUDFRONT LOCATIONS) • Included. No charge per policy per Region. AWS WAF • Included. No charge for AWS Shield Advanced. AWS Config rules created by Firewall Manager - See AWS Config pricing
  • 23. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Region Availability  US East (Virginia)  US West (Oregon)  Global (All CloudFront edge locations)
  • 24. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you! www.aws.amazon.com/firewall-manager
  • 25. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Q: Why Does Firewall Manager Create Config Rules? • Monitor changes in resource configurations. • Know when new resources are created. • Know when WAF rules are accidently deleted.
  • 26. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting Started Prerequisites
  • 27. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting Started In the AWS Organizations Console. - AWS Organization master needs to do this Prerequisites
  • 28. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting Started Set in the AWS Firewall Manager console. - AWS Organization master needs to do this. Prerequisites
  • 29. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting Started Step 1: Go to AWS WAF & Shield Console.
  • 30. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting Started Step 2: Create RuleGroup
  • 31. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting Started Step 3: Define Firewall Manager Policy
  • 32. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting Started Step 4: Define Policy Exceptions “ALL ALBs except those that are Tagged Dev”
  • 33. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Getting Started Step 5: Review and create
  • 34. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Additional Slides
  • 35. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. As of 01/31/2018
  • 36. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Using AWS Firewall Manager vs CloudFormation Stacksets CloudFormation Stacksets • Central configuration of distributed WAFs • Rules owned by individual Accounts • Account-specific visibility of threats Firewall Manager • Central configuration & management of distribution WAFs • Rules owned by security admin Account • Central visibility of threats across Accounts • Use AWS Firewall Manager when your Security Administrators want to write WAF rules centrally and configure it across all Accounts, while getting visibility centrally. • Use CloudFormation StackSets when you want same WAF rules deployed across Accounts
  • 37. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What are custom RuleGroups? • RuleGroups are a collection of WAF Rules • Customers can package a set of rules in a RuleGroup • Customers add the RuleGroup to their WebACL (just like they add Rules) • Default: 10 Rules per RuleGroup • RuleGroups can be shared across Accounts. Rules are Account-specific
  • 38. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Pricing Pricing Example 1: AWS Firewall Manager Policy in IAD with 1 Account In this example, let’s assume you created a new protection policy in IAD for an Organization that has 1 AWS Account. AWS Firewall Manager have created 2 AWS Config rules, one AWS WAF Rule in single AWS WAF WebACL . Back
  • 39. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Pricing # of AWS Regions Global # of AWS Accounts # Units Unit Cost Total AWS Firewall Manager Policy in IAD 1 N/A 1 $100 $100 AWS Config rule N/A 1 2 $2 $4 AWS WAF WebACL N/A 1 1 $5 $5 WAF Rule per month N/A 1 1 $1 $1 Total $ / Month $110 Pricing Example 1: Back
  • 40. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Pricing Pricing Example 2: AWS Firewall Manager Policy in Global (CloudFront) with 7 Accounts In this example, let’s assume you created a new protection policy for Global (for CloudFront) for an Organization that has 7 AWS Accounts. AWS Firewall Manager created 2 AWS Config rules in each AWS Account. 1 AWS WAF WebACL and WAF Rule in each AWS Account. Back
  • 41. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Pricing # of AWS Regions Global # of AWS Accounts # Units Unit Cost Total AWS Firewall Manager Policy in Global (CloudFront) 1 N/A 1 $100 $100 AWS Config rule N/A 7 2 $2 $28 AWS WAF WebACL N/A 7 1 $5 $35 WAF Rule per month N/A 7 1 $1 $7 Total $ / Month $170 Pricing Example 2: Back
  • 42. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Pricing Pricing Example 3: AWS Firewall Manager Policies in IAD & Global (CloudFront) with 10 Accounts In this example, let’s assume you created a new protection policies for IAD & Global (CloudFront) for an Organization that has 10 AWS Accounts. AWS Firewall Manager created 2 AWS Config rules in each AWS Account. 1 AWS WAF WebACL and WAF Rule in each AWS Account. Back
  • 43. © 2018, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Firewall Manager Pricing # of AWS Regions Global # of AWS Accounts # Units Unit Cost Total AWS Firewall Manager Policy in Global (CloudFront) 2 N/A 1 $100 $200 AWS Config rule N/A 10 2 $2 $40 AWS WAF WebACL N/A 10 1 $5 $50 WAF Rule per month N/A 10 1 $1 $10 Total $ / Month $300 Pricing Example 3: Back