Skip to main content

AWS Solutions Library

Overview

Automations for AWS Firewall Manager allows you to centrally configure, manage, and audit firewall rules across all your AWS Organizations accounts and resources in an automated way. By using this AWS Solution, you can maintain a consistent security posture across your organization.

This solution provides preset rules to configure application-level firewalls for AWS WAF, audit unused and overly permissive Amazon Virtual Private Cloud (Amazon VPC) security groups, and set up a DNS firewall to block queries for bad domains.

This solution optionally helps you create a quick baseline of firewall security rules and protect against distributed denial of service (DDoS) attacks through integration with AWS Shield Advanced. You can also automate proactive event response and health-based detection with this capability.

Note: You can use this solution if you already use Firewall Manager in your organization; however, you must install the solution in your Firewall Manager admin account. If you have not already set up Firewall Manager, refer to the implementation guide for the steps.

Benefits

Easily configure and audit AWS WAF, DNS, and security group rules in your multi-account AWS environments using AWS Firewall Manager.

Leverage this solution to install the prerequisites needed to use Firewall Manager, so you can spend more time focusing on your specific security needs.

Leverage your AWS Shield Advanced subscription to deploy DDoS protection across accounts in AWS Organizations, set up health checks, and enable proactive event response from the Shield Response Team.

How it works

You can automatically deploy this architecture using the implementation guide and the accompanying AWS CloudFormation template.

Primary Stack

This architecture diagram shows the primary stack.

Open implementation guide
Architecture diagram illustrating the automation workflow for AWS Firewall Manager. It shows the integration between AWS Systems Manager, Amazon EventBridge, AWS Lambda, AWS Firewall Manager, Amazon S3, Amazon DynamoDB, Amazon SNS, and AWS Organizations for policy management and compliance report generation.

Optional stacks with automations for Shield Advanced

This architecture diagram shows an optional stack with Shield Advanced features.

Open implementation guide
Diagram illustrating AWS Shield Advanced architecture with policy management, automated health-based detection, and integration with AWS services like S3, Lambda, DynamoDB, and Route 53.

About this deployment

  • Version: 2.1.3
  • Released: 4/2025
  • Author: AWS
  • Est. deployment time: 5 mins
  • Estimated cost: See details

Deploy with confidence

Everything you need to launch this AWS Solution in your account is right here

We'll walk you through it

Get started fast. Read the implementation guide for deployment steps, architecture details, cost information, and customization options.

Open guide

Let's make it happen

Ready to deploy? Open the CloudFormation template in the AWS Console to begin setting up the infrastructure you need. You'll be prompted to access your AWS account if you haven't yet logged in. 

Launch in the AWS Console