Overview

AWS Firewall Manager is a security management service that centrally configures and manages firewall rules across your AWS accounts and applications within AWS Organizations. It simplifies security policy enforcement and ensures compliance.

How It Works

1. Central Administration: Use a master account to manage firewall rules across multiple AWS accounts.
2. Managed Rules: Deploy pre-configured WAF rules and enforce security policies.
3. Baseline Security Groups: Centrally deploy security group rules to protect your VPCs.

Benefits

1. Granular Control: Fine-tune security group rules for different resources.
2. Cross-Account Access: Trust roles across AWS accounts for seamless management.
3. Temporary Permissions: Roles allow short-term access via session tokens.
4. Continual Auditing: Identify and clean up unused or risky security groups.

Limitations

1. No User Groups as Principals: Groups relate to permissions, not authentication.
2. No Wildcards in Principal Names: Exact matches required for principal names.

Features

1. Role Trust Policies: Specify who can assume an IAM role.
2. Resource-Based Policies: Define permissions for resources (e.g., S3 buckets).
3. Cross-Account Access: Trust roles across different AWS accounts.
4. Federated User Sessions: Temporary access for external identities.
5. Service Principals: Allow AWS services to act on your behalf.