AWS - Firewall Manager Enum
Firewall Manager
AWS Firewall Manager streamlines the management and maintenance of AWS WAF, AWS Shield Advanced, Amazon VPC security groups, and AWS Network Firewall across multiple accounts and resources. It enables you to configure your firewall rules, Shield Advanced protections, VPC security groups, and Network Firewall settings just once, with the service automatically enforcing these rules and protections across your accounts and resources, including newly added ones.
The service offers the capability to group and safeguard specific resources together, like those sharing a common tag or all your CloudFront distributions. A significant advantage of Firewall Manager is its ability to automatically extend protection to newly added resources in your account.
Prerequisites include setting up a Firewall Manager Master Account, establishing an AWS organization with member accounts, and enabling AWS Config.
A rule group (a collection of WAF rules) can be incorporated into an AWS Firewall Manager Policy, which is then linked to specific AWS resources such as CloudFront distributions or application load balancers.
It's important to note that Firewall Manager policies permit only "Block" or "Count" actions for a rule group, without an "Allow" option.
Enumeration
Bypass Detection
TODO, PRs accepted
References
Last updated