Manage Firewall Rules with Multiple Accounts
12m 16s
3m 8s

The course is part of this learning path

Start course

This course explores how to use the AWS Firewall Manager to manage firewall rules across multiple AWS accounts, with the help of AWS Organizations.

Learning Objectives

  • Understand what Firewall Manager is and the service that it provides
  • Learn the prerequisites required for using the service
  • Understand the different Firewall Manager policies supported
  • Learn how to configure a number of different policies

Intended Audience

  • Security architects who are responsible for mitigating risks and exposures to AWS resources and applications
  • Anyone who requires a deeper understanding of AWS Firewall Manager in preparation for an AWS certification


To get the most out of this course, it would be beneficial to have a basic understanding of the following services:

  • AWS Web Application Firewall service
  • AWS Organizations
  • Amazon CloudFront
  • Amazon VPC Security Groups

Hello, and welcome to the final lecture of this course where I shall highlight some of the key points taken from the previous lectures. I started by introducing the service at a high level, and here I explained that the core function of AWS Firewall Manager is to simplify the management of protecting a range of different resources between multiple AWS accounts. And it does this by providing a centralized dashboard for managing security policies across your AWS organization.

AWS Firewall Manager automatically applies protection for any newly created resources that match your configured policies. And supported resources include AWS WAF, AWS Shield Advanced, AWS Network Firewall, VPC Security Groups, and Amazon Route 53 Resolver DNS Firewall. There are a number of prerequisites to fulfill before using Firewall Manager, which include deciding which AWS account will be your Firewall Manager administrator account, ensuring that you add your account to an AWS organization enabled with all features, configure AWS Firewall Manager within that account as the Firewall Manager administrator account. 

ou must enable AWS Config for your account and any other account in the AWS organization that you want to manage resource security for. You must also enable sharing with AWS Organizations in AWS Resource Access Manager if you're looking to apply security policies for network firewalls or DNS firewalls, and enable regions that you intend to protect resources in using AWS Organizations.

Next, we looked at the different policies available in Firewall Manager, and in this lecture we learned that for each type of resource that you want to protect, there is a different policy configuration. You can create more than one policy for the same resource type, and the following policies can be created: an AWS WAF policy, Shield Advanced policy, a Network Firewall policy, Amazon VPC Security Group policy, and an Amazon Route 53 Resolver DNS Firewall policy.

The creation of each policy type is generally a five-step process apart from the Network Firewall policy which contains an extra step. And generally the cost of Firewall Manager policies are charged at $100 per policy per region. And for each policy created, it will also create AWS Config rules, and in turn, these rules will also incur additional charges. And when creating a policy, it's beneficial if you have a working knowledge of the resource type you are trying to protect. And for some policies, you need to have created certain resources and elements prior to configuring the policy.

That now brings me to the end of this lecture and to the end of this course. You should now have an understanding of AWS Firewall Manager and how it can be used to protect specific resource types across your entire AWS organization. Feedback on our courses here at Cloud Academy is valuable to both us as trainers and any students looking to take the same course in the future. If you have any feedback, positive or negative, it'd be greatly appreciated if you can contact Thank you for your time and good luck with your continued learning of cloud computing, thank you.

About the Author
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.