AWS Firewall Manager - AWS GovCloud (US)

AWS Firewall Manager

AWS Firewall Manager simplifies your administration and maintenance tasks across multiple accounts and resources for AWS WAF, AWS Shield Advanced, Amazon VPC security groups, and AWS Network Firewall. With Firewall Manager, you set up your AWS WAF firewall rules, Shield Advanced protections, Amazon VPC security groups, Network Firewall firewalls, and DNS Firewall rule group associations just once. The service automatically applies the rules and protections across your accounts and resources, even as you add new resources.

How AWS Firewall Manager Differs for AWS GovCloud (US)

  • AWS Marketplace managed rule groups for AWS WAF cannot be used with Firewall Manager security policies in AWS GovCloud (US). Managed rule groups are collections of predefined, ready-to-use rules that AWS and AWS Marketplace sellers write and maintain for you. AWS managed rule groups are provided free of charge with AWS WAF and are available for use in AWS GovCloud (US) with Firewall Manager security policies. AWS Marketplace rule groups are provided for subscription by AWS Marketplace sellers and aren't available for use in AWS GovCloud (US) with Firewall Manager.

  • Firewall Manager security policies for AWS WAF Classic and AWS WAF cannot be enabled on CloudFront distributions in AWS GovCloud (US).

  • Firewall Manager does not support AWS Shield Advanced and AWS Network Firewall in AWS GovCloud (US).

Documentation for AWS Firewall Manager

AWS Firewall Manager documentation.

Export-Controlled Content

For AWS Services architected within the AWS GovCloud (US) Regions, the table below explains how certain components of data may leave the Regions in the normal course of the Service Offerings. The table can be used as a guide to help meet applicable customer compliance obligations.

Data in the following service attributes will not leave the AWS GovCloud (US ) Regions in the normal course of the Service Offerings Data in the following service attributes may leave the AWS GovCloud (US ) Regions in the normal course of the Service Offerings
  • This service boundary exists entirely within the GovCloud regions and all export-controlled Content entered, processed, and created within Service will exist in the GovCloud regions.

  • AWS Firewall Manager metadata is not permitted to contain export-controlled data. For example, do not enter export-controlled data into user input fields such as the following:

    • Firewall Manager policy name

    • Resource Tag/Key values