AWS Organizations
User Guide

AWS Firewall Manager and AWS Organizations

AWS Firewall Manager is a security management service that centrally configures and manages firewall rules for web applications across your accounts and applications. Using AWS Firewall Manager, you can roll out AWS WAF rules all at once for your Application Load Balancers and Amazon CloudFront distributions across all of the accounts in your AWS organization. Use AWS Firewall Manager to set up your firewall rules just once and have them automatically applied across all accounts and resources within your organization, even as new resources and accounts are added. For more information about AWS Firewall Manager, see the AWS Firewall Developer Guide.

The following list provides information that is useful to know when you want to integrate AWS Firewall Manager and AWS Organizations:

  • To enable trusted access with AWS Organizations: You must sign in with your AWS Organizations master account to configure an account within the organization as the AWS Firewall Manager administrator account. For information, see Step 2: Set the AWS Firewall Manager Administrator Account in the AWS Firewall Manager Developer Guide.

  • To disable trusted access with AWS Organizations: You can change or revoke the AWS Firewall Manager administrator account by following the instructions in Designating a Different Account as the AWS Firewall Manager Administrator Account in the AWS Firewall Manager Developer Guide. If you revoke the administrator account, you must sign in to the AWS Organizations master account and set a new administrator account for AWS Firewall Manager.

  • Service principal name for AWS Firewall Manager: fms.amazonaws.com.

  • Name of the IAM service-linked role that can be created in accounts when trusted access is enabled: AWSServiceRoleForFMS.