Update the solution - Automations for AWS Firewall Manager

Update the solution

If you have previously deployed the solution, follow this procedure to update the solution's Primary CloudFormation stack to get the latest version of the solution's framework.

  1. Sign in to the AWS CloudFormation console, select your existing Automations for AWS Firewall Manager CloudFormation stack, and select Update.

  2. Select Replace current template.

  3. Under Specify template:

    1. Select Amazon S3 URL.

    2. Copy the link of the latest template.

    3. Paste the link in the Amazon S3 URL box.

    4. Verify that the correct template URL shows in the Amazon S3 URL text box, and choose Next. Choose Next again.

  4. Under Parameters, review the parameters for the template and modify them as necessary. For details about the parameters, see Step 2: Launch the Primary stack.

  5. Choose Next.

  6. On the Configure stack options page, choose Next.

  7. On the Review page, review and confirm the settings. Select the box acknowledging that the template creates IAM resources.

  8. Choose View change set and verify the changes.

  9. Choose Update stack to deploy the stack.

You can view the status of the stack in the AWS CloudFormation console in the Status column. You should receive a UPDATE_COMPLETE status in approximately three minutes.

Review updated default security policies

If you have previously deployed the solution, we recommend reviewing changes made to the default Firewall Manager security policies deployed by the solution.

Note

Updating the CloudFormation stack doesn't update the policies in the S3 bucket created by the solution. To update the policies, you must manually retrieve, modify, and re-upload the policy_manifest.json file with your desired configurations.

To update the default Firewall Manager security policies, follow these steps:

  1. Sign in to the Amazon S3 console.

  2. Choose the <Stack-Name>-<xx>-policymanifestbucket-<xx> S3 bucket.

  3. Choose the policy_manifest.json file in the bucket.

  4. Download the manifest file.

  5. Review updates made to the default security policies in the solution's GitHub repository. If you want to apply updates to your own policies, copy and paste them into your policy_manifest.json file.

  6. Upload the modified manifest file in the same S3 bucket.

  7. The Firewall Manager policies automatically update to reflect the changes made in Step 5.