AWS Solution for automating AWS Network Firewall deployments

Publication date:February 2021 (last update: April 2021)

Firewall Automation for Network Traffic on AWS configures the AWS resources needed to filter network traffic. With this solution, you can inspect hundreds or thousands of Amazon VPCs and accounts in one place. This solution saves you time by automating the process of provisioning a centralized AWS Network Firewall to inspect traffic between VPCs. You can also centrally configure and manage your AWS Network Firewall, firewall policies, and rule groups.

This solution utilizes AWS Network Firewall to provide granular visibility and control of your network traffic. This allows you to accomplish network segmentation, egress domain filtering, and intrusion prevention through event-driven logging. You can enable AWS Network Firewall in your Amazon VPC environments with just a few clicks in the AWS Management Console. AWS Network Firewall automatically scales with network traffic to provide high availability protections without the need to set up or maintain the underlying infrastructure. This solution also helps you collaborate and manage the changes to the AWS Network Firewall configuration by using GitOps workflow.

This implementation guide describes architectural considerations and configuration steps for deploying Firewall Automation for Network Traffic on AWS in the Amazon Web Services (AWS) Cloud. It includes links to an AWS CloudFormation template that launches and configures the AWS services required to deploy this solution using AWS best practices for security and availability.

This guide is intended for IT architects, DevOps professionals, technology professionals, network engineers, and security engineers who have practical experience architecting in the AWS Cloud.