Amazon Firewall Manager website screenshot

Amazon Firewall Manager

AWS Firewall Manager is a security management service that allows you to centrally configure and manage firewall rules across your accounts and applications in AWS Organizations. It makes it easier to bring new applications and resources into compliance with security policies.

1 APIs 7 Features
ComplianceFirewallNetwork SecuritySecurity

APIs

AWS Firewall Manager API

The AWS Firewall Manager API provides programmatic access to create and manage security policies, compliance status, and protection configurations for AWS WAF, Shield, and VPC s...

Collections

Arazzo Workflows

Amazon Firewall Manager Audit Policy Compliance

Resolve a policy, enumerate member accounts, and pull compliance detail for a chosen account.

ARAZZO

Amazon Firewall Manager Create And Tag Resource Set

Create or update a resource set and apply tags to the resulting resource set ARN.

ARAZZO

Amazon Firewall Manager Create And Verify Policy

Create or update a Firewall Manager policy and confirm it persisted by reading it back.

ARAZZO

Amazon Firewall Manager Decommission Policy

Confirm a policy exists, then delete it and all of its managed resources.

ARAZZO

Amazon Firewall Manager Find And Tag Policy

Find a policy in the policy list and apply governance tags to its ARN when it exists.

ARAZZO

Amazon Firewall Manager Inventory And Tag Resource Set

List resource sets, read one back by id, and apply an ownership tag to it.

ARAZZO

Amazon Firewall Manager Onboard Admin Account

Set the Firewall Manager administrator account and confirm its association and role status.

ARAZZO

Amazon Firewall Manager Resource Set Driven Policy

Create a resource set and then create a policy scoped to the same resource type.

ARAZZO

Pricing Plans

Rate Limits

FinOps

Features

Centralized Policy Management

Define and enforce WAF, Shield Advanced, Network Firewall, and security group policies from a single pane of glass across all AWS accounts.

Automatic Remediation

Automatically remediate non-compliant resources so that new accounts and resources are always protected.

Multi-Account Support

Manage security policies across hundreds of AWS accounts within an AWS Organization.

Compliance Visibility

View policy compliance status per account and resource with detailed violation reports.

Resource Sets

Group AWS resources by type for targeted policy application and management.

Tag-Based Targeting

Apply policies to resources based on AWS resource tags for fine-grained scope control.

Third-Party Firewall Support

Deploy and manage third-party firewall appliances through AWS Marketplace with Firewall Manager.

Use Cases

WAF Rule Standardization

Enforce standard WAF rule sets across all CloudFront distributions and ALBs organization-wide.

DDoS Protection Baseline

Mandate Shield Advanced protection for all internet-facing resources across accounts.

Security Group Governance

Audit and remediate overly permissive security group rules across EC2 and VPC resources.

Network Firewall Deployment

Deploy and manage AWS Network Firewall across VPCs in multiple accounts from a central policy.

Compliance Reporting

Monitor and report on firewall policy compliance for SOC 2, PCI DSS, and regulatory requirements.

New Account Onboarding

Automatically apply security policies to new AWS accounts as they join the organization.

Semantic Vocabularies

Amazon Firewall Manager Context

5 classes · 14 properties

JSON-LD

API Governance Rules

Amazon Firewall Manager API Rules

25 rules · 8 errors 14 warnings 3 info

SPECTRAL

JSON Structure

Amazon Firewall Manager Policy Structure

0 properties

JSON STRUCTURE

Amazon Firewall Manager Tag Structure

0 properties

JSON STRUCTURE

Example Payloads

Resources

🔗
PostmanWorkspace
PostmanWorkspace
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🔗
Arazzo
Arazzo
🌐
Portal
Portal
🔗
Website
Website
🔗
Documentation
Documentation
📜
TermsOfService
TermsOfService
📜
PrivacyPolicy
PrivacyPolicy
💬
Support
Support
📰
Blog
Blog
👥
GitHubOrganization
GitHubOrganization
🌐
Console
Console
📝
Signup
Signup
🟢
StatusPage
StatusPage
👥
YouTube
YouTube
👥
StackOverflow
StackOverflow
🔗
SpectralRules
SpectralRules
🔗
Vocabulary
Vocabulary
🔗
JSONLD
JSONLD

Sources

Raw ↑
opencollection: 1.0.0
info:
  name: AWS Firewall Manager API
  version: '2018-01-01'
request:
  auth:
    type: apikey
    key: Authorization
    value: '{{Authorization}}'
    placement: header
items:
- info:
    name: Policies
    type: folder
  items:
  - info:
      name: List Policies
      type: http
    http:
      method: GET
      url: https://fms.{region}.amazonaws.com/fms/2018-01-01/policies
      params:
      - name: maxResults
        value: ''
        type: query
        description: Maximum number of policies to return.
      - name: nextToken
        value: ''
        type: query
        description: Pagination token.
    docs: Returns an array of PolicySummary objects.
  - info:
      name: Put Policy
      type: http
    http:
      method: POST
      url: https://fms.{region}.amazonaws.com/fms/2018-01-01/policies
      body:
        type: json
        data: '{}'
    docs: Creates or updates an AWS Firewall Manager policy.
  - info:
      name: Get Policy
      type: http
    http:
      method: GET
      url: https://fms.{region}.amazonaws.com/fms/2018-01-01/policies/:policyId
      params:
      - name: policyId
        value: ''
        type: path
        description: The ID of the policy.
    docs: Returns information about the specified AWS Firewall Manager policy.
  - info:
      name: Delete Policy
      type: http
    http:
      method: DELETE
      url: https://fms.{region}.amazonaws.com/fms/2018-01-01/policies/:policyId
      params:
      - name: policyId
        value: ''
        type: path
        description: The ID of the policy.
      - name: deleteAllPolicyResources
        value: ''
        type: query
        description: If True, the request deletes all AWS Firewall Manager-managed internet gateway associations.
    docs: Permanently deletes an AWS Firewall Manager policy.
- info:
    name: Compliance
    type: folder
  items:
  - info:
      name: Get Compliance Detail
      type: http
    http:
      method: GET
      url: https://fms.{region}.amazonaws.com/fms/2018-01-01/compliance/:policyId/detail/:memberAccountId
      params:
      - name: policyId
        value: ''
        type: path
        description: The ID of the policy.
      - name: memberAccountId
        value: ''
        type: path
        description: The AWS account ID.
    docs: Returns detailed compliance information about the specified member account.
- info:
    name: Admin Accounts
    type: folder
  items:
  - info:
      name: Get Admin Account
      type: http
    http:
      method: GET
      url: https://fms.{region}.amazonaws.com/fms/2018-01-01/admin-account
    docs: Returns the AWS Organizations master account that is associated with AWS Firewall Manager as the AWS Firewall Manager
      default administrator.
  - info:
      name: Associate Admin Account
      type: http
    http:
      method: PUT
      url: https://fms.{region}.amazonaws.com/fms/2018-01-01/admin-account
      body:
        type: json
        data: '{}'
    docs: Sets the AWS Firewall Manager administrator account.
  - info:
      name: Disassociate Admin Account
      type: http
    http:
      method: DELETE
      url: https://fms.{region}.amazonaws.com/fms/2018-01-01/admin-account
    docs: Disassociates the account that has been set as the AWS Firewall Manager administrator account.
- info:
    name: Member Accounts
    type: folder
  items:
  - info:
      name: List Member Accounts
      type: http
    http:
      method: GET
      url: https://fms.{region}.amazonaws.com/fms/2018-01-01/member-account
      params:
      - name: nextToken
        value: ''
        type: query
        description: Pagination token.
      - name: maxResults
        value: ''
        type: query
        description: Maximum number of accounts to return.
    docs: Returns a MemberAccounts object that lists the member accounts in the administrator account's AWS organization.
- info:
    name: Resources
    type: folder
  items:
  - info:
      name: Put Resource Set
      type: http
    http:
      method: PUT
      url: https://fms.{region}.amazonaws.com/fms/2018-01-01/resource-set
      body:
        type: json
        data: '{}'
    docs: Creates or updates a resource set.
  - info:
      name: List Resource Sets
      type: http
    http:
      method: POST
      url: https://fms.{region}.amazonaws.com/fms/2018-01-01/resource-set/list
      body:
        type: json
        data: '{}'
    docs: Returns an array of ResourceSetSummary objects.
  - info:
      name: List Tags For Resource
      type: http
    http:
      method: GET
      url: https://fms.{region}.amazonaws.com/fms/2018-01-01/tags/:resourceArn
      params:
      - name: resourceArn
        value: ''
        type: path
        description: The Amazon Resource Name (ARN) of the resource.
    docs: Retrieves the list of tags for the specified AWS resource.
  - info:
      name: Tag Resource
      type: http
    http:
      method: POST
      url: https://fms.{region}.amazonaws.com/fms/2018-01-01/tags/:resourceArn
      params:
      - name: resourceArn
        value: ''
        type: path
        description: The ARN of the resource.
      body:
        type: json
        data: '{}'
    docs: Adds one or more tags to an AWS resource.
bundled: true