How do I set up AWS Firewall Manager for my AWS account?

2 minute read

I want to configure AWS Firewall Manager for my AWS account.

Resolution

Follow these steps to configure Firewall Manager to manage security policies for your organization in AWS Organizations.

Configure AWS Organizations

1. Choose an AWS Account to use as the management account for your organization.

2. Open the AWS Organizations console with your management account.

3. Choose Create organization. The organization is created with all features turned on by default.

Important: Your organization must be activated with all features to use Firewall Manager.

4. (Optional) You can create a new member account or invite an existing AWS account to be a member account in your organization.

For more information, see How do I get started with AWS Organizations?

Configure the Firewall Manager

1. Open the Firewall Manager console with your management account, and then choose Get started.

2. In Administrator account ID, enter the AWS account to set as the Firewall Manager administrator.

3. Choose Set administrator account.

For more information, see Managing the AWS Firewall Manager administrator.

Configure AWS Config

1. Open the AWS Config console with your Firewall Manager administrator account.

2. Activate AWS Config for each of your AWS Organizations member accounts (including your Firewall Manager administrator account) using the 1-click setup. You can also use the manual setup.

Important: Make sure that you activate AWS Config for each AWS Region that contains the resources that you want to protect.

3. (Optional) If you don't want to activate AWS Config for all resources, then activate the type of Firewall Manager policies that you want to use.

(Optional) Configure AWS Resource Access Manager (AWS RAM)

You can also configure resource sharing with AWS Organizations using AWS RAM.

1. Open the AWS RAM console.

2. In the navigation pane, choose Settings.

3. Choose the Enable sharing with Organizations check box, and then choose Save settings.

Note: With resource sharing configured for your organizations accounts, you can share resources without using invitations.

For more information, see Configure resource sharing within AWS Organizations.

Related information

Managing the AWS accounts in your organization

AWS Firewall Manager prerequisites

Topics

Security, Identity, & Compliance

Relevant content

How to use Systems Manager - Fleet Manager across an AWS Organization
Accepted Answer
larryjkl
asked 4 months ago
Firewall Manager and Account Takeover Protection
rePost-User-5538722
asked 8 months ago
Find an alternate solution to setup Firewall Manager without Organizations?
Accepted Answer
rk404
asked 9 days ago
How do I consolidate billing emails for my Organization's accounts?
rossng
asked 2 years ago
WCU Limit for Policies in Firewall Manager
ABCKaNi
asked a month ago
How can I add multiple Firewall Manager admininstrator accounts?
AWS OFFICIALUpdated 16 days ago
How can I use custom policy rules with my Firewall Manager content audit security group policy?
AWS OFFICIALUpdated 24 days ago
How do I remove a member account from an organization in AWS Organizations when I can't sign in to the member account?
AWS OFFICIALUpdated 7 months ago
How can I manage resources for my organization with multiple Firewall Manager administrator accounts?
AWS OFFICIALUpdated 16 days ago
What's new: AWS Resource Access Manager supports fine-grained customer managed permissions
EXPERT
Fabian
published a month ago