How can I manage resources for my organization with multiple Firewall Manager administrator accounts?

2 minute read
0

I want ot know how to use multiple AWS Firewall Manager administrator accounts to manage resources for my organization in AWS Organizations.

Short description

In addition to the default Firewall Manager administrator account, you can create up to 9 administrator accounts in an AWS Organizations organization. You can then use multiple administrators in your organization to apply administrative scope conditions to define the resources that they manage as follows:

  • Accounts or organizational units (OUs) in your organization that the administrator applies policies to.
  • AWS Regions that the administrator performs actions in.
  • Firewall Manager policy types that the administrator manages.

Resolution

Follow these steps to configure multiple Firewall Manager administrators for your organization.

Note: If you haven't already done so, follow the instructions to set up the default Firewall Manager administrator account.

1.    Open the Firewall Manager console with your management account.

Note: Only an organization's management account can create, update, and revoke Firewall Manager administrator accounts.

2.    In the navigation pane, expand AWS Firewall Manager, and then choose Settings. Note the Default administrator account. This is the default Firewall Manager account is the first administrator account that was created.

3.    In Settings, choose Create administrator account.

4.    In Administrator account ID, enter the AWS account to set as another Firewall Manager administrator.

5.    Choose the Administrative Scope dropdown menu, and then choose Restricted.

Note: Full scope gives the administrator full access to all of the preceding resource types. Restricted scope gives administrative permission to only a subset of the preceding resources. It's a best practice to grant only administrators the permissions they need to perform the duties of their role.

6.    Choose the Policy types dropdown list, and then choose Include only the specified policy types.

7.    Choose the Regions dropdown list, choose Include only the specified Regions, and then choose your preferred AWS Regions.

8.    Choose Create administrator account.

Note: If you revoke administrator privileges from an administrator account, all Firewall Manager policies created by that account are then deleted.

For more information, see Working with Firewall Manager administrators.

Related information

Firewall Manager quotas

AWS Firewall Manager prerequisites

AWS OFFICIAL
AWS OFFICIALUpdated 9 months ago