随着组织下AWS帐号的增多,需要统一管理安全组的入站出站规则,AWS Firewall Manager就是这样的服务,它可以统一对组织下的安全组进行管理

准备

  1. 帐号下已经创建好Orgnization,并且是组织的管理员

  2. 帐号需要开启config,以记录所有资源的变动情况。开启方式如下,进行1-click setup:

image-20230806102237124

点击确认:

image-20230806102301771

  1. 开启Resource Access Manager:

image-20230806102734235

  1. 将当前帐号添加为AWS Firewall Manager的管理员:

image-20230806103125795

  1. 使用cloudformation部署基础资源:https://console.aws.amazon.com/cloudformation/home#/stacks/new?region=us-east-1&stackName=FirewallMgrLabStack&templateURL=https://ee-assets-prod-us-east-1.s3.amazonaws.com/modules/bed211ff9ed148b9b128ae3979df7d9e/v2/fw-base-vpc-resources.yaml 。点击创建后,大概需要五分钟创建完所有资源:

CFN-FWSetup6

cloudformation创建的资源如下:

Workshop-setup-resources.png

资源上打的标签如下:

Tag Name Tag Value Set
AWSWorkshop-Department SalesAndMarketing, Procurement, Finance
AWSWorkshop-Application UserRegistration, OrderManagement, Billing
AWSWorkshop-ApplicationTier WebServer, API, ApplicationServer, FTPServer, Database
AWSWorkshop-Environment Development, Staging, Production
AWSWorkshop-CostCenter 100,200,300