Manage Association Rulestacks
There are two types of rulestacks:
- Local rulestack-Consists of local rules and manages them. A local account administrator can associate local rulestacks to an NGFW in their AWS account.
- Global rulestack-The AWS Firewall Manager administrator can author a Firewall Manager Service (FMS) policy and associate a global rulestack with it. AWS Firewall Manager manages the global rulestack across all these NGFWs in different AWS accounts of an AWS Organization.
A global rulestack configures pre-rules and post-rules on each NGFW. The AWS Firewall Manager administrator can author a FMS policy and associate a global rulestack with it. AWS Firewall Manager manages the global rulestack across all these NGFWs in different AWS accounts in the AWS Organization. A global rulestack configures pre-rules and post-rules on each NGFW.
Note: For FMS policy, there is no Local Firewall administrator. The local rulestack administrator associates the local rulestacks to an NGFW. If the FMS service handshake is successful, any local firewall administrator call must be disabled, and the local rulestack administrator can associate the local rulestack to a NGFW.
Permission Policies
| Action | Local Firewall Administrator | Local Rulestack Administrator | Global Rulestack Administrator |
|---|---|---|---|
| Associate a Global Rulestack | ☐ | ☐ | ☑ |
| Associate a Local Rulestack | ☑ | ☑ | ☐ |
Note: The maximum local and global rulestacks you can create per subscription is 10.
📄️ Associate a GlobalRuleStack
Associate a global rulestack to an NGFW.
📄️ Associate a RuleStack
Associate a local rulestack to an NGFW.