Amazon Firewall Manager logo

Amazon Firewall Manager

AWS Firewall Manager is a security management service that allows you to centrally configure and manage firewall rules across your accounts and applications in AWS Organizations. It makes it easier to bring new applications and resources into compliance with security policies.

1 APIs 7 Features
ComplianceFirewallNetwork SecuritySecurity

APIs

AWS Firewall Manager API

The AWS Firewall Manager API provides programmatic access to create and manage security policies, compliance status, and protection configurations for AWS WAF, Shield, and VPC s...

Features

Centralized Policy Management

Define and enforce WAF, Shield Advanced, Network Firewall, and security group policies from a single pane of glass across all AWS accounts.

Automatic Remediation

Automatically remediate non-compliant resources so that new accounts and resources are always protected.

Multi-Account Support

Manage security policies across hundreds of AWS accounts within an AWS Organization.

Compliance Visibility

View policy compliance status per account and resource with detailed violation reports.

Resource Sets

Group AWS resources by type for targeted policy application and management.

Tag-Based Targeting

Apply policies to resources based on AWS resource tags for fine-grained scope control.

Third-Party Firewall Support

Deploy and manage third-party firewall appliances through AWS Marketplace with Firewall Manager.

Use Cases

WAF Rule Standardization

Enforce standard WAF rule sets across all CloudFront distributions and ALBs organization-wide.

DDoS Protection Baseline

Mandate Shield Advanced protection for all internet-facing resources across accounts.

Security Group Governance

Audit and remediate overly permissive security group rules across EC2 and VPC resources.

Network Firewall Deployment

Deploy and manage AWS Network Firewall across VPCs in multiple accounts from a central policy.

Compliance Reporting

Monitor and report on firewall policy compliance for SOC 2, PCI DSS, and regulatory requirements.

New Account Onboarding

Automatically apply security policies to new AWS accounts as they join the organization.

Semantic Vocabularies

Amazon Firewall Manager Context

5 classes · 14 properties

JSON-LD

API Governance Rules

Amazon Firewall Manager API Rules

25 rules · 8 errors 14 warnings 3 info

SPECTRAL

Resources

🔗
PostmanWorkspace
PostmanWorkspace
🔗
ArazzoWorkflows
ArazzoWorkflows
🌐
Portal
Portal
🔗
Website
Website
🔗
Documentation
Documentation
📜
TermsOfService
TermsOfService
📜
PrivacyPolicy
PrivacyPolicy
💬
Support
Support
📰
Blog
Blog
👥
GitHubOrganization
GitHubOrganization
🌐
Console
Console
📝
SignUp
SignUp
🟢
StatusPage
StatusPage
👥
YouTube
YouTube
👥
StackOverflow
StackOverflow
🔗
SpectralRules
SpectralRules
🔗
Vocabulary
Vocabulary
🔗
JSONLD
JSONLD

Sources

Raw ↑ 
aid: amazon-firewall-manager
name: Amazon Firewall Manager
description: >-
  AWS Firewall Manager is a security management service that allows you to centrally configure and manage firewall rules
  across your accounts and applications in AWS Organizations. It makes it easier to bring new applications and resources
  into compliance with security policies.
type: Index
image: https://kinlane-productions.s3.amazonaws.com/apis-json/apis-json-logo.jpg
tags:
  - AWS
  - Compliance
  - Firewall
  - Network Security
  - Security
url: https://raw.githubusercontent.com/api-evangelist/amazon-firewall-manager/refs/heads/main/apis.yml
created: '2026-03-16'
modified: '2026-05-19'
specificationVersion: '0.19'
apis:
  - aid: amazon-firewall-manager:aws-firewall-manager-api
    name: AWS Firewall Manager API
    description: >-
      The AWS Firewall Manager API provides programmatic access to create and manage security policies, compliance
      status, and protection configurations for AWS WAF, Shield, and VPC security groups across your organization.
    humanURL: https://aws.amazon.com/firewall-manager/
    baseURL: https://fms.amazonaws.com
    tags:
      - Firewall Management
      - Network Security
      - Security
    properties:
      - type: Documentation
        url: https://docs.aws.amazon.com/fms/latest/APIReference/Welcome.html
      - type: OpenAPI
        url: openapi/amazon-firewall-manager-openapi.yml
      - type: JSONSchema
        url: json-schema/amazon-firewall-manager-policy-schema.json
      - type: JSONSchema
        url: json-schema/amazon-firewall-manager-compliance-violator-schema.json
      - type: JSONSchema
        url: json-schema/amazon-firewall-manager-resource-set-schema.json
      - type: JSONSchema
        url: json-schema/amazon-firewall-manager-security-service-policy-data-schema.json
      - type: JSONSchema
        url: json-schema/amazon-firewall-manager-tag-schema.json
      - type: JSONStructure
        url: json-structure/amazon-firewall-manager-policy-structure.json
      - type: JSONStructure
        url: json-structure/amazon-firewall-manager-compliance-violator-structure.json
      - type: JSONStructure
        url: json-structure/amazon-firewall-manager-resource-set-structure.json
      - type: JSONStructure
        url: json-structure/amazon-firewall-manager-security-service-policy-data-structure.json
      - type: JSONStructure
        url: json-structure/amazon-firewall-manager-tag-structure.json
      - type: Example
        url: examples/amazon-firewall-manager-policy-example.json
      - type: Example
        url: examples/amazon-firewall-manager-compliance-violator-example.json
      - type: Example
        url: examples/amazon-firewall-manager-resource-set-example.json
      - type: Example
        url: examples/amazon-firewall-manager-security-service-policy-data-example.json
      - type: Example
        url: examples/amazon-firewall-manager-tag-example.json
      - type: GettingStarted
        url: https://aws.amazon.com/firewall-manager/getting-started/
      - type: Pricing
        url: https://aws.amazon.com/firewall-manager/pricing/
      - type: FAQ
        url: https://aws.amazon.com/firewall-manager/faqs/
      - type: APIReference
        url: https://docs.aws.amazon.com/fms/latest/APIReference/Welcome.html
common:
  - type: PostmanWorkspace
    url: https://www.postman.com/kinlaneapi/amazon-firewall-manager/overview
  - type: ArazzoWorkflows
    url: arazzo/
    workflows:
      - url: arazzo/amazon-firewall-manager-audit-policy-compliance-workflow.yml
        name: Amazon Firewall Manager Audit Policy Compliance
        summary: Resolve a policy, enumerate member accounts, and pull compliance detail for a chosen account.
      - url: arazzo/amazon-firewall-manager-create-and-tag-resource-set-workflow.yml
        name: Amazon Firewall Manager Create And Tag Resource Set
        summary: Create or update a resource set and apply tags to the resulting resource set ARN.
      - url: arazzo/amazon-firewall-manager-create-and-verify-policy-workflow.yml
        name: Amazon Firewall Manager Create And Verify Policy
        summary: Create or update a Firewall Manager policy and confirm it persisted by reading it back.
      - url: arazzo/amazon-firewall-manager-decommission-policy-workflow.yml
        name: Amazon Firewall Manager Decommission Policy
        summary: Confirm a policy exists, then delete it and all of its managed resources.
      - url: arazzo/amazon-firewall-manager-find-and-tag-policy-workflow.yml
        name: Amazon Firewall Manager Find And Tag Policy
        summary: Find a policy in the policy list and apply governance tags to its ARN when it exists.
      - url: arazzo/amazon-firewall-manager-inventory-and-tag-resource-set-workflow.yml
        name: Amazon Firewall Manager Inventory And Tag Resource Set
        summary: List resource sets, read one back by id, and apply an ownership tag to it.
      - url: arazzo/amazon-firewall-manager-onboard-admin-account-workflow.yml
        name: Amazon Firewall Manager Onboard Admin Account
        summary: Set the Firewall Manager administrator account and confirm its association and role status.
      - url: arazzo/amazon-firewall-manager-resource-set-driven-policy-workflow.yml
        name: Amazon Firewall Manager Resource Set Driven Policy
        summary: Create a resource set and then create a policy scoped to the same resource type.
  - type: Portal
    url: https://aws.amazon.com/firewall-manager/
  - type: Website
    url: https://aws.amazon.com/firewall-manager/
  - type: Documentation
    url: https://docs.aws.amazon.com/waf/latest/developerguide/fms-chapter.html
  - type: TermsOfService
    url: https://aws.amazon.com/service-terms/
  - type: PrivacyPolicy
    url: https://aws.amazon.com/privacy/
  - type: Support
    url: https://aws.amazon.com/premiumsupport/
  - type: Blog
    url: https://aws.amazon.com/blogs/security/
  - type: GitHubOrganization
    url: https://github.com/aws
  - type: Console
    url: https://console.aws.amazon.com/wafv2/fmsv2/
  - type: SignUp
    url: https://portal.aws.amazon.com/billing/signup
  - type: StatusPage
    url: https://health.aws.amazon.com/health/status
  - type: YouTube
    url: https://www.youtube.com/user/AmazonWebServices
  - type: StackOverflow
    url: https://stackoverflow.com/questions/tagged/aws-firewall-manager
  - type: SpectralRules
    url: rules/amazon-firewall-manager-spectral-rules.yml
  - type: Vocabulary
    url: vocabulary/amazon-firewall-manager-vocabulary.yaml
  - type: JSONLD
    url: json-ld/amazon-firewall-manager-context.jsonld
  - type: Features
    data:
      - name: Centralized Policy Management
        description: >-
          Define and enforce WAF, Shield Advanced, Network Firewall, and security group policies from a single pane of
          glass across all AWS accounts.
      - name: Automatic Remediation
        description: Automatically remediate non-compliant resources so that new accounts and resources are always protected.
      - name: Multi-Account Support
        description: Manage security policies across hundreds of AWS accounts within an AWS Organization.
      - name: Compliance Visibility
        description: View policy compliance status per account and resource with detailed violation reports.
      - name: Resource Sets
        description: Group AWS resources by type for targeted policy application and management.
      - name: Tag-Based Targeting
        description: Apply policies to resources based on AWS resource tags for fine-grained scope control.
      - name: Third-Party Firewall Support
        description: Deploy and manage third-party firewall appliances through AWS Marketplace with Firewall Manager.
  - type: UseCases
    data:
      - name: WAF Rule Standardization
        description: Enforce standard WAF rule sets across all CloudFront distributions and ALBs organization-wide.
      - name: DDoS Protection Baseline
        description: Mandate Shield Advanced protection for all internet-facing resources across accounts.
      - name: Security Group Governance
        description: Audit and remediate overly permissive security group rules across EC2 and VPC resources.
      - name: Network Firewall Deployment
        description: Deploy and manage AWS Network Firewall across VPCs in multiple accounts from a central policy.
      - name: Compliance Reporting
        description: Monitor and report on firewall policy compliance for SOC 2, PCI DSS, and regulatory requirements.
      - name: New Account Onboarding
        description: Automatically apply security policies to new AWS accounts as they join the organization.
  - type: Integrations
    data:
      - name: AWS Organizations
        description: Manage Firewall Manager policies across all accounts in the organization hierarchy.
      - name: AWS WAF
        description: Centrally create and deploy WAF rule groups and web ACLs across accounts.
      - name: AWS Shield Advanced
        description: Enable and manage Shield Advanced protection for all DDoS-sensitive resources.
      - name: AWS Network Firewall
        description: Deploy centrally managed network firewall policies across VPCs.
      - name: Amazon Route 53 Resolver
        description: Manage DNS Firewall rule groups for Route 53 Resolver across accounts.
      - name: Amazon CloudWatch
        description: Monitor compliance metrics and set alarms for non-compliant resources.
      - name: AWS Security Hub
        description: Send Firewall Manager compliance findings to Security Hub for centralized security posture management.
      - name: AWS IAM
        description: Control who can create, modify, and view Firewall Manager policies using IAM permissions.
  - type: Integrations
    url: https://aws.amazon.com/marketplace
integrations:
  - name: Sign in
  - name: Agent Mode
  - name: Why AWS Marketplace?
  - name: Get started in AWS Marketplace
  - name: Industry
  - name: Resources
  - name: Become a Channel Partner
  - name: Sell in AWS Marketplace
  - name: Manage Your Account
maintainers:
  - FN: Kin Lane
    email: [email protected]