AWS Launches Managed Firewall Service for Virtual Private Clouds
Amazon Web Services (AWS) is expanding its cloud security toolset with the launch of AWS Network Firewall, a managed service designed specifically for AWS Virtual Private Cloud (VPC) customers.
Network Firewall gives users "an easier way to scale network security across all the resources in their workload, regardless of which AWS services they used," AWS said in a blog post announcing the launch this week. Its scalability means users don't have to purchase additional security infrastructure when their traffic changes.
The service also lets users "easily deploy and manage stateful inspection, intrusion prevention and detection, and web filtering to protect your virtual networks on AWS," according to the blog.
Users can implement custom security rules for their workloads. They can bar VPCs from accessing prohibited domains, for example, as well as block risky IP addresses and identify potentially malicious activities.
"AWS Network Firewall runs stateless and stateful traffic inspection rules engines. The engines use rules and other settings that you configure inside a firewall policy," AWS explained. "You use a firewall on a per-Availability Zone basis in your VPC. For each Availability Zone, you choose a subnet to host the firewall endpoint that filters your traffic. The firewall endpoint in an Availability Zone can protect all of the subnets inside the zone except for the one where it's located."
Network Firewall works with AWS Firewall Manager. This integration lets users centralize their management of all the firewall activities in their environments. It also works with AWS services like CloudWatch, S3 and Kinesis Firehouse for analytics purposes, as well as offerings from AWS partners including Splunk, CrowdStrike and Palo Alto Networks.
More information on AWS Network Firewall, including pricing, is available on the product page here.
Gladys Rama (@GladysRama3) is the editor of Redmondmag.com, RCPmag.com and AWSInsider.net, and the editorial director of Converge360.