Top / Amazon Web Service / AWS Firewall Manager / ADMin Account

AWS Firewall Manager ADMin Account

This page shows how to write Terraform and CloudFormation for Firewall Manager ADMin Account and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_fms_admin_account (Terraform)

The ADMin Account in Firewall Manager can be configured in Terraform with the resource name aws_fms_admin_account. The following sections describe 2 examples of how to use the resource and its parameters.

Example Usage from GitHub

fms_admin_account.tf#L4
resource "aws_fms_admin_account" "fms_admin_account" {
  count = var.enable_fms_admin_account ? 1 : 0

  account_id = var.fms_admin_account_id

  lifecycle {
fms_admin_account.tf#L4
resource "aws_fms_admin_account" "fms_admin_account" {
  count = var.enable_fms_admin_account ? 1 : 0

  account_id = var.fms_admin_account_id

  lifecycle {

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Provides a resource to associate/disassociate an AWS Firewall Manager administrator account. This operation must be performed in the us-east-1 region.

>> from Terraform Registry

AWS::FMS::Policy (CloudFormation)

The Policy in FMS can be configured in CloudFormation with the resource name AWS::FMS::Policy. The following sections describe 8 examples of how to use the resource and its parameters.

Example Usage from GitHub

firewall-manager-org-waf-policy.yaml#L9
    Type: AWS::FMS::Policy
    Properties:
      PolicyName: fms-regional-waf-default-policy
      DeleteAllPolicyResources: true
      RemediationEnabled: true
      ExcludeResourceTags: true
negative1.yaml#L7
    Type: AWS::FMS::Policy
    Properties:
      ExcludeResourceTags: true
      ResourceTags:
        - Key: resourceTag1
          Value: value
cfn.yaml#L6
    Type: AWS::FMS::Policy
    Properties:
      Tags:
        - Key: "isSpecial"
          Value: "true"
      ResourceType: AWS::ElasticLoadBalancingV2::LoadBalancer
cfn_tagged.yaml#L6
    Type: AWS::FMS::Policy
    Properties:
      Tags:
        - Key: "isSpecial"
          Value: "true"
        - Key: new_tag
sra-firewall-manager-org-waf-policy.yaml#L13
    Type: AWS::FMS::Policy
    Properties:
      PolicyName: fms-regional-waf-default-policy
      DeleteAllPolicyResources: true
      RemediationEnabled: true
      ExcludeResourceTags: true
FMSPolicySpecification.json#L3
    "AWS::FMS::Policy.IEMap": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fms-policy-iemap.html",
      "Properties": {
        "ACCOUNT": {
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-fms-policy-iemap.html#cfn-fms-policy-iemap-account",
          "UpdateType": "Mutable",
awsResouceIconMatches.json#L2941
        "resourceType": "AWS::FMS::Policy",
        "filePath": null
      }
    ]
  },
  {
template.json#L2535
    "AWS::FMS::Policy": {
      "Type": "AWS::FMS::Policy",
      "Properties": {}
    },
    "AWS::Transfer::User": {
      "Type": "AWS::Transfer::User",

Parameters

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

An AWS Firewall Manager policy.

Firewall Manager provides the following types of policies: + An AWS Shield Advanced policy, which applies Shield Advanced protection to specified accounts and resources.

  • An AWS WAF policy (type WAFV2), which defines rule groups to run first in the corresponding AWS WAF web ACL and rule groups to run last in the web ACL.
  • An AWS WAF Classic policy, which defines a rule group. AWS WAF Classic doesn't support rule groups in Amazon CloudFront, so, to create AWS WAF Classic policies through CloudFront, you first need to create your rule groups outside of CloudFront.
  • A security group policy, which manages VPC security groups across your AWS organization.
  • An AWS Network Firewall policy, which provides firewall rules to filter network traffic in specified Amazon VPCs.
    • A DNS Firewall policy, which provides Amazon Route 53 Resolver DNS Firewall rules to filter DNS queries for specified Amazon VPCs.

    Each policy is specific to one of the types. If you want to enforce more than one policy type across accounts, create multiple policies. You can create multiple policies for each type.

    These policies require some setup to use. For more information, see the sections on prerequisites and getting started under AWS Firewall Manager.

>> from AWS CloudFormation Documentation

The Other Related AWS Firewall Manager Resources

Frequently asked questions

What is AWS Firewall Manager ADMin Account?

AWS Firewall Manager ADMin Account is a resource for Firewall Manager of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Firewall Manager ADMin Account?

For Terraform, the asrkata/SebastianUA-terraform and SebastianUA/terraform source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the mynameisakash/aws_sec_ref_arch, Checkmarx/kics and bridgecrewio/yor source code examples are useful. See the CloudFormation Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents