Provisoning Firewalls using AWS Firewall Factory

Provisoning Firewalls using AWS Firewall Factory

How to deploy Firewalls at Scale

Published Nov 30, 2023
Whether you're a small business or a large enterprise, a Web Application Firewall is an essential tool for securing your applications and protecting your online assets. A WAF is a critical layer of defense that helps to secure your web applications against a wide range of security risks, including SQL injection attacks, cross-site scripting (XSS), and other malicious activities.

What is a Web Application Firewall?

A crucial security component for every web app. It acts as a protective barrier between your application and potential threats. Offering a range of practical functionalities to mitigate known risks, emerging threats, harmful activities and many more.

AWS Firewall Factory is an open-source solution that helps you deploy, update and stage your Web Application Firewalls at scale while managing them centrally via AWS Firewall Manager.
It automates your security management, can be tailored with individual WAF configurations and alligns with AWS best-practices.
  • ♾️ Fully automated to centralize your WAF Deployment & Management: It simplifies the entire process by minimising administrative effort. Making it easier for you to ensure consistent protection and overseeing your WAF across applications.
  • 🔖 Comprehensive Testing with Detailed Reports: It uncovers wether your application is resilient or not and reports issues precisely. With these insights you can dive deep into strengthening your application’s weaknesses.
  • 🧮 Automate Calculation of Your WAF's Costs: Your smart assistant that overtakes cost estimations in a transparent way, helping you associate expenses to the exact security measures. This will boost your financial planning.
  • 💌 Notifications about Ddos or Managed Rule Group Changes: Get notified about potential DDoS activity for protected resources or changes in AWS managed rule groups, such as upcoming new versions and urgent security updates.
  • Additional features such as centralized dashboards and logging: Monitor every security event in real time to be able to defend against potential threads and anomalies immediately.


Let's take a quick look at the solution architecture. In order to be able to provision WAFs using AWS Firewall Manager to other accounts we first need to set the Firewall Manager administrator account in our AWS Organization. Additionally we need to have a central S3 Bucket which we will use for our WAF logs. The logs we could use to see potential false positives to develop custom WAF rules. The easiest way to do this is to query the S3 bucket via Athena.
Start securing your applications with ManagedRuleGroups in AWS Managed Rules for AWS WAF. This managed service protects against common vulnerabilities without the need to write custom rules. After deploying your firewall and using ManagedRuleGroups, leverage the S3 log bucket to identify errors and create custom rules for false positives. Define RuleStatements in your value file during deployment, and the solution calculates required capacity using AWS's CheckCapacity API. RuleGroups are attached to WAF, and an algorithm optimally creates new RuleGroups by padding them to maximum size.
We hope you'll find this solution helpful to secure your environment! If you have any feedback about the solution, please feel free to reach out to us or open a github issue.