Question 1

Should I use AWS Firewall Factory or Terraform for managing AWS WAFs?

Accepted Answer

AWS Firewall Factory is built on AWS CDK and integrates natively with AWS Firewall Manager, making it ideal for teams already using CDK. Terraform offers broader multi-cloud support but lacks the same level of AWS-specific automation for centralized WAF management.

Question 2

How to integrate AWS Firewall Factory with my CI/CD pipeline?

Accepted Answer

You can use the AWS CDK constructs in your pipeline to deploy WAF policies as code. The project includes automated tests and GitHub Actions workflows, as shown in the README, which can be adapted for CI/CD integration.

Question 3

What AWS permissions are needed to run AWS Firewall Factory?

Accepted Answer

It requires permissions for AWS Firewall Manager, WAF, and CDK services. You'll need to set up IAM roles in your management and member accounts, with details typically found in AWS documentation or deployment guides.

Question 4

Can I use AWS Firewall Factory with existing AWS WAF configurations?

Accepted Answer

Yes, but you'll need to migrate existing rules into CDK code manually. The factory supports custom rules, so you can replicate your current setup, though it may require reworking for centralization.

Question 5

Is AWS Firewall Factory free to use?

Accepted Answer

The software is open-source and free, but you incur costs for AWS services like Firewall Manager, WAF, and data transfer. Always check AWS pricing for potential overhead in large deployments.

Question 6

How does it handle security updates for managed WAF rules?

Accepted Answer

It leverages AWS WAF's managed rule groups, which AWS updates automatically. The factory allows staging and testing these updates before production deployment, reducing risk.

aws-firewall-factory

What is aws-firewall-factory?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions