CRUCIBLE
Log in
← Back to Services

Firewall Manager

LOW

The provided source pages do not explicitly mention 'AWS Firewall Manager'. This study guide extracts content related to general firewall concepts and AWS services that perform firewall-like functions, such as EC2 Security Groups, Network Access Control Lists (NACLs), Web Application Firewall (WAF), and Gateway Load Balancer for virtual firewall appliances. It highlights their purpose, configuration, and security implications as described in the source material. Note: This extraction is incomplete regarding AWS Firewall Manager specifically, as it was not found in the source pages.

Learning Objectives

  • Understand the fundamental concept of a firewall in network security.
  • Describe how AWS Security Groups function as virtual firewalls for EC2 instances.
  • Explain the role of Network Access Control Lists (NACLs) in network security.
  • Identify the purpose and protective capabilities of AWS Web Application Firewall (WAF).
  • Recognize the use case of Gateway Load Balancer (GWLB) for integrating third-party virtual firewall appliances.

Firewall Core Concepts

Firewalls are fundamental to network security, controlling traffic based on defined rules.

Firewalls prevent unauthorized access to your networks by inspecting incoming and outgoing traffic against security rules you've defined.

AWS Services for Firewall Functionality

AWS provides several services that offer firewall-like capabilities at different layers of your infrastructure.

These services allow for controlling network traffic and protecting resources.

EC2 Security Groups

Security Groups act as virtual firewalls for EC2 instances, controlling inbound and outbound traffic. They are stateful, meaning if an inbound request is allowed, the corresponding outbound response is automatically permitted. All inbound traffic is blocked by default, while all outbound traffic is allowed by default. They regulate access to ports and authorize IP ranges. A single security group can be associated with multiple EC2 instances and are tied to a specific AWS Region and VPC. Traffic is filtered before reaching the EC2 instance.
default_inbound_behavior All inbound traffic is blocked by default
default_outbound_behavior All outbound traffic is allowed by default
statefulness Stateful (inbound allowed -> outbound response automatically allowed)
rule_components Protocol, port range, source/destination (IP addresses, CIDR blocks, or other security groups)
scope Instance-level, Regional, VPC-specific
Use Cases:
  • Controlling SSH access (port 22)
  • Controlling HTTP/HTTPS web traffic (ports 80/443)
  • Restricting access to known IP ranges
  • Allowing another security group to send inbound data on a specific port

Network Access Control Lists (NACLs)

NACLs are mentioned as a layer for security implementation in the AWS Well-Architected Framework. They are implemented at the subnet level to apply security.
scope Subnet level
Use Cases:
  • Implementing security at all layers, specifically at the subnet level.

Web Application Firewall (WAF)

WAF helps protect your web applications against common web attacks. It specifically protects against common attack patterns such as SQL injection and cross-site scripting attacks. WAF can be deployed on CloudFront as part of a CDN solution to block malicious traffic or protect a web application deployed directly on an EC2 instance.
Use Cases:
  • Protecting web applications from cross-site scripting attacks.
  • Protecting web applications from SQL injection attacks.
  • Blocking malicious traffic as part of a CDN solution with CloudFront.

Gateway Load Balancer (GWLB) for Virtual Firewall Appliances

Gateway Load Balancer (GWLB) is a service designed for integrating third-party virtual firewall appliances. It can be deployed in an inspection VPC. A Gateway Load Balancer endpoint is created in an application VPC to redirect traffic to the appliance in the inspection VPC. GWLB automatically distributes traffic, scales, and maintains flow stickiness, reducing operational overhead.
Use Cases:
  • Integrating a third-party virtual firewall appliance with a three-tier web application for traffic inspection before it reaches the web server.
  • Transparent redirection of traffic to virtual firewall appliances.

Shared Responsibility Model - Firewall Configuration

In the AWS Shared Responsibility Model, certain aspects of security, including firewall configuration, fall under the customer's responsibility.

Under the AWS Shared Responsibility Model, customers are responsible for firewall configuration, which falls under 'Security in the Cloud'. This means you are responsible for network traffic protection, including security group firewall configuration.

Exam Focus

  • If a question involves automation, logging, or incident management, consider Operational Excellence. (Source page 6)
  • If a web page doesn't load (e.g., HTTP access), the issue is likely with the Security Group rules not allowing traffic on the required port. (Source page 5)
  • If the application returns a 'connection refused' error, it indicates that traffic is reaching the instance, but the application itself has an error. (Source page 5)
  • WAF protects against SQL injection and cross-site scripting attacks. (Source page 8)

Glossary

Security Group
Acts as a virtual firewall for EC2 instances, controlling inbound and outbound traffic.
Web Application Firewall (WAF)
A service that helps protect web applications against common web attacks such as SQL injection and cross-site scripting.
Gateway Load Balancer (GWLB)
A load balancer designed for transparently deploying, scaling, and managing virtual appliances, such as firewalls, intrusion detection and prevention systems, and deep packet inspection systems.
Network Access Control List (NACL)
A security layer that acts as a firewall for controlling traffic in and out of one or more subnets.

Key Takeaways

  • While AWS Firewall Manager was not directly mentioned, general firewall principles are crucial for AWS security. (Inferred from multiple sources)
  • Security Groups provide instance-level virtual firewall functionality for EC2 instances, controlling inbound and outbound traffic. (Source page 5)
  • Network Access Control Lists (NACLs) apply security at the subnet level. (Source page 6)
  • AWS Web Application Firewall (WAF) protects web applications against common web attacks like SQL injection and cross-site scripting. (Source page 8)
  • Gateway Load Balancer (GWLB) is used for transparently integrating third-party virtual firewall appliances. (Source page 8)
  • Firewall configuration is a customer's responsibility under the Shared Responsibility Model ('Security in the Cloud'). (Source page 10)

Content Sources

Introduction to AWS Systems Manager f... AWS Systems Manager for Hybrid Enviro... Introduction to AWS Systems Manager f... Tooling and Automation Amazon EC2 Extracted: 2026-01-26 12:55:05.174437 Model: gemini-2.5-flash