AWS Firewall Manager now supports security groups on Application Load Balancers and Classic Load Balancers
AWS Firewall Manager now supports security groups on Application Load Balancers and Classic Load Balancers, allowing you to centrally configure and audit security groups associated with these resource types, across multiple accounts in your organization. Firewall Manager today supports security groups associated with EC2 instances and Elastic Network Interfaces (ENIs). With this launch, you can now utilize Firewall Manager’s capabilities to also centrally manage security groups associated with Application Load Balancers and Classic Load Balancers. You can audit security groups associated with these resource types to ensure they are only accessing IP CIDRs or ports mandated by your organization. You can use pre-packaged audit rules provided by Firewall Manager, or customize your own audit rules to check for non-compliance. For example, you can audit existing security group rules on Application Load Balancers to ensure they are only accessing the CloudFront IPs you have listed. Similarly, you can also define a Firewall Manager policy to specify security groups with a baseline set of inbound and outbound rules that you want associated with your load balancers. Only requests that comply with the inbound rules can reach your load balancers, and the load balancers will only distribute requests that meet the outbound rules. Furthermore, with Firewall Manager, you can auto-remediate any non-compliant rules and get a detailed list of violations on your Firewall Manager console.
Source:: Amazon AWS