Starting today, AWS Firewall Manager now supports a new policy feature that allows you to ensure AWS WAF web ACLs are exclusively created in AWS accounts with resources in scope. Additionally, AWS Firewall Manager removes web ACLs from AWS accounts that no longer have resources within scope. In the past, AWS Firewall Manager would create web ACLs in all AWS accounts within a policy’s scope, even if no resources were in scope. This functionality enables customers to optimize costs associated with unassociated web ACLs and helps customers to effectively scale existing Firewall Manager WAF policies across organizations and accounts.
Source:: Amazon AWS