During an audit process, an organization is advised by the audit committee to centrally manage all the VPC security groups and WAF rules across their AWS environment.
Given that the organization has multiple AWS accounts, how can this be achieved?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: B.
AWS Firewall Manager makes it possible to manage VPC security groups, AWS Shield Advanced and WAF rules on one platform even across multiple AWS accounts.
https://docs.aws.amazon.com/waf/latest/developerguide/fms-chapter.htmlOption A is INCORRECT because AWS Identity & Access Management (IAM) does not allow for the management of VPC security groups or WAF rules.
Option C is INCORRECT because Amazon Cloud Directory is a repository for developer objects.
The service does not have the functionality to centrally manage all the VPC security groups or WAF rules in the AWS environment.
Option D is INCORRECT because AWS Security Hub is a full-view, single-look, comprehensive depiction of the security state of the customer's AWS environment.
The service collates security data across AWS accounts and facilitates the analysis of data security patterns.
It identifies the highest priority security areas in the customer's AWS environment.
The correct answer to the question is B. AWS Firewall Manager.
Explanation:
AWS Firewall Manager is a security management service that allows central management of firewall rules and policies across multiple AWS accounts and resources. Firewall Manager enables administrators to configure and manage AWS WAF rules and security group rules across multiple VPCs in different AWS accounts.
To achieve centralized management of VPC security groups and WAF rules across multiple AWS accounts using Firewall Manager, an administrator can create an AWS Firewall Manager policy. A policy is a set of rules that specify the desired configuration for security groups and WAF rules in a specific AWS environment.
Once the policy is created, it can be applied to multiple accounts or specific resources such as VPCs. The Firewall Manager policy ensures that the security groups and WAF rules are compliant with the organization's security policies and standards.
AWS Identity & Access Management (IAM) is a service that manages user access to AWS resources. It is not designed for managing VPC security groups or WAF rules across multiple AWS accounts.
Amazon Cloud Directory is a managed service for building directories for applications. It is not designed for managing VPC security groups or WAF rules across multiple AWS accounts.
AWS Security Hub is a security service that provides a comprehensive view of security alerts and compliance status across an organization's AWS accounts. It is not designed for managing VPC security groups or WAF rules across multiple AWS accounts.