Free Assessment

AWS_NF_4

Ensure Network firewall have policy change protection enabled

Description

The network firewall helps you protect your VPC. Set policy change protection to protect against accidental modification of the firewall policy.

Remediation

From TF:
resource aws_networkfirewall_firewall” “example” {
– firewall_policy_change_protection = false
+ firewall_policy_change_protection = true
}

From Command Line:
In order to set Networks firewall PolicyChangeProtection to TRUE use to following CLI command:
“`aws network-firewall update-firewall-policy-change-protection –region REGION_NAME –firewall-name FIREWALL_NAME –firewall-policy-change-protection“`
Note: The flag –firewall-policy-change-protection will set the policy change protection to TRUE.

References:
1. https://docs.aws.amazon.com/network-firewall/latest/APIReference/API_UpdateFirewallPolicyChangeProtection.html
2. https://awscli.amazonaws.com/v2/documentation/api/latest/reference/network-firewall/update-firewall-policy-change-protection.html

Service

AWS Network Firewall

Severity

High

Compliance

Mapping

Want to Know More?

Learn how our partners are managing their cloud security and compliance with Cloudlytics.

I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.

Cloudlytics

Solutions

Resources

Company

Legal

Facebook Twitter Linkedin Youtube
Start Free Trial
Login

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Learn More