Question #916
A company needs to enforce consistent AWS WAF rules across multiple AWS accounts within an organization in AWS Organizations. Which AWS service should the company use to meet these requirements?
AWS Firewall Manager
Amazon GuardDuty
Amazon Detective
AWS WAF
Explanation
AWS Firewall Manager (Option A) is designed to centrally manage AWS WAF rules and other firewall policies across multiple accounts in an AWS Organization. It automates the deployment and maintenance of security rules, ensuring consistency and reducing manual configuration errors.
- Why Option A is correct: Firewall Manager integrates with AWS Organizations to enforce WAF rules uniformly, making it ideal for multi-account environments.
- Why other options are incorrect:
- B (Amazon GuardDuty): A threat detection service, not for enforcing WAF rules.
- C (Amazon Detective): A security investigation tool, unrelated to policy enforcement.
- D (AWS WAF): A standalone service for creating web ACLs but lacks cross-account management capabilities.
Key Points:
- Use AWS Firewall Manager for centralized, cross-account WAF rule management.
- AWS Organizations integration is critical for multi-account governance.
- AWS WAF alone cannot enforce rules across accounts without manual intervention.
Answer
The correct answer is: A