You can use aws firewall manager security group policies to manage amazon vpc security groups with vpc associations and shared security groups These allow you to apply centrally controlled security group policies to your entire organization or to a select subset of your accounts and resources. This new feature allows you to create inbound security rules that reference security groups defined in other amazon virtual private clouds (amazon vpcs) attached to a transit gateway within the same amazon web services (aws) region. One solution that doesn’t require additional firewalls is to use aws firewall manager service to centralize control and auditing for security groups Each aws network firewall can have its own firewall policy or share a policy through common rule groups (reusable collections of rules) across multiple firewalls. A dns firewall rule group, containing all the necessary security policies, is created in the security tooling/audit account
The firewall manager security policy enables central distribution and enforcement of dns firewall rule groups across vpcs in your aws accounts.
WATCH
