Once deployed, a text file with one-domain-per-line defines the domain list and can be uploaded to Amazon S3 to trigger the Lambda function to update domain list rules for both Network Firewall and DNS Firewall. In this solution, we provide an AWS CloudFormation template that deploys an Amazon Simple Storage Service (Amazon S3) Bucket, an Amazon S3 Event Trigger, an AWS Lambda Function, DNS Firewall Domain List and Rule Group, and Network Firewall Rule and Rule Group, along with the necessary AWS Identity and Access Management (IAM) roles. Network Firewall can apply host header inspection to create a similar domain allowlist or denylist control. It lets you easily deny/allow DNS traffic across all VPCs centrally, providing a DNS control point. Route 53 Resolver DNS Firewall is a highly-available and managed DNS firewall service for the Route 53 Resolver. Automating this functionality helps reduce complexity and risk, thereby enhancing your security posture while saving time and reducing operational burden. This post walks you through automating the process of creating and updating a common domain list for Network Firewall and Route 53 Resolver DNS Firewall.
And Amazon Network Firewall filters domains by including a domain list in a stateful firewall rule.
DNS Firewall lets you define domain name filtering rules in rule groups that you associate with your VPCs. Although both DNS Firewall and Network Firewall can use domain lists, currently no feature exists for synchronizing the domain list between both services. Using domain list rules in AWS Network Firewall and Amazon Route 53 Resolver DNS Firewall lets you enforce network security controls at multiple layers based on domain names. Many of our customers take a “defense in depth” approach to secure workloads within their Amazon Virtual Private Clouds (Amazon VPC).
0 kommentar(er)
