Key concepts


There are 3 key components of AWS Network Firewall.

1. Rule Groups

Holds a reusable collection of criteria for inspecting traffic and for handling packets and traffic flows that match the inspection criteria.

2. Policy

Defines a reusable set of stateless and stateful rule groups, along with some policy-level behavior settings.

3. Firewall

Connects the inspection rules in the firewall policy to the VPC that the rules protect. Each firewall requires one firewall policy. The firewall additionally defines settings like how to log information about your network traffic and the firewall’s stateful traffic filtering.

Click here for more detailed documentation

AWS Network Firewall is presented as a VPC endpoint in a VPC subnet. This firewall endpoint highly available and is powered by AWS Gateway Load Balancer (GWLB)