AWS network-firewall medium security documentation change
Summary
Added VPC endpoint association quotas and clarified network traffic bandwidth limit enforcement
Security assessment
Added explicit statement that Network Firewall drops traffic exceeding 100 Gbps bandwidth limit. This documents a security control preventing potential traffic flooding/DoS scenarios by enforcing hard limits.
Diff
diff --git a/network-firewall/latest/developerguide/quotas.md b/network-firewall/latest/developerguide/quotas.md index 7f6c918a3..d25b4c22c 100644 --- a//network-firewall/latest/developerguide/quotas.md +++ b//network-firewall/latest/developerguide/quotas.md @@ -15,0 +16 @@ Maximum number of stateful rule groups per account per Region. You can't use al +Maximum number of VPC endpoint associations per account per Region. | 300 @@ -23,0 +25 @@ Resource | Quota +Maximum number of VPC endpoint associations allowed per firewall, per Availability Zone. | 50 @@ -33 +35 @@ Maximum number of stateless rules per firewall policy. This is the total across -Maximum network traffic bandwidth per firewall endpoint. If you require more traffic bandwidth, you can split your resources into subnets and create a firewall in each subnet. | 100 Gbps +Maximum network traffic bandwidth for a firewall's endpoints in any single Availability Zone. Endpoints can be defined in the firewall and in VPC endpoint associations that use the firewall. Network Firewall drops any traffic over the limit. | 100 Gbps