03-02-2018 05:20 AM
Hello!
I work at a large company that has a hybrid workload split between AWS and our datacenters, with dedicated connectivity between AWS and on-prem resources. We use NGFW's on the datacenter end with a default-deny policy for everything. Our firewall change process includes a weekly change management meeting with a whole bunch of approvals, and change windows twice a week. This simply can't keep up with all of the new applications being deployed in AWS; especially since so many of the rule change requests are more or less identical, like allowing new services in AWS to access port 80 on a specific IP in our datacenter.
I was wondering if anyone has, or knows of, information they can point me to about how others have solved problems like this? I figured that this was the best category for such a question, but I can handle the actual code and API side of it fine. The thing I'm looking for help with are success stories from other companies that have done this, that I can use to help convince leadership and the change management folks that we can automate many typical firewall changes (or even make them self-service) the same way we do that for other infrastructure tasks.
Thanks in advance for any input/advice/links/etc.
Jason
