A company has a platform that is divided into 12 AWS accounts under the same...

The company needs centralized, scalable protection acrossmany accountsfor bothexisting and futureAPI Gateway resources, with minimal ongoing effort.AWS Firewall Manageris specifically designed for this: it can centrally deploy and enforceAWS WAFprotections across AWS Organizations. By creating a Firewall ManagerWAF policy, the security team defines a single set of controls (for example, AWS Managed Rules for SQL injection protection andAWS Bot Control) and applies them automatically to in-scope resources across member accounts.

Critically, Firewall Manager can be configured toauto-remediate noncompliant resources, ensuring that if new API Gateway stages are created later, they are automatically brought under the policy without manual per-account work. This directly meets the “existing and future resources” requirement.

Options A, C, and D introduce higher operational overhead: per-API ACL creation plus AWS Config remediation (A) is more moving parts; Service Catalog plus detection/remediation (C) is indirect and heavy; and Security Hub + EventBridge + Lambda automation (D) is custom engineering and maintenance. Firewall Manager is the AWS-native centralized governance solution for multi-account WAF rollout and enforcement.