As an AWS system administrator, you manage an AWS Organizations where there are dozens of AWS accounts. From time to time, you need to create the same WAF web ACLs in all the accounts.
For example, a web ACL should be created to block some suspicious IPs. You would like to manage WAF rules across multiple accounts and resources in the Organization.
Which method is the most suitable one for you to select?

Answer options:

A.Use AWS Firewall Manager to configure AWS WAF rules within the Organization. Apply an AWS Firewall Manager WAF policy to create a web ACL in each applicable account.
B.Log in to the AWS Organizations using the administrator account. Manage AWS WAF conditions, rules, and ACLs in the AWS Organizations.
C.Log in to the AWS Management Console with the AWS Organizations root account. Manage cross-account web ACLs in AWS Config.
D.In AWS Organizations, identify an AWS account as the WAF administrator. Log in to the AWS account and create cross-account firewall rules in AWS WAF.

Answer: A
Option A is CORRECT because AWS Firewall Manager can help manage WAF web ACLs for accounts within an AWS Organizations.
Option B is incorrect because you cannot manage AWS WAF in AWS Organizations containing several AWS accounts.
Option C is incorrect because AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources, but it cannot be used to manage cross-account web ACLs.
Option D is incorrect because users need to configure AWS Firewall Manager rule groups and policies first within an Organization to create cross-account WAF rules.
AWS Firewall Manager is a tool to manage multiple accounts and resources for AWS WAF rules, AWS Shield Advanced protection, and Amazon VPC security groups. Details can be found in
Reference:
https://docs.aws.amazon.com/waf/latest/developerguide/create-policy.html#creating-firewall-manager-policy-for-waf