A cloud firewall filters network traffic to and from cloud resources. It uses rules or policies to allow, block, or inspect traffic based on ports, addresses, protocols, applications, or identities.
Where cloud firewalls fit
Cloud firewalls can protect virtual machines, containers, VPCs, applications, and internet-facing services. They are part of a broader security design, not the whole design.
Firewall and VPC
A VPC defines the cloud network boundary. Firewalls and security rules help control what traffic can cross or move inside that boundary.
A cloud firewall helps reduce exposure, but it must be paired with identity, logging, patching, and application security.