**Introducing a new console experience for AWS WAF**
You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the console](https://docs.aws.amazon.com/waf/latest/developerguide/working-with-console.html).
# Grouping your resources in Firewall Manager
This section decribes what a resource set is and lists considerations for using resource sets.
An AWS Firewall Manager *resource set* is a collection of resources, such as firewalls, that you can group together and manage in a Firewall Manager policy. Resource sets enable members in your organization to have granular control over what resources to manage in a policy. To use resource sets, create a resource set in the console or using the [PutResourceSet](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PutResourceSet.html) API, then add the resource set to your Firewall Manager policy.
You can create and manage resource sets for the following resource and security policy types:
| Resource type | Firewall Manager security policy type |
| --- | --- |
| AWS Network Firewall - firewalls | Network Firewall policy - Use resource sets to import existing firewalls from Network Firewall. For information about using resource sets in a Network Firewall policy, see the Importing existing firewalls step in the [Creating an AWS Firewall Manager policy for AWS Network Firewall](create-policy.md#creating-firewall-manager-policy-for-network-firewall) procedure. |
The following sections cover requirements for creating and deleting resource sets.
**Topics**
+ [
## Considerations when working with resource sets in Firewall Manager
](#fms-resource-sets-considerations)
+ [
# Creating resource sets in Firewall Manager
](fms-creating-resource-set.md)
+ [
# Deleting a resource set in Firewall Manager
](fms-deleting-resource-set.md)
## Considerations when working with resource sets in Firewall Manager
Note the following considerations when working with resource sets.
**References to non-existent resources**
When you add a resource to a resource set, you create a reference to the resource using an Amazon Resource Name (ARN). Firewall Manager validates that Amazon Resource Name (ARN) is the correct format, but Firewall Manager doesn't check that the referenced resource exists. If the resource doesn't exist yet passes ARN validation, Firewall Manager includes the resource reference in the resource set. If a new resource with the same ARN is later created, Firewall Manager applies rule groups from the resource set's associated policy to the new resource.
**Deleted resources**
When a resource in a resource set is deleted, the reference to the resource remains in the resource set until it's removed by the Firewall Manager administrator.
**Resources owned by member account that leaves the AWS Organizations organization**
If a member account leaves the organization, any references to resources owned by that member account will remain in the resource set but will no longer be managed by any policies the resource set is associated with.
**Association to multiple policies**
A resource set can be associated with multiple policies, but not all policy types support multiple policies managing the same resource. See the documentation for your specific policy type for information about unsupported scenarios.
# Creating resource sets in Firewall Manager
**To create a resource set (console)**
1. Sign in to the AWS Management Console using your Firewall Manager administrator account, and then open the Firewall Manager console at [https://console.aws.amazon.com/wafv2/fmsv2](https://console.aws.amazon.com/wafv2/fmsv2). For information about setting up a Firewall Manager administrator account, see [AWS Firewall Manager prerequisites](fms-prereq.md).
**Note**
For information about setting up a Firewall Manager administrator account, see [AWS Firewall Manager prerequisites](fms-prereq.md).
1. In the navigation pane, choose **Resource sets**.
1. Choose **Create resource set**.
1. For **Resource set name**, enter a descriptive name.
1. (Optional) enter a **Description** for the resource set.
1. Choose **Next**.
1. For **Choose resources**, select an **AWS account ID** then select **Choose resources** to add resources owned and managed by this account to the resource set. After you select the resources, select **Add** to add the resources to the resource set.
1. Choose **Next**.
1. For **Resource set tags**, add any identifying tags that you want for the resource set. For more information about tags, see [Working with Tag Editor](https://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/tag-editor.html).
1. Choose **Next**.
1. Review the new resource set. To make any changes, choose **Edit** in the area that you want to change. This returns you to the corresponding step in the creation wizard. When you are satisfied with the resource set, choose **Create resource set**.
# Deleting a resource set in Firewall Manager
Before you can delete a resource set, the resource set must be disassociated from all policies using the resource set. You can disassociate resource groups in the policy detail page using the console, or with the [PutPolicy](https://docs.aws.amazon.com/fms/2018-01-01/APIReference/API_PutPolicy.html) API.
**To delete a resource set (console)**
1. In the navigation pane, choose **Resource sets**.
1. Choose the option next to the resource set that you want to delete.
1. Choose **Delete**.