AWS amplify documentation change
Summary
Added clarification that web ACLs for Amplify must be created in the Global (CloudFront) Region, as regional ones are incompatible.
Security assessment
The change clarifies correct configuration of AWS WAF (a security feature) but does not reference a specific security vulnerability or incident. It prevents misconfiguration rather than addressing an exploit.
Diff
diff --git a/amplify/latest/userguide/amplify-waf-CDK.md b/amplify/latest/userguide/amplify-waf-CDK.md index 56e4d55d9..95a007dbc 100644 --- a//amplify/latest/userguide/amplify-waf-CDK.md +++ b//amplify/latest/userguide/amplify-waf-CDK.md @@ -9 +9 @@ You can use the AWS Cloud Development Kit (AWS CDK) to enable AWS WAF for an Amp -The following TypeScript code example demonstrates how to create an AWS CDK app with two CDK stacks: one for Amplify and one for AWS WAF. Notice that the AWS WAF stack must be deployed to the US East (N. Virginia) (us-east-1) Region. The Amplify application stack can be deployed to a different Region. +The following TypeScript code example demonstrates how to create an AWS CDK app with two CDK stacks: one for Amplify and one for AWS WAF. Notice that the AWS WAF stack must be deployed to the US East (N. Virginia) (us-east-1) Region. The Amplify application stack can be deployed to a different Region. You must create the web ACL that you want to associate with the Amplify app in the Global (CloudFront) Region. Regional web ACLs might already exist in your AWS account, but they are not compatible with Amplify.