AWS Security ChangesHomeSearch

AWS AWSCloudFormation documentation change

Service: AWSCloudFormation · 2025-06-13 · Documentation low

File: AWSCloudFormation/latest/TemplateReference/aws-properties-wafv2-webacl-rulegroupreferencestatement.md

Summary

Clarified behavior of invalid rule name overrides in managed vs customer-owned rule groups

Security assessment

The change improves documentation accuracy about configuration behavior but does not directly relate to security features or vulnerabilities.

Diff

diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-wafv2-webacl-rulegroupreferencestatement.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-wafv2-webacl-rulegroupreferencestatement.md
index 02707749e..cf60dc2cb 100644
--- a//AWSCloudFormation/latest/TemplateReference/aws-properties-wafv2-webacl-rulegroupreferencestatement.md
+++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-wafv2-webacl-rulegroupreferencestatement.md
@@ -78 +78 @@ Action settings to use in the place of the rule actions that are configured insi
-Take care to verify the rule names in your overrides. If you provide a rule name that doesn't match the name of any rule in the rule group, AWS WAF doesn't return an error and doesn't apply the override setting.
+Verify the rule names in your overrides carefully. With managed rule groups, AWS WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.