AWS AWSCloudFormation documentation change
Summary
Clarified behavior of invalid rule name overrides in managed vs customer-owned rule groups
Security assessment
The change improves documentation accuracy about configuration behavior but does not directly relate to security features or vulnerabilities.
Diff
diff --git a/AWSCloudFormation/latest/TemplateReference/aws-properties-wafv2-webacl-rulegroupreferencestatement.md b/AWSCloudFormation/latest/TemplateReference/aws-properties-wafv2-webacl-rulegroupreferencestatement.md index 02707749e..cf60dc2cb 100644 --- a//AWSCloudFormation/latest/TemplateReference/aws-properties-wafv2-webacl-rulegroupreferencestatement.md +++ b//AWSCloudFormation/latest/TemplateReference/aws-properties-wafv2-webacl-rulegroupreferencestatement.md @@ -78 +78 @@ Action settings to use in the place of the rule actions that are configured insi -Take care to verify the rule names in your overrides. If you provide a rule name that doesn't match the name of any rule in the rule group, AWS WAF doesn't return an error and doesn't apply the override setting. +Verify the rule names in your overrides carefully. With managed rule groups, AWS WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.