AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-06-13 · Documentation low

File: waf/latest/developerguide/web-acl-creating.md

Summary

Updated console URL and added note about automatic DDoS protection when associating ALB

Security assessment

Added documentation about enabling resource-level DDoS protection through AntiDDoSRuleSet, which describes a security feature but does not indicate a security issue fix.

Diff

diff --git a/waf/latest/developerguide/web-acl-creating.md b/waf/latest/developerguide/web-acl-creating.md
index aa77b0cc5..e1aec7e5c 100644
--- a//waf/latest/developerguide/web-acl-creating.md
+++ b//waf/latest/developerguide/web-acl-creating.md
@@ -21 +21 @@ Using more than 1,500 WCUs in a web ACL incurs costs beyond the basic web ACL pr
-  1. Sign in to the AWS Management Console and open the AWS WAF console at [https://console.aws.amazon.com/wafv2/](https://console.aws.amazon.com/wafv2/). 
+  1. Sign in to the AWS Management Console and open the AWS WAF console at [https://console.aws.amazon.com/wafv2/homev2](https://console.aws.amazon.com/wafv2/homev2). 
@@ -48,0 +49,4 @@ You only need to choose this option for Regional resource types. For CloudFront
+###### Note
+
+When you choose to associate an Application Load Balancer with your webACL, **Resource-level DDoS protection** is enabled. For more information, see [AWS WAF Distributed Denial of Service (DDoS) prevention](./waf-anti-ddos.html).
+