AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-06-19 · Documentation medium

File: waf/latest/developerguide/limits.md

Summary

Added console announcement and updated quota references to include 'protection pack' terminology

Security assessment

The changes introduce 'protection pack' terminology across multiple quota limits, indicating documentation of a new security-related resource type. While not addressing vulnerabilities, this adds documentation about security feature capabilities.

Diff

diff --git a/waf/latest/developerguide/limits.md b/waf/latest/developerguide/limits.md
index 950a9699f..d3e13dd20 100644
--- a//waf/latest/developerguide/limits.md
+++ b//waf/latest/developerguide/limits.md
@@ -4,0 +5,4 @@
+**Introducing a new console experience for AWS WAF**
+
+You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). 
+
@@ -17 +21 @@ Resource | Default quota per account per Region
-Maximum number of web ACLs |  100  
+Maximum number of protection pack or web ACLs |  100  
@@ -20,5 +24,5 @@ Maximum number of IP sets  |  100
-Maximum number of requests per second per web ACL  |  100,000  
-Maximum number of custom request headers per web ACL or rule group | 100  
-Maximum number of custom response headers per web ACL or rule group | 100  
-Maximum number of custom response bodies per web ACL or rule group | 50  
-Maximum number of token domains in a web ACL token domain list | 10  
+Maximum number of requests per second per protection pack or web ACL  |  100,000  
+Maximum number of custom request headers per protection pack or web ACL or rule group | 100  
+Maximum number of custom response headers per protection pack or web ACL or rule group | 100  
+Maximum number of custom response bodies per protection pack or web ACL or rule group | 50  
+Maximum number of token domains in a protection pack or web ACL token domain list | 10  
@@ -33 +37 @@ Resource | Quota per account per Region
-Maximum web ACL capacity units (WCUs) per web ACL* |  5,000  
+Maximum protection pack or web ACL capacity units (WCUs) per protection pack or web ACL* |  5,000  
@@ -36 +40 @@ Maximum number of reference statements per rule group. In a rule group, a refere
-Maximum number of reference statements per web ACL. In a web ACL, a reference statement can reference a rule group, an IP set, or a regex pattern set. |  50  
+Maximum number of reference statements per protection pack or web ACL. In a protection pack or web ACL, a reference statement can reference a rule group, an IP set, or a regex pattern set. |  50  
@@ -38 +42 @@ Maximum number of IP addresses in CIDR notation per IP set |  10,000
-Maximum number of rate-based rules per web ACL  |  10  
+Maximum number of rate-based rules per protection pack or web ACL  |  10  
@@ -51 +55 @@ Maximum number of custom headers for a single custom request definition |  10
-Maximum combined size of all response body content for a single rule group or a single web ACL |  50 KB  
+Maximum combined size of all response body content for a single rule group or a single protection pack or web ACL |  50 KB  
@@ -53 +57 @@ Maximum combined size of all response body content for a single rule group or a
-*Using more than 1,500 WCUs in a web ACL incurs costs beyond the basic web ACL price. For more information, see [Web ACL capacity units (WCUs) in AWS WAF](./aws-waf-capacity-units.html) and [AWS WAF Pricing](https://aws.amazon.com/waf/pricing/).
+*Using more than 1,500 WCUs in a protection pack or web ACL incurs costs beyond the basic protection pack or web ACL price. For more information, see [Web ACL capacity units (WCUs) in AWS WAF](./aws-waf-capacity-units.html) and [AWS WAF Pricing](https://aws.amazon.com/waf/pricing/).
@@ -55 +59 @@ Maximum combined size of all response body content for a single rule group or a
-**By default, the body inspection limit is set to 16 KB for CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access resources, but you can increase this for any of these resources in your web ACL configuration, up to the listed maximum. For more information, see [Managing body inspection size limits for AWS WAF](./web-acl-setting-body-inspection-limit.html).
+**By default, the body inspection limit is set to 16 KB for CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access resources, but you can increase this for any of these resources in your protection pack or web ACL configuration, up to the listed maximum. For more information, see [Managing body inspection size limits for AWS WAF](./web-acl-setting-body-inspection-limit.html).