AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-06-19 · Documentation low

File: waf/latest/developerguide/logging-s3.md

Summary

Updated documentation to include 'protection pack' alongside 'web ACL' references throughout the logging configuration guide, added note about new console experience

Security assessment

The changes primarily expand existing logging documentation to include protection packs as a log source. While logging configuration impacts security visibility, there's no evidence this addresses a specific vulnerability. The updates appear to document feature expansion rather than resolve security flaws.

Diff

diff --git a/waf/latest/developerguide/logging-s3.md b/waf/latest/developerguide/logging-s3.md
index 6ab020e60..c68e19b9e 100644
--- a//waf/latest/developerguide/logging-s3.md
+++ b//waf/latest/developerguide/logging-s3.md
@@ -7 +7 @@ Naming requirements and syntaxPermissions for loggingPermissions for using AWS K
-# Sending web ACL traffic logs to an Amazon Simple Storage Service bucket
+**Introducing a new console experience for AWS WAF**
@@ -9 +9,5 @@ Naming requirements and syntaxPermissions for loggingPermissions for using AWS K
-This topic provides information for sending your web ACL traffic logs to an Amazon S3 bucket. 
+You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). 
+
+# Sending protection pack or web ACL traffic logs to an Amazon Simple Storage Service bucket
+
+This topic provides information for sending your protection pack or web ACL traffic logs to an Amazon S3 bucket. 
@@ -13 +17 @@ This topic provides information for sending your web ACL traffic logs to an Amaz
-You are charged for logging in addition to the charges for using AWS WAF. For information, see [Pricing for logging web ACL traffic information](./logging-pricing.html).
+You are charged for logging in addition to the charges for using AWS WAF. For information, see [Pricing for logging protection pack or web ACL traffic information](./logging-pricing.html).
@@ -15 +19 @@ You are charged for logging in addition to the charges for using AWS WAF. For in
-To send your web ACL traffic logs to Amazon S3, you set up an Amazon S3 bucket from the same account as you use to manage the web ACL, and you name the bucket starting with `aws-waf-logs-`. When you enable logging in AWS WAF, you provide the bucket name. For information about creating a logging bucket, see [Create a Bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/CreatingABucket.html) in the _Amazon Simple Storage Service User Guide_.
+To send your protection pack or web ACL traffic logs to Amazon S3, you set up an Amazon S3 bucket from the same account as you use to manage the protection pack or web ACL, and you name the bucket starting with `aws-waf-logs-`. When you enable logging in AWS WAF, you provide the bucket name. For information about creating a logging bucket, see [Create a Bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/CreatingABucket.html) in the _Amazon Simple Storage Service User Guide_.
@@ -23 +27 @@ AWS WAF supports encryption with Amazon S3 buckets for key type Amazon S3 key (S
-Web ACLs publish their log files to the Amazon S3 bucket at 5-minute intervals. Each log file contains log records for the traffic recorded in the previous 5 minutes.
+Log files from your protection pack or web ACL are published to the Amazon S3 bucket at 5-minute intervals. Each log file contains log records for the traffic recorded in the previous 5 minutes.
@@ -29 +33 @@ The log files are compressed. If you open the files using the Amazon S3 console,
-A single log file contains interleaved entries with multiple records. To see all the log files for a web ACL, look for entries aggregated by the web ACL name, Region, and your account ID.
+A single log file contains interleaved entries with multiple records. To see all the log files for a protection pack or web ACL, look for entries aggregated by the protection pack or web ACL name, Region, and your account ID.
@@ -66 +70 @@ The bucket locations with prefixes use the following syntax:
-Inside your buckets, and following any prefixes that you provide, your AWS WAF logs are written under a folder structure that's determined by your account ID, the Region, the web ACL name, and the date and time. 
+Inside your buckets, and following any prefixes that you provide, your AWS WAF logs are written under a folder structure that's determined by your account ID, the Region, the protection pack or web ACL name, and the date and time. 
@@ -78 +82 @@ The time specifications used in the folder structure and in the log file name ad
-The following shows an example log file in an Amazon S3 bucket for a bucket named `aws-waf-logs-`LOGGING-BUCKET-SUFFIX``. The AWS account is `11111111111`. The web ACL is `TEST-WEBACL` and the Region is `us-east-1`.
+The following shows an example log file in an Amazon S3 bucket for a bucket named `aws-waf-logs-`LOGGING-BUCKET-SUFFIX``. The AWS account is `11111111111`. The protection pack or web ACL is `TEST-WEBACL` and the Region is `us-east-1`.
@@ -89 +93 @@ Your bucket names for AWS WAF logging must start with `aws-waf-logs-` and can en
-Configuring web ACL traffic logging for an Amazon S3 bucket requires the following permissions settings. These permissions are set for you when you use one of the AWS WAF full access managed policies, `AWSWAFConsoleFullAccess` or `AWSWAFFullAccess`. If you want to further manage access to your logging and AWS WAF resources, you can set these permissions yourself. For information about managing permissions, see [Access management for AWS resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) in the _IAM User Guide_. For information about the AWS WAF managed policies, see [AWS managed policies for AWS WAF](./security-iam-awsmanpol.html). 
+Configuring protection pack or web ACL traffic logging for an Amazon S3 bucket requires the following permissions settings. These permissions are set for you when you use one of the AWS WAF full access managed policies, `AWSWAFConsoleFullAccess` or `AWSWAFFullAccess`. If you want to further manage access to your logging and AWS WAF resources, you can set these permissions yourself. For information about managing permissions, see [Access management for AWS resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) in the _IAM User Guide_. For information about the AWS WAF managed policies, see [AWS managed policies for AWS WAF](./security-iam-awsmanpol.html). 
@@ -91 +95 @@ Configuring web ACL traffic logging for an Amazon S3 bucket requires the followi
-The following permissions allow you to change the web ACL logging configuration and to configure log delivery to your Amazon S3 bucket. These permissions must be attached to the user that you use to manage AWS WAF. 
+The following permissions allow you to change the protection pack or web ACL logging configuration and to configure log delivery to your Amazon S3 bucket. These permissions must be attached to the user that you use to manage AWS WAF.