AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-06-19 · Documentation low

File: waf/latest/developerguide/waf-anti-ddos-deploying.md

Summary

Updated documentation to include references to 'protection pack' alongside web ACLs throughout the anti-DDoS deployment guide, and added note about new console experience

Security assessment

The changes primarily update terminology to include 'protection pack' references in security configuration contexts, but don't address any specific vulnerabilities. The documentation updates relate to security features (anti-DDoS configurations) but don't indicate remediation of existing security issues. The new console experience mention is a usability improvement.

Diff

diff --git a/waf/latest/developerguide/waf-anti-ddos-deploying.md b/waf/latest/developerguide/waf-anti-ddos-deploying.md
index 230ca6aee..bc910c4d4 100644
--- a//waf/latest/developerguide/waf-anti-ddos-deploying.md
+++ b//waf/latest/developerguide/waf-anti-ddos-deploying.md
@@ -4,0 +5,4 @@
+**Introducing a new console experience for AWS WAF**
+
+You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). 
+
@@ -19 +23 @@ Test and tune your anti-DDoS implementation in a staging or testing environment
-This guidance is intended for users who know generally how to create and manage AWS WAF web ACLs, rules, and rule groups. Those topics are covered in prior sections of this guide. 
+This guidance is intended for users who know generally how to create and manage AWS WAF protection pack or web ACLs, rules, and rule groups. Those topics are covered in prior sections of this guide. 
@@ -31 +35 @@ You are charged additional fees when you use this managed rule group. For more i
-Add the AWS Managed Rules rule group `AWSManagedRulesAntiDDoSRuleSet` to a new or existing web ACL and configure it so that it doesn't alter the current web ACL behavior. For details about the rules and labels for this rule group, see [AWS WAF Distributed Denial of Service (DDoS) prevention rule group](./aws-managed-rule-groups-anti-ddos.html).
+Add the AWS Managed Rules rule group `AWSManagedRulesAntiDDoSRuleSet` to a new or existing protection pack or web ACL and configure it so that it doesn't alter the current protection pack or web ACL behavior. For details about the rules and labels for this rule group, see [AWS WAF Distributed Denial of Service (DDoS) prevention rule group](./aws-managed-rule-groups-anti-ddos.html).
@@ -35 +39 @@ Add the AWS Managed Rules rule group `AWSManagedRulesAntiDDoSRuleSet` to a new o
-       * In the **Rule group configuration** pane, provide the details needed to perform anti-DDoS activities for your web traffic. For more information, see [Adding the Anti-DDoS managed rule group to your web ACL](./waf-anti-ddos-rg-using.html).
+       * In the **Rule group configuration** pane, provide the details needed to perform anti-DDoS activities for your web traffic. For more information, see [Adding the Anti-DDoS managed rule group to your protection pack or web ACL](./waf-anti-ddos-rg-using.html).
@@ -41 +45 @@ With this override, you can monitor the potential impact of the Anti-DDoS manage
-     * Position the rule group so that it's evaluated as early as possible, immediately after any rules that allow traffic. Rules are evaluated in ascending numeric priority order. The console sets the order for you, starting at the top of your rule list. For more information, see [Setting rule priority in a web ACL](./web-acl-processing-order.html). 
+     * Position the rule group so that it's evaluated as early as possible, immediately after any rules that allow traffic. Rules are evaluated in ascending numeric priority order. The console sets the order for you, starting at the top of your rule list. For more information, see [Setting rule priority](./web-acl-processing-order.html). 
@@ -43 +47 @@ With this override, you can monitor the potential impact of the Anti-DDoS manage
-  2. ###### Enable logging and metrics for the web ACL
+  2. ###### Enable logging and metrics for the protection pack or web ACL
@@ -45 +49 @@ With this override, you can monitor the potential impact of the Anti-DDoS manage
-As needed, configure logging, Amazon Security Lake data collection, request sampling, and Amazon CloudWatch metrics for the web ACL. You can use these visibility tools to monitor the interaction of the Anti-DDoS managed rule group with your traffic. 
+As needed, configure logging, Amazon Security Lake data collection, request sampling, and Amazon CloudWatch metrics for the protection pack or web ACL. You can use these visibility tools to monitor the interaction of the Anti-DDoS managed rule group with your traffic. 
@@ -47 +51 @@ As needed, configure logging, Amazon Security Lake data collection, request samp
-     * For information about configuring and using logging, see [Logging AWS WAF web ACL traffic](./logging.html). 
+     * For information about configuring and using logging, see [Logging AWS WAF protection pack or web ACL traffic](./logging.html). 
@@ -55 +59 @@ As needed, configure logging, Amazon Security Lake data collection, request samp
-  3. ###### Associate the web ACL with a resource
+  3. ###### Associate the protection pack or web ACL with a resource
@@ -57 +61 @@ As needed, configure logging, Amazon Security Lake data collection, request samp
-If the web ACL isn't already associated with a test resource, associate it. For information, see [Associating or disassociating a web ACL with an AWS resource](./web-acl-associating-aws-resource.html).
+If the protection pack or web ACL isn't already associated with a test resource, associate it. For information, see [Associating or disassociating protection with an AWS resource](./web-acl-associating-aws-resource.html).
@@ -71 +75 @@ For example, you can use Anti-DDoS labels to allow or block requests or to custo
-Review your testing results to determine which Anti-DDoS rules you want to keep in count mode for monitoring only. For any rules you want to run with active protection, disable count mode in the web ACL rule group configuration to allow them to perform their configured actions. Once you've finalized these settings, remove any temporary test label match rules while retaining any custom rules you created for production use. For additional Anti-DDoS configuration considerations, see [Best practices for intelligent threat mitigation in AWS WAF](./waf-managed-protections-best-practices.html).
+Review your testing results to determine which Anti-DDoS rules you want to keep in count mode for monitoring only. For any rules you want to run with active protection, disable count mode in the protection pack or web ACL rule group configuration to allow them to perform their configured actions. Once you've finalized these settings, remove any temporary test label match rules while retaining any custom rules you created for production use. For additional Anti-DDoS configuration considerations, see [Best practices for intelligent threat mitigation in AWS WAF](./waf-managed-protections-best-practices.html).
@@ -86 +90 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Adding the Anti-DDoS managed rule group to your web ACL
+Adding the Anti-DDoS managed rule group to your protection pack or web ACL