AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-06-19 · Documentation low

File: waf/latest/developerguide/waf-atp-components.md

Summary

Updated documentation to include references to 'protection pack' alongside 'web ACL' in multiple sections, and added a note about the new console experience.

Security assessment

The changes primarily expand existing security documentation by incorporating 'protection pack' as a new deployment option for the AWSManagedRulesATPRuleSet. This rule group is part of AWS WAF's Fraud Control account takeover prevention (ATP), which is inherently a security feature. However, there is no evidence of a specific security vulnerability being addressed; the updates focus on usability and expanded deployment options rather than patching weaknesses.

Diff

diff --git a/waf/latest/developerguide/waf-atp-components.md b/waf/latest/developerguide/waf-atp-components.md
index 94227773a..f68ecd120 100644
--- a//waf/latest/developerguide/waf-atp-components.md
+++ b//waf/latest/developerguide/waf-atp-components.md
@@ -4,0 +5,4 @@
+**Introducing a new console experience for AWS WAF**
+
+You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). 
+
@@ -9 +13 @@ The primary components of AWS WAF Fraud Control account takeover prevention (ATP
-  * **`AWSManagedRulesATPRuleSet`** – The rules in this AWS Managed Rules rule group detect, label, and handle various types of account takeover activity. The rule group inspects HTTP `POST` web requests that clients send to the specified login endpoint. For protected CloudFront distributions, the rule group also inspects the responses that the distribution sends back to these requests. For a list of the rule group's rules, see [AWS WAF Fraud Control account takeover prevention (ATP) rule group](./aws-managed-rule-groups-atp.html). You include this rule group in your web ACL using a managed rule group reference statement. For information about using this rule group, see [Adding the ATP managed rule group to your web ACL](./waf-atp-rg-using.html). 
+  * **`AWSManagedRulesATPRuleSet`** – The rules in this AWS Managed Rules rule group detect, label, and handle various types of account takeover activity. The rule group inspects HTTP `POST` web requests that clients send to the specified login endpoint. For protected CloudFront distributions, the rule group also inspects the responses that the distribution sends back to these requests. For a list of the rule group's rules, see [AWS WAF Fraud Control account takeover prevention (ATP) rule group](./aws-managed-rule-groups-atp.html). You include this rule group in your protection pack or web ACL using a managed rule group reference statement. For information about using this rule group, see [Adding the ATP managed rule group to your protection pack or web ACL](./waf-atp-rg-using.html). 
@@ -15 +19 @@ You are charged additional fees when you use this managed rule group. For more i
-  * **Details about your application's login page** – You must provide information about your login page when you add the `AWSManagedRulesATPRuleSet` rule group to your web ACL. This lets the rule group narrow the scope of the requests it inspects and properly validate credentials usage in web requests. The ATP rule group works with usernames that are in email format. For more information, see [Adding the ATP managed rule group to your web ACL](./waf-atp-rg-using.html). 
+  * **Details about your application's login page** – You must provide information about your login page when you add the `AWSManagedRulesATPRuleSet` rule group to your protection pack or web ACL. This lets the rule group narrow the scope of the requests it inspects and properly validate credentials usage in web requests. The ATP rule group works with usernames that are in email format. For more information, see [Adding the ATP managed rule group to your protection pack or web ACL](./waf-atp-rg-using.html). 
@@ -17 +21 @@ You are charged additional fees when you use this managed rule group. For more i
-  * **For protected CloudFront distributions, details about how your application responds to login attempts** – You provide details about your application's responses to login attempts, and the rule group tracks and manages clients that are sending too many failed login attempts. For information about configuring this option, see [Adding the ATP managed rule group to your web ACL](./waf-atp-rg-using.html). 
+  * **For protected CloudFront distributions, details about how your application responds to login attempts** – You provide details about your application's responses to login attempts, and the rule group tracks and manages clients that are sending too many failed login attempts. For information about configuring this option, see [Adding the ATP managed rule group to your protection pack or web ACL](./waf-atp-rg-using.html). 
@@ -26 +30 @@ You can combine your ATP implementation with the following to help you monitor,
-  * **Logging and metrics** – You can monitor your traffic, and understand how the ACFP managed rule group affects it, by configuring and enabling logs, Amazon Security Lake data collection, and Amazon CloudWatch metrics for your web ACL. The labels that `AWSManagedRulesATPRuleSet` adds to your web requests are included in the data. For information about the options, see [Logging AWS WAF web ACL traffic](./logging.html), [Monitoring with Amazon CloudWatch](./monitoring-cloudwatch.html), and [What is Amazon Security Lake?](https://docs.aws.amazon.com/security-lake/latest/userguide/what-is-security-lake.html).
+  * **Logging and metrics** – You can monitor your traffic, and understand how the ACFP managed rule group affects it, by configuring and enabling logs, Amazon Security Lake data collection, and Amazon CloudWatch metrics for your protection pack or web ACL. The labels that `AWSManagedRulesATPRuleSet` adds to your web requests are included in the data. For information about the options, see [Logging AWS WAF protection pack or web ACL traffic](./logging.html), [Monitoring with Amazon CloudWatch](./monitoring-cloudwatch.html), and [What is Amazon Security Lake?](https://docs.aws.amazon.com/security-lake/latest/userguide/what-is-security-lake.html).