AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-06-19 · Documentation low

File: waf/latest/developerguide/waf-atp-deploying.md

Summary

Updated documentation to include references to 'protection pack' alongside 'web ACL' throughout the ATP deployment guide, added section about new console experience

Security assessment

Changes primarily involve terminology updates (adding 'protection pack' references) and console navigation instructions. While the ATP rule group itself is security-related, these documentation updates don't address specific vulnerabilities or add new security features. The modifications appear to reflect product naming changes rather than security improvements.

Diff

diff --git a/waf/latest/developerguide/waf-atp-deploying.md b/waf/latest/developerguide/waf-atp-deploying.md
index 8cadedfed..15cb92ffc 100644
--- a//waf/latest/developerguide/waf-atp-deploying.md
+++ b//waf/latest/developerguide/waf-atp-deploying.md
@@ -4,0 +5,4 @@
+**Introducing a new console experience for AWS WAF**
+
+You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). 
+
@@ -19 +23 @@ Before you deploy your ATP implementation for production traffic, test and tune
-AWS WAF provides test credentials that you can use to verify your ATP configuration. In the following procedure, you'll configure a test web ACL to use the ATP managed rule group, configure a rule to capture the label added by the rule group, and then run a login attempt using these test credentials. You'll verify that your web ACL has properly managed the attempt by checking the Amazon CloudWatch metrics for the login attempt. 
+AWS WAF provides test credentials that you can use to verify your ATP configuration. In the following procedure, you'll configure a test protection pack or web ACL to use the ATP managed rule group, configure a rule to capture the label added by the rule group, and then run a login attempt using these test credentials. You'll verify that your web ACL has properly managed the attempt by checking the Amazon CloudWatch metrics for the login attempt. 
@@ -21 +25 @@ AWS WAF provides test credentials that you can use to verify your ATP configurat
-This guidance is intended for users who know generally how to create and manage AWS WAF web ACLs, rules, and rule groups. Those topics are covered in prior sections of this guide. 
+This guidance is intended for users who know generally how to create and manage AWS WAF protection pack or web ACLs, rules, and rule groups. Those topics are covered in prior sections of this guide. 
@@ -33 +37 @@ You are charged additional fees when you use this managed rule group. For more i
-Add the AWS Managed Rules rule group `AWSManagedRulesATPRuleSet` to a new or existing web ACL and configure it so that it doesn't alter the current web ACL behavior. For details about the rules and labels for this rule group, see [AWS WAF Fraud Control account takeover prevention (ATP) rule group](./aws-managed-rule-groups-atp.html).
+Add the AWS Managed Rules rule group `AWSManagedRulesATPRuleSet` to a new or existing protection pack or web ACL and configure it so that it doesn't alter the current protection pack or web ACL behavior. For details about the rules and labels for this rule group, see [AWS WAF Fraud Control account takeover prevention (ATP) rule group](./aws-managed-rule-groups-atp.html).
@@ -37 +41 @@ Add the AWS Managed Rules rule group `AWSManagedRulesATPRuleSet` to a new or exi
-       * In the **Rule group configuration** pane, provide the details of your application's login page. The ATP rule group uses this information to monitor sign-in activities. For more information, see [Adding the ATP managed rule group to your web ACL](./waf-atp-rg-using.html).
+       * In the **Rule group configuration** pane, provide the details of your application's login page. The ATP rule group uses this information to monitor sign-in activities. For more information, see [Adding the ATP managed rule group to your protection pack or web ACL](./waf-atp-rg-using.html).
@@ -43 +47 @@ With this override, you can monitor the potential impact of the ATP managed rule
-     * Position the rule group so that it's evaluated after your existing rules in the web ACL, with a priority setting that's numerically higher than any rules or rule groups that you're already using. For more information, see [Setting rule priority in a web ACL](./web-acl-processing-order.html). 
+     * Position the rule group so that it's evaluated after your existing rules in the protection pack or web ACL, with a priority setting that's numerically higher than any rules or rule groups that you're already using. For more information, see [Setting rule priority](./web-acl-processing-order.html). 
@@ -47 +51 @@ This way, your current handling of traffic isn't disrupted. For example, if you
-  2. ###### Enable logging and metrics for the web ACL
+  2. ###### Enable logging and metrics for the protection pack or web ACL
@@ -49 +53 @@ This way, your current handling of traffic isn't disrupted. For example, if you
-As needed, configure logging, Amazon Security Lake data collection, request sampling, and Amazon CloudWatch metrics for the web ACL. You can use these visibility tools to monitor the interaction of the ATP managed rule group with your traffic. 
+As needed, configure logging, Amazon Security Lake data collection, request sampling, and Amazon CloudWatch metrics for the protection pack or web ACL. You can use these visibility tools to monitor the interaction of the ATP managed rule group with your traffic. 
@@ -51 +55 @@ As needed, configure logging, Amazon Security Lake data collection, request samp
-     * For information about configuring and using logging, see [Logging AWS WAF web ACL traffic](./logging.html). 
+     * For information about configuring and using logging, see [Logging AWS WAF protection pack or web ACL traffic](./logging.html). 
@@ -59 +63 @@ As needed, configure logging, Amazon Security Lake data collection, request samp
-  3. ###### Associate the web ACL with a resource
+  3. ###### Associate the protection pack or web ACL with a resource
@@ -61 +65 @@ As needed, configure logging, Amazon Security Lake data collection, request samp
-If the web ACL isn't already associated with a test resource, associate it. For information, see [Associating or disassociating a web ACL with an AWS resource](./web-acl-associating-aws-resource.html).
+If the protection pack or web ACL isn't already associated with a test resource, associate it. For information, see [Associating or disassociating protection with an AWS resource](./web-acl-associating-aws-resource.html).
@@ -79 +83 @@ These test credentials are categorized as compromised credentials, and the ATP m
-    2. In your web ACL logs, look for the `awswaf:managed:aws:atp:signal:credential_compromised` label in the `labels` field on the log entries for your test login web requests. For information about logging, see [Logging AWS WAF web ACL traffic](./logging.html). 
+    2. In your protection pack or web ACL logs, look for the `awswaf:managed:aws:atp:signal:credential_compromised` label in the `labels` field on the log entries for your test login web requests. For information about logging, see [Logging AWS WAF protection pack or web ACL traffic](./logging.html). 
@@ -91 +95 @@ After the first 6 failures, the volumetric failed login rule should start matchi
-    2. In your web ACL logs, look for the `awswaf:managed:aws:atp:aggregate:volumetric:ip:failed_login_response:high` label in the `labels` field on the log entries for your test login web requests. For information about logging, see [Logging AWS WAF web ACL traffic](./logging.html). 
+    2. In your protection pack or web ACL logs, look for the `awswaf:managed:aws:atp:aggregate:volumetric:ip:failed_login_response:high` label in the `labels` field on the log entries for your test login web requests. For information about logging, see [Logging AWS WAF protection pack or web ACL traffic](./logging.html). 
@@ -103 +107 @@ For example, you can use ATP labels to allow or block requests or to customize r
-Depending on your situation, you might have decided that you want to leave some ATP rules in count mode. For the rules that you want to run as configured inside the rule group, disable count mode in the web ACL rule group configuration. When you're finished testing, you can also remove your test label match rules.
+Depending on your situation, you might have decided that you want to leave some ATP rules in count mode. For the rules that you want to run as configured inside the rule group, disable count mode in the protection pack or web ACL rule group configuration. When you're finished testing, you can also remove your test label match rules.