AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-06-19 · Documentation low

File: waf/latest/developerguide/waf-atp-rg-using.md

Summary

Updated documentation to reference 'protection pack or web ACL' instead of 'web ACL' throughout, added section about new console experience

Security assessment

Changes primarily update terminology to include 'protection pack' alongside web ACL references and add UI documentation. No security vulnerabilities or new security features are mentioned. The ATP rule group documentation updates are organizational/terminology changes.

Diff

diff --git a/waf/latest/developerguide/waf-atp-rg-using.md b/waf/latest/developerguide/waf-atp-rg-using.md
index e6e7b0aa9..153468d0c 100644
--- a//waf/latest/developerguide/waf-atp-rg-using.md
+++ b//waf/latest/developerguide/waf-atp-rg-using.md
@@ -5 +5,5 @@
-# Adding the ATP managed rule group to your web ACL
+**Introducing a new console experience for AWS WAF**
+
+You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). 
+
+# Adding the ATP managed rule group to your protection pack or web ACL
@@ -17 +21 @@ The ATP stolen credentials database only contains usernames in email format.
-This guidance is intended for users who know generally how to create and manage AWS WAF web ACLs, rules, and rule groups. Those topics are covered in prior sections of this guide. For basic information about how to add a managed rule group to your web ACL, see [Adding a managed rule group to a web ACL through the console](./waf-using-managed-rule-group.html).
+This guidance is intended for users who know generally how to create and manage AWS WAF protection pack or web ACLs, rules, and rule groups. Those topics are covered in prior sections of this guide. For basic information about how to add a managed rule group to your protection pack or web ACL, see [Adding a managed rule group to a protection pack or web ACL through the console](./waf-using-managed-rule-group.html).
@@ -23 +27 @@ Use the ATP rule group in accordance with the best practices at [Best practices
-###### To use the `AWSManagedRulesATPRuleSet` rule group in your web ACL
+###### To use the `AWSManagedRulesATPRuleSet` rule group in your protection pack or web ACL
@@ -25 +29 @@ Use the ATP rule group in accordance with the best practices at [Best practices
-  1. Add the AWS managed rule group, `AWSManagedRulesATPRuleSet` to your web ACL, and **Edit** the rule group settings before saving. 
+  1. Add the AWS managed rule group, `AWSManagedRulesATPRuleSet` to your protection pack or web ACL, and **Edit** the rule group settings before saving. 
@@ -66 +70 @@ For example, for an HTML form with input elements named `username1` and `passwor
-ATP response inspection is available only in web ACLs that protect CloudFront distributions.
+ATP response inspection is available only in protection pack or web ACLs that protect CloudFront distributions.
@@ -82 +86 @@ You can further limit the scope of requests that the rule group inspects by addi
-  4. Save your changes to the web ACL. 
+  4. Save your changes to the protection pack or web ACL.