AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-06-19 · Documentation low

File: waf/latest/developerguide/waf-data-protection-and-logging.md

Summary

Added information about new console experience and updated references from 'web ACL' to 'protection pack or web ACL' throughout document. Expanded documentation to include protection packs alongside web ACLs for logging, data protection, and Security Lake integration.

Security assessment

The changes expand existing security documentation to include 'protection packs' alongside web ACLs, describing how they handle logging and data protection features like field redaction and cryptographic hashing. While these are security-related features, there's no evidence of addressing a specific vulnerability or incident.

Diff

diff --git a/waf/latest/developerguide/waf-data-protection-and-logging.md b/waf/latest/developerguide/waf-data-protection-and-logging.md
index 3f9b470fb..165f0eb40 100644
--- a//waf/latest/developerguide/waf-data-protection-and-logging.md
+++ b//waf/latest/developerguide/waf-data-protection-and-logging.md
@@ -5 +5,5 @@
-# Data protection and logging for AWS WAF web ACL traffic
+**Introducing a new console experience for AWS WAF**
+
+You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). 
+
+# Data protection and logging for AWS WAF protection pack or web ACL traffic
@@ -9 +13 @@ This section explains the data logging, collection, and protection options that
-  * **Logging** – You can configure your web ACL to send logs for web request traffic to a logging destination of your choice. You can configure field redaction and filtering for this choice. Logging uses the data that's available after any data protection setting are applied. 
+  * **Logging** – You can configure your protection pack or web ACL to send logs for web request traffic to a logging destination of your choice. You can configure field redaction and filtering for this choice. Logging uses the data that's available after any data protection setting are applied. 
@@ -11 +15 @@ This section explains the data logging, collection, and protection options that
-For information about this option, see [Logging AWS WAF web ACL traffic](./logging.html). 
+For information about this option, see [Logging AWS WAF protection pack or web ACL traffic](./logging.html). 
@@ -13 +17 @@ For information about this option, see [Logging AWS WAF web ACL traffic](./loggi
-  * **Request sampling** – You can configure your web ACL to sample the web requests that it evaluates, to get an idea of the type of traffic that your application is receiving. Request sampling uses the data that's available after any data protection settings are applied. 
+  * **Request sampling** – You can configure your protection pack or web ACL to sample the web requests that it evaluates, to get an idea of the type of traffic that your application is receiving. Request sampling uses the data that's available after any data protection settings are applied. 
@@ -17 +21 @@ For information about this option, see [Viewing a sample of web requests](./web-
-  * **Amazon Security Lake** – You can configure Security Lake to collect web ACL data. Security Lake collects log and event data from various AWS sources for normalization, analysis, and management. Security Lake collects from the data that's available after any data protection settings are applied. 
+  * **Amazon Security Lake** – You can configure Security Lake to collect protection pack or web ACL data. Security Lake collects log and event data from various AWS sources for normalization, analysis, and management. Security Lake collects from the data that's available after any data protection settings are applied. 
@@ -25 +29 @@ AWS WAF doesn't charge you for using this option. For pricing information, see [
-    * **Data protection for the web ACL** – You can configure data protection for each web ACL, which enables you to substitute certain web traffic data with static strings or cryptographic hashing. Data protection at this level can be configured centrally, and applies across all logging and data collection options.
+    * **Data protection for the protection pack or web ACL** – You can configure data protection for each protection pack or web ACL, which enables you to substitute certain web traffic data with static strings or cryptographic hashing. Data protection at this level can be configured centrally, and applies across all logging and data collection options.
@@ -36 +40 @@ For information about this option, see [Data protection](./data-protection-maski
-  * [Logging AWS WAF web ACL traffic](./logging.html)
+  * [Logging AWS WAF protection pack or web ACL traffic](./logging.html)