AWS waf documentation change
Summary
Added new console experience notice and updated migration caveats to include 'protection pack or' terminology throughout
Security assessment
Changes primarily involve terminology updates (adding 'protection pack or' qualifiers) and UI notifications. The logging disabled note explains existing migration behavior but doesn't address a new vulnerability. No evidence of security vulnerability remediation or new security features added.
Diff
diff --git a/waf/latest/developerguide/waf-migrating-caveats.md b/waf/latest/developerguide/waf-migrating-caveats.md index afe620c56..3c7624595 100644 --- a//waf/latest/developerguide/waf-migrating-caveats.md +++ b//waf/latest/developerguide/waf-migrating-caveats.md @@ -4,0 +5,4 @@ +**Introducing a new console experience for AWS WAF** + +You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). + @@ -7 +11 @@ -The migration only handles web ACL configurations, and the web ACL migration doesn't bring over all settings exactly as you have them in AWS WAF Classic. Some configuration items require manual configuration in AWS WAF (v2). A few things don't map exactly between the two versions, and you'll need to decide how you want to configure the functionality in AWS WAF (v2). Some settings, like the web ACL's associations with AWS resources, are disabled initially in the new version so you can add them when you're ready. +The migration only handles protection pack or web ACL configurations, and the protection pack or web ACL migration doesn't bring over all settings exactly as you have them in AWS WAF Classic. Some configuration items require manual configuration in AWS WAF (v2). A few things don't map exactly between the two versions, and you'll need to decide how you want to configure the functionality in AWS WAF (v2). Some settings, like the protection pack or web ACL's associations with AWS resources, are disabled initially in the new version so you can add them when you're ready. @@ -13 +17 @@ The following list describes the caveats of the migration and describes any step - * **Web ACL configurations only** – The migration only migrates web ACLs and resources that the web ACLs are using. To migrate a resource, such as a rule group or IP set, that's not used by any migrated web ACL, manually create the resource in AWS WAF (v2). + * **Only protection pack or web ACL configurations** – The migration only migrates protection pack or web ACLs and resources that the protection pack or web ACLs are using. To migrate a resource, such as a rule group or IP set, that's not used by any migrated web ACL, manually create the resource in AWS WAF (v2). @@ -17 +21 @@ The following list describes the caveats of the migration and describes any step - * **No web ACL associations** – The migration doesn't bring over any associations between the web ACL and protected resources. This is by design, to avoid affecting your production workload. After you verify that everything is migrated correctly, associate the new web ACL with your resources. + * **No protection pack or web ACL associations** – The migration doesn't bring over any associations between the protection pack or web ACL and protected resources. This is by design, to avoid affecting your production workload. After you verify that everything is migrated correctly, associate the new protection pack or web ACL with your resources. @@ -19 +23 @@ The following list describes the caveats of the migration and describes any step - * **Logging disabled** – Logging for the migrated web ACL is disabled by default. This is by design. Enable logging when you are ready to switch over from AWS WAF Classic to AWS WAF. + * **Logging disabled** – Logging for the migrated protection pack or web ACL is disabled by default. This is by design. Enable logging when you are ready to switch over from AWS WAF Classic to AWS WAF. @@ -21 +25 @@ The following list describes the caveats of the migration and describes any step - * **No AWS Firewall Manager rule groups** – The migration doesn't handle rule groups that are managed by Firewall Manager. You can migrate a web ACL that's managed by Firewall Manager, but the migration doesn't bring over the rule group. Instead of using the migration tool for these web ACLs, recreate the policy for the new AWS WAF in Firewall Manager. + * **No AWS Firewall Manager rule groups** – The migration doesn't handle rule groups that are managed by Firewall Manager. You can migrate a protection pack or web ACL that's managed by Firewall Manager, but the migration doesn't bring over the rule group. Instead of using the migration tool for these protection pack or web ACLs, recreate the policy for the new AWS WAF in Firewall Manager.