AWS waf documentation change
Summary
Updated documentation to introduce 'protection pack' terminology alongside web ACLs, modified service quota explanations, and expanded Firewall Manager policy details
Security assessment
Changes primarily introduce terminology updates (protection packs) and clarify capacity unit calculations. No evidence of addressing vulnerabilities or security incidents. While WAF is security-related, these changes describe general feature enhancements rather than specific security fixes or new security capabilities.
Diff
diff --git a/waf/latest/developerguide/waf-migrating-why-migrate.md b/waf/latest/developerguide/waf-migrating-why-migrate.md index bb37115ad..4e2a7f42b 100644 --- a//waf/latest/developerguide/waf-migrating-why-migrate.md +++ b//waf/latest/developerguide/waf-migrating-why-migrate.md @@ -4,0 +5,4 @@ +**Introducing a new console experience for AWS WAF** + +You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). + @@ -19 +23 @@ In the APIs, SDKs, CLIs, and AWS CloudFormation, AWS WAF Classic retains its nam - * **Simplified service quotas (limits)** – AWS WAF now allows more rules per web ACL and allows you to express longer regex patterns. For more information, see [AWS WAF quotas](./limits.html). + * **Simplified service quotas (limits)** – AWS WAF now allows more rules per protection pack or web ACL and allows you to express longer regex patterns. For more information, see [AWS WAF quotas](./limits.html). @@ -21 +25 @@ In the APIs, SDKs, CLIs, and AWS CloudFormation, AWS WAF Classic retains its nam - * **Web ACL limits are now based on computing needs** – Web ACL limits are now based on web ACL capacity units (WCU). AWS WAF calculates the WCU for a rule according to the operating capacity that's required to run the rule. The WCU of a web ACL is the sum of the WCU of all rules and rule groups in the web ACL. + * **Computing needs determine capacity limits** – The limits for protection pack or web ACLs are now based on protection pack or web ACL capacity units (WCUs). AWS WAF calculates a rule's WCUs according to its required operating capacity. The total WCUs for a protection pack or web ACL equals the sum of WCUs from all its rules and rule groups. @@ -25 +29 @@ For general information about WCU, see [How AWS WAF works](./how-aws-waf-works.h - * **Document-based rule writing** – You can now write and express rules, rule groups, and web ACLs in JSON format. You no longer need to use individual API calls to create different conditions and then associate the conditions to a rule. This greatly simplifies how you write and maintain your code. You can access a JSON format of your web ACLs through the console when you're viewing the web ACL, by choosing **Download web ACL as JSON**. When you are creating your own rule, you can access its JSON representation by choosing **Rule JSON editor**. + * **Document-based rule writing** – You can now write and express rules, rule groups, and protection pack or web ACLs in JSON format. You no longer need to use individual API calls to create different conditions and then associate the conditions to a rule. This greatly simplifies how you write and maintain your code. You can access a JSON format of your protection pack or web ACLs through the console when you're viewing the protection pack or web ACL, by choosing **Download protection pack or web ACL as JSON**. When you are creating your own rule, you can access its JSON representation by choosing **Rule JSON editor**. @@ -37 +41 @@ For general information about WCU, see [How AWS WAF works](./how-aws-waf-works.h - * **Expanded options for Firewall Manager AWS WAF policies** – In the Firewall Manager management of AWS WAF web ACLs, you can now create a set of rule groups that AWS WAF processes first and a set of rule groups that AWS WAF processes last. After you apply the AWS WAF policy, local account owners can add their own rule groups that AWS WAF processes in between these two sets. For more information about Firewall Manager AWS WAF policies, see [Using AWS WAF policies with Firewall Manager](./waf-policies.html). + * **Expanded options for Firewall Manager AWS WAF policies** – In the Firewall Manager management of AWS WAF protection pack or web ACLs, you can now create a set of rule groups that AWS WAF processes first and a set of rule groups that AWS WAF processes last. After you apply the AWS WAF policy, local account owners can add their own rule groups that AWS WAF processes in between these two sets. For more information about Firewall Manager AWS WAF policies, see [Using AWS WAF policies with Firewall Manager](./waf-policies.html).