AWS waf documentation change
Summary
Added references to protection packs in deletion dependency checks and introduced new console experience documentation
Security assessment
The changes emphasize checking protection pack dependencies when deleting security entities to prevent accidental removal of active security controls. While this improves operational security practices, there's no evidence of addressing a specific vulnerability.
Diff
diff --git a/waf/latest/developerguide/waf-rule-group-deleting.md b/waf/latest/developerguide/waf-rule-group-deleting.md index 9e13a5b45..ea0e86c02 100644 --- a//waf/latest/developerguide/waf-rule-group-deleting.md +++ b//waf/latest/developerguide/waf-rule-group-deleting.md @@ -4,0 +5,4 @@ +**Introducing a new console experience for AWS WAF** + +You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). + @@ -11 +15 @@ Follow the guidance in this section to delete a rule group. -When you delete an entity that you can use in a web ACL, like an IP set, regex pattern set, or rule group, AWS WAF checks to see if the entity is currently being used in a web ACL. If it finds that it is in use, AWS WAF warns you. AWS WAF is almost always able to determine if an entity is being referenced by a web ACL. However, in rare cases it might not be able to do so. If you need to be sure that nothing is currently using the entity, check for it in your web ACLs before deleting it. If the entity is a referenced set, also check that no rule groups are using it. +When you delete an entity that you can use in a protection pack or web ACL, like an IP set, regex pattern set, or rule group, AWS WAF checks to see if the entity is currently being used in a protection pack or web ACL. If it finds that it is in use, AWS WAF warns you. AWS WAF is almost always able to determine if an entity is being referenced by a protection pack or web ACL. However, in rare cases it might not be able to do so. If you need to be sure that nothing is currently using the entity, check for it in your protection pack or web ACLs before deleting it. If the entity is a referenced set, also check that no rule groups are using it. @@ -34 +38 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Using your rule group in a web ACL +Using your rule group in a protection pack or web ACL