AWS waf documentation change
Summary
Updated documentation to include 'protection packs' alongside web ACLs throughout the content, introduced new console experience references
Security assessment
Changes introduce documentation for protection packs as a new security organizational unit in AWS WAF, but there's no evidence of addressing specific vulnerabilities. The updates expand security configuration options rather than patching issues.
Diff
diff --git a/waf/latest/developerguide/waf-rule-group-using.md b/waf/latest/developerguide/waf-rule-group-using.md index 9d5e7e52c..f3ae990d2 100644 --- a//waf/latest/developerguide/waf-rule-group-using.md +++ b//waf/latest/developerguide/waf-rule-group-using.md @@ -5 +5 @@ -# Using your rule group in a web ACL +**Introducing a new console experience for AWS WAF** @@ -7 +7,5 @@ -To use a rule group in a web ACL, you add it to the web ACL in a rule group reference statement. +You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). + +# Using your rule group in a protection pack or web ACL + +To use a rule group in a protection pack or web ACL, you add it to the protection pack or web ACL in a rule group reference statement. @@ -11 +15 @@ To use a rule group in a web ACL, you add it to the web ACL in a rule group refe -Before you deploy changes in your web ACL for production traffic, test and tune them in a staging or testing environment until you are comfortable with the potential impact to your traffic. Then test and tune your updated rules in count mode with your production traffic before enabling them. For guidance, see [Testing and tuning your AWS WAF protections](./web-acl-testing.html). +Before you deploy changes in your protection pack or web ACL for production traffic, test and tune them in a staging or testing environment until you are comfortable with the potential impact to your traffic. Then test and tune your updated rules in count mode with your production traffic before enabling them. For guidance, see [Testing and tuning your AWS WAF protections](./web-acl-testing.html). @@ -15 +19 @@ Before you deploy changes in your web ACL for production traffic, test and tune -Using more than 1,500 WCUs in a web ACL incurs costs beyond the basic web ACL price. For more information, see [Web ACL capacity units (WCUs) in AWS WAF](./aws-waf-capacity-units.html) and [AWS WAF Pricing](https://aws.amazon.com/waf/pricing/). +Using more than 1,500 WCUs in a protection pack or web ACL incurs costs beyond the basic protection pack or web ACL price. For more information, see [Web ACL capacity units (WCUs) in AWS WAF](./aws-waf-capacity-units.html) and [AWS WAF Pricing](https://aws.amazon.com/waf/pricing/). @@ -32 +36 @@ Using more than 1,500 WCUs in a web ACL incurs costs beyond the basic web ACL pr -In your web ACL, you can alter the behavior of a rule group and its rules by setting the individual rule actions to Count or any other action. This can help you do things like test a rule group, identify false positives from rules in a rule group, and customize how a managed rule group handles your requests. For more information, see [Overriding rule group actions in AWS WAF](./web-acl-rule-group-override-options.html). +In your protection pack or web ACL, you can alter the behavior of a rule group and its rules by setting the individual rule actions to Count or any other action. This can help you do things like test a rule group, identify false positives from rules in a rule group, and customize how a managed rule group handles your requests. For more information, see [Overriding rule group actions in AWS WAF](./web-acl-rule-group-override-options.html). @@ -34 +38 @@ In your web ACL, you can alter the behavior of a rule group and its rules by set -If your rule group contains a rate-based statement, each web ACL where you use the rule group has its own separate rate tracking and management for the rate-based rule, independent of any other web ACL where you use the rule group. For more information, see [Using rate-based rule statements in AWS WAF](./waf-rule-statement-type-rate-based.html). +If your rule group contains a rate-based statement, each protection pack or web ACL where you use the rule group has its own separate rate tracking and management for the rate-based rule, independent of any other protection pack or web ACL where you use the rule group. For more information, see [Using rate-based rule statements in AWS WAF](./waf-rule-statement-type-rate-based.html). @@ -38 +42 @@ If your rule group contains a rate-based statement, each web ACL where you use t -When you create or change a web ACL or other AWS WAF resources, the changes take a small amount of time to propagate to all areas where the resources are stored. The propagation time can be from a few seconds to a number of minutes. +When you create or change a protection pack or web ACL or other AWS WAF resources, the changes take a small amount of time to propagate to all areas where the resources are stored. The propagation time can be from a few seconds to a number of minutes. @@ -42 +46 @@ The following are examples of the temporary inconsistencies that you might notic - * After you create a web ACL, if you try to associate it with a resource, you might get an exception indicating that the web ACL is unavailable. + * After you create a protection pack or web ACL, if you try to associate it with a resource, you might get an exception indicating that the protection pack or web ACL is unavailable. @@ -44 +48 @@ The following are examples of the temporary inconsistencies that you might notic - * After you add a rule group to a web ACL, the new rule group rules might be in effect in one area where the web ACL is used and not in another. + * After you add a rule group to a protection pack or web ACL, the new rule group rules might be in effect in one area where the protection pack or web ACL is used and not in another.