AWS waf documentation change
Summary
Added documentation about new console experience and expanded references to include 'protection pack' alongside web ACLs in multiple sections
Security assessment
The changes introduce references to 'protection packs' as a new security feature context but do not address vulnerabilities. Updates clarify how security configurations propagate across protection packs and web ACLs, enhancing documentation of security features.
Diff
diff --git a/waf/latest/developerguide/waf-rule-statement-reusable-entities.md b/waf/latest/developerguide/waf-rule-statement-reusable-entities.md index c01349606..eaaf632ad 100644 --- a//waf/latest/developerguide/waf-rule-statement-reusable-entities.md +++ b//waf/latest/developerguide/waf-rule-statement-reusable-entities.md @@ -4,0 +5,4 @@ +**Introducing a new console experience for AWS WAF** + +You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). + @@ -9 +13 @@ This section explains how reusable entities work in AWS WAF. -Some rules use entities that are reusable and that are managed outside of your web ACLs, either by you, AWS, or an AWS Marketplace seller. When the reusable entity is updated, AWS WAF propagates the update to your rule. For example, if you use an AWS Managed Rules rule group in a web ACL, when AWS updates the rule group, AWS propagates the change to your web ACL, to update its behavior. If you use an IP set statement in a rule, when you update the set, AWS WAF propagates the change to all rules that reference it, so any web ACLs that use those rules are kept up-to-date with your changes. +Some rules use entities that are reusable and that are managed outside of your web ACLs, either by you, AWS, or an AWS Marketplace seller. When the reusable entity is updated, AWS WAF propagates the update to your rule. For example, if you use an AWS Managed Rules rule group in a protection pack or web ACL, when AWS updates the rule group, AWS propagates the change to your web ACL, to update its behavior. If you use an IP set statement in a rule, when you update the set, AWS WAF propagates the change to all rules that reference it, so any protection pack or web ACLs that use those rules are kept up-to-date with your changes. @@ -17 +21 @@ The following are the reusable entities that you can use in a rule statement. - * **AWS Managed Rules rule groups** – AWS manages these rule groups. On the console, these are available for your use when you add a managed rule group to your web ACL. For more information about these, see [AWS Managed Rules rule groups list](./aws-managed-rule-groups-list.html). + * **AWS Managed Rules rule groups** – AWS manages these rule groups. On the console, these are available for your use when you add a managed rule group to your protection pack or web ACL. For more information about these, see [AWS Managed Rules rule groups list](./aws-managed-rule-groups-list.html). @@ -19 +23 @@ The following are the reusable entities that you can use in a rule statement. - * **AWS Marketplace managed rule groups** – AWS Marketplace sellers manage these rule groups and you can subscribe to them to use them. To manage your subscriptions, on the navigation pane of the console, choose **AWS Marketplace**. The AWS Marketplace managed rule groups are listed when you add a managed rule group to your web ACL. For rule groups that you haven't yet subscribed to, you can find a link to AWS Marketplace on that page as well. For more information about AWS Marketplace seller managed rule groups, see [AWS Marketplace rule groups](./marketplace-rule-groups.html). + * **AWS Marketplace managed rule groups** – AWS Marketplace sellers manage these rule groups and you can subscribe to them to use them. To manage your subscriptions, on the navigation pane of the console, choose **AWS Marketplace**. The AWS Marketplace managed rule groups are listed when you add a managed rule group to your protection pack or web ACL. For rule groups that you haven't yet subscribed to, you can find a link to AWS Marketplace on that page as well. For more information about AWS Marketplace seller managed rule groups, see [AWS Marketplace rule groups](./marketplace-rule-groups.html). @@ -28 +32 @@ The following are the reusable entities that you can use in a rule statement. -When you delete a referenced entity, AWS WAF checks to see if it's currently being used in a web ACL. If AWS WAF finds that it's in use, it warns you. AWS WAF is almost always able to determine if an entity is being referenced by a web ACL. However, in rare cases, it might not be able to do so. If you need to be sure that the entity that you want to delete isn't in use, check for it in your web ACLs before deleting it. +When you delete a referenced entity, AWS WAF checks to see if it's currently being used in a protection pack or web ACL. If AWS WAF finds that it's in use, it warns you. AWS WAF is almost always able to determine if an entity is being referenced by a protection pack or web ACL. However, in rare cases, it might not be able to do so. If you need to be sure that the entity that you want to delete isn't in use, check for it in your web ACLs before deleting it.