AWS waf documentation change
Summary
Updated documentation to introduce new console experience and replace 'web ACL' terminology with 'protection pack or web ACL' throughout. Added references to protection packs as equivalent to web ACLs in functionality but tied to the new console experience.
Security assessment
Changes focus on UI/console updates and terminology unification between web ACLs and protection packs. No specific security vulnerabilities or mitigations are mentioned. While WAF is a security product, these changes are operational/documentation updates rather than security-specific content additions.
Diff
diff --git a/waf/latest/developerguide/web-acl.md b/waf/latest/developerguide/web-acl.md index 53b5df4e0..20b3e90e2 100644 --- a//waf/latest/developerguide/web-acl.md +++ b//waf/latest/developerguide/web-acl.md @@ -5 +5 @@ -# Using web ACLs in AWS WAF +**Introducing a new console experience for AWS WAF** @@ -7 +7 @@ -This page explains what a web access control list (web ACL) and how it works. +You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the updated console experience](./working-with-console.html). @@ -9 +9,5 @@ This page explains what a web access control list (web ACL) and how it works. -A web ACL gives you fine-grained control over all of the HTTP(S) web requests that your protected resource responds to. You can protect Amazon CloudFront, Amazon API Gateway, Application Load Balancer, AWS AppSync, Amazon Cognito, AWS App Runner, AWS Amplify, and AWS Verified Access resources. +# Configuring protection in AWS WAF + +This page explains what protection packs and web access control lists (web ACLs) are and how they work. + +A protection pack or web ACL performs essentially the same function. Both give you fine-grained control over all of the HTTP(S) web requests that your protected resource responds to. You can protect Amazon CloudFront, Amazon API Gateway, Application Load Balancer, AWS AppSync, Amazon Cognito, AWS App Runner, AWS Amplify, and AWS Verified Access resources. You use protection packs in the new console experience, and web ACLs in the standard console. For more information about the new console experience, see [Working with the updated console experience](./working-with-console.html). @@ -28 +32 @@ You can also test for any combination of these conditions. You can block or coun -You provide your matching criteria and the action to take on matches in AWS WAF rule statements. You can define rule statements directly inside your web ACL and in reusable rule groups that you use in your web ACL. For a full list of the options, see [Using rule statements in AWS WAF](./waf-rule-statements.html) and [Using rule actions in AWS WAF](./waf-rule-action.html). +You provide your matching criteria and the action to take on matches in AWS WAF rule statements. You can define rule statements directly inside your protection pack or web ACL and in reusable rule groups that you use in your protection pack or web ACL. For a full list of the options, see [Using rule statements in AWS WAF](./waf-rule-statements.html) and [Using rule actions in AWS WAF](./waf-rule-action.html). @@ -30 +34 @@ You provide your matching criteria and the action to take on matches in AWS WAF -When you create a web ACL, you specify the types of resources that you want to use it with. For information, see [Creating a web ACL in AWS WAF](./web-acl-creating.html). After you define a web ACL, you can associate it with your resources to begin providing protection for them. For more information, see [Associating or disassociating a web ACL with an AWS resource](./web-acl-associating-aws-resource.html). +When you create a protection pack or web ACL, you specify the types of resources that you want to use it with. For information, see [Creating a protection pack or web ACL in AWS WAF](./web-acl-creating.html). After you define a protection pack or web ACL, you can associate it with your resources to begin providing protection for them. For more information, see [Associating or disassociating protection with an AWS resource](./web-acl-associating-aws-resource.html). @@ -38 +42 @@ On some occasions, AWS WAF might encounter an internal error that delays the res -Before you deploy changes in your web ACL for production traffic, test and tune them in a staging or testing environment until you are comfortable with the potential impact to your traffic. Then test and tune your updated rules in count mode with your production traffic before enabling them. For guidance, see [Testing and tuning your AWS WAF protections](./web-acl-testing.html). +Before you deploy changes in your protection pack or web ACL for production traffic, test and tune them in a staging or testing environment until you are comfortable with the potential impact to your traffic. Then test and tune your updated rules in count mode with your production traffic before enabling them. For guidance, see [Testing and tuning your AWS WAF protections](./web-acl-testing.html). @@ -42 +46 @@ Before you deploy changes in your web ACL for production traffic, test and tune -Using more than 1,500 WCUs in a web ACL incurs costs beyond the basic web ACL price. For more information, see [Web ACL capacity units (WCUs) in AWS WAF](./aws-waf-capacity-units.html) and [AWS WAF Pricing](https://aws.amazon.com/waf/pricing/). +Using more than 1,500 WCUs in a protection pack or web ACL incurs costs beyond the basic protection pack or web ACL price. For more information, see [Web ACL capacity units (WCUs) in AWS WAF](./aws-waf-capacity-units.html) and [AWS WAF Pricing](https://aws.amazon.com/waf/pricing/). @@ -46 +50 @@ Using more than 1,500 WCUs in a web ACL incurs costs beyond the basic web ACL pr -When you create or change a web ACL or other AWS WAF resources, the changes take a small amount of time to propagate to all areas where the resources are stored. The propagation time can be from a few seconds to a number of minutes. +When you create or change a protection pack or web ACL or other AWS WAF resources, the changes take a small amount of time to propagate to all areas where the resources are stored. The propagation time can be from a few seconds to a number of minutes. @@ -50 +54 @@ The following are examples of the temporary inconsistencies that you might notic - * After you create a web ACL, if you try to associate it with a resource, you might get an exception indicating that the web ACL is unavailable. + * After you create a protection pack or web ACL, if you try to associate it with a resource, you might get an exception indicating that the protection pack or web ACL is unavailable. @@ -52 +56 @@ The following are examples of the temporary inconsistencies that you might notic - * After you add a rule group to a web ACL, the new rule group rules might be in effect in one area where the web ACL is used and not in another. + * After you add a rule group to a protection pack or web ACL, the new rule group rules might be in effect in one area where the protection pack or web ACL is used and not in another. @@ -63 +67 @@ The following are examples of the temporary inconsistencies that you might notic - * [Creating a web ACL in AWS WAF](./web-acl-creating.html) + * [Creating a protection pack or web ACL in AWS WAF](./web-acl-creating.html) @@ -65 +69 @@ The following are examples of the temporary inconsistencies that you might notic - * [Editing a web ACL in AWS WAF](./web-acl-editing.html) + * [Editing a protection pack or web ACL in AWS WAF](./web-acl-editing.html) @@ -67 +71 @@ The following are examples of the temporary inconsistencies that you might notic - * [Managing rule group behavior in a web ACL](./web-acl-rule-group-settings.html) + * [Managing rule group behavior](./web-acl-rule-group-settings.html) @@ -69 +73 @@ The following are examples of the temporary inconsistencies that you might notic - * [Associating or disassociating a web ACL with an AWS resource](./web-acl-associating-aws-resource.html) + * [Associating or disassociating protection with an AWS resource](./web-acl-associating-aws-resource.html) @@ -71 +75 @@ The following are examples of the temporary inconsistencies that you might notic - * [Using web ACLs with rules and rule groups in AWS WAF](./web-acl-processing.html) + * [Using protection pack or web ACLs with rules and rule groups in AWS WAF](./web-acl-processing.html) @@ -73 +77 @@ The following are examples of the temporary inconsistencies that you might notic - * [Setting the web ACL default action in AWS WAF](./web-acl-default-action.html) + * [Setting the protection pack or web ACL default action in AWS WAF](./web-acl-default-action.html) @@ -81 +85 @@ The following are examples of the temporary inconsistencies that you might notic - * [Deleting a web ACL](./web-acl-deleting.html) + * [Deleting a protection pack or web ACL](./web-acl-deleting.html) @@ -92 +96 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please -Resources that you can protect with AWS WAF +Working with the updated console experience @@ -94 +98 @@ Resources that you can protect with AWS WAF -Creating a web ACL +Creating a protection pack or web ACL