AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-08-22 · Documentation low

File: waf/latest/developerguide/cloudfront-features.md

Summary

Updated terminology to consistently use 'protection pack (web ACL)' instead of 'protection pack or web ACL' throughout the document, clarifying terminology alignment

Security assessment

The changes are purely terminological clarifications to align 'protection pack' with 'web ACL' as equivalent terms. No security vulnerabilities, mitigations, or incident-related content is introduced or modified. The updates improve documentation consistency but do not address security flaws or describe new security features.

Diff

diff --git a/waf/latest/developerguide/cloudfront-features.md b/waf/latest/developerguide/cloudfront-features.md
index 7a27a8256..67a02c7c3 100644
--- a//waf/latest/developerguide/cloudfront-features.md
+++ b//waf/latest/developerguide/cloudfront-features.md
@@ -15 +15 @@ Learn how to use AWS WAF with Amazon CloudFront features.
-When you create a protection pack or web ACL, you can specify one or more CloudFront distributions that you want AWS WAF to inspect. CloudFront supports two types of distributions: standard distributions that protect individual tenants, and multi-tenant distributions that protect multiple tenants through a single, shared configuration template. AWS WAF inspects web requests for both distribution types based on the rules you define in your protection pack or web ACLs, with different implementation patterns for each type.
+When you create a protection pack (web ACL), you can specify one or more CloudFront distributions that you want AWS WAF to inspect. CloudFront supports two types of distributions: standard distributions that protect individual tenants, and multi-tenant distributions that protect multiple tenants through a single, shared configuration template. AWS WAF inspects web requests for both distribution types based on the rules you define in your protection packs (web ACLs), with different implementation patterns for each type.
@@ -34 +34 @@ AWS WAF provides web application firewall capabilities for both standard and mul
-For standard distributions, AWS WAF adds protection using a single protection pack or web ACL for each distribution. You can enable this protection by associating an existing protection pack or web ACL with a CloudFront distribution or by using one-click protection in the CloudFront console. This lets you manage the security controls for each of your distributions independently, since any changes to a protection pack or web ACL will only affect the distribution associated with it.
+For standard distributions, AWS WAF adds protection using a single protection pack (web ACL) for each distribution. You can enable this protection by associating an existing protection pack (web ACL) with a CloudFront distribution or by using one-click protection in the CloudFront console. This lets you manage the security controls for each of your distributions independently, since any changes to a protection pack (web ACL) will only affect the distribution associated with it.
@@ -36 +36 @@ For standard distributions, AWS WAF adds protection using a single protection pa
-This straightforward method of protecting CloudFront distributions is optimal for providing individual domains with specific protections from a single protection pack or web ACL.
+This straightforward method of protecting CloudFront distributions is optimal for providing individual domains with specific protections from a single protection pack (web ACL).
@@ -40 +40 @@ This straightforward method of protecting CloudFront distributions is optimal fo
-  * Changes to a protection pack or web ACL affect only its associated distribution
+  * Changes to a protection pack (web ACL) affect only its associated distribution
@@ -42 +42 @@ This straightforward method of protecting CloudFront distributions is optimal fo
-  * Each distribution requires independent protection pack or web ACL configuration
+  * Each distribution requires independent protection pack (web ACL) configuration
@@ -51 +51 @@ This straightforward method of protecting CloudFront distributions is optimal fo
-For multi-tenant distributions, AWS WAF adds protection across multiple domains using a single protection pack or web ACL. Domains that are managed by multi-tenant distributions are known as distribution tenants. You can only enable AWS WAF protection for multi-tenant distributions in the CloudFront console, either during or after the multi-tenant distribution creation process. However, changes to a protection pack or web ACL are still managed through the AWS WAF console or API. 
+For multi-tenant distributions, AWS WAF adds protection across multiple domains using a single protection pack (web ACL). Domains that are managed by multi-tenant distributions are known as distribution tenants. You can only enable AWS WAF protection for multi-tenant distributions in the CloudFront console, either during or after the multi-tenant distribution creation process. However, changes to a protection pack (web ACL) are still managed through the AWS WAF console or API. 
@@ -55 +55 @@ Multi-tenant distributions offer the flexibility to enable AWS WAF protections a
-  * **Multi-tenant distribution level** – Associated protection pack or web ACLs provide baseline security controls that apply to all applications sharing that distribution
+  * **Multi-tenant distribution level** – Associated protection packs (web ACLs) provide baseline security controls that apply to all applications sharing that distribution
@@ -57 +57 @@ Multi-tenant distributions offer the flexibility to enable AWS WAF protections a
-  * **Distribution tenant level** – Individual tenants within a multi-tenant distribution can have their own protection pack or web ACLs to implement additional security controls or override multi-tenant distribution settings
+  * **Distribution tenant level** – Individual tenants within a multi-tenant distribution can have their own protection packs (web ACLs) to implement additional security controls or override multi-tenant distribution settings
@@ -66 +66 @@ These two tiers make multi-tenant distributions optimal for sharing AWS WAF prot
-  * Individual distribution tenants inherit changes made to protection pack or web ACLs that are associated with related multi-tenant distributions
+  * Individual distribution tenants inherit changes made to protection packs (web ACLs) that are associated with related multi-tenant distributions
@@ -68 +68 @@ These two tiers make multi-tenant distributions optimal for sharing AWS WAF prot
-  * The protection pack or web ACLs associated with specific distribution tenants can override settings configured at the multi-tenant protection pack or web ACL level
+  * The protection packs (web ACLs) associated with specific distribution tenants can override settings configured at the multi-tenant protection pack (web ACL) level
@@ -79 +79 @@ These two tiers make multi-tenant distributions optimal for sharing AWS WAF prot
-Compare protection pack or web ACL implementations AWS WAF Feature | Standard distributions | Multi-tenant distributions  
+Compare protection pack (web ACL) implementations AWS WAF Feature | Standard distributions | Multi-tenant distributions  
@@ -81 +81 @@ Compare protection pack or web ACL implementations AWS WAF Feature | Standard di
-Associating protection pack or web ACLs | One protection pack or web ACL per distribution | You can share protection pack or web ACLs across tenants, with optional tenant-specific protection pack or web ACLs  
+Associating protection packs (web ACLs) | One protection pack (web ACL) per distribution | You can share protection packs (web ACLs) across tenants, with optional tenant-specific protection packs (web ACLs)