AWS waf documentation change
Summary
Updated terminology from 'protection pack or web ACL' to 'protection pack (web ACL)' throughout the document for consistency
Security assessment
The changes are purely terminological clarifications without introducing new security content or addressing vulnerabilities. No security implications are mentioned or altered in the logging process, permissions requirements, or encryption details.
Diff
diff --git a/waf/latest/developerguide/logging-s3.md b/waf/latest/developerguide/logging-s3.md index aeae53a72..1a00ac8e2 100644 --- a//waf/latest/developerguide/logging-s3.md +++ b//waf/latest/developerguide/logging-s3.md @@ -11 +11 @@ You can now use the updated experience to access AWS WAF functionality anywhere -# Sending protection pack or web ACL traffic logs to an Amazon Simple Storage Service bucket +# Sending protection pack (web ACL) traffic logs to an Amazon Simple Storage Service bucket @@ -13 +13 @@ You can now use the updated experience to access AWS WAF functionality anywhere -This topic provides information for sending your protection pack or web ACL traffic logs to an Amazon S3 bucket. +This topic provides information for sending your protection pack (web ACL) traffic logs to an Amazon S3 bucket. @@ -17 +17 @@ This topic provides information for sending your protection pack or web ACL traf -You are charged for logging in addition to the charges for using AWS WAF. For information, see [Pricing for logging protection pack or web ACL traffic information](./logging-pricing.html). +You are charged for logging in addition to the charges for using AWS WAF. For information, see [Pricing for logging protection pack (web ACL) traffic information](./logging-pricing.html). @@ -19 +19 @@ You are charged for logging in addition to the charges for using AWS WAF. For in -To send your protection pack or web ACL traffic logs to Amazon S3, you set up an Amazon S3 bucket from the same account as you use to manage the protection pack or web ACL, and you name the bucket starting with `aws-waf-logs-`. When you enable logging in AWS WAF, you provide the bucket name. For information about creating a logging bucket, see [Create a Bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/CreatingABucket.html) in the _Amazon Simple Storage Service User Guide_. +To send your protection pack (web ACL) traffic logs to Amazon S3, you set up an Amazon S3 bucket from the same account as you use to manage the protection pack (web ACL), and you name the bucket starting with `aws-waf-logs-`. When you enable logging in AWS WAF, you provide the bucket name. For information about creating a logging bucket, see [Create a Bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/CreatingABucket.html) in the _Amazon Simple Storage Service User Guide_. @@ -27 +27 @@ AWS WAF supports encryption with Amazon S3 buckets for key type Amazon S3 key (S -Log files from your protection pack or web ACL are published to the Amazon S3 bucket at 5-minute intervals. Each log file contains log records for the traffic recorded in the previous 5 minutes. +Log files from your protection pack (web ACL) are published to the Amazon S3 bucket at 5-minute intervals. Each log file contains log records for the traffic recorded in the previous 5 minutes. @@ -33 +33 @@ The log files are compressed. If you open the files using the Amazon S3 console, -A single log file contains interleaved entries with multiple records. To see all the log files for a protection pack or web ACL, look for entries aggregated by the protection pack or web ACL name, Region, and your account ID. +A single log file contains interleaved entries with multiple records. To see all the log files for a protection pack (web ACL), look for entries aggregated by the protection pack (web ACL) name, Region, and your account ID. @@ -70 +70 @@ The bucket locations with prefixes use the following syntax: -Inside your buckets, and following any prefixes that you provide, your AWS WAF logs are written under a folder structure that's determined by your account ID, the Region, the protection pack or web ACL name, and the date and time. +Inside your buckets, and following any prefixes that you provide, your AWS WAF logs are written under a folder structure that's determined by your account ID, the Region, the protection pack (web ACL) name, and the date and time. @@ -82 +82 @@ The time specifications used in the folder structure and in the log file name ad -The following shows an example log file in an Amazon S3 bucket for a bucket named `aws-waf-logs-`LOGGING-BUCKET-SUFFIX``. The AWS account is `11111111111`. The protection pack or web ACL is `TEST-WEBACL` and the Region is `us-east-1`. +The following shows an example log file in an Amazon S3 bucket for a bucket named `aws-waf-logs-`LOGGING-BUCKET-SUFFIX``. The AWS account is `11111111111`. The protection pack (web ACL) is `TEST-WEBACL` and the Region is `us-east-1`. @@ -93 +93 @@ Your bucket names for AWS WAF logging must start with `aws-waf-logs-` and can en -Configuring protection pack or web ACL traffic logging for an Amazon S3 bucket requires the following permissions settings. These permissions are set for you when you use one of the AWS WAF full access managed policies, `AWSWAFConsoleFullAccess` or `AWSWAFFullAccess`. If you want to further manage access to your logging and AWS WAF resources, you can set these permissions yourself. For information about managing permissions, see [Access management for AWS resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) in the _IAM User Guide_. For information about the AWS WAF managed policies, see [AWS managed policies for AWS WAF](./security-iam-awsmanpol.html). +Configuring protection pack (web ACL) traffic logging for an Amazon S3 bucket requires the following permissions settings. These permissions are set for you when you use one of the AWS WAF full access managed policies, `AWSWAFConsoleFullAccess` or `AWSWAFFullAccess`. If you want to further manage access to your logging and AWS WAF resources, you can set these permissions yourself. For information about managing permissions, see [Access management for AWS resources](https://docs.aws.amazon.com/IAM/latest/UserGuide/access.html) in the _IAM User Guide_. For information about the AWS WAF managed policies, see [AWS managed policies for AWS WAF](./security-iam-awsmanpol.html). @@ -95 +95 @@ Configuring protection pack or web ACL traffic logging for an Amazon S3 bucket r -The following permissions allow you to change the protection pack or web ACL logging configuration and to configure log delivery to your Amazon S3 bucket. These permissions must be attached to the user that you use to manage AWS WAF. +The following permissions allow you to change the protection pack (web ACL) logging configuration and to configure log delivery to your Amazon S3 bucket. These permissions must be attached to the user that you use to manage AWS WAF.