AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-08-22 · Documentation low

File: waf/latest/developerguide/security-iam-awsmanpol.md

Summary

Updated terminology from 'protection pack or web ACL' to 'protection pack (web ACL)' across multiple IAM permission descriptions and policy change logs for consistency

Security assessment

Changes are purely terminological clarifications without introducing new security concepts or addressing vulnerabilities. The updates standardize references to web ACLs but don't alter security functionality or reveal security fixes.

Diff

diff --git a/waf/latest/developerguide/security-iam-awsmanpol.md b/waf/latest/developerguide/security-iam-awsmanpol.md
index 61502e16f..042741309 100644
--- a//waf/latest/developerguide/security-iam-awsmanpol.md
+++ b//waf/latest/developerguide/security-iam-awsmanpol.md
@@ -65 +65 @@ Policy | Description of change | Date
-  * `amplify:GetWebACLForResource` – Grants permission to retrieve the AWS WAF protection pack or web ACL associated with an Amplify resource
+  * `amplify:GetWebACLForResource` – Grants permission to retrieve the AWS WAF protection pack (web ACL) associated with an Amplify resource
@@ -67 +67 @@ Policy | Description of change | Date
-  * `amplify:ListResourcesForWebACL` – Grants permission to retrieve the Amplify apps associated with an AWS WAF protection pack or web ACL
+  * `amplify:ListResourcesForWebACL` – Grants permission to retrieve the Amplify apps associated with an AWS WAF protection pack (web ACL)
@@ -83,3 +83,3 @@ Policy | Description of change | Date
-  * `amplify:AssociateWebACL` – Grants permission to associate an AWS WAF protection pack or web ACL to an Amplify resource
-  * `amplify:DisassociateWebACL` – Grants permission to disassociate an AWS WAF protection pack or web ACL from an Amplify resource
-  * `amplify:GetWebACLForResource` – Grants permission to retrieve the AWS WAF protection pack or web ACL associated with an Amplify resource
+  * `amplify:AssociateWebACL` – Grants permission to associate an AWS WAF protection pack (web ACL) to an Amplify resource
+  * `amplify:DisassociateWebACL` – Grants permission to disassociate an AWS WAF protection pack (web ACL) from an Amplify resource
+  * `amplify:GetWebACLForResource` – Grants permission to retrieve the AWS WAF protection pack (web ACL) associated with an Amplify resource
@@ -87 +87 @@ Policy | Description of change | Date
-  * `amplify:ListResourcesForWebACL` – Grants permission to retrieve the Amplify apps associated with an AWS WAF protection pack or web ACL
+  * `amplify:ListResourcesForWebACL` – Grants permission to retrieve the Amplify apps associated with an AWS WAF protection pack (web ACL)
@@ -93,4 +93,4 @@ Policy | Description of change | Date
-  * `cloudfront:AssociateDistributionTenantWebACL` – Grants permission to associate an AWS WAF protection pack or web ACL with a CloudFront distribution tenant
-  * `cloudfront:AssociateDistributionWebACL` – Grants permission to associate an AWS WAF protection pack or web ACL with a CloudFront distribution
-  * `cloudfront:DisassociateDistributionTenantWebACL` – Grants permission to disassociate an AWS WAF protection pack or web ACL with a CloudFront distribution tenant
-  * `cloudfront:DisassociateDistributionWebACL` – Grants permission to disassociate an AWS WAF protection pack or web ACL with a CloudFront distribution
+  * `cloudfront:AssociateDistributionTenantWebACL` – Grants permission to associate an AWS WAF protection pack (web ACL) with a CloudFront distribution tenant
+  * `cloudfront:AssociateDistributionWebACL` – Grants permission to associate an AWS WAF protection pack (web ACL) with a CloudFront distribution
+  * `cloudfront:DisassociateDistributionTenantWebACL` – Grants permission to disassociate an AWS WAF protection pack (web ACL) with a CloudFront distribution tenant
+  * `cloudfront:DisassociateDistributionWebACL` – Grants permission to disassociate an AWS WAF protection pack (web ACL) with a CloudFront distribution
@@ -122,4 +122,4 @@ AWS WAF additions to change tracking |  AWS WAF started tracking changes for the
-`AWSWAFFullAccess` This policy allows AWS WAF to manage AWS resources on your behalf in AWS WAF and in integrated services. Details in IAM console: [AWSWAFFullAccess](https://console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/AWSWAFFullAccess$serviceLevelSummary). |  Corrected the permissions settings for log delivery for Amazon Simple Storage Service (Amazon S3) and Amazon CloudWatch Logs. This change resolves access denied errors that were occurring during logging configuration. For information about logging your protection pack or web ACL traffic, see [Logging AWS WAF protection pack or web ACL traffic](./logging.html). | 2022-01-11  
-`AWSWAFConsoleFullAccess` This policy allows AWS WAF to manage AWS console resources and other AWS resources on your behalf in AWS WAF and in integrated services. Details in IAM console: [AWSWAFConsoleFullAccess](https://console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/AWSWAFConsoleFullAccess$serviceLevelSummary). |  Corrected the permissions settings for log delivery for Amazon Simple Storage Service (Amazon S3) and Amazon CloudWatch Logs. This change resolves access errors that were occurring during logging configuration. For information about logging your protection pack or web ACL traffic, see [Logging AWS WAF protection pack or web ACL traffic](./logging.html). | 2022-01-11  
-`AWSWAFFullAccess` This policy allows AWS WAF to manage AWS resources on your behalf in AWS WAF and in integrated services. Details in IAM console: [AWSWAFFullAccess](https://console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/AWSWAFFullAccess$serviceLevelSummary). |  Added new permissions for expanded logging options. This change gives AWS WAF access to the additional logging destinations Amazon Simple Storage Service (Amazon S3) and Amazon CloudWatch Logs. For information about logging your protection pack or web ACL traffic, see [Logging AWS WAF protection pack or web ACL traffic](./logging.html). | 2021-11-15  
-`AWSWAFConsoleFullAccess` This policy allows AWS WAF to manage AWS console resources and other AWS resources on your behalf in AWS WAF and in integrated services. Details in IAM console: [AWSWAFConsoleFullAccess](https://console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/AWSWAFConsoleFullAccess$serviceLevelSummary). |  Added new permissions for expanded logging options. This change gives AWS WAF access to the additional logging destinations Amazon Simple Storage Service (Amazon S3) and Amazon CloudWatch Logs. For information about logging your protection pack or web ACL traffic, see [Logging AWS WAF protection pack or web ACL traffic](./logging.html). | 2021-11-15  
+`AWSWAFFullAccess` This policy allows AWS WAF to manage AWS resources on your behalf in AWS WAF and in integrated services. Details in IAM console: [AWSWAFFullAccess](https://console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/AWSWAFFullAccess$serviceLevelSummary). |  Corrected the permissions settings for log delivery for Amazon Simple Storage Service (Amazon S3) and Amazon CloudWatch Logs. This change resolves access denied errors that were occurring during logging configuration. For information about logging your protection pack (web ACL) traffic, see [Logging AWS WAF protection pack (web ACL) traffic](./logging.html). | 2022-01-11  
+`AWSWAFConsoleFullAccess` This policy allows AWS WAF to manage AWS console resources and other AWS resources on your behalf in AWS WAF and in integrated services. Details in IAM console: [AWSWAFConsoleFullAccess](https://console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/AWSWAFConsoleFullAccess$serviceLevelSummary). |  Corrected the permissions settings for log delivery for Amazon Simple Storage Service (Amazon S3) and Amazon CloudWatch Logs. This change resolves access errors that were occurring during logging configuration. For information about logging your protection pack (web ACL) traffic, see [Logging AWS WAF protection pack (web ACL) traffic](./logging.html). | 2022-01-11  
+`AWSWAFFullAccess` This policy allows AWS WAF to manage AWS resources on your behalf in AWS WAF and in integrated services. Details in IAM console: [AWSWAFFullAccess](https://console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/AWSWAFFullAccess$serviceLevelSummary). |  Added new permissions for expanded logging options. This change gives AWS WAF access to the additional logging destinations Amazon Simple Storage Service (Amazon S3) and Amazon CloudWatch Logs. For information about logging your protection pack (web ACL) traffic, see [Logging AWS WAF protection pack (web ACL) traffic](./logging.html). | 2021-11-15  
+`AWSWAFConsoleFullAccess` This policy allows AWS WAF to manage AWS console resources and other AWS resources on your behalf in AWS WAF and in integrated services. Details in IAM console: [AWSWAFConsoleFullAccess](https://console.aws.amazon.com/iam/home#/policies/arn:aws:iam::aws:policy/AWSWAFConsoleFullAccess$serviceLevelSummary). |  Added new permissions for expanded logging options. This change gives AWS WAF access to the additional logging destinations Amazon Simple Storage Service (Amazon S3) and Amazon CloudWatch Logs. For information about logging your protection pack (web ACL) traffic, see [Logging AWS WAF protection pack (web ACL) traffic](./logging.html). | 2021-11-15