AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-08-22 · Documentation low

File: waf/latest/developerguide/waf-atp-deploying.md

Summary

Updated terminology from 'protection pack or web ACL' to 'protection pack (web ACL)' for consistency and clarity throughout the document.

Security assessment

The changes are purely terminological updates without introducing new security concepts, features, or addressing vulnerabilities. The modifications clarify that 'protection pack' and 'web ACL' refer to the same concept, but don't alter security guidance or indicate any security incident response.

Diff

diff --git a/waf/latest/developerguide/waf-atp-deploying.md b/waf/latest/developerguide/waf-atp-deploying.md
index 15cb92ffc..493f7e50a 100644
--- a//waf/latest/developerguide/waf-atp-deploying.md
+++ b//waf/latest/developerguide/waf-atp-deploying.md
@@ -23 +23 @@ Before you deploy your ATP implementation for production traffic, test and tune
-AWS WAF provides test credentials that you can use to verify your ATP configuration. In the following procedure, you'll configure a test protection pack or web ACL to use the ATP managed rule group, configure a rule to capture the label added by the rule group, and then run a login attempt using these test credentials. You'll verify that your web ACL has properly managed the attempt by checking the Amazon CloudWatch metrics for the login attempt. 
+AWS WAF provides test credentials that you can use to verify your ATP configuration. In the following procedure, you'll configure a test protection pack (web ACL) to use the ATP managed rule group, configure a rule to capture the label added by the rule group, and then run a login attempt using these test credentials. You'll verify that your web ACL has properly managed the attempt by checking the Amazon CloudWatch metrics for the login attempt. 
@@ -25 +25 @@ AWS WAF provides test credentials that you can use to verify your ATP configurat
-This guidance is intended for users who know generally how to create and manage AWS WAF protection pack or web ACLs, rules, and rule groups. Those topics are covered in prior sections of this guide. 
+This guidance is intended for users who know generally how to create and manage AWS WAF protection packs (web ACLs), rules, and rule groups. Those topics are covered in prior sections of this guide. 
@@ -37 +37 @@ You are charged additional fees when you use this managed rule group. For more i
-Add the AWS Managed Rules rule group `AWSManagedRulesATPRuleSet` to a new or existing protection pack or web ACL and configure it so that it doesn't alter the current protection pack or web ACL behavior. For details about the rules and labels for this rule group, see [AWS WAF Fraud Control account takeover prevention (ATP) rule group](./aws-managed-rule-groups-atp.html).
+Add the AWS Managed Rules rule group `AWSManagedRulesATPRuleSet` to a new or existing protection pack (web ACL) and configure it so that it doesn't alter the current protection pack (web ACL) behavior. For details about the rules and labels for this rule group, see [AWS WAF Fraud Control account takeover prevention (ATP) rule group](./aws-managed-rule-groups-atp.html).
@@ -41 +41 @@ Add the AWS Managed Rules rule group `AWSManagedRulesATPRuleSet` to a new or exi
-       * In the **Rule group configuration** pane, provide the details of your application's login page. The ATP rule group uses this information to monitor sign-in activities. For more information, see [Adding the ATP managed rule group to your protection pack or web ACL](./waf-atp-rg-using.html).
+       * In the **Rule group configuration** pane, provide the details of your application's login page. The ATP rule group uses this information to monitor sign-in activities. For more information, see [Adding the ATP managed rule group to your protection pack (web ACL)](./waf-atp-rg-using.html).
@@ -47 +47 @@ With this override, you can monitor the potential impact of the ATP managed rule
-     * Position the rule group so that it's evaluated after your existing rules in the protection pack or web ACL, with a priority setting that's numerically higher than any rules or rule groups that you're already using. For more information, see [Setting rule priority](./web-acl-processing-order.html). 
+     * Position the rule group so that it's evaluated after your existing rules in the protection pack (web ACL), with a priority setting that's numerically higher than any rules or rule groups that you're already using. For more information, see [Setting rule priority](./web-acl-processing-order.html). 
@@ -51 +51 @@ This way, your current handling of traffic isn't disrupted. For example, if you
-  2. ###### Enable logging and metrics for the protection pack or web ACL
+  2. ###### Enable logging and metrics for the protection pack (web ACL)
@@ -53 +53 @@ This way, your current handling of traffic isn't disrupted. For example, if you
-As needed, configure logging, Amazon Security Lake data collection, request sampling, and Amazon CloudWatch metrics for the protection pack or web ACL. You can use these visibility tools to monitor the interaction of the ATP managed rule group with your traffic. 
+As needed, configure logging, Amazon Security Lake data collection, request sampling, and Amazon CloudWatch metrics for the protection pack (web ACL). You can use these visibility tools to monitor the interaction of the ATP managed rule group with your traffic. 
@@ -55 +55 @@ As needed, configure logging, Amazon Security Lake data collection, request samp
-     * For information about configuring and using logging, see [Logging AWS WAF protection pack or web ACL traffic](./logging.html). 
+     * For information about configuring and using logging, see [Logging AWS WAF protection pack (web ACL) traffic](./logging.html). 
@@ -63 +63 @@ As needed, configure logging, Amazon Security Lake data collection, request samp
-  3. ###### Associate the protection pack or web ACL with a resource
+  3. ###### Associate the protection pack (web ACL) with a resource
@@ -65 +65 @@ As needed, configure logging, Amazon Security Lake data collection, request samp
-If the protection pack or web ACL isn't already associated with a test resource, associate it. For information, see [Associating or disassociating protection with an AWS resource](./web-acl-associating-aws-resource.html).
+If the protection pack (web ACL) isn't already associated with a test resource, associate it. For information, see [Associating or disassociating protection with an AWS resource](./web-acl-associating-aws-resource.html).
@@ -83 +83 @@ These test credentials are categorized as compromised credentials, and the ATP m
-    2. In your protection pack or web ACL logs, look for the `awswaf:managed:aws:atp:signal:credential_compromised` label in the `labels` field on the log entries for your test login web requests. For information about logging, see [Logging AWS WAF protection pack or web ACL traffic](./logging.html). 
+    2. In your protection pack (web ACL) logs, look for the `awswaf:managed:aws:atp:signal:credential_compromised` label in the `labels` field on the log entries for your test login web requests. For information about logging, see [Logging AWS WAF protection pack (web ACL) traffic](./logging.html). 
@@ -95 +95 @@ After the first 6 failures, the volumetric failed login rule should start matchi
-    2. In your protection pack or web ACL logs, look for the `awswaf:managed:aws:atp:aggregate:volumetric:ip:failed_login_response:high` label in the `labels` field on the log entries for your test login web requests. For information about logging, see [Logging AWS WAF protection pack or web ACL traffic](./logging.html). 
+    2. In your protection pack (web ACL) logs, look for the `awswaf:managed:aws:atp:aggregate:volumetric:ip:failed_login_response:high` label in the `labels` field on the log entries for your test login web requests. For information about logging, see [Logging AWS WAF protection pack (web ACL) traffic](./logging.html). 
@@ -107 +107 @@ For example, you can use ATP labels to allow or block requests or to customize r
-Depending on your situation, you might have decided that you want to leave some ATP rules in count mode. For the rules that you want to run as configured inside the rule group, disable count mode in the protection pack or web ACL rule group configuration. When you're finished testing, you can also remove your test label match rules.
+Depending on your situation, you might have decided that you want to leave some ATP rules in count mode. For the rules that you want to run as configured inside the rule group, disable count mode in the protection pack (web ACL) rule group configuration. When you're finished testing, you can also remove your test label match rules.