AWS waf documentation change
Summary
Updated terminology from 'protection pack or web ACL' to 'protection pack (web ACL)' throughout the document to clarify relationship between protection packs and web ACLs
Security assessment
The changes appear to be terminology standardization/clarification rather than addressing security vulnerabilities. No security controls or vulnerabilities are mentioned in the changes.
Diff
diff --git a/waf/latest/developerguide/waf-ip-set-managing.md b/waf/latest/developerguide/waf-ip-set-managing.md index fc4418679..a042c5d8a 100644 --- a//waf/latest/developerguide/waf-ip-set-managing.md +++ b//waf/latest/developerguide/waf-ip-set-managing.md @@ -15 +15 @@ An IP set provides a collection of IP addresses and IP address ranges that you w -To use an IP set in a protection pack or web ACL or rule group, you first create an AWS resource, `IPSet` with your address specifications. Then you reference the set when you add an IP set rule statement to a protection pack or web ACL or rule group. +To use an IP set in a protection pack (web ACL) or rule group, you first create an AWS resource, `IPSet` with your address specifications. Then you reference the set when you add an IP set rule statement to a protection pack (web ACL) or rule group. @@ -23 +23 @@ Follow the procedure in this section to create a new IP set. -In addition to the procedure in this section, you have the option to add a new IP set when you add an IP match rule to your protection pack or web ACL or rule group. Choosing that option requires you to provide the same settings as those required by this procedure. +In addition to the procedure in this section, you have the option to add a new IP set when you add an IP match rule to your protection pack (web ACL) or rule group. Choosing that option requires you to provide the same settings as those required by this procedure. @@ -37 +37 @@ You can't change the name after you create the IP set. - 4. For **Region** , choose Global (CloudFront) or choose the Region where you want to store the IP set. You can use regional IP sets only in protection pack or web ACLs that protect regional resources. To use an IP set in protection pack or web ACLs that protect Amazon CloudFront distributions, you must use Global (CloudFront). + 4. For **Region** , choose Global (CloudFront) or choose the Region where you want to store the IP set. You can use regional IP sets only in protection packs (web ACLs) that protect regional resources. To use an IP set in protection packs (web ACLs) that protect Amazon CloudFront distributions, you must use Global (CloudFront). @@ -64 +64 @@ Follow the guidance in this section to delete a referenced set. -When you delete an entity that you can use in a protection pack or web ACL, like an IP set, regex pattern set, or rule group, AWS WAF checks to see if the entity is currently being used in a protection pack or web ACL. If it finds that it is in use, AWS WAF warns you. AWS WAF is almost always able to determine if an entity is being referenced by a protection pack or web ACL. However, in rare cases it might not be able to do so. If you need to be sure that nothing is currently using the entity, check for it in your protection pack or web ACLs before deleting it. If the entity is a referenced set, also check that no rule groups are using it. +When you delete an entity that you can use in a protection pack (web ACL), like an IP set, regex pattern set, or rule group, AWS WAF checks to see if the entity is currently being used in a protection pack (web ACL). If it finds that it is in use, AWS WAF warns you. AWS WAF is almost always able to determine if an entity is being referenced by a protection pack (web ACL). However, in rare cases it might not be able to do so. If you need to be sure that nothing is currently using the entity, check for it in your protection packs (web ACLs) before deleting it. If the entity is a referenced set, also check that no rule groups are using it.