AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2025-08-22 · Documentation low

File: waf/latest/developerguide/waf-migrating-caveats.md

Summary

Updated terminology from 'protection pack or web ACL' to 'protection pack (web ACL)' for consistency and clarity in migration caveats documentation

Security assessment

Changes are purely terminological clarifications (adding parentheses to link 'protection pack' with 'web ACL'). No security vulnerabilities, mitigations, or security features are mentioned. The existing note about associations being disabled by default remains unchanged.

Diff

diff --git a/waf/latest/developerguide/waf-migrating-caveats.md b/waf/latest/developerguide/waf-migrating-caveats.md
index 3c7624595..93655b0d4 100644
--- a//waf/latest/developerguide/waf-migrating-caveats.md
+++ b//waf/latest/developerguide/waf-migrating-caveats.md
@@ -11 +11 @@ You can now use the updated experience to access AWS WAF functionality anywhere
-The migration only handles protection pack or web ACL configurations, and the protection pack or web ACL migration doesn't bring over all settings exactly as you have them in AWS WAF Classic. Some configuration items require manual configuration in AWS WAF (v2). A few things don't map exactly between the two versions, and you'll need to decide how you want to configure the functionality in AWS WAF (v2). Some settings, like the protection pack or web ACL's associations with AWS resources, are disabled initially in the new version so you can add them when you're ready. 
+The migration only handles protection pack (web ACL) configurations, and the protection pack (web ACL) migration doesn't bring over all settings exactly as you have them in AWS WAF Classic. Some configuration items require manual configuration in AWS WAF (v2). A few things don't map exactly between the two versions, and you'll need to decide how you want to configure the functionality in AWS WAF (v2). Some settings, like the protection pack (web ACL)'s associations with AWS resources, are disabled initially in the new version so you can add them when you're ready. 
@@ -17 +17 @@ The following list describes the caveats of the migration and describes any step
-  * **Only protection pack or web ACL configurations** – The migration only migrates protection pack or web ACLs and resources that the protection pack or web ACLs are using. To migrate a resource, such as a rule group or IP set, that's not used by any migrated web ACL, manually create the resource in AWS WAF (v2).
+  * **Only protection pack (web ACL) configurations** – The migration only migrates protection packs (web ACLs) and resources that the protection packs (web ACLs) are using. To migrate a resource, such as a rule group or IP set, that's not used by any migrated web ACL, manually create the resource in AWS WAF (v2).
@@ -21 +21 @@ The following list describes the caveats of the migration and describes any step
-  * **No protection pack or web ACL associations** – The migration doesn't bring over any associations between the protection pack or web ACL and protected resources. This is by design, to avoid affecting your production workload. After you verify that everything is migrated correctly, associate the new protection pack or web ACL with your resources.
+  * **No protection pack (web ACL) associations** – The migration doesn't bring over any associations between the protection pack (web ACL) and protected resources. This is by design, to avoid affecting your production workload. After you verify that everything is migrated correctly, associate the new protection pack (web ACL) with your resources.
@@ -23 +23 @@ The following list describes the caveats of the migration and describes any step
-  * **Logging disabled** – Logging for the migrated protection pack or web ACL is disabled by default. This is by design. Enable logging when you are ready to switch over from AWS WAF Classic to AWS WAF.
+  * **Logging disabled** – Logging for the migrated protection pack (web ACL) is disabled by default. This is by design. Enable logging when you are ready to switch over from AWS WAF Classic to AWS WAF.
@@ -25 +25 @@ The following list describes the caveats of the migration and describes any step
-  * **No AWS Firewall Manager rule groups** – The migration doesn't handle rule groups that are managed by Firewall Manager. You can migrate a protection pack or web ACL that's managed by Firewall Manager, but the migration doesn't bring over the rule group. Instead of using the migration tool for these protection pack or web ACLs, recreate the policy for the new AWS WAF in Firewall Manager. 
+  * **No AWS Firewall Manager rule groups** – The migration doesn't handle rule groups that are managed by Firewall Manager. You can migrate a protection pack (web ACL) that's managed by Firewall Manager, but the migration doesn't bring over the rule group. Instead of using the migration tool for these protection packs (web ACLs), recreate the policy for the new AWS WAF in Firewall Manager.