AWS waf documentation change
Summary
Updated terminology from 'protection pack or web ACL' to 'protection pack (web ACL)' throughout the document to clarify relationship between concepts
Security assessment
The changes are purely terminological clarifications without introducing new security controls, addressing vulnerabilities, or modifying security guidance. The updates standardize references to protection packs as a type of web ACL but do not alter security implications of the documented features.
Diff
diff --git a/waf/latest/developerguide/waf-rule-group-using.md b/waf/latest/developerguide/waf-rule-group-using.md index f3ae990d2..6ee72d4ff 100644 --- a//waf/latest/developerguide/waf-rule-group-using.md +++ b//waf/latest/developerguide/waf-rule-group-using.md @@ -9 +9 @@ You can now use the updated experience to access AWS WAF functionality anywhere -# Using your rule group in a protection pack or web ACL +# Using your rule group in a protection pack (web ACL) @@ -11 +11 @@ You can now use the updated experience to access AWS WAF functionality anywhere -To use a rule group in a protection pack or web ACL, you add it to the protection pack or web ACL in a rule group reference statement. +To use a rule group in a protection pack (web ACL), you add it to the protection pack (web ACL) in a rule group reference statement. @@ -15 +15 @@ To use a rule group in a protection pack or web ACL, you add it to the protectio -Before you deploy changes in your protection pack or web ACL for production traffic, test and tune them in a staging or testing environment until you are comfortable with the potential impact to your traffic. Then test and tune your updated rules in count mode with your production traffic before enabling them. For guidance, see [Testing and tuning your AWS WAF protections](./web-acl-testing.html). +Before you deploy changes in your protection pack (web ACL) for production traffic, test and tune them in a staging or testing environment until you are comfortable with the potential impact to your traffic. Then test and tune your updated rules in count mode with your production traffic before enabling them. For guidance, see [Testing and tuning your AWS WAF protections](./web-acl-testing.html). @@ -19 +19 @@ Before you deploy changes in your protection pack or web ACL for production traf -Using more than 1,500 WCUs in a protection pack or web ACL incurs costs beyond the basic protection pack or web ACL price. For more information, see [Web ACL capacity units (WCUs) in AWS WAF](./aws-waf-capacity-units.html) and [AWS WAF Pricing](https://aws.amazon.com/waf/pricing/). +Using more than 1,500 WCUs in a protection pack (web ACL) incurs costs beyond the basic protection pack (web ACL) price. For more information, see [Web ACL capacity units (WCUs) in AWS WAF](./aws-waf-capacity-units.html) and [AWS WAF Pricing](https://aws.amazon.com/waf/pricing/). @@ -36 +36 @@ Using more than 1,500 WCUs in a protection pack or web ACL incurs costs beyond t -In your protection pack or web ACL, you can alter the behavior of a rule group and its rules by setting the individual rule actions to Count or any other action. This can help you do things like test a rule group, identify false positives from rules in a rule group, and customize how a managed rule group handles your requests. For more information, see [Overriding rule group actions in AWS WAF](./web-acl-rule-group-override-options.html). +In your protection pack (web ACL), you can alter the behavior of a rule group and its rules by setting the individual rule actions to Count or any other action. This can help you do things like test a rule group, identify false positives from rules in a rule group, and customize how a managed rule group handles your requests. For more information, see [Overriding rule group actions in AWS WAF](./web-acl-rule-group-override-options.html). @@ -38 +38 @@ In your protection pack or web ACL, you can alter the behavior of a rule group a -If your rule group contains a rate-based statement, each protection pack or web ACL where you use the rule group has its own separate rate tracking and management for the rate-based rule, independent of any other protection pack or web ACL where you use the rule group. For more information, see [Using rate-based rule statements in AWS WAF](./waf-rule-statement-type-rate-based.html). +If your rule group contains a rate-based statement, each protection pack (web ACL) where you use the rule group has its own separate rate tracking and management for the rate-based rule, independent of any other protection pack (web ACL) where you use the rule group. For more information, see [Using rate-based rule statements in AWS WAF](./waf-rule-statement-type-rate-based.html). @@ -42 +42 @@ If your rule group contains a rate-based statement, each protection pack or web -When you create or change a protection pack or web ACL or other AWS WAF resources, the changes take a small amount of time to propagate to all areas where the resources are stored. The propagation time can be from a few seconds to a number of minutes. +When you create or change a protection pack (web ACL) or other AWS WAF resources, the changes take a small amount of time to propagate to all areas where the resources are stored. The propagation time can be from a few seconds to a number of minutes. @@ -46 +46 @@ The following are examples of the temporary inconsistencies that you might notic - * After you create a protection pack or web ACL, if you try to associate it with a resource, you might get an exception indicating that the protection pack or web ACL is unavailable. + * After you create a protection pack (web ACL), if you try to associate it with a resource, you might get an exception indicating that the protection pack (web ACL) is unavailable. @@ -48 +48 @@ The following are examples of the temporary inconsistencies that you might notic - * After you add a rule group to a protection pack or web ACL, the new rule group rules might be in effect in one area where the protection pack or web ACL is used and not in another. + * After you add a rule group to a protection pack (web ACL), the new rule group rules might be in effect in one area where the protection pack (web ACL) is used and not in another.