AWS waf documentation change
Summary
Added note about Anti-DDoS Managed Rule Group becoming default solution for HTTP request flood attacks starting March 26, 2026, replacing Layer 7 Auto Mitigation (L7AM) feature
Security assessment
This change documents a feature transition from L7AM to Anti-DDoS AMR for DDoS protection. It describes security feature improvements (faster attack detection/mitigation) but does not indicate any specific security vulnerability, weakness, or incident being addressed. The change is informational about upcoming service enhancements.
Diff
diff --git a/waf/latest/developerguide/ddos-automatic-app-layer-response.md b/waf/latest/developerguide/ddos-automatic-app-layer-response.md index 514e9ef90..1e52bfdee 100644 --- a//waf/latest/developerguide/ddos-automatic-app-layer-response.md +++ b//waf/latest/developerguide/ddos-automatic-app-layer-response.md @@ -12,0 +13,4 @@ You can now use the updated experience to access AWS WAF functionality anywhere +###### Note + +Starting March 26, 2026, the Anti-DDoS Managed Rule Group (Anti-DDOS AMR) for AWS WAF becomes the default solution for protection against HTTP request flood attacks (see the [Anti-DDoS AMR launch blog](https://aws.amazon.com/blogs/networking-and-content-delivery/introducing-the-aws-waf-application-layer-ddos-protection/)). It supersedes the Layer 7 Auto Mitigation (L7AM) feature. If you're an existing Shield Advanced customer, you can continue to use the legacy solution with existing or new AWS accounts. However, we encourage you to adopt the Anti-DDoS Managed Rule Group. The Anti-DDoS Managed Rule Group detects and mitigates attacks within seconds rather than minutes. If you're a new Shield Advanced customer and require access to the legacy solution, contact AWS Support. +