AWS network-firewall documentation change
Summary
Added description of 'Consumed domain capacity' for AWS Marketplace managed rule groups using the 'stateful-domain-rulegroup' resource type, specifying capacity limits.
Security assessment
This change adds documentation about capacity limits for domain name specifications in firewall policies. It's a clarification of service quotas and resource management, not related to security vulnerabilities or incidents.
Diff
diff --git a/network-firewall/latest/developerguide/firewall-policy-settings.md b/network-firewall/latest/developerguide/firewall-policy-settings.md index 9672d461b..ba18ef832 100644 --- a//network-firewall/latest/developerguide/firewall-policy-settings.md +++ b//network-firewall/latest/developerguide/firewall-policy-settings.md @@ -58,0 +59,2 @@ You can define the value to be between 60 and 6000 seconds. If no value is provi + * **Consumed domain capacity** – The total number of domain name specifications across all AWS Marketplace managed rule groups in the firewall policy that use the `stateful-domain-rulegroup`. Only rule groups from AWS Marketplace managed rules that use the `stateful-domain-rulegroup` resource type contribute to this capacity. A firewall policy can have a consumed domain capacity of up to 10,000,000 (10 million) domain name specifications. For more information about quotas, see [AWS Network Firewall quotas](./quotas.html). +