AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2026-05-28 · Documentation low

File: waf/latest/developerguide/enable-config.md

Summary

Updated resource type requirements for security group policies, adding explicit configurations for common, content audit, and usage audit policies.

Security assessment

This change documents proper AWS Config setup for security group auditing policies. While it enhances security configuration guidance, there's no evidence of a specific security vulnerability being addressed.

Diff

diff --git a/waf/latest/developerguide/enable-config.md b/waf/latest/developerguide/enable-config.md
index 109ba0b07..444f071d1 100644
--- a//waf/latest/developerguide/enable-config.md
+++ b//waf/latest/developerguide/enable-config.md
@@ -35 +35,5 @@ If you don't want to enable AWS Config for all resources, then you must enable t
-     * **Security group policy** – Enable Config for the resource types EC2 SecurityGroup, EC2 Instance, and EC2 NetworkInterface.
+     * **Common security group policy** – Enable Config for the resource types Amazon EC2 SecurityGroup and Amazon EC2 VPC, plus the resource types in the policy's resource type list (typically Amazon EC2 Instance and Amazon EC2 NetworkInterface). If you enable security group references distribution on the policy, also enable Amazon EC2 VPCPeeringConnection.
+
+     * **Security group content audit policy** – Enable Config for the resource types Amazon EC2 SecurityGroup, Amazon EC2 NetworkInterface, and Amazon EC2 Instance.
+
+     * **Security group usage audit policy** – Enable Config for the resource type Amazon EC2 SecurityGroup.