AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2026-06-10 · Documentation low

File: waf/latest/developerguide/getting-started-fms.md

Summary

Added a note clarifying that Firewall Manager-created Web ACLs cannot participate in CloudFront flat-rate pricing plans, which results in permanent noncompliant status.

Security assessment

The change addresses a billing/compliance limitation, not a security vulnerability or weakness. There's no mention of security risks, exploits, or vulnerabilities.

Diff

diff --git a/waf/latest/developerguide/getting-started-fms.md b/waf/latest/developerguide/getting-started-fms.md
index 2bbc87139..5370b782c 100644
--- a//waf/latest/developerguide/getting-started-fms.md
+++ b//waf/latest/developerguide/getting-started-fms.md
@@ -35,0 +36,4 @@ A Firewall Manager AWS WAF policy contains the rule groups that you want to appl
+###### Note
+
+Web ACLs that Firewall Manager creates can't participate in CloudFront flat-rate pricing plans. If you attempt to manage a web ACL that's part of a CloudFront flat-rate pricing plan, Firewall Manager permanently displays a noncompliant status for both the CloudFront distribution and the Firewall Manager policy. This state can't be remediated through Firewall Manager or any other action.
+