AWS waf documentation change
Summary
Added clarification that Firewall Manager maintains replica security groups using last valid rule set when primary groups become empty
Security assessment
Documents security feature behavior to prevent accidental exposure when rules are removed. Clarifies management of security groups but doesn't address specific vulnerabilities.
Diff
diff --git a/waf/latest/developerguide/security-group-policies-common.md b/waf/latest/developerguide/security-group-policies-common.md index f48161f04..bc2469605 100644 --- a//waf/latest/developerguide/security-group-policies-common.md +++ b//waf/latest/developerguide/security-group-policies-common.md @@ -56,0 +57,2 @@ For each common security group policy, you provide AWS Firewall Manager with one + * Primary security groups must contain at least one ingress or egress rule. If you remove all rules from a primary security group, Firewall Manager continues to manage replica security groups based on the last version of the primary security groups that had rules. +