AWS Security ChangesHomeSearch

AWS waf documentation change

Service: waf · 2026-07-10 · Documentation low

File: waf/latest/developerguide/web-acl-setting-body-inspection-limit.md

Summary

Consolidated Amazon Bedrock AgentCore Gateway into configurable body inspection limit services (previously fixed at 16KB)

Security assessment

Change allows larger inspection limits for Bedrock AgentCore Gateway but doesn't indicate response to security flaws. Enhances existing inspection capabilities rather than addressing vulnerabilities.

Diff

diff --git a/waf/latest/developerguide/web-acl-setting-body-inspection-limit.md b/waf/latest/developerguide/web-acl-setting-body-inspection-limit.md
index d46a79275..73d283985 100644
--- a//waf/latest/developerguide/web-acl-setting-body-inspection-limit.md
+++ b//waf/latest/developerguide/web-acl-setting-body-inspection-limit.md
@@ -19,3 +19 @@ The body inspection size limit is the maximum request body size that AWS WAF can
-  * For Amazon Bedrock AgentCore Gateway, the limit is fixed at 16 KB.
-
-  * For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for any of the resource types by increments of 16 KB, up to 64 KB. The setting options are 16 KB, 32 KB, 48 KB, and 64 KB. 
+  * For CloudFront, API Gateway, Amazon Cognito, App Runner, Verified Access, and Amazon Bedrock AgentCore Gateway, the default limit is 16 KB (16,384 bytes), and you can increase the limit for any of the resource types by increments of 16 KB, up to 64 KB. The setting options are 16 KB, 32 KB, 48 KB, and 64 KB. 
@@ -38 +36 @@ AWS WAF charges a base rate for inspecting traffic that's within the default lim
-For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access resources, if you increase the limit setting, the traffic that AWS WAF can inspect includes body sizes up to your new limit. You're charged extra only for the inspection of requests that have body sizes larger than the default 16 KB. For more information about pricing, see [AWS WAF Pricing](https://aws.amazon.com/waf/pricing/).
+For CloudFront, API Gateway, Amazon Cognito, App Runner, Verified Access, and Amazon Bedrock AgentCore Gateway resources, if you increase the limit setting, the traffic that AWS WAF can inspect includes body sizes up to your new limit. You're charged extra only for the inspection of requests that have body sizes larger than the default 16 KB. For more information about pricing, see [AWS WAF Pricing](https://aws.amazon.com/waf/pricing/).
@@ -42 +40 @@ For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access res
-You can configure the body inspection size limit for CloudFront, API Gateway, Amazon Cognito, App Runner, or Verified Access resources. 
+You can configure the body inspection size limit for CloudFront, API Gateway, Amazon Cognito, App Runner, Verified Access, or Amazon Bedrock AgentCore Gateway resources.