Document history
This page lists significant changes to this documentation.
Service features are sometimes rolled out incrementally to the AWS Regions where a service is
available. We update this documentation for the first release only. We don't provide
information about Region availability or announce subsequent Region rollouts. For
information about Region availability of service features and to subscribe to notifications about updates, see What's New with AWS?
| Change | Description | Date |
|---|---|---|
Lowered the default value for | September 30, 2022 | |
Corrected the label names provided in this documentation for the following rule groups: POSIX operating system, PHP application, WordPress application. | September 19, 2022 | |
AWS Firewall Manager now supports customized web requests and responses for default web actions in AWS WAF policies. | September 9, 2022 | |
AWS Managed Rules for AWS WAF updated the following rule groups: IP reputation. | August 30, 2022 | |
Updated | August 25, 2022 | |
You can now use the AWS WAF Fraud Control account takeover prevention (ATP) functionality with Amazon CloudFront distributions. | August 24, 2022 | |
AWS Managed Rules for AWS WAF updated the following rule groups: Known bad inputs. | August 22, 2022 | |
AWS Managed Rules for AWS WAF updated the following rule groups: | August 11, 2022 | |
You can now associate an AWS WAF web ACL with an Amazon Cognito user pool. This change is only available in the latest version of AWS WAF and not in AWS WAF Classic. | August 11, 2022 | |
Added a section on deployments for versioned AWS Managed Rules rule groups | Added a new section documenting deployments for versioned AWS Managed Rules rule groups. The section includes information about how default versions are named during release candidate deployments. | July 29, 2022 |
Updated requirements for configuring logging for Network Firewall policies | Added requirements for Network Firewall policies that use an encrypted Amazon S3 bucket as the log destination. | July 26, 2022 |
You can now raise the sensitivity of your SQL injection rule statements.
This doesn't change the behavior of existing statements, whose
sensitivity level at the default of | July 15, 2022 | |
Firewall Manager now supports stateful evaluation order and default actions in Network Firewall firewall policy configurations. | July 14, 2022 | |
Updates to Firewall Manager security group policy rules settings | Firewall Manager now supports tag distribution from primary security groups to replica security groups. | July 7, 2022 |
Expanded the information in the Shield guide to describe how Shield performs event mitigation. | June 24, 2022 | |
The general guidance for testing and tuning AWS WAF is updated and is now a top-level topic. | June 20, 2022 | |
AWS Managed Rules for AWS WAF updated the following rule groups: Core rule set (CRS). | June 9, 2022 | |
Added guidance on how to prevent the confused deputy problem for Firewall Manager. | June 1, 2022 | |
AWS Managed Rules for AWS WAF updated the following rule groups: Core rule set (CRS). | May 24, 2022 | |
You can now inspect the cookies in a web request and you can inspect all headers in a web request, in addition to just a single header. | April 29, 2022 | |
You can now specify how AWS WAF should handle oversize request bodies inside your
rules that inspect the body. Rules that you created before this release that inspect the body
have behavior that matches the new | April 29, 2022 | |
Updated the Amazon S3 log permission policy and example. | April 12, 2022 | |
Shield Advanced now supports automatic application layer DDoS mitigation for Application Load Balancers, making it available for all application layer protections. You can configure Shield Advanced to automatically count or block the web requests that are part of an application layer DDoS attack on a protected resource. | April 8, 2022 | |
Added an indicator of the current default version setting for managed rule groups | Managed rule group version lists now indicate which version is the current default. | April 8, 2022 |
AWS Managed Rules for AWS WAF updated the following rule groups: AWS WAF Bot Control. | April 6, 2022 | |
AWS Managed Rules for AWS WAF updated the following rule groups: Known bad inputs. | March 31, 2022 | |
AWS Managed Rules for AWS WAF updated the following rule groups: Known bad inputs. | March 30, 2022 | |
Firewall Manager adds support for the Palo Alto Networks Cloud Next Generation Firewall (NGFW) | Firewall Manager now supports the Palo Alto Networks Cloud Next Generation Firewall (NGFW). | March 30, 2022 |
Add support for Palo Alto Networks Palo Alto Networks Cloud NGFW to AWS Firewall Manager | AWS Firewall Manager now supports Palo Alto Networks Cloud Next Generation Firewall (NGFW) policies. | March 30, 2022 |
Expanded the information in the Shield guide to describe how Shield performs event detection and to provide examples of DDoS resilient architectures. | March 16, 2022 | |
Expanded the information in the Shield guide and improved the organization of various sections. The main changes are in the following Shield guide sections: Shield Response Team (SRT) support, Resource protections in AWS Shield Advanced, and Visibility into DDoS events. | February 28, 2022 | |
Firewall Manager now supports the Network Firewall centralized deployment model | Added a new procedure that explains how to configure policies that use distributed and centralized deployment models. | February 24, 2022 |
Firewall Manager adds support for the AWS Network Firewall centralized deployment model | You can now configure your AWS Network Firewall policies to use either the distributed or centralized deployment model. With the distributed deployment model, Firewall Manager creates and maintains firewall endpoints in each VPC that's within the policy scope. With the centralized deployment model, Firewall Manager creates and maintains firewall endpoints in a single inspection VPC. | February 24, 2022 |
Add support for AWS WAF managed rule group versioning to AWS Firewall Manager | AWS Firewall Manager now supports AWS WAF managed rule group versioning in Firewall Manager AWS WAF policies. | February 18, 2022 |
Update to | February 16, 2022 | |
AWS Managed Rules for AWS WAF updated the following rule groups: IP reputation lists. | February 15, 2022 | |
AWS Managed Rules for AWS WAF added the AWS WAF Fraud Control account takeover prevention (ATP) rule group | February 11, 2022 | |
Added a new top-level section for managed protections. Moved the CAPTCHA section from under rules to under the new managed protections section. Moved the labels section from under rules to its own top-level section. | February 11, 2022 | |
You can use the AWS WAF JavaScript and mobile application integration SDKs to integrate your client
applications with the AWS Managed Rules rule group | February 11, 2022 | |
You can detect and block account takeover attempts with the new AWS WAF Fraud Control account takeover prevention (ATP) managed
rule group | February 11, 2022 | |
AWS Managed Rules for AWS WAF updated the following rule groups: Known bad inputs. | January 28, 2022 | |
Updated | January 11, 2022 | |
AWS Managed Rules for AWS WAF updated the following rule groups: core rule set (CRS), SQLi database. | January 10, 2022 | |
Firewall Manager supports Shield Advanced automatic application layer DDoS mitigation | Firewall Manager Shield Advanced policies for Amazon CloudFront resources now include support for automatic application layer DDoS mitigation. | January 7, 2022 |
Update to | January 7, 2022 | |
AWS Managed Rules for AWS WAF updated the following rule groups: Known bad inputs. | December 17, 2021 | |
AWS Managed Rules for AWS WAF updated the following rule groups: Known bad inputs. | December 11, 2021 | |
AWS Managed Rules for AWS WAF updated the following rule groups: Known bad inputs. | December 10, 2021 | |
Added | December 1, 2021 | |
Added | December 1, 2021 | |
Shield Advanced now supports automatic application layer DDoS mitigation for Amazon CloudFront distributions. You can configure Shield Advanced to automatically count or block the web requests that are part of an application layer DDoS attack on a CloudFront distribution. | December 1, 2021 | |
AWS Managed Rules for AWS WAF updated the following rule groups: core rule set (CRS), Windows operating system, Linux operating system, and IP reputation lists. | November 23, 2021 | |
Update to | November 18, 2021 | |
You can now log web ACL traffic to an Amazon CloudWatch Logs log group or an Amazon Simple Storage Service (Amazon S3) bucket. These options are in addition to the existing option of logging to an Amazon Kinesis Data Firehose. | November 15, 2021 | |
Updated | November 15, 2021 | |
You can configure rules to run a CAPTCHA check against web requests and, as needed, send a CAPTCHA challenge to the client. | November 8, 2021 | |
AWS Managed Rules for AWS WAF updated the core rule set (CRS) rule group. | October 27, 2021 | |
All AWS Managed Rules rule groups now support labeling. The rule descriptions include the label specifications. | October 25, 2021 | |
AWS Firewall Manager now supports log filtering for Network Firewall policies. | October 4, 2021 | |
Update to | September 29, 2021 | |
You can now match web requests against a single regular expression. | September 22, 2021 | |
You can now define rate-based rules inside AWS WAF rule groups. In AWS Firewall Manager, this capability is fully supported for AWS WAF policies. | September 13, 2021 | |
AWS Firewall Manager now supports log filtering for AWS WAF policies. | August 31, 2021 | |
Automatically remove out-of-scope resource protections in AWS Firewall Manager | AWS Firewall Manager allows you to automatically remove protections from resources that leave policy scope. | August 25, 2021 |
Update to | August 12, 2021 | |
Managed rule group providers can now version their rule groups. | August 9, 2021 | |
You can use the organization's management account as the Firewall Manager administrator account. This had been disallowed. | August 2, 2021 | |
Increased the number of Amazon VPC instances that you can have in scope of a Firewall Manager policy from 10 to 100. | July 28, 2021 | |
AWS Firewall Manager support for AWS Network Firewall route table monitoring | AWS Firewall Manager now supports route table monitoring, and provides remediation action recommendations to security administrators for AWS Network Firewall policies with misconfigured routes. | July 8, 2021 |
There are additional text transformations that you can apply to web request components before inspecting requests. | June 24, 2021 | |
Modified naming for Firewall Manager AWS WAF policy resources | The naming for the web ACLs, rule groups, and logging that Firewall Manager manages for your AWS WAF policies has changed. | May 26, 2021 |
AWS Managed Rules for AWS WAF added support for labeling to IP reputation lists and removed suffixes on rule names for Amazon IP reputation list. | May 4, 2021 | |
When you set the AWS Firewall Manager administrator account, Firewall Manager now designates the account as the AWS Organizations delegated administrator for Firewall Manager. With this change, when you set the Firewall Manager administrator account, you must provide a member account other than the organization's management account. This change doesn't affect your existing settings. | April 30, 2021 | |
AWS Managed Rules for AWS WAF added the AWS WAF Bot Control rule group. | April 1, 2021 | |
You can now set the individual rule actions in a rule group to count. The information for the existing override, which is at the rule group level, has been corrected. | April 1, 2021 | |
You can now use a scope-down statement with managed rule groups in the same way as you can with a rate-based statement. | April 1, 2021 | |
You can now filter the web ACL traffic that you log based on rule action and label. | April 1, 2021 | |
You can configure rules to add labels to matching web requests and to match on labels that are added by other rules. | April 1, 2021 | |
You can monitor and control bot traffic with the new AWS WAF Bot Control feature, which combines a new Bot Control managed rule group with web request labeling, scope-down statements, and log filtering. | April 1, 2021 | |
Firewall Manager supports Amazon Route 53 Resolver DNS Firewall policies | AWS Firewall Manager supports central management of Amazon Route 53 Resolver DNS Firewall outbound DNS traffic filtering for your VPCs. | March 31, 2021 |
You can include custom headers in web requests that AWS WAF allows or counts and you can send custom responses for web requests that AWS WAF blocks. Available for web ACL default action and rule action settings. | March 29, 2021 | |
Update to | March 17, 2021 | |
AWS Managed Rules for AWS WAF updated the following rule groups: core rule set (CRS), admin protection, known bad inputs, and Linux operating system. | March 3, 2021 | |
AWS WAF started tracking changes for its AWS managed policies. | March 1, 2021 | |
Firewall Manager started tracking changes for its AWS managed policies. | March 1, 2021 | |
Shield Advanced started tracking changes for its AWS managed policies. | March 1, 2021 | |
Added the option to inspect the web request body as parsed and filtered JSON. This is in addition to the existing option to inspect the web request body as plain text. | February 12, 2021 | |
AWS Firewall Manager supports central management of AWS Network Firewall network traffic filtering for your VPCs. | November 17, 2020 | |
You can now group your protected resources into logical groups and manage their protections collectively. | November 13, 2020 | |
You can now associate an AWS WAF web ACL with your AWS AppSync GraphQL API. This change is only available in the latest version of AWS WAF and not in AWS WAF Classic. | October 1, 2020 | |
AWS Managed Rules for AWS WAF updated the Windows operating system rule set. | September 23, 2020 | |
AWS Managed Rules for AWS WAF updated the rule sets PHP application and POSIX operating system. | September 16, 2020 | |
AWS Shield offers a new console option, with an improved user experience. The console guidance in the documentation is for the new console. | September 1, 2020 | |
AWS Firewall Manager common security group policies now support Application Load Balancers and Classic Load Balancers resource types through the console implementation. The new options are available in the common policy's Policy scope settings. | August 11, 2020 | |
AWS Managed Rules for AWS WAF updated the core rule set. | August 7, 2020 | |
AWS Firewall Manager now supports centralized logging configuration for AWS WAF policies. | July 30, 2020 | |
Added the option to use IP addresses from an HTTP header that you
specify, instead of using the web request origin. The alternate header
is commonly | July 9, 2020 | |
Firewall Manager updates to content audit security group policies | AWS Firewall Manager has expanded functionality for content audit security group policies including a managed rules option, that uses managed application and protocol lists, and details for resource violations. | July 7, 2020 |
AWS Firewall Manager now supports managed application and protocol lists. Firewall Manager manages some lists and you can create and manage your own. | July 7, 2020 | |
Firewall Manager supports shared VPCs in common security group policies | AWS Firewall Manager now supports using common security group policies in shared VPCs. You can do this in addition to using them in the VPCs owned by in-scope accounts. | May 26, 2020 |
Added documentation for each rule in the AWS Managed Rules for AWS WAF. | May 20, 2020 | |
AWS Managed Rules for AWS WAF updated the Linux operating system rule group. | May 19, 2020 | |
Add support for migrating AWS WAF Classic resources to AWS WAF (v2) | You can now use the console or API to export your AWS WAF Classic resources for migration to the latest version of AWS WAF. | April 27, 2020 |
Add support for AWS Organizations organizational units in policy scope | AWS Firewall Manager now supports using AWS Organizations organizational units (OUs) to specify policy scope. You can use OUs to include or exclude accounts from the scope, in addition to including or excluding specific accounts. Specifying an OU is the same as specifying all accounts in the OU and in any of its child OUs, including any child OUs and accounts that are added at a later time. | April 6, 2020 |
AWS Firewall Manager now supports the latest version of AWS WAF, in addition to the prior version, AWS WAF Classic. | March 31, 2020 | |
Update to AWS Firewall Manager common security group policies | AWS Firewall Manager common security group policy now has the option to apply the policy to all elastic network interfaces in your in-scope Amazon EC2 instances. You can still choose to only apply the policy to the default elastic network interface. | March 11, 2020 |
AWS Managed Rules for AWS WAF added an | March 6, 2020 | |
AWS Managed Rules for AWS WAF updated the WordPress application and | March 3, 2020 | |
Added Amazon Route 53 health check to AWS Shield Advanced protection options | Shield Advanced now supports the use of Amazon Route 53 health check associations, to improve the accuracy of threat detection and mitigation. | February 14, 2020 |
AWS Managed Rules for AWS WAF has updated the SQL Database rule group to add checking the message URI. | January 23, 2020 | |
Firewall Manager new option for security group usage audit policy | Firewall Manager has a new option for security group usage audit policies. You can now set a minimum number of minutes a security group must remain unused before it's considered noncompliant. By default, this minutes setting is zero. | January 14, 2020 |
Firewall Manager has a new option for AWS WAF policies. You can now choose to remove all existing web ACL associations from in-scope resources before associating the policy's new web ACLs to them. | January 14, 2020 | |
AWS Managed Rules for AWS WAF has updated text transformations for rules in the Core Rule Set and the SQL Database rule groups. | December 20, 2019 | |
AWS Firewall Manager now creates findings for resources that are out of compliance and for attacks and sends them to AWS Security Hub. | December 18, 2019 | |
New version of the AWS WAF developer guide. You can manage a web ACL or rule group in JSON format. Expanded capabilities include logical rule statements, rule statement nesting, and full CIDR support for IP addresses and address ranges. Rules are no longer AWS resources, but exist only in the context of a web ACL or rule group. For existing customers, the prior version of the service is now called AWS WAF Classic. In the APIs, SDKs, and CLIs, AWS WAF Classic retains its naming schemes and this latest version of AWS WAF is referred to with an added "V2" or "v2", depending on the context. AWS WAF can't access AWS resources that were created in AWS WAF Classic. To use those resources in AWS WAF, you need to migrate them. | November 25, 2019 | |
Added AWS Managed Rules rule groups. These are free of charge for AWS WAF customers. | November 25, 2019 | |
AWS Firewall Manager support for Amazon Virtual Private Cloud security groups | Added support for Amazon VPC security groups to Firewall Manager. | October 10, 2019 |
Added support for Shield Advanced to Firewall Manager. | March 15, 2019 | |
Added tutorial on creating hierarchical policies in AWS Firewall Manager. | February 11, 2019 | |
You can now exclude individual rules from AWS Marketplace rule groups, as well as your own rule groups. | December 12, 2018 | |
AWS Shield Advanced support for AWS Global Accelerator standard accelerators | Shield Advanced can now protect AWS Global Accelerator standard accelerators. | November 26, 2018 |
AWS WAF now protects Amazon API Gateway APIs. | October 25, 2018 | |
New wizard provides opportunity to create rate-based rules and Amazon CloudWatch Events. | August 31, 2018 | |
Enable logging to get detailed information about traffic that is analyzed by your web ACL. | August 31, 2018 | |
When creating a condition, you can now search the requests for specific parameters. | June 5, 2018 | |
Introduces a new streamlined process for subscribing to AWS Shield Advanced. | June 5, 2018 | |
When creating an IP match condition, AWS WAF now supports IPv4 address ranges: /8 and any range between /16 through /32. | June 5, 2018 |
