AWS Marketplace managed rule groups - AWS WAF, AWS Firewall Manager, and AWS Shield Advanced

AWS Marketplace managed rule groups

AWS Marketplace managed rule groups are available by subscription through the AWS Marketplace console at AWS Marketplace. After you subscribe to a AWS Marketplace managed rule group, you can use it in AWS WAF. To use an AWS Marketplace rule group in an AWS Firewall Manager AWS WAF policy, each account in your organization must subscribe to it.

Test and tune any changes to your AWS WAF protections before you use them for production traffic. For information, see Testing and tuning your AWS WAF protections.

AWS Marketplace Rule Group Pricing

AWS Marketplace rule groups are available with no long-term contracts, and no minimum commitments. When you subscribe to a rule group, you are charged a monthly fee (prorated hourly) and ongoing request fees based on volume. For more information, see AWS WAF Pricing and the description for each AWS Marketplace rule group at AWS Marketplace.

Have questions about an AWS Marketplace rule group?

For questions about a rule group that's managed by an AWS Marketplace seller and to request changes in functionality, contact the provider's customer support team. To find contact information, see the provider's listing at AWS Marketplace.

The AWS Marketplace rule group provider determines how to manage the rule group, for example how to update the rule group and whether the rule group is versioned. The provider also determines the details of the rule group, including the rules, rule actions, and any labels that the rules add to matching web requests.

Subscribing to AWS Marketplace managed rule groups

You can subscribe to and unsubscribe from AWS Marketplace rule groups on the AWS WAF console.

Important

To use an AWS Marketplace rule group in an AWS Firewall Manager policy, each account in your organization must first subscribe to that rule group.

To subscribe to an AWS Marketplace managed rule group

  1. Sign in to the AWS Management Console and open the AWS WAF console at https://console.aws.amazon.com/wafv2/.

  2. In the navigation pane, choose AWS Marketplace.

  3. In the Available marketplace products section, choose the name of a rule group to view the details and pricing information.

  4. If you want to subscribe to the rule group, choose Continue.

    Note

    If you don't want to subscribe to this rule group, simply close this page in your browser.

  5. Choose Set up your account.

  6. Add the rule group to a web ACL, similar to how you add an individual rule. For more information, see Creating a web ACL or Editing a web ACL.

    Note

    When adding a rule group to a web ACL, you can override the actions of rules in the rule group and of the rule group result. For more information, see Action overrides in rule groups.

After you're subscribed to an AWS Marketplace rule group, you use it in your web ACLs as you do other managed rule groups. For information, see Creating a web ACL.

Unsubscribing from AWS Marketplace managed rule groups

You can unsubscribe from AWS Marketplace rule groups on the AWS WAF console.

Important

To stop the subscription charges for an AWS Marketplace managed rule group, you must remove it from all web ACLs in AWS WAF and in any Firewall Manager AWS WAF policies, in addition to unsubscribing from it. If you unsubscribe from an AWS Marketplace managed rule group but don't remove it from your web ACLs, you will continue to be charged for the subscription.

To unsubscribe from an AWS Marketplace managed rule group

  1. Sign in to the AWS Management Console and open the AWS WAF console at https://console.aws.amazon.com/wafv2/.

  2. Remove the rule group from all web ACLs. For more information, see Editing a web ACL.

  3. In the navigation pane, choose AWS Marketplace.

  4. Choose Manage your subscriptions.

  5. Choose Cancel subscription next to the name of the rule group that you want to unsubscribe from.

  6. Choose Yes, cancel subscription.

Troubleshooting AWS Marketplace rule groups

If you find that an AWS Marketplace rule group is blocking legitimate traffic, you can troubleshoot the problem by performing the following steps.

To troubleshoot an AWS Marketplace rule group

  1. Override the actions to count for the rules that are blocking legitimate traffic. You can identify which rules are blocking specific requests using either the AWS WAF sampled requests or AWS WAF logs. You can identify the rules by looking at the ruleGroupId field in the log or the RuleWithinRuleGroup in the sampled request. You can identify the rule in the pattern <Seller Name>#<RuleGroup Name>#<Rule Name>.

  2. If setting specific rules to only count requests doesn't solve the problem, you can override all of the rule actions or change the action for the AWS Marketplace rule group itself from No override to Override to count. This allows the web request to pass through, regardless of the individual rule actions within the rule group.

  3. After overriding either the individual rule action or the entire AWS Marketplace rule group action, contact the rule group provider‘s customer support team to further troubleshoot the issue. For contact information, see the rule group listing on the product listing pages on AWS Marketplace.

Contacting AWS support

For problems with AWS WAF or a rule group that is managed by AWS, contact AWS Support. For problems with a rule group that is managed by an AWS Marketplace seller, contact the provider's customer support team. To find contact information, see the provider's listing on AWS Marketplace.