Posted On: Aug 9, 2021
AWS WAF now enables you to select a specific version of a managed rule group within your web ACL, giving you the ability to test new rule updates safely and roll back to previously tested versions. When using a versioned managed rule group, you control when new rule updates are applied to your traffic. By default, you will continue to automatically receive rule updates to your managed rule group. You can change this behavior by manually selecting a version, enabling you to pause automatic updates or go back to a previous version. Once you select a specific version, you will no longer receive automatic updates but will remain on the selected version until it reaches end of life.
In addition, AWS WAF now provides early notifications of upcoming rule updates to your managed rule groups through Amazon Simple Notification Service (Amazon SNS). By subscribing to the SNS topic in the AWS WAF console, you can be notified when the managed rule group provider stages updates. You can receive SNS notifications in a variety of message types, including e-mail or you can use SNS to trigger Lambda function or integrate SNS with third-party tools. You can also monitor the end of life of each version you use via Amazon CloudWatch metrics and be notified ahead of time when you should start to consider moving to a newer version.
There is no additional cost for using managed rule group versions, but standard service charges for AWS WAF still apply. You can choose a specific version for managed rules offer by AWS starting today. Versions for managed rules offered by AWS Marketplace sellers may be available from sellers that publish versions when updating their rule groups. For more information on using managed rule group versioning, see the AWS WAF developer guide.