Posted On: Sep 23, 2021

AWS WAF extends its regular expression (regex) support, allowing regex patterns to be expressed in-line within a rule statement. Previously, you had to create a regex pattern set, which provides a collection of regex patterns in a rule statement, even if you wanted to use just a single regex pattern in your WAF rule logic. With in-line regex, you can now include a single regex pattern directly inside a WAF rule statement, simplifying how WAF rules are expressed within your web ACL.

In addition, in-line regex patterns may consume less Web ACL Capacity Units (WCUs) as each pattern consumes 3 WCUs whereas a regex pattern set consumes 25 WCUs. For example, if you want to use a regular expression in a scope-down statement to apply AWS WAF Bot Control to dynamic content only, you can save on WCUs by using an in-line regex pattern instead of a regex pattern set.

There is no additional cost for using regex patterns in rule statements, but standard service charges for AWS WAF still apply. Support for in-line regex match is available in all AWS WAF regions and for each supported service, including Amazon CloudFront, Application Load Balancer, Amazon API Gateway, and AWS AppSync. For more information, see the AWS WAF developer guide.