# fms-webacl-rulegroup-association-check
<a name="fms-webacl-rulegroup-association-check"></a>

**Note**  
This rule is currently in the deprecation process. We do not recommend that you use them directly.

Checks if the rule groups associate with the web ACL at the correct priority. The correct priority is decided by the rank of the rule groups in the ruleGroups parameter. When Amazon Firewall Manager creates this rule, it assigns the highest priority 0 followed by 1, 2, and so on. The FMS policy owner specifies the `ruleGroups` rank in the FMS policy and can optionally enable remediation.



**Identifier:** FMS\_WEBACL\_RULEGROUP\_ASSOCIATION\_CHECK

**Resource Types:** AWS::WAF::WebACL, AWS::WAFRegional::WebACL

**Trigger type:** Configuration changes

**Amazon Web Services Region:** All supported Amazon regions except Asia Pacific (Thailand), Asia Pacific (Malaysia), Mexico (Central), Asia Pacific (Taipei), Canada West (Calgary) Region

**Parameters:**

ruleGroupsType: String  
Comma-separated list of RuleGroupIds and WafOverrideAction pairs. (for example, ruleGroupId-1:NONE, ruleGroupId2:COUNT)

fmsManagedToken (Optional)Type: String  
A token generated by Amazon Firewall Manager when creating the rule in customer account. Amazon Config ignores this parameter when customer creates this rule.

fmsRemediationEnabled (Optional)Type: boolean  
If true, Amazon Firewall Manager will update non-compliant resources according to FMS policy. Amazon Config ignores this parameter when customer creates this rule.

## Amazon CloudFormation template
<a name="w2aac20c16c17b7d839c21"></a>

To create Amazon Config managed rules with Amazon CloudFormation templates, see [Creating Amazon Config Managed Rules With Amazon CloudFormation Templates](aws-config-managed-rules-cloudformation-templates.md).