Creating an Amazon WAF Classic rule group - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Creating an Amazon WAF Classic rule group


This is Amazon WAF Classic documentation. You should only use this version if you created Amazon WAF resources, like rules and web ACLs, in Amazon WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your resources, see Migrating your Amazon WAF Classic resources to Amazon WAF.

For the latest version of Amazon WAF, see Amazon WAF.

When you create an Amazon WAF Classic rule group to use with Amazon Firewall Manager, you specify which rules to add to the group.

To create a rule group (console)
  1. Sign in to the Amazon Web Services Management Console using the Amazon Firewall Manager administrator account that you set up in the prerequisites, and then open the Firewall Manager console at


    For information about setting up a Firewall Manager administrator account, see Step 2: Create an Amazon Firewall Manager default administrator account.

  2. In the navigation pane, choose Switch to Amazon WAF Classic.

  3. In the Amazon WAF Classic navigation pane, choose Rule groups.

  4. Choose Create rule group.


    You can't add rate-based rules to a rule group.

  5. If you have already created the rules that you want to add to the rule group, choose Use existing rules for this rule group . If you want to create new rules to add to the rule group, choose Create rules and conditions for this rule group.

  6. Choose Next.

  7. If you chose to create rules, follow the steps to create them at Creating a rule and adding conditions.


    Use the Amazon WAF Classic console to create your rules.

    When you've created all the rules you need, go to the next step.

  8. Type a rule group name.

  9. To add a rule to the rule group, select a rule then choose Add rule. Choose whether to allow, block, or count requests that match the rule's conditions. For more information on the choices, see How Amazon WAF Classic works.

  10. When you are finished adding rules, choose Create.

You can test your rule group by adding it to an Amazon WAF WebACL and setting the WebACL action to Override to Count. This action overrides any action that you choose for the rules contained in the group, and only counts matching requests. For more information, see Creating a Web ACL.