**Introducing a new console experience for Amazon WAF**

You can now use the updated experience to access Amazon WAF functionality anywhere in the console. For more details, see [Working with the console](https://docs.amazonaws.cn/waf/latest/developerguide/working-with-console.html). 

# Step 3: Create a rule group
<a name="classic-get-started-fms-create-rule-group"></a>

**Warning**  
Amazon WAF Classic is is going through a planned end-of-life process. Refer to your Amazon Health dashboard for the milestones and dates specific to your Region.

**Note**  
This is **Amazon WAF Classic** documentation. You should only use this version if you created Amazon WAF resources, like rules and web ACLs, in Amazon WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your web ACLs, see [Migrating your Amazon WAF Classic resources to Amazon WAF](waf-migrating-from-classic.md).  
**For the latest version of Amazon WAF**, see [Amazon WAF](waf-chapter.md). 

A rule group is a set of rules that defines what actions to take when a particular set of conditions is met. You can use managed rule groups from Amazon Web Services Marketplace, and you can create your own rule groups. For information about managed rule groups, see [Amazon Web Services Marketplace rule groups](classic-waf-managed-rule-groups.md).

To create your own rule group, perform the following procedure.<a name="classic-get-started-fms-create-rule-group-procedure"></a>

**To create a rule group (console)**

1. Sign in to the Amazon Web Services Management Console using the Amazon Firewall Manager administrator account that you set up in the prerequisites, and then open the Firewall Manager console at [https://console.aws.amazon.com/wafv2/fms](https://console.aws.amazon.com/wafv2/fms). 

1. In the navigation pane, choose **Security policies**. 

1. If you have not met the prerequisites, the console displays instructions about how to fix any issues. Follow the instructions, and then begin this step (create a rule group) again. If you have met the prerequisites, choose **Close**. 

1. Choose **Create policy**.

   For **Policy type**, choose **Amazon WAF Classic**. 

1. Choose **Create an Amazon Firewall Manager policy and add a new rule group**.

1. Choose an Amazon Web Services Region, and then choose **Next**.

1. Because you already created rules, you don't need to create conditions. Choose **Next**.

1. Because you already created rules, you don't need to create rules. Choose **Next**.

1. Choose **Create rule group**.

1. For **Name**, enter a friendly name. 

1. Enter a name for the CloudWatch metric that Amazon WAF Classic will create and will associate with the rule group. The name can contain only alphanumeric characters (A-Z, a-z, 0-9) or the following special characters: \$1-\$1"\$1`\$1\$1\$1,./. It can't contain white space.

1. Select a rule, and then choose **Add rule**. A rule has an action setting that allows you to choose whether to allow, block, or count requests that match the rule's conditions. For this tutorial, choose **Count**. Repeat adding rules until you have added all the rules that you want to the rule group.

1. Choose **Create**.

You are now ready to go to [Step 4: Create and apply an Amazon Firewall Manager Amazon WAF Classic policy](classic-get-started-fms-create-security-policy.md).