**Introducing a new console experience for Amazon WAF** You can now use the updated experience to access Amazon WAF functionality anywhere in the console. For more details, see [Working with the console](https://docs.amazonaws.cn/waf/latest/developerguide/working-with-console.html). # Security in Amazon WAF Classic **Warning** Amazon WAF Classic is is going through a planned end-of-life process. Refer to your Amazon Health dashboard for the milestones and dates specific to your Region. **Note** This is **Amazon WAF Classic** documentation. You should only use this version if you created Amazon WAF resources, like rules and web ACLs, in Amazon WAF prior to November 2019, and you have not migrated them over to the latest version yet. To migrate your web ACLs, see [Migrating your Amazon WAF Classic resources to Amazon WAF](waf-migrating-from-classic.md). **For the latest version of Amazon WAF**, see [Amazon WAF](waf-chapter.md). Cloud security at Amazon is the highest priority. As an Amazon customer, you benefit from a data center and network architecture that is built to meet the requirements of the most security-sensitive organizations. Security is a shared responsibility between Amazon and you. The [shared responsibility model](http://www.amazonaws.cn/compliance/shared-responsibility-model/) describes this as security *of* the cloud and security *in* the cloud: + **Security of the cloud** – Amazon is responsible for protecting the infrastructure that runs Amazon services in the Amazon Web Services Cloud. Amazon also provides you with services that you can use securely. The effectiveness of our security is regularly tested and verified by third-party auditors as part of the [Amazon compliance programs](https://aws.amazon.com/compliance/programs/). To learn about the compliance programs that apply to Amazon WAF Classic, see [Amazon Services in Scope by Compliance Program](https://aws.amazon.com/compliance/services-in-scope/). + **Security in the cloud** – Your responsibility is determined by the Amazon service that you use. You are also responsible for other factors including the sensitivity of your data, your organization’s requirements, and applicable laws and regulations. This documentation helps you understand how to apply the shared responsibility model when using Amazon WAF Classic. The following topics show you how to configure Amazon WAF Classic to meet your security and compliance objectives. You also learn how to use other Amazon services that help you to monitor and secure your Amazon WAF Classic resources. **Topics** + [Data protection in Amazon WAF Classic](classic-data-protection.md) + [Identity and access management for Amazon WAF Classic](classic-security-iam.md) + [Logging and monitoring in Amazon WAF Classic](classic-waf-incident-response.md) + [Compliance validation for Amazon WAF Classic](classic-waf-compliance.md) + [Resilience in Amazon WAF Classic](classic-disaster-recovery-resiliency.md) + [Infrastructure security in Amazon WAF Classic](classic-infrastructure-security.md)