Default deployment rollbacks for Amazon Managed Rules - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Default deployment rollbacks for Amazon Managed Rules

Under certain conditions, Amazon might roll back the default version to its prior setting. A rollback usually takes less than ten minutes for all Amazon Regions.

Amazon performs a rollback only to mitigate a significant issue in a static version, such as an unacceptably high level of false positives.

After the rollback of the default version setting, Amazon expedites both the expiration of the static version that has the issue and the release of a new static version to address the issue.

Timing and notifications

Amazon performs default version rollbacks only when required.

  • SNS – Amazon sends a single SNS notification at the time of the rollback. The notification includes the rule group name, the version that the default version is being set to, and the deployment date. This deployment type is very quick, so the notification doesn't provide timing information for Regions.

  • Change log – Amazon doesn't update the change log or other parts of this guide for this type of deployment.