Default version deployments for Amazon Managed Rules - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Default version deployments for Amazon Managed Rules

When Amazon determines that a new static version provides improved protections for the rule group compared to the current default, Amazon updates the default version to the new static version. Amazon might release multiple static versions before promoting one to the rule group's default version.

The following diagram shows the state of the example rule group versions after Amazon moves the default version setting to the new static version.

This is similar to the typical version states figure, but with Version_1.5 on the top of the stack and the default indicator pointing to it.

Before deploying this change to the default version, Amazon provides notifications so that you can test and prepare for the upcoming changes. If you use the default version, you can take no action and remain on it through the update. If instead you want to delay switching to the new version, before the planned start of the default version deployment, you can explicitly configure your rule group to use the static version that the default is set to.

Timing and notifications

Amazon updates the default version when it recommends a different static version for the rule group than the one that's currently in use.

  • SNS – Amazon sends an SNS notification at least one week prior to the targeted deployment day and then another on the deployment day, at the start of the deployment. Each notification includes the rule group name, the static version that the default version is being updated to, the deployment date, and the scheduled timing of the deployment for each Amazon Region where the update is being performed.

  • Change log – Amazon doesn't update the change log or other parts of this guide for this type of deployment.