Exception deployments for Amazon Managed Rules - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Exception deployments for Amazon Managed Rules

Amazon might bypass the standard deployment stages in order to quickly deploy updates that address critical security risks. An exception deployment might involve any of the standard deployment types, and it might be rolled out quickly across the Amazon Regions.

Amazon provides as much advance notification as possible for exception deployments.

Timing and notifications

Amazon performs exception deployments only when required.

  • SNS – Amazon sends an SNS notification as far ahead of the targeted deployment day as possible and then another one at the start of the deployment. Each notification includes the rule group name, the change that's being made, and the deployment date.

  • Change log – If the deployment is for a static version, after the deployment is complete everywhere that Amazon WAF is available, Amazon updates the rule group definition in this guide as needed, and then announces the release in the Amazon Managed Rules rule group change log and in the documentation history page.