Notifications for Amazon Managed Rules rule groups deployments - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Notifications for Amazon Managed Rules rule groups deployments

The versioned Amazon Managed Rules rule groups all provide SNS update notifications for deployments and they all use the same SNS topic Amazon Resource Name (ARN). The only rule group that's not versioned is the IP reputation rule group.

For deployments that affect your protections, such as changes to the default version, Amazon provides SNS notifications to inform you of planned deployments and to let you know when a deployment is starting. For deployments that don't affect your protections, such as release candidate and static version deployments, Amazon might notify you after the deployment has started or even after it's completed. At the completion of the deployment of a new static version, Amazon updates this guide, in the changelog at Amazon Managed Rules changelog and in the document history page at Document history.

To receive all updates that Amazon provides for the Amazon Managed Rules rule groups, subscribe to the RSS feed from any HTML page of this guide, and subscribe to the SNS topic for the Amazon Managed Rules rule groups. For information about subscribing to the SNS notifications, see Getting notified of new versions and updates to a managed rule group.

Contents of the SNS notifications

The fields in the Amazon SNS notifications always include the Subject, Message, and MessageAttributes. Additional fields depend on the type of message and which managed rule group the notification is for. The following shows an example notification listing for AWSManagedRulesCommonRuleSet.

{ "Type": "Notification", "MessageId": "4286b830-a463-5e61-bd15-e1ae72303868", "TopicArn": "arn:aws:sns:us-west-2:123456789012:MyTopic", "Subject": "New version available for rule group AWSManagedRulesCommonRuleSet", "Message": "Welcome to AWSManagedRulesCommonRuleSet version 1.5! We've updated the regex specification in this version to improve protection coverage, adding protections against insecure deserialization. For details about this change, see http://updatedPublicDocs.html. Look for more exciting updates in the future! ", "Timestamp": "2021-08-24T11:12:19.810Z", "SignatureVersion": "1", "Signature": "EXAMPLEHXgJm...", "SigningCertURL": "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-f3ecfb7224c7233fe7bb5f59f96de52f.pem", "SubscribeURL": "https://sns.us-west-2.amazonaws.com/?Action=ConfirmSubscription&TopicArn=arn:aws:sns:us-west-2:123456789012:MyTopic&Token=2336412f37...", "MessageAttributes": { "major_version": { "Type": "String", "Value": "v1" }, "managed_rule_group": { "Type": "String", "Value": "AWSManagedRulesCommonRuleSet" } } }