Static version deployments for Amazon Managed Rules
When Amazon determines that a release candidate provides valuable changes to the rule group, Amazon deploys a new static version for the rule group based on the release candidate. This deployment doesn't change the default version of the rule group.
The new static version contains the following rules from the release candidate:
-
Rules from the prior static version that don't have a replacement candidate among the release candidate rules.
-
Release candidate rules, with the following changes:
-
Amazon changes the rule name by removing the release candidate suffix
_RC_COUNT
. -
Amazon changes the rule actions from Count to their production rule actions.
For release candidate rules that are replacements of prior existing rules, this replaces the functionality of the prior rules in the new static version.
-
The following diagram depicts the creation of the new static version from the release candidate.
After deployment, the new static version is available for you to test and to use in your protections if you want to. You can review new and updated rule actions and descriptions in the rule group's rule listings at Amazon Managed Rules rule groups list.
A static version is immutable after deployment, and only changes when Amazon expires it. For information about version life cycles, see Using versioned managed rule groups in Amazon WAF.
Timing and notifications
Amazon deploys a new static version as needed, in order to deploy improvements to rule group functionality. The deployment of a static version doesn't impact the default version setting.
-
SNS – Amazon sends an SNS notification when the deployment completes.
-
Change log – After the deployment is complete everywhere that Amazon WAF is available, Amazon updates the rule group definition in this guide as needed, and then announces the release in the Amazon Managed Rules rule group change log and in the documentation history page.