How the migration works - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

How the migration works

The automated migration carries over most of your Amazon WAF Classic web ACL configuration, leaving some things that you need to handle manually.

Note

Some protection configurations cannot be automatically migrated, and require manual configuration in Amazon WAF (v2). See the list at Migration caveats and limitations.

The following lists the high-level steps for migrating a web ACL.

  1. The automated migration reads everything related to your existing web ACL, without modifying or deleting anything in Amazon WAF Classic. It creates a representation of the web ACL and its related resources, compatible with Amazon WAF. It generates an Amazon CloudFormation template for the new web ACL and stores it in an Amazon S3 bucket.

  2. You deploy the template into Amazon CloudFormation, in order to recreate the web ACL and related resources in Amazon WAF.

  3. You review the web ACL, and manually complete the migration, making sure that your new web ACL takes full advantage of the capabilities of the latest Amazon WAF.

  4. You manually switch your protected resources over to the new web ACL.