How the migration works
The automated migration carries over most of your Amazon WAF Classic web ACL configuration, leaving some things that you need to handle manually.
Note
Some protection configurations cannot be automatically migrated, and require manual configuration in Amazon WAF (v2). See the list at Migration caveats and limitations.
The following lists the high-level steps for migrating a web ACL.
The automated migration reads everything related to your existing web ACL, without modifying or deleting anything in Amazon WAF Classic. It creates a representation of the web ACL and its related resources, compatible with Amazon WAF. It generates an Amazon CloudFormation template for the new web ACL and stores it in an Amazon S3 bucket.
You deploy the template into Amazon CloudFormation, in order to recreate the web ACL and related resources in Amazon WAF.
You review the web ACL, and manually complete the migration, making sure that your new web ACL takes full advantage of the capabilities of the latest Amazon WAF.
You manually switch your protected resources over to the new web ACL.