Migrating a protection pack (web ACL): switchover - Amazon WAF, Amazon Firewall Manager, Amazon Shield Advanced, and Amazon Shield network security director
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Introducing a new console experience for Amazon WAF

You can now use the updated experience to access Amazon WAF functionality anywhere in the console. For more details, see Working with the updated console experience.

Migrating a protection pack (web ACL): switchover

After you've verified your new protection pack (web ACL) settings, you can start to use it in place of your Amazon WAF Classic protection pack (web ACL).

To begin using your new Amazon WAF protection pack (web ACL)

  1. Associate the Amazon WAF protection pack (web ACL) with the resources that you want to protect, following the guidance at Associating or disassociating protection with an Amazon resource. This automatically disassociates the resources from the old protection pack (web ACL).

    The switch can take from a few seconds to a number of minutes to propagate. During this time, some requests might be processed by the old protection pack (web ACL) and others by the new protection pack (web ACL). Your resources will be protected throughout the switch, but you might notice inconsistencies in request handling until it's complete.

  2. Configure logging for the new protection pack (web ACL), following the guidance at Logging Amazon WAF protection pack (web ACL) traffic.

  3. (Optional) If your Amazon WAF Classic protection pack (web ACL) is no longer associated with any resources, consider removing it entirely from Amazon WAF Classic. For information, see Deleting a Web ACL.