Creating a rule group - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Creating a rule group

To create a new rule group, follow the procedure on this page.

To create a rule group
  1. Sign in to the Amazon Web Services Management Console and open the Amazon WAF console at

  2. In the navigation pane, choose Rule groups, and then Create rule group.

  3. Enter a name and description for the rule group. You'll use these to identify the rule set to manage it and use it.

    Don't use names that start with AWS, Shield, PreFM, or PostFM. These strings are either reserved or could cause confusion with rule groups that are managed for you by other services. See Rule groups provided by other services.


    You can't change the name after you create the rule group.

  4. For Region, choose the Region where you want to store the rule group. To use a rule group in web ACLs that protect Amazon CloudFront distributions, you must use the global setting. You can use the global setting for regional applications, too.

  5. Choose Next.

  6. Add rules to the rule group using the Rule builder wizard, the same as you do in web ACL management. The only difference is that you can't add a rule group to another rule group.

  7. For Capacity, set the maximum for the rule group's use of web ACL capacity units (WCUs). This is an immutable setting. For information about WCUs, see Amazon WAF web ACL capacity units (WCUs).

    As you add rules to the rule group, the Add rules and set capacity pane displays the minimum required capacity, which is based on the rules that you've already added. You can use this and your future plans for the rule group to help estimate the capacity that the rule group will require.

  8. Review the settings for the rule group, and choose Create.