Managed rule group statement - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Managed rule group statement

The managed rule group rule statement adds a reference in your web ACL rules list to a managed rule group. You don't see this option under your rule statements on the console, but when you work with the JSON format of your web ACL, any managed rule groups that you've added show up under the web ACL rules as this type.

A managed rule group is either an Amazon Managed Rules rule group, most of which are free for Amazon WAF customers, or a Amazon Web Services Marketplace managed rule group. You automatically subscribe to the paid Amazon Managed Rules rule groups when you add them to your web ACL. You can subscribe to Amazon Web Services Marketplace managed rule groups through Amazon Web Services Marketplace. For more information, see Managed rule groups.

When you add a rule group to a web ACL, you can override the actions of rules in the group to Count or to another rule action. For more information, see Action override options for rule groups.

You can narrow the scope of the requests that Amazon WAF evaluates with the rule group. To do this, you add a scope-down statement inside the rule group statement. For information about scope-down statements, see Scope-down statements. This can help you manage how the rule group affects your traffic and can help you contain costs associated with traffic volume when you use the rule group. For information and examples for using scope-down statements with the Amazon WAF Bot Control managed rule group, see Amazon WAF Bot Control.

Not nestable – You can't nest this statement type inside other statements, and you can't include it in a rule group. You can include it directly in a web ACL.

(Optional) Scope-down statement – This rule type takes an optional scope-down statement, to narrow the scope of the requests that the rule group evaluates. For more information, see Scope-down statements.

WCUs – Set for the rule group at creation.

Where to find this rule statement
  • Console – During the process of creating a web ACL, on the Add rules and rule groups page, choose Add managed rule groups, and then find and select the rule group that you want to use.

  • APIManagedRuleGroupStatement