Logical rule statements - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Logical rule statements

Use logical rules statements to combine other statements or negate their results. Every logical rule statement takes at least one nested statement.

To logically combine or negate rule statement results, you nest the statements under logical rule statements.

Logical rules statements are nestable. You can nest them inside other logical rule statements and use them in scope-down statements. For information about scope-down statements, see Scope-down statements.


The visual editor on the console supports one level of rule statement nesting, which works for many needs. To nest more levels, edit the JSON representation of the rule on the console or use the APIs.

This table describes the logical rule statements and provides guidelines for calculating web ACL capacity units (WCU) usage for each. For information about WCUs, see Amazon WAF web ACL capacity units (WCUs).

Logical Statement



AND logic

Combines nested statements with AND logic.

Based on nested statements

NOT logic

Negates the results of a nested statement.

Based on nested statement

OR logic

Combines nested statements with OR logic.

Based on nested statements