Using rule group rule statements in Amazon WAF - Amazon WAF, Amazon Firewall Manager, and Amazon Shield Advanced
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Using rule group rule statements in Amazon WAF

Note

Rule group rule statements are not nestable.

This section describes the rule group rule statements that you can use in your web ACL. Rule group web ACL capacity units (WCUs) are set by the rule group owner at the time of creation. For information about WCUs, see Web ACL capacity units (WCUs) in Amazon WAF.

Rule group statement

Description

WCUs

Using managed rule group statements

Runs the rules that are defined in the specified managed rule group.

You can narrow the scope of requests that the rule group evaluates by adding a scope-down statement.

You can't nest a managed rule group statement inside any other statement type.

Defined by the rule group, plus any additional WCUs for a scope-down statement.

Using rule group statements

Runs the rules that are defined in a rule group that you manage.

You can't add a scope-down statement to a rule group reference statement for your own rule group.

You can't nest a rule group statement inside any other statement type

You define the WCU limit for the rule group when you create it.