0Pricing
AWS Security Academy · Lesson

Rules, Rule Groups, and Web ACLs

Learn how matching rules combine into a deployable policy.

The Building Blocks

AWS WAF organizes protection into three layers: rules, rule groups, and a web ACL. A rule is a single condition and action; a rule group bundles related rules; a web ACL is the deployable container that you attach to a resource and that ties everything together.

What a Rule Is

A rule combines a match statement (such as a string match on the URI) with an action (allow, block, count, CAPTCHA). Rules can also combine statements with AND, OR, and NOT logic, letting you express conditions like block this path unless the request comes from a trusted IP set.

All lessons in this course

  1. How AWS WAF Inspects Requests
  2. Rules, Rule Groups, and Web ACLs
  3. Managed Rules and Rate Limiting
  4. Attaching WAF to CloudFront and ALB
← Back to AWS Security Academy