How the migration works - AWS WAF, AWS Firewall Manager, AWS Shield Advanced, and AWS Shield network security director

Introducing a new console experience for AWS WAF

You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see Working with the updated console experience.

How the migration works

The automated migration carries over most of your AWS WAF Classic protection pack or web ACL configuration, leaving some things that you need to handle manually.

Note

Some protection configurations cannot be automatically migrated, and require manual configuration in AWS WAF (v2). See the list at Migration caveats and limitations.

The following lists the high-level steps for migrating a protection pack or web ACL.

  1. The automated migration reads everything related to your existing protection pack or web ACL, without modifying or deleting anything in AWS WAF Classic. It creates a representation of the web ACL and its related resources, compatible with AWS WAF. It generates an AWS CloudFormation template for the new protection pack or web ACL and stores it in an Amazon S3 bucket.

  2. You deploy the template into AWS CloudFormation, in order to recreate the protection pack or web ACL and related resources in AWS WAF.

  3. You review the protection pack or web ACL, and manually complete the migration, making sure that your new protection pack or web ACL takes full advantage of the capabilities of the latest AWS WAF.

  4. You manually switch your protected resources over to the new protection pack or web ACL.