**Introducing a new console experience for AWS WAF** You can now use the updated experience to access AWS WAF functionality anywhere in the console. For more details, see [Working with the console](https://docs.aws.amazon.com/waf/latest/developerguide/working-with-console.html). # Grouping your AWS Shield Advanced protections Protection groupsAdd support for AWS Shield Advanced protection groups You can now group your protected resources into logical groups and manage their protections collectively. Use protection groups to create logical collections of your protected resources and manage their protections as a group. For information about managing resource protections, see [Editing AWS Shield Advanced protections](manage-protection.md). **Note** Automatic application layer DDoS mitigation does not interact with protection groups. You can enable automatic mitigation for resources that are in protection groups, but Shield Advanced does not automatically apply attack mitigations based on protection group findings. Shield Advanced applies automatic attack mitigations for individual resources. AWS Shield Advanced protection groups give you a self-service way to customize the scope of detection and mitigation by treating multiple protected resources as a single unit. Resource grouping can provide a number of benefits. + Improve accuracy of detection. + Reduce unactionable event notifications. + Increase coverage of mitigation actions to include protected resources that also might be affected during an event. + Accelerate time to mitigation of attacks with multiple similar targets. + Facilitate automatic protection of newly created protected resources. Protection groups can help reduce false positives in situations such as blue/green swap, where resources alternate between being near zero load and fully loaded. Another example is when you create and delete resources frequently while maintaining a load level that's shared among the members of the group. For situations such as these, monitoring individual resources can lead to false positives, while monitoring the health of the group of resources does not. You can configure protection groups to include all protected resources, all resources of specific resource types, or individually specified resources. Newly protected resources that satisfy your protection group criteria are automatically included in your protection group. A protected resource can belong to multiple protection groups. # Creating a Shield Advanced protection group Creating a protection group **To create a protection group** 1. Sign in to the AWS Management Console and open the AWS WAF & Shield console at [https://console.aws.amazon.com/wafv2/](https://console.aws.amazon.com/wafv2/). 1. In the AWS Shield navigation pane, choose **Protected resources**. 1. Choose the **Protection groups** tab, then choose **Create protection group**. 1. In the **Create protection group** page, provide a name for your group. You'll use this name to identify the group in your list of protected resources. You can't change the name of a protection group after you create it. 1. For **Protection grouping criteria**, select the criteria that you want Shield Advanced to use to identify the protected resources to include in the group. Make your additional selections based on the criteria that you've chosen. 1. For **Aggregation**, select how you want Shield Advanced to combine resource data for the group in order to detect, mitigate, and report events. + **Sum** – Use the total traffic across the group. This is a good choice for most cases. Examples include Elastic IP addresses for Amazon EC2 instances that scale manually or automatically. + **Mean** – Use the average of the traffic across the group. This is a good choice for resources that share traffic uniformly. Examples include accelerators and load balancers. + **Max** – Use the highest traffic from each resource. This is useful for resources that don't share traffic, and for resources that share traffic in a non-uniform way. Examples include Amazon CloudFront distributions and origin resources for CloudFront distributions. 1. Choose **Save** to save your protection group and return to the **Protected resources** page. In the **Shield** **Events** page, you can view events for your protection group and drill down to see additional information for the protected resources that are in the group. # Updating a Shield Advanced protection group Updating a protection group **To update a protection group** 1. Sign in to the AWS Management Console and open the AWS WAF & Shield console at [https://console.aws.amazon.com/wafv2/](https://console.aws.amazon.com/wafv2/). 1. In the AWS Shield navigation pane, choose **Protected resources**. 1. In the **Protection groups** tab, select the check box next to the protection group that you want to modify. 1. In the protection group's page, choose **Edit**. Make your changes to the protection group settings. 1. Choose **Save** to save your changes. # Deleting a Shield Advanced protection group Deleting a Shield Advanced protection group **To delete a protection group** 1. Sign in to the AWS Management Console and open the AWS WAF & Shield console at [https://console.aws.amazon.com/wafv2/](https://console.aws.amazon.com/wafv2/). 1. In the AWS Shield navigation pane, choose **Protected resources**. 1. In the **Protection groups** tab, select the check box next to the protection group that you want to remove. 1. In the protection group's page, choose **Delete** and confirm the action.