Too Long; Didn't Read
AWS WAF Security Automations is a set of CloudFormation stacks that are meant to protect your websites or web applications based on malicious behavior on behalf of the client. The most recent version is 2.3.2, while version 3.2.x is in the making. The WAF rules generated by this framework are de facto static and can be, but are not meant to be modified or extended. The documentation is partially outdated and the WAF is not fully implemented. It uses the same version of WAF classic, which has been superseded by WAF v2.2.