Here’s how to get the WAF rule.

<pre lang="bash">aws waf-regional get-rule \
--rule-id xxxxxxxxxxxxxxxxxxxxxxxxxxx

Here’s how to get the AWS WAF IP set.

<pre lang="bash">aws waf-regional get-ip-set \
--ip-set-id xxxxxxxxxxxxxxxxxxx \
--region us-east-1 \
--profile your-profile

Here’s how to get the latest token.

<pre lang="bash">aws waf-regional get-change-token

Result is similar to this.

<pre lang="json">{
    "ChangeToken": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"

Create a JSON file called “change.json” to be used for updating the IP set. We will insert and delete an IP set.

<pre lang="json">[
        "Action": "INSERT",
            "Type": "IPV4",
            "Value": ""
        "Action": "DELETE",
            "Type": "IPV6",
            "Value": "1111:0000:0000:0000:0000:0000:0000:0111/128"

Finally, here’s how to update the IP set.

<pre lang="bash">aws waf-regional update-ip-set \
--ip-set-id xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
--change-token xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
--region us-east-1 \
--profile default \
--updates file://change.json