Here’s how to get the WAF rule.

aws waf-regional get-rule \
--rule-id xxxxxxxxxxxxxxxxxxxxxxxxxxx

Here’s how to get the AWS WAF IP set.

aws waf-regional get-ip-set \
--ip-set-id xxxxxxxxxxxxxxxxxxx \
--region us-east-1 \
--profile your-profile

Here’s how to get the latest token.

aws waf-regional get-change-token

Result is similar to this.

{
    "ChangeToken": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}

Create a JSON file called “change.json” to be used for updating the IP set. We will insert and delete an IP set.

[
    {
        "Action": "INSERT",
        "IPSetDescriptor":
        {
            "Type": "IPV4",
            "Value": "12.34.56.78/24"
        }
    },
    {
        "Action": "DELETE",
        "IPSetDescriptor":
        {
            "Type": "IPV6",
            "Value": "1111:0000:0000:0000:0000:0000:0000:0111/128"
        }
    }
]

Finally, here’s how to update the IP set.

aws waf-regional update-ip-set \
--ip-set-id xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
--change-token xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx \
--region us-east-1 \
--profile default \
--updates file://change.json