Add warnings, tweaks to docs

YakDriver · YakDriver · commit 23ab40df04f1 · 2025-07-30T17:23:55.000-04:00
diff --git a/website/docs/r/wafv2_web_acl_rule_group_association.html.markdown b/website/docs/r/wafv2_web_acl_rule_group_association.html.markdown
@@ -15,10 +15,12 @@ This resource supports both:
 - **Custom Rule Groups**: User-created rule groups that you manage within your AWS account
 - **Managed Rule Groups**: Pre-configured rule groups provided by AWS or third-party vendors
 
-~> **Note:** This resource creates a rule within the Web ACL that references the entire Rule Group. The rule group's individual rules are evaluated as a unit when requests are processed by the Web ACL.
+!> **Warning:** Verify the rule names in your `rule_action_override`s carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
 
 !> **Warning:** Using this resource will cause the associated Web ACL resource to show configuration drift in the `rule` argument unless you add `lifecycle { ignore_changes = [rule] }` to the Web ACL resource configuration. This is because this resource modifies the Web ACL's rules outside of the Web ACL resource's direct management.
 
+~> **Note:** This resource creates a rule within the Web ACL that references the entire Rule Group. The rule group's individual rules are evaluated as a unit when requests are processed by the Web ACL.
+
 ## Example Usage
 
 ### Custom Rule Group - Basic Usage
@@ -402,7 +404,7 @@ The following arguments are optional:
 
 ### rule_action_override
 
-* `name` - (Required) Name of the rule to override within the rule group.
+* `name` - (Required) Name of the rule to override within the rule group. Verify the name carefully. With managed rule groups, WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
 * `action_to_use` - (Required) Action to use instead of the rule's original action. [See below](#action_to_use).
 
 ### action_to_use
