File: //usr/local/aws-cli/v2/dist/awscli/examples/wafv2/update-web-acl.rst
**To update a web ACL**
The following ``update-web-acl`` changes settings for an existing web ACL. This call requires an ID, which you can obtain from the call, ``list-web-acls``, and a lock token and other settings, which you can obtain from the call ``get-web-acl``. This call also returns a lock token that you can use for a subsequent update. ::
aws wafv2 update-web-acl \
--name TestWebAcl \
--scope REGIONAL \
--id a1b2c3d4-5678-90ab-cdef-EXAMPLE11111 \
--lock-token 2294b3a1-0000-0000-0000-a3ae04329de9 \
--default-action Block={} \
--visibility-config SampledRequestsEnabled=false,CloudWatchMetricsEnabled=false,MetricName=NewMetricTestWebAcl \
--rules file://waf-rule.json \
--region us-west-2
Output::
{
"NextLockToken": "714a0cfb-0000-0000-0000-2959c8b9a684"
}
For more information, see `Managing and Using a Web Access Control List (Web ACL) <https://docs.aws.amazon.com/waf/latest/developerguide/web-acl.html>`__ in the *AWS WAF, AWS Firewall Manager, and AWS Shield Advanced Developer Guide*.