After configuring the Amazon Web Services (AWS) S3 bucket for Generic Firewall Denylist, you can update the list of the IP addresses for the firewalls that can access the denylist.

1. Sign in to the AWS CloudFormation console.
2. On the Stacks page, filter for the denylist that you created in Configure Generic Firewall Denylist for Arctic Wolf Active Response.
3. Click the name of the stack.
4. Click Update stack > Create a change set.
5. On the Create change set page, make sure that Use existing template is selected.
6. Click Next.
7. On the Specify change set details page, in the Parameters section, update the list of IP addresses.
   Use commas to separate the IP addresses. For example, 0.0.0.0,8.8.8.8..
8. Click Next.
9. Select the I acknowledge that AWS CloudFormation might create IAM resources checkbox.
10. Click Next.
11. Click Submit.
    The Stack details page opens on the Change sets tab. The stack status is CREATE_PENDING.
12. When the status changes to CREATE_COMPLETE, click Execute change set.
    If required, click Refresh to see if the status changed.
13. Keep the default settings, and then click Execute change set.
    The Events tab opens. The stack status is UPDATE_IN_PROGRESS. When the status changes to UPDATE_COMPLETE, your firewall IP address list is updated.