AWS Firewall Manager now supports retrofitting existing AWS WAF Web ACLs, enabling customers to centrally create policies for WAF that add baseline rule sets to existing WAF WebACLs. This feature allows security administrators to insert first and last rule groups, configure logging destinations, and define baseline protection while leaving custom rule sets intact. The "retrofit" setting on a Firewall Manager WAF policy helps customers rapidly deploy standard WAF rules to all web applications without affecting existing deployments.

Source: https://dev.to/karthiksakthiveltechie/aws-firewall-manager-now-supports-retrofitting-of-existing-aws-waf-web-acls-h9o