aws-sdk-waf 1.0.0.rc7 → 1.0.0.rc8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3997031fd09e68563c773803b97be7fba1b2d9f0
-  data.tar.gz: 2da8ee1e6e1c7d941deebb58d97e13c2ed72b737
+  metadata.gz: 663905a7b3208929449c414eb0e1e983a772e1e4
+  data.tar.gz: 8edaf15d950ba9089938d286c197277dbf614a8f
 SHA512:
-  metadata.gz: c91f90afccab4c40d172bb687fc8fc048f25f065f6bd2a19607852dd901f651c0bcd64c0e0878e4f58f2e98e0e9fda7ecb286403461986cbebbf6fca04c219be
-  data.tar.gz: b6bc276bc4440499930322a104132e3bc8ee0bb29ac656c0498faa6a0ae5d23c890cd9cfc5fedb7059675f74170ff8f3734ef13fd41da1f9bd9f668a5e359d2c
+  metadata.gz: cfdd0d1f5e06053b2a9711b223194fa266fb8cd735ce32b2a5652fdf6ddb53321c6055ceee08991afc0f428fa9cc9c39a1c3c62992f209ada54d9ff86ae2378b
+  data.tar.gz: dab98399f11222f93162bdd7ccda2faa9ca6c34e337bcd4c8cc10cba2767f98276458002e05ccaaeb5f052b03e0a153e995f1e64a84f7dc283b0721568867ed7

data/lib/aws-sdk-waf.rb

@@ -42,6 +42,6 @@ require_relative 'aws-sdk-waf/customizations'
 # @service
 module Aws::WAF
 
-  GEM_VERSION = '1.0.0.rc7'
+  GEM_VERSION = '1.0.0.rc8'
 
 end

data/lib/aws-sdk-waf/client.rb

@@ -288,6 +288,143 @@ module Aws::WAF
       req.send_request(options)
     end
 
+    # Creates a RateBasedRule. The `RateBasedRule` contains a `RateLimit`,
+    # which specifies the maximum number of requests that AWS WAF allows
+    # from a specified IP address in a five-minute period. The
+    # `RateBasedRule` also contains the `IPSet` objects, `ByteMatchSet`
+    # objects, and other predicates that identify the requests that you want
+    # to count or block if these requests exceed the `RateLimit`.
+    #
+    # If you add more than one predicate to a `RateBasedRule`, a request not
+    # only must exceed the `RateLimit`, but it also must match all the
+    # specifications to be counted or blocked. For example, suppose you add
+    # the following to a `RateBasedRule`\:
+    #
+    # * An `IPSet` that matches the IP address `192.0.2.44/32`
+    #
+    # * A `ByteMatchSet` that matches `BadBot` in the `User-Agent` header
+    #
+    # Further, you specify a `RateLimit` of 15,000.
+    #
+    # You then add the `RateBasedRule` to a `WebACL` and specify that you
+    # want to block requests that meet the conditions in the rule. For a
+    # request to be blocked, it must come from the IP address 192.0.2.44
+    # *and* the `User-Agent` header in the request must contain the value
+    # `BadBot`. Further, requests that match these two conditions must be
+    # received at a rate of more than 15,000 requests every five minutes. If
+    # both conditions are met and the rate is exceeded, AWS WAF blocks the
+    # requests. If the rate drops below 15,000 for a five-minute period, AWS
+    # WAF no longer blocks the requests.
+    #
+    # As a second example, suppose you want to limit requests to a
+    # particular page on your site. To do this, you could add the following
+    # to a `RateBasedRule`\:
+    #
+    # * A `ByteMatchSet` with `FieldToMatch` of `URI`
+    #
+    # * A `PositionalConstraint` of `STARTS_WITH`
+    #
+    # * A `TargetString` of `login`
+    #
+    # Further, you specify a `RateLimit` of 15,000.
+    #
+    # By adding this `RateBasedRule` to a `WebACL`, you could limit requests
+    # to your login page without affecting the rest of your site.
+    #
+    # To create and configure a `RateBasedRule`, perform the following
+    # steps:
+    #
+    # 1.  Create and update the predicates that you want to include in the
+    #     rule. For more information, see CreateByteMatchSet, CreateIPSet,
+    #     and CreateSqlInjectionMatchSet.
+    #
+    # 2.  Use GetChangeToken to get the change token that you provide in the
+    #     `ChangeToken` parameter of a `CreateRule` request.
+    #
+    # 3.  Submit a `CreateRateBasedRule` request.
+    #
+    # 4.  Use `GetChangeToken` to get the change token that you provide in
+    #     the `ChangeToken` parameter of an UpdateRule request.
+    #
+    # 5.  Submit an `UpdateRateBasedRule` request to specify the predicates
+    #     that you want to include in the rule.
+    #
+    # 6.  Create and update a `WebACL` that contains the `RateBasedRule`.
+    #     For more information, see CreateWebACL.
+    #
+    # For more information about how to use the AWS WAF API to allow or
+    # block HTTP requests, see the [AWS WAF Developer Guide][1].
+    #
+    #
+    #
+    # [1]: http://docs.aws.amazon.com/waf/latest/developerguide/
+    #
+    # @option params [required, String] :name
+    #   A friendly name or description of the RateBasedRule. You can't change
+    #   the name of a `RateBasedRule` after you create it.
+    #
+    # @option params [required, String] :metric_name
+    #   A friendly name or description for the metrics for this
+    #   `RateBasedRule`. The name can contain only alphanumeric characters
+    #   (A-Z, a-z, 0-9); the name can't contain whitespace. You can't change
+    #   the name of the metric after you create the `RateBasedRule`.
+    #
+    # @option params [required, String] :rate_key
+    #   The field that AWS WAF uses to determine if requests are likely
+    #   arriving from a single source and thus subject to rate monitoring. The
+    #   only valid value for `RateKey` is `IP`. `IP` indicates that requests
+    #   that arrive from the same IP address are subject to the `RateLimit`
+    #   that is specified in the `RateBasedRule`.
+    #
+    # @option params [required, Integer] :rate_limit
+    #   The maximum number of requests, which have an identical value in the
+    #   field that is specified by `RateKey`, allowed in a five-minute period.
+    #   If the number of requests exceeds the `RateLimit` and the other
+    #   predicates specified in the rule are also met, AWS WAF triggers the
+    #   action that is specified for this rule.
+    #
+    # @option params [required, String] :change_token
+    #   The `ChangeToken` that you used to submit the `CreateRateBasedRule`
+    #   request. You can also use this value to query the status of the
+    #   request. For more information, see GetChangeTokenStatus.
+    #
+    # @return [Types::CreateRateBasedRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateRateBasedRuleResponse#rule #rule} => Types::RateBasedRule
+    #   * {Types::CreateRateBasedRuleResponse#change_token #change_token} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_rate_based_rule({
+    #     name: "ResourceName", # required
+    #     metric_name: "MetricName", # required
+    #     rate_key: "IP", # required, accepts IP
+    #     rate_limit: 1, # required
+    #     change_token: "ChangeToken", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.rule.rule_id #=> String
+    #   resp.rule.name #=> String
+    #   resp.rule.metric_name #=> String
+    #   resp.rule.match_predicates #=> Array
+    #   resp.rule.match_predicates[0].negated #=> Boolean
+    #   resp.rule.match_predicates[0].type #=> String, one of "IPMatch", "ByteMatch", "SqlInjectionMatch", "SizeConstraint", "XssMatch"
+    #   resp.rule.match_predicates[0].data_id #=> String
+    #   resp.rule.rate_key #=> String, one of "IP"
+    #   resp.rule.rate_limit #=> Integer
+    #   resp.change_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/CreateRateBasedRule AWS API Documentation
+    #
+    # @overload create_rate_based_rule(params = {})
+    # @param [Hash] params ({})
+    def create_rate_based_rule(params = {}, options = {})
+      req = build_request(:create_rate_based_rule, params)
+      req.send_request(options)
+    end
+
     # Creates a `Rule`, which contains the `IPSet` objects, `ByteMatchSet`
     # objects, and other predicates that identify the requests that you want
     # to block. If you add more than one predicate to a `Rule`, a request
@@ -596,6 +733,7 @@ module Aws::WAF
     #   resp.web_acl.rules[0].priority #=> Integer
     #   resp.web_acl.rules[0].rule_id #=> String
     #   resp.web_acl.rules[0].action.type #=> String, one of "BLOCK", "ALLOW", "COUNT"
+    #   resp.web_acl.rules[0].type #=> String, one of "REGULAR", "RATE_BASED"
     #   resp.change_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/CreateWebACL AWS API Documentation
@@ -767,6 +905,54 @@ module Aws::WAF
       req.send_request(options)
     end
 
+    # Permanently deletes a RateBasedRule. You can't delete a rule if it's
+    # still used in any `WebACL` objects or if it still includes any
+    # predicates, such as `ByteMatchSet` objects.
+    #
+    # If you just want to remove a rule from a `WebACL`, use UpdateWebACL.
+    #
+    # To permanently delete a `RateBasedRule` from AWS WAF, perform the
+    # following steps:
+    #
+    # 1.  Update the `RateBasedRule` to remove predicates, if any. For more
+    #     information, see UpdateRateBasedRule.
+    #
+    # 2.  Use GetChangeToken to get the change token that you provide in the
+    #     `ChangeToken` parameter of a `DeleteRateBasedRule` request.
+    #
+    # 3.  Submit a `DeleteRateBasedRule` request.
+    #
+    # @option params [required, String] :rule_id
+    #   The `RuleId` of the RateBasedRule that you want to delete. `RuleId` is
+    #   returned by CreateRateBasedRule and by ListRateBasedRules.
+    #
+    # @option params [required, String] :change_token
+    #   The value returned by the most recent call to GetChangeToken.
+    #
+    # @return [Types::DeleteRateBasedRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::DeleteRateBasedRuleResponse#change_token #change_token} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.delete_rate_based_rule({
+    #     rule_id: "ResourceId", # required
+    #     change_token: "ChangeToken", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.change_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/DeleteRateBasedRule AWS API Documentation
+    #
+    # @overload delete_rate_based_rule(params = {})
+    # @param [Hash] params ({})
+    def delete_rate_based_rule(params = {}, options = {})
+      req = build_request(:delete_rate_based_rule, params)
+      req.send_request(options)
+    end
+
     # Permanently deletes a Rule. You can't delete a `Rule` if it's still
     # used in any `WebACL` objects or if it still includes any predicates,
     # such as `ByteMatchSet` objects.
@@ -1151,6 +1337,86 @@ module Aws::WAF
       req.send_request(options)
     end
 
+    # Returns the RateBasedRule that is specified by the `RuleId` that you
+    # included in the `GetRateBasedRule` request.
+    #
+    # @option params [required, String] :rule_id
+    #   The `RuleId` of the RateBasedRule that you want to get. `RuleId` is
+    #   returned by CreateRateBasedRule and by ListRateBasedRules.
+    #
+    # @return [Types::GetRateBasedRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetRateBasedRuleResponse#rule #rule} => Types::RateBasedRule
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_rate_based_rule({
+    #     rule_id: "ResourceId", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.rule.rule_id #=> String
+    #   resp.rule.name #=> String
+    #   resp.rule.metric_name #=> String
+    #   resp.rule.match_predicates #=> Array
+    #   resp.rule.match_predicates[0].negated #=> Boolean
+    #   resp.rule.match_predicates[0].type #=> String, one of "IPMatch", "ByteMatch", "SqlInjectionMatch", "SizeConstraint", "XssMatch"
+    #   resp.rule.match_predicates[0].data_id #=> String
+    #   resp.rule.rate_key #=> String, one of "IP"
+    #   resp.rule.rate_limit #=> Integer
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/GetRateBasedRule AWS API Documentation
+    #
+    # @overload get_rate_based_rule(params = {})
+    # @param [Hash] params ({})
+    def get_rate_based_rule(params = {}, options = {})
+      req = build_request(:get_rate_based_rule, params)
+      req.send_request(options)
+    end
+
+    # Returns an array of IP addresses currently being blocked by the
+    # RateBasedRule that is specified by the `RuleId`. The maximum number of
+    # managed keys that will be blocked is 10,000. If more than 10,000
+    # addresses exceed the rate limit, the 10,000 addresses with the highest
+    # rates will be blocked.
+    #
+    # @option params [required, String] :rule_id
+    #   The `RuleId` of the RateBasedRule for which you want to get a list of
+    #   `ManagedKeys`. `RuleId` is returned by CreateRateBasedRule and by
+    #   ListRateBasedRules.
+    #
+    # @option params [String] :next_marker
+    #   A null value and not currently used. Do not include this in your
+    #   request.
+    #
+    # @return [Types::GetRateBasedRuleManagedKeysResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetRateBasedRuleManagedKeysResponse#managed_keys #managed_keys} => Array<String>
+    #   * {Types::GetRateBasedRuleManagedKeysResponse#next_marker #next_marker} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_rate_based_rule_managed_keys({
+    #     rule_id: "ResourceId", # required
+    #     next_marker: "NextMarker",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.managed_keys #=> Array
+    #   resp.managed_keys[0] #=> String
+    #   resp.next_marker #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/GetRateBasedRuleManagedKeys AWS API Documentation
+    #
+    # @overload get_rate_based_rule_managed_keys(params = {})
+    # @param [Hash] params ({})
+    def get_rate_based_rule_managed_keys(params = {}, options = {})
+      req = build_request(:get_rate_based_rule_managed_keys, params)
+      req.send_request(options)
+    end
+
     # Returns the Rule that is specified by the `RuleId` that you included
     # in the `GetRule` request.
     #
@@ -1372,6 +1638,7 @@ module Aws::WAF
     #   resp.web_acl.rules[0].priority #=> Integer
     #   resp.web_acl.rules[0].rule_id #=> String
     #   resp.web_acl.rules[0].action.type #=> String, one of "BLOCK", "ALLOW", "COUNT"
+    #   resp.web_acl.rules[0].type #=> String, one of "REGULAR", "RATE_BASED"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/GetWebACL AWS API Documentation
     #
@@ -1506,6 +1773,50 @@ module Aws::WAF
       req.send_request(options)
     end
 
+    # Returns an array of RuleSummary objects.
+    #
+    # @option params [String] :next_marker
+    #   If you specify a value for `Limit` and you have more `Rules` than the
+    #   value of `Limit`, AWS WAF returns a `NextMarker` value in the response
+    #   that allows you to list another group of `Rules`. For the second and
+    #   subsequent `ListRateBasedRules` requests, specify the value of
+    #   `NextMarker` from the previous response to get information about
+    #   another batch of `Rules`.
+    #
+    # @option params [Integer] :limit
+    #   Specifies the number of `Rules` that you want AWS WAF to return for
+    #   this request. If you have more `Rules` than the number that you
+    #   specify for `Limit`, the response includes a `NextMarker` value that
+    #   you can use to get another batch of `Rules`.
+    #
+    # @return [Types::ListRateBasedRulesResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListRateBasedRulesResponse#next_marker #next_marker} => String
+    #   * {Types::ListRateBasedRulesResponse#rules #rules} => Array<Types::RuleSummary>
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_rate_based_rules({
+    #     next_marker: "NextMarker",
+    #     limit: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.next_marker #=> String
+    #   resp.rules #=> Array
+    #   resp.rules[0].rule_id #=> String
+    #   resp.rules[0].name #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/ListRateBasedRules AWS API Documentation
+    #
+    # @overload list_rate_based_rules(params = {})
+    # @param [Hash] params ({})
+    def list_rate_based_rules(params = {}, options = {})
+      req = build_request(:list_rate_based_rules, params)
+      req.send_request(options)
+    end
+
     # Returns an array of RuleSummary objects.
     #
     # @option params [String] :next_marker
@@ -1941,6 +2252,101 @@ module Aws::WAF
       req.send_request(options)
     end
 
+    # Inserts or deletes Predicate objects in a rule and updates the
+    # `RateLimit` in the rule.
+    #
+    # Each `Predicate` object identifies a predicate, such as a ByteMatchSet
+    # or an IPSet, that specifies the web requests that you want to block or
+    # count. The `RateLimit` specifies the number of requests every five
+    # minutes that triggers the rule.
+    #
+    # If you add more than one predicate to a `RateBasedRule`, a request
+    # must match all the predicates and exceed the `RateLimit` to be counted
+    # or blocked. For example, suppose you add the following to a
+    # `RateBasedRule`\:
+    #
+    # * An `IPSet` that matches the IP address `192.0.2.44/32`
+    #
+    # * A `ByteMatchSet` that matches `BadBot` in the `User-Agent` header
+    #
+    # Further, you specify a `RateLimit` of 15,000.
+    #
+    # You then add the `RateBasedRule` to a `WebACL` and specify that you
+    # want to block requests that satisfy the rule. For a request to be
+    # blocked, it must come from the IP address 192.0.2.44 *and* the
+    # `User-Agent` header in the request must contain the value `BadBot`.
+    # Further, requests that match these two conditions much be received at
+    # a rate of more than 15,000 every five minutes. If the rate drops below
+    # this limit, AWS WAF no longer blocks the requests.
+    #
+    # As a second example, suppose you want to limit requests to a
+    # particular page on your site. To do this, you could add the following
+    # to a `RateBasedRule`\:
+    #
+    # * A `ByteMatchSet` with `FieldToMatch` of `URI`
+    #
+    # * A `PositionalConstraint` of `STARTS_WITH`
+    #
+    # * A `TargetString` of `login`
+    #
+    # Further, you specify a `RateLimit` of 15,000.
+    #
+    # By adding this `RateBasedRule` to a `WebACL`, you could limit requests
+    # to your login page without affecting the rest of your site.
+    #
+    # @option params [required, String] :rule_id
+    #   The `RuleId` of the `RateBasedRule` that you want to update. `RuleId`
+    #   is returned by `CreateRateBasedRule` and by ListRateBasedRules.
+    #
+    # @option params [required, String] :change_token
+    #   The value returned by the most recent call to GetChangeToken.
+    #
+    # @option params [required, Array<Types::RuleUpdate>] :updates
+    #   An array of `RuleUpdate` objects that you want to insert into or
+    #   delete from a RateBasedRule.
+    #
+    # @option params [required, Integer] :rate_limit
+    #   The maximum number of requests, which have an identical value in the
+    #   field specified by the `RateKey`, allowed in a five-minute period. If
+    #   the number of requests exceeds the `RateLimit` and the other
+    #   predicates specified in the rule are also met, AWS WAF triggers the
+    #   action that is specified for this rule.
+    #
+    # @return [Types::UpdateRateBasedRuleResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::UpdateRateBasedRuleResponse#change_token #change_token} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.update_rate_based_rule({
+    #     rule_id: "ResourceId", # required
+    #     change_token: "ChangeToken", # required
+    #     updates: [ # required
+    #       {
+    #         action: "INSERT", # required, accepts INSERT, DELETE
+    #         predicate: { # required
+    #           negated: false, # required
+    #           type: "IPMatch", # required, accepts IPMatch, ByteMatch, SqlInjectionMatch, SizeConstraint, XssMatch
+    #           data_id: "ResourceId", # required
+    #         },
+    #       },
+    #     ],
+    #     rate_limit: 1, # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.change_token #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/UpdateRateBasedRule AWS API Documentation
+    #
+    # @overload update_rate_based_rule(params = {})
+    # @param [Hash] params ({})
+    def update_rate_based_rule(params = {}, options = {})
+      req = build_request(:update_rate_based_rule, params)
+      req.send_request(options)
+    end
+
     # Inserts or deletes Predicate objects in a `Rule`. Each `Predicate`
     # object identifies a predicate, such as a ByteMatchSet or an IPSet,
     # that specifies the web requests that you want to allow, block, or
@@ -2288,6 +2694,12 @@ module Aws::WAF
     #     want to include in the `WebACL`, to specify the default action,
     #     and to associate the `WebACL` with a CloudFront distribution.
     #
+    # Be aware that if you try to add a RATE\_BASED rule to a web ACL
+    # without setting the rule type when first creating the rule, the
+    # UpdateWebACL request will fail because the request tries to add a
+    # REGULAR rule (the default rule type) with the specified ID, which does
+    # not exist.
+    #
     # For more information about how to use the AWS WAF API to allow or
     # block HTTP requests, see the [AWS WAF Developer Guide][1].
     #
@@ -2311,7 +2723,7 @@ module Aws::WAF
     #
     #   * WebACLUpdate: Contains `Action` and `ActivatedRule`
     #
-    #   * ActivatedRule: Contains `Action`, `Priority`, and `RuleId`
+    #   * ActivatedRule: Contains `Action`, `Priority`, `RuleId`, and `Type`
     #
     #   * WafAction: Contains `Type`
     #
@@ -2338,6 +2750,7 @@ module Aws::WAF
     #           action: { # required
     #             type: "BLOCK", # required, accepts BLOCK, ALLOW, COUNT
     #           },
+    #           type: "REGULAR", # accepts REGULAR, RATE_BASED
     #         },
     #       },
     #     ],
@@ -2467,7 +2880,7 @@ module Aws::WAF
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-waf'
-      context[:gem_version] = '1.0.0.rc7'
+      context[:gem_version] = '1.0.0.rc8'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-waf/client_api.rb

@@ -31,6 +31,8 @@ module Aws::WAF
     CreateByteMatchSetResponse = Shapes::StructureShape.new(name: 'CreateByteMatchSetResponse')
     CreateIPSetRequest = Shapes::StructureShape.new(name: 'CreateIPSetRequest')
     CreateIPSetResponse = Shapes::StructureShape.new(name: 'CreateIPSetResponse')
+    CreateRateBasedRuleRequest = Shapes::StructureShape.new(name: 'CreateRateBasedRuleRequest')
+    CreateRateBasedRuleResponse = Shapes::StructureShape.new(name: 'CreateRateBasedRuleResponse')
     CreateRuleRequest = Shapes::StructureShape.new(name: 'CreateRuleRequest')
     CreateRuleResponse = Shapes::StructureShape.new(name: 'CreateRuleResponse')
     CreateSizeConstraintSetRequest = Shapes::StructureShape.new(name: 'CreateSizeConstraintSetRequest')
@@ -45,6 +47,8 @@ module Aws::WAF
     DeleteByteMatchSetResponse = Shapes::StructureShape.new(name: 'DeleteByteMatchSetResponse')
     DeleteIPSetRequest = Shapes::StructureShape.new(name: 'DeleteIPSetRequest')
     DeleteIPSetResponse = Shapes::StructureShape.new(name: 'DeleteIPSetResponse')
+    DeleteRateBasedRuleRequest = Shapes::StructureShape.new(name: 'DeleteRateBasedRuleRequest')
+    DeleteRateBasedRuleResponse = Shapes::StructureShape.new(name: 'DeleteRateBasedRuleResponse')
     DeleteRuleRequest = Shapes::StructureShape.new(name: 'DeleteRuleRequest')
     DeleteRuleResponse = Shapes::StructureShape.new(name: 'DeleteRuleResponse')
     DeleteSizeConstraintSetRequest = Shapes::StructureShape.new(name: 'DeleteSizeConstraintSetRequest')
@@ -64,6 +68,10 @@ module Aws::WAF
     GetChangeTokenStatusResponse = Shapes::StructureShape.new(name: 'GetChangeTokenStatusResponse')
     GetIPSetRequest = Shapes::StructureShape.new(name: 'GetIPSetRequest')
     GetIPSetResponse = Shapes::StructureShape.new(name: 'GetIPSetResponse')
+    GetRateBasedRuleManagedKeysRequest = Shapes::StructureShape.new(name: 'GetRateBasedRuleManagedKeysRequest')
+    GetRateBasedRuleManagedKeysResponse = Shapes::StructureShape.new(name: 'GetRateBasedRuleManagedKeysResponse')
+    GetRateBasedRuleRequest = Shapes::StructureShape.new(name: 'GetRateBasedRuleRequest')
+    GetRateBasedRuleResponse = Shapes::StructureShape.new(name: 'GetRateBasedRuleResponse')
     GetRuleRequest = Shapes::StructureShape.new(name: 'GetRuleRequest')
     GetRuleResponse = Shapes::StructureShape.new(name: 'GetRuleResponse')
     GetSampledRequestsMaxItems = Shapes::IntegerShape.new(name: 'GetSampledRequestsMaxItems')
@@ -98,6 +106,8 @@ module Aws::WAF
     ListByteMatchSetsResponse = Shapes::StructureShape.new(name: 'ListByteMatchSetsResponse')
     ListIPSetsRequest = Shapes::StructureShape.new(name: 'ListIPSetsRequest')
     ListIPSetsResponse = Shapes::StructureShape.new(name: 'ListIPSetsResponse')
+    ListRateBasedRulesRequest = Shapes::StructureShape.new(name: 'ListRateBasedRulesRequest')
+    ListRateBasedRulesResponse = Shapes::StructureShape.new(name: 'ListRateBasedRulesResponse')
     ListRulesRequest = Shapes::StructureShape.new(name: 'ListRulesRequest')
     ListRulesResponse = Shapes::StructureShape.new(name: 'ListRulesResponse')
     ListSizeConstraintSetsRequest = Shapes::StructureShape.new(name: 'ListSizeConstraintSetsRequest')
@@ -108,6 +118,8 @@ module Aws::WAF
     ListWebACLsResponse = Shapes::StructureShape.new(name: 'ListWebACLsResponse')
     ListXssMatchSetsRequest = Shapes::StructureShape.new(name: 'ListXssMatchSetsRequest')
     ListXssMatchSetsResponse = Shapes::StructureShape.new(name: 'ListXssMatchSetsResponse')
+    ManagedKey = Shapes::StringShape.new(name: 'ManagedKey')
+    ManagedKeys = Shapes::ListShape.new(name: 'ManagedKeys')
     MatchFieldData = Shapes::StringShape.new(name: 'MatchFieldData')
     MatchFieldType = Shapes::StringShape.new(name: 'MatchFieldType')
     MetricName = Shapes::StringShape.new(name: 'MetricName')
@@ -122,6 +134,9 @@ module Aws::WAF
     Predicate = Shapes::StructureShape.new(name: 'Predicate')
     PredicateType = Shapes::StringShape.new(name: 'PredicateType')
     Predicates = Shapes::ListShape.new(name: 'Predicates')
+    RateBasedRule = Shapes::StructureShape.new(name: 'RateBasedRule')
+    RateKey = Shapes::StringShape.new(name: 'RateKey')
+    RateLimit = Shapes::IntegerShape.new(name: 'RateLimit')
     ResourceId = Shapes::StringShape.new(name: 'ResourceId')
     ResourceName = Shapes::StringShape.new(name: 'ResourceName')
     Rule = Shapes::StructureShape.new(name: 'Rule')
@@ -156,6 +171,8 @@ module Aws::WAF
     UpdateByteMatchSetResponse = Shapes::StructureShape.new(name: 'UpdateByteMatchSetResponse')
     UpdateIPSetRequest = Shapes::StructureShape.new(name: 'UpdateIPSetRequest')
     UpdateIPSetResponse = Shapes::StructureShape.new(name: 'UpdateIPSetResponse')
+    UpdateRateBasedRuleRequest = Shapes::StructureShape.new(name: 'UpdateRateBasedRuleRequest')
+    UpdateRateBasedRuleResponse = Shapes::StructureShape.new(name: 'UpdateRateBasedRuleResponse')
     UpdateRuleRequest = Shapes::StructureShape.new(name: 'UpdateRuleRequest')
     UpdateRuleResponse = Shapes::StructureShape.new(name: 'UpdateRuleResponse')
     UpdateSizeConstraintSetRequest = Shapes::StructureShape.new(name: 'UpdateSizeConstraintSetRequest')
@@ -179,6 +196,7 @@ module Aws::WAF
     WAFStaleDataException = Shapes::StructureShape.new(name: 'WAFStaleDataException')
     WafAction = Shapes::StructureShape.new(name: 'WafAction')
     WafActionType = Shapes::StringShape.new(name: 'WafActionType')
+    WafRuleType = Shapes::StringShape.new(name: 'WafRuleType')
     WebACL = Shapes::StructureShape.new(name: 'WebACL')
     WebACLSummaries = Shapes::ListShape.new(name: 'WebACLSummaries')
     WebACLSummary = Shapes::StructureShape.new(name: 'WebACLSummary')
@@ -196,6 +214,7 @@ module Aws::WAF
     ActivatedRule.add_member(:priority, Shapes::ShapeRef.new(shape: RulePriority, required: true, location_name: "Priority"))
     ActivatedRule.add_member(:rule_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "RuleId"))
     ActivatedRule.add_member(:action, Shapes::ShapeRef.new(shape: WafAction, required: true, location_name: "Action"))
+    ActivatedRule.add_member(:type, Shapes::ShapeRef.new(shape: WafRuleType, location_name: "Type"))
     ActivatedRule.struct_class = Types::ActivatedRule
 
     ActivatedRules.member = Shapes::ShapeRef.new(shape: ActivatedRule)
@@ -241,6 +260,17 @@ module Aws::WAF
     CreateIPSetResponse.add_member(:change_token, Shapes::ShapeRef.new(shape: ChangeToken, location_name: "ChangeToken"))
     CreateIPSetResponse.struct_class = Types::CreateIPSetResponse
 
+    CreateRateBasedRuleRequest.add_member(:name, Shapes::ShapeRef.new(shape: ResourceName, required: true, location_name: "Name"))
+    CreateRateBasedRuleRequest.add_member(:metric_name, Shapes::ShapeRef.new(shape: MetricName, required: true, location_name: "MetricName"))
+    CreateRateBasedRuleRequest.add_member(:rate_key, Shapes::ShapeRef.new(shape: RateKey, required: true, location_name: "RateKey"))
+    CreateRateBasedRuleRequest.add_member(:rate_limit, Shapes::ShapeRef.new(shape: RateLimit, required: true, location_name: "RateLimit"))
+    CreateRateBasedRuleRequest.add_member(:change_token, Shapes::ShapeRef.new(shape: ChangeToken, required: true, location_name: "ChangeToken"))
+    CreateRateBasedRuleRequest.struct_class = Types::CreateRateBasedRuleRequest
+
+    CreateRateBasedRuleResponse.add_member(:rule, Shapes::ShapeRef.new(shape: RateBasedRule, location_name: "Rule"))
+    CreateRateBasedRuleResponse.add_member(:change_token, Shapes::ShapeRef.new(shape: ChangeToken, location_name: "ChangeToken"))
+    CreateRateBasedRuleResponse.struct_class = Types::CreateRateBasedRuleResponse
+
     CreateRuleRequest.add_member(:name, Shapes::ShapeRef.new(shape: ResourceName, required: true, location_name: "Name"))
     CreateRuleRequest.add_member(:metric_name, Shapes::ShapeRef.new(shape: MetricName, required: true, location_name: "MetricName"))
     CreateRuleRequest.add_member(:change_token, Shapes::ShapeRef.new(shape: ChangeToken, required: true, location_name: "ChangeToken"))
@@ -298,6 +328,13 @@ module Aws::WAF
     DeleteIPSetResponse.add_member(:change_token, Shapes::ShapeRef.new(shape: ChangeToken, location_name: "ChangeToken"))
     DeleteIPSetResponse.struct_class = Types::DeleteIPSetResponse
 
+    DeleteRateBasedRuleRequest.add_member(:rule_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "RuleId"))
+    DeleteRateBasedRuleRequest.add_member(:change_token, Shapes::ShapeRef.new(shape: ChangeToken, required: true, location_name: "ChangeToken"))
+    DeleteRateBasedRuleRequest.struct_class = Types::DeleteRateBasedRuleRequest
+
+    DeleteRateBasedRuleResponse.add_member(:change_token, Shapes::ShapeRef.new(shape: ChangeToken, location_name: "ChangeToken"))
+    DeleteRateBasedRuleResponse.struct_class = Types::DeleteRateBasedRuleResponse
+
     DeleteRuleRequest.add_member(:rule_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "RuleId"))
     DeleteRuleRequest.add_member(:change_token, Shapes::ShapeRef.new(shape: ChangeToken, required: true, location_name: "ChangeToken"))
     DeleteRuleRequest.struct_class = Types::DeleteRuleRequest
@@ -360,6 +397,20 @@ module Aws::WAF
     GetIPSetResponse.add_member(:ip_set, Shapes::ShapeRef.new(shape: IPSet, location_name: "IPSet"))
     GetIPSetResponse.struct_class = Types::GetIPSetResponse
 
+    GetRateBasedRuleManagedKeysRequest.add_member(:rule_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "RuleId"))
+    GetRateBasedRuleManagedKeysRequest.add_member(:next_marker, Shapes::ShapeRef.new(shape: NextMarker, location_name: "NextMarker"))
+    GetRateBasedRuleManagedKeysRequest.struct_class = Types::GetRateBasedRuleManagedKeysRequest
+
+    GetRateBasedRuleManagedKeysResponse.add_member(:managed_keys, Shapes::ShapeRef.new(shape: ManagedKeys, location_name: "ManagedKeys"))
+    GetRateBasedRuleManagedKeysResponse.add_member(:next_marker, Shapes::ShapeRef.new(shape: NextMarker, location_name: "NextMarker"))
+    GetRateBasedRuleManagedKeysResponse.struct_class = Types::GetRateBasedRuleManagedKeysResponse
+
+    GetRateBasedRuleRequest.add_member(:rule_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "RuleId"))
+    GetRateBasedRuleRequest.struct_class = Types::GetRateBasedRuleRequest
+
+    GetRateBasedRuleResponse.add_member(:rule, Shapes::ShapeRef.new(shape: RateBasedRule, location_name: "Rule"))
+    GetRateBasedRuleResponse.struct_class = Types::GetRateBasedRuleResponse
+
     GetRuleRequest.add_member(:rule_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "RuleId"))
     GetRuleRequest.struct_class = Types::GetRuleRequest
 
@@ -454,6 +505,14 @@ module Aws::WAF
     ListIPSetsResponse.add_member(:ip_sets, Shapes::ShapeRef.new(shape: IPSetSummaries, location_name: "IPSets"))
     ListIPSetsResponse.struct_class = Types::ListIPSetsResponse
 
+    ListRateBasedRulesRequest.add_member(:next_marker, Shapes::ShapeRef.new(shape: NextMarker, location_name: "NextMarker"))
+    ListRateBasedRulesRequest.add_member(:limit, Shapes::ShapeRef.new(shape: PaginationLimit, location_name: "Limit"))
+    ListRateBasedRulesRequest.struct_class = Types::ListRateBasedRulesRequest
+
+    ListRateBasedRulesResponse.add_member(:next_marker, Shapes::ShapeRef.new(shape: NextMarker, location_name: "NextMarker"))
+    ListRateBasedRulesResponse.add_member(:rules, Shapes::ShapeRef.new(shape: RuleSummaries, location_name: "Rules"))
+    ListRateBasedRulesResponse.struct_class = Types::ListRateBasedRulesResponse
+
     ListRulesRequest.add_member(:next_marker, Shapes::ShapeRef.new(shape: NextMarker, location_name: "NextMarker"))
     ListRulesRequest.add_member(:limit, Shapes::ShapeRef.new(shape: PaginationLimit, location_name: "Limit"))
     ListRulesRequest.struct_class = Types::ListRulesRequest
@@ -494,6 +553,8 @@ module Aws::WAF
     ListXssMatchSetsResponse.add_member(:xss_match_sets, Shapes::ShapeRef.new(shape: XssMatchSetSummaries, location_name: "XssMatchSets"))
     ListXssMatchSetsResponse.struct_class = Types::ListXssMatchSetsResponse
 
+    ManagedKeys.member = Shapes::ShapeRef.new(shape: ManagedKey)
+
     Predicate.add_member(:negated, Shapes::ShapeRef.new(shape: Negated, required: true, location_name: "Negated"))
     Predicate.add_member(:type, Shapes::ShapeRef.new(shape: PredicateType, required: true, location_name: "Type"))
     Predicate.add_member(:data_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "DataId"))
@@ -501,6 +562,14 @@ module Aws::WAF
 
     Predicates.member = Shapes::ShapeRef.new(shape: Predicate)
 
+    RateBasedRule.add_member(:rule_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "RuleId"))
+    RateBasedRule.add_member(:name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "Name"))
+    RateBasedRule.add_member(:metric_name, Shapes::ShapeRef.new(shape: MetricName, location_name: "MetricName"))
+    RateBasedRule.add_member(:match_predicates, Shapes::ShapeRef.new(shape: Predicates, required: true, location_name: "MatchPredicates"))
+    RateBasedRule.add_member(:rate_key, Shapes::ShapeRef.new(shape: RateKey, required: true, location_name: "RateKey"))
+    RateBasedRule.add_member(:rate_limit, Shapes::ShapeRef.new(shape: RateLimit, required: true, location_name: "RateLimit"))
+    RateBasedRule.struct_class = Types::RateBasedRule
+
     Rule.add_member(:rule_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "RuleId"))
     Rule.add_member(:name, Shapes::ShapeRef.new(shape: ResourceName, location_name: "Name"))
     Rule.add_member(:metric_name, Shapes::ShapeRef.new(shape: MetricName, location_name: "MetricName"))
@@ -595,6 +664,15 @@ module Aws::WAF
     UpdateIPSetResponse.add_member(:change_token, Shapes::ShapeRef.new(shape: ChangeToken, location_name: "ChangeToken"))
     UpdateIPSetResponse.struct_class = Types::UpdateIPSetResponse
 
+    UpdateRateBasedRuleRequest.add_member(:rule_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "RuleId"))
+    UpdateRateBasedRuleRequest.add_member(:change_token, Shapes::ShapeRef.new(shape: ChangeToken, required: true, location_name: "ChangeToken"))
+    UpdateRateBasedRuleRequest.add_member(:updates, Shapes::ShapeRef.new(shape: RuleUpdates, required: true, location_name: "Updates"))
+    UpdateRateBasedRuleRequest.add_member(:rate_limit, Shapes::ShapeRef.new(shape: RateLimit, required: true, location_name: "RateLimit"))
+    UpdateRateBasedRuleRequest.struct_class = Types::UpdateRateBasedRuleRequest
+
+    UpdateRateBasedRuleResponse.add_member(:change_token, Shapes::ShapeRef.new(shape: ChangeToken, location_name: "ChangeToken"))
+    UpdateRateBasedRuleResponse.struct_class = Types::UpdateRateBasedRuleResponse
+
     UpdateRuleRequest.add_member(:rule_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "RuleId"))
     UpdateRuleRequest.add_member(:change_token, Shapes::ShapeRef.new(shape: ChangeToken, required: true, location_name: "ChangeToken"))
     UpdateRuleRequest.add_member(:updates, Shapes::ShapeRef.new(shape: RuleUpdates, required: true, location_name: "Updates"))
@@ -724,6 +802,19 @@ module Aws::WAF
         o.errors << Shapes::ShapeRef.new(shape: WAFLimitsExceededException)
       end)
 
+      api.add_operation(:create_rate_based_rule, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "CreateRateBasedRule"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: CreateRateBasedRuleRequest)
+        o.output = Shapes::ShapeRef.new(shape: CreateRateBasedRuleResponse)
+        o.errors << Shapes::ShapeRef.new(shape: WAFStaleDataException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFDisallowedNameException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFLimitsExceededException)
+      end)
+
       api.add_operation(:create_rule, Seahorse::Model::Operation.new.tap do |o|
         o.name = "CreateRule"
         o.http_method = "POST"
@@ -821,6 +912,20 @@ module Aws::WAF
         o.errors << Shapes::ShapeRef.new(shape: WAFNonEmptyEntityException)
       end)
 
+      api.add_operation(:delete_rate_based_rule, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "DeleteRateBasedRule"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: DeleteRateBasedRuleRequest)
+        o.output = Shapes::ShapeRef.new(shape: DeleteRateBasedRuleResponse)
+        o.errors << Shapes::ShapeRef.new(shape: WAFStaleDataException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInvalidAccountException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFNonexistentItemException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFReferencedItemException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFNonEmptyEntityException)
+      end)
+
       api.add_operation(:delete_rule, Seahorse::Model::Operation.new.tap do |o|
         o.name = "DeleteRule"
         o.http_method = "POST"
@@ -932,6 +1037,29 @@ module Aws::WAF
         o.errors << Shapes::ShapeRef.new(shape: WAFNonexistentItemException)
       end)
 
+      api.add_operation(:get_rate_based_rule, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetRateBasedRule"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: GetRateBasedRuleRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetRateBasedRuleResponse)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInvalidAccountException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFNonexistentItemException)
+      end)
+
+      api.add_operation(:get_rate_based_rule_managed_keys, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetRateBasedRuleManagedKeys"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: GetRateBasedRuleManagedKeysRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetRateBasedRuleManagedKeysResponse)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInvalidAccountException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFNonexistentItemException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInvalidParameterException)
+      end)
+
       api.add_operation(:get_rule, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetRule"
         o.http_method = "POST"
@@ -1017,6 +1145,16 @@ module Aws::WAF
         o.errors << Shapes::ShapeRef.new(shape: WAFInvalidAccountException)
       end)
 
+      api.add_operation(:list_rate_based_rules, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ListRateBasedRules"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: ListRateBasedRulesRequest)
+        o.output = Shapes::ShapeRef.new(shape: ListRateBasedRulesResponse)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInvalidAccountException)
+      end)
+
       api.add_operation(:list_rules, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ListRules"
         o.http_method = "POST"
@@ -1100,6 +1238,23 @@ module Aws::WAF
         o.errors << Shapes::ShapeRef.new(shape: WAFLimitsExceededException)
       end)
 
+      api.add_operation(:update_rate_based_rule, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "UpdateRateBasedRule"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: UpdateRateBasedRuleRequest)
+        o.output = Shapes::ShapeRef.new(shape: UpdateRateBasedRuleResponse)
+        o.errors << Shapes::ShapeRef.new(shape: WAFStaleDataException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInvalidAccountException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInvalidOperationException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFNonexistentContainerException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFNonexistentItemException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFReferencedItemException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFLimitsExceededException)
+      end)
+
       api.add_operation(:update_rule, Seahorse::Model::Operation.new.tap do |o|
         o.name = "UpdateRule"
         o.http_method = "POST"

data/lib/aws-sdk-waf/types.rb

@@ -25,6 +25,7 @@ module Aws::WAF
     #         action: { # required
     #           type: "BLOCK", # required, accepts BLOCK, ALLOW, COUNT
     #         },
+    #         type: "REGULAR", # accepts REGULAR, RATE_BASED
     #       }
     #
     # @!attribute [rw] priority
@@ -59,12 +60,22 @@ module Aws::WAF
     #     request based on the remaining rules in the web ACL.
     #   @return [Types::WafAction]
     #
+    # @!attribute [rw] type
+    #   The rule type, either `REGULAR`, as defined by Rule, or
+    #   `RATE_BASED`, as defined by RateBasedRule. The default is REGULAR.
+    #   Although this field is optional, be aware that if you try to add a
+    #   RATE\_BASED rule to a web ACL without setting the type, the
+    #   UpdateWebACL request will fail because the request tries to add a
+    #   REGULAR rule with the specified ID, which does not exist.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/ActivatedRule AWS API Documentation
     #
     class ActivatedRule < Struct.new(
       :priority,
       :rule_id,
-      :action)
+      :action,
+      :type)
       include Aws::Structure
     end
 
@@ -476,6 +487,81 @@ module Aws::WAF
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass CreateRateBasedRuleRequest
+    #   data as a hash:
+    #
+    #       {
+    #         name: "ResourceName", # required
+    #         metric_name: "MetricName", # required
+    #         rate_key: "IP", # required, accepts IP
+    #         rate_limit: 1, # required
+    #         change_token: "ChangeToken", # required
+    #       }
+    #
+    # @!attribute [rw] name
+    #   A friendly name or description of the RateBasedRule. You can't
+    #   change the name of a `RateBasedRule` after you create it.
+    #   @return [String]
+    #
+    # @!attribute [rw] metric_name
+    #   A friendly name or description for the metrics for this
+    #   `RateBasedRule`. The name can contain only alphanumeric characters
+    #   (A-Z, a-z, 0-9); the name can't contain whitespace. You can't
+    #   change the name of the metric after you create the `RateBasedRule`.
+    #   @return [String]
+    #
+    # @!attribute [rw] rate_key
+    #   The field that AWS WAF uses to determine if requests are likely
+    #   arriving from a single source and thus subject to rate monitoring.
+    #   The only valid value for `RateKey` is `IP`. `IP` indicates that
+    #   requests that arrive from the same IP address are subject to the
+    #   `RateLimit` that is specified in the `RateBasedRule`.
+    #   @return [String]
+    #
+    # @!attribute [rw] rate_limit
+    #   The maximum number of requests, which have an identical value in the
+    #   field that is specified by `RateKey`, allowed in a five-minute
+    #   period. If the number of requests exceeds the `RateLimit` and the
+    #   other predicates specified in the rule are also met, AWS WAF
+    #   triggers the action that is specified for this rule.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] change_token
+    #   The `ChangeToken` that you used to submit the `CreateRateBasedRule`
+    #   request. You can also use this value to query the status of the
+    #   request. For more information, see GetChangeTokenStatus.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/CreateRateBasedRuleRequest AWS API Documentation
+    #
+    class CreateRateBasedRuleRequest < Struct.new(
+      :name,
+      :metric_name,
+      :rate_key,
+      :rate_limit,
+      :change_token)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] rule
+    #   The RateBasedRule that is returned in the `CreateRateBasedRule`
+    #   response.
+    #   @return [Types::RateBasedRule]
+    #
+    # @!attribute [rw] change_token
+    #   The `ChangeToken` that you used to submit the `CreateRateBasedRule`
+    #   request. You can also use this value to query the status of the
+    #   request. For more information, see GetChangeTokenStatus.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/CreateRateBasedRuleResponse AWS API Documentation
+    #
+    class CreateRateBasedRuleResponse < Struct.new(
+      :rule,
+      :change_token)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass CreateRuleRequest
     #   data as a hash:
     #
@@ -808,6 +894,44 @@ module Aws::WAF
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass DeleteRateBasedRuleRequest
+    #   data as a hash:
+    #
+    #       {
+    #         rule_id: "ResourceId", # required
+    #         change_token: "ChangeToken", # required
+    #       }
+    #
+    # @!attribute [rw] rule_id
+    #   The `RuleId` of the RateBasedRule that you want to delete. `RuleId`
+    #   is returned by CreateRateBasedRule and by ListRateBasedRules.
+    #   @return [String]
+    #
+    # @!attribute [rw] change_token
+    #   The value returned by the most recent call to GetChangeToken.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/DeleteRateBasedRuleRequest AWS API Documentation
+    #
+    class DeleteRateBasedRuleRequest < Struct.new(
+      :rule_id,
+      :change_token)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] change_token
+    #   The `ChangeToken` that you used to submit the `DeleteRateBasedRule`
+    #   request. You can also use this value to query the status of the
+    #   request. For more information, see GetChangeTokenStatus.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/DeleteRateBasedRuleResponse AWS API Documentation
+    #
+    class DeleteRateBasedRuleResponse < Struct.new(
+      :change_token)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass DeleteRuleRequest
     #   data as a hash:
     #
@@ -1195,6 +1319,81 @@ module Aws::WAF
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass GetRateBasedRuleManagedKeysRequest
+    #   data as a hash:
+    #
+    #       {
+    #         rule_id: "ResourceId", # required
+    #         next_marker: "NextMarker",
+    #       }
+    #
+    # @!attribute [rw] rule_id
+    #   The `RuleId` of the RateBasedRule for which you want to get a list
+    #   of `ManagedKeys`. `RuleId` is returned by CreateRateBasedRule and by
+    #   ListRateBasedRules.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_marker
+    #   A null value and not currently used. Do not include this in your
+    #   request.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/GetRateBasedRuleManagedKeysRequest AWS API Documentation
+    #
+    class GetRateBasedRuleManagedKeysRequest < Struct.new(
+      :rule_id,
+      :next_marker)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] managed_keys
+    #   An array of IP addresses that currently are blocked by the specified
+    #   RateBasedRule.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] next_marker
+    #   A null value and not currently used.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/GetRateBasedRuleManagedKeysResponse AWS API Documentation
+    #
+    class GetRateBasedRuleManagedKeysResponse < Struct.new(
+      :managed_keys,
+      :next_marker)
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass GetRateBasedRuleRequest
+    #   data as a hash:
+    #
+    #       {
+    #         rule_id: "ResourceId", # required
+    #       }
+    #
+    # @!attribute [rw] rule_id
+    #   The `RuleId` of the RateBasedRule that you want to get. `RuleId` is
+    #   returned by CreateRateBasedRule and by ListRateBasedRules.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/GetRateBasedRuleRequest AWS API Documentation
+    #
+    class GetRateBasedRuleRequest < Struct.new(
+      :rule_id)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] rule
+    #   Information about the RateBasedRule that you specified in the
+    #   `GetRateBasedRule` request.
+    #   @return [Types::RateBasedRule]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/GetRateBasedRuleResponse AWS API Documentation
+    #
+    class GetRateBasedRuleResponse < Struct.new(
+      :rule)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass GetRuleRequest
     #   data as a hash:
     #
@@ -1605,14 +1804,9 @@ module Aws::WAF
     # @!attribute [rw] ip_set_descriptors
     #   The IP address type (`IPV4` or `IPV6`) and the IP address range (in
     #   CIDR notation) that web requests originate from. If the `WebACL` is
-    #   associated with a CloudFront distribution, this is the value of one
-    #   of the following fields in CloudFront access logs:
-    #
-    #   * `c-ip`, if the viewer did not use an HTTP proxy or a load balancer
-    #     to send the request
-    #
-    #   * `x-forwarded-for`, if the viewer did use an HTTP proxy or a load
-    #     balancer to send the request
+    #   associated with a CloudFront distribution and the viewer did not use
+    #   an HTTP proxy or a load balancer to send the request, this is the
+    #   value of the c-ip field in the CloudFront access logs.
     #   @return [Array<Types::IPSetDescriptor>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/IPSet AWS API Documentation
@@ -1836,6 +2030,58 @@ module Aws::WAF
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListRateBasedRulesRequest
+    #   data as a hash:
+    #
+    #       {
+    #         next_marker: "NextMarker",
+    #         limit: 1,
+    #       }
+    #
+    # @!attribute [rw] next_marker
+    #   If you specify a value for `Limit` and you have more `Rules` than
+    #   the value of `Limit`, AWS WAF returns a `NextMarker` value in the
+    #   response that allows you to list another group of `Rules`. For the
+    #   second and subsequent `ListRateBasedRules` requests, specify the
+    #   value of `NextMarker` from the previous response to get information
+    #   about another batch of `Rules`.
+    #   @return [String]
+    #
+    # @!attribute [rw] limit
+    #   Specifies the number of `Rules` that you want AWS WAF to return for
+    #   this request. If you have more `Rules` than the number that you
+    #   specify for `Limit`, the response includes a `NextMarker` value that
+    #   you can use to get another batch of `Rules`.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/ListRateBasedRulesRequest AWS API Documentation
+    #
+    class ListRateBasedRulesRequest < Struct.new(
+      :next_marker,
+      :limit)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] next_marker
+    #   If you have more `Rules` than the number that you specified for
+    #   `Limit` in the request, the response includes a `NextMarker` value.
+    #   To list more `Rules`, submit another `ListRateBasedRules` request,
+    #   and specify the `NextMarker` value from the response in the
+    #   `NextMarker` value in the next request.
+    #   @return [String]
+    #
+    # @!attribute [rw] rules
+    #   An array of RuleSummary objects.
+    #   @return [Array<Types::RuleSummary>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/ListRateBasedRulesResponse AWS API Documentation
+    #
+    class ListRateBasedRulesResponse < Struct.new(
+      :next_marker,
+      :rules)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListRulesRequest
     #   data as a hash:
     #
@@ -2165,6 +2411,77 @@ module Aws::WAF
       include Aws::Structure
     end
 
+    # A `RateBasedRule` is identical to a regular Rule, with one addition: a
+    # `RateBasedRule` counts the number of requests that arrive from a
+    # specified IP address every five minutes. For example, based on recent
+    # requests that you've seen from an attacker, you might create a
+    # `RateBasedRule` that includes the following conditions:
+    #
+    # * The requests come from 192.0.2.44.
+    #
+    # * They contain the value `BadBot` in the `User-Agent` header.
+    #
+    # In the rule, you also define the rate limit as 15,000.
+    #
+    # Requests that meet both of these conditions and exceed 15,000 requests
+    # every five minutes trigger the rule's action (block or count), which
+    # is defined in the web ACL.
+    #
+    # @!attribute [rw] rule_id
+    #   A unique identifier for a `RateBasedRule`. You use `RuleId` to get
+    #   more information about a `RateBasedRule` (see GetRateBasedRule),
+    #   update a `RateBasedRule` (see UpdateRateBasedRule), insert a
+    #   `RateBasedRule` into a `WebACL` or delete one from a `WebACL` (see
+    #   UpdateWebACL), or delete a `RateBasedRule` from AWS WAF (see
+    #   DeleteRateBasedRule).
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   A friendly name or description for a `RateBasedRule`. You can't
+    #   change the name of a `RateBasedRule` after you create it.
+    #   @return [String]
+    #
+    # @!attribute [rw] metric_name
+    #   A friendly name or description for the metrics for a
+    #   `RateBasedRule`. The name can contain only alphanumeric characters
+    #   (A-Z, a-z, 0-9); the name can't contain whitespace. You can't
+    #   change the name of the metric after you create the `RateBasedRule`.
+    #   @return [String]
+    #
+    # @!attribute [rw] match_predicates
+    #   The `Predicates` object contains one `Predicate` element for each
+    #   ByteMatchSet, IPSet, or SqlInjectionMatchSet object that you want to
+    #   include in a `RateBasedRule`.
+    #   @return [Array<Types::Predicate>]
+    #
+    # @!attribute [rw] rate_key
+    #   The field that AWS WAF uses to determine if requests are likely
+    #   arriving from single source and thus subject to rate monitoring. The
+    #   only valid value for `RateKey` is `IP`. `IP` indicates that requests
+    #   arriving from the same IP address are subject to the `RateLimit`
+    #   that is specified in the `RateBasedRule`.
+    #   @return [String]
+    #
+    # @!attribute [rw] rate_limit
+    #   The maximum number of requests, which have an identical value in the
+    #   field specified by the `RateKey`, allowed in a five-minute period.
+    #   If the number of requests exceeds the `RateLimit` and the other
+    #   predicates specified in the rule are also met, AWS WAF triggers the
+    #   action that is specified for this rule.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/RateBasedRule AWS API Documentation
+    #
+    class RateBasedRule < Struct.new(
+      :rule_id,
+      :name,
+      :metric_name,
+      :match_predicates,
+      :rate_key,
+      :rate_limit)
+      include Aws::Structure
+    end
+
     # A combination of ByteMatchSet, IPSet, and/or SqlInjectionMatchSet
     # objects that identify the web requests that you want to allow, block,
     # or count. For example, you might create a `Rule` that includes the
@@ -2951,6 +3268,71 @@ module Aws::WAF
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass UpdateRateBasedRuleRequest
+    #   data as a hash:
+    #
+    #       {
+    #         rule_id: "ResourceId", # required
+    #         change_token: "ChangeToken", # required
+    #         updates: [ # required
+    #           {
+    #             action: "INSERT", # required, accepts INSERT, DELETE
+    #             predicate: { # required
+    #               negated: false, # required
+    #               type: "IPMatch", # required, accepts IPMatch, ByteMatch, SqlInjectionMatch, SizeConstraint, XssMatch
+    #               data_id: "ResourceId", # required
+    #             },
+    #           },
+    #         ],
+    #         rate_limit: 1, # required
+    #       }
+    #
+    # @!attribute [rw] rule_id
+    #   The `RuleId` of the `RateBasedRule` that you want to update.
+    #   `RuleId` is returned by `CreateRateBasedRule` and by
+    #   ListRateBasedRules.
+    #   @return [String]
+    #
+    # @!attribute [rw] change_token
+    #   The value returned by the most recent call to GetChangeToken.
+    #   @return [String]
+    #
+    # @!attribute [rw] updates
+    #   An array of `RuleUpdate` objects that you want to insert into or
+    #   delete from a RateBasedRule.
+    #   @return [Array<Types::RuleUpdate>]
+    #
+    # @!attribute [rw] rate_limit
+    #   The maximum number of requests, which have an identical value in the
+    #   field specified by the `RateKey`, allowed in a five-minute period.
+    #   If the number of requests exceeds the `RateLimit` and the other
+    #   predicates specified in the rule are also met, AWS WAF triggers the
+    #   action that is specified for this rule.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/UpdateRateBasedRuleRequest AWS API Documentation
+    #
+    class UpdateRateBasedRuleRequest < Struct.new(
+      :rule_id,
+      :change_token,
+      :updates,
+      :rate_limit)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] change_token
+    #   The `ChangeToken` that you used to submit the `UpdateRateBasedRule`
+    #   request. You can also use this value to query the status of the
+    #   request. For more information, see GetChangeTokenStatus.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/UpdateRateBasedRuleResponse AWS API Documentation
+    #
+    class UpdateRateBasedRuleResponse < Struct.new(
+      :change_token)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass UpdateRuleRequest
     #   data as a hash:
     #
@@ -3166,6 +3548,7 @@ module Aws::WAF
     #               action: { # required
     #                 type: "BLOCK", # required, accepts BLOCK, ALLOW, COUNT
     #               },
+    #               type: "REGULAR", # accepts REGULAR, RATE_BASED
     #             },
     #           },
     #         ],
@@ -3192,7 +3575,7 @@ module Aws::WAF
     #
     #   * WebACLUpdate: Contains `Action` and `ActivatedRule`
     #
-    #   * ActivatedRule: Contains `Action`, `Priority`, and `RuleId`
+    #   * ActivatedRule: Contains `Action`, `Priority`, `RuleId`, and `Type`
     #
     #   * WafAction: Contains `Type`
     #   @return [Array<Types::WebACLUpdate>]
@@ -3421,6 +3804,7 @@ module Aws::WAF
     #           action: { # required
     #             type: "BLOCK", # required, accepts BLOCK, ALLOW, COUNT
     #           },
+    #           type: "REGULAR", # accepts REGULAR, RATE_BASED
     #         },
     #       }
     #

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-waf
 version: !ruby/object:Gem::Version
-  version: 1.0.0.rc7
+  version: 1.0.0.rc8
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-05-23 00:00:00.000000000 Z
+date: 2017-06-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.0.0.rc12
+        version: 3.0.0.rc13
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 3.0.0.rc12
+        version: 3.0.0.rc13
 - !ruby/object:Gem::Dependency
   name: aws-sigv4
   requirement: !ruby/object:Gem::Requirement