aws-sdk-waf 1.11.0 → 1.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8dc3f5225c9299ec17dc55ca088ea382161d4fce
-  data.tar.gz: c6cc70c2c27483bc1dce3159bc4b58cb34b9115c
+  metadata.gz: b0f22eb70dd62b0bd3e68c33cf3ff62b08cad107
+  data.tar.gz: bdd65e9eb372bab500bb3e91aa54cac2d1bacad8
 SHA512:
-  metadata.gz: 3bd373ff9a4f27f41b29d41a510c4f8165fad9f3420ec68221d21868a78faf13bd1f281f8abd6fc3e0e82b9e69344a57fe48c91bcee6269940966470546d6c0a
-  data.tar.gz: 4d71ebb023523a07927d55bf477c4022f9432037c551e6adfc7caaad21d3e9873e23ea9e998e60d3a1263f2c0559edd3bca554bd0cd021ba33a93d4df28017dc
+  metadata.gz: ba274ad9db9880beca8058f880d3e19f8f8933e6afdfa66e3399fa7875d0e920979676a5501e072d2d3fea74448f92f3ddfb7bf52ccc4f5ee984ec0a07aeb425
+  data.tar.gz: e1120e45498af124d7a361cbdc472b2f7200cceb5928a5c22695eb12bfd594b39fbc2374334017fd960000991f94e61511d8d0889b4d4161f9a062d438a31417

data/lib/aws-sdk-waf.rb

@@ -42,6 +42,6 @@ require_relative 'aws-sdk-waf/customizations'
 # @service
 module Aws::WAF
 
-  GEM_VERSION = '1.11.0'
+  GEM_VERSION = '1.12.0'
 
 end

data/lib/aws-sdk-waf/client.rb

@@ -347,8 +347,8 @@ module Aws::WAF
       req.send_request(options)
     end
 
-    # Creates an IPSet, which you use to specify which web requests you want
-    # to allow or block based on the IP addresses that the requests
+    # Creates an IPSet, which you use to specify which web requests that you
+    # want to allow or block based on the IP addresses that the requests
     # originate from. For example, if you're receiving a lot of requests
     # from one or more individual IP addresses or one or more ranges of IP
     # addresses and you want to block the requests, you can create an
@@ -710,7 +710,7 @@ module Aws::WAF
     # objects, and other predicates that identify the requests that you want
     # to block. If you add more than one predicate to a `Rule`, a request
     # must match all of the specifications to be allowed or blocked. For
-    # example, suppose you add the following to a `Rule`\:
+    # example, suppose that you add the following to a `Rule`\:
     #
     # * An `IPSet` that matches the IP address `192.0.2.44/32`
     #
@@ -755,7 +755,7 @@ module Aws::WAF
     # @option params [required, String] :metric_name
     #   A friendly name or description for the metrics for this `Rule`. The
     #   name can contain only alphanumeric characters (A-Z, a-z, 0-9); the
-    #   name can't contain whitespace. You can't change the name of the
+    #   name can't contain white space. You can't change the name of the
     #   metric after you create the `Rule`.
     #
     # @option params [required, String] :change_token
@@ -1123,7 +1123,7 @@ module Aws::WAF
     # @option params [required, String] :metric_name
     #   A friendly name or description for the metrics for this `WebACL`. The
     #   name can contain only alphanumeric characters (A-Z, a-z, 0-9); the
-    #   name can't contain whitespace. You can't change `MetricName` after
+    #   name can't contain white space. You can't change `MetricName` after
     #   you create the `WebACL`.
     #
     # @option params [required, Types::WafAction] :default_action
@@ -1198,6 +1198,9 @@ module Aws::WAF
     #   resp.web_acl.rules[0].action.type #=> String, one of "BLOCK", "ALLOW", "COUNT"
     #   resp.web_acl.rules[0].override_action.type #=> String, one of "NONE", "COUNT"
     #   resp.web_acl.rules[0].type #=> String, one of "REGULAR", "RATE_BASED", "GROUP"
+    #   resp.web_acl.rules[0].excluded_rules #=> Array
+    #   resp.web_acl.rules[0].excluded_rules[0].rule_id #=> String
+    #   resp.web_acl.web_acl_arn #=> String
     #   resp.change_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/CreateWebACL AWS API Documentation
@@ -2905,6 +2908,9 @@ module Aws::WAF
     #   resp.web_acl.rules[0].action.type #=> String, one of "BLOCK", "ALLOW", "COUNT"
     #   resp.web_acl.rules[0].override_action.type #=> String, one of "NONE", "COUNT"
     #   resp.web_acl.rules[0].type #=> String, one of "REGULAR", "RATE_BASED", "GROUP"
+    #   resp.web_acl.rules[0].excluded_rules #=> Array
+    #   resp.web_acl.rules[0].excluded_rules[0].rule_id #=> String
+    #   resp.web_acl.web_acl_arn #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/GetWebACL AWS API Documentation
     #
@@ -3018,6 +3024,8 @@ module Aws::WAF
     #   resp.activated_rules[0].action.type #=> String, one of "BLOCK", "ALLOW", "COUNT"
     #   resp.activated_rules[0].override_action.type #=> String, one of "NONE", "COUNT"
     #   resp.activated_rules[0].type #=> String, one of "REGULAR", "RATE_BASED", "GROUP"
+    #   resp.activated_rules[0].excluded_rules #=> Array
+    #   resp.activated_rules[0].excluded_rules[0].rule_id #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/ListActivatedRulesInRuleGroup AWS API Documentation
     #
@@ -3781,28 +3789,25 @@ module Aws::WAF
     # You can access information about all traffic that AWS WAF inspects
     # using the following steps:
     #
-    # 1.  Create an Amazon Kinesis Data Firehose delivery stream. For more
-    #     information, see [Creating an Amazon Kinesis Data Firehose
-    #     Delivery Stream][1].
+    # 1.  Create an Amazon Kinesis Data Firehose .
     #
-    # 2.  Associate that delivery stream to your web ACL using a
+    # 2.  Associate that firehose to your web ACL using a
     #     `PutLoggingConfiguration` request.
     #
     # When you successfully enable logging using a `PutLoggingConfiguration`
     # request, AWS WAF will create a service linked role with the necessary
-    # permissions to write logs to the Amazon Kinesis Data Firehose delivery
-    # stream. For more information, see [Logging Web ACL Traffic
-    # Information][2] in the *AWS WAF Developer Guide*.
+    # permissions to write logs to the Amazon Kinesis Data Firehose. For
+    # more information, see [Logging Web ACL Traffic Information][1] in the
+    # *AWS WAF Developer Guide*.
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/firehose/latest/dev/what-is-this-service.html
-    # [2]: http://docs.aws.amazon.com/waf/latest/developerguide/logging.html
+    # [1]: http://docs.aws.amazon.com/waf/latest/developerguide/logging.html
     #
     # @option params [required, Types::LoggingConfiguration] :logging_configuration
-    #   The Amazon Kinesis Data Firehose delivery streams that contains the
-    #   inspected traffic information, the redacted fields details, and the
-    #   Amazon Resource Name (ARN) of the web ACL to monitor.
+    #   The Amazon Kinesis Data Firehose that contains the inspected traffic
+    #   information, the redacted fields details, and the Amazon Resource Name
+    #   (ARN) of the web ACL to monitor.
     #
     # @return [Types::PutLoggingConfigurationResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -4534,7 +4539,7 @@ module Aws::WAF
     # that specifies the web requests that you want to allow, block, or
     # count. If you add more than one predicate to a `Rule`, a request must
     # match all of the specifications to be allowed, blocked, or counted.
-    # For example, suppose you add the following to a `Rule`\:
+    # For example, suppose that you add the following to a `Rule`\:
     #
     # * A `ByteMatchSet` that matches the value `BadBot` in the `User-Agent`
     #   header
@@ -4718,6 +4723,11 @@ module Aws::WAF
     #             type: "NONE", # required, accepts NONE, COUNT
     #           },
     #           type: "REGULAR", # accepts REGULAR, RATE_BASED, GROUP
+    #           excluded_rules: [
+    #             {
+    #               rule_id: "ResourceId", # required
+    #             },
+    #           ],
     #         },
     #       },
     #     ],
@@ -4897,9 +4907,9 @@ module Aws::WAF
     #   You can only specify a single type of TextTransformation.
     #
     # You use `SqlInjectionMatchSet` objects to specify which CloudFront
-    # requests you want to allow, block, or count. For example, if you're
-    # receiving requests that contain snippets of SQL code in the query
-    # string and you want to block the requests, you can create a
+    # requests that you want to allow, block, or count. For example, if
+    # you're receiving requests that contain snippets of SQL code in the
+    # query string and you want to block the requests, you can create a
     # `SqlInjectionMatchSet` with the applicable settings, and then
     # configure AWS WAF to block the requests.
     #
@@ -5014,9 +5024,9 @@ module Aws::WAF
     #   WAF performs the default action if a request doesn't match the
     #   criteria in any of the `Rules` in a `WebACL`.
     #
-    # * The `Rules` that you want to add and/or delete. If you want to
-    #   replace one `Rule` with another, you delete the existing `Rule` and
-    #   add the new one.
+    # * The `Rules` that you want to add or delete. If you want to replace
+    #   one `Rule` with another, you delete the existing `Rule` and add the
+    #   new one.
     #
     # * For each `Rule`, whether you want AWS WAF to allow requests, block
     #   requests, or count requests that match the conditions in the `Rule`.
@@ -5025,11 +5035,11 @@ module Aws::WAF
     #   `WebACL`. If you add more than one `Rule` to a `WebACL`, AWS WAF
     #   evaluates each request against the `Rules` in order based on the
     #   value of `Priority`. (The `Rule` that has the lowest value for
-    #   `Priority` is evaluated first.) When a web request matches all of
-    #   the predicates (such as `ByteMatchSets` and `IPSets`) in a `Rule`,
-    #   AWS WAF immediately takes the corresponding action, allow or block,
-    #   and doesn't evaluate the request against the remaining `Rules` in
-    #   the `WebACL`, if any.
+    #   `Priority` is evaluated first.) When a web request matches all the
+    #   predicates (such as `ByteMatchSets` and `IPSets`) in a `Rule`, AWS
+    #   WAF immediately takes the corresponding action, allow or block, and
+    #   doesn't evaluate the request against the remaining `Rules` in the
+    #   `WebACL`, if any.
     #
     # To create and configure a `WebACL`, perform the following steps:
     #
@@ -5050,6 +5060,16 @@ module Aws::WAF
     #     want to include in the `WebACL`, to specify the default action,
     #     and to associate the `WebACL` with a CloudFront distribution.
     #
+    #     The `ActivatedRule` can be a rule group. If you specify a rule
+    #     group as your `ActivatedRule`, you can exclude specific rules from
+    #     that rule group.
+    #
+    #     If you already have a rule group associated with a web ACL and
+    #     want to submit an `UpdateWebACL` request to exclude certain rules
+    #     from that rule group, you must first remove the rule group from
+    #     the web ACL, the re-insert it again, specifying the excluded
+    #     rules. For details, see ActivatedRule$ExcludedRules.
+    #
     # Be aware that if you try to add a RATE\_BASED rule to a web ACL
     # without setting the rule type when first creating the rule, the
     # UpdateWebACL request will fail because the request tries to add a
@@ -5081,7 +5101,7 @@ module Aws::WAF
     #
     #   * ActivatedRule: Contains `Action`, `OverrideAction`, `Priority`,
     #     `RuleId`, and `Type`. `ActivatedRule|OverrideAction` applies only
-    #     when updating or adding a `RuleGroup` to a `WebACL`. In this case
+    #     when updating or adding a `RuleGroup` to a `WebACL`. In this case,
     #     you do not use `ActivatedRule|Action`. For all other update
     #     requests, `ActivatedRule|Action` is used instead of
     #     `ActivatedRule|OverrideAction`.
@@ -5145,6 +5165,11 @@ module Aws::WAF
     #             type: "NONE", # required, accepts NONE, COUNT
     #           },
     #           type: "REGULAR", # accepts REGULAR, RATE_BASED, GROUP
+    #           excluded_rules: [
+    #             {
+    #               rule_id: "ResourceId", # required
+    #             },
+    #           ],
     #         },
     #       },
     #     ],
@@ -5170,8 +5195,8 @@ module Aws::WAF
     # For each `XssMatchTuple` object, you specify the following values:
     #
     # * `Action`\: Whether to insert the object into or delete the object
-    #   from the array. To change a `XssMatchTuple`, you delete the existing
-    #   object and add a new one.
+    #   from the array. To change an `XssMatchTuple`, you delete the
+    #   existing object and add a new one.
     #
     # * `FieldToMatch`\: The part of web requests that you want AWS WAF to
     #   inspect and, if you want AWS WAF to inspect a header or custom query
@@ -5183,12 +5208,12 @@ module Aws::WAF
     #
     #   You can only specify a single type of TextTransformation.
     #
-    # You use `XssMatchSet` objects to specify which CloudFront requests you
-    # want to allow, block, or count. For example, if you're receiving
-    # requests that contain cross-site scripting attacks in the request body
-    # and you want to block the requests, you can create an `XssMatchSet`
-    # with the applicable settings, and then configure AWS WAF to block the
-    # requests.
+    # You use `XssMatchSet` objects to specify which CloudFront requests
+    # that you want to allow, block, or count. For example, if you're
+    # receiving requests that contain cross-site scripting attacks in the
+    # request body and you want to block the requests, you can create an
+    # `XssMatchSet` with the applicable settings, and then configure AWS WAF
+    # to block the requests.
     #
     # To create and configure an `XssMatchSet`, perform the following steps:
     #
@@ -5218,8 +5243,8 @@ module Aws::WAF
     #
     # @option params [required, Array<Types::XssMatchSetUpdate>] :updates
     #   An array of `XssMatchSetUpdate` objects that you want to insert into
-    #   or delete from a XssMatchSet. For more information, see the applicable
-    #   data types:
+    #   or delete from an XssMatchSet. For more information, see the
+    #   applicable data types:
     #
     #   * XssMatchSetUpdate: Contains `Action` and `XssMatchTuple`
     #
@@ -5303,7 +5328,7 @@ module Aws::WAF
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-waf'
-      context[:gem_version] = '1.11.0'
+      context[:gem_version] = '1.12.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-waf/client_api.rb

@@ -79,6 +79,8 @@ module Aws::WAF
     DeleteWebACLResponse = Shapes::StructureShape.new(name: 'DeleteWebACLResponse')
     DeleteXssMatchSetRequest = Shapes::StructureShape.new(name: 'DeleteXssMatchSetRequest')
     DeleteXssMatchSetResponse = Shapes::StructureShape.new(name: 'DeleteXssMatchSetResponse')
+    ExcludedRule = Shapes::StructureShape.new(name: 'ExcludedRule')
+    ExcludedRules = Shapes::ListShape.new(name: 'ExcludedRules')
     FieldToMatch = Shapes::StructureShape.new(name: 'FieldToMatch')
     GeoMatchConstraint = Shapes::StructureShape.new(name: 'GeoMatchConstraint')
     GeoMatchConstraintType = Shapes::StringShape.new(name: 'GeoMatchConstraintType')
@@ -289,6 +291,7 @@ module Aws::WAF
     WAFNonexistentContainerException = Shapes::StructureShape.new(name: 'WAFNonexistentContainerException')
     WAFNonexistentItemException = Shapes::StructureShape.new(name: 'WAFNonexistentItemException')
     WAFReferencedItemException = Shapes::StructureShape.new(name: 'WAFReferencedItemException')
+    WAFServiceLinkedRoleErrorException = Shapes::StructureShape.new(name: 'WAFServiceLinkedRoleErrorException')
     WAFStaleDataException = Shapes::StructureShape.new(name: 'WAFStaleDataException')
     WAFSubscriptionNotFoundException = Shapes::StructureShape.new(name: 'WAFSubscriptionNotFoundException')
     WafAction = Shapes::StructureShape.new(name: 'WafAction')
@@ -315,6 +318,7 @@ module Aws::WAF
     ActivatedRule.add_member(:action, Shapes::ShapeRef.new(shape: WafAction, location_name: "Action"))
     ActivatedRule.add_member(:override_action, Shapes::ShapeRef.new(shape: WafOverrideAction, location_name: "OverrideAction"))
     ActivatedRule.add_member(:type, Shapes::ShapeRef.new(shape: WafRuleType, location_name: "Type"))
+    ActivatedRule.add_member(:excluded_rules, Shapes::ShapeRef.new(shape: ExcludedRules, location_name: "ExcludedRules"))
     ActivatedRule.struct_class = Types::ActivatedRule
 
     ActivatedRules.member = Shapes::ShapeRef.new(shape: ActivatedRule)
@@ -541,6 +545,11 @@ module Aws::WAF
     DeleteXssMatchSetResponse.add_member(:change_token, Shapes::ShapeRef.new(shape: ChangeToken, location_name: "ChangeToken"))
     DeleteXssMatchSetResponse.struct_class = Types::DeleteXssMatchSetResponse
 
+    ExcludedRule.add_member(:rule_id, Shapes::ShapeRef.new(shape: ResourceId, required: true, location_name: "RuleId"))
+    ExcludedRule.struct_class = Types::ExcludedRule
+
+    ExcludedRules.member = Shapes::ShapeRef.new(shape: ExcludedRule)
+
     FieldToMatch.add_member(:type, Shapes::ShapeRef.new(shape: MatchFieldType, required: true, location_name: "Type"))
     FieldToMatch.add_member(:data, Shapes::ShapeRef.new(shape: MatchFieldData, location_name: "Data"))
     FieldToMatch.struct_class = Types::FieldToMatch
@@ -1135,6 +1144,7 @@ module Aws::WAF
     WebACL.add_member(:metric_name, Shapes::ShapeRef.new(shape: MetricName, location_name: "MetricName"))
     WebACL.add_member(:default_action, Shapes::ShapeRef.new(shape: WafAction, required: true, location_name: "DefaultAction"))
     WebACL.add_member(:rules, Shapes::ShapeRef.new(shape: ActivatedRules, required: true, location_name: "Rules"))
+    WebACL.add_member(:web_acl_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "WebACLArn"))
     WebACL.struct_class = Types::WebACL
 
     WebACLSummaries.member = Shapes::ShapeRef.new(shape: WebACLSummary)
@@ -1893,6 +1903,7 @@ module Aws::WAF
         o.errors << Shapes::ShapeRef.new(shape: WAFInternalErrorException)
         o.errors << Shapes::ShapeRef.new(shape: WAFNonexistentItemException)
         o.errors << Shapes::ShapeRef.new(shape: WAFStaleDataException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFServiceLinkedRoleErrorException)
       end)
 
       api.add_operation(:put_permission_policy, Seahorse::Model::Operation.new.tap do |o|

data/lib/aws-sdk-waf/types.rb

@@ -29,6 +29,11 @@ module Aws::WAF
     #           type: "NONE", # required, accepts NONE, COUNT
     #         },
     #         type: "REGULAR", # accepts REGULAR, RATE_BASED, GROUP
+    #         excluded_rules: [
+    #           {
+    #             rule_id: "ResourceId", # required
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] priority
@@ -63,7 +68,7 @@ module Aws::WAF
     #     request based on the remaining rules in the web ACL.
     #
     #   `ActivatedRule|OverrideAction` applies only when updating or adding
-    #   a `RuleGroup` to a `WebACL`. In this case you do not use
+    #   a `RuleGroup` to a `WebACL`. In this case, you do not use
     #   `ActivatedRule|Action`. For all other update requests,
     #   `ActivatedRule|Action` is used instead of
     #   `ActivatedRule|OverrideAction`.
@@ -99,6 +104,51 @@ module Aws::WAF
     #   does not exist.
     #   @return [String]
     #
+    # @!attribute [rw] excluded_rules
+    #   An array of rules to exclude from a rule group. This is applicable
+    #   only when the `ActivatedRule` refers to a `RuleGroup`.
+    #
+    #   Sometimes it is necessary to troubleshoot rule groups that are
+    #   blocking traffic unexpectedly (false positives). One troubleshooting
+    #   technique is to identify the specific rule within the rule group
+    #   that is blocking the legitimate traffic and then disable (exclude)
+    #   that particular rule. You can exclude rules from both your own rule
+    #   groups and AWS Marketplace rule groups that have been associated
+    #   with a web ACL.
+    #
+    #   Specifying `ExcludedRules` does not remove those rules from the rule
+    #   group. Rather, it changes the action for the rules to `COUNT`.
+    #   Therefore, requests that match an `ExcludedRule` are counted but not
+    #   blocked. The `RuleGroup` owner will receive COUNT metrics for each
+    #   `ExcludedRule`.
+    #
+    #   If you want to exclude rules from a rule group that is already
+    #   associated with a web ACL, perform the following steps:
+    #
+    #   1.  Use the AWS WAF logs to identify the IDs of the rules that you
+    #       want to exclude. For more information about the logs, see
+    #       [Logging Web ACL Traffic Information][1].
+    #
+    #   2.  Submit an UpdateWebACL request that has two actions:
+    #
+    #       * The first action deletes the existing rule group from the web
+    #         ACL. That is, in the UpdateWebACL request, the first
+    #         `Updates:Action` should be `DELETE` and
+    #         `Updates:ActivatedRule:RuleId` should be the rule group that
+    #         contains the rules that you want to exclude.
+    #
+    #       * The second action inserts the same rule group back in, but
+    #         specifying the rules to exclude. That is, the second
+    #         `Updates:Action` should be `INSERT`,
+    #         `Updates:ActivatedRule:RuleId` should be the rule group that
+    #         you just removed, and `ExcludedRules` should contain the rules
+    #         that you want to exclude.
+    #
+    #
+    #
+    #   [1]: http://docs.aws.amazon.com/waf/latest/developerguide/logging.html
+    #   @return [Array<Types::ExcludedRule>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/ActivatedRule AWS API Documentation
     #
     class ActivatedRule < Struct.new(
@@ -106,7 +156,8 @@ module Aws::WAF
       :rule_id,
       :action,
       :override_action,
-      :type)
+      :type,
+      :excluded_rules)
       include Aws::Structure
     end
 
@@ -297,7 +348,7 @@ module Aws::WAF
     #   For example, suppose the value of `Type` is `HEADER` and the value
     #   of `Data` is `User-Agent`. If you want to search the `User-Agent`
     #   header for the value `BadBot`, you base64-encode `BadBot` using MIME
-    #   base64 encoding and include the resulting value, `QmFkQm90`, in the
+    #   base64-encoding and include the resulting value, `QmFkQm90`, in the
     #   value of `TargetString`.
     #
     #   **If you're using the AWS CLI or one of the AWS SDKs**
@@ -804,7 +855,7 @@ module Aws::WAF
     # @!attribute [rw] metric_name
     #   A friendly name or description for the metrics for this `Rule`. The
     #   name can contain only alphanumeric characters (A-Z, a-z, 0-9); the
-    #   name can't contain whitespace. You can't change the name of the
+    #   name can't contain white space. You can't change the name of the
     #   metric after you create the `Rule`.
     #   @return [String]
     #
@@ -952,7 +1003,7 @@ module Aws::WAF
     # @!attribute [rw] metric_name
     #   A friendly name or description for the metrics for this `WebACL`.
     #   The name can contain only alphanumeric characters (A-Z, a-z, 0-9);
-    #   the name can't contain whitespace. You can't change `MetricName`
+    #   the name can't contain white space. You can't change `MetricName`
     #   after you create the `WebACL`.
     #   @return [String]
     #
@@ -1565,6 +1616,28 @@ module Aws::WAF
       include Aws::Structure
     end
 
+    # The rule to exclude from a rule group. This is applicable only when
+    # the `ActivatedRule` refers to a `RuleGroup`. The rule must belong to
+    # the `RuleGroup` that is specified by the `ActivatedRule`.
+    #
+    # @note When making an API call, you may pass ExcludedRule
+    #   data as a hash:
+    #
+    #       {
+    #         rule_id: "ResourceId", # required
+    #       }
+    #
+    # @!attribute [rw] rule_id
+    #   The unique identifier for the rule to exclude from the rule group.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/ExcludedRule AWS API Documentation
+    #
+    class ExcludedRule < Struct.new(
+      :rule_id)
+      include Aws::Structure
+    end
+
     # Specifies where in a web request to look for `TargetString`.
     #
     # @note When making an API call, you may pass FieldToMatch
@@ -3497,8 +3570,8 @@ module Aws::WAF
       include Aws::Structure
     end
 
-    # The Amazon Kinesis Data Firehose delivery streams, `RedactedFields`
-    # information, and the web ACL Amazon Resource Name (ARN).
+    # The Amazon Kinesis Data Firehose, `RedactedFields` information, and
+    # the web ACL Amazon Resource Name (ARN).
     #
     # @note When making an API call, you may pass LoggingConfiguration
     #   data as a hash:
@@ -3520,13 +3593,13 @@ module Aws::WAF
     #   @return [String]
     #
     # @!attribute [rw] log_destination_configs
-    #   An array of Amazon Kinesis Data Firehose delivery stream ARNs.
+    #   An array of Amazon Kinesis Data Firehose ARNs.
     #   @return [Array<String>]
     #
     # @!attribute [rw] redacted_fields
     #   The parts of the request that you want redacted from the logs. For
     #   example, if you redact the cookie field, the cookie field in the
-    #   delivery stream will be `xxx`.
+    #   firehose will be `xxx`.
     #   @return [Array<Types::FieldToMatch>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/LoggingConfiguration AWS API Documentation
@@ -3605,9 +3678,9 @@ module Aws::WAF
     #       }
     #
     # @!attribute [rw] logging_configuration
-    #   The Amazon Kinesis Data Firehose delivery streams that contains the
-    #   inspected traffic information, the redacted fields details, and the
-    #   Amazon Resource Name (ARN) of the web ACL to monitor.
+    #   The Amazon Kinesis Data Firehose that contains the inspected traffic
+    #   information, the redacted fields details, and the Amazon Resource
+    #   Name (ARN) of the web ACL to monitor.
     #   @return [Types::LoggingConfiguration]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/PutLoggingConfigurationRequest AWS API Documentation
@@ -4203,6 +4276,11 @@ module Aws::WAF
     #             type: "NONE", # required, accepts NONE, COUNT
     #           },
     #           type: "REGULAR", # accepts REGULAR, RATE_BASED, GROUP
+    #           excluded_rules: [
+    #             {
+    #               rule_id: "ResourceId", # required
+    #             },
+    #           ],
     #         },
     #       }
     #
@@ -5257,6 +5335,11 @@ module Aws::WAF
     #                 type: "NONE", # required, accepts NONE, COUNT
     #               },
     #               type: "REGULAR", # accepts REGULAR, RATE_BASED, GROUP
+    #               excluded_rules: [
+    #                 {
+    #                   rule_id: "ResourceId", # required
+    #                 },
+    #               ],
     #             },
     #           },
     #         ],
@@ -5526,6 +5609,11 @@ module Aws::WAF
     #                 type: "NONE", # required, accepts NONE, COUNT
     #               },
     #               type: "REGULAR", # accepts REGULAR, RATE_BASED, GROUP
+    #               excluded_rules: [
+    #                 {
+    #                   rule_id: "ResourceId", # required
+    #                 },
+    #               ],
     #             },
     #           },
     #         ],
@@ -5554,7 +5642,7 @@ module Aws::WAF
     #
     #   * ActivatedRule: Contains `Action`, `OverrideAction`, `Priority`,
     #     `RuleId`, and `Type`. `ActivatedRule|OverrideAction` applies only
-    #     when updating or adding a `RuleGroup` to a `WebACL`. In this case
+    #     when updating or adding a `RuleGroup` to a `WebACL`. In this case,
     #     you do not use `ActivatedRule|Action`. For all other update
     #     requests, `ActivatedRule|Action` is used instead of
     #     `ActivatedRule|OverrideAction`.
@@ -5625,7 +5713,7 @@ module Aws::WAF
     #
     # @!attribute [rw] updates
     #   An array of `XssMatchSetUpdate` objects that you want to insert into
-    #   or delete from a XssMatchSet. For more information, see the
+    #   or delete from an XssMatchSet. For more information, see the
     #   applicable data types:
     #
     #   * XssMatchSetUpdate: Contains `Action` and `XssMatchTuple`
@@ -5760,6 +5848,10 @@ module Aws::WAF
     #   priority of the `Rule`, and the ID of the `Rule`.
     #   @return [Array<Types::ActivatedRule>]
     #
+    # @!attribute [rw] web_acl_arn
+    #   Tha Amazon Resource Name (ARN) of the web ACL.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/waf-2015-08-24/WebACL AWS API Documentation
     #
     class WebACL < Struct.new(
@@ -5767,7 +5859,8 @@ module Aws::WAF
       :name,
       :metric_name,
       :default_action,
-      :rules)
+      :rules,
+      :web_acl_arn)
       include Aws::Structure
     end
 
@@ -5813,6 +5906,11 @@ module Aws::WAF
     #             type: "NONE", # required, accepts NONE, COUNT
     #           },
     #           type: "REGULAR", # accepts REGULAR, RATE_BASED, GROUP
+    #           excluded_rules: [
+    #             {
+    #               rule_id: "ResourceId", # required
+    #             },
+    #           ],
     #         },
     #       }
     #
@@ -5917,8 +6015,8 @@ module Aws::WAF
     #       }
     #
     # @!attribute [rw] action
-    #   Specify `INSERT` to add a XssMatchSetUpdate to an XssMatchSet. Use
-    #   `DELETE` to remove a `XssMatchSetUpdate` from an `XssMatchSet`.
+    #   Specify `INSERT` to add an XssMatchSetUpdate to an XssMatchSet. Use
+    #   `DELETE` to remove an `XssMatchSetUpdate` from an `XssMatchSet`.
     #   @return [String]
     #
     # @!attribute [rw] xss_match_tuple

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-waf
 version: !ruby/object:Gem::Version
-  version: 1.11.0
+  version: 1.12.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-11-20 00:00:00.000000000 Z
+date: 2018-12-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core