aws-sdk-wafv2 1.0.0 → 1.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/lib/aws-sdk-wafv2.rb +7 -4
- data/lib/aws-sdk-wafv2/client.rb +388 -115
- data/lib/aws-sdk-wafv2/client_api.rb +156 -0
- data/lib/aws-sdk-wafv2/errors.rb +79 -9
- data/lib/aws-sdk-wafv2/resource.rb +1 -0
- data/lib/aws-sdk-wafv2/types.rb +602 -177
- metadata +3 -3
data/lib/aws-sdk-wafv2/errors.rb
CHANGED
@@ -6,6 +6,43 @@
|
|
6
6
|
# WARNING ABOUT GENERATED CODE
|
7
7
|
|
8
8
|
module Aws::WAFV2
|
9
|
+
|
10
|
+
# When WAFV2 returns an error response, the Ruby SDK constructs and raises an error.
|
11
|
+
# These errors all extend Aws::WAFV2::Errors::ServiceError < {Aws::Errors::ServiceError}
|
12
|
+
#
|
13
|
+
# You can rescue all WAFV2 errors using ServiceError:
|
14
|
+
#
|
15
|
+
# begin
|
16
|
+
# # do stuff
|
17
|
+
# rescue Aws::WAFV2::Errors::ServiceError
|
18
|
+
# # rescues all WAFV2 API errors
|
19
|
+
# end
|
20
|
+
#
|
21
|
+
#
|
22
|
+
# ## Request Context
|
23
|
+
# ServiceError objects have a {Aws::Errors::ServiceError#context #context} method that returns
|
24
|
+
# information about the request that generated the error.
|
25
|
+
# See {Seahorse::Client::RequestContext} for more information.
|
26
|
+
#
|
27
|
+
# ## Error Classes
|
28
|
+
# * {WAFAssociatedItemException}
|
29
|
+
# * {WAFDuplicateItemException}
|
30
|
+
# * {WAFInternalErrorException}
|
31
|
+
# * {WAFInvalidOperationException}
|
32
|
+
# * {WAFInvalidParameterException}
|
33
|
+
# * {WAFInvalidPermissionPolicyException}
|
34
|
+
# * {WAFInvalidResourceException}
|
35
|
+
# * {WAFLimitsExceededException}
|
36
|
+
# * {WAFNonexistentItemException}
|
37
|
+
# * {WAFOptimisticLockException}
|
38
|
+
# * {WAFServiceLinkedRoleErrorException}
|
39
|
+
# * {WAFSubscriptionNotFoundException}
|
40
|
+
# * {WAFTagOperationException}
|
41
|
+
# * {WAFTagOperationInternalErrorException}
|
42
|
+
# * {WAFUnavailableEntityException}
|
43
|
+
#
|
44
|
+
# Additionally, error classes are dynamically generated for service errors based on the error code
|
45
|
+
# if they are not defined above.
|
9
46
|
module Errors
|
10
47
|
|
11
48
|
extend Aws::Errors::DynamicErrors
|
@@ -23,7 +60,6 @@ module Aws::WAFV2
|
|
23
60
|
def message
|
24
61
|
@message || @data[:message]
|
25
62
|
end
|
26
|
-
|
27
63
|
end
|
28
64
|
|
29
65
|
class WAFDuplicateItemException < ServiceError
|
@@ -39,7 +75,6 @@ module Aws::WAFV2
|
|
39
75
|
def message
|
40
76
|
@message || @data[:message]
|
41
77
|
end
|
42
|
-
|
43
78
|
end
|
44
79
|
|
45
80
|
class WAFInternalErrorException < ServiceError
|
@@ -55,7 +90,21 @@ module Aws::WAFV2
|
|
55
90
|
def message
|
56
91
|
@message || @data[:message]
|
57
92
|
end
|
93
|
+
end
|
94
|
+
|
95
|
+
class WAFInvalidOperationException < ServiceError
|
96
|
+
|
97
|
+
# @param [Seahorse::Client::RequestContext] context
|
98
|
+
# @param [String] message
|
99
|
+
# @param [Aws::WAFV2::Types::WAFInvalidOperationException] data
|
100
|
+
def initialize(context, message, data = Aws::EmptyStructure.new)
|
101
|
+
super(context, message, data)
|
102
|
+
end
|
58
103
|
|
104
|
+
# @return [String]
|
105
|
+
def message
|
106
|
+
@message || @data[:message]
|
107
|
+
end
|
59
108
|
end
|
60
109
|
|
61
110
|
class WAFInvalidParameterException < ServiceError
|
@@ -86,7 +135,21 @@ module Aws::WAFV2
|
|
86
135
|
def reason
|
87
136
|
@data[:reason]
|
88
137
|
end
|
138
|
+
end
|
139
|
+
|
140
|
+
class WAFInvalidPermissionPolicyException < ServiceError
|
141
|
+
|
142
|
+
# @param [Seahorse::Client::RequestContext] context
|
143
|
+
# @param [String] message
|
144
|
+
# @param [Aws::WAFV2::Types::WAFInvalidPermissionPolicyException] data
|
145
|
+
def initialize(context, message, data = Aws::EmptyStructure.new)
|
146
|
+
super(context, message, data)
|
147
|
+
end
|
89
148
|
|
149
|
+
# @return [String]
|
150
|
+
def message
|
151
|
+
@message || @data[:message]
|
152
|
+
end
|
90
153
|
end
|
91
154
|
|
92
155
|
class WAFInvalidResourceException < ServiceError
|
@@ -102,7 +165,6 @@ module Aws::WAFV2
|
|
102
165
|
def message
|
103
166
|
@message || @data[:message]
|
104
167
|
end
|
105
|
-
|
106
168
|
end
|
107
169
|
|
108
170
|
class WAFLimitsExceededException < ServiceError
|
@@ -118,7 +180,6 @@ module Aws::WAFV2
|
|
118
180
|
def message
|
119
181
|
@message || @data[:message]
|
120
182
|
end
|
121
|
-
|
122
183
|
end
|
123
184
|
|
124
185
|
class WAFNonexistentItemException < ServiceError
|
@@ -134,7 +195,6 @@ module Aws::WAFV2
|
|
134
195
|
def message
|
135
196
|
@message || @data[:message]
|
136
197
|
end
|
137
|
-
|
138
198
|
end
|
139
199
|
|
140
200
|
class WAFOptimisticLockException < ServiceError
|
@@ -150,7 +210,6 @@ module Aws::WAFV2
|
|
150
210
|
def message
|
151
211
|
@message || @data[:message]
|
152
212
|
end
|
153
|
-
|
154
213
|
end
|
155
214
|
|
156
215
|
class WAFServiceLinkedRoleErrorException < ServiceError
|
@@ -166,7 +225,21 @@ module Aws::WAFV2
|
|
166
225
|
def message
|
167
226
|
@message || @data[:message]
|
168
227
|
end
|
228
|
+
end
|
169
229
|
|
230
|
+
class WAFSubscriptionNotFoundException < ServiceError
|
231
|
+
|
232
|
+
# @param [Seahorse::Client::RequestContext] context
|
233
|
+
# @param [String] message
|
234
|
+
# @param [Aws::WAFV2::Types::WAFSubscriptionNotFoundException] data
|
235
|
+
def initialize(context, message, data = Aws::EmptyStructure.new)
|
236
|
+
super(context, message, data)
|
237
|
+
end
|
238
|
+
|
239
|
+
# @return [String]
|
240
|
+
def message
|
241
|
+
@message || @data[:message]
|
242
|
+
end
|
170
243
|
end
|
171
244
|
|
172
245
|
class WAFTagOperationException < ServiceError
|
@@ -182,7 +255,6 @@ module Aws::WAFV2
|
|
182
255
|
def message
|
183
256
|
@message || @data[:message]
|
184
257
|
end
|
185
|
-
|
186
258
|
end
|
187
259
|
|
188
260
|
class WAFTagOperationInternalErrorException < ServiceError
|
@@ -198,7 +270,6 @@ module Aws::WAFV2
|
|
198
270
|
def message
|
199
271
|
@message || @data[:message]
|
200
272
|
end
|
201
|
-
|
202
273
|
end
|
203
274
|
|
204
275
|
class WAFUnavailableEntityException < ServiceError
|
@@ -214,7 +285,6 @@ module Aws::WAFV2
|
|
214
285
|
def message
|
215
286
|
@message || @data[:message]
|
216
287
|
end
|
217
|
-
|
218
288
|
end
|
219
289
|
|
220
290
|
end
|
data/lib/aws-sdk-wafv2/types.rb
CHANGED
@@ -17,6 +17,9 @@ module Aws::WAFV2
|
|
17
17
|
#
|
18
18
|
# All query arguments of a web request.
|
19
19
|
#
|
20
|
+
# This is used only to indicate the web request component for AWS WAF to
|
21
|
+
# inspect, in the FieldToMatch specification.
|
22
|
+
#
|
20
23
|
#
|
21
24
|
#
|
22
25
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
@@ -36,6 +39,9 @@ module Aws::WAFV2
|
|
36
39
|
#
|
37
40
|
# Specifies that AWS WAF should allow requests.
|
38
41
|
#
|
42
|
+
# This is used only in the context of other settings, for example to
|
43
|
+
# specify values for RuleAction and web ACL DefaultAction.
|
44
|
+
#
|
39
45
|
#
|
40
46
|
#
|
41
47
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
@@ -282,15 +288,12 @@ module Aws::WAFV2
|
|
282
288
|
#
|
283
289
|
# The ARN must be in one of the following formats:
|
284
290
|
#
|
285
|
-
# * For
|
286
|
-
# `arn:aws:
|
287
|
-
#
|
288
|
-
# * For an Application Load Balancer: `arn:aws:elasticloadbalancing:
|
289
|
-
# region:account-id:loadbalancer/app/load-balancer-name
|
290
|
-
# /load-balancer-id `
|
291
|
+
# * For an Application Load Balancer:
|
292
|
+
# `arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
|
293
|
+
# `
|
291
294
|
#
|
292
|
-
# * For an Amazon API Gateway stage:
|
293
|
-
# ::/restapis/api-id/stages/stage-name `
|
295
|
+
# * For an Amazon API Gateway stage:
|
296
|
+
# `arn:aws:apigateway:region::/restapis/api-id/stages/stage-name `
|
294
297
|
# @return [String]
|
295
298
|
#
|
296
299
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AssociateWebACLRequest AWS API Documentation
|
@@ -314,6 +317,9 @@ module Aws::WAFV2
|
|
314
317
|
#
|
315
318
|
# Specifies that AWS WAF should block requests.
|
316
319
|
#
|
320
|
+
# This is used only in the context of other settings, for example to
|
321
|
+
# specify values for RuleAction and web ACL DefaultAction.
|
322
|
+
#
|
317
323
|
#
|
318
324
|
#
|
319
325
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
@@ -334,6 +340,9 @@ module Aws::WAFV2
|
|
334
340
|
# The body of a web request. This immediately follows the request
|
335
341
|
# headers.
|
336
342
|
#
|
343
|
+
# This is used only to indicate the web request component for AWS WAF to
|
344
|
+
# inspect, in the FieldToMatch specification.
|
345
|
+
#
|
337
346
|
#
|
338
347
|
#
|
339
348
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
@@ -399,8 +408,8 @@ module Aws::WAFV2
|
|
399
408
|
# only in the part of web requests that you designate for inspection
|
400
409
|
# in FieldToMatch. The maximum length of the value is 50 bytes.
|
401
410
|
#
|
402
|
-
# Valid values depend on the
|
403
|
-
# `FieldToMatch`\:
|
411
|
+
# Valid values depend on the component that you specify for inspection
|
412
|
+
# in `FieldToMatch`\:
|
404
413
|
#
|
405
414
|
# * `Method`\: The HTTP method that you want AWS WAF to search for.
|
406
415
|
# This indicates the type of operation specified in the request.
|
@@ -437,9 +446,9 @@ module Aws::WAFV2
|
|
437
446
|
# Text transformations eliminate some of the unusual formatting that
|
438
447
|
# attackers use in web requests in an effort to bypass detection. If
|
439
448
|
# you specify one or more transformations in a rule statement, AWS WAF
|
440
|
-
# performs all transformations on the content
|
441
|
-
# `FieldToMatch`, starting from the lowest priority
|
442
|
-
# inspecting the content for a match.
|
449
|
+
# performs all transformations on the content of the request component
|
450
|
+
# identified by `FieldToMatch`, starting from the lowest priority
|
451
|
+
# setting, before inspecting the content for a match.
|
443
452
|
# @return [Array<Types::TextTransformation>]
|
444
453
|
#
|
445
454
|
# @!attribute [rw] positional_constraint
|
@@ -721,7 +730,7 @@ module Aws::WAFV2
|
|
721
730
|
# To work with CloudFront, you must also specify the Region US East
|
722
731
|
# (N. Virginia) as follows:
|
723
732
|
#
|
724
|
-
# * CLI - Specify the
|
733
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
725
734
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
726
735
|
#
|
727
736
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -760,6 +769,9 @@ module Aws::WAFV2
|
|
760
769
|
#
|
761
770
|
# Specifies that AWS WAF should count requests.
|
762
771
|
#
|
772
|
+
# This is used only in the context of other settings, for example to
|
773
|
+
# specify values for RuleAction and web ACL DefaultAction.
|
774
|
+
#
|
763
775
|
#
|
764
776
|
#
|
765
777
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
@@ -788,8 +800,8 @@ module Aws::WAFV2
|
|
788
800
|
# }
|
789
801
|
#
|
790
802
|
# @!attribute [rw] name
|
791
|
-
#
|
792
|
-
#
|
803
|
+
# The name of the IP set. You cannot change the name of an `IPSet`
|
804
|
+
# after you create it.
|
793
805
|
# @return [String]
|
794
806
|
#
|
795
807
|
# @!attribute [rw] scope
|
@@ -800,15 +812,15 @@ module Aws::WAFV2
|
|
800
812
|
# To work with CloudFront, you must also specify the Region US East
|
801
813
|
# (N. Virginia) as follows:
|
802
814
|
#
|
803
|
-
# * CLI - Specify the
|
815
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
804
816
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
805
817
|
#
|
806
818
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
807
819
|
# @return [String]
|
808
820
|
#
|
809
821
|
# @!attribute [rw] description
|
810
|
-
# A
|
811
|
-
# description of an IP set after you create it.
|
822
|
+
# A description of the IP set that helps with identification. You
|
823
|
+
# cannot change the description of an IP set after you create it.
|
812
824
|
# @return [String]
|
813
825
|
#
|
814
826
|
# @!attribute [rw] ip_address_version
|
@@ -901,8 +913,8 @@ module Aws::WAFV2
|
|
901
913
|
# }
|
902
914
|
#
|
903
915
|
# @!attribute [rw] name
|
904
|
-
#
|
905
|
-
#
|
916
|
+
# The name of the set. You cannot change the name after you create the
|
917
|
+
# set.
|
906
918
|
# @return [String]
|
907
919
|
#
|
908
920
|
# @!attribute [rw] scope
|
@@ -913,15 +925,15 @@ module Aws::WAFV2
|
|
913
925
|
# To work with CloudFront, you must also specify the Region US East
|
914
926
|
# (N. Virginia) as follows:
|
915
927
|
#
|
916
|
-
# * CLI - Specify the
|
928
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
917
929
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
918
930
|
#
|
919
931
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
920
932
|
# @return [String]
|
921
933
|
#
|
922
934
|
# @!attribute [rw] description
|
923
|
-
# A
|
924
|
-
# of a set after you create it.
|
935
|
+
# A description of the set that helps with identification. You cannot
|
936
|
+
# change the description of a set after you create it.
|
925
937
|
# @return [String]
|
926
938
|
#
|
927
939
|
# @!attribute [rw] regular_expression_list
|
@@ -1191,8 +1203,8 @@ module Aws::WAFV2
|
|
1191
1203
|
# }
|
1192
1204
|
#
|
1193
1205
|
# @!attribute [rw] name
|
1194
|
-
#
|
1195
|
-
#
|
1206
|
+
# The name of the rule group. You cannot change the name of a rule
|
1207
|
+
# group after you create it.
|
1196
1208
|
# @return [String]
|
1197
1209
|
#
|
1198
1210
|
# @!attribute [rw] scope
|
@@ -1203,7 +1215,7 @@ module Aws::WAFV2
|
|
1203
1215
|
# To work with CloudFront, you must also specify the Region US East
|
1204
1216
|
# (N. Virginia) as follows:
|
1205
1217
|
#
|
1206
|
-
# * CLI - Specify the
|
1218
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
1207
1219
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
1208
1220
|
#
|
1209
1221
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -1228,8 +1240,8 @@ module Aws::WAFV2
|
|
1228
1240
|
# @return [Integer]
|
1229
1241
|
#
|
1230
1242
|
# @!attribute [rw] description
|
1231
|
-
# A
|
1232
|
-
# description of a rule group after you create it.
|
1243
|
+
# A description of the rule group that helps with identification. You
|
1244
|
+
# cannot change the description of a rule group after you create it.
|
1233
1245
|
# @return [String]
|
1234
1246
|
#
|
1235
1247
|
# @!attribute [rw] rules
|
@@ -1514,8 +1526,8 @@ module Aws::WAFV2
|
|
1514
1526
|
# }
|
1515
1527
|
#
|
1516
1528
|
# @!attribute [rw] name
|
1517
|
-
#
|
1518
|
-
#
|
1529
|
+
# The name of the Web ACL. You cannot change the name of a Web ACL
|
1530
|
+
# after you create it.
|
1519
1531
|
# @return [String]
|
1520
1532
|
#
|
1521
1533
|
# @!attribute [rw] scope
|
@@ -1526,7 +1538,7 @@ module Aws::WAFV2
|
|
1526
1538
|
# To work with CloudFront, you must also specify the Region US East
|
1527
1539
|
# (N. Virginia) as follows:
|
1528
1540
|
#
|
1529
|
-
# * CLI - Specify the
|
1541
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
1530
1542
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
1531
1543
|
#
|
1532
1544
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -1538,8 +1550,8 @@ module Aws::WAFV2
|
|
1538
1550
|
# @return [Types::DefaultAction]
|
1539
1551
|
#
|
1540
1552
|
# @!attribute [rw] description
|
1541
|
-
# A
|
1542
|
-
# description of a Web ACL after you create it.
|
1553
|
+
# A description of the Web ACL that helps with identification. You
|
1554
|
+
# cannot change the description of a Web ACL after you create it.
|
1543
1555
|
# @return [String]
|
1544
1556
|
#
|
1545
1557
|
# @!attribute [rw] rules
|
@@ -1592,10 +1604,9 @@ module Aws::WAFV2
|
|
1592
1604
|
#
|
1593
1605
|
# </note>
|
1594
1606
|
#
|
1595
|
-
# In a
|
1596
|
-
#
|
1597
|
-
#
|
1598
|
-
# allowed.
|
1607
|
+
# In a WebACL, this is the action that you want AWS WAF to perform when
|
1608
|
+
# a web request doesn't match any of the rules in the `WebACL`. The
|
1609
|
+
# default action must be a terminating action, so count is not allowed.
|
1599
1610
|
#
|
1600
1611
|
#
|
1601
1612
|
#
|
@@ -1627,6 +1638,57 @@ module Aws::WAFV2
|
|
1627
1638
|
include Aws::Structure
|
1628
1639
|
end
|
1629
1640
|
|
1641
|
+
# @note When making an API call, you may pass DeleteFirewallManagerRuleGroupsRequest
|
1642
|
+
# data as a hash:
|
1643
|
+
#
|
1644
|
+
# {
|
1645
|
+
# web_acl_arn: "ResourceArn", # required
|
1646
|
+
# web_acl_lock_token: "LockToken", # required
|
1647
|
+
# }
|
1648
|
+
#
|
1649
|
+
# @!attribute [rw] web_acl_arn
|
1650
|
+
# The Amazon Resource Name (ARN) of the web ACL.
|
1651
|
+
# @return [String]
|
1652
|
+
#
|
1653
|
+
# @!attribute [rw] web_acl_lock_token
|
1654
|
+
# A token used for optimistic locking. AWS WAF returns a token to your
|
1655
|
+
# get and list requests, to mark the state of the entity at the time
|
1656
|
+
# of the request. To make changes to the entity associated with the
|
1657
|
+
# token, you provide the token to operations like update and delete.
|
1658
|
+
# AWS WAF uses the token to ensure that no changes have been made to
|
1659
|
+
# the entity since you last retrieved it. If a change has been made,
|
1660
|
+
# the update fails with a `WAFOptimisticLockException`. If this
|
1661
|
+
# happens, perform another get, and use the new token returned by that
|
1662
|
+
# operation.
|
1663
|
+
# @return [String]
|
1664
|
+
#
|
1665
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteFirewallManagerRuleGroupsRequest AWS API Documentation
|
1666
|
+
#
|
1667
|
+
class DeleteFirewallManagerRuleGroupsRequest < Struct.new(
|
1668
|
+
:web_acl_arn,
|
1669
|
+
:web_acl_lock_token)
|
1670
|
+
include Aws::Structure
|
1671
|
+
end
|
1672
|
+
|
1673
|
+
# @!attribute [rw] next_web_acl_lock_token
|
1674
|
+
# A token used for optimistic locking. AWS WAF returns a token to your
|
1675
|
+
# get and list requests, to mark the state of the entity at the time
|
1676
|
+
# of the request. To make changes to the entity associated with the
|
1677
|
+
# token, you provide the token to operations like update and delete.
|
1678
|
+
# AWS WAF uses the token to ensure that no changes have been made to
|
1679
|
+
# the entity since you last retrieved it. If a change has been made,
|
1680
|
+
# the update fails with a `WAFOptimisticLockException`. If this
|
1681
|
+
# happens, perform another get, and use the new token returned by that
|
1682
|
+
# operation.
|
1683
|
+
# @return [String]
|
1684
|
+
#
|
1685
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteFirewallManagerRuleGroupsResponse AWS API Documentation
|
1686
|
+
#
|
1687
|
+
class DeleteFirewallManagerRuleGroupsResponse < Struct.new(
|
1688
|
+
:next_web_acl_lock_token)
|
1689
|
+
include Aws::Structure
|
1690
|
+
end
|
1691
|
+
|
1630
1692
|
# @note When making an API call, you may pass DeleteIPSetRequest
|
1631
1693
|
# data as a hash:
|
1632
1694
|
#
|
@@ -1638,8 +1700,8 @@ module Aws::WAFV2
|
|
1638
1700
|
# }
|
1639
1701
|
#
|
1640
1702
|
# @!attribute [rw] name
|
1641
|
-
#
|
1642
|
-
#
|
1703
|
+
# The name of the IP set. You cannot change the name of an `IPSet`
|
1704
|
+
# after you create it.
|
1643
1705
|
# @return [String]
|
1644
1706
|
#
|
1645
1707
|
# @!attribute [rw] scope
|
@@ -1650,7 +1712,7 @@ module Aws::WAFV2
|
|
1650
1712
|
# To work with CloudFront, you must also specify the Region US East
|
1651
1713
|
# (N. Virginia) as follows:
|
1652
1714
|
#
|
1653
|
-
# * CLI - Specify the
|
1715
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
1654
1716
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
1655
1717
|
#
|
1656
1718
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -1711,6 +1773,31 @@ module Aws::WAFV2
|
|
1711
1773
|
#
|
1712
1774
|
class DeleteLoggingConfigurationResponse < Aws::EmptyStructure; end
|
1713
1775
|
|
1776
|
+
# @note When making an API call, you may pass DeletePermissionPolicyRequest
|
1777
|
+
# data as a hash:
|
1778
|
+
#
|
1779
|
+
# {
|
1780
|
+
# resource_arn: "ResourceArn", # required
|
1781
|
+
# }
|
1782
|
+
#
|
1783
|
+
# @!attribute [rw] resource_arn
|
1784
|
+
# The Amazon Resource Name (ARN) of the rule group from which you want
|
1785
|
+
# to delete the policy.
|
1786
|
+
#
|
1787
|
+
# You must be the owner of the rule group to perform this operation.
|
1788
|
+
# @return [String]
|
1789
|
+
#
|
1790
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeletePermissionPolicyRequest AWS API Documentation
|
1791
|
+
#
|
1792
|
+
class DeletePermissionPolicyRequest < Struct.new(
|
1793
|
+
:resource_arn)
|
1794
|
+
include Aws::Structure
|
1795
|
+
end
|
1796
|
+
|
1797
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeletePermissionPolicyResponse AWS API Documentation
|
1798
|
+
#
|
1799
|
+
class DeletePermissionPolicyResponse < Aws::EmptyStructure; end
|
1800
|
+
|
1714
1801
|
# @note When making an API call, you may pass DeleteRegexPatternSetRequest
|
1715
1802
|
# data as a hash:
|
1716
1803
|
#
|
@@ -1722,8 +1809,8 @@ module Aws::WAFV2
|
|
1722
1809
|
# }
|
1723
1810
|
#
|
1724
1811
|
# @!attribute [rw] name
|
1725
|
-
#
|
1726
|
-
#
|
1812
|
+
# The name of the set. You cannot change the name after you create the
|
1813
|
+
# set.
|
1727
1814
|
# @return [String]
|
1728
1815
|
#
|
1729
1816
|
# @!attribute [rw] scope
|
@@ -1734,7 +1821,7 @@ module Aws::WAFV2
|
|
1734
1821
|
# To work with CloudFront, you must also specify the Region US East
|
1735
1822
|
# (N. Virginia) as follows:
|
1736
1823
|
#
|
1737
|
-
# * CLI - Specify the
|
1824
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
1738
1825
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
1739
1826
|
#
|
1740
1827
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -1783,8 +1870,8 @@ module Aws::WAFV2
|
|
1783
1870
|
# }
|
1784
1871
|
#
|
1785
1872
|
# @!attribute [rw] name
|
1786
|
-
#
|
1787
|
-
#
|
1873
|
+
# The name of the rule group. You cannot change the name of a rule
|
1874
|
+
# group after you create it.
|
1788
1875
|
# @return [String]
|
1789
1876
|
#
|
1790
1877
|
# @!attribute [rw] scope
|
@@ -1795,7 +1882,7 @@ module Aws::WAFV2
|
|
1795
1882
|
# To work with CloudFront, you must also specify the Region US East
|
1796
1883
|
# (N. Virginia) as follows:
|
1797
1884
|
#
|
1798
|
-
# * CLI - Specify the
|
1885
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
1799
1886
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
1800
1887
|
#
|
1801
1888
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -1844,8 +1931,8 @@ module Aws::WAFV2
|
|
1844
1931
|
# }
|
1845
1932
|
#
|
1846
1933
|
# @!attribute [rw] name
|
1847
|
-
#
|
1848
|
-
#
|
1934
|
+
# The name of the Web ACL. You cannot change the name of a Web ACL
|
1935
|
+
# after you create it.
|
1849
1936
|
# @return [String]
|
1850
1937
|
#
|
1851
1938
|
# @!attribute [rw] scope
|
@@ -1856,7 +1943,7 @@ module Aws::WAFV2
|
|
1856
1943
|
# To work with CloudFront, you must also specify the Region US East
|
1857
1944
|
# (N. Virginia) as follows:
|
1858
1945
|
#
|
1859
|
-
# * CLI - Specify the
|
1946
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
1860
1947
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
1861
1948
|
#
|
1862
1949
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -1921,7 +2008,7 @@ module Aws::WAFV2
|
|
1921
2008
|
# To work with CloudFront, you must also specify the Region US East
|
1922
2009
|
# (N. Virginia) as follows:
|
1923
2010
|
#
|
1924
|
-
# * CLI - Specify the
|
2011
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
1925
2012
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
1926
2013
|
#
|
1927
2014
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -1970,15 +2057,12 @@ module Aws::WAFV2
|
|
1970
2057
|
#
|
1971
2058
|
# The ARN must be in one of the following formats:
|
1972
2059
|
#
|
1973
|
-
# * For
|
1974
|
-
# `arn:aws:
|
1975
|
-
#
|
1976
|
-
# * For an Application Load Balancer: `arn:aws:elasticloadbalancing:
|
1977
|
-
# region:account-id:loadbalancer/app/load-balancer-name
|
1978
|
-
# /load-balancer-id `
|
2060
|
+
# * For an Application Load Balancer:
|
2061
|
+
# `arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
|
2062
|
+
# `
|
1979
2063
|
#
|
1980
|
-
# * For an Amazon API Gateway stage:
|
1981
|
-
# ::/restapis/api-id/stages/stage-name `
|
2064
|
+
# * For an Amazon API Gateway stage:
|
2065
|
+
# `arn:aws:apigateway:region::/restapis/api-id/stages/stage-name `
|
1982
2066
|
# @return [String]
|
1983
2067
|
#
|
1984
2068
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DisassociateWebACLRequest AWS API Documentation
|
@@ -2034,8 +2118,11 @@ module Aws::WAFV2
|
|
2034
2118
|
# </note>
|
2035
2119
|
#
|
2036
2120
|
# The part of a web request that you want AWS WAF to inspect. Include
|
2037
|
-
# the `FieldToMatch`
|
2038
|
-
# specifications as needed, according to the type.
|
2121
|
+
# the single `FieldToMatch` type that you want to inspect, with
|
2122
|
+
# additional specifications as needed, according to the type. You
|
2123
|
+
# specify a single request component in `FieldToMatch` for each rule
|
2124
|
+
# statement that requires it. To inspect more than one component of a
|
2125
|
+
# web request, create a separate rule statement for each component.
|
2039
2126
|
#
|
2040
2127
|
#
|
2041
2128
|
#
|
@@ -2073,6 +2160,9 @@ module Aws::WAFV2
|
|
2073
2160
|
# Inspect a single query argument. Provide the name of the query
|
2074
2161
|
# argument to inspect, such as *UserName* or *SalesRegion*. The name
|
2075
2162
|
# can be up to 30 characters long and isn't case sensitive.
|
2163
|
+
#
|
2164
|
+
# This is used only to indicate the web request component for AWS WAF
|
2165
|
+
# to inspect, in the FieldToMatch specification.
|
2076
2166
|
# @return [Types::SingleQueryArgument]
|
2077
2167
|
#
|
2078
2168
|
# @!attribute [rw] all_query_arguments
|
@@ -2096,10 +2186,10 @@ module Aws::WAFV2
|
|
2096
2186
|
# body, such as data from a form.
|
2097
2187
|
#
|
2098
2188
|
# Note that only the first 8 KB (8192 bytes) of the request body are
|
2099
|
-
# forwarded to AWS WAF for inspection
|
2100
|
-
# more than 8 KB, you can guarantee that
|
2101
|
-
# bytes in by combining a statement that
|
2102
|
-
# request, such as ByteMatchStatement or
|
2189
|
+
# forwarded to AWS WAF for inspection by the underlying host service.
|
2190
|
+
# If you don't need to inspect more than 8 KB, you can guarantee that
|
2191
|
+
# you don't allow additional bytes in by combining a statement that
|
2192
|
+
# inspects the body of the web request, such as ByteMatchStatement or
|
2103
2193
|
# RegexPatternSetReferenceStatement, with a SizeConstraintStatement
|
2104
2194
|
# that enforces an 8 KB size limit on the body of the request. AWS WAF
|
2105
2195
|
# doesn't support inspecting the entire contents of web requests
|
@@ -2124,6 +2214,128 @@ module Aws::WAFV2
|
|
2124
2214
|
include Aws::Structure
|
2125
2215
|
end
|
2126
2216
|
|
2217
|
+
# A rule group that's defined for an AWS Firewall Manager WAF policy.
|
2218
|
+
#
|
2219
|
+
# @!attribute [rw] name
|
2220
|
+
# The name of the rule group. You cannot change the name of a rule
|
2221
|
+
# group after you create it.
|
2222
|
+
# @return [String]
|
2223
|
+
#
|
2224
|
+
# @!attribute [rw] priority
|
2225
|
+
# If you define more than one rule group in the first or last Firewall
|
2226
|
+
# Manager rule groups, AWS WAF evaluates each request against the rule
|
2227
|
+
# groups in order, starting from the lowest priority setting. The
|
2228
|
+
# priorities don't need to be consecutive, but they must all be
|
2229
|
+
# different.
|
2230
|
+
# @return [Integer]
|
2231
|
+
#
|
2232
|
+
# @!attribute [rw] firewall_manager_statement
|
2233
|
+
# The processing guidance for an AWS Firewall Manager rule. This is
|
2234
|
+
# like a regular rule Statement, but it can only contain a rule group
|
2235
|
+
# reference.
|
2236
|
+
# @return [Types::FirewallManagerStatement]
|
2237
|
+
#
|
2238
|
+
# @!attribute [rw] override_action
|
2239
|
+
# The override action to apply to the rules in a rule group. Used only
|
2240
|
+
# for rule statements that reference a rule group, like
|
2241
|
+
# `RuleGroupReferenceStatement` and `ManagedRuleGroupStatement`.
|
2242
|
+
#
|
2243
|
+
# Set the override action to none to leave the rule actions in effect.
|
2244
|
+
# Set it to count to only count matches, regardless of the rule action
|
2245
|
+
# settings.
|
2246
|
+
#
|
2247
|
+
# In a Rule, you must specify either this `OverrideAction` setting or
|
2248
|
+
# the rule `Action` setting, but not both:
|
2249
|
+
#
|
2250
|
+
# * If the rule statement references a rule group, use this override
|
2251
|
+
# action setting and not the action setting.
|
2252
|
+
#
|
2253
|
+
# * If the rule statement does not reference a rule group, use the
|
2254
|
+
# rule action setting and not this rule override action setting.
|
2255
|
+
# @return [Types::OverrideAction]
|
2256
|
+
#
|
2257
|
+
# @!attribute [rw] visibility_config
|
2258
|
+
# <note markdown="1"> This is the latest version of **AWS WAF**, named AWS WAFV2, released
|
2259
|
+
# in November, 2019. For information, including how to migrate your
|
2260
|
+
# AWS WAF resources from the prior release, see the [AWS WAF Developer
|
2261
|
+
# Guide][1].
|
2262
|
+
#
|
2263
|
+
# </note>
|
2264
|
+
#
|
2265
|
+
# Defines and enables Amazon CloudWatch metrics and web request sample
|
2266
|
+
# collection.
|
2267
|
+
#
|
2268
|
+
#
|
2269
|
+
#
|
2270
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
2271
|
+
# @return [Types::VisibilityConfig]
|
2272
|
+
#
|
2273
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/FirewallManagerRuleGroup AWS API Documentation
|
2274
|
+
#
|
2275
|
+
class FirewallManagerRuleGroup < Struct.new(
|
2276
|
+
:name,
|
2277
|
+
:priority,
|
2278
|
+
:firewall_manager_statement,
|
2279
|
+
:override_action,
|
2280
|
+
:visibility_config)
|
2281
|
+
include Aws::Structure
|
2282
|
+
end
|
2283
|
+
|
2284
|
+
# The processing guidance for an AWS Firewall Manager rule. This is like
|
2285
|
+
# a regular rule Statement, but it can only contain a rule group
|
2286
|
+
# reference.
|
2287
|
+
#
|
2288
|
+
# @!attribute [rw] managed_rule_group_statement
|
2289
|
+
# <note markdown="1"> This is the latest version of **AWS WAF**, named AWS WAFV2, released
|
2290
|
+
# in November, 2019. For information, including how to migrate your
|
2291
|
+
# AWS WAF resources from the prior release, see the [AWS WAF Developer
|
2292
|
+
# Guide][1].
|
2293
|
+
#
|
2294
|
+
# </note>
|
2295
|
+
#
|
2296
|
+
# A rule statement used to run the rules that are defined in a managed
|
2297
|
+
# rule group. To use this, provide the vendor name and the name of the
|
2298
|
+
# rule group in this statement. You can retrieve the required names by
|
2299
|
+
# calling ListAvailableManagedRuleGroups.
|
2300
|
+
#
|
2301
|
+
# You can't nest a `ManagedRuleGroupStatement`, for example for use
|
2302
|
+
# inside a `NotStatement` or `OrStatement`. It can only be referenced
|
2303
|
+
# as a top-level statement within a rule.
|
2304
|
+
#
|
2305
|
+
#
|
2306
|
+
#
|
2307
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
2308
|
+
# @return [Types::ManagedRuleGroupStatement]
|
2309
|
+
#
|
2310
|
+
# @!attribute [rw] rule_group_reference_statement
|
2311
|
+
# <note markdown="1"> This is the latest version of **AWS WAF**, named AWS WAFV2, released
|
2312
|
+
# in November, 2019. For information, including how to migrate your
|
2313
|
+
# AWS WAF resources from the prior release, see the [AWS WAF Developer
|
2314
|
+
# Guide][1].
|
2315
|
+
#
|
2316
|
+
# </note>
|
2317
|
+
#
|
2318
|
+
# A rule statement used to run the rules that are defined in a
|
2319
|
+
# RuleGroup. To use this, create a rule group with your rules, then
|
2320
|
+
# provide the ARN of the rule group in this statement.
|
2321
|
+
#
|
2322
|
+
# You cannot nest a `RuleGroupReferenceStatement`, for example for use
|
2323
|
+
# inside a `NotStatement` or `OrStatement`. It can only be referenced
|
2324
|
+
# as a top-level statement within a rule.
|
2325
|
+
#
|
2326
|
+
#
|
2327
|
+
#
|
2328
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
2329
|
+
# @return [Types::RuleGroupReferenceStatement]
|
2330
|
+
#
|
2331
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/FirewallManagerStatement AWS API Documentation
|
2332
|
+
#
|
2333
|
+
class FirewallManagerStatement < Struct.new(
|
2334
|
+
:managed_rule_group_statement,
|
2335
|
+
:rule_group_reference_statement)
|
2336
|
+
include Aws::Structure
|
2337
|
+
end
|
2338
|
+
|
2127
2339
|
# <note markdown="1"> This is the latest version of **AWS WAF**, named AWS WAFV2, released
|
2128
2340
|
# in November, 2019. For information, including how to migrate your AWS
|
2129
2341
|
# WAF resources from the prior release, see the [AWS WAF Developer
|
@@ -2168,8 +2380,8 @@ module Aws::WAFV2
|
|
2168
2380
|
# }
|
2169
2381
|
#
|
2170
2382
|
# @!attribute [rw] name
|
2171
|
-
#
|
2172
|
-
#
|
2383
|
+
# The name of the IP set. You cannot change the name of an `IPSet`
|
2384
|
+
# after you create it.
|
2173
2385
|
# @return [String]
|
2174
2386
|
#
|
2175
2387
|
# @!attribute [rw] scope
|
@@ -2180,7 +2392,7 @@ module Aws::WAFV2
|
|
2180
2392
|
# To work with CloudFront, you must also specify the Region US East
|
2181
2393
|
# (N. Virginia) as follows:
|
2182
2394
|
#
|
2183
|
-
# * CLI - Specify the
|
2395
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
2184
2396
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
2185
2397
|
#
|
2186
2398
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -2254,6 +2466,36 @@ module Aws::WAFV2
|
|
2254
2466
|
include Aws::Structure
|
2255
2467
|
end
|
2256
2468
|
|
2469
|
+
# @note When making an API call, you may pass GetPermissionPolicyRequest
|
2470
|
+
# data as a hash:
|
2471
|
+
#
|
2472
|
+
# {
|
2473
|
+
# resource_arn: "ResourceArn", # required
|
2474
|
+
# }
|
2475
|
+
#
|
2476
|
+
# @!attribute [rw] resource_arn
|
2477
|
+
# The Amazon Resource Name (ARN) of the rule group for which you want
|
2478
|
+
# to get the policy.
|
2479
|
+
# @return [String]
|
2480
|
+
#
|
2481
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetPermissionPolicyRequest AWS API Documentation
|
2482
|
+
#
|
2483
|
+
class GetPermissionPolicyRequest < Struct.new(
|
2484
|
+
:resource_arn)
|
2485
|
+
include Aws::Structure
|
2486
|
+
end
|
2487
|
+
|
2488
|
+
# @!attribute [rw] policy
|
2489
|
+
# The IAM policy that is attached to the specified rule group.
|
2490
|
+
# @return [String]
|
2491
|
+
#
|
2492
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetPermissionPolicyResponse AWS API Documentation
|
2493
|
+
#
|
2494
|
+
class GetPermissionPolicyResponse < Struct.new(
|
2495
|
+
:policy)
|
2496
|
+
include Aws::Structure
|
2497
|
+
end
|
2498
|
+
|
2257
2499
|
# @note When making an API call, you may pass GetRateBasedStatementManagedKeysRequest
|
2258
2500
|
# data as a hash:
|
2259
2501
|
#
|
@@ -2272,15 +2514,15 @@ module Aws::WAFV2
|
|
2272
2514
|
# To work with CloudFront, you must also specify the Region US East
|
2273
2515
|
# (N. Virginia) as follows:
|
2274
2516
|
#
|
2275
|
-
# * CLI - Specify the
|
2517
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
2276
2518
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
2277
2519
|
#
|
2278
2520
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
2279
2521
|
# @return [String]
|
2280
2522
|
#
|
2281
2523
|
# @!attribute [rw] web_acl_name
|
2282
|
-
#
|
2283
|
-
#
|
2524
|
+
# The name of the Web ACL. You cannot change the name of a Web ACL
|
2525
|
+
# after you create it.
|
2284
2526
|
# @return [String]
|
2285
2527
|
#
|
2286
2528
|
# @!attribute [rw] web_acl_id
|
@@ -2329,8 +2571,8 @@ module Aws::WAFV2
|
|
2329
2571
|
# }
|
2330
2572
|
#
|
2331
2573
|
# @!attribute [rw] name
|
2332
|
-
#
|
2333
|
-
#
|
2574
|
+
# The name of the set. You cannot change the name after you create the
|
2575
|
+
# set.
|
2334
2576
|
# @return [String]
|
2335
2577
|
#
|
2336
2578
|
# @!attribute [rw] scope
|
@@ -2341,7 +2583,7 @@ module Aws::WAFV2
|
|
2341
2583
|
# To work with CloudFront, you must also specify the Region US East
|
2342
2584
|
# (N. Virginia) as follows:
|
2343
2585
|
#
|
2344
|
-
# * CLI - Specify the
|
2586
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
2345
2587
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
2346
2588
|
#
|
2347
2589
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -2395,8 +2637,8 @@ module Aws::WAFV2
|
|
2395
2637
|
# }
|
2396
2638
|
#
|
2397
2639
|
# @!attribute [rw] name
|
2398
|
-
#
|
2399
|
-
#
|
2640
|
+
# The name of the rule group. You cannot change the name of a rule
|
2641
|
+
# group after you create it.
|
2400
2642
|
# @return [String]
|
2401
2643
|
#
|
2402
2644
|
# @!attribute [rw] scope
|
@@ -2407,7 +2649,7 @@ module Aws::WAFV2
|
|
2407
2649
|
# To work with CloudFront, you must also specify the Region US East
|
2408
2650
|
# (N. Virginia) as follows:
|
2409
2651
|
#
|
2410
|
-
# * CLI - Specify the
|
2652
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
2411
2653
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
2412
2654
|
#
|
2413
2655
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -2483,7 +2725,7 @@ module Aws::WAFV2
|
|
2483
2725
|
# To work with CloudFront, you must also specify the Region US East
|
2484
2726
|
# (N. Virginia) as follows:
|
2485
2727
|
#
|
2486
|
-
# * CLI - Specify the
|
2728
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
2487
2729
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
2488
2730
|
#
|
2489
2731
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -2585,8 +2827,8 @@ module Aws::WAFV2
|
|
2585
2827
|
# }
|
2586
2828
|
#
|
2587
2829
|
# @!attribute [rw] name
|
2588
|
-
#
|
2589
|
-
#
|
2830
|
+
# The name of the Web ACL. You cannot change the name of a Web ACL
|
2831
|
+
# after you create it.
|
2590
2832
|
# @return [String]
|
2591
2833
|
#
|
2592
2834
|
# @!attribute [rw] scope
|
@@ -2597,7 +2839,7 @@ module Aws::WAFV2
|
|
2597
2839
|
# To work with CloudFront, you must also specify the Region US East
|
2598
2840
|
# (N. Virginia) as follows:
|
2599
2841
|
#
|
2600
|
-
# * CLI - Specify the
|
2842
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
2601
2843
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
2602
2844
|
#
|
2603
2845
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -2765,8 +3007,8 @@ module Aws::WAFV2
|
|
2765
3007
|
# [2]: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
|
2766
3008
|
#
|
2767
3009
|
# @!attribute [rw] name
|
2768
|
-
#
|
2769
|
-
#
|
3010
|
+
# The name of the IP set. You cannot change the name of an `IPSet`
|
3011
|
+
# after you create it.
|
2770
3012
|
# @return [String]
|
2771
3013
|
#
|
2772
3014
|
# @!attribute [rw] id
|
@@ -2780,8 +3022,8 @@ module Aws::WAFV2
|
|
2780
3022
|
# @return [String]
|
2781
3023
|
#
|
2782
3024
|
# @!attribute [rw] description
|
2783
|
-
# A
|
2784
|
-
# description of an IP set after you create it.
|
3025
|
+
# A description of the IP set that helps with identification. You
|
3026
|
+
# cannot change the description of an IP set after you create it.
|
2785
3027
|
# @return [String]
|
2786
3028
|
#
|
2787
3029
|
# @!attribute [rw] ip_address_version
|
@@ -2892,8 +3134,8 @@ module Aws::WAFV2
|
|
2892
3134
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
2893
3135
|
#
|
2894
3136
|
# @!attribute [rw] name
|
2895
|
-
#
|
2896
|
-
#
|
3137
|
+
# The name of the IP set. You cannot change the name of an `IPSet`
|
3138
|
+
# after you create it.
|
2897
3139
|
# @return [String]
|
2898
3140
|
#
|
2899
3141
|
# @!attribute [rw] id
|
@@ -2903,8 +3145,8 @@ module Aws::WAFV2
|
|
2903
3145
|
# @return [String]
|
2904
3146
|
#
|
2905
3147
|
# @!attribute [rw] description
|
2906
|
-
# A
|
2907
|
-
# description of an IP set after you create it.
|
3148
|
+
# A description of the IP set that helps with identification. You
|
3149
|
+
# cannot change the description of an IP set after you create it.
|
2908
3150
|
# @return [String]
|
2909
3151
|
#
|
2910
3152
|
# @!attribute [rw] lock_token
|
@@ -2951,7 +3193,7 @@ module Aws::WAFV2
|
|
2951
3193
|
# To work with CloudFront, you must also specify the Region US East
|
2952
3194
|
# (N. Virginia) as follows:
|
2953
3195
|
#
|
2954
|
-
# * CLI - Specify the
|
3196
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
2955
3197
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
2956
3198
|
#
|
2957
3199
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -3017,7 +3259,7 @@ module Aws::WAFV2
|
|
3017
3259
|
# To work with CloudFront, you must also specify the Region US East
|
3018
3260
|
# (N. Virginia) as follows:
|
3019
3261
|
#
|
3020
|
-
# * CLI - Specify the
|
3262
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
3021
3263
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
3022
3264
|
#
|
3023
3265
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -3085,7 +3327,7 @@ module Aws::WAFV2
|
|
3085
3327
|
# To work with CloudFront, you must also specify the Region US East
|
3086
3328
|
# (N. Virginia) as follows:
|
3087
3329
|
#
|
3088
|
-
# * CLI - Specify the
|
3330
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
3089
3331
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
3090
3332
|
#
|
3091
3333
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -3151,7 +3393,7 @@ module Aws::WAFV2
|
|
3151
3393
|
# To work with CloudFront, you must also specify the Region US East
|
3152
3394
|
# (N. Virginia) as follows:
|
3153
3395
|
#
|
3154
|
-
# * CLI - Specify the
|
3396
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
3155
3397
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
3156
3398
|
#
|
3157
3399
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -3255,7 +3497,7 @@ module Aws::WAFV2
|
|
3255
3497
|
# To work with CloudFront, you must also specify the Region US East
|
3256
3498
|
# (N. Virginia) as follows:
|
3257
3499
|
#
|
3258
|
-
# * CLI - Specify the
|
3500
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
3259
3501
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
3260
3502
|
#
|
3261
3503
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -3378,7 +3620,7 @@ module Aws::WAFV2
|
|
3378
3620
|
# To work with CloudFront, you must also specify the Region US East
|
3379
3621
|
# (N. Virginia) as follows:
|
3380
3622
|
#
|
3381
|
-
# * CLI - Specify the
|
3623
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
3382
3624
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
3383
3625
|
#
|
3384
3626
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -3565,7 +3807,7 @@ module Aws::WAFV2
|
|
3565
3807
|
# ListAvailableManagedRuleGroups. This provides information like the
|
3566
3808
|
# name and vendor name, that you provide when you add a
|
3567
3809
|
# ManagedRuleGroupStatement to a web ACL. Managed rule groups include
|
3568
|
-
# AWS
|
3810
|
+
# AWS Managed Rules rule groups, which are free of charge to AWS WAF
|
3569
3811
|
# customers, and AWS Marketplace managed rule groups, which you can
|
3570
3812
|
# subscribe to through AWS Marketplace.
|
3571
3813
|
#
|
@@ -3584,8 +3826,8 @@ module Aws::WAFV2
|
|
3584
3826
|
# @return [String]
|
3585
3827
|
#
|
3586
3828
|
# @!attribute [rw] description
|
3587
|
-
# The description of the managed rule group, provided by AWS
|
3588
|
-
# AWS Marketplace seller who manages it.
|
3829
|
+
# The description of the managed rule group, provided by AWS Managed
|
3830
|
+
# Rules or the AWS Marketplace seller who manages it.
|
3589
3831
|
# @return [String]
|
3590
3832
|
#
|
3591
3833
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleGroupSummary AWS API Documentation
|
@@ -3607,6 +3849,9 @@ module Aws::WAFV2
|
|
3607
3849
|
# The HTTP method of a web request. The method indicates the type of
|
3608
3850
|
# operation that the request is asking the origin to perform.
|
3609
3851
|
#
|
3852
|
+
# This is used only to indicate the web request component for AWS WAF to
|
3853
|
+
# inspect, in the FieldToMatch specification.
|
3854
|
+
#
|
3610
3855
|
#
|
3611
3856
|
#
|
3612
3857
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
@@ -3626,8 +3871,10 @@ module Aws::WAFV2
|
|
3626
3871
|
#
|
3627
3872
|
# Specifies that AWS WAF should do nothing. This is generally used to
|
3628
3873
|
# try out a rule without performing any actions. You set the
|
3629
|
-
# `OverrideAction` on the Rule
|
3630
|
-
#
|
3874
|
+
# `OverrideAction` on the Rule.
|
3875
|
+
#
|
3876
|
+
# This is used only in the context of other settings, for example to
|
3877
|
+
# specify values for RuleAction and web ACL DefaultAction.
|
3631
3878
|
#
|
3632
3879
|
#
|
3633
3880
|
#
|
@@ -4073,21 +4320,22 @@ module Aws::WAFV2
|
|
4073
4320
|
include Aws::Structure
|
4074
4321
|
end
|
4075
4322
|
|
4076
|
-
#
|
4077
|
-
#
|
4078
|
-
#
|
4079
|
-
# Guide][1].
|
4080
|
-
#
|
4081
|
-
# </note>
|
4323
|
+
# The override action to apply to the rules in a rule group. Used only
|
4324
|
+
# for rule statements that reference a rule group, like
|
4325
|
+
# `RuleGroupReferenceStatement` and `ManagedRuleGroupStatement`.
|
4082
4326
|
#
|
4083
|
-
#
|
4084
|
-
#
|
4085
|
-
#
|
4086
|
-
# counts the match.
|
4327
|
+
# Set the override action to none to leave the rule actions in effect.
|
4328
|
+
# Set it to count to only count matches, regardless of the rule action
|
4329
|
+
# settings.
|
4087
4330
|
#
|
4331
|
+
# In a Rule, you must specify either this `OverrideAction` setting or
|
4332
|
+
# the rule `Action` setting, but not both:
|
4088
4333
|
#
|
4334
|
+
# * If the rule statement references a rule group, use this override
|
4335
|
+
# action setting and not the action setting.
|
4089
4336
|
#
|
4090
|
-
#
|
4337
|
+
# * If the rule statement does not reference a rule group, use the rule
|
4338
|
+
# action setting and not this rule override action setting.
|
4091
4339
|
#
|
4092
4340
|
# @note When making an API call, you may pass OverrideAction
|
4093
4341
|
# data as a hash:
|
@@ -4165,6 +4413,57 @@ module Aws::WAFV2
|
|
4165
4413
|
include Aws::Structure
|
4166
4414
|
end
|
4167
4415
|
|
4416
|
+
# @note When making an API call, you may pass PutPermissionPolicyRequest
|
4417
|
+
# data as a hash:
|
4418
|
+
#
|
4419
|
+
# {
|
4420
|
+
# resource_arn: "ResourceArn", # required
|
4421
|
+
# policy: "PolicyString", # required
|
4422
|
+
# }
|
4423
|
+
#
|
4424
|
+
# @!attribute [rw] resource_arn
|
4425
|
+
# The Amazon Resource Name (ARN) of the RuleGroup to which you want to
|
4426
|
+
# attach the policy.
|
4427
|
+
# @return [String]
|
4428
|
+
#
|
4429
|
+
# @!attribute [rw] policy
|
4430
|
+
# The policy to attach to the specified rule group.
|
4431
|
+
#
|
4432
|
+
# The policy specifications must conform to the following:
|
4433
|
+
#
|
4434
|
+
# * The policy must be composed using IAM Policy version 2012-10-17 or
|
4435
|
+
# version 2015-01-01.
|
4436
|
+
#
|
4437
|
+
# * The policy must include specifications for `Effect`, `Action`, and
|
4438
|
+
# `Principal`.
|
4439
|
+
#
|
4440
|
+
# * `Effect` must specify `Allow`.
|
4441
|
+
#
|
4442
|
+
# * `Action` must specify `wafv2:CreateWebACL`, `wafv2:UpdateWebACL`,
|
4443
|
+
# and `wafv2:PutFirewallManagerRuleGroups`. AWS WAF rejects any
|
4444
|
+
# extra actions or wildcard actions in the policy.
|
4445
|
+
#
|
4446
|
+
# * The policy must not include a `Resource` parameter.
|
4447
|
+
#
|
4448
|
+
# For more information, see [IAM Policies][1].
|
4449
|
+
#
|
4450
|
+
#
|
4451
|
+
#
|
4452
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
|
4453
|
+
# @return [String]
|
4454
|
+
#
|
4455
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/PutPermissionPolicyRequest AWS API Documentation
|
4456
|
+
#
|
4457
|
+
class PutPermissionPolicyRequest < Struct.new(
|
4458
|
+
:resource_arn,
|
4459
|
+
:policy)
|
4460
|
+
include Aws::Structure
|
4461
|
+
end
|
4462
|
+
|
4463
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/PutPermissionPolicyResponse AWS API Documentation
|
4464
|
+
#
|
4465
|
+
class PutPermissionPolicyResponse < Aws::EmptyStructure; end
|
4466
|
+
|
4168
4467
|
# <note markdown="1"> This is the latest version of **AWS WAF**, named AWS WAFV2, released
|
4169
4468
|
# in November, 2019. For information, including how to migrate your AWS
|
4170
4469
|
# WAF resources from the prior release, see the [AWS WAF Developer
|
@@ -4175,6 +4474,9 @@ module Aws::WAFV2
|
|
4175
4474
|
# The query string of a web request. This is the part of a URL that
|
4176
4475
|
# appears after a `?` character, if any.
|
4177
4476
|
#
|
4477
|
+
# This is used only to indicate the web request component for AWS WAF to
|
4478
|
+
# inspect, in the FieldToMatch specification.
|
4479
|
+
#
|
4178
4480
|
#
|
4179
4481
|
#
|
4180
4482
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
@@ -4529,8 +4831,8 @@ module Aws::WAFV2
|
|
4529
4831
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
4530
4832
|
#
|
4531
4833
|
# @!attribute [rw] name
|
4532
|
-
#
|
4533
|
-
#
|
4834
|
+
# The name of the set. You cannot change the name after you create the
|
4835
|
+
# set.
|
4534
4836
|
# @return [String]
|
4535
4837
|
#
|
4536
4838
|
# @!attribute [rw] id
|
@@ -4544,8 +4846,8 @@ module Aws::WAFV2
|
|
4544
4846
|
# @return [String]
|
4545
4847
|
#
|
4546
4848
|
# @!attribute [rw] description
|
4547
|
-
# A
|
4548
|
-
# of a set after you create it.
|
4849
|
+
# A description of the set that helps with identification. You cannot
|
4850
|
+
# change the description of a set after you create it.
|
4549
4851
|
# @return [String]
|
4550
4852
|
#
|
4551
4853
|
# @!attribute [rw] regular_expression_list
|
@@ -4632,9 +4934,9 @@ module Aws::WAFV2
|
|
4632
4934
|
# Text transformations eliminate some of the unusual formatting that
|
4633
4935
|
# attackers use in web requests in an effort to bypass detection. If
|
4634
4936
|
# you specify one or more transformations in a rule statement, AWS WAF
|
4635
|
-
# performs all transformations on the content
|
4636
|
-
# `FieldToMatch`, starting from the lowest priority
|
4637
|
-
# inspecting the content for a match.
|
4937
|
+
# performs all transformations on the content of the request component
|
4938
|
+
# identified by `FieldToMatch`, starting from the lowest priority
|
4939
|
+
# setting, before inspecting the content for a match.
|
4638
4940
|
# @return [Array<Types::TextTransformation>]
|
4639
4941
|
#
|
4640
4942
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RegexPatternSetReferenceStatement AWS API Documentation
|
@@ -4664,8 +4966,8 @@ module Aws::WAFV2
|
|
4664
4966
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
4665
4967
|
#
|
4666
4968
|
# @!attribute [rw] name
|
4667
|
-
#
|
4668
|
-
#
|
4969
|
+
# The name of the data type instance. You cannot change the name after
|
4970
|
+
# you create the instance.
|
4669
4971
|
# @return [String]
|
4670
4972
|
#
|
4671
4973
|
# @!attribute [rw] id
|
@@ -4675,8 +4977,8 @@ module Aws::WAFV2
|
|
4675
4977
|
# @return [String]
|
4676
4978
|
#
|
4677
4979
|
# @!attribute [rw] description
|
4678
|
-
# A
|
4679
|
-
# of a set after you create it.
|
4980
|
+
# A description of the set that helps with identification. You cannot
|
4981
|
+
# change the description of a set after you create it.
|
4680
4982
|
# @return [String]
|
4681
4983
|
#
|
4682
4984
|
# @!attribute [rw] lock_token
|
@@ -4937,8 +5239,8 @@ module Aws::WAFV2
|
|
4937
5239
|
# }
|
4938
5240
|
#
|
4939
5241
|
# @!attribute [rw] name
|
4940
|
-
#
|
4941
|
-
#
|
5242
|
+
# The name of the rule. You can't change the name of a `Rule` after
|
5243
|
+
# you create it.
|
4942
5244
|
# @return [String]
|
4943
5245
|
#
|
4944
5246
|
# @!attribute [rw] priority
|
@@ -4956,15 +5258,40 @@ module Aws::WAFV2
|
|
4956
5258
|
#
|
4957
5259
|
# @!attribute [rw] action
|
4958
5260
|
# The action that AWS WAF should take on a web request when it matches
|
4959
|
-
# the rule
|
4960
|
-
#
|
5261
|
+
# the rule statement. Settings at the web ACL level can override the
|
5262
|
+
# rule action setting.
|
5263
|
+
#
|
5264
|
+
# This is used only for rules whose statements do not reference a rule
|
5265
|
+
# group. Rule statements that reference a rule group include
|
5266
|
+
# `RuleGroupReferenceStatement` and `ManagedRuleGroupStatement`.
|
5267
|
+
#
|
5268
|
+
# You must specify either this `Action` setting or the rule
|
5269
|
+
# `OverrideAction` setting, but not both:
|
5270
|
+
#
|
5271
|
+
# * If the rule statement does not reference a rule group, use this
|
5272
|
+
# rule action setting and not the rule override action setting.
|
5273
|
+
#
|
5274
|
+
# * If the rule statement references a rule group, use the override
|
5275
|
+
# action setting and not this action setting.
|
4961
5276
|
# @return [Types::RuleAction]
|
4962
5277
|
#
|
4963
5278
|
# @!attribute [rw] override_action
|
4964
|
-
# The action to
|
4965
|
-
#
|
4966
|
-
#
|
4967
|
-
#
|
5279
|
+
# The override action to apply to the rules in a rule group. Used only
|
5280
|
+
# for rule statements that reference a rule group, like
|
5281
|
+
# `RuleGroupReferenceStatement` and `ManagedRuleGroupStatement`.
|
5282
|
+
#
|
5283
|
+
# Set the override action to none to leave the rule actions in effect.
|
5284
|
+
# Set it to count to only count matches, regardless of the rule action
|
5285
|
+
# settings.
|
5286
|
+
#
|
5287
|
+
# In a Rule, you must specify either this `OverrideAction` setting or
|
5288
|
+
# the rule `Action` setting, but not both:
|
5289
|
+
#
|
5290
|
+
# * If the rule statement references a rule group, use this override
|
5291
|
+
# action setting and not the action setting.
|
5292
|
+
#
|
5293
|
+
# * If the rule statement does not reference a rule group, use the
|
5294
|
+
# rule action setting and not this rule override action setting.
|
4968
5295
|
# @return [Types::OverrideAction]
|
4969
5296
|
#
|
4970
5297
|
# @!attribute [rw] visibility_config
|
@@ -5050,8 +5377,8 @@ module Aws::WAFV2
|
|
5050
5377
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
5051
5378
|
#
|
5052
5379
|
# @!attribute [rw] name
|
5053
|
-
#
|
5054
|
-
#
|
5380
|
+
# The name of the rule group. You cannot change the name of a rule
|
5381
|
+
# group after you create it.
|
5055
5382
|
# @return [String]
|
5056
5383
|
#
|
5057
5384
|
# @!attribute [rw] id
|
@@ -5083,8 +5410,8 @@ module Aws::WAFV2
|
|
5083
5410
|
# @return [String]
|
5084
5411
|
#
|
5085
5412
|
# @!attribute [rw] description
|
5086
|
-
# A
|
5087
|
-
# description of a rule group after you create it.
|
5413
|
+
# A description of the rule group that helps with identification. You
|
5414
|
+
# cannot change the description of a rule group after you create it.
|
5088
5415
|
# @return [String]
|
5089
5416
|
#
|
5090
5417
|
# @!attribute [rw] rules
|
@@ -5178,8 +5505,8 @@ module Aws::WAFV2
|
|
5178
5505
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
5179
5506
|
#
|
5180
5507
|
# @!attribute [rw] name
|
5181
|
-
#
|
5182
|
-
#
|
5508
|
+
# The name of the data type instance. You cannot change the name after
|
5509
|
+
# you create the instance.
|
5183
5510
|
# @return [String]
|
5184
5511
|
#
|
5185
5512
|
# @!attribute [rw] id
|
@@ -5189,8 +5516,8 @@ module Aws::WAFV2
|
|
5189
5516
|
# @return [String]
|
5190
5517
|
#
|
5191
5518
|
# @!attribute [rw] description
|
5192
|
-
# A
|
5193
|
-
# description of a rule group after you create it.
|
5519
|
+
# A description of the rule group that helps with identification. You
|
5520
|
+
# cannot change the description of a rule group after you create it.
|
5194
5521
|
# @return [String]
|
5195
5522
|
#
|
5196
5523
|
# @!attribute [rw] lock_token
|
@@ -5333,6 +5660,9 @@ module Aws::WAFV2
|
|
5333
5660
|
# One of the headers in a web request, identified by name, for example,
|
5334
5661
|
# `User-Agent` or `Referer`. This setting isn't case sensitive.
|
5335
5662
|
#
|
5663
|
+
# This is used only to indicate the web request component for AWS WAF to
|
5664
|
+
# inspect, in the FieldToMatch specification.
|
5665
|
+
#
|
5336
5666
|
#
|
5337
5667
|
#
|
5338
5668
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
@@ -5464,9 +5794,9 @@ module Aws::WAFV2
|
|
5464
5794
|
# Text transformations eliminate some of the unusual formatting that
|
5465
5795
|
# attackers use in web requests in an effort to bypass detection. If
|
5466
5796
|
# you specify one or more transformations in a rule statement, AWS WAF
|
5467
|
-
# performs all transformations on the content
|
5468
|
-
# `FieldToMatch`, starting from the lowest priority
|
5469
|
-
# inspecting the content for a match.
|
5797
|
+
# performs all transformations on the content of the request component
|
5798
|
+
# identified by `FieldToMatch`, starting from the lowest priority
|
5799
|
+
# setting, before inspecting the content for a match.
|
5470
5800
|
# @return [Array<Types::TextTransformation>]
|
5471
5801
|
#
|
5472
5802
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/SizeConstraintStatement AWS API Documentation
|
@@ -5538,9 +5868,9 @@ module Aws::WAFV2
|
|
5538
5868
|
# Text transformations eliminate some of the unusual formatting that
|
5539
5869
|
# attackers use in web requests in an effort to bypass detection. If
|
5540
5870
|
# you specify one or more transformations in a rule statement, AWS WAF
|
5541
|
-
# performs all transformations on the content
|
5542
|
-
# `FieldToMatch`, starting from the lowest priority
|
5543
|
-
# inspecting the content for a match.
|
5871
|
+
# performs all transformations on the content of the request component
|
5872
|
+
# identified by `FieldToMatch`, starting from the lowest priority
|
5873
|
+
# setting, before inspecting the content for a match.
|
5544
5874
|
# @return [Array<Types::TextTransformation>]
|
5545
5875
|
#
|
5546
5876
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/SqliMatchStatement AWS API Documentation
|
@@ -6960,8 +7290,8 @@ module Aws::WAFV2
|
|
6960
7290
|
# }
|
6961
7291
|
#
|
6962
7292
|
# @!attribute [rw] name
|
6963
|
-
#
|
6964
|
-
#
|
7293
|
+
# The name of the IP set. You cannot change the name of an `IPSet`
|
7294
|
+
# after you create it.
|
6965
7295
|
# @return [String]
|
6966
7296
|
#
|
6967
7297
|
# @!attribute [rw] scope
|
@@ -6972,7 +7302,7 @@ module Aws::WAFV2
|
|
6972
7302
|
# To work with CloudFront, you must also specify the Region US East
|
6973
7303
|
# (N. Virginia) as follows:
|
6974
7304
|
#
|
6975
|
-
# * CLI - Specify the
|
7305
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
6976
7306
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
6977
7307
|
#
|
6978
7308
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -6985,8 +7315,8 @@ module Aws::WAFV2
|
|
6985
7315
|
# @return [String]
|
6986
7316
|
#
|
6987
7317
|
# @!attribute [rw] description
|
6988
|
-
# A
|
6989
|
-
# description of an IP set after you create it.
|
7318
|
+
# A description of the IP set that helps with identification. You
|
7319
|
+
# cannot change the description of an IP set after you create it.
|
6990
7320
|
# @return [String]
|
6991
7321
|
#
|
6992
7322
|
# @!attribute [rw] addresses
|
@@ -7078,8 +7408,8 @@ module Aws::WAFV2
|
|
7078
7408
|
# }
|
7079
7409
|
#
|
7080
7410
|
# @!attribute [rw] name
|
7081
|
-
#
|
7082
|
-
#
|
7411
|
+
# The name of the set. You cannot change the name after you create the
|
7412
|
+
# set.
|
7083
7413
|
# @return [String]
|
7084
7414
|
#
|
7085
7415
|
# @!attribute [rw] scope
|
@@ -7090,7 +7420,7 @@ module Aws::WAFV2
|
|
7090
7420
|
# To work with CloudFront, you must also specify the Region US East
|
7091
7421
|
# (N. Virginia) as follows:
|
7092
7422
|
#
|
7093
|
-
# * CLI - Specify the
|
7423
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
7094
7424
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
7095
7425
|
#
|
7096
7426
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -7103,8 +7433,8 @@ module Aws::WAFV2
|
|
7103
7433
|
# @return [String]
|
7104
7434
|
#
|
7105
7435
|
# @!attribute [rw] description
|
7106
|
-
# A
|
7107
|
-
# of a set after you create it.
|
7436
|
+
# A description of the set that helps with identification. You cannot
|
7437
|
+
# change the description of a set after you create it.
|
7108
7438
|
# @return [String]
|
7109
7439
|
#
|
7110
7440
|
# @!attribute [rw] regular_expression_list
|
@@ -7375,8 +7705,8 @@ module Aws::WAFV2
|
|
7375
7705
|
# }
|
7376
7706
|
#
|
7377
7707
|
# @!attribute [rw] name
|
7378
|
-
#
|
7379
|
-
#
|
7708
|
+
# The name of the rule group. You cannot change the name of a rule
|
7709
|
+
# group after you create it.
|
7380
7710
|
# @return [String]
|
7381
7711
|
#
|
7382
7712
|
# @!attribute [rw] scope
|
@@ -7387,7 +7717,7 @@ module Aws::WAFV2
|
|
7387
7717
|
# To work with CloudFront, you must also specify the Region US East
|
7388
7718
|
# (N. Virginia) as follows:
|
7389
7719
|
#
|
7390
|
-
# * CLI - Specify the
|
7720
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
7391
7721
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
7392
7722
|
#
|
7393
7723
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -7400,8 +7730,8 @@ module Aws::WAFV2
|
|
7400
7730
|
# @return [String]
|
7401
7731
|
#
|
7402
7732
|
# @!attribute [rw] description
|
7403
|
-
# A
|
7404
|
-
# description of a rule group after you create it.
|
7733
|
+
# A description of the rule group that helps with identification. You
|
7734
|
+
# cannot change the description of a rule group after you create it.
|
7405
7735
|
# @return [String]
|
7406
7736
|
#
|
7407
7737
|
# @!attribute [rw] rules
|
@@ -7688,8 +8018,8 @@ module Aws::WAFV2
|
|
7688
8018
|
# }
|
7689
8019
|
#
|
7690
8020
|
# @!attribute [rw] name
|
7691
|
-
#
|
7692
|
-
#
|
8021
|
+
# The name of the Web ACL. You cannot change the name of a Web ACL
|
8022
|
+
# after you create it.
|
7693
8023
|
# @return [String]
|
7694
8024
|
#
|
7695
8025
|
# @!attribute [rw] scope
|
@@ -7700,7 +8030,7 @@ module Aws::WAFV2
|
|
7700
8030
|
# To work with CloudFront, you must also specify the Region US East
|
7701
8031
|
# (N. Virginia) as follows:
|
7702
8032
|
#
|
7703
|
-
# * CLI - Specify the
|
8033
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
7704
8034
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
7705
8035
|
#
|
7706
8036
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -7718,8 +8048,8 @@ module Aws::WAFV2
|
|
7718
8048
|
# @return [Types::DefaultAction]
|
7719
8049
|
#
|
7720
8050
|
# @!attribute [rw] description
|
7721
|
-
# A
|
7722
|
-
# description of a Web ACL after you create it.
|
8051
|
+
# A description of the Web ACL that helps with identification. You
|
8052
|
+
# cannot change the description of a Web ACL after you create it.
|
7723
8053
|
# @return [String]
|
7724
8054
|
#
|
7725
8055
|
# @!attribute [rw] rules
|
@@ -7784,6 +8114,9 @@ module Aws::WAFV2
|
|
7784
8114
|
# web request that identifies a resource, for example,
|
7785
8115
|
# `/images/daily-ad.jpg`.
|
7786
8116
|
#
|
8117
|
+
# This is used only to indicate the web request component for AWS WAF to
|
8118
|
+
# inspect, in the FieldToMatch specification.
|
8119
|
+
#
|
7787
8120
|
#
|
7788
8121
|
#
|
7789
8122
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
@@ -7834,7 +8167,7 @@ module Aws::WAFV2
|
|
7834
8167
|
# @return [Boolean]
|
7835
8168
|
#
|
7836
8169
|
# @!attribute [rw] metric_name
|
7837
|
-
# A
|
8170
|
+
# A name of the CloudWatch metric. The name can contain only
|
7838
8171
|
# alphanumeric characters (A-Z, a-z, 0-9), with length from one to 128
|
7839
8172
|
# characters. It can't contain whitespace or metric names reserved
|
7840
8173
|
# for AWS WAF, for example "All" and "Default\_Action." You can't
|
@@ -7889,6 +8222,18 @@ module Aws::WAFV2
|
|
7889
8222
|
include Aws::Structure
|
7890
8223
|
end
|
7891
8224
|
|
8225
|
+
# The operation isn't valid.
|
8226
|
+
#
|
8227
|
+
# @!attribute [rw] message
|
8228
|
+
# @return [String]
|
8229
|
+
#
|
8230
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WAFInvalidOperationException AWS API Documentation
|
8231
|
+
#
|
8232
|
+
class WAFInvalidOperationException < Struct.new(
|
8233
|
+
:message)
|
8234
|
+
include Aws::Structure
|
8235
|
+
end
|
8236
|
+
|
7892
8237
|
# The operation failed because AWS WAF didn't recognize a parameter in
|
7893
8238
|
# the request. For example:
|
7894
8239
|
#
|
@@ -7925,6 +8270,41 @@ module Aws::WAFV2
|
|
7925
8270
|
include Aws::Structure
|
7926
8271
|
end
|
7927
8272
|
|
8273
|
+
# The operation failed because the specified policy isn't in the proper
|
8274
|
+
# format.
|
8275
|
+
#
|
8276
|
+
# The policy specifications must conform to the following:
|
8277
|
+
#
|
8278
|
+
# * The policy must be composed using IAM Policy version 2012-10-17 or
|
8279
|
+
# version 2015-01-01.
|
8280
|
+
#
|
8281
|
+
# * The policy must include specifications for `Effect`, `Action`, and
|
8282
|
+
# `Principal`.
|
8283
|
+
#
|
8284
|
+
# * `Effect` must specify `Allow`.
|
8285
|
+
#
|
8286
|
+
# * `Action` must specify `wafv2:CreateWebACL`, `wafv2:UpdateWebACL`,
|
8287
|
+
# and `wafv2:PutFirewallManagerRuleGroups`. AWS WAF rejects any extra
|
8288
|
+
# actions or wildcard actions in the policy.
|
8289
|
+
#
|
8290
|
+
# * The policy must not include a `Resource` parameter.
|
8291
|
+
#
|
8292
|
+
# For more information, see [IAM Policies][1].
|
8293
|
+
#
|
8294
|
+
#
|
8295
|
+
#
|
8296
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
|
8297
|
+
#
|
8298
|
+
# @!attribute [rw] message
|
8299
|
+
# @return [String]
|
8300
|
+
#
|
8301
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WAFInvalidPermissionPolicyException AWS API Documentation
|
8302
|
+
#
|
8303
|
+
class WAFInvalidPermissionPolicyException < Struct.new(
|
8304
|
+
:message)
|
8305
|
+
include Aws::Structure
|
8306
|
+
end
|
8307
|
+
|
7928
8308
|
# AWS WAF couldn’t perform the operation because the resource that you
|
7929
8309
|
# requested isn’t valid. Check the resource, and try again.
|
7930
8310
|
#
|
@@ -8005,6 +8385,16 @@ module Aws::WAFV2
|
|
8005
8385
|
include Aws::Structure
|
8006
8386
|
end
|
8007
8387
|
|
8388
|
+
# @!attribute [rw] message
|
8389
|
+
# @return [String]
|
8390
|
+
#
|
8391
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WAFSubscriptionNotFoundException AWS API Documentation
|
8392
|
+
#
|
8393
|
+
class WAFSubscriptionNotFoundException < Struct.new(
|
8394
|
+
:message)
|
8395
|
+
include Aws::Structure
|
8396
|
+
end
|
8397
|
+
|
8008
8398
|
# An error occurred during the tagging operation. Retry your request.
|
8009
8399
|
#
|
8010
8400
|
# @!attribute [rw] message
|
@@ -8065,8 +8455,8 @@ module Aws::WAFV2
|
|
8065
8455
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
8066
8456
|
#
|
8067
8457
|
# @!attribute [rw] name
|
8068
|
-
#
|
8069
|
-
#
|
8458
|
+
# The name of the Web ACL. You cannot change the name of a Web ACL
|
8459
|
+
# after you create it.
|
8070
8460
|
# @return [String]
|
8071
8461
|
#
|
8072
8462
|
# @!attribute [rw] id
|
@@ -8086,8 +8476,8 @@ module Aws::WAFV2
|
|
8086
8476
|
# @return [Types::DefaultAction]
|
8087
8477
|
#
|
8088
8478
|
# @!attribute [rw] description
|
8089
|
-
# A
|
8090
|
-
# description of a Web ACL after you create it.
|
8479
|
+
# A description of the Web ACL that helps with identification. You
|
8480
|
+
# cannot change the description of a Web ACL after you create it.
|
8091
8481
|
# @return [String]
|
8092
8482
|
#
|
8093
8483
|
# @!attribute [rw] rules
|
@@ -8116,6 +8506,38 @@ module Aws::WAFV2
|
|
8116
8506
|
# for web ACLs is 1,500.
|
8117
8507
|
# @return [Integer]
|
8118
8508
|
#
|
8509
|
+
# @!attribute [rw] pre_process_firewall_manager_rule_groups
|
8510
|
+
# The first set of rules for AWS WAF to process in the web ACL. This
|
8511
|
+
# is defined in an AWS Firewall Manager WAF policy and contains only
|
8512
|
+
# rule group references. You can't alter these. Any rules and rule
|
8513
|
+
# groups that you define for the web ACL are prioritized after these.
|
8514
|
+
#
|
8515
|
+
# In the Firewall Manager WAF policy, the Firewall Manager
|
8516
|
+
# administrator can define a set of rule groups to run first in the
|
8517
|
+
# web ACL and a set of rule groups to run last. Within each set, the
|
8518
|
+
# administrator prioritizes the rule groups, to determine their
|
8519
|
+
# relative processing order.
|
8520
|
+
# @return [Array<Types::FirewallManagerRuleGroup>]
|
8521
|
+
#
|
8522
|
+
# @!attribute [rw] post_process_firewall_manager_rule_groups
|
8523
|
+
# The last set of rules for AWS WAF to process in the web ACL. This is
|
8524
|
+
# defined in an AWS Firewall Manager WAF policy and contains only rule
|
8525
|
+
# group references. You can't alter these. Any rules and rule groups
|
8526
|
+
# that you define for the web ACL are prioritized before these.
|
8527
|
+
#
|
8528
|
+
# In the Firewall Manager WAF policy, the Firewall Manager
|
8529
|
+
# administrator can define a set of rule groups to run first in the
|
8530
|
+
# web ACL and a set of rule groups to run last. Within each set, the
|
8531
|
+
# administrator prioritizes the rule groups, to determine their
|
8532
|
+
# relative processing order.
|
8533
|
+
# @return [Array<Types::FirewallManagerRuleGroup>]
|
8534
|
+
#
|
8535
|
+
# @!attribute [rw] managed_by_firewall_manager
|
8536
|
+
# Indicates whether this web ACL is managed by AWS Firewall Manager.
|
8537
|
+
# If true, then only AWS Firewall Manager can delete the web ACL or
|
8538
|
+
# any Firewall Manager rule groups in the web ACL.
|
8539
|
+
# @return [Boolean]
|
8540
|
+
#
|
8119
8541
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WebACL AWS API Documentation
|
8120
8542
|
#
|
8121
8543
|
class WebACL < Struct.new(
|
@@ -8126,7 +8548,10 @@ module Aws::WAFV2
|
|
8126
8548
|
:description,
|
8127
8549
|
:rules,
|
8128
8550
|
:visibility_config,
|
8129
|
-
:capacity
|
8551
|
+
:capacity,
|
8552
|
+
:pre_process_firewall_manager_rule_groups,
|
8553
|
+
:post_process_firewall_manager_rule_groups,
|
8554
|
+
:managed_by_firewall_manager)
|
8130
8555
|
include Aws::Structure
|
8131
8556
|
end
|
8132
8557
|
|
@@ -8147,8 +8572,8 @@ module Aws::WAFV2
|
|
8147
8572
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
8148
8573
|
#
|
8149
8574
|
# @!attribute [rw] name
|
8150
|
-
#
|
8151
|
-
#
|
8575
|
+
# The name of the Web ACL. You cannot change the name of a Web ACL
|
8576
|
+
# after you create it.
|
8152
8577
|
# @return [String]
|
8153
8578
|
#
|
8154
8579
|
# @!attribute [rw] id
|
@@ -8158,8 +8583,8 @@ module Aws::WAFV2
|
|
8158
8583
|
# @return [String]
|
8159
8584
|
#
|
8160
8585
|
# @!attribute [rw] description
|
8161
|
-
# A
|
8162
|
-
# description of a Web ACL after you create it.
|
8586
|
+
# A description of the Web ACL that helps with identification. You
|
8587
|
+
# cannot change the description of a Web ACL after you create it.
|
8163
8588
|
# @return [String]
|
8164
8589
|
#
|
8165
8590
|
# @!attribute [rw] lock_token
|
@@ -8248,9 +8673,9 @@ module Aws::WAFV2
|
|
8248
8673
|
# Text transformations eliminate some of the unusual formatting that
|
8249
8674
|
# attackers use in web requests in an effort to bypass detection. If
|
8250
8675
|
# you specify one or more transformations in a rule statement, AWS WAF
|
8251
|
-
# performs all transformations on the content
|
8252
|
-
# `FieldToMatch`, starting from the lowest priority
|
8253
|
-
# inspecting the content for a match.
|
8676
|
+
# performs all transformations on the content of the request component
|
8677
|
+
# identified by `FieldToMatch`, starting from the lowest priority
|
8678
|
+
# setting, before inspecting the content for a match.
|
8254
8679
|
# @return [Array<Types::TextTransformation>]
|
8255
8680
|
#
|
8256
8681
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/XssMatchStatement AWS API Documentation
|