aws-sdk-wafv2 1.1.0 → 1.6.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/lib/aws-sdk-wafv2.rb +7 -4
- data/lib/aws-sdk-wafv2/client.rb +375 -96
- data/lib/aws-sdk-wafv2/client_api.rb +144 -0
- data/lib/aws-sdk-wafv2/errors.rb +65 -11
- data/lib/aws-sdk-wafv2/resource.rb +1 -0
- data/lib/aws-sdk-wafv2/types.rb +538 -148
- metadata +5 -5
data/lib/aws-sdk-wafv2/errors.rb
CHANGED
@@ -6,6 +6,43 @@
|
|
6
6
|
# WARNING ABOUT GENERATED CODE
|
7
7
|
|
8
8
|
module Aws::WAFV2
|
9
|
+
|
10
|
+
# When WAFV2 returns an error response, the Ruby SDK constructs and raises an error.
|
11
|
+
# These errors all extend Aws::WAFV2::Errors::ServiceError < {Aws::Errors::ServiceError}
|
12
|
+
#
|
13
|
+
# You can rescue all WAFV2 errors using ServiceError:
|
14
|
+
#
|
15
|
+
# begin
|
16
|
+
# # do stuff
|
17
|
+
# rescue Aws::WAFV2::Errors::ServiceError
|
18
|
+
# # rescues all WAFV2 API errors
|
19
|
+
# end
|
20
|
+
#
|
21
|
+
#
|
22
|
+
# ## Request Context
|
23
|
+
# ServiceError objects have a {Aws::Errors::ServiceError#context #context} method that returns
|
24
|
+
# information about the request that generated the error.
|
25
|
+
# See {Seahorse::Client::RequestContext} for more information.
|
26
|
+
#
|
27
|
+
# ## Error Classes
|
28
|
+
# * {WAFAssociatedItemException}
|
29
|
+
# * {WAFDuplicateItemException}
|
30
|
+
# * {WAFInternalErrorException}
|
31
|
+
# * {WAFInvalidOperationException}
|
32
|
+
# * {WAFInvalidParameterException}
|
33
|
+
# * {WAFInvalidPermissionPolicyException}
|
34
|
+
# * {WAFInvalidResourceException}
|
35
|
+
# * {WAFLimitsExceededException}
|
36
|
+
# * {WAFNonexistentItemException}
|
37
|
+
# * {WAFOptimisticLockException}
|
38
|
+
# * {WAFServiceLinkedRoleErrorException}
|
39
|
+
# * {WAFSubscriptionNotFoundException}
|
40
|
+
# * {WAFTagOperationException}
|
41
|
+
# * {WAFTagOperationInternalErrorException}
|
42
|
+
# * {WAFUnavailableEntityException}
|
43
|
+
#
|
44
|
+
# Additionally, error classes are dynamically generated for service errors based on the error code
|
45
|
+
# if they are not defined above.
|
9
46
|
module Errors
|
10
47
|
|
11
48
|
extend Aws::Errors::DynamicErrors
|
@@ -23,7 +60,6 @@ module Aws::WAFV2
|
|
23
60
|
def message
|
24
61
|
@message || @data[:message]
|
25
62
|
end
|
26
|
-
|
27
63
|
end
|
28
64
|
|
29
65
|
class WAFDuplicateItemException < ServiceError
|
@@ -39,7 +75,6 @@ module Aws::WAFV2
|
|
39
75
|
def message
|
40
76
|
@message || @data[:message]
|
41
77
|
end
|
42
|
-
|
43
78
|
end
|
44
79
|
|
45
80
|
class WAFInternalErrorException < ServiceError
|
@@ -55,7 +90,21 @@ module Aws::WAFV2
|
|
55
90
|
def message
|
56
91
|
@message || @data[:message]
|
57
92
|
end
|
93
|
+
end
|
94
|
+
|
95
|
+
class WAFInvalidOperationException < ServiceError
|
96
|
+
|
97
|
+
# @param [Seahorse::Client::RequestContext] context
|
98
|
+
# @param [String] message
|
99
|
+
# @param [Aws::WAFV2::Types::WAFInvalidOperationException] data
|
100
|
+
def initialize(context, message, data = Aws::EmptyStructure.new)
|
101
|
+
super(context, message, data)
|
102
|
+
end
|
58
103
|
|
104
|
+
# @return [String]
|
105
|
+
def message
|
106
|
+
@message || @data[:message]
|
107
|
+
end
|
59
108
|
end
|
60
109
|
|
61
110
|
class WAFInvalidParameterException < ServiceError
|
@@ -86,7 +135,21 @@ module Aws::WAFV2
|
|
86
135
|
def reason
|
87
136
|
@data[:reason]
|
88
137
|
end
|
138
|
+
end
|
139
|
+
|
140
|
+
class WAFInvalidPermissionPolicyException < ServiceError
|
141
|
+
|
142
|
+
# @param [Seahorse::Client::RequestContext] context
|
143
|
+
# @param [String] message
|
144
|
+
# @param [Aws::WAFV2::Types::WAFInvalidPermissionPolicyException] data
|
145
|
+
def initialize(context, message, data = Aws::EmptyStructure.new)
|
146
|
+
super(context, message, data)
|
147
|
+
end
|
89
148
|
|
149
|
+
# @return [String]
|
150
|
+
def message
|
151
|
+
@message || @data[:message]
|
152
|
+
end
|
90
153
|
end
|
91
154
|
|
92
155
|
class WAFInvalidResourceException < ServiceError
|
@@ -102,7 +165,6 @@ module Aws::WAFV2
|
|
102
165
|
def message
|
103
166
|
@message || @data[:message]
|
104
167
|
end
|
105
|
-
|
106
168
|
end
|
107
169
|
|
108
170
|
class WAFLimitsExceededException < ServiceError
|
@@ -118,7 +180,6 @@ module Aws::WAFV2
|
|
118
180
|
def message
|
119
181
|
@message || @data[:message]
|
120
182
|
end
|
121
|
-
|
122
183
|
end
|
123
184
|
|
124
185
|
class WAFNonexistentItemException < ServiceError
|
@@ -134,7 +195,6 @@ module Aws::WAFV2
|
|
134
195
|
def message
|
135
196
|
@message || @data[:message]
|
136
197
|
end
|
137
|
-
|
138
198
|
end
|
139
199
|
|
140
200
|
class WAFOptimisticLockException < ServiceError
|
@@ -150,7 +210,6 @@ module Aws::WAFV2
|
|
150
210
|
def message
|
151
211
|
@message || @data[:message]
|
152
212
|
end
|
153
|
-
|
154
213
|
end
|
155
214
|
|
156
215
|
class WAFServiceLinkedRoleErrorException < ServiceError
|
@@ -166,7 +225,6 @@ module Aws::WAFV2
|
|
166
225
|
def message
|
167
226
|
@message || @data[:message]
|
168
227
|
end
|
169
|
-
|
170
228
|
end
|
171
229
|
|
172
230
|
class WAFSubscriptionNotFoundException < ServiceError
|
@@ -182,7 +240,6 @@ module Aws::WAFV2
|
|
182
240
|
def message
|
183
241
|
@message || @data[:message]
|
184
242
|
end
|
185
|
-
|
186
243
|
end
|
187
244
|
|
188
245
|
class WAFTagOperationException < ServiceError
|
@@ -198,7 +255,6 @@ module Aws::WAFV2
|
|
198
255
|
def message
|
199
256
|
@message || @data[:message]
|
200
257
|
end
|
201
|
-
|
202
258
|
end
|
203
259
|
|
204
260
|
class WAFTagOperationInternalErrorException < ServiceError
|
@@ -214,7 +270,6 @@ module Aws::WAFV2
|
|
214
270
|
def message
|
215
271
|
@message || @data[:message]
|
216
272
|
end
|
217
|
-
|
218
273
|
end
|
219
274
|
|
220
275
|
class WAFUnavailableEntityException < ServiceError
|
@@ -230,7 +285,6 @@ module Aws::WAFV2
|
|
230
285
|
def message
|
231
286
|
@message || @data[:message]
|
232
287
|
end
|
233
|
-
|
234
288
|
end
|
235
289
|
|
236
290
|
end
|
data/lib/aws-sdk-wafv2/types.rb
CHANGED
@@ -408,8 +408,8 @@ module Aws::WAFV2
|
|
408
408
|
# only in the part of web requests that you designate for inspection
|
409
409
|
# in FieldToMatch. The maximum length of the value is 50 bytes.
|
410
410
|
#
|
411
|
-
# Valid values depend on the
|
412
|
-
# `FieldToMatch`\:
|
411
|
+
# Valid values depend on the component that you specify for inspection
|
412
|
+
# in `FieldToMatch`\:
|
413
413
|
#
|
414
414
|
# * `Method`\: The HTTP method that you want AWS WAF to search for.
|
415
415
|
# This indicates the type of operation specified in the request.
|
@@ -446,9 +446,9 @@ module Aws::WAFV2
|
|
446
446
|
# Text transformations eliminate some of the unusual formatting that
|
447
447
|
# attackers use in web requests in an effort to bypass detection. If
|
448
448
|
# you specify one or more transformations in a rule statement, AWS WAF
|
449
|
-
# performs all transformations on the content
|
450
|
-
# `FieldToMatch`, starting from the lowest priority
|
451
|
-
# inspecting the content for a match.
|
449
|
+
# performs all transformations on the content of the request component
|
450
|
+
# identified by `FieldToMatch`, starting from the lowest priority
|
451
|
+
# setting, before inspecting the content for a match.
|
452
452
|
# @return [Array<Types::TextTransformation>]
|
453
453
|
#
|
454
454
|
# @!attribute [rw] positional_constraint
|
@@ -730,7 +730,7 @@ module Aws::WAFV2
|
|
730
730
|
# To work with CloudFront, you must also specify the Region US East
|
731
731
|
# (N. Virginia) as follows:
|
732
732
|
#
|
733
|
-
# * CLI - Specify the
|
733
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
734
734
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
735
735
|
#
|
736
736
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -800,8 +800,8 @@ module Aws::WAFV2
|
|
800
800
|
# }
|
801
801
|
#
|
802
802
|
# @!attribute [rw] name
|
803
|
-
#
|
804
|
-
#
|
803
|
+
# The name of the IP set. You cannot change the name of an `IPSet`
|
804
|
+
# after you create it.
|
805
805
|
# @return [String]
|
806
806
|
#
|
807
807
|
# @!attribute [rw] scope
|
@@ -812,15 +812,15 @@ module Aws::WAFV2
|
|
812
812
|
# To work with CloudFront, you must also specify the Region US East
|
813
813
|
# (N. Virginia) as follows:
|
814
814
|
#
|
815
|
-
# * CLI - Specify the
|
815
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
816
816
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
817
817
|
#
|
818
818
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
819
819
|
# @return [String]
|
820
820
|
#
|
821
821
|
# @!attribute [rw] description
|
822
|
-
# A
|
823
|
-
# description of an IP set after you create it.
|
822
|
+
# A description of the IP set that helps with identification. You
|
823
|
+
# cannot change the description of an IP set after you create it.
|
824
824
|
# @return [String]
|
825
825
|
#
|
826
826
|
# @!attribute [rw] ip_address_version
|
@@ -913,8 +913,8 @@ module Aws::WAFV2
|
|
913
913
|
# }
|
914
914
|
#
|
915
915
|
# @!attribute [rw] name
|
916
|
-
#
|
917
|
-
#
|
916
|
+
# The name of the set. You cannot change the name after you create the
|
917
|
+
# set.
|
918
918
|
# @return [String]
|
919
919
|
#
|
920
920
|
# @!attribute [rw] scope
|
@@ -925,15 +925,15 @@ module Aws::WAFV2
|
|
925
925
|
# To work with CloudFront, you must also specify the Region US East
|
926
926
|
# (N. Virginia) as follows:
|
927
927
|
#
|
928
|
-
# * CLI - Specify the
|
928
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
929
929
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
930
930
|
#
|
931
931
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
932
932
|
# @return [String]
|
933
933
|
#
|
934
934
|
# @!attribute [rw] description
|
935
|
-
# A
|
936
|
-
# of a set after you create it.
|
935
|
+
# A description of the set that helps with identification. You cannot
|
936
|
+
# change the description of a set after you create it.
|
937
937
|
# @return [String]
|
938
938
|
#
|
939
939
|
# @!attribute [rw] regular_expression_list
|
@@ -1203,8 +1203,8 @@ module Aws::WAFV2
|
|
1203
1203
|
# }
|
1204
1204
|
#
|
1205
1205
|
# @!attribute [rw] name
|
1206
|
-
#
|
1207
|
-
#
|
1206
|
+
# The name of the rule group. You cannot change the name of a rule
|
1207
|
+
# group after you create it.
|
1208
1208
|
# @return [String]
|
1209
1209
|
#
|
1210
1210
|
# @!attribute [rw] scope
|
@@ -1215,7 +1215,7 @@ module Aws::WAFV2
|
|
1215
1215
|
# To work with CloudFront, you must also specify the Region US East
|
1216
1216
|
# (N. Virginia) as follows:
|
1217
1217
|
#
|
1218
|
-
# * CLI - Specify the
|
1218
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
1219
1219
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
1220
1220
|
#
|
1221
1221
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -1240,8 +1240,8 @@ module Aws::WAFV2
|
|
1240
1240
|
# @return [Integer]
|
1241
1241
|
#
|
1242
1242
|
# @!attribute [rw] description
|
1243
|
-
# A
|
1244
|
-
# description of a rule group after you create it.
|
1243
|
+
# A description of the rule group that helps with identification. You
|
1244
|
+
# cannot change the description of a rule group after you create it.
|
1245
1245
|
# @return [String]
|
1246
1246
|
#
|
1247
1247
|
# @!attribute [rw] rules
|
@@ -1526,8 +1526,8 @@ module Aws::WAFV2
|
|
1526
1526
|
# }
|
1527
1527
|
#
|
1528
1528
|
# @!attribute [rw] name
|
1529
|
-
#
|
1530
|
-
#
|
1529
|
+
# The name of the Web ACL. You cannot change the name of a Web ACL
|
1530
|
+
# after you create it.
|
1531
1531
|
# @return [String]
|
1532
1532
|
#
|
1533
1533
|
# @!attribute [rw] scope
|
@@ -1538,7 +1538,7 @@ module Aws::WAFV2
|
|
1538
1538
|
# To work with CloudFront, you must also specify the Region US East
|
1539
1539
|
# (N. Virginia) as follows:
|
1540
1540
|
#
|
1541
|
-
# * CLI - Specify the
|
1541
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
1542
1542
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
1543
1543
|
#
|
1544
1544
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -1550,8 +1550,8 @@ module Aws::WAFV2
|
|
1550
1550
|
# @return [Types::DefaultAction]
|
1551
1551
|
#
|
1552
1552
|
# @!attribute [rw] description
|
1553
|
-
# A
|
1554
|
-
# description of a Web ACL after you create it.
|
1553
|
+
# A description of the Web ACL that helps with identification. You
|
1554
|
+
# cannot change the description of a Web ACL after you create it.
|
1555
1555
|
# @return [String]
|
1556
1556
|
#
|
1557
1557
|
# @!attribute [rw] rules
|
@@ -1638,6 +1638,57 @@ module Aws::WAFV2
|
|
1638
1638
|
include Aws::Structure
|
1639
1639
|
end
|
1640
1640
|
|
1641
|
+
# @note When making an API call, you may pass DeleteFirewallManagerRuleGroupsRequest
|
1642
|
+
# data as a hash:
|
1643
|
+
#
|
1644
|
+
# {
|
1645
|
+
# web_acl_arn: "ResourceArn", # required
|
1646
|
+
# web_acl_lock_token: "LockToken", # required
|
1647
|
+
# }
|
1648
|
+
#
|
1649
|
+
# @!attribute [rw] web_acl_arn
|
1650
|
+
# The Amazon Resource Name (ARN) of the web ACL.
|
1651
|
+
# @return [String]
|
1652
|
+
#
|
1653
|
+
# @!attribute [rw] web_acl_lock_token
|
1654
|
+
# A token used for optimistic locking. AWS WAF returns a token to your
|
1655
|
+
# get and list requests, to mark the state of the entity at the time
|
1656
|
+
# of the request. To make changes to the entity associated with the
|
1657
|
+
# token, you provide the token to operations like update and delete.
|
1658
|
+
# AWS WAF uses the token to ensure that no changes have been made to
|
1659
|
+
# the entity since you last retrieved it. If a change has been made,
|
1660
|
+
# the update fails with a `WAFOptimisticLockException`. If this
|
1661
|
+
# happens, perform another get, and use the new token returned by that
|
1662
|
+
# operation.
|
1663
|
+
# @return [String]
|
1664
|
+
#
|
1665
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteFirewallManagerRuleGroupsRequest AWS API Documentation
|
1666
|
+
#
|
1667
|
+
class DeleteFirewallManagerRuleGroupsRequest < Struct.new(
|
1668
|
+
:web_acl_arn,
|
1669
|
+
:web_acl_lock_token)
|
1670
|
+
include Aws::Structure
|
1671
|
+
end
|
1672
|
+
|
1673
|
+
# @!attribute [rw] next_web_acl_lock_token
|
1674
|
+
# A token used for optimistic locking. AWS WAF returns a token to your
|
1675
|
+
# get and list requests, to mark the state of the entity at the time
|
1676
|
+
# of the request. To make changes to the entity associated with the
|
1677
|
+
# token, you provide the token to operations like update and delete.
|
1678
|
+
# AWS WAF uses the token to ensure that no changes have been made to
|
1679
|
+
# the entity since you last retrieved it. If a change has been made,
|
1680
|
+
# the update fails with a `WAFOptimisticLockException`. If this
|
1681
|
+
# happens, perform another get, and use the new token returned by that
|
1682
|
+
# operation.
|
1683
|
+
# @return [String]
|
1684
|
+
#
|
1685
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteFirewallManagerRuleGroupsResponse AWS API Documentation
|
1686
|
+
#
|
1687
|
+
class DeleteFirewallManagerRuleGroupsResponse < Struct.new(
|
1688
|
+
:next_web_acl_lock_token)
|
1689
|
+
include Aws::Structure
|
1690
|
+
end
|
1691
|
+
|
1641
1692
|
# @note When making an API call, you may pass DeleteIPSetRequest
|
1642
1693
|
# data as a hash:
|
1643
1694
|
#
|
@@ -1649,8 +1700,8 @@ module Aws::WAFV2
|
|
1649
1700
|
# }
|
1650
1701
|
#
|
1651
1702
|
# @!attribute [rw] name
|
1652
|
-
#
|
1653
|
-
#
|
1703
|
+
# The name of the IP set. You cannot change the name of an `IPSet`
|
1704
|
+
# after you create it.
|
1654
1705
|
# @return [String]
|
1655
1706
|
#
|
1656
1707
|
# @!attribute [rw] scope
|
@@ -1661,7 +1712,7 @@ module Aws::WAFV2
|
|
1661
1712
|
# To work with CloudFront, you must also specify the Region US East
|
1662
1713
|
# (N. Virginia) as follows:
|
1663
1714
|
#
|
1664
|
-
# * CLI - Specify the
|
1715
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
1665
1716
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
1666
1717
|
#
|
1667
1718
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -1722,6 +1773,31 @@ module Aws::WAFV2
|
|
1722
1773
|
#
|
1723
1774
|
class DeleteLoggingConfigurationResponse < Aws::EmptyStructure; end
|
1724
1775
|
|
1776
|
+
# @note When making an API call, you may pass DeletePermissionPolicyRequest
|
1777
|
+
# data as a hash:
|
1778
|
+
#
|
1779
|
+
# {
|
1780
|
+
# resource_arn: "ResourceArn", # required
|
1781
|
+
# }
|
1782
|
+
#
|
1783
|
+
# @!attribute [rw] resource_arn
|
1784
|
+
# The Amazon Resource Name (ARN) of the rule group from which you want
|
1785
|
+
# to delete the policy.
|
1786
|
+
#
|
1787
|
+
# You must be the owner of the rule group to perform this operation.
|
1788
|
+
# @return [String]
|
1789
|
+
#
|
1790
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeletePermissionPolicyRequest AWS API Documentation
|
1791
|
+
#
|
1792
|
+
class DeletePermissionPolicyRequest < Struct.new(
|
1793
|
+
:resource_arn)
|
1794
|
+
include Aws::Structure
|
1795
|
+
end
|
1796
|
+
|
1797
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeletePermissionPolicyResponse AWS API Documentation
|
1798
|
+
#
|
1799
|
+
class DeletePermissionPolicyResponse < Aws::EmptyStructure; end
|
1800
|
+
|
1725
1801
|
# @note When making an API call, you may pass DeleteRegexPatternSetRequest
|
1726
1802
|
# data as a hash:
|
1727
1803
|
#
|
@@ -1733,8 +1809,8 @@ module Aws::WAFV2
|
|
1733
1809
|
# }
|
1734
1810
|
#
|
1735
1811
|
# @!attribute [rw] name
|
1736
|
-
#
|
1737
|
-
#
|
1812
|
+
# The name of the set. You cannot change the name after you create the
|
1813
|
+
# set.
|
1738
1814
|
# @return [String]
|
1739
1815
|
#
|
1740
1816
|
# @!attribute [rw] scope
|
@@ -1745,7 +1821,7 @@ module Aws::WAFV2
|
|
1745
1821
|
# To work with CloudFront, you must also specify the Region US East
|
1746
1822
|
# (N. Virginia) as follows:
|
1747
1823
|
#
|
1748
|
-
# * CLI - Specify the
|
1824
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
1749
1825
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
1750
1826
|
#
|
1751
1827
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -1794,8 +1870,8 @@ module Aws::WAFV2
|
|
1794
1870
|
# }
|
1795
1871
|
#
|
1796
1872
|
# @!attribute [rw] name
|
1797
|
-
#
|
1798
|
-
#
|
1873
|
+
# The name of the rule group. You cannot change the name of a rule
|
1874
|
+
# group after you create it.
|
1799
1875
|
# @return [String]
|
1800
1876
|
#
|
1801
1877
|
# @!attribute [rw] scope
|
@@ -1806,7 +1882,7 @@ module Aws::WAFV2
|
|
1806
1882
|
# To work with CloudFront, you must also specify the Region US East
|
1807
1883
|
# (N. Virginia) as follows:
|
1808
1884
|
#
|
1809
|
-
# * CLI - Specify the
|
1885
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
1810
1886
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
1811
1887
|
#
|
1812
1888
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -1855,8 +1931,8 @@ module Aws::WAFV2
|
|
1855
1931
|
# }
|
1856
1932
|
#
|
1857
1933
|
# @!attribute [rw] name
|
1858
|
-
#
|
1859
|
-
#
|
1934
|
+
# The name of the Web ACL. You cannot change the name of a Web ACL
|
1935
|
+
# after you create it.
|
1860
1936
|
# @return [String]
|
1861
1937
|
#
|
1862
1938
|
# @!attribute [rw] scope
|
@@ -1867,7 +1943,7 @@ module Aws::WAFV2
|
|
1867
1943
|
# To work with CloudFront, you must also specify the Region US East
|
1868
1944
|
# (N. Virginia) as follows:
|
1869
1945
|
#
|
1870
|
-
# * CLI - Specify the
|
1946
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
1871
1947
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
1872
1948
|
#
|
1873
1949
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -1932,7 +2008,7 @@ module Aws::WAFV2
|
|
1932
2008
|
# To work with CloudFront, you must also specify the Region US East
|
1933
2009
|
# (N. Virginia) as follows:
|
1934
2010
|
#
|
1935
|
-
# * CLI - Specify the
|
2011
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
1936
2012
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
1937
2013
|
#
|
1938
2014
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -2042,8 +2118,11 @@ module Aws::WAFV2
|
|
2042
2118
|
# </note>
|
2043
2119
|
#
|
2044
2120
|
# The part of a web request that you want AWS WAF to inspect. Include
|
2045
|
-
# the `FieldToMatch`
|
2046
|
-
# specifications as needed, according to the type.
|
2121
|
+
# the single `FieldToMatch` type that you want to inspect, with
|
2122
|
+
# additional specifications as needed, according to the type. You
|
2123
|
+
# specify a single request component in `FieldToMatch` for each rule
|
2124
|
+
# statement that requires it. To inspect more than one component of a
|
2125
|
+
# web request, create a separate rule statement for each component.
|
2047
2126
|
#
|
2048
2127
|
#
|
2049
2128
|
#
|
@@ -2135,6 +2214,128 @@ module Aws::WAFV2
|
|
2135
2214
|
include Aws::Structure
|
2136
2215
|
end
|
2137
2216
|
|
2217
|
+
# A rule group that's defined for an AWS Firewall Manager WAF policy.
|
2218
|
+
#
|
2219
|
+
# @!attribute [rw] name
|
2220
|
+
# The name of the rule group. You cannot change the name of a rule
|
2221
|
+
# group after you create it.
|
2222
|
+
# @return [String]
|
2223
|
+
#
|
2224
|
+
# @!attribute [rw] priority
|
2225
|
+
# If you define more than one rule group in the first or last Firewall
|
2226
|
+
# Manager rule groups, AWS WAF evaluates each request against the rule
|
2227
|
+
# groups in order, starting from the lowest priority setting. The
|
2228
|
+
# priorities don't need to be consecutive, but they must all be
|
2229
|
+
# different.
|
2230
|
+
# @return [Integer]
|
2231
|
+
#
|
2232
|
+
# @!attribute [rw] firewall_manager_statement
|
2233
|
+
# The processing guidance for an AWS Firewall Manager rule. This is
|
2234
|
+
# like a regular rule Statement, but it can only contain a rule group
|
2235
|
+
# reference.
|
2236
|
+
# @return [Types::FirewallManagerStatement]
|
2237
|
+
#
|
2238
|
+
# @!attribute [rw] override_action
|
2239
|
+
# The override action to apply to the rules in a rule group. Used only
|
2240
|
+
# for rule statements that reference a rule group, like
|
2241
|
+
# `RuleGroupReferenceStatement` and `ManagedRuleGroupStatement`.
|
2242
|
+
#
|
2243
|
+
# Set the override action to none to leave the rule actions in effect.
|
2244
|
+
# Set it to count to only count matches, regardless of the rule action
|
2245
|
+
# settings.
|
2246
|
+
#
|
2247
|
+
# In a Rule, you must specify either this `OverrideAction` setting or
|
2248
|
+
# the rule `Action` setting, but not both:
|
2249
|
+
#
|
2250
|
+
# * If the rule statement references a rule group, use this override
|
2251
|
+
# action setting and not the action setting.
|
2252
|
+
#
|
2253
|
+
# * If the rule statement does not reference a rule group, use the
|
2254
|
+
# rule action setting and not this rule override action setting.
|
2255
|
+
# @return [Types::OverrideAction]
|
2256
|
+
#
|
2257
|
+
# @!attribute [rw] visibility_config
|
2258
|
+
# <note markdown="1"> This is the latest version of **AWS WAF**, named AWS WAFV2, released
|
2259
|
+
# in November, 2019. For information, including how to migrate your
|
2260
|
+
# AWS WAF resources from the prior release, see the [AWS WAF Developer
|
2261
|
+
# Guide][1].
|
2262
|
+
#
|
2263
|
+
# </note>
|
2264
|
+
#
|
2265
|
+
# Defines and enables Amazon CloudWatch metrics and web request sample
|
2266
|
+
# collection.
|
2267
|
+
#
|
2268
|
+
#
|
2269
|
+
#
|
2270
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
2271
|
+
# @return [Types::VisibilityConfig]
|
2272
|
+
#
|
2273
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/FirewallManagerRuleGroup AWS API Documentation
|
2274
|
+
#
|
2275
|
+
class FirewallManagerRuleGroup < Struct.new(
|
2276
|
+
:name,
|
2277
|
+
:priority,
|
2278
|
+
:firewall_manager_statement,
|
2279
|
+
:override_action,
|
2280
|
+
:visibility_config)
|
2281
|
+
include Aws::Structure
|
2282
|
+
end
|
2283
|
+
|
2284
|
+
# The processing guidance for an AWS Firewall Manager rule. This is like
|
2285
|
+
# a regular rule Statement, but it can only contain a rule group
|
2286
|
+
# reference.
|
2287
|
+
#
|
2288
|
+
# @!attribute [rw] managed_rule_group_statement
|
2289
|
+
# <note markdown="1"> This is the latest version of **AWS WAF**, named AWS WAFV2, released
|
2290
|
+
# in November, 2019. For information, including how to migrate your
|
2291
|
+
# AWS WAF resources from the prior release, see the [AWS WAF Developer
|
2292
|
+
# Guide][1].
|
2293
|
+
#
|
2294
|
+
# </note>
|
2295
|
+
#
|
2296
|
+
# A rule statement used to run the rules that are defined in a managed
|
2297
|
+
# rule group. To use this, provide the vendor name and the name of the
|
2298
|
+
# rule group in this statement. You can retrieve the required names by
|
2299
|
+
# calling ListAvailableManagedRuleGroups.
|
2300
|
+
#
|
2301
|
+
# You can't nest a `ManagedRuleGroupStatement`, for example for use
|
2302
|
+
# inside a `NotStatement` or `OrStatement`. It can only be referenced
|
2303
|
+
# as a top-level statement within a rule.
|
2304
|
+
#
|
2305
|
+
#
|
2306
|
+
#
|
2307
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
2308
|
+
# @return [Types::ManagedRuleGroupStatement]
|
2309
|
+
#
|
2310
|
+
# @!attribute [rw] rule_group_reference_statement
|
2311
|
+
# <note markdown="1"> This is the latest version of **AWS WAF**, named AWS WAFV2, released
|
2312
|
+
# in November, 2019. For information, including how to migrate your
|
2313
|
+
# AWS WAF resources from the prior release, see the [AWS WAF Developer
|
2314
|
+
# Guide][1].
|
2315
|
+
#
|
2316
|
+
# </note>
|
2317
|
+
#
|
2318
|
+
# A rule statement used to run the rules that are defined in a
|
2319
|
+
# RuleGroup. To use this, create a rule group with your rules, then
|
2320
|
+
# provide the ARN of the rule group in this statement.
|
2321
|
+
#
|
2322
|
+
# You cannot nest a `RuleGroupReferenceStatement`, for example for use
|
2323
|
+
# inside a `NotStatement` or `OrStatement`. It can only be referenced
|
2324
|
+
# as a top-level statement within a rule.
|
2325
|
+
#
|
2326
|
+
#
|
2327
|
+
#
|
2328
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
2329
|
+
# @return [Types::RuleGroupReferenceStatement]
|
2330
|
+
#
|
2331
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/FirewallManagerStatement AWS API Documentation
|
2332
|
+
#
|
2333
|
+
class FirewallManagerStatement < Struct.new(
|
2334
|
+
:managed_rule_group_statement,
|
2335
|
+
:rule_group_reference_statement)
|
2336
|
+
include Aws::Structure
|
2337
|
+
end
|
2338
|
+
|
2138
2339
|
# <note markdown="1"> This is the latest version of **AWS WAF**, named AWS WAFV2, released
|
2139
2340
|
# in November, 2019. For information, including how to migrate your AWS
|
2140
2341
|
# WAF resources from the prior release, see the [AWS WAF Developer
|
@@ -2179,8 +2380,8 @@ module Aws::WAFV2
|
|
2179
2380
|
# }
|
2180
2381
|
#
|
2181
2382
|
# @!attribute [rw] name
|
2182
|
-
#
|
2183
|
-
#
|
2383
|
+
# The name of the IP set. You cannot change the name of an `IPSet`
|
2384
|
+
# after you create it.
|
2184
2385
|
# @return [String]
|
2185
2386
|
#
|
2186
2387
|
# @!attribute [rw] scope
|
@@ -2191,7 +2392,7 @@ module Aws::WAFV2
|
|
2191
2392
|
# To work with CloudFront, you must also specify the Region US East
|
2192
2393
|
# (N. Virginia) as follows:
|
2193
2394
|
#
|
2194
|
-
# * CLI - Specify the
|
2395
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
2195
2396
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
2196
2397
|
#
|
2197
2398
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -2265,6 +2466,36 @@ module Aws::WAFV2
|
|
2265
2466
|
include Aws::Structure
|
2266
2467
|
end
|
2267
2468
|
|
2469
|
+
# @note When making an API call, you may pass GetPermissionPolicyRequest
|
2470
|
+
# data as a hash:
|
2471
|
+
#
|
2472
|
+
# {
|
2473
|
+
# resource_arn: "ResourceArn", # required
|
2474
|
+
# }
|
2475
|
+
#
|
2476
|
+
# @!attribute [rw] resource_arn
|
2477
|
+
# The Amazon Resource Name (ARN) of the rule group for which you want
|
2478
|
+
# to get the policy.
|
2479
|
+
# @return [String]
|
2480
|
+
#
|
2481
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetPermissionPolicyRequest AWS API Documentation
|
2482
|
+
#
|
2483
|
+
class GetPermissionPolicyRequest < Struct.new(
|
2484
|
+
:resource_arn)
|
2485
|
+
include Aws::Structure
|
2486
|
+
end
|
2487
|
+
|
2488
|
+
# @!attribute [rw] policy
|
2489
|
+
# The IAM policy that is attached to the specified rule group.
|
2490
|
+
# @return [String]
|
2491
|
+
#
|
2492
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetPermissionPolicyResponse AWS API Documentation
|
2493
|
+
#
|
2494
|
+
class GetPermissionPolicyResponse < Struct.new(
|
2495
|
+
:policy)
|
2496
|
+
include Aws::Structure
|
2497
|
+
end
|
2498
|
+
|
2268
2499
|
# @note When making an API call, you may pass GetRateBasedStatementManagedKeysRequest
|
2269
2500
|
# data as a hash:
|
2270
2501
|
#
|
@@ -2283,15 +2514,15 @@ module Aws::WAFV2
|
|
2283
2514
|
# To work with CloudFront, you must also specify the Region US East
|
2284
2515
|
# (N. Virginia) as follows:
|
2285
2516
|
#
|
2286
|
-
# * CLI - Specify the
|
2517
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
2287
2518
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
2288
2519
|
#
|
2289
2520
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
2290
2521
|
# @return [String]
|
2291
2522
|
#
|
2292
2523
|
# @!attribute [rw] web_acl_name
|
2293
|
-
#
|
2294
|
-
#
|
2524
|
+
# The name of the Web ACL. You cannot change the name of a Web ACL
|
2525
|
+
# after you create it.
|
2295
2526
|
# @return [String]
|
2296
2527
|
#
|
2297
2528
|
# @!attribute [rw] web_acl_id
|
@@ -2340,8 +2571,8 @@ module Aws::WAFV2
|
|
2340
2571
|
# }
|
2341
2572
|
#
|
2342
2573
|
# @!attribute [rw] name
|
2343
|
-
#
|
2344
|
-
#
|
2574
|
+
# The name of the set. You cannot change the name after you create the
|
2575
|
+
# set.
|
2345
2576
|
# @return [String]
|
2346
2577
|
#
|
2347
2578
|
# @!attribute [rw] scope
|
@@ -2352,7 +2583,7 @@ module Aws::WAFV2
|
|
2352
2583
|
# To work with CloudFront, you must also specify the Region US East
|
2353
2584
|
# (N. Virginia) as follows:
|
2354
2585
|
#
|
2355
|
-
# * CLI - Specify the
|
2586
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
2356
2587
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
2357
2588
|
#
|
2358
2589
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -2406,8 +2637,8 @@ module Aws::WAFV2
|
|
2406
2637
|
# }
|
2407
2638
|
#
|
2408
2639
|
# @!attribute [rw] name
|
2409
|
-
#
|
2410
|
-
#
|
2640
|
+
# The name of the rule group. You cannot change the name of a rule
|
2641
|
+
# group after you create it.
|
2411
2642
|
# @return [String]
|
2412
2643
|
#
|
2413
2644
|
# @!attribute [rw] scope
|
@@ -2418,7 +2649,7 @@ module Aws::WAFV2
|
|
2418
2649
|
# To work with CloudFront, you must also specify the Region US East
|
2419
2650
|
# (N. Virginia) as follows:
|
2420
2651
|
#
|
2421
|
-
# * CLI - Specify the
|
2652
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
2422
2653
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
2423
2654
|
#
|
2424
2655
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -2494,7 +2725,7 @@ module Aws::WAFV2
|
|
2494
2725
|
# To work with CloudFront, you must also specify the Region US East
|
2495
2726
|
# (N. Virginia) as follows:
|
2496
2727
|
#
|
2497
|
-
# * CLI - Specify the
|
2728
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
2498
2729
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
2499
2730
|
#
|
2500
2731
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -2596,8 +2827,8 @@ module Aws::WAFV2
|
|
2596
2827
|
# }
|
2597
2828
|
#
|
2598
2829
|
# @!attribute [rw] name
|
2599
|
-
#
|
2600
|
-
#
|
2830
|
+
# The name of the Web ACL. You cannot change the name of a Web ACL
|
2831
|
+
# after you create it.
|
2601
2832
|
# @return [String]
|
2602
2833
|
#
|
2603
2834
|
# @!attribute [rw] scope
|
@@ -2608,7 +2839,7 @@ module Aws::WAFV2
|
|
2608
2839
|
# To work with CloudFront, you must also specify the Region US East
|
2609
2840
|
# (N. Virginia) as follows:
|
2610
2841
|
#
|
2611
|
-
# * CLI - Specify the
|
2842
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
2612
2843
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
2613
2844
|
#
|
2614
2845
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -2776,8 +3007,8 @@ module Aws::WAFV2
|
|
2776
3007
|
# [2]: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
|
2777
3008
|
#
|
2778
3009
|
# @!attribute [rw] name
|
2779
|
-
#
|
2780
|
-
#
|
3010
|
+
# The name of the IP set. You cannot change the name of an `IPSet`
|
3011
|
+
# after you create it.
|
2781
3012
|
# @return [String]
|
2782
3013
|
#
|
2783
3014
|
# @!attribute [rw] id
|
@@ -2791,8 +3022,8 @@ module Aws::WAFV2
|
|
2791
3022
|
# @return [String]
|
2792
3023
|
#
|
2793
3024
|
# @!attribute [rw] description
|
2794
|
-
# A
|
2795
|
-
# description of an IP set after you create it.
|
3025
|
+
# A description of the IP set that helps with identification. You
|
3026
|
+
# cannot change the description of an IP set after you create it.
|
2796
3027
|
# @return [String]
|
2797
3028
|
#
|
2798
3029
|
# @!attribute [rw] ip_address_version
|
@@ -2903,8 +3134,8 @@ module Aws::WAFV2
|
|
2903
3134
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
2904
3135
|
#
|
2905
3136
|
# @!attribute [rw] name
|
2906
|
-
#
|
2907
|
-
#
|
3137
|
+
# The name of the IP set. You cannot change the name of an `IPSet`
|
3138
|
+
# after you create it.
|
2908
3139
|
# @return [String]
|
2909
3140
|
#
|
2910
3141
|
# @!attribute [rw] id
|
@@ -2914,8 +3145,8 @@ module Aws::WAFV2
|
|
2914
3145
|
# @return [String]
|
2915
3146
|
#
|
2916
3147
|
# @!attribute [rw] description
|
2917
|
-
# A
|
2918
|
-
# description of an IP set after you create it.
|
3148
|
+
# A description of the IP set that helps with identification. You
|
3149
|
+
# cannot change the description of an IP set after you create it.
|
2919
3150
|
# @return [String]
|
2920
3151
|
#
|
2921
3152
|
# @!attribute [rw] lock_token
|
@@ -2962,7 +3193,7 @@ module Aws::WAFV2
|
|
2962
3193
|
# To work with CloudFront, you must also specify the Region US East
|
2963
3194
|
# (N. Virginia) as follows:
|
2964
3195
|
#
|
2965
|
-
# * CLI - Specify the
|
3196
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
2966
3197
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
2967
3198
|
#
|
2968
3199
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -3028,7 +3259,7 @@ module Aws::WAFV2
|
|
3028
3259
|
# To work with CloudFront, you must also specify the Region US East
|
3029
3260
|
# (N. Virginia) as follows:
|
3030
3261
|
#
|
3031
|
-
# * CLI - Specify the
|
3262
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
3032
3263
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
3033
3264
|
#
|
3034
3265
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -3096,7 +3327,7 @@ module Aws::WAFV2
|
|
3096
3327
|
# To work with CloudFront, you must also specify the Region US East
|
3097
3328
|
# (N. Virginia) as follows:
|
3098
3329
|
#
|
3099
|
-
# * CLI - Specify the
|
3330
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
3100
3331
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
3101
3332
|
#
|
3102
3333
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -3162,7 +3393,7 @@ module Aws::WAFV2
|
|
3162
3393
|
# To work with CloudFront, you must also specify the Region US East
|
3163
3394
|
# (N. Virginia) as follows:
|
3164
3395
|
#
|
3165
|
-
# * CLI - Specify the
|
3396
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
3166
3397
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
3167
3398
|
#
|
3168
3399
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -3266,7 +3497,7 @@ module Aws::WAFV2
|
|
3266
3497
|
# To work with CloudFront, you must also specify the Region US East
|
3267
3498
|
# (N. Virginia) as follows:
|
3268
3499
|
#
|
3269
|
-
# * CLI - Specify the
|
3500
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
3270
3501
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
3271
3502
|
#
|
3272
3503
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -3389,7 +3620,7 @@ module Aws::WAFV2
|
|
3389
3620
|
# To work with CloudFront, you must also specify the Region US East
|
3390
3621
|
# (N. Virginia) as follows:
|
3391
3622
|
#
|
3392
|
-
# * CLI - Specify the
|
3623
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
3393
3624
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
3394
3625
|
#
|
3395
3626
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -4089,21 +4320,22 @@ module Aws::WAFV2
|
|
4089
4320
|
include Aws::Structure
|
4090
4321
|
end
|
4091
4322
|
|
4092
|
-
#
|
4093
|
-
#
|
4094
|
-
#
|
4095
|
-
# Guide][1].
|
4096
|
-
#
|
4097
|
-
# </note>
|
4323
|
+
# The override action to apply to the rules in a rule group. Used only
|
4324
|
+
# for rule statements that reference a rule group, like
|
4325
|
+
# `RuleGroupReferenceStatement` and `ManagedRuleGroupStatement`.
|
4098
4326
|
#
|
4099
|
-
#
|
4100
|
-
#
|
4101
|
-
#
|
4102
|
-
# counts the match.
|
4327
|
+
# Set the override action to none to leave the rule actions in effect.
|
4328
|
+
# Set it to count to only count matches, regardless of the rule action
|
4329
|
+
# settings.
|
4103
4330
|
#
|
4331
|
+
# In a Rule, you must specify either this `OverrideAction` setting or
|
4332
|
+
# the rule `Action` setting, but not both:
|
4104
4333
|
#
|
4334
|
+
# * If the rule statement references a rule group, use this override
|
4335
|
+
# action setting and not the action setting.
|
4105
4336
|
#
|
4106
|
-
#
|
4337
|
+
# * If the rule statement does not reference a rule group, use the rule
|
4338
|
+
# action setting and not this rule override action setting.
|
4107
4339
|
#
|
4108
4340
|
# @note When making an API call, you may pass OverrideAction
|
4109
4341
|
# data as a hash:
|
@@ -4181,6 +4413,57 @@ module Aws::WAFV2
|
|
4181
4413
|
include Aws::Structure
|
4182
4414
|
end
|
4183
4415
|
|
4416
|
+
# @note When making an API call, you may pass PutPermissionPolicyRequest
|
4417
|
+
# data as a hash:
|
4418
|
+
#
|
4419
|
+
# {
|
4420
|
+
# resource_arn: "ResourceArn", # required
|
4421
|
+
# policy: "PolicyString", # required
|
4422
|
+
# }
|
4423
|
+
#
|
4424
|
+
# @!attribute [rw] resource_arn
|
4425
|
+
# The Amazon Resource Name (ARN) of the RuleGroup to which you want to
|
4426
|
+
# attach the policy.
|
4427
|
+
# @return [String]
|
4428
|
+
#
|
4429
|
+
# @!attribute [rw] policy
|
4430
|
+
# The policy to attach to the specified rule group.
|
4431
|
+
#
|
4432
|
+
# The policy specifications must conform to the following:
|
4433
|
+
#
|
4434
|
+
# * The policy must be composed using IAM Policy version 2012-10-17 or
|
4435
|
+
# version 2015-01-01.
|
4436
|
+
#
|
4437
|
+
# * The policy must include specifications for `Effect`, `Action`, and
|
4438
|
+
# `Principal`.
|
4439
|
+
#
|
4440
|
+
# * `Effect` must specify `Allow`.
|
4441
|
+
#
|
4442
|
+
# * `Action` must specify `wafv2:CreateWebACL`, `wafv2:UpdateWebACL`,
|
4443
|
+
# and `wafv2:PutFirewallManagerRuleGroups`. AWS WAF rejects any
|
4444
|
+
# extra actions or wildcard actions in the policy.
|
4445
|
+
#
|
4446
|
+
# * The policy must not include a `Resource` parameter.
|
4447
|
+
#
|
4448
|
+
# For more information, see [IAM Policies][1].
|
4449
|
+
#
|
4450
|
+
#
|
4451
|
+
#
|
4452
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
|
4453
|
+
# @return [String]
|
4454
|
+
#
|
4455
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/PutPermissionPolicyRequest AWS API Documentation
|
4456
|
+
#
|
4457
|
+
class PutPermissionPolicyRequest < Struct.new(
|
4458
|
+
:resource_arn,
|
4459
|
+
:policy)
|
4460
|
+
include Aws::Structure
|
4461
|
+
end
|
4462
|
+
|
4463
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/PutPermissionPolicyResponse AWS API Documentation
|
4464
|
+
#
|
4465
|
+
class PutPermissionPolicyResponse < Aws::EmptyStructure; end
|
4466
|
+
|
4184
4467
|
# <note markdown="1"> This is the latest version of **AWS WAF**, named AWS WAFV2, released
|
4185
4468
|
# in November, 2019. For information, including how to migrate your AWS
|
4186
4469
|
# WAF resources from the prior release, see the [AWS WAF Developer
|
@@ -4548,8 +4831,8 @@ module Aws::WAFV2
|
|
4548
4831
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
4549
4832
|
#
|
4550
4833
|
# @!attribute [rw] name
|
4551
|
-
#
|
4552
|
-
#
|
4834
|
+
# The name of the set. You cannot change the name after you create the
|
4835
|
+
# set.
|
4553
4836
|
# @return [String]
|
4554
4837
|
#
|
4555
4838
|
# @!attribute [rw] id
|
@@ -4563,8 +4846,8 @@ module Aws::WAFV2
|
|
4563
4846
|
# @return [String]
|
4564
4847
|
#
|
4565
4848
|
# @!attribute [rw] description
|
4566
|
-
# A
|
4567
|
-
# of a set after you create it.
|
4849
|
+
# A description of the set that helps with identification. You cannot
|
4850
|
+
# change the description of a set after you create it.
|
4568
4851
|
# @return [String]
|
4569
4852
|
#
|
4570
4853
|
# @!attribute [rw] regular_expression_list
|
@@ -4651,9 +4934,9 @@ module Aws::WAFV2
|
|
4651
4934
|
# Text transformations eliminate some of the unusual formatting that
|
4652
4935
|
# attackers use in web requests in an effort to bypass detection. If
|
4653
4936
|
# you specify one or more transformations in a rule statement, AWS WAF
|
4654
|
-
# performs all transformations on the content
|
4655
|
-
# `FieldToMatch`, starting from the lowest priority
|
4656
|
-
# inspecting the content for a match.
|
4937
|
+
# performs all transformations on the content of the request component
|
4938
|
+
# identified by `FieldToMatch`, starting from the lowest priority
|
4939
|
+
# setting, before inspecting the content for a match.
|
4657
4940
|
# @return [Array<Types::TextTransformation>]
|
4658
4941
|
#
|
4659
4942
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RegexPatternSetReferenceStatement AWS API Documentation
|
@@ -4683,8 +4966,8 @@ module Aws::WAFV2
|
|
4683
4966
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
4684
4967
|
#
|
4685
4968
|
# @!attribute [rw] name
|
4686
|
-
#
|
4687
|
-
#
|
4969
|
+
# The name of the data type instance. You cannot change the name after
|
4970
|
+
# you create the instance.
|
4688
4971
|
# @return [String]
|
4689
4972
|
#
|
4690
4973
|
# @!attribute [rw] id
|
@@ -4694,8 +4977,8 @@ module Aws::WAFV2
|
|
4694
4977
|
# @return [String]
|
4695
4978
|
#
|
4696
4979
|
# @!attribute [rw] description
|
4697
|
-
# A
|
4698
|
-
# of a set after you create it.
|
4980
|
+
# A description of the set that helps with identification. You cannot
|
4981
|
+
# change the description of a set after you create it.
|
4699
4982
|
# @return [String]
|
4700
4983
|
#
|
4701
4984
|
# @!attribute [rw] lock_token
|
@@ -4956,8 +5239,8 @@ module Aws::WAFV2
|
|
4956
5239
|
# }
|
4957
5240
|
#
|
4958
5241
|
# @!attribute [rw] name
|
4959
|
-
#
|
4960
|
-
#
|
5242
|
+
# The name of the rule. You can't change the name of a `Rule` after
|
5243
|
+
# you create it.
|
4961
5244
|
# @return [String]
|
4962
5245
|
#
|
4963
5246
|
# @!attribute [rw] priority
|
@@ -4975,15 +5258,40 @@ module Aws::WAFV2
|
|
4975
5258
|
#
|
4976
5259
|
# @!attribute [rw] action
|
4977
5260
|
# The action that AWS WAF should take on a web request when it matches
|
4978
|
-
# the rule
|
4979
|
-
#
|
5261
|
+
# the rule statement. Settings at the web ACL level can override the
|
5262
|
+
# rule action setting.
|
5263
|
+
#
|
5264
|
+
# This is used only for rules whose statements do not reference a rule
|
5265
|
+
# group. Rule statements that reference a rule group include
|
5266
|
+
# `RuleGroupReferenceStatement` and `ManagedRuleGroupStatement`.
|
5267
|
+
#
|
5268
|
+
# You must specify either this `Action` setting or the rule
|
5269
|
+
# `OverrideAction` setting, but not both:
|
5270
|
+
#
|
5271
|
+
# * If the rule statement does not reference a rule group, use this
|
5272
|
+
# rule action setting and not the rule override action setting.
|
5273
|
+
#
|
5274
|
+
# * If the rule statement references a rule group, use the override
|
5275
|
+
# action setting and not this action setting.
|
4980
5276
|
# @return [Types::RuleAction]
|
4981
5277
|
#
|
4982
5278
|
# @!attribute [rw] override_action
|
4983
|
-
# The action to
|
4984
|
-
#
|
4985
|
-
#
|
4986
|
-
#
|
5279
|
+
# The override action to apply to the rules in a rule group. Used only
|
5280
|
+
# for rule statements that reference a rule group, like
|
5281
|
+
# `RuleGroupReferenceStatement` and `ManagedRuleGroupStatement`.
|
5282
|
+
#
|
5283
|
+
# Set the override action to none to leave the rule actions in effect.
|
5284
|
+
# Set it to count to only count matches, regardless of the rule action
|
5285
|
+
# settings.
|
5286
|
+
#
|
5287
|
+
# In a Rule, you must specify either this `OverrideAction` setting or
|
5288
|
+
# the rule `Action` setting, but not both:
|
5289
|
+
#
|
5290
|
+
# * If the rule statement references a rule group, use this override
|
5291
|
+
# action setting and not the action setting.
|
5292
|
+
#
|
5293
|
+
# * If the rule statement does not reference a rule group, use the
|
5294
|
+
# rule action setting and not this rule override action setting.
|
4987
5295
|
# @return [Types::OverrideAction]
|
4988
5296
|
#
|
4989
5297
|
# @!attribute [rw] visibility_config
|
@@ -5069,8 +5377,8 @@ module Aws::WAFV2
|
|
5069
5377
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
5070
5378
|
#
|
5071
5379
|
# @!attribute [rw] name
|
5072
|
-
#
|
5073
|
-
#
|
5380
|
+
# The name of the rule group. You cannot change the name of a rule
|
5381
|
+
# group after you create it.
|
5074
5382
|
# @return [String]
|
5075
5383
|
#
|
5076
5384
|
# @!attribute [rw] id
|
@@ -5102,8 +5410,8 @@ module Aws::WAFV2
|
|
5102
5410
|
# @return [String]
|
5103
5411
|
#
|
5104
5412
|
# @!attribute [rw] description
|
5105
|
-
# A
|
5106
|
-
# description of a rule group after you create it.
|
5413
|
+
# A description of the rule group that helps with identification. You
|
5414
|
+
# cannot change the description of a rule group after you create it.
|
5107
5415
|
# @return [String]
|
5108
5416
|
#
|
5109
5417
|
# @!attribute [rw] rules
|
@@ -5197,8 +5505,8 @@ module Aws::WAFV2
|
|
5197
5505
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
5198
5506
|
#
|
5199
5507
|
# @!attribute [rw] name
|
5200
|
-
#
|
5201
|
-
#
|
5508
|
+
# The name of the data type instance. You cannot change the name after
|
5509
|
+
# you create the instance.
|
5202
5510
|
# @return [String]
|
5203
5511
|
#
|
5204
5512
|
# @!attribute [rw] id
|
@@ -5208,8 +5516,8 @@ module Aws::WAFV2
|
|
5208
5516
|
# @return [String]
|
5209
5517
|
#
|
5210
5518
|
# @!attribute [rw] description
|
5211
|
-
# A
|
5212
|
-
# description of a rule group after you create it.
|
5519
|
+
# A description of the rule group that helps with identification. You
|
5520
|
+
# cannot change the description of a rule group after you create it.
|
5213
5521
|
# @return [String]
|
5214
5522
|
#
|
5215
5523
|
# @!attribute [rw] lock_token
|
@@ -5486,9 +5794,9 @@ module Aws::WAFV2
|
|
5486
5794
|
# Text transformations eliminate some of the unusual formatting that
|
5487
5795
|
# attackers use in web requests in an effort to bypass detection. If
|
5488
5796
|
# you specify one or more transformations in a rule statement, AWS WAF
|
5489
|
-
# performs all transformations on the content
|
5490
|
-
# `FieldToMatch`, starting from the lowest priority
|
5491
|
-
# inspecting the content for a match.
|
5797
|
+
# performs all transformations on the content of the request component
|
5798
|
+
# identified by `FieldToMatch`, starting from the lowest priority
|
5799
|
+
# setting, before inspecting the content for a match.
|
5492
5800
|
# @return [Array<Types::TextTransformation>]
|
5493
5801
|
#
|
5494
5802
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/SizeConstraintStatement AWS API Documentation
|
@@ -5560,9 +5868,9 @@ module Aws::WAFV2
|
|
5560
5868
|
# Text transformations eliminate some of the unusual formatting that
|
5561
5869
|
# attackers use in web requests in an effort to bypass detection. If
|
5562
5870
|
# you specify one or more transformations in a rule statement, AWS WAF
|
5563
|
-
# performs all transformations on the content
|
5564
|
-
# `FieldToMatch`, starting from the lowest priority
|
5565
|
-
# inspecting the content for a match.
|
5871
|
+
# performs all transformations on the content of the request component
|
5872
|
+
# identified by `FieldToMatch`, starting from the lowest priority
|
5873
|
+
# setting, before inspecting the content for a match.
|
5566
5874
|
# @return [Array<Types::TextTransformation>]
|
5567
5875
|
#
|
5568
5876
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/SqliMatchStatement AWS API Documentation
|
@@ -6982,8 +7290,8 @@ module Aws::WAFV2
|
|
6982
7290
|
# }
|
6983
7291
|
#
|
6984
7292
|
# @!attribute [rw] name
|
6985
|
-
#
|
6986
|
-
#
|
7293
|
+
# The name of the IP set. You cannot change the name of an `IPSet`
|
7294
|
+
# after you create it.
|
6987
7295
|
# @return [String]
|
6988
7296
|
#
|
6989
7297
|
# @!attribute [rw] scope
|
@@ -6994,7 +7302,7 @@ module Aws::WAFV2
|
|
6994
7302
|
# To work with CloudFront, you must also specify the Region US East
|
6995
7303
|
# (N. Virginia) as follows:
|
6996
7304
|
#
|
6997
|
-
# * CLI - Specify the
|
7305
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
6998
7306
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
6999
7307
|
#
|
7000
7308
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -7007,8 +7315,8 @@ module Aws::WAFV2
|
|
7007
7315
|
# @return [String]
|
7008
7316
|
#
|
7009
7317
|
# @!attribute [rw] description
|
7010
|
-
# A
|
7011
|
-
# description of an IP set after you create it.
|
7318
|
+
# A description of the IP set that helps with identification. You
|
7319
|
+
# cannot change the description of an IP set after you create it.
|
7012
7320
|
# @return [String]
|
7013
7321
|
#
|
7014
7322
|
# @!attribute [rw] addresses
|
@@ -7100,8 +7408,8 @@ module Aws::WAFV2
|
|
7100
7408
|
# }
|
7101
7409
|
#
|
7102
7410
|
# @!attribute [rw] name
|
7103
|
-
#
|
7104
|
-
#
|
7411
|
+
# The name of the set. You cannot change the name after you create the
|
7412
|
+
# set.
|
7105
7413
|
# @return [String]
|
7106
7414
|
#
|
7107
7415
|
# @!attribute [rw] scope
|
@@ -7112,7 +7420,7 @@ module Aws::WAFV2
|
|
7112
7420
|
# To work with CloudFront, you must also specify the Region US East
|
7113
7421
|
# (N. Virginia) as follows:
|
7114
7422
|
#
|
7115
|
-
# * CLI - Specify the
|
7423
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
7116
7424
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
7117
7425
|
#
|
7118
7426
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -7125,8 +7433,8 @@ module Aws::WAFV2
|
|
7125
7433
|
# @return [String]
|
7126
7434
|
#
|
7127
7435
|
# @!attribute [rw] description
|
7128
|
-
# A
|
7129
|
-
# of a set after you create it.
|
7436
|
+
# A description of the set that helps with identification. You cannot
|
7437
|
+
# change the description of a set after you create it.
|
7130
7438
|
# @return [String]
|
7131
7439
|
#
|
7132
7440
|
# @!attribute [rw] regular_expression_list
|
@@ -7397,8 +7705,8 @@ module Aws::WAFV2
|
|
7397
7705
|
# }
|
7398
7706
|
#
|
7399
7707
|
# @!attribute [rw] name
|
7400
|
-
#
|
7401
|
-
#
|
7708
|
+
# The name of the rule group. You cannot change the name of a rule
|
7709
|
+
# group after you create it.
|
7402
7710
|
# @return [String]
|
7403
7711
|
#
|
7404
7712
|
# @!attribute [rw] scope
|
@@ -7409,7 +7717,7 @@ module Aws::WAFV2
|
|
7409
7717
|
# To work with CloudFront, you must also specify the Region US East
|
7410
7718
|
# (N. Virginia) as follows:
|
7411
7719
|
#
|
7412
|
-
# * CLI - Specify the
|
7720
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
7413
7721
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
7414
7722
|
#
|
7415
7723
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -7422,8 +7730,8 @@ module Aws::WAFV2
|
|
7422
7730
|
# @return [String]
|
7423
7731
|
#
|
7424
7732
|
# @!attribute [rw] description
|
7425
|
-
# A
|
7426
|
-
# description of a rule group after you create it.
|
7733
|
+
# A description of the rule group that helps with identification. You
|
7734
|
+
# cannot change the description of a rule group after you create it.
|
7427
7735
|
# @return [String]
|
7428
7736
|
#
|
7429
7737
|
# @!attribute [rw] rules
|
@@ -7710,8 +8018,8 @@ module Aws::WAFV2
|
|
7710
8018
|
# }
|
7711
8019
|
#
|
7712
8020
|
# @!attribute [rw] name
|
7713
|
-
#
|
7714
|
-
#
|
8021
|
+
# The name of the Web ACL. You cannot change the name of a Web ACL
|
8022
|
+
# after you create it.
|
7715
8023
|
# @return [String]
|
7716
8024
|
#
|
7717
8025
|
# @!attribute [rw] scope
|
@@ -7722,7 +8030,7 @@ module Aws::WAFV2
|
|
7722
8030
|
# To work with CloudFront, you must also specify the Region US East
|
7723
8031
|
# (N. Virginia) as follows:
|
7724
8032
|
#
|
7725
|
-
# * CLI - Specify the
|
8033
|
+
# * CLI - Specify the Region when you use the CloudFront scope:
|
7726
8034
|
# `--scope=CLOUDFRONT --region=us-east-1`.
|
7727
8035
|
#
|
7728
8036
|
# * API and SDKs - For all calls, use the Region endpoint us-east-1.
|
@@ -7740,8 +8048,8 @@ module Aws::WAFV2
|
|
7740
8048
|
# @return [Types::DefaultAction]
|
7741
8049
|
#
|
7742
8050
|
# @!attribute [rw] description
|
7743
|
-
# A
|
7744
|
-
# description of a Web ACL after you create it.
|
8051
|
+
# A description of the Web ACL that helps with identification. You
|
8052
|
+
# cannot change the description of a Web ACL after you create it.
|
7745
8053
|
# @return [String]
|
7746
8054
|
#
|
7747
8055
|
# @!attribute [rw] rules
|
@@ -7859,7 +8167,7 @@ module Aws::WAFV2
|
|
7859
8167
|
# @return [Boolean]
|
7860
8168
|
#
|
7861
8169
|
# @!attribute [rw] metric_name
|
7862
|
-
# A
|
8170
|
+
# A name of the CloudWatch metric. The name can contain only
|
7863
8171
|
# alphanumeric characters (A-Z, a-z, 0-9), with length from one to 128
|
7864
8172
|
# characters. It can't contain whitespace or metric names reserved
|
7865
8173
|
# for AWS WAF, for example "All" and "Default\_Action." You can't
|
@@ -7914,6 +8222,18 @@ module Aws::WAFV2
|
|
7914
8222
|
include Aws::Structure
|
7915
8223
|
end
|
7916
8224
|
|
8225
|
+
# The operation isn't valid.
|
8226
|
+
#
|
8227
|
+
# @!attribute [rw] message
|
8228
|
+
# @return [String]
|
8229
|
+
#
|
8230
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WAFInvalidOperationException AWS API Documentation
|
8231
|
+
#
|
8232
|
+
class WAFInvalidOperationException < Struct.new(
|
8233
|
+
:message)
|
8234
|
+
include Aws::Structure
|
8235
|
+
end
|
8236
|
+
|
7917
8237
|
# The operation failed because AWS WAF didn't recognize a parameter in
|
7918
8238
|
# the request. For example:
|
7919
8239
|
#
|
@@ -7950,6 +8270,41 @@ module Aws::WAFV2
|
|
7950
8270
|
include Aws::Structure
|
7951
8271
|
end
|
7952
8272
|
|
8273
|
+
# The operation failed because the specified policy isn't in the proper
|
8274
|
+
# format.
|
8275
|
+
#
|
8276
|
+
# The policy specifications must conform to the following:
|
8277
|
+
#
|
8278
|
+
# * The policy must be composed using IAM Policy version 2012-10-17 or
|
8279
|
+
# version 2015-01-01.
|
8280
|
+
#
|
8281
|
+
# * The policy must include specifications for `Effect`, `Action`, and
|
8282
|
+
# `Principal`.
|
8283
|
+
#
|
8284
|
+
# * `Effect` must specify `Allow`.
|
8285
|
+
#
|
8286
|
+
# * `Action` must specify `wafv2:CreateWebACL`, `wafv2:UpdateWebACL`,
|
8287
|
+
# and `wafv2:PutFirewallManagerRuleGroups`. AWS WAF rejects any extra
|
8288
|
+
# actions or wildcard actions in the policy.
|
8289
|
+
#
|
8290
|
+
# * The policy must not include a `Resource` parameter.
|
8291
|
+
#
|
8292
|
+
# For more information, see [IAM Policies][1].
|
8293
|
+
#
|
8294
|
+
#
|
8295
|
+
#
|
8296
|
+
# [1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html
|
8297
|
+
#
|
8298
|
+
# @!attribute [rw] message
|
8299
|
+
# @return [String]
|
8300
|
+
#
|
8301
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WAFInvalidPermissionPolicyException AWS API Documentation
|
8302
|
+
#
|
8303
|
+
class WAFInvalidPermissionPolicyException < Struct.new(
|
8304
|
+
:message)
|
8305
|
+
include Aws::Structure
|
8306
|
+
end
|
8307
|
+
|
7953
8308
|
# AWS WAF couldn’t perform the operation because the resource that you
|
7954
8309
|
# requested isn’t valid. Check the resource, and try again.
|
7955
8310
|
#
|
@@ -8100,8 +8455,8 @@ module Aws::WAFV2
|
|
8100
8455
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
8101
8456
|
#
|
8102
8457
|
# @!attribute [rw] name
|
8103
|
-
#
|
8104
|
-
#
|
8458
|
+
# The name of the Web ACL. You cannot change the name of a Web ACL
|
8459
|
+
# after you create it.
|
8105
8460
|
# @return [String]
|
8106
8461
|
#
|
8107
8462
|
# @!attribute [rw] id
|
@@ -8121,8 +8476,8 @@ module Aws::WAFV2
|
|
8121
8476
|
# @return [Types::DefaultAction]
|
8122
8477
|
#
|
8123
8478
|
# @!attribute [rw] description
|
8124
|
-
# A
|
8125
|
-
# description of a Web ACL after you create it.
|
8479
|
+
# A description of the Web ACL that helps with identification. You
|
8480
|
+
# cannot change the description of a Web ACL after you create it.
|
8126
8481
|
# @return [String]
|
8127
8482
|
#
|
8128
8483
|
# @!attribute [rw] rules
|
@@ -8151,6 +8506,38 @@ module Aws::WAFV2
|
|
8151
8506
|
# for web ACLs is 1,500.
|
8152
8507
|
# @return [Integer]
|
8153
8508
|
#
|
8509
|
+
# @!attribute [rw] pre_process_firewall_manager_rule_groups
|
8510
|
+
# The first set of rules for AWS WAF to process in the web ACL. This
|
8511
|
+
# is defined in an AWS Firewall Manager WAF policy and contains only
|
8512
|
+
# rule group references. You can't alter these. Any rules and rule
|
8513
|
+
# groups that you define for the web ACL are prioritized after these.
|
8514
|
+
#
|
8515
|
+
# In the Firewall Manager WAF policy, the Firewall Manager
|
8516
|
+
# administrator can define a set of rule groups to run first in the
|
8517
|
+
# web ACL and a set of rule groups to run last. Within each set, the
|
8518
|
+
# administrator prioritizes the rule groups, to determine their
|
8519
|
+
# relative processing order.
|
8520
|
+
# @return [Array<Types::FirewallManagerRuleGroup>]
|
8521
|
+
#
|
8522
|
+
# @!attribute [rw] post_process_firewall_manager_rule_groups
|
8523
|
+
# The last set of rules for AWS WAF to process in the web ACL. This is
|
8524
|
+
# defined in an AWS Firewall Manager WAF policy and contains only rule
|
8525
|
+
# group references. You can't alter these. Any rules and rule groups
|
8526
|
+
# that you define for the web ACL are prioritized before these.
|
8527
|
+
#
|
8528
|
+
# In the Firewall Manager WAF policy, the Firewall Manager
|
8529
|
+
# administrator can define a set of rule groups to run first in the
|
8530
|
+
# web ACL and a set of rule groups to run last. Within each set, the
|
8531
|
+
# administrator prioritizes the rule groups, to determine their
|
8532
|
+
# relative processing order.
|
8533
|
+
# @return [Array<Types::FirewallManagerRuleGroup>]
|
8534
|
+
#
|
8535
|
+
# @!attribute [rw] managed_by_firewall_manager
|
8536
|
+
# Indicates whether this web ACL is managed by AWS Firewall Manager.
|
8537
|
+
# If true, then only AWS Firewall Manager can delete the web ACL or
|
8538
|
+
# any Firewall Manager rule groups in the web ACL.
|
8539
|
+
# @return [Boolean]
|
8540
|
+
#
|
8154
8541
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WebACL AWS API Documentation
|
8155
8542
|
#
|
8156
8543
|
class WebACL < Struct.new(
|
@@ -8161,7 +8548,10 @@ module Aws::WAFV2
|
|
8161
8548
|
:description,
|
8162
8549
|
:rules,
|
8163
8550
|
:visibility_config,
|
8164
|
-
:capacity
|
8551
|
+
:capacity,
|
8552
|
+
:pre_process_firewall_manager_rule_groups,
|
8553
|
+
:post_process_firewall_manager_rule_groups,
|
8554
|
+
:managed_by_firewall_manager)
|
8165
8555
|
include Aws::Structure
|
8166
8556
|
end
|
8167
8557
|
|
@@ -8182,8 +8572,8 @@ module Aws::WAFV2
|
|
8182
8572
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
8183
8573
|
#
|
8184
8574
|
# @!attribute [rw] name
|
8185
|
-
#
|
8186
|
-
#
|
8575
|
+
# The name of the Web ACL. You cannot change the name of a Web ACL
|
8576
|
+
# after you create it.
|
8187
8577
|
# @return [String]
|
8188
8578
|
#
|
8189
8579
|
# @!attribute [rw] id
|
@@ -8193,8 +8583,8 @@ module Aws::WAFV2
|
|
8193
8583
|
# @return [String]
|
8194
8584
|
#
|
8195
8585
|
# @!attribute [rw] description
|
8196
|
-
# A
|
8197
|
-
# description of a Web ACL after you create it.
|
8586
|
+
# A description of the Web ACL that helps with identification. You
|
8587
|
+
# cannot change the description of a Web ACL after you create it.
|
8198
8588
|
# @return [String]
|
8199
8589
|
#
|
8200
8590
|
# @!attribute [rw] lock_token
|
@@ -8283,9 +8673,9 @@ module Aws::WAFV2
|
|
8283
8673
|
# Text transformations eliminate some of the unusual formatting that
|
8284
8674
|
# attackers use in web requests in an effort to bypass detection. If
|
8285
8675
|
# you specify one or more transformations in a rule statement, AWS WAF
|
8286
|
-
# performs all transformations on the content
|
8287
|
-
# `FieldToMatch`, starting from the lowest priority
|
8288
|
-
# inspecting the content for a match.
|
8676
|
+
# performs all transformations on the content of the request component
|
8677
|
+
# identified by `FieldToMatch`, starting from the lowest priority
|
8678
|
+
# setting, before inspecting the content for a match.
|
8289
8679
|
# @return [Array<Types::TextTransformation>]
|
8290
8680
|
#
|
8291
8681
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/XssMatchStatement AWS API Documentation
|