aws-sdk-wafv2 1.110.0 → 1.112.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d61c6e32e94cd2c77641590f482910cf9f137f89ead4c05d974e7da90cadaca1
-  data.tar.gz: '087e9860fb0c5b059d3e0243cede2fe0ccee2a854d0274ee8647f7de8e74c242'
+  metadata.gz: f5f2b82118c761852c3bd671c9ea7751795a391f1fffac5aed57008effbd31b2
+  data.tar.gz: 4aa4851f485e4b64403675cc0548564a12e4d3ee3cf3af3b2c3c5d81538eef65
 SHA512:
-  metadata.gz: '08a23432bd5de93e8ceb76c0954c5e5dfb99829357cc4a8ea06782f8664b46fbc32756f20833617e052acd613f1c9266d67117c325f0afc2db066722ddb1b7f3'
-  data.tar.gz: 6cab48d82d9dec6708dfe3222ec48e92a25ae3a49bf6b22de77880741f4a94577980e4493db712fa5d0539e4fec673c7a65931170040cc25798d28ea2298b2fb
+  metadata.gz: 1295c727e09911bca0c3565ce3e43d321985484a53f2ea96504a35ff41450a88522c6ce067a58d43ca69347f2f5dfbf919fdffa44b5b1f27c37d3f94e02bd2f4
+  data.tar.gz: 18bb26b7533f390adc09825f5e3bc1959eab077b4055ce4b5f79a62664c3721619603dbaa76d064138cb3f4808891e80f8345f00cda6f808815102434a64bb65

data/CHANGELOG.md

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
 
+1.112.0 (2025-06-17)
+------------------
+
+* Feature - AWS WAF can now suggest protection packs for you based on the application information you provide when you create a webACL.
+
+1.111.0 (2025-06-11)
+------------------
+
+* Feature - WAF now provides two DDoS protection options: resource-level monitoring for Application Load Balancers and the AWSManagedRulesAntiDDoSRuleSet managed rule group for CloudFront distributions.
+
 1.110.0 (2025-06-05)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.110.0
+1.112.0

data/lib/aws-sdk-wafv2/client.rb

@@ -1253,6 +1253,20 @@ module Aws::WAFV2
     #                   },
     #                   enable_regex_in_path: false,
     #                 },
+    #                 aws_managed_rules_anti_d_do_s_rule_set: {
+    #                   client_side_action_config: { # required
+    #                     challenge: { # required
+    #                       usage_of_action: "ENABLED", # required, accepts ENABLED, DISABLED
+    #                       sensitivity: "LOW", # accepts LOW, MEDIUM, HIGH
+    #                       exempt_uri_regular_expressions: [
+    #                         {
+    #                           regex_string: "RegexPatternString",
+    #                         },
+    #                       ],
+    #                     },
+    #                   },
+    #                   sensitivity_to_block: "LOW", # accepts LOW, MEDIUM, HIGH
+    #                 },
     #               },
     #             ],
     #             rule_action_overrides: [
@@ -2471,6 +2485,20 @@ module Aws::WAFV2
     #                   },
     #                   enable_regex_in_path: false,
     #                 },
+    #                 aws_managed_rules_anti_d_do_s_rule_set: {
+    #                   client_side_action_config: { # required
+    #                     challenge: { # required
+    #                       usage_of_action: "ENABLED", # required, accepts ENABLED, DISABLED
+    #                       sensitivity: "LOW", # accepts LOW, MEDIUM, HIGH
+    #                       exempt_uri_regular_expressions: [
+    #                         {
+    #                           regex_string: "RegexPatternString",
+    #                         },
+    #                       ],
+    #                     },
+    #                   },
+    #                   sensitivity_to_block: "LOW", # accepts LOW, MEDIUM, HIGH
+    #                 },
     #               },
     #             ],
     #             rule_action_overrides: [
@@ -2871,6 +2899,20 @@ module Aws::WAFV2
     #
     #   [1]: http://aws.amazon.com/waf/pricing/
     #
+    # @option params [Types::OnSourceDDoSProtectionConfig] :on_source_d_do_s_protection_config
+    #   Specifies the type of DDoS protection to apply to web request data for
+    #   a web ACL. For most scenarios, it is recommended to use the default
+    #   protection level, `ACTIVE_UNDER_DDOS`. If a web ACL is associated with
+    #   multiple Application Load Balancers, the changes you make to DDoS
+    #   protection in that web ACL will apply to all associated Application
+    #   Load Balancers.
+    #
+    # @option params [Types::ApplicationConfig] :application_config
+    #   Configures the ability for the WAF console to store and retrieve
+    #   application attributes during the web ACL creation process.
+    #   Application attributes help WAF give recommendations for protection
+    #   packs.
+    #
     # @return [Types::CreateWebACLResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateWebACLResponse#summary #summary} => Types::WebACLSummary
@@ -3544,6 +3586,20 @@ module Aws::WAFV2
     #                   },
     #                   enable_regex_in_path: false,
     #                 },
+    #                 aws_managed_rules_anti_d_do_s_rule_set: {
+    #                   client_side_action_config: { # required
+    #                     challenge: { # required
+    #                       usage_of_action: "ENABLED", # required, accepts ENABLED, DISABLED
+    #                       sensitivity: "LOW", # accepts LOW, MEDIUM, HIGH
+    #                       exempt_uri_regular_expressions: [
+    #                         {
+    #                           regex_string: "RegexPatternString",
+    #                         },
+    #                       ],
+    #                     },
+    #                   },
+    #                   sensitivity_to_block: "LOW", # accepts LOW, MEDIUM, HIGH
+    #                 },
     #               },
     #             ],
     #             rule_action_overrides: [
@@ -3826,6 +3882,17 @@ module Aws::WAFV2
     #         },
     #       },
     #     },
+    #     on_source_d_do_s_protection_config: {
+    #       alb_low_reputation_mode: "ACTIVE_UNDER_DDOS", # required, accepts ACTIVE_UNDER_DDOS, ALWAYS_ON
+    #     },
+    #     application_config: {
+    #       attributes: [
+    #         {
+    #           name: "AttributeName",
+    #           values: ["AttributeValue"],
+    #         },
+    #       ],
+    #     },
     #   })
     #
     # @example Response structure
@@ -5358,6 +5425,11 @@ module Aws::WAFV2
     #   resp.rule_group.rules[0].statement.managed_rule_group_statement.managed_rule_group_configs[0].aws_managed_rules_acfp_rule_set.response_inspection.json.failure_values #=> Array
     #   resp.rule_group.rules[0].statement.managed_rule_group_statement.managed_rule_group_configs[0].aws_managed_rules_acfp_rule_set.response_inspection.json.failure_values[0] #=> String
     #   resp.rule_group.rules[0].statement.managed_rule_group_statement.managed_rule_group_configs[0].aws_managed_rules_acfp_rule_set.enable_regex_in_path #=> Boolean
+    #   resp.rule_group.rules[0].statement.managed_rule_group_statement.managed_rule_group_configs[0].aws_managed_rules_anti_d_do_s_rule_set.client_side_action_config.challenge.usage_of_action #=> String, one of "ENABLED", "DISABLED"
+    #   resp.rule_group.rules[0].statement.managed_rule_group_statement.managed_rule_group_configs[0].aws_managed_rules_anti_d_do_s_rule_set.client_side_action_config.challenge.sensitivity #=> String, one of "LOW", "MEDIUM", "HIGH"
+    #   resp.rule_group.rules[0].statement.managed_rule_group_statement.managed_rule_group_configs[0].aws_managed_rules_anti_d_do_s_rule_set.client_side_action_config.challenge.exempt_uri_regular_expressions #=> Array
+    #   resp.rule_group.rules[0].statement.managed_rule_group_statement.managed_rule_group_configs[0].aws_managed_rules_anti_d_do_s_rule_set.client_side_action_config.challenge.exempt_uri_regular_expressions[0].regex_string #=> String
+    #   resp.rule_group.rules[0].statement.managed_rule_group_statement.managed_rule_group_configs[0].aws_managed_rules_anti_d_do_s_rule_set.sensitivity_to_block #=> String, one of "LOW", "MEDIUM", "HIGH"
     #   resp.rule_group.rules[0].statement.managed_rule_group_statement.rule_action_overrides #=> Array
     #   resp.rule_group.rules[0].statement.managed_rule_group_statement.rule_action_overrides[0].name #=> String
     #   resp.rule_group.rules[0].statement.managed_rule_group_statement.rule_action_overrides[0].action_to_use.block.custom_response.response_code #=> Integer
@@ -8053,6 +8125,20 @@ module Aws::WAFV2
     #                   },
     #                   enable_regex_in_path: false,
     #                 },
+    #                 aws_managed_rules_anti_d_do_s_rule_set: {
+    #                   client_side_action_config: { # required
+    #                     challenge: { # required
+    #                       usage_of_action: "ENABLED", # required, accepts ENABLED, DISABLED
+    #                       sensitivity: "LOW", # accepts LOW, MEDIUM, HIGH
+    #                       exempt_uri_regular_expressions: [
+    #                         {
+    #                           regex_string: "RegexPatternString",
+    #                         },
+    #                       ],
+    #                     },
+    #                   },
+    #                   sensitivity_to_block: "LOW", # accepts LOW, MEDIUM, HIGH
+    #                 },
     #               },
     #             ],
     #             rule_action_overrides: [
@@ -8497,6 +8583,14 @@ module Aws::WAFV2
     #
     #   [1]: http://aws.amazon.com/waf/pricing/
     #
+    # @option params [Types::OnSourceDDoSProtectionConfig] :on_source_d_do_s_protection_config
+    #   Specifies the type of DDoS protection to apply to web request data for
+    #   a web ACL. For most scenarios, it is recommended to use the default
+    #   protection level, `ACTIVE_UNDER_DDOS`. If a web ACL is associated with
+    #   multiple Application Load Balancers, the changes you make to DDoS
+    #   protection in that web ACL will apply to all associated Application
+    #   Load Balancers.
+    #
     # @return [Types::UpdateWebACLResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateWebACLResponse#next_lock_token #next_lock_token} => String
@@ -9171,6 +9265,20 @@ module Aws::WAFV2
     #                   },
     #                   enable_regex_in_path: false,
     #                 },
+    #                 aws_managed_rules_anti_d_do_s_rule_set: {
+    #                   client_side_action_config: { # required
+    #                     challenge: { # required
+    #                       usage_of_action: "ENABLED", # required, accepts ENABLED, DISABLED
+    #                       sensitivity: "LOW", # accepts LOW, MEDIUM, HIGH
+    #                       exempt_uri_regular_expressions: [
+    #                         {
+    #                           regex_string: "RegexPatternString",
+    #                         },
+    #                       ],
+    #                     },
+    #                   },
+    #                   sensitivity_to_block: "LOW", # accepts LOW, MEDIUM, HIGH
+    #                 },
     #               },
     #             ],
     #             rule_action_overrides: [
@@ -9448,6 +9556,9 @@ module Aws::WAFV2
     #         },
     #       },
     #     },
+    #     on_source_d_do_s_protection_config: {
+    #       alb_low_reputation_mode: "ACTIVE_UNDER_DDOS", # required, accepts ACTIVE_UNDER_DDOS, ALWAYS_ON
+    #     },
     #   })
     #
     # @example Response structure
@@ -9481,7 +9592,7 @@ module Aws::WAFV2
         tracer: tracer
       )
       context[:gem_name] = 'aws-sdk-wafv2'
-      context[:gem_version] = '1.110.0'
+      context[:gem_version] = '1.112.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-wafv2/client_api.rb

@@ -22,6 +22,7 @@ module Aws::WAFV2
     ASN = Shapes::IntegerShape.new(name: 'ASN')
     AWSManagedRulesACFPRuleSet = Shapes::StructureShape.new(name: 'AWSManagedRulesACFPRuleSet')
     AWSManagedRulesATPRuleSet = Shapes::StructureShape.new(name: 'AWSManagedRulesATPRuleSet')
+    AWSManagedRulesAntiDDoSRuleSet = Shapes::StructureShape.new(name: 'AWSManagedRulesAntiDDoSRuleSet')
     AWSManagedRulesBotControlRuleSet = Shapes::StructureShape.new(name: 'AWSManagedRulesBotControlRuleSet')
     Action = Shapes::StringShape.new(name: 'Action')
     ActionCondition = Shapes::StructureShape.new(name: 'ActionCondition')
@@ -32,12 +33,18 @@ module Aws::WAFV2
     AllQueryArguments = Shapes::StructureShape.new(name: 'AllQueryArguments')
     AllowAction = Shapes::StructureShape.new(name: 'AllowAction')
     AndStatement = Shapes::StructureShape.new(name: 'AndStatement')
+    ApplicationAttribute = Shapes::StructureShape.new(name: 'ApplicationAttribute')
+    ApplicationAttributes = Shapes::ListShape.new(name: 'ApplicationAttributes')
+    ApplicationConfig = Shapes::StructureShape.new(name: 'ApplicationConfig')
     AsnList = Shapes::ListShape.new(name: 'AsnList')
     AsnMatchStatement = Shapes::StructureShape.new(name: 'AsnMatchStatement')
     AssociateWebACLRequest = Shapes::StructureShape.new(name: 'AssociateWebACLRequest')
     AssociateWebACLResponse = Shapes::StructureShape.new(name: 'AssociateWebACLResponse')
     AssociatedResourceType = Shapes::StringShape.new(name: 'AssociatedResourceType')
     AssociationConfig = Shapes::StructureShape.new(name: 'AssociationConfig')
+    AttributeName = Shapes::StringShape.new(name: 'AttributeName')
+    AttributeValue = Shapes::StringShape.new(name: 'AttributeValue')
+    AttributeValues = Shapes::ListShape.new(name: 'AttributeValues')
     BlockAction = Shapes::StructureShape.new(name: 'BlockAction')
     Body = Shapes::StructureShape.new(name: 'Body')
     BodyParsingFallbackBehavior = Shapes::StringShape.new(name: 'BodyParsingFallbackBehavior')
@@ -52,6 +59,8 @@ module Aws::WAFV2
     ChallengeResponse = Shapes::StructureShape.new(name: 'ChallengeResponse')
     CheckCapacityRequest = Shapes::StructureShape.new(name: 'CheckCapacityRequest')
     CheckCapacityResponse = Shapes::StructureShape.new(name: 'CheckCapacityResponse')
+    ClientSideAction = Shapes::StructureShape.new(name: 'ClientSideAction')
+    ClientSideActionConfig = Shapes::StructureShape.new(name: 'ClientSideActionConfig')
     ComparisonOperator = Shapes::StringShape.new(name: 'ComparisonOperator')
     Condition = Shapes::StructureShape.new(name: 'Condition')
     Conditions = Shapes::ListShape.new(name: 'Conditions')
@@ -242,6 +251,7 @@ module Aws::WAFV2
     LoggingConfigurations = Shapes::ListShape.new(name: 'LoggingConfigurations')
     LoggingFilter = Shapes::StructureShape.new(name: 'LoggingFilter')
     LoginPathString = Shapes::StringShape.new(name: 'LoginPathString')
+    LowReputationMode = Shapes::StringShape.new(name: 'LowReputationMode')
     ManagedProductDescriptor = Shapes::StructureShape.new(name: 'ManagedProductDescriptor')
     ManagedProductDescriptors = Shapes::ListShape.new(name: 'ManagedProductDescriptors')
     ManagedRuleGroupConfig = Shapes::StructureShape.new(name: 'ManagedRuleGroupConfig')
@@ -262,6 +272,7 @@ module Aws::WAFV2
     NextMarker = Shapes::StringShape.new(name: 'NextMarker')
     NoneAction = Shapes::StructureShape.new(name: 'NoneAction')
     NotStatement = Shapes::StructureShape.new(name: 'NotStatement')
+    OnSourceDDoSProtectionConfig = Shapes::StructureShape.new(name: 'OnSourceDDoSProtectionConfig')
     OrStatement = Shapes::StructureShape.new(name: 'OrStatement')
     OutputUrl = Shapes::StringShape.new(name: 'OutputUrl')
     OverrideAction = Shapes::StructureShape.new(name: 'OverrideAction')
@@ -363,6 +374,7 @@ module Aws::WAFV2
     Scope = Shapes::StringShape.new(name: 'Scope')
     SearchString = Shapes::BlobShape.new(name: 'SearchString')
     SensitivityLevel = Shapes::StringShape.new(name: 'SensitivityLevel')
+    SensitivityToAct = Shapes::StringShape.new(name: 'SensitivityToAct')
     SingleCookieName = Shapes::StringShape.new(name: 'SingleCookieName')
     SingleHeader = Shapes::StructureShape.new(name: 'SingleHeader')
     SingleQueryArgument = Shapes::StructureShape.new(name: 'SingleQueryArgument')
@@ -410,6 +422,7 @@ module Aws::WAFV2
     UpdateWebACLResponse = Shapes::StructureShape.new(name: 'UpdateWebACLResponse')
     UriFragment = Shapes::StructureShape.new(name: 'UriFragment')
     UriPath = Shapes::StructureShape.new(name: 'UriPath')
+    UsageOfAction = Shapes::StringShape.new(name: 'UsageOfAction')
     UsernameField = Shapes::StructureShape.new(name: 'UsernameField')
     VendorName = Shapes::StringShape.new(name: 'VendorName')
     VersionKeyString = Shapes::StringShape.new(name: 'VersionKeyString')
@@ -463,6 +476,10 @@ module Aws::WAFV2
     AWSManagedRulesATPRuleSet.add_member(:enable_regex_in_path, Shapes::ShapeRef.new(shape: Boolean, location_name: "EnableRegexInPath"))
     AWSManagedRulesATPRuleSet.struct_class = Types::AWSManagedRulesATPRuleSet
 
+    AWSManagedRulesAntiDDoSRuleSet.add_member(:client_side_action_config, Shapes::ShapeRef.new(shape: ClientSideActionConfig, required: true, location_name: "ClientSideActionConfig"))
+    AWSManagedRulesAntiDDoSRuleSet.add_member(:sensitivity_to_block, Shapes::ShapeRef.new(shape: SensitivityToAct, location_name: "SensitivityToBlock"))
+    AWSManagedRulesAntiDDoSRuleSet.struct_class = Types::AWSManagedRulesAntiDDoSRuleSet
+
     AWSManagedRulesBotControlRuleSet.add_member(:inspection_level, Shapes::ShapeRef.new(shape: InspectionLevel, required: true, location_name: "InspectionLevel"))
     AWSManagedRulesBotControlRuleSet.add_member(:enable_machine_learning, Shapes::ShapeRef.new(shape: EnableMachineLearning, location_name: "EnableMachineLearning"))
     AWSManagedRulesBotControlRuleSet.struct_class = Types::AWSManagedRulesBotControlRuleSet
@@ -485,6 +502,15 @@ module Aws::WAFV2
     AndStatement.add_member(:statements, Shapes::ShapeRef.new(shape: Statements, required: true, location_name: "Statements"))
     AndStatement.struct_class = Types::AndStatement
 
+    ApplicationAttribute.add_member(:name, Shapes::ShapeRef.new(shape: AttributeName, location_name: "Name"))
+    ApplicationAttribute.add_member(:values, Shapes::ShapeRef.new(shape: AttributeValues, location_name: "Values"))
+    ApplicationAttribute.struct_class = Types::ApplicationAttribute
+
+    ApplicationAttributes.member = Shapes::ShapeRef.new(shape: ApplicationAttribute)
+
+    ApplicationConfig.add_member(:attributes, Shapes::ShapeRef.new(shape: ApplicationAttributes, location_name: "Attributes"))
+    ApplicationConfig.struct_class = Types::ApplicationConfig
+
     AsnList.member = Shapes::ShapeRef.new(shape: ASN)
 
     AsnMatchStatement.add_member(:asn_list, Shapes::ShapeRef.new(shape: AsnList, required: true, location_name: "AsnList"))
@@ -500,6 +526,8 @@ module Aws::WAFV2
     AssociationConfig.add_member(:request_body, Shapes::ShapeRef.new(shape: RequestBody, location_name: "RequestBody"))
     AssociationConfig.struct_class = Types::AssociationConfig
 
+    AttributeValues.member = Shapes::ShapeRef.new(shape: AttributeValue)
+
     BlockAction.add_member(:custom_response, Shapes::ShapeRef.new(shape: CustomResponse, location_name: "CustomResponse"))
     BlockAction.struct_class = Types::BlockAction
 
@@ -541,6 +569,14 @@ module Aws::WAFV2
     CheckCapacityResponse.add_member(:capacity, Shapes::ShapeRef.new(shape: ConsumedCapacity, location_name: "Capacity"))
     CheckCapacityResponse.struct_class = Types::CheckCapacityResponse
 
+    ClientSideAction.add_member(:usage_of_action, Shapes::ShapeRef.new(shape: UsageOfAction, required: true, location_name: "UsageOfAction"))
+    ClientSideAction.add_member(:sensitivity, Shapes::ShapeRef.new(shape: SensitivityToAct, location_name: "Sensitivity"))
+    ClientSideAction.add_member(:exempt_uri_regular_expressions, Shapes::ShapeRef.new(shape: RegularExpressionList, location_name: "ExemptUriRegularExpressions"))
+    ClientSideAction.struct_class = Types::ClientSideAction
+
+    ClientSideActionConfig.add_member(:challenge, Shapes::ShapeRef.new(shape: ClientSideAction, required: true, location_name: "Challenge"))
+    ClientSideActionConfig.struct_class = Types::ClientSideActionConfig
+
     Condition.add_member(:action_condition, Shapes::ShapeRef.new(shape: ActionCondition, location_name: "ActionCondition"))
     Condition.add_member(:label_name_condition, Shapes::ShapeRef.new(shape: LabelNameCondition, location_name: "LabelNameCondition"))
     Condition.struct_class = Types::Condition
@@ -618,6 +654,8 @@ module Aws::WAFV2
     CreateWebACLRequest.add_member(:challenge_config, Shapes::ShapeRef.new(shape: ChallengeConfig, location_name: "ChallengeConfig"))
     CreateWebACLRequest.add_member(:token_domains, Shapes::ShapeRef.new(shape: TokenDomains, location_name: "TokenDomains"))
     CreateWebACLRequest.add_member(:association_config, Shapes::ShapeRef.new(shape: AssociationConfig, location_name: "AssociationConfig"))
+    CreateWebACLRequest.add_member(:on_source_d_do_s_protection_config, Shapes::ShapeRef.new(shape: OnSourceDDoSProtectionConfig, location_name: "OnSourceDDoSProtectionConfig"))
+    CreateWebACLRequest.add_member(:application_config, Shapes::ShapeRef.new(shape: ApplicationConfig, location_name: "ApplicationConfig"))
     CreateWebACLRequest.struct_class = Types::CreateWebACLRequest
 
     CreateWebACLResponse.add_member(:summary, Shapes::ShapeRef.new(shape: WebACLSummary, location_name: "Summary"))
@@ -1163,6 +1201,7 @@ module Aws::WAFV2
     ManagedRuleGroupConfig.add_member(:aws_managed_rules_bot_control_rule_set, Shapes::ShapeRef.new(shape: AWSManagedRulesBotControlRuleSet, location_name: "AWSManagedRulesBotControlRuleSet"))
     ManagedRuleGroupConfig.add_member(:aws_managed_rules_atp_rule_set, Shapes::ShapeRef.new(shape: AWSManagedRulesATPRuleSet, location_name: "AWSManagedRulesATPRuleSet"))
     ManagedRuleGroupConfig.add_member(:aws_managed_rules_acfp_rule_set, Shapes::ShapeRef.new(shape: AWSManagedRulesACFPRuleSet, location_name: "AWSManagedRulesACFPRuleSet"))
+    ManagedRuleGroupConfig.add_member(:aws_managed_rules_anti_d_do_s_rule_set, Shapes::ShapeRef.new(shape: AWSManagedRulesAntiDDoSRuleSet, location_name: "AWSManagedRulesAntiDDoSRuleSet"))
     ManagedRuleGroupConfig.struct_class = Types::ManagedRuleGroupConfig
 
     ManagedRuleGroupConfigs.member = Shapes::ShapeRef.new(shape: ManagedRuleGroupConfig)
@@ -1230,6 +1269,9 @@ module Aws::WAFV2
     NotStatement.add_member(:statement, Shapes::ShapeRef.new(shape: Statement, required: true, location_name: "Statement"))
     NotStatement.struct_class = Types::NotStatement
 
+    OnSourceDDoSProtectionConfig.add_member(:alb_low_reputation_mode, Shapes::ShapeRef.new(shape: LowReputationMode, required: true, location_name: "ALBLowReputationMode"))
+    OnSourceDDoSProtectionConfig.struct_class = Types::OnSourceDDoSProtectionConfig
+
     OrStatement.add_member(:statements, Shapes::ShapeRef.new(shape: Statements, required: true, location_name: "Statements"))
     OrStatement.struct_class = Types::OrStatement
 
@@ -1645,6 +1687,7 @@ module Aws::WAFV2
     UpdateWebACLRequest.add_member(:challenge_config, Shapes::ShapeRef.new(shape: ChallengeConfig, location_name: "ChallengeConfig"))
     UpdateWebACLRequest.add_member(:token_domains, Shapes::ShapeRef.new(shape: TokenDomains, location_name: "TokenDomains"))
     UpdateWebACLRequest.add_member(:association_config, Shapes::ShapeRef.new(shape: AssociationConfig, location_name: "AssociationConfig"))
+    UpdateWebACLRequest.add_member(:on_source_d_do_s_protection_config, Shapes::ShapeRef.new(shape: OnSourceDDoSProtectionConfig, location_name: "OnSourceDDoSProtectionConfig"))
     UpdateWebACLRequest.struct_class = Types::UpdateWebACLRequest
 
     UpdateWebACLResponse.add_member(:next_lock_token, Shapes::ShapeRef.new(shape: LockToken, location_name: "NextLockToken"))
@@ -1750,6 +1793,8 @@ module Aws::WAFV2
     WebACL.add_member(:token_domains, Shapes::ShapeRef.new(shape: TokenDomains, location_name: "TokenDomains"))
     WebACL.add_member(:association_config, Shapes::ShapeRef.new(shape: AssociationConfig, location_name: "AssociationConfig"))
     WebACL.add_member(:retrofitted_by_firewall_manager, Shapes::ShapeRef.new(shape: Boolean, location_name: "RetrofittedByFirewallManager"))
+    WebACL.add_member(:on_source_d_do_s_protection_config, Shapes::ShapeRef.new(shape: OnSourceDDoSProtectionConfig, location_name: "OnSourceDDoSProtectionConfig"))
+    WebACL.add_member(:application_config, Shapes::ShapeRef.new(shape: ApplicationConfig, location_name: "ApplicationConfig"))
     WebACL.struct_class = Types::WebACL
 
     WebACLSummaries.member = Shapes::ShapeRef.new(shape: WebACLSummary)

data/lib/aws-sdk-wafv2/types.rb

@@ -55,6 +55,16 @@ module Aws::WAFV2
     # rule group, `AWSManagedRulesACFPRuleSet`. This configuration is used
     # in `ManagedRuleGroupConfig`.
     #
+    # For additional information about this and the other intelligent threat
+    # mitigation rule groups, see [Intelligent threat mitigation in WAF][1]
+    # and [Amazon Web Services Managed Rules rule groups list][2] in the
+    # *WAF Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-protections
+    # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list
+    #
     # @!attribute [rw] creation_path
     #   The path of the account creation endpoint for your application. This
     #   is the page on your website that accepts the completed registration
@@ -131,6 +141,16 @@ module Aws::WAFV2
     # group, `AWSManagedRulesATPRuleSet`. This configuration is used in
     # `ManagedRuleGroupConfig`.
     #
+    # For additional information about this and the other intelligent threat
+    # mitigation rule groups, see [Intelligent threat mitigation in WAF][1]
+    # and [Amazon Web Services Managed Rules rule groups list][2] in the
+    # *WAF Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-protections
+    # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list
+    #
     # @!attribute [rw] login_path
     #   The path of the login endpoint for your application. For example,
     #   for the URL `https://example.com/web/login`, you would provide the
@@ -181,10 +201,75 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # Configures the use of the anti-DDoS managed rule group,
+    # `AWSManagedRulesAntiDDoSRuleSet`. This configuration is used in
+    # `ManagedRuleGroupConfig`.
+    #
+    # The configuration that you provide here determines whether and how the
+    # rules in the rule group are used.
+    #
+    # For additional information about this and the other intelligent threat
+    # mitigation rule groups, see [Intelligent threat mitigation in WAF][1]
+    # and [Amazon Web Services Managed Rules rule groups list][2] in the
+    # *WAF Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-protections
+    # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list
+    #
+    # @!attribute [rw] client_side_action_config
+    #   Configures the request handling that's applied by the managed rule
+    #   group rules `ChallengeAllDuringEvent` and `ChallengeDDoSRequests`
+    #   during a distributed denial of service (DDoS) attack.
+    #   @return [Types::ClientSideActionConfig]
+    #
+    # @!attribute [rw] sensitivity_to_block
+    #   The sensitivity that the rule group rule `DDoSRequests` uses when
+    #   matching against the DDoS suspicion labeling on a request. The
+    #   managed rule group adds the labeling during DDoS events, before the
+    #   `DDoSRequests` rule runs.
+    #
+    #   The higher the sensitivity, the more levels of labeling that the
+    #   rule matches:
+    #
+    #   * Low sensitivity is less sensitive, causing the rule to match only
+    #     on the most likely participants in an attack, which are the
+    #     requests with the high suspicion label
+    #     `awswaf:managed:aws:anti-ddos:high-suspicion-ddos-request`.
+    #
+    #   * Medium sensitivity causes the rule to match on the medium and high
+    #     suspicion labels.
+    #
+    #   * High sensitivity causes the rule to match on all of the suspicion
+    #     labels: low, medium, and high.
+    #
+    #   Default: `LOW`
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AWSManagedRulesAntiDDoSRuleSet AWS API Documentation
+    #
+    class AWSManagedRulesAntiDDoSRuleSet < Struct.new(
+      :client_side_action_config,
+      :sensitivity_to_block)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Details for your use of the Bot Control managed rule group,
     # `AWSManagedRulesBotControlRuleSet`. This configuration is used in
     # `ManagedRuleGroupConfig`.
     #
+    # For additional information about this and the other intelligent threat
+    # mitigation rule groups, see [Intelligent threat mitigation in WAF][1]
+    # and [Amazon Web Services Managed Rules rule groups list][2] in the
+    # *WAF Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-protections
+    # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list
+    #
     # @!attribute [rw] inspection_level
     #   The inspection level to use for the Bot Control rule group. The
     #   common level is the least expensive. The targeted level includes all
@@ -361,6 +446,42 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # Application details defined during the web ACL creation process.
+    # Application attributes help WAF give recommendations for protection
+    # packs.
+    #
+    # @!attribute [rw] name
+    #   Specifies the attribute name.
+    #   @return [String]
+    #
+    # @!attribute [rw] values
+    #   Specifies the attribute value.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ApplicationAttribute AWS API Documentation
+    #
+    class ApplicationAttribute < Struct.new(
+      :name,
+      :values)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A list of `ApplicationAttribute`s that contains information about the
+    # application.
+    #
+    # @!attribute [rw] attributes
+    #   Contains the attribute name and a list of values for that attribute.
+    #   @return [Array<Types::ApplicationAttribute>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ApplicationConfig AWS API Documentation
+    #
+    class ApplicationConfig < Struct.new(
+      :attributes)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A rule statement that inspects web traffic based on the Autonomous
     # System Number (ASN) associated with the request's IP address.
     #
@@ -953,6 +1074,135 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # This is part of the `AWSManagedRulesAntiDDoSRuleSet`
+    # `ClientSideActionConfig` configuration in `ManagedRuleGroupConfig`.
+    #
+    # @!attribute [rw] usage_of_action
+    #   Determines whether to use the `AWSManagedRulesAntiDDoSRuleSet` rules
+    #   `ChallengeAllDuringEvent` and `ChallengeDDoSRequests` in the rule
+    #   group evaluation and the related label
+    #   `awswaf:managed:aws:anti-ddos:challengeable-request`.
+    #
+    #   * If usage is enabled:
+    #
+    #     * The managed rule group adds the label
+    #       `awswaf:managed:aws:anti-ddos:challengeable-request` to any web
+    #       request whose URL does *NOT* match the regular expressions
+    #       provided in the `ClientSideAction` setting
+    #       `ExemptUriRegularExpressions`.
+    #
+    #     * The two rules are evaluated against web requests for protected
+    #       resources that are experiencing a DDoS attack. The two rules
+    #       only apply their action to matching requests that have the label
+    #       `awswaf:managed:aws:anti-ddos:challengeable-request`.
+    #   * If usage is disabled:
+    #
+    #     * The managed rule group doesn't add the label
+    #       `awswaf:managed:aws:anti-ddos:challengeable-request` to any web
+    #       requests.
+    #
+    #     * The two rules are not evaluated.
+    #
+    #     * None of the other `ClientSideAction` settings have any effect.
+    #
+    #   <note markdown="1"> This setting only enables or disables the use of the two anti-DDOS
+    #   rules `ChallengeAllDuringEvent` and `ChallengeDDoSRequests` in the
+    #   anti-DDoS managed rule group.
+    #
+    #    This setting doesn't alter the action setting in the two rules. To
+    #   override the actions used by the rules `ChallengeAllDuringEvent` and
+    #   `ChallengeDDoSRequests`, enable this setting, and then override the
+    #   rule actions in the usual way, in your managed rule group
+    #   configuration.
+    #
+    #    </note>
+    #   @return [String]
+    #
+    # @!attribute [rw] sensitivity
+    #   The sensitivity that the rule group rule `ChallengeDDoSRequests`
+    #   uses when matching against the DDoS suspicion labeling on a request.
+    #   The managed rule group adds the labeling during DDoS events, before
+    #   the `ChallengeDDoSRequests` rule runs.
+    #
+    #   The higher the sensitivity, the more levels of labeling that the
+    #   rule matches:
+    #
+    #   * Low sensitivity is less sensitive, causing the rule to match only
+    #     on the most likely participants in an attack, which are the
+    #     requests with the high suspicion label
+    #     `awswaf:managed:aws:anti-ddos:high-suspicion-ddos-request`.
+    #
+    #   * Medium sensitivity causes the rule to match on the medium and high
+    #     suspicion labels.
+    #
+    #   * High sensitivity causes the rule to match on all of the suspicion
+    #     labels: low, medium, and high.
+    #
+    #   Default: `HIGH`
+    #   @return [String]
+    #
+    # @!attribute [rw] exempt_uri_regular_expressions
+    #   The regular expression to match against the web request URI, used to
+    #   identify requests that can't handle a silent browser challenge.
+    #   When the `ClientSideAction` setting `UsageOfAction` is enabled, the
+    #   managed rule group uses this setting to determine which requests to
+    #   label with `awswaf:managed:aws:anti-ddos:challengeable-request`. If
+    #   `UsageOfAction` is disabled, this setting has no effect and the
+    #   managed rule group doesn't add the label to any requests.
+    #
+    #   The anti-DDoS managed rule group doesn't evaluate the rules
+    #   `ChallengeDDoSRequests` or `ChallengeAllDuringEvent` for web
+    #   requests whose URIs match this regex. This is true regardless of
+    #   whether you override the rule action for either of the rules in your
+    #   web ACL configuration.
+    #
+    #   Amazon Web Services recommends using a regular expression.
+    #
+    #   This setting is required if `UsageOfAction` is set to `ENABLED`. If
+    #   required, you can provide between 1 and 5 regex objects in the array
+    #   of settings.
+    #
+    #   Amazon Web Services recommends starting with the following setting.
+    #   Review and update it for your application's needs:
+    #
+    #   `\/api\/|\.(acc|avi|css|gif|jpe?g|js|mp[34]|ogg|otf|pdf|png|tiff?|ttf|webm|webp|woff2?)$`
+    #   @return [Array<Types::Regex>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ClientSideAction AWS API Documentation
+    #
+    class ClientSideAction < Struct.new(
+      :usage_of_action,
+      :sensitivity,
+      :exempt_uri_regular_expressions)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # This is part of the configuration for the managed rules
+    # `AWSManagedRulesAntiDDoSRuleSet` in `ManagedRuleGroupConfig`.
+    #
+    # @!attribute [rw] challenge
+    #   Configuration for the use of the `AWSManagedRulesAntiDDoSRuleSet`
+    #   rules `ChallengeAllDuringEvent` and `ChallengeDDoSRequests`.
+    #
+    #   <note markdown="1"> This setting isn't related to the configuration of the `Challenge`
+    #   action itself. It only configures the use of the two anti-DDoS rules
+    #   named here.
+    #
+    #    </note>
+    #
+    #   You can enable or disable the use of these rules, and you can
+    #   configure how to use them when they are enabled.
+    #   @return [Types::ClientSideAction]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ClientSideActionConfig AWS API Documentation
+    #
+    class ClientSideActionConfig < Struct.new(
+      :challenge)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A single match condition for a Filter.
     #
     # @!attribute [rw] action_condition
@@ -1547,6 +1797,22 @@ module Aws::WAFV2
     #   [1]: http://aws.amazon.com/waf/pricing/
     #   @return [Types::AssociationConfig]
     #
+    # @!attribute [rw] on_source_d_do_s_protection_config
+    #   Specifies the type of DDoS protection to apply to web request data
+    #   for a web ACL. For most scenarios, it is recommended to use the
+    #   default protection level, `ACTIVE_UNDER_DDOS`. If a web ACL is
+    #   associated with multiple Application Load Balancers, the changes you
+    #   make to DDoS protection in that web ACL will apply to all associated
+    #   Application Load Balancers.
+    #   @return [Types::OnSourceDDoSProtectionConfig]
+    #
+    # @!attribute [rw] application_config
+    #   Configures the ability for the WAF console to store and retrieve
+    #   application attributes during the web ACL creation process.
+    #   Application attributes help WAF give recommendations for protection
+    #   packs.
+    #   @return [Types::ApplicationConfig]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateWebACLRequest AWS API Documentation
     #
     class CreateWebACLRequest < Struct.new(
@@ -1562,7 +1828,9 @@ module Aws::WAFV2
       :captcha_config,
       :challenge_config,
       :token_domains,
-      :association_config)
+      :association_config,
+      :on_source_d_do_s_protection_config,
+      :application_config)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5552,6 +5820,13 @@ module Aws::WAFV2
     #   your application and the locations in the account creation request
     #   payload of data, such as the user email and phone number fields.
     #
+    # * Use the `AWSManagedRulesAntiDDoSRuleSet` configuration object to
+    #   configure the anti-DDoS managed rule group. The configuration
+    #   includes the sensitivity levels to use in the rules that typically
+    #   block and challenge requests that might be participating in DDoS
+    #   attacks and the specification to use to indicate whether a request
+    #   can handle a silent browser challenge.
+    #
     # * Use the `AWSManagedRulesATPRuleSet` configuration object to
     #   configure the account takeover prevention managed rule group. The
     #   configuration includes the sign-in page of your application and the
@@ -5649,6 +5924,21 @@ module Aws::WAFV2
     #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-acfp.html
     #   @return [Types::AWSManagedRulesACFPRuleSet]
     #
+    # @!attribute [rw] aws_managed_rules_anti_d_do_s_rule_set
+    #   Additional configuration for using the anti-DDoS managed rule group,
+    #   `AWSManagedRulesAntiDDoSRuleSet`. Use this to configure anti-DDoS
+    #   behavior for the rule group.
+    #
+    #   For information about using the anti-DDoS managed rule group, see
+    #   [WAF Anti-DDoS rule group][1] and [Distributed Denial of Service
+    #   (DDoS) prevention][2] in the *WAF Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-anti-ddos.html
+    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-anti-ddos.html
+    #   @return [Types::AWSManagedRulesAntiDDoSRuleSet]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleGroupConfig AWS API Documentation
     #
     class ManagedRuleGroupConfig < Struct.new(
@@ -5658,7 +5948,8 @@ module Aws::WAFV2
       :password_field,
       :aws_managed_rules_bot_control_rule_set,
       :aws_managed_rules_atp_rule_set,
-      :aws_managed_rules_acfp_rule_set)
+      :aws_managed_rules_acfp_rule_set,
+      :aws_managed_rules_anti_d_do_s_rule_set)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -5738,6 +6029,13 @@ module Aws::WAFV2
     #     creation request payload of data, such as the user email and phone
     #     number fields.
     #
+    #   * Use the `AWSManagedRulesAntiDDoSRuleSet` configuration object to
+    #     configure the anti-DDoS managed rule group. The configuration
+    #     includes the sensitivity levels to use in the rules that typically
+    #     block and challenge requests that might be participating in DDoS
+    #     attacks and the specification to use to indicate whether a request
+    #     can handle a silent browser challenge.
+    #
     #   * Use the `AWSManagedRulesATPRuleSet` configuration object to
     #     configure the account takeover prevention managed rule group. The
     #     configuration includes the sign-in page of your application and
@@ -5754,10 +6052,12 @@ module Aws::WAFV2
     #   configured inside the rule group. You specify one override for each
     #   rule whose action you want to change.
     #
-    #   <note markdown="1"> Take care to verify the rule names in your overrides. If you provide
-    #   a rule name that doesn't match the name of any rule in the rule
-    #   group, WAF doesn't return an error and doesn't apply the override
-    #   setting.
+    #   <note markdown="1"> Verify the rule names in your overrides carefully. With managed rule
+    #   groups, WAF silently ignores any override that uses an invalid rule
+    #   name. With customer-owned rule groups, invalid rule names in your
+    #   overrides will cause web ACL updates to fail. An invalid rule name
+    #   is any name that doesn't exactly match the case-sensitive name of
+    #   an existing rule in the rule group.
     #
     #    </note>
     #
@@ -6163,6 +6463,31 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # Configures the level of DDoS protection that applies to web ACLs
+    # associated with Application Load Balancers.
+    #
+    # @!attribute [rw] alb_low_reputation_mode
+    #   The level of DDoS protection that applies to web ACLs associated
+    #   with Application Load Balancers. `ACTIVE_UNDER_DDOS` protection is
+    #   enabled by default whenever a web ACL is associated with an
+    #   Application Load Balancer. In the event that an Application Load
+    #   Balancer experiences high-load conditions or suspected DDoS attacks,
+    #   the `ACTIVE_UNDER_DDOS` protection automatically rate limits traffic
+    #   from known low reputation sources without disrupting Application
+    #   Load Balancer availability. `ALWAYS_ON` protection provides
+    #   constant, always-on monitoring of known low reputation sources for
+    #   suspected DDoS attacks. While this provides a higher level of
+    #   protection, there may be potential impacts on legitimate traffic.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/OnSourceDDoSProtectionConfig AWS API Documentation
+    #
+    class OnSourceDDoSProtectionConfig < Struct.new(
+      :alb_low_reputation_mode)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # A logical rule statement used to combine other rule statements with OR
     # logic. You provide more than one Statement within the `OrStatement`.
     #
@@ -7137,7 +7462,9 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
-    # A single regular expression. This is used in a RegexPatternSet.
+    # A single regular expression. This is used in a RegexPatternSet and
+    # also in the configuration for the Amazon Web Services Managed Rules
+    # rule group `AWSManagedRulesAntiDDoSRuleSet`.
     #
     # @!attribute [rw] regex_string
     #   The string representing the regular expression.
@@ -8220,10 +8547,12 @@ module Aws::WAFV2
     #   configured inside the rule group. You specify one override for each
     #   rule whose action you want to change.
     #
-    #   <note markdown="1"> Take care to verify the rule names in your overrides. If you provide
-    #   a rule name that doesn't match the name of any rule in the rule
-    #   group, WAF doesn't return an error and doesn't apply the override
-    #   setting.
+    #   <note markdown="1"> Verify the rule names in your overrides carefully. With managed rule
+    #   groups, WAF silently ignores any override that uses an invalid rule
+    #   name. With customer-owned rule groups, invalid rule names in your
+    #   overrides will cause web ACL updates to fail. An invalid rule name
+    #   is any name that doesn't exactly match the case-sensitive name of
+    #   an existing rule in the rule group.
     #
     #    </note>
     #
@@ -9587,6 +9916,15 @@ module Aws::WAFV2
     #   [1]: http://aws.amazon.com/waf/pricing/
     #   @return [Types::AssociationConfig]
     #
+    # @!attribute [rw] on_source_d_do_s_protection_config
+    #   Specifies the type of DDoS protection to apply to web request data
+    #   for a web ACL. For most scenarios, it is recommended to use the
+    #   default protection level, `ACTIVE_UNDER_DDOS`. If a web ACL is
+    #   associated with multiple Application Load Balancers, the changes you
+    #   make to DDoS protection in that web ACL will apply to all associated
+    #   Application Load Balancers.
+    #   @return [Types::OnSourceDDoSProtectionConfig]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateWebACLRequest AWS API Documentation
     #
     class UpdateWebACLRequest < Struct.new(
@@ -9603,7 +9941,8 @@ module Aws::WAFV2
       :captcha_config,
       :challenge_config,
       :token_domains,
-      :association_config)
+      :association_config,
+      :on_source_d_do_s_protection_config)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -10381,6 +10720,15 @@ module Aws::WAFV2
     #   `PostProcessFirewallManagerRuleGroups`.
     #   @return [Boolean]
     #
+    # @!attribute [rw] on_source_d_do_s_protection_config
+    #   Configures the level of DDoS protection that applies to web ACLs
+    #   associated with Application Load Balancers.
+    #   @return [Types::OnSourceDDoSProtectionConfig]
+    #
+    # @!attribute [rw] application_config
+    #   Returns a list of `ApplicationAttribute`s.
+    #   @return [Types::ApplicationConfig]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WebACL AWS API Documentation
     #
     class WebACL < Struct.new(
@@ -10402,7 +10750,9 @@ module Aws::WAFV2
       :challenge_config,
       :token_domains,
       :association_config,
-      :retrofitted_by_firewall_manager)
+      :retrofitted_by_firewall_manager,
+      :on_source_d_do_s_protection_config,
+      :application_config)
       SENSITIVE = []
       include Aws::Structure
     end

data/lib/aws-sdk-wafv2.rb

@@ -54,7 +54,7 @@ module Aws::WAFV2
   autoload :EndpointProvider, 'aws-sdk-wafv2/endpoint_provider'
   autoload :Endpoints, 'aws-sdk-wafv2/endpoints'
 
-  GEM_VERSION = '1.110.0'
+  GEM_VERSION = '1.112.0'
 
 end
 

data/sig/client.rbs

@@ -723,6 +723,20 @@ module Aws
                                             }?
                                           }?,
                                           enable_regex_in_path: bool?
+                                        }?,
+                                        aws_managed_rules_anti_d_do_s_rule_set: {
+                                          client_side_action_config: {
+                                            challenge: {
+                                              usage_of_action: ("ENABLED" | "DISABLED"),
+                                              sensitivity: ("LOW" | "MEDIUM" | "HIGH")?,
+                                              exempt_uri_regular_expressions: Array[
+                                                {
+                                                  regex_string: ::String?
+                                                },
+                                              ]?
+                                            }
+                                          },
+                                          sensitivity_to_block: ("LOW" | "MEDIUM" | "HIGH")?
                                         }?
                                       },
                                     ]?,
@@ -1653,6 +1667,20 @@ module Aws
                                                }?
                                              }?,
                                              enable_regex_in_path: bool?
+                                           }?,
+                                           aws_managed_rules_anti_d_do_s_rule_set: {
+                                             client_side_action_config: {
+                                               challenge: {
+                                                 usage_of_action: ("ENABLED" | "DISABLED"),
+                                                 sensitivity: ("LOW" | "MEDIUM" | "HIGH")?,
+                                                 exempt_uri_regular_expressions: Array[
+                                                   {
+                                                     regex_string: ::String?
+                                                   },
+                                                 ]?
+                                               }
+                                             },
+                                             sensitivity_to_block: ("LOW" | "MEDIUM" | "HIGH")?
                                            }?
                                          },
                                        ]?,
@@ -2567,6 +2595,20 @@ module Aws
                                             }?
                                           }?,
                                           enable_regex_in_path: bool?
+                                        }?,
+                                        aws_managed_rules_anti_d_do_s_rule_set: {
+                                          client_side_action_config: {
+                                            challenge: {
+                                              usage_of_action: ("ENABLED" | "DISABLED"),
+                                              sensitivity: ("LOW" | "MEDIUM" | "HIGH")?,
+                                              exempt_uri_regular_expressions: Array[
+                                                {
+                                                  regex_string: ::String?
+                                                },
+                                              ]?
+                                            }
+                                          },
+                                          sensitivity_to_block: ("LOW" | "MEDIUM" | "HIGH")?
                                         }?
                                       },
                                     ]?,
@@ -2845,6 +2887,17 @@ module Aws
                               request_body: Hash[("CLOUDFRONT" | "API_GATEWAY" | "COGNITO_USER_POOL" | "APP_RUNNER_SERVICE" | "VERIFIED_ACCESS_INSTANCE"), {
                                   default_size_inspection_limit: ("KB_16" | "KB_32" | "KB_48" | "KB_64")
                                 }]?
+                            },
+                            ?on_source_d_do_s_protection_config: {
+                              alb_low_reputation_mode: ("ACTIVE_UNDER_DDOS" | "ALWAYS_ON")
+                            },
+                            ?application_config: {
+                              attributes: Array[
+                                {
+                                  name: ::String?,
+                                  values: Array[::String]?
+                                },
+                              ]?
                             }
                           ) -> _CreateWebACLResponseSuccess
                         | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _CreateWebACLResponseSuccess
@@ -4154,6 +4207,20 @@ module Aws
                                                }?
                                              }?,
                                              enable_regex_in_path: bool?
+                                           }?,
+                                           aws_managed_rules_anti_d_do_s_rule_set: {
+                                             client_side_action_config: {
+                                               challenge: {
+                                                 usage_of_action: ("ENABLED" | "DISABLED"),
+                                                 sensitivity: ("LOW" | "MEDIUM" | "HIGH")?,
+                                                 exempt_uri_regular_expressions: Array[
+                                                   {
+                                                     regex_string: ::String?
+                                                   },
+                                                 ]?
+                                               }
+                                             },
+                                             sensitivity_to_block: ("LOW" | "MEDIUM" | "HIGH")?
                                            }?
                                          },
                                        ]?,
@@ -5064,6 +5131,20 @@ module Aws
                                             }?
                                           }?,
                                           enable_regex_in_path: bool?
+                                        }?,
+                                        aws_managed_rules_anti_d_do_s_rule_set: {
+                                          client_side_action_config: {
+                                            challenge: {
+                                              usage_of_action: ("ENABLED" | "DISABLED"),
+                                              sensitivity: ("LOW" | "MEDIUM" | "HIGH")?,
+                                              exempt_uri_regular_expressions: Array[
+                                                {
+                                                  regex_string: ::String?
+                                                },
+                                              ]?
+                                            }
+                                          },
+                                          sensitivity_to_block: ("LOW" | "MEDIUM" | "HIGH")?
                                         }?
                                       },
                                     ]?,
@@ -5337,6 +5418,9 @@ module Aws
                               request_body: Hash[("CLOUDFRONT" | "API_GATEWAY" | "COGNITO_USER_POOL" | "APP_RUNNER_SERVICE" | "VERIFIED_ACCESS_INSTANCE"), {
                                   default_size_inspection_limit: ("KB_16" | "KB_32" | "KB_48" | "KB_64")
                                 }]?
+                            },
+                            ?on_source_d_do_s_protection_config: {
+                              alb_low_reputation_mode: ("ACTIVE_UNDER_DDOS" | "ALWAYS_ON")
                             }
                           ) -> _UpdateWebACLResponseSuccess
                         | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _UpdateWebACLResponseSuccess

data/sig/types.rbs

@@ -33,6 +33,12 @@ module Aws::WAFV2
       SENSITIVE: []
     end
 
+    class AWSManagedRulesAntiDDoSRuleSet
+      attr_accessor client_side_action_config: Types::ClientSideActionConfig
+      attr_accessor sensitivity_to_block: ("LOW" | "MEDIUM" | "HIGH")
+      SENSITIVE: []
+    end
+
     class AWSManagedRulesBotControlRuleSet
       attr_accessor inspection_level: ("COMMON" | "TARGETED")
       attr_accessor enable_machine_learning: bool
@@ -65,6 +71,17 @@ module Aws::WAFV2
       SENSITIVE: []
     end
 
+    class ApplicationAttribute
+      attr_accessor name: ::String
+      attr_accessor values: ::Array[::String]
+      SENSITIVE: []
+    end
+
+    class ApplicationConfig
+      attr_accessor attributes: ::Array[Types::ApplicationAttribute]
+      SENSITIVE: []
+    end
+
     class AsnMatchStatement
       attr_accessor asn_list: ::Array[::Integer]
       attr_accessor forwarded_ip_config: Types::ForwardedIPConfig
@@ -148,6 +165,18 @@ module Aws::WAFV2
       SENSITIVE: []
     end
 
+    class ClientSideAction
+      attr_accessor usage_of_action: ("ENABLED" | "DISABLED")
+      attr_accessor sensitivity: ("LOW" | "MEDIUM" | "HIGH")
+      attr_accessor exempt_uri_regular_expressions: ::Array[Types::Regex]
+      SENSITIVE: []
+    end
+
+    class ClientSideActionConfig
+      attr_accessor challenge: Types::ClientSideAction
+      SENSITIVE: []
+    end
+
     class Condition
       attr_accessor action_condition: Types::ActionCondition
       attr_accessor label_name_condition: Types::LabelNameCondition
@@ -244,6 +273,8 @@ module Aws::WAFV2
       attr_accessor challenge_config: Types::ChallengeConfig
       attr_accessor token_domains: ::Array[::String]
       attr_accessor association_config: Types::AssociationConfig
+      attr_accessor on_source_d_do_s_protection_config: Types::OnSourceDDoSProtectionConfig
+      attr_accessor application_config: Types::ApplicationConfig
       SENSITIVE: []
     end
 
@@ -972,6 +1003,7 @@ module Aws::WAFV2
       attr_accessor aws_managed_rules_bot_control_rule_set: Types::AWSManagedRulesBotControlRuleSet
       attr_accessor aws_managed_rules_atp_rule_set: Types::AWSManagedRulesATPRuleSet
       attr_accessor aws_managed_rules_acfp_rule_set: Types::AWSManagedRulesACFPRuleSet
+      attr_accessor aws_managed_rules_anti_d_do_s_rule_set: Types::AWSManagedRulesAntiDDoSRuleSet
       SENSITIVE: []
     end
 
@@ -1050,6 +1082,11 @@ module Aws::WAFV2
       SENSITIVE: []
     end
 
+    class OnSourceDDoSProtectionConfig
+      attr_accessor alb_low_reputation_mode: ("ACTIVE_UNDER_DDOS" | "ALWAYS_ON")
+      SENSITIVE: []
+    end
+
     class OrStatement
       attr_accessor statements: ::Array[Types::Statement]
       SENSITIVE: []
@@ -1540,6 +1577,7 @@ module Aws::WAFV2
       attr_accessor challenge_config: Types::ChallengeConfig
       attr_accessor token_domains: ::Array[::String]
       attr_accessor association_config: Types::AssociationConfig
+      attr_accessor on_source_d_do_s_protection_config: Types::OnSourceDDoSProtectionConfig
       SENSITIVE: []
     end
 
@@ -1606,7 +1644,7 @@ module Aws::WAFV2
 
     class WAFInvalidParameterException
       attr_accessor message: ::String
-      attr_accessor field: ("WEB_ACL" | "RULE_GROUP" | "REGEX_PATTERN_SET" | "IP_SET" | "MANAGED_RULE_SET" | "RULE" | "EXCLUDED_RULE" | "STATEMENT" | "BYTE_MATCH_STATEMENT" | "SQLI_MATCH_STATEMENT" | "XSS_MATCH_STATEMENT" | "SIZE_CONSTRAINT_STATEMENT" | "GEO_MATCH_STATEMENT" | "RATE_BASED_STATEMENT" | "RULE_GROUP_REFERENCE_STATEMENT" | "REGEX_PATTERN_REFERENCE_STATEMENT" | "IP_SET_REFERENCE_STATEMENT" | "MANAGED_RULE_SET_STATEMENT" | "LABEL_MATCH_STATEMENT" | "AND_STATEMENT" | "OR_STATEMENT" | "NOT_STATEMENT" | "IP_ADDRESS" | "IP_ADDRESS_VERSION" | "FIELD_TO_MATCH" | "TEXT_TRANSFORMATION" | "SINGLE_QUERY_ARGUMENT" | "SINGLE_HEADER" | "DEFAULT_ACTION" | "RULE_ACTION" | "ENTITY_LIMIT" | "OVERRIDE_ACTION" | "SCOPE_VALUE" | "RESOURCE_ARN" | "RESOURCE_TYPE" | "TAGS" | "TAG_KEYS" | "METRIC_NAME" | "FIREWALL_MANAGER_STATEMENT" | "FALLBACK_BEHAVIOR" | "POSITION" | "FORWARDED_IP_CONFIG" | "IP_SET_FORWARDED_IP_CONFIG" | "HEADER_NAME" | "CUSTOM_REQUEST_HANDLING" | "RESPONSE_CONTENT_TYPE" | "CUSTOM_RESPONSE" | "CUSTOM_RESPONSE_BODY" | "JSON_MATCH_PATTERN" | "JSON_MATCH_SCOPE" | "BODY_PARSING_FALLBACK_BEHAVIOR" | "LOGGING_FILTER" | "FILTER_CONDITION" | "EXPIRE_TIMESTAMP" | "CHANGE_PROPAGATION_STATUS" | "ASSOCIABLE_RESOURCE" | "LOG_DESTINATION" | "MANAGED_RULE_GROUP_CONFIG" | "PAYLOAD_TYPE" | "HEADER_MATCH_PATTERN" | "COOKIE_MATCH_PATTERN" | "MAP_MATCH_SCOPE" | "OVERSIZE_HANDLING" | "CHALLENGE_CONFIG" | "TOKEN_DOMAIN" | "ATP_RULE_SET_RESPONSE_INSPECTION" | "ASSOCIATED_RESOURCE_TYPE" | "SCOPE_DOWN" | "CUSTOM_KEYS" | "ACP_RULE_SET_RESPONSE_INSPECTION" | "DATA_PROTECTION_CONFIG")
+      attr_accessor field: ("WEB_ACL" | "RULE_GROUP" | "REGEX_PATTERN_SET" | "IP_SET" | "MANAGED_RULE_SET" | "RULE" | "EXCLUDED_RULE" | "STATEMENT" | "BYTE_MATCH_STATEMENT" | "SQLI_MATCH_STATEMENT" | "XSS_MATCH_STATEMENT" | "SIZE_CONSTRAINT_STATEMENT" | "GEO_MATCH_STATEMENT" | "RATE_BASED_STATEMENT" | "RULE_GROUP_REFERENCE_STATEMENT" | "REGEX_PATTERN_REFERENCE_STATEMENT" | "IP_SET_REFERENCE_STATEMENT" | "MANAGED_RULE_SET_STATEMENT" | "LABEL_MATCH_STATEMENT" | "AND_STATEMENT" | "OR_STATEMENT" | "NOT_STATEMENT" | "IP_ADDRESS" | "IP_ADDRESS_VERSION" | "FIELD_TO_MATCH" | "TEXT_TRANSFORMATION" | "SINGLE_QUERY_ARGUMENT" | "SINGLE_HEADER" | "DEFAULT_ACTION" | "RULE_ACTION" | "ENTITY_LIMIT" | "OVERRIDE_ACTION" | "SCOPE_VALUE" | "RESOURCE_ARN" | "RESOURCE_TYPE" | "TAGS" | "TAG_KEYS" | "METRIC_NAME" | "FIREWALL_MANAGER_STATEMENT" | "FALLBACK_BEHAVIOR" | "POSITION" | "FORWARDED_IP_CONFIG" | "IP_SET_FORWARDED_IP_CONFIG" | "HEADER_NAME" | "CUSTOM_REQUEST_HANDLING" | "RESPONSE_CONTENT_TYPE" | "CUSTOM_RESPONSE" | "CUSTOM_RESPONSE_BODY" | "JSON_MATCH_PATTERN" | "JSON_MATCH_SCOPE" | "BODY_PARSING_FALLBACK_BEHAVIOR" | "LOGGING_FILTER" | "FILTER_CONDITION" | "EXPIRE_TIMESTAMP" | "CHANGE_PROPAGATION_STATUS" | "ASSOCIABLE_RESOURCE" | "LOG_DESTINATION" | "MANAGED_RULE_GROUP_CONFIG" | "PAYLOAD_TYPE" | "HEADER_MATCH_PATTERN" | "COOKIE_MATCH_PATTERN" | "MAP_MATCH_SCOPE" | "OVERSIZE_HANDLING" | "CHALLENGE_CONFIG" | "TOKEN_DOMAIN" | "ATP_RULE_SET_RESPONSE_INSPECTION" | "ASSOCIATED_RESOURCE_TYPE" | "SCOPE_DOWN" | "CUSTOM_KEYS" | "ACP_RULE_SET_RESPONSE_INSPECTION" | "DATA_PROTECTION_CONFIG" | "LOW_REPUTATION_MODE")
       attr_accessor parameter: ::String
       attr_accessor reason: ::String
       SENSITIVE: []
@@ -1693,6 +1731,8 @@ module Aws::WAFV2
       attr_accessor token_domains: ::Array[::String]
       attr_accessor association_config: Types::AssociationConfig
       attr_accessor retrofitted_by_firewall_manager: bool
+      attr_accessor on_source_d_do_s_protection_config: Types::OnSourceDDoSProtectionConfig
+      attr_accessor application_config: Types::ApplicationConfig
       SENSITIVE: []
     end
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-wafv2
 version: !ruby/object:Gem::Version
-  version: 1.110.0
+  version: 1.112.0
 platform: ruby
 authors:
 - Amazon Web Services