aws-sdk-wafv2 1.22.0 → 1.26.0

data/lib/aws-sdk-wafv2/client_api.rb

@@ -98,6 +98,8 @@ module Aws::WAFV2
     GetIPSetResponse = Shapes::StructureShape.new(name: 'GetIPSetResponse')
     GetLoggingConfigurationRequest = Shapes::StructureShape.new(name: 'GetLoggingConfigurationRequest')
     GetLoggingConfigurationResponse = Shapes::StructureShape.new(name: 'GetLoggingConfigurationResponse')
+    GetManagedRuleSetRequest = Shapes::StructureShape.new(name: 'GetManagedRuleSetRequest')
+    GetManagedRuleSetResponse = Shapes::StructureShape.new(name: 'GetManagedRuleSetResponse')
     GetPermissionPolicyRequest = Shapes::StructureShape.new(name: 'GetPermissionPolicyRequest')
     GetPermissionPolicyResponse = Shapes::StructureShape.new(name: 'GetPermissionPolicyResponse')
     GetRateBasedStatementManagedKeysRequest = Shapes::StructureShape.new(name: 'GetRateBasedStatementManagedKeysRequest')
@@ -142,12 +144,16 @@ module Aws::WAFV2
     LabelSummaries = Shapes::ListShape.new(name: 'LabelSummaries')
     LabelSummary = Shapes::StructureShape.new(name: 'LabelSummary')
     Labels = Shapes::ListShape.new(name: 'Labels')
+    ListAvailableManagedRuleGroupVersionsRequest = Shapes::StructureShape.new(name: 'ListAvailableManagedRuleGroupVersionsRequest')
+    ListAvailableManagedRuleGroupVersionsResponse = Shapes::StructureShape.new(name: 'ListAvailableManagedRuleGroupVersionsResponse')
     ListAvailableManagedRuleGroupsRequest = Shapes::StructureShape.new(name: 'ListAvailableManagedRuleGroupsRequest')
     ListAvailableManagedRuleGroupsResponse = Shapes::StructureShape.new(name: 'ListAvailableManagedRuleGroupsResponse')
     ListIPSetsRequest = Shapes::StructureShape.new(name: 'ListIPSetsRequest')
     ListIPSetsResponse = Shapes::StructureShape.new(name: 'ListIPSetsResponse')
     ListLoggingConfigurationsRequest = Shapes::StructureShape.new(name: 'ListLoggingConfigurationsRequest')
     ListLoggingConfigurationsResponse = Shapes::StructureShape.new(name: 'ListLoggingConfigurationsResponse')
+    ListManagedRuleSetsRequest = Shapes::StructureShape.new(name: 'ListManagedRuleSetsRequest')
+    ListManagedRuleSetsResponse = Shapes::StructureShape.new(name: 'ListManagedRuleSetsResponse')
     ListMaxItems = Shapes::IntegerShape.new(name: 'ListMaxItems')
     ListRegexPatternSetsRequest = Shapes::StructureShape.new(name: 'ListRegexPatternSetsRequest')
     ListRegexPatternSetsResponse = Shapes::StructureShape.new(name: 'ListRegexPatternSetsResponse')
@@ -167,6 +173,12 @@ module Aws::WAFV2
     ManagedRuleGroupStatement = Shapes::StructureShape.new(name: 'ManagedRuleGroupStatement')
     ManagedRuleGroupSummaries = Shapes::ListShape.new(name: 'ManagedRuleGroupSummaries')
     ManagedRuleGroupSummary = Shapes::StructureShape.new(name: 'ManagedRuleGroupSummary')
+    ManagedRuleGroupVersion = Shapes::StructureShape.new(name: 'ManagedRuleGroupVersion')
+    ManagedRuleGroupVersions = Shapes::ListShape.new(name: 'ManagedRuleGroupVersions')
+    ManagedRuleSet = Shapes::StructureShape.new(name: 'ManagedRuleSet')
+    ManagedRuleSetSummaries = Shapes::ListShape.new(name: 'ManagedRuleSetSummaries')
+    ManagedRuleSetSummary = Shapes::StructureShape.new(name: 'ManagedRuleSetSummary')
+    ManagedRuleSetVersion = Shapes::StructureShape.new(name: 'ManagedRuleSetVersion')
     Method = Shapes::StructureShape.new(name: 'Method')
     MetricName = Shapes::StringShape.new(name: 'MetricName')
     NextMarker = Shapes::StringShape.new(name: 'NextMarker')
@@ -180,8 +192,11 @@ module Aws::WAFV2
     PolicyString = Shapes::StringShape.new(name: 'PolicyString')
     PopulationSize = Shapes::IntegerShape.new(name: 'PopulationSize')
     PositionalConstraint = Shapes::StringShape.new(name: 'PositionalConstraint')
+    PublishedVersions = Shapes::MapShape.new(name: 'PublishedVersions')
     PutLoggingConfigurationRequest = Shapes::StructureShape.new(name: 'PutLoggingConfigurationRequest')
     PutLoggingConfigurationResponse = Shapes::StructureShape.new(name: 'PutLoggingConfigurationResponse')
+    PutManagedRuleSetVersionsRequest = Shapes::StructureShape.new(name: 'PutManagedRuleSetVersionsRequest')
+    PutManagedRuleSetVersionsResponse = Shapes::StructureShape.new(name: 'PutManagedRuleSetVersionsResponse')
     PutPermissionPolicyRequest = Shapes::StructureShape.new(name: 'PutPermissionPolicyRequest')
     PutPermissionPolicyResponse = Shapes::StructureShape.new(name: 'PutPermissionPolicyResponse')
     QueryString = Shapes::StructureShape.new(name: 'QueryString')
@@ -238,12 +253,15 @@ module Aws::WAFV2
     TextTransformationType = Shapes::StringShape.new(name: 'TextTransformationType')
     TextTransformations = Shapes::ListShape.new(name: 'TextTransformations')
     TimeWindow = Shapes::StructureShape.new(name: 'TimeWindow')
+    TimeWindowDay = Shapes::IntegerShape.new(name: 'TimeWindowDay')
     Timestamp = Shapes::TimestampShape.new(name: 'Timestamp')
     URIString = Shapes::StringShape.new(name: 'URIString')
     UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
     UntagResourceResponse = Shapes::StructureShape.new(name: 'UntagResourceResponse')
     UpdateIPSetRequest = Shapes::StructureShape.new(name: 'UpdateIPSetRequest')
     UpdateIPSetResponse = Shapes::StructureShape.new(name: 'UpdateIPSetResponse')
+    UpdateManagedRuleSetVersionExpiryDateRequest = Shapes::StructureShape.new(name: 'UpdateManagedRuleSetVersionExpiryDateRequest')
+    UpdateManagedRuleSetVersionExpiryDateResponse = Shapes::StructureShape.new(name: 'UpdateManagedRuleSetVersionExpiryDateResponse')
     UpdateRegexPatternSetRequest = Shapes::StructureShape.new(name: 'UpdateRegexPatternSetRequest')
     UpdateRegexPatternSetResponse = Shapes::StructureShape.new(name: 'UpdateRegexPatternSetResponse')
     UpdateRuleGroupRequest = Shapes::StructureShape.new(name: 'UpdateRuleGroupRequest')
@@ -252,9 +270,13 @@ module Aws::WAFV2
     UpdateWebACLResponse = Shapes::StructureShape.new(name: 'UpdateWebACLResponse')
     UriPath = Shapes::StructureShape.new(name: 'UriPath')
     VendorName = Shapes::StringShape.new(name: 'VendorName')
+    VersionKeyString = Shapes::StringShape.new(name: 'VersionKeyString')
+    VersionToPublish = Shapes::StructureShape.new(name: 'VersionToPublish')
+    VersionsToPublish = Shapes::MapShape.new(name: 'VersionsToPublish')
     VisibilityConfig = Shapes::StructureShape.new(name: 'VisibilityConfig')
     WAFAssociatedItemException = Shapes::StructureShape.new(name: 'WAFAssociatedItemException')
     WAFDuplicateItemException = Shapes::StructureShape.new(name: 'WAFDuplicateItemException')
+    WAFExpiredManagedRuleGroupVersionException = Shapes::StructureShape.new(name: 'WAFExpiredManagedRuleGroupVersionException')
     WAFInternalErrorException = Shapes::StructureShape.new(name: 'WAFInternalErrorException')
     WAFInvalidOperationException = Shapes::StructureShape.new(name: 'WAFInvalidOperationException')
     WAFInvalidParameterException = Shapes::StructureShape.new(name: 'WAFInvalidParameterException')
@@ -445,8 +467,11 @@ module Aws::WAFV2
     DescribeManagedRuleGroupRequest.add_member(:vendor_name, Shapes::ShapeRef.new(shape: VendorName, required: true, location_name: "VendorName"))
     DescribeManagedRuleGroupRequest.add_member(:name, Shapes::ShapeRef.new(shape: EntityName, required: true, location_name: "Name"))
     DescribeManagedRuleGroupRequest.add_member(:scope, Shapes::ShapeRef.new(shape: Scope, required: true, location_name: "Scope"))
+    DescribeManagedRuleGroupRequest.add_member(:version_name, Shapes::ShapeRef.new(shape: VersionKeyString, location_name: "VersionName"))
     DescribeManagedRuleGroupRequest.struct_class = Types::DescribeManagedRuleGroupRequest
 
+    DescribeManagedRuleGroupResponse.add_member(:version_name, Shapes::ShapeRef.new(shape: VersionKeyString, location_name: "VersionName"))
+    DescribeManagedRuleGroupResponse.add_member(:sns_topic_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "SnsTopicArn"))
     DescribeManagedRuleGroupResponse.add_member(:capacity, Shapes::ShapeRef.new(shape: CapacityUnit, location_name: "Capacity"))
     DescribeManagedRuleGroupResponse.add_member(:rules, Shapes::ShapeRef.new(shape: RuleSummaries, location_name: "Rules"))
     DescribeManagedRuleGroupResponse.add_member(:label_namespace, Shapes::ShapeRef.new(shape: LabelName, location_name: "LabelNamespace"))
@@ -517,6 +542,15 @@ module Aws::WAFV2
     GetLoggingConfigurationResponse.add_member(:logging_configuration, Shapes::ShapeRef.new(shape: LoggingConfiguration, location_name: "LoggingConfiguration"))
     GetLoggingConfigurationResponse.struct_class = Types::GetLoggingConfigurationResponse
 
+    GetManagedRuleSetRequest.add_member(:name, Shapes::ShapeRef.new(shape: EntityName, required: true, location_name: "Name"))
+    GetManagedRuleSetRequest.add_member(:scope, Shapes::ShapeRef.new(shape: Scope, required: true, location_name: "Scope"))
+    GetManagedRuleSetRequest.add_member(:id, Shapes::ShapeRef.new(shape: EntityId, required: true, location_name: "Id"))
+    GetManagedRuleSetRequest.struct_class = Types::GetManagedRuleSetRequest
+
+    GetManagedRuleSetResponse.add_member(:managed_rule_set, Shapes::ShapeRef.new(shape: ManagedRuleSet, location_name: "ManagedRuleSet"))
+    GetManagedRuleSetResponse.add_member(:lock_token, Shapes::ShapeRef.new(shape: LockToken, location_name: "LockToken"))
+    GetManagedRuleSetResponse.struct_class = Types::GetManagedRuleSetResponse
+
     GetPermissionPolicyRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "ResourceArn"))
     GetPermissionPolicyRequest.struct_class = Types::GetPermissionPolicyRequest
 
@@ -526,6 +560,7 @@ module Aws::WAFV2
     GetRateBasedStatementManagedKeysRequest.add_member(:scope, Shapes::ShapeRef.new(shape: Scope, required: true, location_name: "Scope"))
     GetRateBasedStatementManagedKeysRequest.add_member(:web_acl_name, Shapes::ShapeRef.new(shape: EntityName, required: true, location_name: "WebACLName"))
     GetRateBasedStatementManagedKeysRequest.add_member(:web_acl_id, Shapes::ShapeRef.new(shape: EntityId, required: true, location_name: "WebACLId"))
+    GetRateBasedStatementManagedKeysRequest.add_member(:rule_group_rule_name, Shapes::ShapeRef.new(shape: EntityName, location_name: "RuleGroupRuleName"))
     GetRateBasedStatementManagedKeysRequest.add_member(:rule_name, Shapes::ShapeRef.new(shape: EntityName, required: true, location_name: "RuleName"))
     GetRateBasedStatementManagedKeysRequest.struct_class = Types::GetRateBasedStatementManagedKeysRequest
 
@@ -649,6 +684,17 @@ module Aws::WAFV2
 
     Labels.member = Shapes::ShapeRef.new(shape: Label)
 
+    ListAvailableManagedRuleGroupVersionsRequest.add_member(:vendor_name, Shapes::ShapeRef.new(shape: VendorName, required: true, location_name: "VendorName"))
+    ListAvailableManagedRuleGroupVersionsRequest.add_member(:name, Shapes::ShapeRef.new(shape: EntityName, required: true, location_name: "Name"))
+    ListAvailableManagedRuleGroupVersionsRequest.add_member(:scope, Shapes::ShapeRef.new(shape: Scope, required: true, location_name: "Scope"))
+    ListAvailableManagedRuleGroupVersionsRequest.add_member(:next_marker, Shapes::ShapeRef.new(shape: NextMarker, location_name: "NextMarker"))
+    ListAvailableManagedRuleGroupVersionsRequest.add_member(:limit, Shapes::ShapeRef.new(shape: PaginationLimit, location_name: "Limit"))
+    ListAvailableManagedRuleGroupVersionsRequest.struct_class = Types::ListAvailableManagedRuleGroupVersionsRequest
+
+    ListAvailableManagedRuleGroupVersionsResponse.add_member(:next_marker, Shapes::ShapeRef.new(shape: NextMarker, location_name: "NextMarker"))
+    ListAvailableManagedRuleGroupVersionsResponse.add_member(:versions, Shapes::ShapeRef.new(shape: ManagedRuleGroupVersions, location_name: "Versions"))
+    ListAvailableManagedRuleGroupVersionsResponse.struct_class = Types::ListAvailableManagedRuleGroupVersionsResponse
+
     ListAvailableManagedRuleGroupsRequest.add_member(:scope, Shapes::ShapeRef.new(shape: Scope, required: true, location_name: "Scope"))
     ListAvailableManagedRuleGroupsRequest.add_member(:next_marker, Shapes::ShapeRef.new(shape: NextMarker, location_name: "NextMarker"))
     ListAvailableManagedRuleGroupsRequest.add_member(:limit, Shapes::ShapeRef.new(shape: PaginationLimit, location_name: "Limit"))
@@ -676,6 +722,15 @@ module Aws::WAFV2
     ListLoggingConfigurationsResponse.add_member(:next_marker, Shapes::ShapeRef.new(shape: NextMarker, location_name: "NextMarker"))
     ListLoggingConfigurationsResponse.struct_class = Types::ListLoggingConfigurationsResponse
 
+    ListManagedRuleSetsRequest.add_member(:scope, Shapes::ShapeRef.new(shape: Scope, required: true, location_name: "Scope"))
+    ListManagedRuleSetsRequest.add_member(:next_marker, Shapes::ShapeRef.new(shape: NextMarker, location_name: "NextMarker"))
+    ListManagedRuleSetsRequest.add_member(:limit, Shapes::ShapeRef.new(shape: PaginationLimit, location_name: "Limit"))
+    ListManagedRuleSetsRequest.struct_class = Types::ListManagedRuleSetsRequest
+
+    ListManagedRuleSetsResponse.add_member(:next_marker, Shapes::ShapeRef.new(shape: NextMarker, location_name: "NextMarker"))
+    ListManagedRuleSetsResponse.add_member(:managed_rule_sets, Shapes::ShapeRef.new(shape: ManagedRuleSetSummaries, location_name: "ManagedRuleSets"))
+    ListManagedRuleSetsResponse.struct_class = Types::ListManagedRuleSetsResponse
+
     ListRegexPatternSetsRequest.add_member(:scope, Shapes::ShapeRef.new(shape: Scope, required: true, location_name: "Scope"))
     ListRegexPatternSetsRequest.add_member(:next_marker, Shapes::ShapeRef.new(shape: NextMarker, location_name: "NextMarker"))
     ListRegexPatternSetsRequest.add_member(:limit, Shapes::ShapeRef.new(shape: PaginationLimit, location_name: "Limit"))
@@ -736,6 +791,7 @@ module Aws::WAFV2
 
     ManagedRuleGroupStatement.add_member(:vendor_name, Shapes::ShapeRef.new(shape: VendorName, required: true, location_name: "VendorName"))
     ManagedRuleGroupStatement.add_member(:name, Shapes::ShapeRef.new(shape: EntityName, required: true, location_name: "Name"))
+    ManagedRuleGroupStatement.add_member(:version, Shapes::ShapeRef.new(shape: VersionKeyString, location_name: "Version"))
     ManagedRuleGroupStatement.add_member(:excluded_rules, Shapes::ShapeRef.new(shape: ExcludedRules, location_name: "ExcludedRules"))
     ManagedRuleGroupStatement.add_member(:scope_down_statement, Shapes::ShapeRef.new(shape: Statement, location_name: "ScopeDownStatement"))
     ManagedRuleGroupStatement.struct_class = Types::ManagedRuleGroupStatement
@@ -747,6 +803,39 @@ module Aws::WAFV2
     ManagedRuleGroupSummary.add_member(:description, Shapes::ShapeRef.new(shape: EntityDescription, location_name: "Description"))
     ManagedRuleGroupSummary.struct_class = Types::ManagedRuleGroupSummary
 
+    ManagedRuleGroupVersion.add_member(:name, Shapes::ShapeRef.new(shape: VersionKeyString, location_name: "Name"))
+    ManagedRuleGroupVersion.add_member(:last_update_timestamp, Shapes::ShapeRef.new(shape: Timestamp, location_name: "LastUpdateTimestamp"))
+    ManagedRuleGroupVersion.struct_class = Types::ManagedRuleGroupVersion
+
+    ManagedRuleGroupVersions.member = Shapes::ShapeRef.new(shape: ManagedRuleGroupVersion)
+
+    ManagedRuleSet.add_member(:name, Shapes::ShapeRef.new(shape: EntityName, required: true, location_name: "Name"))
+    ManagedRuleSet.add_member(:id, Shapes::ShapeRef.new(shape: EntityId, required: true, location_name: "Id"))
+    ManagedRuleSet.add_member(:arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "ARN"))
+    ManagedRuleSet.add_member(:description, Shapes::ShapeRef.new(shape: EntityDescription, location_name: "Description"))
+    ManagedRuleSet.add_member(:published_versions, Shapes::ShapeRef.new(shape: PublishedVersions, location_name: "PublishedVersions"))
+    ManagedRuleSet.add_member(:recommended_version, Shapes::ShapeRef.new(shape: VersionKeyString, location_name: "RecommendedVersion"))
+    ManagedRuleSet.add_member(:label_namespace, Shapes::ShapeRef.new(shape: LabelName, location_name: "LabelNamespace"))
+    ManagedRuleSet.struct_class = Types::ManagedRuleSet
+
+    ManagedRuleSetSummaries.member = Shapes::ShapeRef.new(shape: ManagedRuleSetSummary)
+
+    ManagedRuleSetSummary.add_member(:name, Shapes::ShapeRef.new(shape: EntityName, location_name: "Name"))
+    ManagedRuleSetSummary.add_member(:id, Shapes::ShapeRef.new(shape: EntityId, location_name: "Id"))
+    ManagedRuleSetSummary.add_member(:description, Shapes::ShapeRef.new(shape: EntityDescription, location_name: "Description"))
+    ManagedRuleSetSummary.add_member(:lock_token, Shapes::ShapeRef.new(shape: LockToken, location_name: "LockToken"))
+    ManagedRuleSetSummary.add_member(:arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "ARN"))
+    ManagedRuleSetSummary.add_member(:label_namespace, Shapes::ShapeRef.new(shape: LabelName, location_name: "LabelNamespace"))
+    ManagedRuleSetSummary.struct_class = Types::ManagedRuleSetSummary
+
+    ManagedRuleSetVersion.add_member(:associated_rule_group_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "AssociatedRuleGroupArn"))
+    ManagedRuleSetVersion.add_member(:capacity, Shapes::ShapeRef.new(shape: CapacityUnit, location_name: "Capacity"))
+    ManagedRuleSetVersion.add_member(:forecasted_lifetime, Shapes::ShapeRef.new(shape: TimeWindowDay, location_name: "ForecastedLifetime"))
+    ManagedRuleSetVersion.add_member(:publish_timestamp, Shapes::ShapeRef.new(shape: Timestamp, location_name: "PublishTimestamp"))
+    ManagedRuleSetVersion.add_member(:last_update_timestamp, Shapes::ShapeRef.new(shape: Timestamp, location_name: "LastUpdateTimestamp"))
+    ManagedRuleSetVersion.add_member(:expiry_timestamp, Shapes::ShapeRef.new(shape: Timestamp, location_name: "ExpiryTimestamp"))
+    ManagedRuleSetVersion.struct_class = Types::ManagedRuleSetVersion
+
     Method.struct_class = Types::Method
 
     NoneAction.struct_class = Types::NoneAction
@@ -761,12 +850,26 @@ module Aws::WAFV2
     OverrideAction.add_member(:none, Shapes::ShapeRef.new(shape: NoneAction, location_name: "None"))
     OverrideAction.struct_class = Types::OverrideAction
 
+    PublishedVersions.key = Shapes::ShapeRef.new(shape: VersionKeyString)
+    PublishedVersions.value = Shapes::ShapeRef.new(shape: ManagedRuleSetVersion)
+
     PutLoggingConfigurationRequest.add_member(:logging_configuration, Shapes::ShapeRef.new(shape: LoggingConfiguration, required: true, location_name: "LoggingConfiguration"))
     PutLoggingConfigurationRequest.struct_class = Types::PutLoggingConfigurationRequest
 
     PutLoggingConfigurationResponse.add_member(:logging_configuration, Shapes::ShapeRef.new(shape: LoggingConfiguration, location_name: "LoggingConfiguration"))
     PutLoggingConfigurationResponse.struct_class = Types::PutLoggingConfigurationResponse
 
+    PutManagedRuleSetVersionsRequest.add_member(:name, Shapes::ShapeRef.new(shape: EntityName, required: true, location_name: "Name"))
+    PutManagedRuleSetVersionsRequest.add_member(:scope, Shapes::ShapeRef.new(shape: Scope, required: true, location_name: "Scope"))
+    PutManagedRuleSetVersionsRequest.add_member(:id, Shapes::ShapeRef.new(shape: EntityId, required: true, location_name: "Id"))
+    PutManagedRuleSetVersionsRequest.add_member(:lock_token, Shapes::ShapeRef.new(shape: LockToken, required: true, location_name: "LockToken"))
+    PutManagedRuleSetVersionsRequest.add_member(:recommended_version, Shapes::ShapeRef.new(shape: VersionKeyString, location_name: "RecommendedVersion"))
+    PutManagedRuleSetVersionsRequest.add_member(:versions_to_publish, Shapes::ShapeRef.new(shape: VersionsToPublish, location_name: "VersionsToPublish"))
+    PutManagedRuleSetVersionsRequest.struct_class = Types::PutManagedRuleSetVersionsRequest
+
+    PutManagedRuleSetVersionsResponse.add_member(:next_lock_token, Shapes::ShapeRef.new(shape: LockToken, location_name: "NextLockToken"))
+    PutManagedRuleSetVersionsResponse.struct_class = Types::PutManagedRuleSetVersionsResponse
+
     PutPermissionPolicyRequest.add_member(:resource_arn, Shapes::ShapeRef.new(shape: ResourceArn, required: true, location_name: "ResourceArn"))
     PutPermissionPolicyRequest.add_member(:policy, Shapes::ShapeRef.new(shape: PolicyString, required: true, location_name: "Policy"))
     PutPermissionPolicyRequest.struct_class = Types::PutPermissionPolicyRequest
@@ -954,6 +1057,19 @@ module Aws::WAFV2
     UpdateIPSetResponse.add_member(:next_lock_token, Shapes::ShapeRef.new(shape: LockToken, location_name: "NextLockToken"))
     UpdateIPSetResponse.struct_class = Types::UpdateIPSetResponse
 
+    UpdateManagedRuleSetVersionExpiryDateRequest.add_member(:name, Shapes::ShapeRef.new(shape: EntityName, required: true, location_name: "Name"))
+    UpdateManagedRuleSetVersionExpiryDateRequest.add_member(:scope, Shapes::ShapeRef.new(shape: Scope, required: true, location_name: "Scope"))
+    UpdateManagedRuleSetVersionExpiryDateRequest.add_member(:id, Shapes::ShapeRef.new(shape: EntityId, required: true, location_name: "Id"))
+    UpdateManagedRuleSetVersionExpiryDateRequest.add_member(:lock_token, Shapes::ShapeRef.new(shape: LockToken, required: true, location_name: "LockToken"))
+    UpdateManagedRuleSetVersionExpiryDateRequest.add_member(:version_to_expire, Shapes::ShapeRef.new(shape: VersionKeyString, required: true, location_name: "VersionToExpire"))
+    UpdateManagedRuleSetVersionExpiryDateRequest.add_member(:expiry_timestamp, Shapes::ShapeRef.new(shape: Timestamp, required: true, location_name: "ExpiryTimestamp"))
+    UpdateManagedRuleSetVersionExpiryDateRequest.struct_class = Types::UpdateManagedRuleSetVersionExpiryDateRequest
+
+    UpdateManagedRuleSetVersionExpiryDateResponse.add_member(:expiring_version, Shapes::ShapeRef.new(shape: VersionKeyString, location_name: "ExpiringVersion"))
+    UpdateManagedRuleSetVersionExpiryDateResponse.add_member(:expiry_timestamp, Shapes::ShapeRef.new(shape: Timestamp, location_name: "ExpiryTimestamp"))
+    UpdateManagedRuleSetVersionExpiryDateResponse.add_member(:next_lock_token, Shapes::ShapeRef.new(shape: LockToken, location_name: "NextLockToken"))
+    UpdateManagedRuleSetVersionExpiryDateResponse.struct_class = Types::UpdateManagedRuleSetVersionExpiryDateResponse
+
     UpdateRegexPatternSetRequest.add_member(:name, Shapes::ShapeRef.new(shape: EntityName, required: true, location_name: "Name"))
     UpdateRegexPatternSetRequest.add_member(:scope, Shapes::ShapeRef.new(shape: Scope, required: true, location_name: "Scope"))
     UpdateRegexPatternSetRequest.add_member(:id, Shapes::ShapeRef.new(shape: EntityId, required: true, location_name: "Id"))
@@ -994,6 +1110,13 @@ module Aws::WAFV2
 
     UriPath.struct_class = Types::UriPath
 
+    VersionToPublish.add_member(:associated_rule_group_arn, Shapes::ShapeRef.new(shape: ResourceArn, location_name: "AssociatedRuleGroupArn"))
+    VersionToPublish.add_member(:forecasted_lifetime, Shapes::ShapeRef.new(shape: TimeWindowDay, location_name: "ForecastedLifetime"))
+    VersionToPublish.struct_class = Types::VersionToPublish
+
+    VersionsToPublish.key = Shapes::ShapeRef.new(shape: VersionKeyString)
+    VersionsToPublish.value = Shapes::ShapeRef.new(shape: VersionToPublish)
+
     VisibilityConfig.add_member(:sampled_requests_enabled, Shapes::ShapeRef.new(shape: Boolean, required: true, location_name: "SampledRequestsEnabled"))
     VisibilityConfig.add_member(:cloud_watch_metrics_enabled, Shapes::ShapeRef.new(shape: Boolean, required: true, location_name: "CloudWatchMetricsEnabled"))
     VisibilityConfig.add_member(:metric_name, Shapes::ShapeRef.new(shape: MetricName, required: true, location_name: "MetricName"))
@@ -1005,6 +1128,9 @@ module Aws::WAFV2
     WAFDuplicateItemException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
     WAFDuplicateItemException.struct_class = Types::WAFDuplicateItemException
 
+    WAFExpiredManagedRuleGroupVersionException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
+    WAFExpiredManagedRuleGroupVersionException.struct_class = Types::WAFExpiredManagedRuleGroupVersionException
+
     WAFInternalErrorException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
     WAFInternalErrorException.struct_class = Types::WAFInternalErrorException
 
@@ -1120,6 +1246,7 @@ module Aws::WAFV2
         o.errors << Shapes::ShapeRef.new(shape: WAFInvalidResourceException)
         o.errors << Shapes::ShapeRef.new(shape: WAFUnavailableEntityException)
         o.errors << Shapes::ShapeRef.new(shape: WAFSubscriptionNotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFExpiredManagedRuleGroupVersionException)
       end)
 
       api.add_operation(:create_ip_set, Seahorse::Model::Operation.new.tap do |o|
@@ -1305,6 +1432,7 @@ module Aws::WAFV2
         o.errors << Shapes::ShapeRef.new(shape: WAFInvalidResourceException)
         o.errors << Shapes::ShapeRef.new(shape: WAFNonexistentItemException)
         o.errors << Shapes::ShapeRef.new(shape: WAFInvalidOperationException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFExpiredManagedRuleGroupVersionException)
       end)
 
       api.add_operation(:disassociate_web_acl, Seahorse::Model::Operation.new.tap do |o|
@@ -1343,6 +1471,18 @@ module Aws::WAFV2
         o.errors << Shapes::ShapeRef.new(shape: WAFInvalidOperationException)
       end)
 
+      api.add_operation(:get_managed_rule_set, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "GetManagedRuleSet"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: GetManagedRuleSetRequest)
+        o.output = Shapes::ShapeRef.new(shape: GetManagedRuleSetResponse)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFNonexistentItemException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInvalidOperationException)
+      end)
+
       api.add_operation(:get_permission_policy, Seahorse::Model::Operation.new.tap do |o|
         o.name = "GetPermissionPolicy"
         o.http_method = "POST"
@@ -1426,6 +1566,17 @@ module Aws::WAFV2
         o.errors << Shapes::ShapeRef.new(shape: WAFInvalidOperationException)
       end)
 
+      api.add_operation(:list_available_managed_rule_group_versions, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ListAvailableManagedRuleGroupVersions"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: ListAvailableManagedRuleGroupVersionsRequest)
+        o.output = Shapes::ShapeRef.new(shape: ListAvailableManagedRuleGroupVersionsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInvalidOperationException)
+      end)
+
       api.add_operation(:list_available_managed_rule_groups, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ListAvailableManagedRuleGroups"
         o.http_method = "POST"
@@ -1459,6 +1610,17 @@ module Aws::WAFV2
         o.errors << Shapes::ShapeRef.new(shape: WAFInvalidOperationException)
       end)
 
+      api.add_operation(:list_managed_rule_sets, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ListManagedRuleSets"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: ListManagedRuleSetsRequest)
+        o.output = Shapes::ShapeRef.new(shape: ListManagedRuleSetsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInvalidOperationException)
+      end)
+
       api.add_operation(:list_regex_pattern_sets, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ListRegexPatternSets"
         o.http_method = "POST"
@@ -1533,6 +1695,19 @@ module Aws::WAFV2
         o.errors << Shapes::ShapeRef.new(shape: WAFLimitsExceededException)
       end)
 
+      api.add_operation(:put_managed_rule_set_versions, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "PutManagedRuleSetVersions"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: PutManagedRuleSetVersionsRequest)
+        o.output = Shapes::ShapeRef.new(shape: PutManagedRuleSetVersionsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFNonexistentItemException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFOptimisticLockException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInvalidOperationException)
+      end)
+
       api.add_operation(:put_permission_policy, Seahorse::Model::Operation.new.tap do |o|
         o.name = "PutPermissionPolicy"
         o.http_method = "POST"
@@ -1589,6 +1764,19 @@ module Aws::WAFV2
         o.errors << Shapes::ShapeRef.new(shape: WAFInvalidOperationException)
       end)
 
+      api.add_operation(:update_managed_rule_set_version_expiry_date, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "UpdateManagedRuleSetVersionExpiryDate"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: UpdateManagedRuleSetVersionExpiryDateRequest)
+        o.output = Shapes::ShapeRef.new(shape: UpdateManagedRuleSetVersionExpiryDateResponse)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInternalErrorException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInvalidParameterException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFNonexistentItemException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFOptimisticLockException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFInvalidOperationException)
+      end)
+
       api.add_operation(:update_regex_pattern_set, Seahorse::Model::Operation.new.tap do |o|
         o.name = "UpdateRegexPatternSet"
         o.http_method = "POST"
@@ -1637,6 +1825,7 @@ module Aws::WAFV2
         o.errors << Shapes::ShapeRef.new(shape: WAFUnavailableEntityException)
         o.errors << Shapes::ShapeRef.new(shape: WAFSubscriptionNotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: WAFInvalidOperationException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFExpiredManagedRuleGroupVersionException)
       end)
     end
 

data/lib/aws-sdk-wafv2/errors.rb

@@ -29,6 +29,7 @@ module Aws::WAFV2
   # ## Error Classes
   # * {WAFAssociatedItemException}
   # * {WAFDuplicateItemException}
+  # * {WAFExpiredManagedRuleGroupVersionException}
   # * {WAFInternalErrorException}
   # * {WAFInvalidOperationException}
   # * {WAFInvalidParameterException}
@@ -79,6 +80,21 @@ module Aws::WAFV2
       end
     end
 
+    class WAFExpiredManagedRuleGroupVersionException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::WAFV2::Types::WAFExpiredManagedRuleGroupVersionException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
     class WAFInternalErrorException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-wafv2/types.rb

@@ -39,6 +39,8 @@ module Aws::WAFV2
     # This is used only to indicate the web request component for WAF to
     # inspect, in the FieldToMatch specification.
     #
+    # JSON specification: `"All": \{\}`
+    #
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/All AWS API Documentation
@@ -50,6 +52,8 @@ module Aws::WAFV2
     # This is used only to indicate the web request component for WAF to
     # inspect, in the FieldToMatch specification.
     #
+    # JSON specification: `"AllQueryArguments": \{\}`
+    #
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AllQueryArguments AWS API Documentation
@@ -339,6 +343,7 @@ module Aws::WAFV2
     #             managed_rule_group_statement: {
     #               vendor_name: "VendorName", # required
     #               name: "EntityName", # required
+    #               version: "VersionKeyString",
     #               excluded_rules: [
     #                 {
     #                   name: "EntityName", # required
@@ -461,6 +466,8 @@ module Aws::WAFV2
     # This is used only to indicate the web request component for WAF to
     # inspect, in the FieldToMatch specification.
     #
+    # JSON specification: `"Body": \{\}`
+    #
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Body AWS API Documentation
@@ -863,6 +870,7 @@ module Aws::WAFV2
     #               managed_rule_group_statement: {
     #                 vendor_name: "VendorName", # required
     #                 name: "EntityName", # required
+    #                 version: "VersionKeyString",
     #                 excluded_rules: [
     #                   {
     #                     name: "EntityName", # required
@@ -1094,7 +1102,7 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] ip_address_version
-    #   Specify IPV4 or IPV6.
+    #   The version of the IP addresses, either `IPV4` or `IPV6`.
     #   @return [String]
     #
     # @!attribute [rw] addresses
@@ -1492,6 +1500,7 @@ module Aws::WAFV2
     #               managed_rule_group_statement: {
     #                 vendor_name: "VendorName", # required
     #                 name: "EntityName", # required
+    #                 version: "VersionKeyString",
     #                 excluded_rules: [
     #                   {
     #                     name: "EntityName", # required
@@ -1967,6 +1976,7 @@ module Aws::WAFV2
     #               managed_rule_group_statement: {
     #                 vendor_name: "VendorName", # required
     #                 name: "EntityName", # required
+    #                 version: "VersionKeyString",
     #                 excluded_rules: [
     #                   {
     #                     name: "EntityName", # required
@@ -2415,15 +2425,15 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] web_acl_lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteFirewallManagerRuleGroupsRequest AWS API Documentation
@@ -2436,15 +2446,15 @@ module Aws::WAFV2
     end
 
     # @!attribute [rw] next_web_acl_lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteFirewallManagerRuleGroupsResponse AWS API Documentation
@@ -2492,15 +2502,15 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteIPSetRequest AWS API Documentation
@@ -2605,15 +2615,15 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteRegexPatternSetRequest AWS API Documentation
@@ -2668,15 +2678,15 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteRuleGroupRequest AWS API Documentation
@@ -2731,15 +2741,15 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteWebACLRequest AWS API Documentation
@@ -2764,6 +2774,7 @@ module Aws::WAFV2
     #         vendor_name: "VendorName", # required
     #         name: "EntityName", # required
     #         scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
+    #         version_name: "VersionKeyString",
     #       }
     #
     # @!attribute [rw] vendor_name
@@ -2791,16 +2802,40 @@ module Aws::WAFV2
     #   * API and SDKs - For all calls, use the Region endpoint us-east-1.
     #   @return [String]
     #
+    # @!attribute [rw] version_name
+    #   The version of the rule group. You can only use a version that is
+    #   not scheduled for expiration. If you don't provide this, WAF uses
+    #   the vendor's default version.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DescribeManagedRuleGroupRequest AWS API Documentation
     #
     class DescribeManagedRuleGroupRequest < Struct.new(
       :vendor_name,
       :name,
-      :scope)
+      :scope,
+      :version_name)
       SENSITIVE = []
       include Aws::Structure
     end
 
+    # @!attribute [rw] version_name
+    #   The managed rule group's version.
+    #   @return [String]
+    #
+    # @!attribute [rw] sns_topic_arn
+    #   The Amazon resource name (ARN) of the Amazon Simple Notification
+    #   Service SNS topic that's used to record changes to the managed rule
+    #   group. You can subscribe to the SNS topic to receive notifications
+    #   when the managed rule group is modified, such as for new versions
+    #   and for version expiration. For more information, see the [Amazon
+    #   Simple Notification Service Developer Guide][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/sns/latest/dg/welcome.html
+    #   @return [String]
+    #
     # @!attribute [rw] capacity
     #   The web ACL capacity units (WCUs) required for this rule group. WAF
     #   uses web ACL capacity units (WCU) to calculate and control the
@@ -2847,6 +2882,8 @@ module Aws::WAFV2
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DescribeManagedRuleGroupResponse AWS API Documentation
     #
     class DescribeManagedRuleGroupResponse < Struct.new(
+      :version_name,
+      :sns_topic_arn,
       :capacity,
       :rules,
       :label_namespace,
@@ -2923,6 +2960,14 @@ module Aws::WAFV2
     # requires it. To inspect more than one component of a web request,
     # create a separate rule statement for each component.
     #
+    # JSON specification for a `QueryString` field to match:
+    #
+    # ` "FieldToMatch": \{ "QueryString": \{\} \}`
+    #
+    # Example JSON for a `Method` field to match specification:
+    #
+    # ` "FieldToMatch": \{ "Method": \{ "Name": "DELETE" \} \}`
+    #
     # @note When making an API call, you may pass FieldToMatch
     #   data as a hash:
     #
@@ -3164,8 +3209,8 @@ module Aws::WAFV2
     #   provide the ARN of the rule group in this statement.
     #
     #   You cannot nest a `RuleGroupReferenceStatement`, for example for use
-    #   inside a `NotStatement` or `OrStatement`. It can only be referenced
-    #   as a top-level statement within a rule.
+    #   inside a `NotStatement` or `OrStatement`. You can only use a rule
+    #   group reference statement at the top level inside a web ACL.
     #   @return [Types::RuleGroupReferenceStatement]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/FirewallManagerStatement AWS API Documentation
@@ -3330,15 +3375,15 @@ module Aws::WAFV2
     #   @return [Types::IPSet]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetIPSetResponse AWS API Documentation
@@ -3382,6 +3427,79 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass GetManagedRuleSetRequest
+    #   data as a hash:
+    #
+    #       {
+    #         name: "EntityName", # required
+    #         scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
+    #         id: "EntityId", # required
+    #       }
+    #
+    # @!attribute [rw] name
+    #   The name of the managed rule set. You use this, along with the rule
+    #   set ID, to identify the rule set.
+    #
+    #   This name is assigned to the corresponding managed rule group, which
+    #   your customers can access and use.
+    #   @return [String]
+    #
+    # @!attribute [rw] scope
+    #   Specifies whether this is for an Amazon CloudFront distribution or
+    #   for a regional application. A regional application can be an
+    #   Application Load Balancer (ALB), an Amazon API Gateway REST API, or
+    #   an AppSync GraphQL API.
+    #
+    #   To work with CloudFront, you must also specify the Region US East
+    #   (N. Virginia) as follows:
+    #
+    #   * CLI - Specify the Region when you use the CloudFront scope:
+    #     `--scope=CLOUDFRONT --region=us-east-1`.
+    #
+    #   * API and SDKs - For all calls, use the Region endpoint us-east-1.
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   A unique identifier for the managed rule set. The ID is returned in
+    #   the responses to commands like `list`. You provide it to operations
+    #   like `get` and `update`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetManagedRuleSetRequest AWS API Documentation
+    #
+    class GetManagedRuleSetRequest < Struct.new(
+      :name,
+      :scope,
+      :id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] managed_rule_set
+    #   The managed rule set that you requested.
+    #   @return [Types::ManagedRuleSet]
+    #
+    # @!attribute [rw] lock_token
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetManagedRuleSetResponse AWS API Documentation
+    #
+    class GetManagedRuleSetResponse < Struct.new(
+      :managed_rule_set,
+      :lock_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass GetPermissionPolicyRequest
     #   data as a hash:
     #
@@ -3421,6 +3539,7 @@ module Aws::WAFV2
     #         scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
     #         web_acl_name: "EntityName", # required
     #         web_acl_id: "EntityId", # required
+    #         rule_group_rule_name: "EntityName",
     #         rule_name: "EntityName", # required
     #       }
     #
@@ -3450,8 +3569,17 @@ module Aws::WAFV2
     #   like update and delete.
     #   @return [String]
     #
+    # @!attribute [rw] rule_group_rule_name
+    #   The name of the rule group reference statement in your web ACL. This
+    #   is required only when you have the rate-based rule nested inside a
+    #   rule group.
+    #   @return [String]
+    #
     # @!attribute [rw] rule_name
-    #   The name of the rate-based rule to get the keys for.
+    #   The name of the rate-based rule to get the keys for. If you have the
+    #   rule defined inside a rule group that you're using in your web ACL,
+    #   also provide the name of the rule group reference statement in the
+    #   request parameter `RuleGroupRuleName`.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetRateBasedStatementManagedKeysRequest AWS API Documentation
@@ -3460,6 +3588,7 @@ module Aws::WAFV2
       :scope,
       :web_acl_name,
       :web_acl_id,
+      :rule_group_rule_name,
       :rule_name)
       SENSITIVE = []
       include Aws::Structure
@@ -3531,15 +3660,15 @@ module Aws::WAFV2
     #   @return [Types::RegexPatternSet]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetRegexPatternSetResponse AWS API Documentation
@@ -3606,15 +3735,15 @@ module Aws::WAFV2
     #   @return [Types::RuleGroup]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetRuleGroupResponse AWS API Documentation
@@ -3809,15 +3938,15 @@ module Aws::WAFV2
     #   @return [Types::WebACL]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetWebACLResponse AWS API Documentation
@@ -3942,7 +4071,7 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] ip_address_version
-    #   Specify IPV4 or IPV6.
+    #   The version of the IP addresses, either `IPV4` or `IPV6`.
     #   @return [String]
     #
     # @!attribute [rw] addresses
@@ -4143,15 +4272,15 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @!attribute [rw] arn
@@ -4179,6 +4308,9 @@ module Aws::WAFV2
     # inspects only the parts of the JSON that result from the matches that
     # you indicate.
     #
+    # Example JSON: `"JsonBody": \{ "MatchPattern": \{ "All": \{\} \},
+    # "MatchScope": "ALL" \}`
+    #
     # @note When making an API call, you may pass JsonBody
     #   data as a hash:
     #
@@ -4220,9 +4352,9 @@ module Aws::WAFV2
     #   content only up to the first parsing failure that it encounters.
     #
     #   WAF does its best to parse the entire JSON body, but might be forced
-    #   to stop for reasons such as characters that aren't valid, duplicate
-    #   keys, truncation, and any content whose root node isn't an object
-    #   or an array.
+    #   to stop for reasons such as invalid characters, duplicate keys,
+    #   truncation, and any content whose root node isn't an object or an
+    #   array.
     #
     #   WAF parses the JSON in the following examples as two valid key,
     #   value pairs:
@@ -4418,6 +4550,91 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListAvailableManagedRuleGroupVersionsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         vendor_name: "VendorName", # required
+    #         name: "EntityName", # required
+    #         scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
+    #         next_marker: "NextMarker",
+    #         limit: 1,
+    #       }
+    #
+    # @!attribute [rw] vendor_name
+    #   The name of the managed rule group vendor. You use this, along with
+    #   the rule group name, to identify the rule group.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the managed rule group. You use this, along with the
+    #   vendor name, to identify the rule group.
+    #   @return [String]
+    #
+    # @!attribute [rw] scope
+    #   Specifies whether this is for an Amazon CloudFront distribution or
+    #   for a regional application. A regional application can be an
+    #   Application Load Balancer (ALB), an Amazon API Gateway REST API, or
+    #   an AppSync GraphQL API.
+    #
+    #   To work with CloudFront, you must also specify the Region US East
+    #   (N. Virginia) as follows:
+    #
+    #   * CLI - Specify the Region when you use the CloudFront scope:
+    #     `--scope=CLOUDFRONT --region=us-east-1`.
+    #
+    #   * API and SDKs - For all calls, use the Region endpoint us-east-1.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_marker
+    #   When you request a list of objects with a `Limit` setting, if the
+    #   number of objects that are still available for retrieval exceeds the
+    #   limit, WAF returns a `NextMarker` value in the response. To retrieve
+    #   the next batch of objects, provide the marker from the prior call in
+    #   your next request.
+    #   @return [String]
+    #
+    # @!attribute [rw] limit
+    #   The maximum number of objects that you want WAF to return for this
+    #   request. If more objects are available, in the response, WAF
+    #   provides a `NextMarker` value that you can use in a subsequent call
+    #   to get the next batch of objects.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListAvailableManagedRuleGroupVersionsRequest AWS API Documentation
+    #
+    class ListAvailableManagedRuleGroupVersionsRequest < Struct.new(
+      :vendor_name,
+      :name,
+      :scope,
+      :next_marker,
+      :limit)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] next_marker
+    #   When you request a list of objects with a `Limit` setting, if the
+    #   number of objects that are still available for retrieval exceeds the
+    #   limit, WAF returns a `NextMarker` value in the response. To retrieve
+    #   the next batch of objects, provide the marker from the prior call in
+    #   your next request.
+    #   @return [String]
+    #
+    # @!attribute [rw] versions
+    #   The versions that are currently available for the specified managed
+    #   rule group.
+    #   @return [Array<Types::ManagedRuleGroupVersion>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListAvailableManagedRuleGroupVersionsResponse AWS API Documentation
+    #
+    class ListAvailableManagedRuleGroupVersionsResponse < Struct.new(
+      :next_marker,
+      :versions)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListAvailableManagedRuleGroupsRequest
     #   data as a hash:
     #
@@ -4627,6 +4844,76 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListManagedRuleSetsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
+    #         next_marker: "NextMarker",
+    #         limit: 1,
+    #       }
+    #
+    # @!attribute [rw] scope
+    #   Specifies whether this is for an Amazon CloudFront distribution or
+    #   for a regional application. A regional application can be an
+    #   Application Load Balancer (ALB), an Amazon API Gateway REST API, or
+    #   an AppSync GraphQL API.
+    #
+    #   To work with CloudFront, you must also specify the Region US East
+    #   (N. Virginia) as follows:
+    #
+    #   * CLI - Specify the Region when you use the CloudFront scope:
+    #     `--scope=CLOUDFRONT --region=us-east-1`.
+    #
+    #   * API and SDKs - For all calls, use the Region endpoint us-east-1.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_marker
+    #   When you request a list of objects with a `Limit` setting, if the
+    #   number of objects that are still available for retrieval exceeds the
+    #   limit, WAF returns a `NextMarker` value in the response. To retrieve
+    #   the next batch of objects, provide the marker from the prior call in
+    #   your next request.
+    #   @return [String]
+    #
+    # @!attribute [rw] limit
+    #   The maximum number of objects that you want WAF to return for this
+    #   request. If more objects are available, in the response, WAF
+    #   provides a `NextMarker` value that you can use in a subsequent call
+    #   to get the next batch of objects.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListManagedRuleSetsRequest AWS API Documentation
+    #
+    class ListManagedRuleSetsRequest < Struct.new(
+      :scope,
+      :next_marker,
+      :limit)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] next_marker
+    #   When you request a list of objects with a `Limit` setting, if the
+    #   number of objects that are still available for retrieval exceeds the
+    #   limit, WAF returns a `NextMarker` value in the response. To retrieve
+    #   the next batch of objects, provide the marker from the prior call in
+    #   your next request.
+    #   @return [String]
+    #
+    # @!attribute [rw] managed_rule_sets
+    #   Your managed rule sets.
+    #   @return [Array<Types::ManagedRuleSetSummary>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListManagedRuleSetsResponse AWS API Documentation
+    #
+    class ListManagedRuleSetsResponse < Struct.new(
+      :next_marker,
+      :managed_rule_sets)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListRegexPatternSetsRequest
     #   data as a hash:
     #
@@ -5008,11 +5295,11 @@ module Aws::WAFV2
     #
     # @!attribute [rw] redacted_fields
     #   The parts of the request that you want to keep out of the logs. For
-    #   example, if you redact the `HEADER` field, the `HEADER` field in the
-    #   firehose will be `xxx`.
+    #   example, if you redact the `SingleHeader` field, the `HEADER` field
+    #   in the firehose will be `xxx`.
     #
-    #   <note markdown="1"> You must use one of the following values: `URI`, `QUERY_STRING`,
-    #   `HEADER`, or `METHOD`.
+    #   <note markdown="1"> You can specify only the following fields for redaction: `UriPath`,
+    #   `QueryString`, `SingleHeader`, `Method`, and `JsonBody`.
     #
     #    </note>
     #   @return [Array<Types::FieldToMatch>]
@@ -5104,6 +5391,7 @@ module Aws::WAFV2
     #       {
     #         vendor_name: "VendorName", # required
     #         name: "EntityName", # required
+    #         version: "VersionKeyString",
     #         excluded_rules: [
     #           {
     #             name: "EntityName", # required
@@ -5346,6 +5634,7 @@ module Aws::WAFV2
     #           managed_rule_group_statement: {
     #             vendor_name: "VendorName", # required
     #             name: "EntityName", # required
+    #             version: "VersionKeyString",
     #             excluded_rules: [
     #               {
     #                 name: "EntityName", # required
@@ -5372,6 +5661,14 @@ module Aws::WAFV2
     #   vendor name, to identify the rule group.
     #   @return [String]
     #
+    # @!attribute [rw] version
+    #   The version of the managed rule group to use. If you specify this,
+    #   the version setting is fixed until you change it. If you don't
+    #   specify this, WAF uses the vendor's default version, and then keeps
+    #   the version at the vendor's default when the vendor updates the
+    #   managed rule group settings.
+    #   @return [String]
+    #
     # @!attribute [rw] excluded_rules
     #   The rules whose actions are set to `COUNT` by the web ACL,
     #   regardless of the action that is set on the rule. This effectively
@@ -5392,6 +5689,7 @@ module Aws::WAFV2
     class ManagedRuleGroupStatement < Struct.new(
       :vendor_name,
       :name,
+      :version,
       :excluded_rules,
       :scope_down_statement)
       SENSITIVE = []
@@ -5403,8 +5701,9 @@ module Aws::WAFV2
     # name and vendor name, that you provide when you add a
     # ManagedRuleGroupStatement to a web ACL. Managed rule groups include
     # Amazon Web Services Managed Rules rule groups, which are free of
-    # charge to WAF customers, and Marketplace managed rule groups, which
-    # you can subscribe to through Marketplace.
+    # charge to WAF customers, and Amazon Web Services Marketplace managed
+    # rule groups, which you can subscribe to through Amazon Web Services
+    # Marketplace.
     #
     # @!attribute [rw] vendor_name
     #   The name of the managed rule group vendor. You use this, along with
@@ -5418,7 +5717,8 @@ module Aws::WAFV2
     #
     # @!attribute [rw] description
     #   The description of the managed rule group, provided by Amazon Web
-    #   Services Managed Rules or the Marketplace seller who manages it.
+    #   Services Managed Rules or the Amazon Web Services Marketplace seller
+    #   who manages it.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleGroupSummary AWS API Documentation
@@ -5431,12 +5731,263 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # Describes a single version of a managed rule group.
+    #
+    # @!attribute [rw] name
+    #   The version name.
+    #   @return [String]
+    #
+    # @!attribute [rw] last_update_timestamp
+    #   The date and time that the managed rule group owner updated the rule
+    #   group version information.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleGroupVersion AWS API Documentation
+    #
+    class ManagedRuleGroupVersion < Struct.new(
+      :name,
+      :last_update_timestamp)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A set of rules that is managed by Amazon Web Services and Amazon Web
+    # Services Marketplace sellers to provide versioned managed rule groups
+    # for customers of WAF.
+    #
+    # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
+    # are Amazon Web Services and Amazon Web Services Marketplace sellers.
+    #
+    #  Vendors, you can use the managed rule set APIs to provide controlled
+    # rollout of your versioned managed rule group offerings for your
+    # customers. The APIs are `ListManagedRuleSets`, `GetManagedRuleSet`,
+    # `PutManagedRuleSetVersions`, and
+    # `UpdateManagedRuleSetVersionExpiryDate`.
+    #
+    #  </note>
+    #
+    # @!attribute [rw] name
+    #   The name of the managed rule set. You use this, along with the rule
+    #   set ID, to identify the rule set.
+    #
+    #   This name is assigned to the corresponding managed rule group, which
+    #   your customers can access and use.
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   A unique identifier for the managed rule set. The ID is returned in
+    #   the responses to commands like `list`. You provide it to operations
+    #   like `get` and `update`.
+    #   @return [String]
+    #
+    # @!attribute [rw] arn
+    #   The Amazon Resource Name (ARN) of the entity.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   A description of the set that helps with identification.
+    #   @return [String]
+    #
+    # @!attribute [rw] published_versions
+    #   The versions of this managed rule set that are available for use by
+    #   customers.
+    #   @return [Hash<String,Types::ManagedRuleSetVersion>]
+    #
+    # @!attribute [rw] recommended_version
+    #   The version that you would like your customers to use.
+    #   @return [String]
+    #
+    # @!attribute [rw] label_namespace
+    #   The label namespace prefix for the managed rule groups that are
+    #   offered to customers from this managed rule set. All labels that are
+    #   added by rules in the managed rule group have this prefix.
+    #
+    #   * The syntax for the label namespace prefix for a managed rule group
+    #     is the following:
+    #
+    #     `awswaf:managed:<vendor>:<rule group name>`\:
+    #
+    #   * When a rule with a label matches a web request, WAF adds the fully
+    #     qualified label to the request. A fully qualified label is made up
+    #     of the label namespace from the rule group or web ACL where the
+    #     rule is defined and the label from the rule, separated by a colon:
+    #
+    #     `<label namespace>:<label from rule>`
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleSet AWS API Documentation
+    #
+    class ManagedRuleSet < Struct.new(
+      :name,
+      :id,
+      :arn,
+      :description,
+      :published_versions,
+      :recommended_version,
+      :label_namespace)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # High-level information for a managed rule set.
+    #
+    # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
+    # are Amazon Web Services and Amazon Web Services Marketplace sellers.
+    #
+    #  Vendors, you can use the managed rule set APIs to provide controlled
+    # rollout of your versioned managed rule group offerings for your
+    # customers. The APIs are `ListManagedRuleSets`, `GetManagedRuleSet`,
+    # `PutManagedRuleSetVersions`, and
+    # `UpdateManagedRuleSetVersionExpiryDate`.
+    #
+    #  </note>
+    #
+    # @!attribute [rw] name
+    #   The name of the managed rule set. You use this, along with the rule
+    #   set ID, to identify the rule set.
+    #
+    #   This name is assigned to the corresponding managed rule group, which
+    #   your customers can access and use.
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   A unique identifier for the managed rule set. The ID is returned in
+    #   the responses to commands like `list`. You provide it to operations
+    #   like `get` and `update`.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   A description of the set that helps with identification.
+    #   @return [String]
+    #
+    # @!attribute [rw] lock_token
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
+    #   @return [String]
+    #
+    # @!attribute [rw] arn
+    #   The Amazon Resource Name (ARN) of the entity.
+    #   @return [String]
+    #
+    # @!attribute [rw] label_namespace
+    #   The label namespace prefix for the managed rule groups that are
+    #   offered to customers from this managed rule set. All labels that are
+    #   added by rules in the managed rule group have this prefix.
+    #
+    #   * The syntax for the label namespace prefix for a managed rule group
+    #     is the following:
+    #
+    #     `awswaf:managed:<vendor>:<rule group name>`\:
+    #
+    #   * When a rule with a label matches a web request, WAF adds the fully
+    #     qualified label to the request. A fully qualified label is made up
+    #     of the label namespace from the rule group or web ACL where the
+    #     rule is defined and the label from the rule, separated by a colon:
+    #
+    #     `<label namespace>:<label from rule>`
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleSetSummary AWS API Documentation
+    #
+    class ManagedRuleSetSummary < Struct.new(
+      :name,
+      :id,
+      :description,
+      :lock_token,
+      :arn,
+      :label_namespace)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Information for a single version of a managed rule set.
+    #
+    # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
+    # are Amazon Web Services and Amazon Web Services Marketplace sellers.
+    #
+    #  Vendors, you can use the managed rule set APIs to provide controlled
+    # rollout of your versioned managed rule group offerings for your
+    # customers. The APIs are `ListManagedRuleSets`, `GetManagedRuleSet`,
+    # `PutManagedRuleSetVersions`, and
+    # `UpdateManagedRuleSetVersionExpiryDate`.
+    #
+    #  </note>
+    #
+    # @!attribute [rw] associated_rule_group_arn
+    #   The Amazon Resource Name (ARN) of the vendor rule group that's used
+    #   to define the published version of your managed rule group.
+    #   @return [String]
+    #
+    # @!attribute [rw] capacity
+    #   The web ACL capacity units (WCUs) required for this rule group.
+    #
+    #   WAF uses WCUs to calculate and control the operating resources that
+    #   are used to run your rules, rule groups, and web ACLs. WAF
+    #   calculates capacity differently for each rule type, to reflect the
+    #   relative cost of each rule. Simple rules that cost little to run use
+    #   fewer WCUs than more complex rules that use more processing power.
+    #   Rule group capacity is fixed at creation, which helps users plan
+    #   their web ACL WCU usage when they use a rule group. The WCU limit
+    #   for web ACLs is 1,500.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] forecasted_lifetime
+    #   The amount of time you expect this version of your managed rule
+    #   group to last, in days.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] publish_timestamp
+    #   The time that you first published this version.
+    #
+    #   Times are in Coordinated Universal Time (UTC) format. UTC format
+    #   includes the special designator, Z. For example,
+    #   "2016-09-27T14:50Z".
+    #   @return [Time]
+    #
+    # @!attribute [rw] last_update_timestamp
+    #   The last time that you updated this version.
+    #
+    #   Times are in Coordinated Universal Time (UTC) format. UTC format
+    #   includes the special designator, Z. For example,
+    #   "2016-09-27T14:50Z".
+    #   @return [Time]
+    #
+    # @!attribute [rw] expiry_timestamp
+    #   The time that this version is set to expire.
+    #
+    #   Times are in Coordinated Universal Time (UTC) format. UTC format
+    #   includes the special designator, Z. For example,
+    #   "2016-09-27T14:50Z".
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleSetVersion AWS API Documentation
+    #
+    class ManagedRuleSetVersion < Struct.new(
+      :associated_rule_group_arn,
+      :capacity,
+      :forecasted_lifetime,
+      :publish_timestamp,
+      :last_update_timestamp,
+      :expiry_timestamp)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The HTTP method of a web request. The method indicates the type of
     # operation that the request is asking the origin to perform.
     #
     # This is used only to indicate the web request component for WAF to
     # inspect, in the FieldToMatch specification.
     #
+    # JSON specification: `"Method": \{\}`
+    #
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Method AWS API Documentation
@@ -5450,6 +6001,8 @@ module Aws::WAFV2
     # This is used in the context of other settings, for example to specify
     # values for RuleAction and web ACL DefaultAction.
     #
+    # JSON specification: `"None": \{\}`
+    #
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/NoneAction AWS API Documentation
@@ -5700,6 +6253,7 @@ module Aws::WAFV2
     #           managed_rule_group_statement: {
     #             vendor_name: "VendorName", # required
     #             name: "EntityName", # required
+    #             version: "VersionKeyString",
     #             excluded_rules: [
     #               {
     #                 name: "EntityName", # required
@@ -5970,6 +6524,7 @@ module Aws::WAFV2
     #             managed_rule_group_statement: {
     #               vendor_name: "VendorName", # required
     #               name: "EntityName", # required
+    #               version: "VersionKeyString",
     #               excluded_rules: [
     #                 {
     #                   name: "EntityName", # required
@@ -6133,6 +6688,107 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass PutManagedRuleSetVersionsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         name: "EntityName", # required
+    #         scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
+    #         id: "EntityId", # required
+    #         lock_token: "LockToken", # required
+    #         recommended_version: "VersionKeyString",
+    #         versions_to_publish: {
+    #           "VersionKeyString" => {
+    #             associated_rule_group_arn: "ResourceArn",
+    #             forecasted_lifetime: 1,
+    #           },
+    #         },
+    #       }
+    #
+    # @!attribute [rw] name
+    #   The name of the managed rule set. You use this, along with the rule
+    #   set ID, to identify the rule set.
+    #
+    #   This name is assigned to the corresponding managed rule group, which
+    #   your customers can access and use.
+    #   @return [String]
+    #
+    # @!attribute [rw] scope
+    #   Specifies whether this is for an Amazon CloudFront distribution or
+    #   for a regional application. A regional application can be an
+    #   Application Load Balancer (ALB), an Amazon API Gateway REST API, or
+    #   an AppSync GraphQL API.
+    #
+    #   To work with CloudFront, you must also specify the Region US East
+    #   (N. Virginia) as follows:
+    #
+    #   * CLI - Specify the Region when you use the CloudFront scope:
+    #     `--scope=CLOUDFRONT --region=us-east-1`.
+    #
+    #   * API and SDKs - For all calls, use the Region endpoint us-east-1.
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   A unique identifier for the managed rule set. The ID is returned in
+    #   the responses to commands like `list`. You provide it to operations
+    #   like `get` and `update`.
+    #   @return [String]
+    #
+    # @!attribute [rw] lock_token
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
+    #   @return [String]
+    #
+    # @!attribute [rw] recommended_version
+    #   The version of the named managed rule group that you'd like your
+    #   customers to choose, from among your version offerings.
+    #   @return [String]
+    #
+    # @!attribute [rw] versions_to_publish
+    #   The versions of the named managed rule group that you want to offer
+    #   to your customers.
+    #   @return [Hash<String,Types::VersionToPublish>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/PutManagedRuleSetVersionsRequest AWS API Documentation
+    #
+    class PutManagedRuleSetVersionsRequest < Struct.new(
+      :name,
+      :scope,
+      :id,
+      :lock_token,
+      :recommended_version,
+      :versions_to_publish)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] next_lock_token
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/PutManagedRuleSetVersionsResponse AWS API Documentation
+    #
+    class PutManagedRuleSetVersionsResponse < Struct.new(
+      :next_lock_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass PutPermissionPolicyRequest
     #   data as a hash:
     #
@@ -6191,6 +6847,8 @@ module Aws::WAFV2
     # This is used only to indicate the web request component for WAF to
     # inspect, in the FieldToMatch specification.
     #
+    # JSON specification: `"QueryString": \{\}`
+    #
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/QueryString AWS API Documentation
@@ -6203,6 +6861,15 @@ module Aws::WAFV2
     # You can use this to put a temporary block on requests from an IP
     # address that is sending excessive requests.
     #
+    # WAF tracks and manages web requests separately for each instance of a
+    # rate-based rule that you use. For example, if you provide the same
+    # rate-based rule settings in two web ACLs, each of the two rule
+    # statements represents a separate instance of the rate-based rule and
+    # gets its own tracking and management by WAF. If you define a
+    # rate-based rule inside a rule group, and then use that rule group in
+    # multiple places, each use creates a separate instance of the
+    # rate-based rule that gets its own tracking and management by WAF.
+    #
     # When the rule action triggers, WAF blocks additional requests from the
     # IP address until the request rate falls below the limit.
     #
@@ -6226,9 +6893,9 @@ module Aws::WAFV2
     # not meet both conditions are not counted towards the rate limit and
     # are not affected by this rule.
     #
-    # You cannot nest a `RateBasedStatement`, for example for use inside a
-    # `NotStatement` or `OrStatement`. It can only be referenced as a
-    # top-level statement within a rule.
+    # You cannot nest a `RateBasedStatement` inside another statement, for
+    # example inside a `NotStatement` or `OrStatement`. You can define a
+    # `RateBasedStatement` inside a web ACL and inside a rule group.
     #
     # @note When making an API call, you may pass RateBasedStatement
     #   data as a hash:
@@ -6473,6 +7140,7 @@ module Aws::WAFV2
     #           managed_rule_group_statement: {
     #             vendor_name: "VendorName", # required
     #             name: "EntityName", # required
+    #             version: "VersionKeyString",
     #             excluded_rules: [
     #               {
     #                 name: "EntityName", # required
@@ -6545,10 +7213,11 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
-    # The set of IP addresses that are currently blocked for a rate-based
-    # statement.
+    # The set of IP addresses that are currently blocked for a
+    # RateBasedStatement.
     #
     # @!attribute [rw] ip_address_version
+    #   The version of the IP addresses, either `IPV4` or `IPV6`.
     #   @return [String]
     #
     # @!attribute [rw] addresses
@@ -6729,15 +7398,15 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @!attribute [rw] arn
@@ -7004,6 +7673,7 @@ module Aws::WAFV2
     #           managed_rule_group_statement: {
     #             vendor_name: "VendorName", # required
     #             name: "EntityName", # required
+    #             version: "VersionKeyString",
     #             excluded_rules: [
     #               {
     #                 name: "EntityName", # required
@@ -7372,8 +8042,8 @@ module Aws::WAFV2
     # provide the ARN of the rule group in this statement.
     #
     # You cannot nest a `RuleGroupReferenceStatement`, for example for use
-    # inside a `NotStatement` or `OrStatement`. It can only be referenced as
-    # a top-level statement within a rule.
+    # inside a `NotStatement` or `OrStatement`. You can only use a rule
+    # group reference statement at the top level inside a web ACL.
     #
     # @note When making an API call, you may pass RuleGroupReferenceStatement
     #   data as a hash:
@@ -7427,15 +8097,15 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @!attribute [rw] arn
@@ -7555,6 +8225,8 @@ module Aws::WAFV2
     # This is used only to indicate the web request component for WAF to
     # inspect, in the FieldToMatch specification.
     #
+    # Example JSON: `"SingleHeader": \{ "Name": "haystack" \}`
+    #
     # @note When making an API call, you may pass SingleHeader
     #   data as a hash:
     #
@@ -7578,6 +8250,8 @@ module Aws::WAFV2
     # *UserName* or *SalesRegion*. The name can be up to 30 characters long
     # and isn't case sensitive.
     #
+    # Example JSON: `"SingleQueryArgument": \{ "Name": "myArgument" \}`
+    #
     # @note When making an API call, you may pass SingleQueryArgument
     #   data as a hash:
     #
@@ -8199,6 +8873,7 @@ module Aws::WAFV2
     #             managed_rule_group_statement: {
     #               vendor_name: "VendorName", # required
     #               name: "EntityName", # required
+    #               version: "VersionKeyString",
     #               excluded_rules: [
     #                 {
     #                   name: "EntityName", # required
@@ -8451,6 +9126,7 @@ module Aws::WAFV2
     #               managed_rule_group_statement: {
     #                 vendor_name: "VendorName", # required
     #                 name: "EntityName", # required
+    #                 version: "VersionKeyString",
     #                 excluded_rules: [
     #                   {
     #                     name: "EntityName", # required
@@ -8700,6 +9376,7 @@ module Aws::WAFV2
     #               managed_rule_group_statement: {
     #                 vendor_name: "VendorName", # required
     #                 name: "EntityName", # required
+    #                 version: "VersionKeyString",
     #                 excluded_rules: [
     #                   {
     #                     name: "EntityName", # required
@@ -8952,6 +9629,7 @@ module Aws::WAFV2
     #             managed_rule_group_statement: {
     #               vendor_name: "VendorName", # required
     #               name: "EntityName", # required
+    #               version: "VersionKeyString",
     #               excluded_rules: [
     #                 {
     #                   name: "EntityName", # required
@@ -8970,6 +9648,7 @@ module Aws::WAFV2
     #         managed_rule_group_statement: {
     #           vendor_name: "VendorName", # required
     #           name: "EntityName", # required
+    #           version: "VersionKeyString",
     #           excluded_rules: [
     #             {
     #               name: "EntityName", # required
@@ -9284,8 +9963,8 @@ module Aws::WAFV2
     #   provide the ARN of the rule group in this statement.
     #
     #   You cannot nest a `RuleGroupReferenceStatement`, for example for use
-    #   inside a `NotStatement` or `OrStatement`. It can only be referenced
-    #   as a top-level statement within a rule.
+    #   inside a `NotStatement` or `OrStatement`. You can only use a rule
+    #   group reference statement at the top level inside a web ACL.
     #   @return [Types::RuleGroupReferenceStatement]
     #
     # @!attribute [rw] ip_set_reference_statement
@@ -9323,6 +10002,15 @@ module Aws::WAFV2
     #   time span. You can use this to put a temporary block on requests
     #   from an IP address that is sending excessive requests.
     #
+    #   WAF tracks and manages web requests separately for each instance of
+    #   a rate-based rule that you use. For example, if you provide the same
+    #   rate-based rule settings in two web ACLs, each of the two rule
+    #   statements represents a separate instance of the rate-based rule and
+    #   gets its own tracking and management by WAF. If you define a
+    #   rate-based rule inside a rule group, and then use that rule group in
+    #   multiple places, each use creates a separate instance of the
+    #   rate-based rule that gets its own tracking and management by WAF.
+    #
     #   When the rule action triggers, WAF blocks additional requests from
     #   the IP address until the request rate falls below the limit.
     #
@@ -9346,9 +10034,9 @@ module Aws::WAFV2
     #   do not meet both conditions are not counted towards the rate limit
     #   and are not affected by this rule.
     #
-    #   You cannot nest a `RateBasedStatement`, for example for use inside a
-    #   `NotStatement` or `OrStatement`. It can only be referenced as a
-    #   top-level statement within a rule.
+    #   You cannot nest a `RateBasedStatement` inside another statement, for
+    #   example inside a `NotStatement` or `OrStatement`. You can define a
+    #   `RateBasedStatement` inside a web ACL and inside a rule group.
     #   @return [Types::RateBasedStatement]
     #
     # @!attribute [rw] and_statement
@@ -9649,10 +10337,8 @@ module Aws::WAFV2
     #   **REPLACE\_NULLS** - Replace NULL bytes in the input with space
     #   characters (ASCII `0x20`).
     #
-    #   **SQL\_HEX\_DECODE** - Decode the following ANSI C escape sequences:
-    #   `\a`, `\b`, `\f`, `\n`, `\r`, `\t`, `\v`, `\`, `\?`, `'`, `"`,
-    #   `\xHH` (hexadecimal), `\0OOO` (octal). Encodings that aren't valid
-    #   remain in the output.
+    #   **SQL\_HEX\_DECODE** - Decode SQL hex data. Example (`0x414243`)
+    #   will be decoded to (`ABC`).
     #
     #   **URL\_DECODE** - Decode a URL-encoded value.
     #
@@ -9836,15 +10522,15 @@ module Aws::WAFV2
     #   @return [Array<String>]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateIPSetRequest AWS API Documentation
@@ -9862,7 +10548,7 @@ module Aws::WAFV2
 
     # @!attribute [rw] next_lock_token
     #   A token used for optimistic locking. WAF returns this token to your
-    #   update requests. You use `NextLockToken` in the same manner as you
+    #   `update` requests. You use `NextLockToken` in the same manner as you
     #   use `LockToken`.
     #   @return [String]
     #
@@ -9874,6 +10560,119 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass UpdateManagedRuleSetVersionExpiryDateRequest
+    #   data as a hash:
+    #
+    #       {
+    #         name: "EntityName", # required
+    #         scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
+    #         id: "EntityId", # required
+    #         lock_token: "LockToken", # required
+    #         version_to_expire: "VersionKeyString", # required
+    #         expiry_timestamp: Time.now, # required
+    #       }
+    #
+    # @!attribute [rw] name
+    #   The name of the managed rule set. You use this, along with the rule
+    #   set ID, to identify the rule set.
+    #
+    #   This name is assigned to the corresponding managed rule group, which
+    #   your customers can access and use.
+    #   @return [String]
+    #
+    # @!attribute [rw] scope
+    #   Specifies whether this is for an Amazon CloudFront distribution or
+    #   for a regional application. A regional application can be an
+    #   Application Load Balancer (ALB), an Amazon API Gateway REST API, or
+    #   an AppSync GraphQL API.
+    #
+    #   To work with CloudFront, you must also specify the Region US East
+    #   (N. Virginia) as follows:
+    #
+    #   * CLI - Specify the Region when you use the CloudFront scope:
+    #     `--scope=CLOUDFRONT --region=us-east-1`.
+    #
+    #   * API and SDKs - For all calls, use the Region endpoint us-east-1.
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   A unique identifier for the managed rule set. The ID is returned in
+    #   the responses to commands like `list`. You provide it to operations
+    #   like `get` and `update`.
+    #   @return [String]
+    #
+    # @!attribute [rw] lock_token
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
+    #   @return [String]
+    #
+    # @!attribute [rw] version_to_expire
+    #   The version that you want to remove from your list of offerings for
+    #   the named managed rule group.
+    #   @return [String]
+    #
+    # @!attribute [rw] expiry_timestamp
+    #   The time that you want the version to expire.
+    #
+    #   Times are in Coordinated Universal Time (UTC) format. UTC format
+    #   includes the special designator, Z. For example,
+    #   "2016-09-27T14:50Z".
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateManagedRuleSetVersionExpiryDateRequest AWS API Documentation
+    #
+    class UpdateManagedRuleSetVersionExpiryDateRequest < Struct.new(
+      :name,
+      :scope,
+      :id,
+      :lock_token,
+      :version_to_expire,
+      :expiry_timestamp)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] expiring_version
+    #   The version that is set to expire.
+    #   @return [String]
+    #
+    # @!attribute [rw] expiry_timestamp
+    #   The time that the version will expire.
+    #
+    #   Times are in Coordinated Universal Time (UTC) format. UTC format
+    #   includes the special designator, Z. For example,
+    #   "2016-09-27T14:50Z".
+    #   @return [Time]
+    #
+    # @!attribute [rw] next_lock_token
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateManagedRuleSetVersionExpiryDateResponse AWS API Documentation
+    #
+    class UpdateManagedRuleSetVersionExpiryDateResponse < Struct.new(
+      :expiring_version,
+      :expiry_timestamp,
+      :next_lock_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass UpdateRegexPatternSetRequest
     #   data as a hash:
     #
@@ -9924,15 +10723,15 @@ module Aws::WAFV2
     #   @return [Array<Types::Regex>]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateRegexPatternSetRequest AWS API Documentation
@@ -9950,7 +10749,7 @@ module Aws::WAFV2
 
     # @!attribute [rw] next_lock_token
     #   A token used for optimistic locking. WAF returns this token to your
-    #   update requests. You use `NextLockToken` in the same manner as you
+    #   `update` requests. You use `NextLockToken` in the same manner as you
     #   use `LockToken`.
     #   @return [String]
     #
@@ -10211,6 +11010,7 @@ module Aws::WAFV2
     #               managed_rule_group_statement: {
     #                 vendor_name: "VendorName", # required
     #                 name: "EntityName", # required
+    #                 version: "VersionKeyString",
     #                 excluded_rules: [
     #                   {
     #                     name: "EntityName", # required
@@ -10342,15 +11142,15 @@ module Aws::WAFV2
     #   @return [Types::VisibilityConfig]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @!attribute [rw] custom_response_bodies
@@ -10391,7 +11191,7 @@ module Aws::WAFV2
 
     # @!attribute [rw] next_lock_token
     #   A token used for optimistic locking. WAF returns this token to your
-    #   update requests. You use `NextLockToken` in the same manner as you
+    #   `update` requests. You use `NextLockToken` in the same manner as you
     #   use `LockToken`.
     #   @return [String]
     #
@@ -10676,6 +11476,7 @@ module Aws::WAFV2
     #               managed_rule_group_statement: {
     #                 vendor_name: "VendorName", # required
     #                 name: "EntityName", # required
+    #                 version: "VersionKeyString",
     #                 excluded_rules: [
     #                   {
     #                     name: "EntityName", # required
@@ -10812,15 +11613,15 @@ module Aws::WAFV2
     #   @return [Types::VisibilityConfig]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @!attribute [rw] custom_response_bodies
@@ -10862,7 +11663,7 @@ module Aws::WAFV2
 
     # @!attribute [rw] next_lock_token
     #   A token used for optimistic locking. WAF returns this token to your
-    #   update requests. You use `NextLockToken` in the same manner as you
+    #   `update` requests. You use `NextLockToken` in the same manner as you
     #   use `LockToken`.
     #   @return [String]
     #
@@ -10881,12 +11682,55 @@ module Aws::WAFV2
     # This is used only to indicate the web request component for WAF to
     # inspect, in the FieldToMatch specification.
     #
+    # JSON specification: `"UriPath": \{\}`
+    #
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UriPath AWS API Documentation
     #
     class UriPath < Aws::EmptyStructure; end
 
+    # A version of the named managed rule group, that the rule group's
+    # vendor publishes for use by customers.
+    #
+    # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
+    # are Amazon Web Services and Amazon Web Services Marketplace sellers.
+    #
+    #  Vendors, you can use the managed rule set APIs to provide controlled
+    # rollout of your versioned managed rule group offerings for your
+    # customers. The APIs are `ListManagedRuleSets`, `GetManagedRuleSet`,
+    # `PutManagedRuleSetVersions`, and
+    # `UpdateManagedRuleSetVersionExpiryDate`.
+    #
+    #  </note>
+    #
+    # @note When making an API call, you may pass VersionToPublish
+    #   data as a hash:
+    #
+    #       {
+    #         associated_rule_group_arn: "ResourceArn",
+    #         forecasted_lifetime: 1,
+    #       }
+    #
+    # @!attribute [rw] associated_rule_group_arn
+    #   The Amazon Resource Name (ARN) of the vendor's rule group that's
+    #   used in the published managed rule group version.
+    #   @return [String]
+    #
+    # @!attribute [rw] forecasted_lifetime
+    #   The amount of time the vendor expects this version of the managed
+    #   rule group to last, in days.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/VersionToPublish AWS API Documentation
+    #
+    class VersionToPublish < Struct.new(
+      :associated_rule_group_arn,
+      :forecasted_lifetime)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Defines and enables Amazon CloudWatch metrics and web request sample
     # collection.
     #
@@ -10961,6 +11805,22 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # The operation failed because the specified version for the managed
+    # rule group has expired. You can retrieve the available versions for
+    # the managed rule group by calling
+    # ListAvailableManagedRuleGroupVersions.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WAFExpiredManagedRuleGroupVersionException AWS API Documentation
+    #
+    class WAFExpiredManagedRuleGroupVersionException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Your request is valid, but WAF couldn’t perform the operation because
     # of a system problem. Retry your request.
     #
@@ -11006,12 +11866,15 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] field
+    #   The settings where the invalid parameter was found.
     #   @return [String]
     #
     # @!attribute [rw] parameter
+    #   The invalid parameter that resulted in the exception.
     #   @return [String]
     #
     # @!attribute [rw] reason
+    #   Additional information about the exception.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WAFInvalidParameterException AWS API Documentation
@@ -11077,8 +11940,8 @@ module Aws::WAFV2
 
     # WAF couldn’t perform the operation because you exceeded your resource
     # limit. For example, the maximum number of `WebACL` objects that you
-    # can create for an account. For more information, see [Limits][1] in
-    # the *WAF Developer Guide*.
+    # can create for an Amazon Web Services account. For more information,
+    # see [WAF quotas][1] in the *WAF Developer Guide*.
     #
     #
     #
@@ -11374,15 +12237,15 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @!attribute [rw] arn