aws-sdk-wafv2 1.23.0 → 1.27.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +20 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-wafv2/client.rb +795 -81
  5. data/lib/aws-sdk-wafv2/client_api.rb +196 -0
  6. data/lib/aws-sdk-wafv2/errors.rb +16 -0
  7. data/lib/aws-sdk-wafv2/types.rb +1802 -250
  8. data/lib/aws-sdk-wafv2.rb +1 -1
  9. metadata +5 -5
data/lib/aws-sdk-wafv2/types.rb CHANGED
@@ -39,6 +39,8 @@ module Aws::WAFV2
39
39
  # This is used only to indicate the web request component for WAF to
40
40
  # inspect, in the FieldToMatch specification.
41
41
  #
42
+ # JSON specification: `"All": \{\}`
43
+ #
42
44
  # @api private
43
45
  #
44
46
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/All AWS API Documentation
@@ -50,6 +52,8 @@ module Aws::WAFV2
50
52
  # This is used only to indicate the web request component for WAF to
51
53
  # inspect, in the FieldToMatch specification.
52
54
  #
55
+ # JSON specification: `"AllQueryArguments": \{\}`
56
+ #
53
57
  # @api private
54
58
  #
55
59
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AllQueryArguments AWS API Documentation
@@ -339,6 +343,7 @@ module Aws::WAFV2
339
343
  # managed_rule_group_statement: {
340
344
  # vendor_name: "VendorName", # required
341
345
  # name: "EntityName", # required
346
+ # version: "VersionKeyString",
342
347
  # excluded_rules: [
343
348
  # {
344
349
  # name: "EntityName", # required
@@ -352,6 +357,42 @@ module Aws::WAFV2
352
357
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
353
358
  # key: "LabelMatchKey", # required
354
359
  # },
360
+ # regex_match_statement: {
361
+ # regex_string: "RegexPatternString", # required
362
+ # field_to_match: { # required
363
+ # single_header: {
364
+ # name: "FieldToMatchData", # required
365
+ # },
366
+ # single_query_argument: {
367
+ # name: "FieldToMatchData", # required
368
+ # },
369
+ # all_query_arguments: {
370
+ # },
371
+ # uri_path: {
372
+ # },
373
+ # query_string: {
374
+ # },
375
+ # body: {
376
+ # },
377
+ # method: {
378
+ # },
379
+ # json_body: {
380
+ # match_pattern: { # required
381
+ # all: {
382
+ # },
383
+ # included_paths: ["JsonPointerPath"],
384
+ # },
385
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
386
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
387
+ # },
388
+ # },
389
+ # text_transformations: [ # required
390
+ # {
391
+ # priority: 1, # required
392
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
393
+ # },
394
+ # ],
395
+ # },
355
396
  # },
356
397
  # ],
357
398
  # }
@@ -461,6 +502,8 @@ module Aws::WAFV2
461
502
  # This is used only to indicate the web request component for WAF to
462
503
  # inspect, in the FieldToMatch specification.
463
504
  #
505
+ # JSON specification: `"Body": \{\}`
506
+ #
464
507
  # @api private
465
508
  #
466
509
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Body AWS API Documentation
@@ -863,6 +906,7 @@ module Aws::WAFV2
863
906
  # managed_rule_group_statement: {
864
907
  # vendor_name: "VendorName", # required
865
908
  # name: "EntityName", # required
909
+ # version: "VersionKeyString",
866
910
  # excluded_rules: [
867
911
  # {
868
912
  # name: "EntityName", # required
@@ -876,6 +920,42 @@ module Aws::WAFV2
876
920
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
877
921
  # key: "LabelMatchKey", # required
878
922
  # },
923
+ # regex_match_statement: {
924
+ # regex_string: "RegexPatternString", # required
925
+ # field_to_match: { # required
926
+ # single_header: {
927
+ # name: "FieldToMatchData", # required
928
+ # },
929
+ # single_query_argument: {
930
+ # name: "FieldToMatchData", # required
931
+ # },
932
+ # all_query_arguments: {
933
+ # },
934
+ # uri_path: {
935
+ # },
936
+ # query_string: {
937
+ # },
938
+ # body: {
939
+ # },
940
+ # method: {
941
+ # },
942
+ # json_body: {
943
+ # match_pattern: { # required
944
+ # all: {
945
+ # },
946
+ # included_paths: ["JsonPointerPath"],
947
+ # },
948
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
949
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
950
+ # },
951
+ # },
952
+ # text_transformations: [ # required
953
+ # {
954
+ # priority: 1, # required
955
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
956
+ # },
957
+ # ],
958
+ # },
879
959
  # },
880
960
  # action: {
881
961
  # block: {
@@ -1094,7 +1174,7 @@ module Aws::WAFV2
1094
1174
  # @return [String]
1095
1175
  #
1096
1176
  # @!attribute [rw] ip_address_version
1097
- # Specify IPV4 or IPV6.
1177
+ # The version of the IP addresses, either `IPV4` or `IPV6`.
1098
1178
  # @return [String]
1099
1179
  #
1100
1180
  # @!attribute [rw] addresses
@@ -1492,6 +1572,7 @@ module Aws::WAFV2
1492
1572
  # managed_rule_group_statement: {
1493
1573
  # vendor_name: "VendorName", # required
1494
1574
  # name: "EntityName", # required
1575
+ # version: "VersionKeyString",
1495
1576
  # excluded_rules: [
1496
1577
  # {
1497
1578
  # name: "EntityName", # required
@@ -1505,6 +1586,42 @@ module Aws::WAFV2
1505
1586
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
1506
1587
  # key: "LabelMatchKey", # required
1507
1588
  # },
1589
+ # regex_match_statement: {
1590
+ # regex_string: "RegexPatternString", # required
1591
+ # field_to_match: { # required
1592
+ # single_header: {
1593
+ # name: "FieldToMatchData", # required
1594
+ # },
1595
+ # single_query_argument: {
1596
+ # name: "FieldToMatchData", # required
1597
+ # },
1598
+ # all_query_arguments: {
1599
+ # },
1600
+ # uri_path: {
1601
+ # },
1602
+ # query_string: {
1603
+ # },
1604
+ # body: {
1605
+ # },
1606
+ # method: {
1607
+ # },
1608
+ # json_body: {
1609
+ # match_pattern: { # required
1610
+ # all: {
1611
+ # },
1612
+ # included_paths: ["JsonPointerPath"],
1613
+ # },
1614
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
1615
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
1616
+ # },
1617
+ # },
1618
+ # text_transformations: [ # required
1619
+ # {
1620
+ # priority: 1, # required
1621
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
1622
+ # },
1623
+ # ],
1624
+ # },
1508
1625
  # },
1509
1626
  # action: {
1510
1627
  # block: {
@@ -1967,6 +2084,7 @@ module Aws::WAFV2
1967
2084
  # managed_rule_group_statement: {
1968
2085
  # vendor_name: "VendorName", # required
1969
2086
  # name: "EntityName", # required
2087
+ # version: "VersionKeyString",
1970
2088
  # excluded_rules: [
1971
2089
  # {
1972
2090
  # name: "EntityName", # required
@@ -1980,6 +2098,42 @@ module Aws::WAFV2
1980
2098
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
1981
2099
  # key: "LabelMatchKey", # required
1982
2100
  # },
2101
+ # regex_match_statement: {
2102
+ # regex_string: "RegexPatternString", # required
2103
+ # field_to_match: { # required
2104
+ # single_header: {
2105
+ # name: "FieldToMatchData", # required
2106
+ # },
2107
+ # single_query_argument: {
2108
+ # name: "FieldToMatchData", # required
2109
+ # },
2110
+ # all_query_arguments: {
2111
+ # },
2112
+ # uri_path: {
2113
+ # },
2114
+ # query_string: {
2115
+ # },
2116
+ # body: {
2117
+ # },
2118
+ # method: {
2119
+ # },
2120
+ # json_body: {
2121
+ # match_pattern: { # required
2122
+ # all: {
2123
+ # },
2124
+ # included_paths: ["JsonPointerPath"],
2125
+ # },
2126
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
2127
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
2128
+ # },
2129
+ # },
2130
+ # text_transformations: [ # required
2131
+ # {
2132
+ # priority: 1, # required
2133
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
2134
+ # },
2135
+ # ],
2136
+ # },
1983
2137
  # },
1984
2138
  # action: {
1985
2139
  # block: {
@@ -2415,15 +2569,15 @@ module Aws::WAFV2
2415
2569
  # @return [String]
2416
2570
  #
2417
2571
  # @!attribute [rw] web_acl_lock_token
2418
- # A token used for optimistic locking. WAF returns a token to your get
2419
- # and list requests, to mark the state of the entity at the time of
2420
- # the request. To make changes to the entity associated with the
2421
- # token, you provide the token to operations like update and delete.
2422
- # WAF uses the token to ensure that no changes have been made to the
2423
- # entity since you last retrieved it. If a change has been made, the
2424
- # update fails with a `WAFOptimisticLockException`. If this happens,
2425
- # perform another get, and use the new token returned by that
2426
- # operation.
2572
+ # A token used for optimistic locking. WAF returns a token to your
2573
+ # `get` and `list` requests, to mark the state of the entity at the
2574
+ # time of the request. To make changes to the entity associated with
2575
+ # the token, you provide the token to operations like `update` and
2576
+ # `delete`. WAF uses the token to ensure that no changes have been
2577
+ # made to the entity since you last retrieved it. If a change has been
2578
+ # made, the update fails with a `WAFOptimisticLockException`. If this
2579
+ # happens, perform another `get`, and use the new token returned by
2580
+ # that operation.
2427
2581
  # @return [String]
2428
2582
  #
2429
2583
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteFirewallManagerRuleGroupsRequest AWS API Documentation
@@ -2436,15 +2590,15 @@ module Aws::WAFV2
2436
2590
  end
2437
2591
 
2438
2592
  # @!attribute [rw] next_web_acl_lock_token
2439
- # A token used for optimistic locking. WAF returns a token to your get
2440
- # and list requests, to mark the state of the entity at the time of
2441
- # the request. To make changes to the entity associated with the
2442
- # token, you provide the token to operations like update and delete.
2443
- # WAF uses the token to ensure that no changes have been made to the
2444
- # entity since you last retrieved it. If a change has been made, the
2445
- # update fails with a `WAFOptimisticLockException`. If this happens,
2446
- # perform another get, and use the new token returned by that
2447
- # operation.
2593
+ # A token used for optimistic locking. WAF returns a token to your
2594
+ # `get` and `list` requests, to mark the state of the entity at the
2595
+ # time of the request. To make changes to the entity associated with
2596
+ # the token, you provide the token to operations like `update` and
2597
+ # `delete`. WAF uses the token to ensure that no changes have been
2598
+ # made to the entity since you last retrieved it. If a change has been
2599
+ # made, the update fails with a `WAFOptimisticLockException`. If this
2600
+ # happens, perform another `get`, and use the new token returned by
2601
+ # that operation.
2448
2602
  # @return [String]
2449
2603
  #
2450
2604
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteFirewallManagerRuleGroupsResponse AWS API Documentation
@@ -2492,15 +2646,15 @@ module Aws::WAFV2
2492
2646
  # @return [String]
2493
2647
  #
2494
2648
  # @!attribute [rw] lock_token
2495
- # A token used for optimistic locking. WAF returns a token to your get
2496
- # and list requests, to mark the state of the entity at the time of
2497
- # the request. To make changes to the entity associated with the
2498
- # token, you provide the token to operations like update and delete.
2499
- # WAF uses the token to ensure that no changes have been made to the
2500
- # entity since you last retrieved it. If a change has been made, the
2501
- # update fails with a `WAFOptimisticLockException`. If this happens,
2502
- # perform another get, and use the new token returned by that
2503
- # operation.
2649
+ # A token used for optimistic locking. WAF returns a token to your
2650
+ # `get` and `list` requests, to mark the state of the entity at the
2651
+ # time of the request. To make changes to the entity associated with
2652
+ # the token, you provide the token to operations like `update` and
2653
+ # `delete`. WAF uses the token to ensure that no changes have been
2654
+ # made to the entity since you last retrieved it. If a change has been
2655
+ # made, the update fails with a `WAFOptimisticLockException`. If this
2656
+ # happens, perform another `get`, and use the new token returned by
2657
+ # that operation.
2504
2658
  # @return [String]
2505
2659
  #
2506
2660
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteIPSetRequest AWS API Documentation
@@ -2605,15 +2759,15 @@ module Aws::WAFV2
2605
2759
  # @return [String]
2606
2760
  #
2607
2761
  # @!attribute [rw] lock_token
2608
- # A token used for optimistic locking. WAF returns a token to your get
2609
- # and list requests, to mark the state of the entity at the time of
2610
- # the request. To make changes to the entity associated with the
2611
- # token, you provide the token to operations like update and delete.
2612
- # WAF uses the token to ensure that no changes have been made to the
2613
- # entity since you last retrieved it. If a change has been made, the
2614
- # update fails with a `WAFOptimisticLockException`. If this happens,
2615
- # perform another get, and use the new token returned by that
2616
- # operation.
2762
+ # A token used for optimistic locking. WAF returns a token to your
2763
+ # `get` and `list` requests, to mark the state of the entity at the
2764
+ # time of the request. To make changes to the entity associated with
2765
+ # the token, you provide the token to operations like `update` and
2766
+ # `delete`. WAF uses the token to ensure that no changes have been
2767
+ # made to the entity since you last retrieved it. If a change has been
2768
+ # made, the update fails with a `WAFOptimisticLockException`. If this
2769
+ # happens, perform another `get`, and use the new token returned by
2770
+ # that operation.
2617
2771
  # @return [String]
2618
2772
  #
2619
2773
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteRegexPatternSetRequest AWS API Documentation
@@ -2668,15 +2822,15 @@ module Aws::WAFV2
2668
2822
  # @return [String]
2669
2823
  #
2670
2824
  # @!attribute [rw] lock_token
2671
- # A token used for optimistic locking. WAF returns a token to your get
2672
- # and list requests, to mark the state of the entity at the time of
2673
- # the request. To make changes to the entity associated with the
2674
- # token, you provide the token to operations like update and delete.
2675
- # WAF uses the token to ensure that no changes have been made to the
2676
- # entity since you last retrieved it. If a change has been made, the
2677
- # update fails with a `WAFOptimisticLockException`. If this happens,
2678
- # perform another get, and use the new token returned by that
2679
- # operation.
2825
+ # A token used for optimistic locking. WAF returns a token to your
2826
+ # `get` and `list` requests, to mark the state of the entity at the
2827
+ # time of the request. To make changes to the entity associated with
2828
+ # the token, you provide the token to operations like `update` and
2829
+ # `delete`. WAF uses the token to ensure that no changes have been
2830
+ # made to the entity since you last retrieved it. If a change has been
2831
+ # made, the update fails with a `WAFOptimisticLockException`. If this
2832
+ # happens, perform another `get`, and use the new token returned by
2833
+ # that operation.
2680
2834
  # @return [String]
2681
2835
  #
2682
2836
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteRuleGroupRequest AWS API Documentation
@@ -2731,15 +2885,15 @@ module Aws::WAFV2
2731
2885
  # @return [String]
2732
2886
  #
2733
2887
  # @!attribute [rw] lock_token
2734
- # A token used for optimistic locking. WAF returns a token to your get
2735
- # and list requests, to mark the state of the entity at the time of
2736
- # the request. To make changes to the entity associated with the
2737
- # token, you provide the token to operations like update and delete.
2738
- # WAF uses the token to ensure that no changes have been made to the
2739
- # entity since you last retrieved it. If a change has been made, the
2740
- # update fails with a `WAFOptimisticLockException`. If this happens,
2741
- # perform another get, and use the new token returned by that
2742
- # operation.
2888
+ # A token used for optimistic locking. WAF returns a token to your
2889
+ # `get` and `list` requests, to mark the state of the entity at the
2890
+ # time of the request. To make changes to the entity associated with
2891
+ # the token, you provide the token to operations like `update` and
2892
+ # `delete`. WAF uses the token to ensure that no changes have been
2893
+ # made to the entity since you last retrieved it. If a change has been
2894
+ # made, the update fails with a `WAFOptimisticLockException`. If this
2895
+ # happens, perform another `get`, and use the new token returned by
2896
+ # that operation.
2743
2897
  # @return [String]
2744
2898
  #
2745
2899
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteWebACLRequest AWS API Documentation
@@ -2764,6 +2918,7 @@ module Aws::WAFV2
2764
2918
  # vendor_name: "VendorName", # required
2765
2919
  # name: "EntityName", # required
2766
2920
  # scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
2921
+ # version_name: "VersionKeyString",
2767
2922
  # }
2768
2923
  #
2769
2924
  # @!attribute [rw] vendor_name
@@ -2791,16 +2946,40 @@ module Aws::WAFV2
2791
2946
  # * API and SDKs - For all calls, use the Region endpoint us-east-1.
2792
2947
  # @return [String]
2793
2948
  #
2949
+ # @!attribute [rw] version_name
2950
+ # The version of the rule group. You can only use a version that is
2951
+ # not scheduled for expiration. If you don't provide this, WAF uses
2952
+ # the vendor's default version.
2953
+ # @return [String]
2954
+ #
2794
2955
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DescribeManagedRuleGroupRequest AWS API Documentation
2795
2956
  #
2796
2957
  class DescribeManagedRuleGroupRequest < Struct.new(
2797
2958
  :vendor_name,
2798
2959
  :name,
2799
- :scope)
2960
+ :scope,
2961
+ :version_name)
2800
2962
  SENSITIVE = []
2801
2963
  include Aws::Structure
2802
2964
  end
2803
2965
 
2966
+ # @!attribute [rw] version_name
2967
+ # The managed rule group's version.
2968
+ # @return [String]
2969
+ #
2970
+ # @!attribute [rw] sns_topic_arn
2971
+ # The Amazon resource name (ARN) of the Amazon Simple Notification
2972
+ # Service SNS topic that's used to record changes to the managed rule
2973
+ # group. You can subscribe to the SNS topic to receive notifications
2974
+ # when the managed rule group is modified, such as for new versions
2975
+ # and for version expiration. For more information, see the [Amazon
2976
+ # Simple Notification Service Developer Guide][1].
2977
+ #
2978
+ #
2979
+ #
2980
+ # [1]: https://docs.aws.amazon.com/sns/latest/dg/welcome.html
2981
+ # @return [String]
2982
+ #
2804
2983
  # @!attribute [rw] capacity
2805
2984
  # The web ACL capacity units (WCUs) required for this rule group. WAF
2806
2985
  # uses web ACL capacity units (WCU) to calculate and control the
@@ -2847,6 +3026,8 @@ module Aws::WAFV2
2847
3026
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DescribeManagedRuleGroupResponse AWS API Documentation
2848
3027
  #
2849
3028
  class DescribeManagedRuleGroupResponse < Struct.new(
3029
+ :version_name,
3030
+ :sns_topic_arn,
2850
3031
  :capacity,
2851
3032
  :rules,
2852
3033
  :label_namespace,
@@ -2923,6 +3104,14 @@ module Aws::WAFV2
2923
3104
  # requires it. To inspect more than one component of a web request,
2924
3105
  # create a separate rule statement for each component.
2925
3106
  #
3107
+ # JSON specification for a `QueryString` field to match:
3108
+ #
3109
+ # ` "FieldToMatch": \{ "QueryString": \{\} \}`
3110
+ #
3111
+ # Example JSON for a `Method` field to match specification:
3112
+ #
3113
+ # ` "FieldToMatch": \{ "Method": \{ "Name": "DELETE" \} \}`
3114
+ #
2926
3115
  # @note When making an API call, you may pass FieldToMatch
2927
3116
  # data as a hash:
2928
3117
  #
@@ -3164,8 +3353,8 @@ module Aws::WAFV2
3164
3353
  # provide the ARN of the rule group in this statement.
3165
3354
  #
3166
3355
  # You cannot nest a `RuleGroupReferenceStatement`, for example for use
3167
- # inside a `NotStatement` or `OrStatement`. It can only be referenced
3168
- # as a top-level statement within a rule.
3356
+ # inside a `NotStatement` or `OrStatement`. You can only use a rule
3357
+ # group reference statement at the top level inside a web ACL.
3169
3358
  # @return [Types::RuleGroupReferenceStatement]
3170
3359
  #
3171
3360
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/FirewallManagerStatement AWS API Documentation
@@ -3330,15 +3519,15 @@ module Aws::WAFV2
3330
3519
  # @return [Types::IPSet]
3331
3520
  #
3332
3521
  # @!attribute [rw] lock_token
3333
- # A token used for optimistic locking. WAF returns a token to your get
3334
- # and list requests, to mark the state of the entity at the time of
3335
- # the request. To make changes to the entity associated with the
3336
- # token, you provide the token to operations like update and delete.
3337
- # WAF uses the token to ensure that no changes have been made to the
3338
- # entity since you last retrieved it. If a change has been made, the
3339
- # update fails with a `WAFOptimisticLockException`. If this happens,
3340
- # perform another get, and use the new token returned by that
3341
- # operation.
3522
+ # A token used for optimistic locking. WAF returns a token to your
3523
+ # `get` and `list` requests, to mark the state of the entity at the
3524
+ # time of the request. To make changes to the entity associated with
3525
+ # the token, you provide the token to operations like `update` and
3526
+ # `delete`. WAF uses the token to ensure that no changes have been
3527
+ # made to the entity since you last retrieved it. If a change has been
3528
+ # made, the update fails with a `WAFOptimisticLockException`. If this
3529
+ # happens, perform another `get`, and use the new token returned by
3530
+ # that operation.
3342
3531
  # @return [String]
3343
3532
  #
3344
3533
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetIPSetResponse AWS API Documentation
@@ -3382,6 +3571,79 @@ module Aws::WAFV2
3382
3571
  include Aws::Structure
3383
3572
  end
3384
3573
 
3574
+ # @note When making an API call, you may pass GetManagedRuleSetRequest
3575
+ # data as a hash:
3576
+ #
3577
+ # {
3578
+ # name: "EntityName", # required
3579
+ # scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
3580
+ # id: "EntityId", # required
3581
+ # }
3582
+ #
3583
+ # @!attribute [rw] name
3584
+ # The name of the managed rule set. You use this, along with the rule
3585
+ # set ID, to identify the rule set.
3586
+ #
3587
+ # This name is assigned to the corresponding managed rule group, which
3588
+ # your customers can access and use.
3589
+ # @return [String]
3590
+ #
3591
+ # @!attribute [rw] scope
3592
+ # Specifies whether this is for an Amazon CloudFront distribution or
3593
+ # for a regional application. A regional application can be an
3594
+ # Application Load Balancer (ALB), an Amazon API Gateway REST API, or
3595
+ # an AppSync GraphQL API.
3596
+ #
3597
+ # To work with CloudFront, you must also specify the Region US East
3598
+ # (N. Virginia) as follows:
3599
+ #
3600
+ # * CLI - Specify the Region when you use the CloudFront scope:
3601
+ # `--scope=CLOUDFRONT --region=us-east-1`.
3602
+ #
3603
+ # * API and SDKs - For all calls, use the Region endpoint us-east-1.
3604
+ # @return [String]
3605
+ #
3606
+ # @!attribute [rw] id
3607
+ # A unique identifier for the managed rule set. The ID is returned in
3608
+ # the responses to commands like `list`. You provide it to operations
3609
+ # like `get` and `update`.
3610
+ # @return [String]
3611
+ #
3612
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetManagedRuleSetRequest AWS API Documentation
3613
+ #
3614
+ class GetManagedRuleSetRequest < Struct.new(
3615
+ :name,
3616
+ :scope,
3617
+ :id)
3618
+ SENSITIVE = []
3619
+ include Aws::Structure
3620
+ end
3621
+
3622
+ # @!attribute [rw] managed_rule_set
3623
+ # The managed rule set that you requested.
3624
+ # @return [Types::ManagedRuleSet]
3625
+ #
3626
+ # @!attribute [rw] lock_token
3627
+ # A token used for optimistic locking. WAF returns a token to your
3628
+ # `get` and `list` requests, to mark the state of the entity at the
3629
+ # time of the request. To make changes to the entity associated with
3630
+ # the token, you provide the token to operations like `update` and
3631
+ # `delete`. WAF uses the token to ensure that no changes have been
3632
+ # made to the entity since you last retrieved it. If a change has been
3633
+ # made, the update fails with a `WAFOptimisticLockException`. If this
3634
+ # happens, perform another `get`, and use the new token returned by
3635
+ # that operation.
3636
+ # @return [String]
3637
+ #
3638
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetManagedRuleSetResponse AWS API Documentation
3639
+ #
3640
+ class GetManagedRuleSetResponse < Struct.new(
3641
+ :managed_rule_set,
3642
+ :lock_token)
3643
+ SENSITIVE = []
3644
+ include Aws::Structure
3645
+ end
3646
+
3385
3647
  # @note When making an API call, you may pass GetPermissionPolicyRequest
3386
3648
  # data as a hash:
3387
3649
  #
@@ -3421,6 +3683,7 @@ module Aws::WAFV2
3421
3683
  # scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
3422
3684
  # web_acl_name: "EntityName", # required
3423
3685
  # web_acl_id: "EntityId", # required
3686
+ # rule_group_rule_name: "EntityName",
3424
3687
  # rule_name: "EntityName", # required
3425
3688
  # }
3426
3689
  #
@@ -3450,8 +3713,17 @@ module Aws::WAFV2
3450
3713
  # like update and delete.
3451
3714
  # @return [String]
3452
3715
  #
3716
+ # @!attribute [rw] rule_group_rule_name
3717
+ # The name of the rule group reference statement in your web ACL. This
3718
+ # is required only when you have the rate-based rule nested inside a
3719
+ # rule group.
3720
+ # @return [String]
3721
+ #
3453
3722
  # @!attribute [rw] rule_name
3454
- # The name of the rate-based rule to get the keys for.
3723
+ # The name of the rate-based rule to get the keys for. If you have the
3724
+ # rule defined inside a rule group that you're using in your web ACL,
3725
+ # also provide the name of the rule group reference statement in the
3726
+ # request parameter `RuleGroupRuleName`.
3455
3727
  # @return [String]
3456
3728
  #
3457
3729
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetRateBasedStatementManagedKeysRequest AWS API Documentation
@@ -3460,6 +3732,7 @@ module Aws::WAFV2
3460
3732
  :scope,
3461
3733
  :web_acl_name,
3462
3734
  :web_acl_id,
3735
+ :rule_group_rule_name,
3463
3736
  :rule_name)
3464
3737
  SENSITIVE = []
3465
3738
  include Aws::Structure
@@ -3531,15 +3804,15 @@ module Aws::WAFV2
3531
3804
  # @return [Types::RegexPatternSet]
3532
3805
  #
3533
3806
  # @!attribute [rw] lock_token
3534
- # A token used for optimistic locking. WAF returns a token to your get
3535
- # and list requests, to mark the state of the entity at the time of
3536
- # the request. To make changes to the entity associated with the
3537
- # token, you provide the token to operations like update and delete.
3538
- # WAF uses the token to ensure that no changes have been made to the
3539
- # entity since you last retrieved it. If a change has been made, the
3540
- # update fails with a `WAFOptimisticLockException`. If this happens,
3541
- # perform another get, and use the new token returned by that
3542
- # operation.
3807
+ # A token used for optimistic locking. WAF returns a token to your
3808
+ # `get` and `list` requests, to mark the state of the entity at the
3809
+ # time of the request. To make changes to the entity associated with
3810
+ # the token, you provide the token to operations like `update` and
3811
+ # `delete`. WAF uses the token to ensure that no changes have been
3812
+ # made to the entity since you last retrieved it. If a change has been
3813
+ # made, the update fails with a `WAFOptimisticLockException`. If this
3814
+ # happens, perform another `get`, and use the new token returned by
3815
+ # that operation.
3543
3816
  # @return [String]
3544
3817
  #
3545
3818
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetRegexPatternSetResponse AWS API Documentation
@@ -3606,15 +3879,15 @@ module Aws::WAFV2
3606
3879
  # @return [Types::RuleGroup]
3607
3880
  #
3608
3881
  # @!attribute [rw] lock_token
3609
- # A token used for optimistic locking. WAF returns a token to your get
3610
- # and list requests, to mark the state of the entity at the time of
3611
- # the request. To make changes to the entity associated with the
3612
- # token, you provide the token to operations like update and delete.
3613
- # WAF uses the token to ensure that no changes have been made to the
3614
- # entity since you last retrieved it. If a change has been made, the
3615
- # update fails with a `WAFOptimisticLockException`. If this happens,
3616
- # perform another get, and use the new token returned by that
3617
- # operation.
3882
+ # A token used for optimistic locking. WAF returns a token to your
3883
+ # `get` and `list` requests, to mark the state of the entity at the
3884
+ # time of the request. To make changes to the entity associated with
3885
+ # the token, you provide the token to operations like `update` and
3886
+ # `delete`. WAF uses the token to ensure that no changes have been
3887
+ # made to the entity since you last retrieved it. If a change has been
3888
+ # made, the update fails with a `WAFOptimisticLockException`. If this
3889
+ # happens, perform another `get`, and use the new token returned by
3890
+ # that operation.
3618
3891
  # @return [String]
3619
3892
  #
3620
3893
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetRuleGroupResponse AWS API Documentation
@@ -3809,15 +4082,15 @@ module Aws::WAFV2
3809
4082
  # @return [Types::WebACL]
3810
4083
  #
3811
4084
  # @!attribute [rw] lock_token
3812
- # A token used for optimistic locking. WAF returns a token to your get
3813
- # and list requests, to mark the state of the entity at the time of
3814
- # the request. To make changes to the entity associated with the
3815
- # token, you provide the token to operations like update and delete.
3816
- # WAF uses the token to ensure that no changes have been made to the
3817
- # entity since you last retrieved it. If a change has been made, the
3818
- # update fails with a `WAFOptimisticLockException`. If this happens,
3819
- # perform another get, and use the new token returned by that
3820
- # operation.
4085
+ # A token used for optimistic locking. WAF returns a token to your
4086
+ # `get` and `list` requests, to mark the state of the entity at the
4087
+ # time of the request. To make changes to the entity associated with
4088
+ # the token, you provide the token to operations like `update` and
4089
+ # `delete`. WAF uses the token to ensure that no changes have been
4090
+ # made to the entity since you last retrieved it. If a change has been
4091
+ # made, the update fails with a `WAFOptimisticLockException`. If this
4092
+ # happens, perform another `get`, and use the new token returned by
4093
+ # that operation.
3821
4094
  # @return [String]
3822
4095
  #
3823
4096
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetWebACLResponse AWS API Documentation
@@ -3942,7 +4215,7 @@ module Aws::WAFV2
3942
4215
  # @return [String]
3943
4216
  #
3944
4217
  # @!attribute [rw] ip_address_version
3945
- # Specify IPV4 or IPV6.
4218
+ # The version of the IP addresses, either `IPV4` or `IPV6`.
3946
4219
  # @return [String]
3947
4220
  #
3948
4221
  # @!attribute [rw] addresses
@@ -4143,15 +4416,15 @@ module Aws::WAFV2
4143
4416
  # @return [String]
4144
4417
  #
4145
4418
  # @!attribute [rw] lock_token
4146
- # A token used for optimistic locking. WAF returns a token to your get
4147
- # and list requests, to mark the state of the entity at the time of
4148
- # the request. To make changes to the entity associated with the
4149
- # token, you provide the token to operations like update and delete.
4150
- # WAF uses the token to ensure that no changes have been made to the
4151
- # entity since you last retrieved it. If a change has been made, the
4152
- # update fails with a `WAFOptimisticLockException`. If this happens,
4153
- # perform another get, and use the new token returned by that
4154
- # operation.
4419
+ # A token used for optimistic locking. WAF returns a token to your
4420
+ # `get` and `list` requests, to mark the state of the entity at the
4421
+ # time of the request. To make changes to the entity associated with
4422
+ # the token, you provide the token to operations like `update` and
4423
+ # `delete`. WAF uses the token to ensure that no changes have been
4424
+ # made to the entity since you last retrieved it. If a change has been
4425
+ # made, the update fails with a `WAFOptimisticLockException`. If this
4426
+ # happens, perform another `get`, and use the new token returned by
4427
+ # that operation.
4155
4428
  # @return [String]
4156
4429
  #
4157
4430
  # @!attribute [rw] arn
@@ -4179,6 +4452,9 @@ module Aws::WAFV2
4179
4452
  # inspects only the parts of the JSON that result from the matches that
4180
4453
  # you indicate.
4181
4454
  #
4455
+ # Example JSON: `"JsonBody": \{ "MatchPattern": \{ "All": \{\} \},
4456
+ # "MatchScope": "ALL" \}`
4457
+ #
4182
4458
  # @note When making an API call, you may pass JsonBody
4183
4459
  # data as a hash:
4184
4460
  #
@@ -4220,9 +4496,9 @@ module Aws::WAFV2
4220
4496
  # content only up to the first parsing failure that it encounters.
4221
4497
  #
4222
4498
  # WAF does its best to parse the entire JSON body, but might be forced
4223
- # to stop for reasons such as characters that aren't valid, duplicate
4224
- # keys, truncation, and any content whose root node isn't an object
4225
- # or an array.
4499
+ # to stop for reasons such as invalid characters, duplicate keys,
4500
+ # truncation, and any content whose root node isn't an object or an
4501
+ # array.
4226
4502
  #
4227
4503
  # WAF parses the JSON in the following examples as two valid key,
4228
4504
  # value pairs:
@@ -4418,15 +4694,27 @@ module Aws::WAFV2
4418
4694
  include Aws::Structure
4419
4695
  end
4420
4696
 
4421
- # @note When making an API call, you may pass ListAvailableManagedRuleGroupsRequest
4697
+ # @note When making an API call, you may pass ListAvailableManagedRuleGroupVersionsRequest
4422
4698
  # data as a hash:
4423
4699
  #
4424
4700
  # {
4701
+ # vendor_name: "VendorName", # required
4702
+ # name: "EntityName", # required
4425
4703
  # scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
4426
4704
  # next_marker: "NextMarker",
4427
4705
  # limit: 1,
4428
4706
  # }
4429
4707
  #
4708
+ # @!attribute [rw] vendor_name
4709
+ # The name of the managed rule group vendor. You use this, along with
4710
+ # the rule group name, to identify the rule group.
4711
+ # @return [String]
4712
+ #
4713
+ # @!attribute [rw] name
4714
+ # The name of the managed rule group. You use this, along with the
4715
+ # vendor name, to identify the rule group.
4716
+ # @return [String]
4717
+ #
4430
4718
  # @!attribute [rw] scope
4431
4719
  # Specifies whether this is for an Amazon CloudFront distribution or
4432
4720
  # for a regional application. A regional application can be an
@@ -4457,9 +4745,11 @@ module Aws::WAFV2
4457
4745
  # to get the next batch of objects.
4458
4746
  # @return [Integer]
4459
4747
  #
4460
- # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListAvailableManagedRuleGroupsRequest AWS API Documentation
4748
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListAvailableManagedRuleGroupVersionsRequest AWS API Documentation
4461
4749
  #
4462
- class ListAvailableManagedRuleGroupsRequest < Struct.new(
4750
+ class ListAvailableManagedRuleGroupVersionsRequest < Struct.new(
4751
+ :vendor_name,
4752
+ :name,
4463
4753
  :scope,
4464
4754
  :next_marker,
4465
4755
  :limit)
@@ -4475,19 +4765,21 @@ module Aws::WAFV2
4475
4765
  # your next request.
4476
4766
  # @return [String]
4477
4767
  #
4478
- # @!attribute [rw] managed_rule_groups
4479
- # @return [Array<Types::ManagedRuleGroupSummary>]
4768
+ # @!attribute [rw] versions
4769
+ # The versions that are currently available for the specified managed
4770
+ # rule group.
4771
+ # @return [Array<Types::ManagedRuleGroupVersion>]
4480
4772
  #
4481
- # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListAvailableManagedRuleGroupsResponse AWS API Documentation
4773
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListAvailableManagedRuleGroupVersionsResponse AWS API Documentation
4482
4774
  #
4483
- class ListAvailableManagedRuleGroupsResponse < Struct.new(
4775
+ class ListAvailableManagedRuleGroupVersionsResponse < Struct.new(
4484
4776
  :next_marker,
4485
- :managed_rule_groups)
4777
+ :versions)
4486
4778
  SENSITIVE = []
4487
4779
  include Aws::Structure
4488
4780
  end
4489
4781
 
4490
- # @note When making an API call, you may pass ListIPSetsRequest
4782
+ # @note When making an API call, you may pass ListAvailableManagedRuleGroupsRequest
4491
4783
  # data as a hash:
4492
4784
  #
4493
4785
  # {
@@ -4526,9 +4818,9 @@ module Aws::WAFV2
4526
4818
  # to get the next batch of objects.
4527
4819
  # @return [Integer]
4528
4820
  #
4529
- # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListIPSetsRequest AWS API Documentation
4821
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListAvailableManagedRuleGroupsRequest AWS API Documentation
4530
4822
  #
4531
- class ListIPSetsRequest < Struct.new(
4823
+ class ListAvailableManagedRuleGroupsRequest < Struct.new(
4532
4824
  :scope,
4533
4825
  :next_marker,
4534
4826
  :limit)
@@ -4544,25 +4836,23 @@ module Aws::WAFV2
4544
4836
  # your next request.
4545
4837
  # @return [String]
4546
4838
  #
4547
- # @!attribute [rw] ip_sets
4548
- # Array of IPSets. This may not be the full list of IPSets that you
4549
- # have defined. See the `Limit` specification for this request.
4550
- # @return [Array<Types::IPSetSummary>]
4839
+ # @!attribute [rw] managed_rule_groups
4840
+ # @return [Array<Types::ManagedRuleGroupSummary>]
4551
4841
  #
4552
- # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListIPSetsResponse AWS API Documentation
4842
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListAvailableManagedRuleGroupsResponse AWS API Documentation
4553
4843
  #
4554
- class ListIPSetsResponse < Struct.new(
4844
+ class ListAvailableManagedRuleGroupsResponse < Struct.new(
4555
4845
  :next_marker,
4556
- :ip_sets)
4846
+ :managed_rule_groups)
4557
4847
  SENSITIVE = []
4558
4848
  include Aws::Structure
4559
4849
  end
4560
4850
 
4561
- # @note When making an API call, you may pass ListLoggingConfigurationsRequest
4851
+ # @note When making an API call, you may pass ListIPSetsRequest
4562
4852
  # data as a hash:
4563
4853
  #
4564
4854
  # {
4565
- # scope: "CLOUDFRONT", # accepts CLOUDFRONT, REGIONAL
4855
+ # scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
4566
4856
  # next_marker: "NextMarker",
4567
4857
  # limit: 1,
4568
4858
  # }
@@ -4597,9 +4887,9 @@ module Aws::WAFV2
4597
4887
  # to get the next batch of objects.
4598
4888
  # @return [Integer]
4599
4889
  #
4600
- # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListLoggingConfigurationsRequest AWS API Documentation
4890
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListIPSetsRequest AWS API Documentation
4601
4891
  #
4602
- class ListLoggingConfigurationsRequest < Struct.new(
4892
+ class ListIPSetsRequest < Struct.new(
4603
4893
  :scope,
4604
4894
  :next_marker,
4605
4895
  :limit)
@@ -4607,8 +4897,79 @@ module Aws::WAFV2
4607
4897
  include Aws::Structure
4608
4898
  end
4609
4899
 
4610
- # @!attribute [rw] logging_configurations
4611
- # @return [Array<Types::LoggingConfiguration>]
4900
+ # @!attribute [rw] next_marker
4901
+ # When you request a list of objects with a `Limit` setting, if the
4902
+ # number of objects that are still available for retrieval exceeds the
4903
+ # limit, WAF returns a `NextMarker` value in the response. To retrieve
4904
+ # the next batch of objects, provide the marker from the prior call in
4905
+ # your next request.
4906
+ # @return [String]
4907
+ #
4908
+ # @!attribute [rw] ip_sets
4909
+ # Array of IPSets. This may not be the full list of IPSets that you
4910
+ # have defined. See the `Limit` specification for this request.
4911
+ # @return [Array<Types::IPSetSummary>]
4912
+ #
4913
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListIPSetsResponse AWS API Documentation
4914
+ #
4915
+ class ListIPSetsResponse < Struct.new(
4916
+ :next_marker,
4917
+ :ip_sets)
4918
+ SENSITIVE = []
4919
+ include Aws::Structure
4920
+ end
4921
+
4922
+ # @note When making an API call, you may pass ListLoggingConfigurationsRequest
4923
+ # data as a hash:
4924
+ #
4925
+ # {
4926
+ # scope: "CLOUDFRONT", # accepts CLOUDFRONT, REGIONAL
4927
+ # next_marker: "NextMarker",
4928
+ # limit: 1,
4929
+ # }
4930
+ #
4931
+ # @!attribute [rw] scope
4932
+ # Specifies whether this is for an Amazon CloudFront distribution or
4933
+ # for a regional application. A regional application can be an
4934
+ # Application Load Balancer (ALB), an Amazon API Gateway REST API, or
4935
+ # an AppSync GraphQL API.
4936
+ #
4937
+ # To work with CloudFront, you must also specify the Region US East
4938
+ # (N. Virginia) as follows:
4939
+ #
4940
+ # * CLI - Specify the Region when you use the CloudFront scope:
4941
+ # `--scope=CLOUDFRONT --region=us-east-1`.
4942
+ #
4943
+ # * API and SDKs - For all calls, use the Region endpoint us-east-1.
4944
+ # @return [String]
4945
+ #
4946
+ # @!attribute [rw] next_marker
4947
+ # When you request a list of objects with a `Limit` setting, if the
4948
+ # number of objects that are still available for retrieval exceeds the
4949
+ # limit, WAF returns a `NextMarker` value in the response. To retrieve
4950
+ # the next batch of objects, provide the marker from the prior call in
4951
+ # your next request.
4952
+ # @return [String]
4953
+ #
4954
+ # @!attribute [rw] limit
4955
+ # The maximum number of objects that you want WAF to return for this
4956
+ # request. If more objects are available, in the response, WAF
4957
+ # provides a `NextMarker` value that you can use in a subsequent call
4958
+ # to get the next batch of objects.
4959
+ # @return [Integer]
4960
+ #
4961
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListLoggingConfigurationsRequest AWS API Documentation
4962
+ #
4963
+ class ListLoggingConfigurationsRequest < Struct.new(
4964
+ :scope,
4965
+ :next_marker,
4966
+ :limit)
4967
+ SENSITIVE = []
4968
+ include Aws::Structure
4969
+ end
4970
+
4971
+ # @!attribute [rw] logging_configurations
4972
+ # @return [Array<Types::LoggingConfiguration>]
4612
4973
  #
4613
4974
  # @!attribute [rw] next_marker
4614
4975
  # When you request a list of objects with a `Limit` setting, if the
@@ -4627,6 +4988,76 @@ module Aws::WAFV2
4627
4988
  include Aws::Structure
4628
4989
  end
4629
4990
 
4991
+ # @note When making an API call, you may pass ListManagedRuleSetsRequest
4992
+ # data as a hash:
4993
+ #
4994
+ # {
4995
+ # scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
4996
+ # next_marker: "NextMarker",
4997
+ # limit: 1,
4998
+ # }
4999
+ #
5000
+ # @!attribute [rw] scope
5001
+ # Specifies whether this is for an Amazon CloudFront distribution or
5002
+ # for a regional application. A regional application can be an
5003
+ # Application Load Balancer (ALB), an Amazon API Gateway REST API, or
5004
+ # an AppSync GraphQL API.
5005
+ #
5006
+ # To work with CloudFront, you must also specify the Region US East
5007
+ # (N. Virginia) as follows:
5008
+ #
5009
+ # * CLI - Specify the Region when you use the CloudFront scope:
5010
+ # `--scope=CLOUDFRONT --region=us-east-1`.
5011
+ #
5012
+ # * API and SDKs - For all calls, use the Region endpoint us-east-1.
5013
+ # @return [String]
5014
+ #
5015
+ # @!attribute [rw] next_marker
5016
+ # When you request a list of objects with a `Limit` setting, if the
5017
+ # number of objects that are still available for retrieval exceeds the
5018
+ # limit, WAF returns a `NextMarker` value in the response. To retrieve
5019
+ # the next batch of objects, provide the marker from the prior call in
5020
+ # your next request.
5021
+ # @return [String]
5022
+ #
5023
+ # @!attribute [rw] limit
5024
+ # The maximum number of objects that you want WAF to return for this
5025
+ # request. If more objects are available, in the response, WAF
5026
+ # provides a `NextMarker` value that you can use in a subsequent call
5027
+ # to get the next batch of objects.
5028
+ # @return [Integer]
5029
+ #
5030
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListManagedRuleSetsRequest AWS API Documentation
5031
+ #
5032
+ class ListManagedRuleSetsRequest < Struct.new(
5033
+ :scope,
5034
+ :next_marker,
5035
+ :limit)
5036
+ SENSITIVE = []
5037
+ include Aws::Structure
5038
+ end
5039
+
5040
+ # @!attribute [rw] next_marker
5041
+ # When you request a list of objects with a `Limit` setting, if the
5042
+ # number of objects that are still available for retrieval exceeds the
5043
+ # limit, WAF returns a `NextMarker` value in the response. To retrieve
5044
+ # the next batch of objects, provide the marker from the prior call in
5045
+ # your next request.
5046
+ # @return [String]
5047
+ #
5048
+ # @!attribute [rw] managed_rule_sets
5049
+ # Your managed rule sets.
5050
+ # @return [Array<Types::ManagedRuleSetSummary>]
5051
+ #
5052
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListManagedRuleSetsResponse AWS API Documentation
5053
+ #
5054
+ class ListManagedRuleSetsResponse < Struct.new(
5055
+ :next_marker,
5056
+ :managed_rule_sets)
5057
+ SENSITIVE = []
5058
+ include Aws::Structure
5059
+ end
5060
+
4630
5061
  # @note When making an API call, you may pass ListRegexPatternSetsRequest
4631
5062
  # data as a hash:
4632
5063
  #
@@ -5008,11 +5439,11 @@ module Aws::WAFV2
5008
5439
  #
5009
5440
  # @!attribute [rw] redacted_fields
5010
5441
  # The parts of the request that you want to keep out of the logs. For
5011
- # example, if you redact the `HEADER` field, the `HEADER` field in the
5012
- # firehose will be `xxx`.
5442
+ # example, if you redact the `SingleHeader` field, the `HEADER` field
5443
+ # in the firehose will be `xxx`.
5013
5444
  #
5014
- # <note markdown="1"> You must use one of the following values: `URI`, `QUERY_STRING`,
5015
- # `HEADER`, or `METHOD`.
5445
+ # <note markdown="1"> You can specify only the following fields for redaction: `UriPath`,
5446
+ # `QueryString`, `SingleHeader`, `Method`, and `JsonBody`.
5016
5447
  #
5017
5448
  # </note>
5018
5449
  # @return [Array<Types::FieldToMatch>]
@@ -5104,6 +5535,7 @@ module Aws::WAFV2
5104
5535
  # {
5105
5536
  # vendor_name: "VendorName", # required
5106
5537
  # name: "EntityName", # required
5538
+ # version: "VersionKeyString",
5107
5539
  # excluded_rules: [
5108
5540
  # {
5109
5541
  # name: "EntityName", # required
@@ -5346,6 +5778,7 @@ module Aws::WAFV2
5346
5778
  # managed_rule_group_statement: {
5347
5779
  # vendor_name: "VendorName", # required
5348
5780
  # name: "EntityName", # required
5781
+ # version: "VersionKeyString",
5349
5782
  # excluded_rules: [
5350
5783
  # {
5351
5784
  # name: "EntityName", # required
@@ -5359,6 +5792,42 @@ module Aws::WAFV2
5359
5792
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
5360
5793
  # key: "LabelMatchKey", # required
5361
5794
  # },
5795
+ # regex_match_statement: {
5796
+ # regex_string: "RegexPatternString", # required
5797
+ # field_to_match: { # required
5798
+ # single_header: {
5799
+ # name: "FieldToMatchData", # required
5800
+ # },
5801
+ # single_query_argument: {
5802
+ # name: "FieldToMatchData", # required
5803
+ # },
5804
+ # all_query_arguments: {
5805
+ # },
5806
+ # uri_path: {
5807
+ # },
5808
+ # query_string: {
5809
+ # },
5810
+ # body: {
5811
+ # },
5812
+ # method: {
5813
+ # },
5814
+ # json_body: {
5815
+ # match_pattern: { # required
5816
+ # all: {
5817
+ # },
5818
+ # included_paths: ["JsonPointerPath"],
5819
+ # },
5820
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
5821
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
5822
+ # },
5823
+ # },
5824
+ # text_transformations: [ # required
5825
+ # {
5826
+ # priority: 1, # required
5827
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
5828
+ # },
5829
+ # ],
5830
+ # },
5362
5831
  # },
5363
5832
  # }
5364
5833
  #
@@ -5372,6 +5841,14 @@ module Aws::WAFV2
5372
5841
  # vendor name, to identify the rule group.
5373
5842
  # @return [String]
5374
5843
  #
5844
+ # @!attribute [rw] version
5845
+ # The version of the managed rule group to use. If you specify this,
5846
+ # the version setting is fixed until you change it. If you don't
5847
+ # specify this, WAF uses the vendor's default version, and then keeps
5848
+ # the version at the vendor's default when the vendor updates the
5849
+ # managed rule group settings.
5850
+ # @return [String]
5851
+ #
5375
5852
  # @!attribute [rw] excluded_rules
5376
5853
  # The rules whose actions are set to `COUNT` by the web ACL,
5377
5854
  # regardless of the action that is set on the rule. This effectively
@@ -5392,6 +5869,7 @@ module Aws::WAFV2
5392
5869
  class ManagedRuleGroupStatement < Struct.new(
5393
5870
  :vendor_name,
5394
5871
  :name,
5872
+ :version,
5395
5873
  :excluded_rules,
5396
5874
  :scope_down_statement)
5397
5875
  SENSITIVE = []
@@ -5403,8 +5881,9 @@ module Aws::WAFV2
5403
5881
  # name and vendor name, that you provide when you add a
5404
5882
  # ManagedRuleGroupStatement to a web ACL. Managed rule groups include
5405
5883
  # Amazon Web Services Managed Rules rule groups, which are free of
5406
- # charge to WAF customers, and Marketplace managed rule groups, which
5407
- # you can subscribe to through Marketplace.
5884
+ # charge to WAF customers, and Amazon Web Services Marketplace managed
5885
+ # rule groups, which you can subscribe to through Amazon Web Services
5886
+ # Marketplace.
5408
5887
  #
5409
5888
  # @!attribute [rw] vendor_name
5410
5889
  # The name of the managed rule group vendor. You use this, along with
@@ -5418,7 +5897,8 @@ module Aws::WAFV2
5418
5897
  #
5419
5898
  # @!attribute [rw] description
5420
5899
  # The description of the managed rule group, provided by Amazon Web
5421
- # Services Managed Rules or the Marketplace seller who manages it.
5900
+ # Services Managed Rules or the Amazon Web Services Marketplace seller
5901
+ # who manages it.
5422
5902
  # @return [String]
5423
5903
  #
5424
5904
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleGroupSummary AWS API Documentation
@@ -5431,12 +5911,263 @@ module Aws::WAFV2
5431
5911
  include Aws::Structure
5432
5912
  end
5433
5913
 
5914
+ # Describes a single version of a managed rule group.
5915
+ #
5916
+ # @!attribute [rw] name
5917
+ # The version name.
5918
+ # @return [String]
5919
+ #
5920
+ # @!attribute [rw] last_update_timestamp
5921
+ # The date and time that the managed rule group owner updated the rule
5922
+ # group version information.
5923
+ # @return [Time]
5924
+ #
5925
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleGroupVersion AWS API Documentation
5926
+ #
5927
+ class ManagedRuleGroupVersion < Struct.new(
5928
+ :name,
5929
+ :last_update_timestamp)
5930
+ SENSITIVE = []
5931
+ include Aws::Structure
5932
+ end
5933
+
5934
+ # A set of rules that is managed by Amazon Web Services and Amazon Web
5935
+ # Services Marketplace sellers to provide versioned managed rule groups
5936
+ # for customers of WAF.
5937
+ #
5938
+ # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
5939
+ # are Amazon Web Services and Amazon Web Services Marketplace sellers.
5940
+ #
5941
+ # Vendors, you can use the managed rule set APIs to provide controlled
5942
+ # rollout of your versioned managed rule group offerings for your
5943
+ # customers. The APIs are `ListManagedRuleSets`, `GetManagedRuleSet`,
5944
+ # `PutManagedRuleSetVersions`, and
5945
+ # `UpdateManagedRuleSetVersionExpiryDate`.
5946
+ #
5947
+ # </note>
5948
+ #
5949
+ # @!attribute [rw] name
5950
+ # The name of the managed rule set. You use this, along with the rule
5951
+ # set ID, to identify the rule set.
5952
+ #
5953
+ # This name is assigned to the corresponding managed rule group, which
5954
+ # your customers can access and use.
5955
+ # @return [String]
5956
+ #
5957
+ # @!attribute [rw] id
5958
+ # A unique identifier for the managed rule set. The ID is returned in
5959
+ # the responses to commands like `list`. You provide it to operations
5960
+ # like `get` and `update`.
5961
+ # @return [String]
5962
+ #
5963
+ # @!attribute [rw] arn
5964
+ # The Amazon Resource Name (ARN) of the entity.
5965
+ # @return [String]
5966
+ #
5967
+ # @!attribute [rw] description
5968
+ # A description of the set that helps with identification.
5969
+ # @return [String]
5970
+ #
5971
+ # @!attribute [rw] published_versions
5972
+ # The versions of this managed rule set that are available for use by
5973
+ # customers.
5974
+ # @return [Hash<String,Types::ManagedRuleSetVersion>]
5975
+ #
5976
+ # @!attribute [rw] recommended_version
5977
+ # The version that you would like your customers to use.
5978
+ # @return [String]
5979
+ #
5980
+ # @!attribute [rw] label_namespace
5981
+ # The label namespace prefix for the managed rule groups that are
5982
+ # offered to customers from this managed rule set. All labels that are
5983
+ # added by rules in the managed rule group have this prefix.
5984
+ #
5985
+ # * The syntax for the label namespace prefix for a managed rule group
5986
+ # is the following:
5987
+ #
5988
+ # `awswaf:managed:<vendor>:<rule group name>`\:
5989
+ #
5990
+ # * When a rule with a label matches a web request, WAF adds the fully
5991
+ # qualified label to the request. A fully qualified label is made up
5992
+ # of the label namespace from the rule group or web ACL where the
5993
+ # rule is defined and the label from the rule, separated by a colon:
5994
+ #
5995
+ # `<label namespace>:<label from rule>`
5996
+ # @return [String]
5997
+ #
5998
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleSet AWS API Documentation
5999
+ #
6000
+ class ManagedRuleSet < Struct.new(
6001
+ :name,
6002
+ :id,
6003
+ :arn,
6004
+ :description,
6005
+ :published_versions,
6006
+ :recommended_version,
6007
+ :label_namespace)
6008
+ SENSITIVE = []
6009
+ include Aws::Structure
6010
+ end
6011
+
6012
+ # High-level information for a managed rule set.
6013
+ #
6014
+ # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
6015
+ # are Amazon Web Services and Amazon Web Services Marketplace sellers.
6016
+ #
6017
+ # Vendors, you can use the managed rule set APIs to provide controlled
6018
+ # rollout of your versioned managed rule group offerings for your
6019
+ # customers. The APIs are `ListManagedRuleSets`, `GetManagedRuleSet`,
6020
+ # `PutManagedRuleSetVersions`, and
6021
+ # `UpdateManagedRuleSetVersionExpiryDate`.
6022
+ #
6023
+ # </note>
6024
+ #
6025
+ # @!attribute [rw] name
6026
+ # The name of the managed rule set. You use this, along with the rule
6027
+ # set ID, to identify the rule set.
6028
+ #
6029
+ # This name is assigned to the corresponding managed rule group, which
6030
+ # your customers can access and use.
6031
+ # @return [String]
6032
+ #
6033
+ # @!attribute [rw] id
6034
+ # A unique identifier for the managed rule set. The ID is returned in
6035
+ # the responses to commands like `list`. You provide it to operations
6036
+ # like `get` and `update`.
6037
+ # @return [String]
6038
+ #
6039
+ # @!attribute [rw] description
6040
+ # A description of the set that helps with identification.
6041
+ # @return [String]
6042
+ #
6043
+ # @!attribute [rw] lock_token
6044
+ # A token used for optimistic locking. WAF returns a token to your
6045
+ # `get` and `list` requests, to mark the state of the entity at the
6046
+ # time of the request. To make changes to the entity associated with
6047
+ # the token, you provide the token to operations like `update` and
6048
+ # `delete`. WAF uses the token to ensure that no changes have been
6049
+ # made to the entity since you last retrieved it. If a change has been
6050
+ # made, the update fails with a `WAFOptimisticLockException`. If this
6051
+ # happens, perform another `get`, and use the new token returned by
6052
+ # that operation.
6053
+ # @return [String]
6054
+ #
6055
+ # @!attribute [rw] arn
6056
+ # The Amazon Resource Name (ARN) of the entity.
6057
+ # @return [String]
6058
+ #
6059
+ # @!attribute [rw] label_namespace
6060
+ # The label namespace prefix for the managed rule groups that are
6061
+ # offered to customers from this managed rule set. All labels that are
6062
+ # added by rules in the managed rule group have this prefix.
6063
+ #
6064
+ # * The syntax for the label namespace prefix for a managed rule group
6065
+ # is the following:
6066
+ #
6067
+ # `awswaf:managed:<vendor>:<rule group name>`\:
6068
+ #
6069
+ # * When a rule with a label matches a web request, WAF adds the fully
6070
+ # qualified label to the request. A fully qualified label is made up
6071
+ # of the label namespace from the rule group or web ACL where the
6072
+ # rule is defined and the label from the rule, separated by a colon:
6073
+ #
6074
+ # `<label namespace>:<label from rule>`
6075
+ # @return [String]
6076
+ #
6077
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleSetSummary AWS API Documentation
6078
+ #
6079
+ class ManagedRuleSetSummary < Struct.new(
6080
+ :name,
6081
+ :id,
6082
+ :description,
6083
+ :lock_token,
6084
+ :arn,
6085
+ :label_namespace)
6086
+ SENSITIVE = []
6087
+ include Aws::Structure
6088
+ end
6089
+
6090
+ # Information for a single version of a managed rule set.
6091
+ #
6092
+ # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
6093
+ # are Amazon Web Services and Amazon Web Services Marketplace sellers.
6094
+ #
6095
+ # Vendors, you can use the managed rule set APIs to provide controlled
6096
+ # rollout of your versioned managed rule group offerings for your
6097
+ # customers. The APIs are `ListManagedRuleSets`, `GetManagedRuleSet`,
6098
+ # `PutManagedRuleSetVersions`, and
6099
+ # `UpdateManagedRuleSetVersionExpiryDate`.
6100
+ #
6101
+ # </note>
6102
+ #
6103
+ # @!attribute [rw] associated_rule_group_arn
6104
+ # The Amazon Resource Name (ARN) of the vendor rule group that's used
6105
+ # to define the published version of your managed rule group.
6106
+ # @return [String]
6107
+ #
6108
+ # @!attribute [rw] capacity
6109
+ # The web ACL capacity units (WCUs) required for this rule group.
6110
+ #
6111
+ # WAF uses WCUs to calculate and control the operating resources that
6112
+ # are used to run your rules, rule groups, and web ACLs. WAF
6113
+ # calculates capacity differently for each rule type, to reflect the
6114
+ # relative cost of each rule. Simple rules that cost little to run use
6115
+ # fewer WCUs than more complex rules that use more processing power.
6116
+ # Rule group capacity is fixed at creation, which helps users plan
6117
+ # their web ACL WCU usage when they use a rule group. The WCU limit
6118
+ # for web ACLs is 1,500.
6119
+ # @return [Integer]
6120
+ #
6121
+ # @!attribute [rw] forecasted_lifetime
6122
+ # The amount of time you expect this version of your managed rule
6123
+ # group to last, in days.
6124
+ # @return [Integer]
6125
+ #
6126
+ # @!attribute [rw] publish_timestamp
6127
+ # The time that you first published this version.
6128
+ #
6129
+ # Times are in Coordinated Universal Time (UTC) format. UTC format
6130
+ # includes the special designator, Z. For example,
6131
+ # "2016-09-27T14:50Z".
6132
+ # @return [Time]
6133
+ #
6134
+ # @!attribute [rw] last_update_timestamp
6135
+ # The last time that you updated this version.
6136
+ #
6137
+ # Times are in Coordinated Universal Time (UTC) format. UTC format
6138
+ # includes the special designator, Z. For example,
6139
+ # "2016-09-27T14:50Z".
6140
+ # @return [Time]
6141
+ #
6142
+ # @!attribute [rw] expiry_timestamp
6143
+ # The time that this version is set to expire.
6144
+ #
6145
+ # Times are in Coordinated Universal Time (UTC) format. UTC format
6146
+ # includes the special designator, Z. For example,
6147
+ # "2016-09-27T14:50Z".
6148
+ # @return [Time]
6149
+ #
6150
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleSetVersion AWS API Documentation
6151
+ #
6152
+ class ManagedRuleSetVersion < Struct.new(
6153
+ :associated_rule_group_arn,
6154
+ :capacity,
6155
+ :forecasted_lifetime,
6156
+ :publish_timestamp,
6157
+ :last_update_timestamp,
6158
+ :expiry_timestamp)
6159
+ SENSITIVE = []
6160
+ include Aws::Structure
6161
+ end
6162
+
5434
6163
  # The HTTP method of a web request. The method indicates the type of
5435
6164
  # operation that the request is asking the origin to perform.
5436
6165
  #
5437
6166
  # This is used only to indicate the web request component for WAF to
5438
6167
  # inspect, in the FieldToMatch specification.
5439
6168
  #
6169
+ # JSON specification: `"Method": \{\}`
6170
+ #
5440
6171
  # @api private
5441
6172
  #
5442
6173
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Method AWS API Documentation
@@ -5450,6 +6181,8 @@ module Aws::WAFV2
5450
6181
  # This is used in the context of other settings, for example to specify
5451
6182
  # values for RuleAction and web ACL DefaultAction.
5452
6183
  #
6184
+ # JSON specification: `"None": \{\}`
6185
+ #
5453
6186
  # @api private
5454
6187
  #
5455
6188
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/NoneAction AWS API Documentation
@@ -5700,6 +6433,7 @@ module Aws::WAFV2
5700
6433
  # managed_rule_group_statement: {
5701
6434
  # vendor_name: "VendorName", # required
5702
6435
  # name: "EntityName", # required
6436
+ # version: "VersionKeyString",
5703
6437
  # excluded_rules: [
5704
6438
  # {
5705
6439
  # name: "EntityName", # required
@@ -5713,6 +6447,42 @@ module Aws::WAFV2
5713
6447
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
5714
6448
  # key: "LabelMatchKey", # required
5715
6449
  # },
6450
+ # regex_match_statement: {
6451
+ # regex_string: "RegexPatternString", # required
6452
+ # field_to_match: { # required
6453
+ # single_header: {
6454
+ # name: "FieldToMatchData", # required
6455
+ # },
6456
+ # single_query_argument: {
6457
+ # name: "FieldToMatchData", # required
6458
+ # },
6459
+ # all_query_arguments: {
6460
+ # },
6461
+ # uri_path: {
6462
+ # },
6463
+ # query_string: {
6464
+ # },
6465
+ # body: {
6466
+ # },
6467
+ # method: {
6468
+ # },
6469
+ # json_body: {
6470
+ # match_pattern: { # required
6471
+ # all: {
6472
+ # },
6473
+ # included_paths: ["JsonPointerPath"],
6474
+ # },
6475
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
6476
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
6477
+ # },
6478
+ # },
6479
+ # text_transformations: [ # required
6480
+ # {
6481
+ # priority: 1, # required
6482
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
6483
+ # },
6484
+ # ],
6485
+ # },
5716
6486
  # },
5717
6487
  # }
5718
6488
  #
@@ -5970,6 +6740,7 @@ module Aws::WAFV2
5970
6740
  # managed_rule_group_statement: {
5971
6741
  # vendor_name: "VendorName", # required
5972
6742
  # name: "EntityName", # required
6743
+ # version: "VersionKeyString",
5973
6744
  # excluded_rules: [
5974
6745
  # {
5975
6746
  # name: "EntityName", # required
@@ -5983,6 +6754,42 @@ module Aws::WAFV2
5983
6754
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
5984
6755
  # key: "LabelMatchKey", # required
5985
6756
  # },
6757
+ # regex_match_statement: {
6758
+ # regex_string: "RegexPatternString", # required
6759
+ # field_to_match: { # required
6760
+ # single_header: {
6761
+ # name: "FieldToMatchData", # required
6762
+ # },
6763
+ # single_query_argument: {
6764
+ # name: "FieldToMatchData", # required
6765
+ # },
6766
+ # all_query_arguments: {
6767
+ # },
6768
+ # uri_path: {
6769
+ # },
6770
+ # query_string: {
6771
+ # },
6772
+ # body: {
6773
+ # },
6774
+ # method: {
6775
+ # },
6776
+ # json_body: {
6777
+ # match_pattern: { # required
6778
+ # all: {
6779
+ # },
6780
+ # included_paths: ["JsonPointerPath"],
6781
+ # },
6782
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
6783
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
6784
+ # },
6785
+ # },
6786
+ # text_transformations: [ # required
6787
+ # {
6788
+ # priority: 1, # required
6789
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
6790
+ # },
6791
+ # ],
6792
+ # },
5986
6793
  # },
5987
6794
  # ],
5988
6795
  # }
@@ -6133,6 +6940,107 @@ module Aws::WAFV2
6133
6940
  include Aws::Structure
6134
6941
  end
6135
6942
 
6943
+ # @note When making an API call, you may pass PutManagedRuleSetVersionsRequest
6944
+ # data as a hash:
6945
+ #
6946
+ # {
6947
+ # name: "EntityName", # required
6948
+ # scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
6949
+ # id: "EntityId", # required
6950
+ # lock_token: "LockToken", # required
6951
+ # recommended_version: "VersionKeyString",
6952
+ # versions_to_publish: {
6953
+ # "VersionKeyString" => {
6954
+ # associated_rule_group_arn: "ResourceArn",
6955
+ # forecasted_lifetime: 1,
6956
+ # },
6957
+ # },
6958
+ # }
6959
+ #
6960
+ # @!attribute [rw] name
6961
+ # The name of the managed rule set. You use this, along with the rule
6962
+ # set ID, to identify the rule set.
6963
+ #
6964
+ # This name is assigned to the corresponding managed rule group, which
6965
+ # your customers can access and use.
6966
+ # @return [String]
6967
+ #
6968
+ # @!attribute [rw] scope
6969
+ # Specifies whether this is for an Amazon CloudFront distribution or
6970
+ # for a regional application. A regional application can be an
6971
+ # Application Load Balancer (ALB), an Amazon API Gateway REST API, or
6972
+ # an AppSync GraphQL API.
6973
+ #
6974
+ # To work with CloudFront, you must also specify the Region US East
6975
+ # (N. Virginia) as follows:
6976
+ #
6977
+ # * CLI - Specify the Region when you use the CloudFront scope:
6978
+ # `--scope=CLOUDFRONT --region=us-east-1`.
6979
+ #
6980
+ # * API and SDKs - For all calls, use the Region endpoint us-east-1.
6981
+ # @return [String]
6982
+ #
6983
+ # @!attribute [rw] id
6984
+ # A unique identifier for the managed rule set. The ID is returned in
6985
+ # the responses to commands like `list`. You provide it to operations
6986
+ # like `get` and `update`.
6987
+ # @return [String]
6988
+ #
6989
+ # @!attribute [rw] lock_token
6990
+ # A token used for optimistic locking. WAF returns a token to your
6991
+ # `get` and `list` requests, to mark the state of the entity at the
6992
+ # time of the request. To make changes to the entity associated with
6993
+ # the token, you provide the token to operations like `update` and
6994
+ # `delete`. WAF uses the token to ensure that no changes have been
6995
+ # made to the entity since you last retrieved it. If a change has been
6996
+ # made, the update fails with a `WAFOptimisticLockException`. If this
6997
+ # happens, perform another `get`, and use the new token returned by
6998
+ # that operation.
6999
+ # @return [String]
7000
+ #
7001
+ # @!attribute [rw] recommended_version
7002
+ # The version of the named managed rule group that you'd like your
7003
+ # customers to choose, from among your version offerings.
7004
+ # @return [String]
7005
+ #
7006
+ # @!attribute [rw] versions_to_publish
7007
+ # The versions of the named managed rule group that you want to offer
7008
+ # to your customers.
7009
+ # @return [Hash<String,Types::VersionToPublish>]
7010
+ #
7011
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/PutManagedRuleSetVersionsRequest AWS API Documentation
7012
+ #
7013
+ class PutManagedRuleSetVersionsRequest < Struct.new(
7014
+ :name,
7015
+ :scope,
7016
+ :id,
7017
+ :lock_token,
7018
+ :recommended_version,
7019
+ :versions_to_publish)
7020
+ SENSITIVE = []
7021
+ include Aws::Structure
7022
+ end
7023
+
7024
+ # @!attribute [rw] next_lock_token
7025
+ # A token used for optimistic locking. WAF returns a token to your
7026
+ # `get` and `list` requests, to mark the state of the entity at the
7027
+ # time of the request. To make changes to the entity associated with
7028
+ # the token, you provide the token to operations like `update` and
7029
+ # `delete`. WAF uses the token to ensure that no changes have been
7030
+ # made to the entity since you last retrieved it. If a change has been
7031
+ # made, the update fails with a `WAFOptimisticLockException`. If this
7032
+ # happens, perform another `get`, and use the new token returned by
7033
+ # that operation.
7034
+ # @return [String]
7035
+ #
7036
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/PutManagedRuleSetVersionsResponse AWS API Documentation
7037
+ #
7038
+ class PutManagedRuleSetVersionsResponse < Struct.new(
7039
+ :next_lock_token)
7040
+ SENSITIVE = []
7041
+ include Aws::Structure
7042
+ end
7043
+
6136
7044
  # @note When making an API call, you may pass PutPermissionPolicyRequest
6137
7045
  # data as a hash:
6138
7046
  #
@@ -6191,6 +7099,8 @@ module Aws::WAFV2
6191
7099
  # This is used only to indicate the web request component for WAF to
6192
7100
  # inspect, in the FieldToMatch specification.
6193
7101
  #
7102
+ # JSON specification: `"QueryString": \{\}`
7103
+ #
6194
7104
  # @api private
6195
7105
  #
6196
7106
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/QueryString AWS API Documentation
@@ -6203,6 +7113,15 @@ module Aws::WAFV2
6203
7113
  # You can use this to put a temporary block on requests from an IP
6204
7114
  # address that is sending excessive requests.
6205
7115
  #
7116
+ # WAF tracks and manages web requests separately for each instance of a
7117
+ # rate-based rule that you use. For example, if you provide the same
7118
+ # rate-based rule settings in two web ACLs, each of the two rule
7119
+ # statements represents a separate instance of the rate-based rule and
7120
+ # gets its own tracking and management by WAF. If you define a
7121
+ # rate-based rule inside a rule group, and then use that rule group in
7122
+ # multiple places, each use creates a separate instance of the
7123
+ # rate-based rule that gets its own tracking and management by WAF.
7124
+ #
6206
7125
  # When the rule action triggers, WAF blocks additional requests from the
6207
7126
  # IP address until the request rate falls below the limit.
6208
7127
  #
@@ -6226,9 +7145,9 @@ module Aws::WAFV2
6226
7145
  # not meet both conditions are not counted towards the rate limit and
6227
7146
  # are not affected by this rule.
6228
7147
  #
6229
- # You cannot nest a `RateBasedStatement`, for example for use inside a
6230
- # `NotStatement` or `OrStatement`. It can only be referenced as a
6231
- # top-level statement within a rule.
7148
+ # You cannot nest a `RateBasedStatement` inside another statement, for
7149
+ # example inside a `NotStatement` or `OrStatement`. You can define a
7150
+ # `RateBasedStatement` inside a web ACL and inside a rule group.
6232
7151
  #
6233
7152
  # @note When making an API call, you may pass RateBasedStatement
6234
7153
  # data as a hash:
@@ -6473,18 +7392,55 @@ module Aws::WAFV2
6473
7392
  # managed_rule_group_statement: {
6474
7393
  # vendor_name: "VendorName", # required
6475
7394
  # name: "EntityName", # required
7395
+ # version: "VersionKeyString",
6476
7396
  # excluded_rules: [
6477
7397
  # {
6478
- # name: "EntityName", # required
7398
+ # name: "EntityName", # required
7399
+ # },
7400
+ # ],
7401
+ # scope_down_statement: {
7402
+ # # recursive Statement
7403
+ # },
7404
+ # },
7405
+ # label_match_statement: {
7406
+ # scope: "LABEL", # required, accepts LABEL, NAMESPACE
7407
+ # key: "LabelMatchKey", # required
7408
+ # },
7409
+ # regex_match_statement: {
7410
+ # regex_string: "RegexPatternString", # required
7411
+ # field_to_match: { # required
7412
+ # single_header: {
7413
+ # name: "FieldToMatchData", # required
7414
+ # },
7415
+ # single_query_argument: {
7416
+ # name: "FieldToMatchData", # required
7417
+ # },
7418
+ # all_query_arguments: {
7419
+ # },
7420
+ # uri_path: {
7421
+ # },
7422
+ # query_string: {
7423
+ # },
7424
+ # body: {
7425
+ # },
7426
+ # method: {
7427
+ # },
7428
+ # json_body: {
7429
+ # match_pattern: { # required
7430
+ # all: {
7431
+ # },
7432
+ # included_paths: ["JsonPointerPath"],
7433
+ # },
7434
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
7435
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
7436
+ # },
7437
+ # },
7438
+ # text_transformations: [ # required
7439
+ # {
7440
+ # priority: 1, # required
7441
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
6479
7442
  # },
6480
7443
  # ],
6481
- # scope_down_statement: {
6482
- # # recursive Statement
6483
- # },
6484
- # },
6485
- # label_match_statement: {
6486
- # scope: "LABEL", # required, accepts LABEL, NAMESPACE
6487
- # key: "LabelMatchKey", # required
6488
7444
  # },
6489
7445
  # },
6490
7446
  # forwarded_ip_config: {
@@ -6545,10 +7501,11 @@ module Aws::WAFV2
6545
7501
  include Aws::Structure
6546
7502
  end
6547
7503
 
6548
- # The set of IP addresses that are currently blocked for a rate-based
6549
- # statement.
7504
+ # The set of IP addresses that are currently blocked for a
7505
+ # RateBasedStatement.
6550
7506
  #
6551
7507
  # @!attribute [rw] ip_address_version
7508
+ # The version of the IP addresses, either `IPV4` or `IPV6`.
6552
7509
  # @return [String]
6553
7510
  #
6554
7511
  # @!attribute [rw] addresses
@@ -6585,6 +7542,77 @@ module Aws::WAFV2
6585
7542
  include Aws::Structure
6586
7543
  end
6587
7544
 
7545
+ # A rule statement used to search web request components for a match
7546
+ # against a single regular expression.
7547
+ #
7548
+ # @note When making an API call, you may pass RegexMatchStatement
7549
+ # data as a hash:
7550
+ #
7551
+ # {
7552
+ # regex_string: "RegexPatternString", # required
7553
+ # field_to_match: { # required
7554
+ # single_header: {
7555
+ # name: "FieldToMatchData", # required
7556
+ # },
7557
+ # single_query_argument: {
7558
+ # name: "FieldToMatchData", # required
7559
+ # },
7560
+ # all_query_arguments: {
7561
+ # },
7562
+ # uri_path: {
7563
+ # },
7564
+ # query_string: {
7565
+ # },
7566
+ # body: {
7567
+ # },
7568
+ # method: {
7569
+ # },
7570
+ # json_body: {
7571
+ # match_pattern: { # required
7572
+ # all: {
7573
+ # },
7574
+ # included_paths: ["JsonPointerPath"],
7575
+ # },
7576
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
7577
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
7578
+ # },
7579
+ # },
7580
+ # text_transformations: [ # required
7581
+ # {
7582
+ # priority: 1, # required
7583
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
7584
+ # },
7585
+ # ],
7586
+ # }
7587
+ #
7588
+ # @!attribute [rw] regex_string
7589
+ # The string representing the regular expression.
7590
+ # @return [String]
7591
+ #
7592
+ # @!attribute [rw] field_to_match
7593
+ # The part of a web request that you want WAF to inspect. For more
7594
+ # information, see FieldToMatch.
7595
+ # @return [Types::FieldToMatch]
7596
+ #
7597
+ # @!attribute [rw] text_transformations
7598
+ # Text transformations eliminate some of the unusual formatting that
7599
+ # attackers use in web requests in an effort to bypass detection. If
7600
+ # you specify one or more transformations in a rule statement, WAF
7601
+ # performs all transformations on the content of the request component
7602
+ # identified by `FieldToMatch`, starting from the lowest priority
7603
+ # setting, before inspecting the content for a match.
7604
+ # @return [Array<Types::TextTransformation>]
7605
+ #
7606
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RegexMatchStatement AWS API Documentation
7607
+ #
7608
+ class RegexMatchStatement < Struct.new(
7609
+ :regex_string,
7610
+ :field_to_match,
7611
+ :text_transformations)
7612
+ SENSITIVE = []
7613
+ include Aws::Structure
7614
+ end
7615
+
6588
7616
  # Contains one or more regular expressions.
6589
7617
  #
6590
7618
  # WAF assigns an ARN to each `RegexPatternSet` that you create. To use a
@@ -6729,15 +7757,15 @@ module Aws::WAFV2
6729
7757
  # @return [String]
6730
7758
  #
6731
7759
  # @!attribute [rw] lock_token
6732
- # A token used for optimistic locking. WAF returns a token to your get
6733
- # and list requests, to mark the state of the entity at the time of
6734
- # the request. To make changes to the entity associated with the
6735
- # token, you provide the token to operations like update and delete.
6736
- # WAF uses the token to ensure that no changes have been made to the
6737
- # entity since you last retrieved it. If a change has been made, the
6738
- # update fails with a `WAFOptimisticLockException`. If this happens,
6739
- # perform another get, and use the new token returned by that
6740
- # operation.
7760
+ # A token used for optimistic locking. WAF returns a token to your
7761
+ # `get` and `list` requests, to mark the state of the entity at the
7762
+ # time of the request. To make changes to the entity associated with
7763
+ # the token, you provide the token to operations like `update` and
7764
+ # `delete`. WAF uses the token to ensure that no changes have been
7765
+ # made to the entity since you last retrieved it. If a change has been
7766
+ # made, the update fails with a `WAFOptimisticLockException`. If this
7767
+ # happens, perform another `get`, and use the new token returned by
7768
+ # that operation.
6741
7769
  # @return [String]
6742
7770
  #
6743
7771
  # @!attribute [rw] arn
@@ -7004,6 +8032,7 @@ module Aws::WAFV2
7004
8032
  # managed_rule_group_statement: {
7005
8033
  # vendor_name: "VendorName", # required
7006
8034
  # name: "EntityName", # required
8035
+ # version: "VersionKeyString",
7007
8036
  # excluded_rules: [
7008
8037
  # {
7009
8038
  # name: "EntityName", # required
@@ -7017,6 +8046,42 @@ module Aws::WAFV2
7017
8046
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
7018
8047
  # key: "LabelMatchKey", # required
7019
8048
  # },
8049
+ # regex_match_statement: {
8050
+ # regex_string: "RegexPatternString", # required
8051
+ # field_to_match: { # required
8052
+ # single_header: {
8053
+ # name: "FieldToMatchData", # required
8054
+ # },
8055
+ # single_query_argument: {
8056
+ # name: "FieldToMatchData", # required
8057
+ # },
8058
+ # all_query_arguments: {
8059
+ # },
8060
+ # uri_path: {
8061
+ # },
8062
+ # query_string: {
8063
+ # },
8064
+ # body: {
8065
+ # },
8066
+ # method: {
8067
+ # },
8068
+ # json_body: {
8069
+ # match_pattern: { # required
8070
+ # all: {
8071
+ # },
8072
+ # included_paths: ["JsonPointerPath"],
8073
+ # },
8074
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
8075
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
8076
+ # },
8077
+ # },
8078
+ # text_transformations: [ # required
8079
+ # {
8080
+ # priority: 1, # required
8081
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
8082
+ # },
8083
+ # ],
8084
+ # },
7020
8085
  # },
7021
8086
  # action: {
7022
8087
  # block: {
@@ -7372,8 +8437,8 @@ module Aws::WAFV2
7372
8437
  # provide the ARN of the rule group in this statement.
7373
8438
  #
7374
8439
  # You cannot nest a `RuleGroupReferenceStatement`, for example for use
7375
- # inside a `NotStatement` or `OrStatement`. It can only be referenced as
7376
- # a top-level statement within a rule.
8440
+ # inside a `NotStatement` or `OrStatement`. You can only use a rule
8441
+ # group reference statement at the top level inside a web ACL.
7377
8442
  #
7378
8443
  # @note When making an API call, you may pass RuleGroupReferenceStatement
7379
8444
  # data as a hash:
@@ -7427,15 +8492,15 @@ module Aws::WAFV2
7427
8492
  # @return [String]
7428
8493
  #
7429
8494
  # @!attribute [rw] lock_token
7430
- # A token used for optimistic locking. WAF returns a token to your get
7431
- # and list requests, to mark the state of the entity at the time of
7432
- # the request. To make changes to the entity associated with the
7433
- # token, you provide the token to operations like update and delete.
7434
- # WAF uses the token to ensure that no changes have been made to the
7435
- # entity since you last retrieved it. If a change has been made, the
7436
- # update fails with a `WAFOptimisticLockException`. If this happens,
7437
- # perform another get, and use the new token returned by that
7438
- # operation.
8495
+ # A token used for optimistic locking. WAF returns a token to your
8496
+ # `get` and `list` requests, to mark the state of the entity at the
8497
+ # time of the request. To make changes to the entity associated with
8498
+ # the token, you provide the token to operations like `update` and
8499
+ # `delete`. WAF uses the token to ensure that no changes have been
8500
+ # made to the entity since you last retrieved it. If a change has been
8501
+ # made, the update fails with a `WAFOptimisticLockException`. If this
8502
+ # happens, perform another `get`, and use the new token returned by
8503
+ # that operation.
7439
8504
  # @return [String]
7440
8505
  #
7441
8506
  # @!attribute [rw] arn
@@ -7555,6 +8620,8 @@ module Aws::WAFV2
7555
8620
  # This is used only to indicate the web request component for WAF to
7556
8621
  # inspect, in the FieldToMatch specification.
7557
8622
  #
8623
+ # Example JSON: `"SingleHeader": \{ "Name": "haystack" \}`
8624
+ #
7558
8625
  # @note When making an API call, you may pass SingleHeader
7559
8626
  # data as a hash:
7560
8627
  #
@@ -7578,6 +8645,8 @@ module Aws::WAFV2
7578
8645
  # *UserName* or *SalesRegion*. The name can be up to 30 characters long
7579
8646
  # and isn't case sensitive.
7580
8647
  #
8648
+ # Example JSON: `"SingleQueryArgument": \{ "Name": "myArgument" \}`
8649
+ #
7581
8650
  # @note When making an API call, you may pass SingleQueryArgument
7582
8651
  # data as a hash:
7583
8652
  #
@@ -8199,6 +9268,7 @@ module Aws::WAFV2
8199
9268
  # managed_rule_group_statement: {
8200
9269
  # vendor_name: "VendorName", # required
8201
9270
  # name: "EntityName", # required
9271
+ # version: "VersionKeyString",
8202
9272
  # excluded_rules: [
8203
9273
  # {
8204
9274
  # name: "EntityName", # required
@@ -8212,6 +9282,42 @@ module Aws::WAFV2
8212
9282
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
8213
9283
  # key: "LabelMatchKey", # required
8214
9284
  # },
9285
+ # regex_match_statement: {
9286
+ # regex_string: "RegexPatternString", # required
9287
+ # field_to_match: { # required
9288
+ # single_header: {
9289
+ # name: "FieldToMatchData", # required
9290
+ # },
9291
+ # single_query_argument: {
9292
+ # name: "FieldToMatchData", # required
9293
+ # },
9294
+ # all_query_arguments: {
9295
+ # },
9296
+ # uri_path: {
9297
+ # },
9298
+ # query_string: {
9299
+ # },
9300
+ # body: {
9301
+ # },
9302
+ # method: {
9303
+ # },
9304
+ # json_body: {
9305
+ # match_pattern: { # required
9306
+ # all: {
9307
+ # },
9308
+ # included_paths: ["JsonPointerPath"],
9309
+ # },
9310
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
9311
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
9312
+ # },
9313
+ # },
9314
+ # text_transformations: [ # required
9315
+ # {
9316
+ # priority: 1, # required
9317
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
9318
+ # },
9319
+ # ],
9320
+ # },
8215
9321
  # },
8216
9322
  # forwarded_ip_config: {
8217
9323
  # header_name: "ForwardedIPHeaderName", # required
@@ -8451,6 +9557,7 @@ module Aws::WAFV2
8451
9557
  # managed_rule_group_statement: {
8452
9558
  # vendor_name: "VendorName", # required
8453
9559
  # name: "EntityName", # required
9560
+ # version: "VersionKeyString",
8454
9561
  # excluded_rules: [
8455
9562
  # {
8456
9563
  # name: "EntityName", # required
@@ -8464,6 +9571,42 @@ module Aws::WAFV2
8464
9571
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
8465
9572
  # key: "LabelMatchKey", # required
8466
9573
  # },
9574
+ # regex_match_statement: {
9575
+ # regex_string: "RegexPatternString", # required
9576
+ # field_to_match: { # required
9577
+ # single_header: {
9578
+ # name: "FieldToMatchData", # required
9579
+ # },
9580
+ # single_query_argument: {
9581
+ # name: "FieldToMatchData", # required
9582
+ # },
9583
+ # all_query_arguments: {
9584
+ # },
9585
+ # uri_path: {
9586
+ # },
9587
+ # query_string: {
9588
+ # },
9589
+ # body: {
9590
+ # },
9591
+ # method: {
9592
+ # },
9593
+ # json_body: {
9594
+ # match_pattern: { # required
9595
+ # all: {
9596
+ # },
9597
+ # included_paths: ["JsonPointerPath"],
9598
+ # },
9599
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
9600
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
9601
+ # },
9602
+ # },
9603
+ # text_transformations: [ # required
9604
+ # {
9605
+ # priority: 1, # required
9606
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
9607
+ # },
9608
+ # ],
9609
+ # },
8467
9610
  # },
8468
9611
  # ],
8469
9612
  # },
@@ -8700,6 +9843,7 @@ module Aws::WAFV2
8700
9843
  # managed_rule_group_statement: {
8701
9844
  # vendor_name: "VendorName", # required
8702
9845
  # name: "EntityName", # required
9846
+ # version: "VersionKeyString",
8703
9847
  # excluded_rules: [
8704
9848
  # {
8705
9849
  # name: "EntityName", # required
@@ -8713,6 +9857,42 @@ module Aws::WAFV2
8713
9857
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
8714
9858
  # key: "LabelMatchKey", # required
8715
9859
  # },
9860
+ # regex_match_statement: {
9861
+ # regex_string: "RegexPatternString", # required
9862
+ # field_to_match: { # required
9863
+ # single_header: {
9864
+ # name: "FieldToMatchData", # required
9865
+ # },
9866
+ # single_query_argument: {
9867
+ # name: "FieldToMatchData", # required
9868
+ # },
9869
+ # all_query_arguments: {
9870
+ # },
9871
+ # uri_path: {
9872
+ # },
9873
+ # query_string: {
9874
+ # },
9875
+ # body: {
9876
+ # },
9877
+ # method: {
9878
+ # },
9879
+ # json_body: {
9880
+ # match_pattern: { # required
9881
+ # all: {
9882
+ # },
9883
+ # included_paths: ["JsonPointerPath"],
9884
+ # },
9885
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
9886
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
9887
+ # },
9888
+ # },
9889
+ # text_transformations: [ # required
9890
+ # {
9891
+ # priority: 1, # required
9892
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
9893
+ # },
9894
+ # ],
9895
+ # },
8716
9896
  # },
8717
9897
  # ],
8718
9898
  # },
@@ -8944,32 +10124,70 @@ module Aws::WAFV2
8944
10124
  # {
8945
10125
  # # recursive Statement
8946
10126
  # },
8947
- # ],
8948
- # },
8949
- # not_statement: {
8950
- # # recursive NotStatement
8951
- # },
8952
- # managed_rule_group_statement: {
8953
- # vendor_name: "VendorName", # required
8954
- # name: "EntityName", # required
8955
- # excluded_rules: [
10127
+ # ],
10128
+ # },
10129
+ # not_statement: {
10130
+ # # recursive NotStatement
10131
+ # },
10132
+ # managed_rule_group_statement: {
10133
+ # vendor_name: "VendorName", # required
10134
+ # name: "EntityName", # required
10135
+ # version: "VersionKeyString",
10136
+ # excluded_rules: [
10137
+ # {
10138
+ # name: "EntityName", # required
10139
+ # },
10140
+ # ],
10141
+ # scope_down_statement: {
10142
+ # # recursive Statement
10143
+ # },
10144
+ # },
10145
+ # label_match_statement: {
10146
+ # scope: "LABEL", # required, accepts LABEL, NAMESPACE
10147
+ # key: "LabelMatchKey", # required
10148
+ # },
10149
+ # regex_match_statement: {
10150
+ # regex_string: "RegexPatternString", # required
10151
+ # field_to_match: { # required
10152
+ # single_header: {
10153
+ # name: "FieldToMatchData", # required
10154
+ # },
10155
+ # single_query_argument: {
10156
+ # name: "FieldToMatchData", # required
10157
+ # },
10158
+ # all_query_arguments: {
10159
+ # },
10160
+ # uri_path: {
10161
+ # },
10162
+ # query_string: {
10163
+ # },
10164
+ # body: {
10165
+ # },
10166
+ # method: {
10167
+ # },
10168
+ # json_body: {
10169
+ # match_pattern: { # required
10170
+ # all: {
10171
+ # },
10172
+ # included_paths: ["JsonPointerPath"],
10173
+ # },
10174
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
10175
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
10176
+ # },
10177
+ # },
10178
+ # text_transformations: [ # required
8956
10179
  # {
8957
- # name: "EntityName", # required
10180
+ # priority: 1, # required
10181
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
8958
10182
  # },
8959
10183
  # ],
8960
- # scope_down_statement: {
8961
- # # recursive Statement
8962
- # },
8963
- # },
8964
- # label_match_statement: {
8965
- # scope: "LABEL", # required, accepts LABEL, NAMESPACE
8966
- # key: "LabelMatchKey", # required
8967
10184
  # },
8968
10185
  # },
8969
10186
  # },
8970
10187
  # managed_rule_group_statement: {
8971
10188
  # vendor_name: "VendorName", # required
8972
10189
  # name: "EntityName", # required
10190
+ # version: "VersionKeyString",
8973
10191
  # excluded_rules: [
8974
10192
  # {
8975
10193
  # name: "EntityName", # required
@@ -9216,12 +10434,84 @@ module Aws::WAFV2
9216
10434
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
9217
10435
  # key: "LabelMatchKey", # required
9218
10436
  # },
10437
+ # regex_match_statement: {
10438
+ # regex_string: "RegexPatternString", # required
10439
+ # field_to_match: { # required
10440
+ # single_header: {
10441
+ # name: "FieldToMatchData", # required
10442
+ # },
10443
+ # single_query_argument: {
10444
+ # name: "FieldToMatchData", # required
10445
+ # },
10446
+ # all_query_arguments: {
10447
+ # },
10448
+ # uri_path: {
10449
+ # },
10450
+ # query_string: {
10451
+ # },
10452
+ # body: {
10453
+ # },
10454
+ # method: {
10455
+ # },
10456
+ # json_body: {
10457
+ # match_pattern: { # required
10458
+ # all: {
10459
+ # },
10460
+ # included_paths: ["JsonPointerPath"],
10461
+ # },
10462
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
10463
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
10464
+ # },
10465
+ # },
10466
+ # text_transformations: [ # required
10467
+ # {
10468
+ # priority: 1, # required
10469
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
10470
+ # },
10471
+ # ],
10472
+ # },
9219
10473
  # },
9220
10474
  # },
9221
10475
  # label_match_statement: {
9222
10476
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
9223
10477
  # key: "LabelMatchKey", # required
9224
10478
  # },
10479
+ # regex_match_statement: {
10480
+ # regex_string: "RegexPatternString", # required
10481
+ # field_to_match: { # required
10482
+ # single_header: {
10483
+ # name: "FieldToMatchData", # required
10484
+ # },
10485
+ # single_query_argument: {
10486
+ # name: "FieldToMatchData", # required
10487
+ # },
10488
+ # all_query_arguments: {
10489
+ # },
10490
+ # uri_path: {
10491
+ # },
10492
+ # query_string: {
10493
+ # },
10494
+ # body: {
10495
+ # },
10496
+ # method: {
10497
+ # },
10498
+ # json_body: {
10499
+ # match_pattern: { # required
10500
+ # all: {
10501
+ # },
10502
+ # included_paths: ["JsonPointerPath"],
10503
+ # },
10504
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
10505
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
10506
+ # },
10507
+ # },
10508
+ # text_transformations: [ # required
10509
+ # {
10510
+ # priority: 1, # required
10511
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
10512
+ # },
10513
+ # ],
10514
+ # },
9225
10515
  # }
9226
10516
  #
9227
10517
  # @!attribute [rw] byte_match_statement
@@ -9284,8 +10574,8 @@ module Aws::WAFV2
9284
10574
  # provide the ARN of the rule group in this statement.
9285
10575
  #
9286
10576
  # You cannot nest a `RuleGroupReferenceStatement`, for example for use
9287
- # inside a `NotStatement` or `OrStatement`. It can only be referenced
9288
- # as a top-level statement within a rule.
10577
+ # inside a `NotStatement` or `OrStatement`. You can only use a rule
10578
+ # group reference statement at the top level inside a web ACL.
9289
10579
  # @return [Types::RuleGroupReferenceStatement]
9290
10580
  #
9291
10581
  # @!attribute [rw] ip_set_reference_statement
@@ -9323,6 +10613,15 @@ module Aws::WAFV2
9323
10613
  # time span. You can use this to put a temporary block on requests
9324
10614
  # from an IP address that is sending excessive requests.
9325
10615
  #
10616
+ # WAF tracks and manages web requests separately for each instance of
10617
+ # a rate-based rule that you use. For example, if you provide the same
10618
+ # rate-based rule settings in two web ACLs, each of the two rule
10619
+ # statements represents a separate instance of the rate-based rule and
10620
+ # gets its own tracking and management by WAF. If you define a
10621
+ # rate-based rule inside a rule group, and then use that rule group in
10622
+ # multiple places, each use creates a separate instance of the
10623
+ # rate-based rule that gets its own tracking and management by WAF.
10624
+ #
9326
10625
  # When the rule action triggers, WAF blocks additional requests from
9327
10626
  # the IP address until the request rate falls below the limit.
9328
10627
  #
@@ -9346,9 +10645,9 @@ module Aws::WAFV2
9346
10645
  # do not meet both conditions are not counted towards the rate limit
9347
10646
  # and are not affected by this rule.
9348
10647
  #
9349
- # You cannot nest a `RateBasedStatement`, for example for use inside a
9350
- # `NotStatement` or `OrStatement`. It can only be referenced as a
9351
- # top-level statement within a rule.
10648
+ # You cannot nest a `RateBasedStatement` inside another statement, for
10649
+ # example inside a `NotStatement` or `OrStatement`. You can define a
10650
+ # `RateBasedStatement` inside a web ACL and inside a rule group.
9352
10651
  # @return [Types::RateBasedStatement]
9353
10652
  #
9354
10653
  # @!attribute [rw] and_statement
@@ -9394,6 +10693,11 @@ module Aws::WAFV2
9394
10693
  # that were added in the same context as the label match statement.
9395
10694
  # @return [Types::LabelMatchStatement]
9396
10695
  #
10696
+ # @!attribute [rw] regex_match_statement
10697
+ # A rule statement used to search web request components for a match
10698
+ # against a single regular expression.
10699
+ # @return [Types::RegexMatchStatement]
10700
+ #
9397
10701
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Statement AWS API Documentation
9398
10702
  #
9399
10703
  class Statement < Struct.new(
@@ -9410,7 +10714,8 @@ module Aws::WAFV2
9410
10714
  :or_statement,
9411
10715
  :not_statement,
9412
10716
  :managed_rule_group_statement,
9413
- :label_match_statement)
10717
+ :label_match_statement,
10718
+ :regex_match_statement)
9414
10719
  SENSITIVE = []
9415
10720
  include Aws::Structure
9416
10721
  end
@@ -9649,10 +10954,8 @@ module Aws::WAFV2
9649
10954
  # **REPLACE\_NULLS** - Replace NULL bytes in the input with space
9650
10955
  # characters (ASCII `0x20`).
9651
10956
  #
9652
- # **SQL\_HEX\_DECODE** - Decode the following ANSI C escape sequences:
9653
- # `\a`, `\b`, `\f`, `\n`, `\r`, `\t`, `\v`, `\`, `\?`, `'`, `"`,
9654
- # `\xHH` (hexadecimal), `\0OOO` (octal). Encodings that aren't valid
9655
- # remain in the output.
10957
+ # **SQL\_HEX\_DECODE** - Decode SQL hex data. Example (`0x414243`)
10958
+ # will be decoded to (`ABC`).
9656
10959
  #
9657
10960
  # **URL\_DECODE** - Decode a URL-encoded value.
9658
10961
  #
@@ -9836,15 +11139,15 @@ module Aws::WAFV2
9836
11139
  # @return [Array<String>]
9837
11140
  #
9838
11141
  # @!attribute [rw] lock_token
9839
- # A token used for optimistic locking. WAF returns a token to your get
9840
- # and list requests, to mark the state of the entity at the time of
9841
- # the request. To make changes to the entity associated with the
9842
- # token, you provide the token to operations like update and delete.
9843
- # WAF uses the token to ensure that no changes have been made to the
9844
- # entity since you last retrieved it. If a change has been made, the
9845
- # update fails with a `WAFOptimisticLockException`. If this happens,
9846
- # perform another get, and use the new token returned by that
9847
- # operation.
11142
+ # A token used for optimistic locking. WAF returns a token to your
11143
+ # `get` and `list` requests, to mark the state of the entity at the
11144
+ # time of the request. To make changes to the entity associated with
11145
+ # the token, you provide the token to operations like `update` and
11146
+ # `delete`. WAF uses the token to ensure that no changes have been
11147
+ # made to the entity since you last retrieved it. If a change has been
11148
+ # made, the update fails with a `WAFOptimisticLockException`. If this
11149
+ # happens, perform another `get`, and use the new token returned by
11150
+ # that operation.
9848
11151
  # @return [String]
9849
11152
  #
9850
11153
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateIPSetRequest AWS API Documentation
@@ -9862,7 +11165,7 @@ module Aws::WAFV2
9862
11165
 
9863
11166
  # @!attribute [rw] next_lock_token
9864
11167
  # A token used for optimistic locking. WAF returns this token to your
9865
- # update requests. You use `NextLockToken` in the same manner as you
11168
+ # `update` requests. You use `NextLockToken` in the same manner as you
9866
11169
  # use `LockToken`.
9867
11170
  # @return [String]
9868
11171
  #
@@ -9874,6 +11177,119 @@ module Aws::WAFV2
9874
11177
  include Aws::Structure
9875
11178
  end
9876
11179
 
11180
+ # @note When making an API call, you may pass UpdateManagedRuleSetVersionExpiryDateRequest
11181
+ # data as a hash:
11182
+ #
11183
+ # {
11184
+ # name: "EntityName", # required
11185
+ # scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
11186
+ # id: "EntityId", # required
11187
+ # lock_token: "LockToken", # required
11188
+ # version_to_expire: "VersionKeyString", # required
11189
+ # expiry_timestamp: Time.now, # required
11190
+ # }
11191
+ #
11192
+ # @!attribute [rw] name
11193
+ # The name of the managed rule set. You use this, along with the rule
11194
+ # set ID, to identify the rule set.
11195
+ #
11196
+ # This name is assigned to the corresponding managed rule group, which
11197
+ # your customers can access and use.
11198
+ # @return [String]
11199
+ #
11200
+ # @!attribute [rw] scope
11201
+ # Specifies whether this is for an Amazon CloudFront distribution or
11202
+ # for a regional application. A regional application can be an
11203
+ # Application Load Balancer (ALB), an Amazon API Gateway REST API, or
11204
+ # an AppSync GraphQL API.
11205
+ #
11206
+ # To work with CloudFront, you must also specify the Region US East
11207
+ # (N. Virginia) as follows:
11208
+ #
11209
+ # * CLI - Specify the Region when you use the CloudFront scope:
11210
+ # `--scope=CLOUDFRONT --region=us-east-1`.
11211
+ #
11212
+ # * API and SDKs - For all calls, use the Region endpoint us-east-1.
11213
+ # @return [String]
11214
+ #
11215
+ # @!attribute [rw] id
11216
+ # A unique identifier for the managed rule set. The ID is returned in
11217
+ # the responses to commands like `list`. You provide it to operations
11218
+ # like `get` and `update`.
11219
+ # @return [String]
11220
+ #
11221
+ # @!attribute [rw] lock_token
11222
+ # A token used for optimistic locking. WAF returns a token to your
11223
+ # `get` and `list` requests, to mark the state of the entity at the
11224
+ # time of the request. To make changes to the entity associated with
11225
+ # the token, you provide the token to operations like `update` and
11226
+ # `delete`. WAF uses the token to ensure that no changes have been
11227
+ # made to the entity since you last retrieved it. If a change has been
11228
+ # made, the update fails with a `WAFOptimisticLockException`. If this
11229
+ # happens, perform another `get`, and use the new token returned by
11230
+ # that operation.
11231
+ # @return [String]
11232
+ #
11233
+ # @!attribute [rw] version_to_expire
11234
+ # The version that you want to remove from your list of offerings for
11235
+ # the named managed rule group.
11236
+ # @return [String]
11237
+ #
11238
+ # @!attribute [rw] expiry_timestamp
11239
+ # The time that you want the version to expire.
11240
+ #
11241
+ # Times are in Coordinated Universal Time (UTC) format. UTC format
11242
+ # includes the special designator, Z. For example,
11243
+ # "2016-09-27T14:50Z".
11244
+ # @return [Time]
11245
+ #
11246
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateManagedRuleSetVersionExpiryDateRequest AWS API Documentation
11247
+ #
11248
+ class UpdateManagedRuleSetVersionExpiryDateRequest < Struct.new(
11249
+ :name,
11250
+ :scope,
11251
+ :id,
11252
+ :lock_token,
11253
+ :version_to_expire,
11254
+ :expiry_timestamp)
11255
+ SENSITIVE = []
11256
+ include Aws::Structure
11257
+ end
11258
+
11259
+ # @!attribute [rw] expiring_version
11260
+ # The version that is set to expire.
11261
+ # @return [String]
11262
+ #
11263
+ # @!attribute [rw] expiry_timestamp
11264
+ # The time that the version will expire.
11265
+ #
11266
+ # Times are in Coordinated Universal Time (UTC) format. UTC format
11267
+ # includes the special designator, Z. For example,
11268
+ # "2016-09-27T14:50Z".
11269
+ # @return [Time]
11270
+ #
11271
+ # @!attribute [rw] next_lock_token
11272
+ # A token used for optimistic locking. WAF returns a token to your
11273
+ # `get` and `list` requests, to mark the state of the entity at the
11274
+ # time of the request. To make changes to the entity associated with
11275
+ # the token, you provide the token to operations like `update` and
11276
+ # `delete`. WAF uses the token to ensure that no changes have been
11277
+ # made to the entity since you last retrieved it. If a change has been
11278
+ # made, the update fails with a `WAFOptimisticLockException`. If this
11279
+ # happens, perform another `get`, and use the new token returned by
11280
+ # that operation.
11281
+ # @return [String]
11282
+ #
11283
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateManagedRuleSetVersionExpiryDateResponse AWS API Documentation
11284
+ #
11285
+ class UpdateManagedRuleSetVersionExpiryDateResponse < Struct.new(
11286
+ :expiring_version,
11287
+ :expiry_timestamp,
11288
+ :next_lock_token)
11289
+ SENSITIVE = []
11290
+ include Aws::Structure
11291
+ end
11292
+
9877
11293
  # @note When making an API call, you may pass UpdateRegexPatternSetRequest
9878
11294
  # data as a hash:
9879
11295
  #
@@ -9924,15 +11340,15 @@ module Aws::WAFV2
9924
11340
  # @return [Array<Types::Regex>]
9925
11341
  #
9926
11342
  # @!attribute [rw] lock_token
9927
- # A token used for optimistic locking. WAF returns a token to your get
9928
- # and list requests, to mark the state of the entity at the time of
9929
- # the request. To make changes to the entity associated with the
9930
- # token, you provide the token to operations like update and delete.
9931
- # WAF uses the token to ensure that no changes have been made to the
9932
- # entity since you last retrieved it. If a change has been made, the
9933
- # update fails with a `WAFOptimisticLockException`. If this happens,
9934
- # perform another get, and use the new token returned by that
9935
- # operation.
11343
+ # A token used for optimistic locking. WAF returns a token to your
11344
+ # `get` and `list` requests, to mark the state of the entity at the
11345
+ # time of the request. To make changes to the entity associated with
11346
+ # the token, you provide the token to operations like `update` and
11347
+ # `delete`. WAF uses the token to ensure that no changes have been
11348
+ # made to the entity since you last retrieved it. If a change has been
11349
+ # made, the update fails with a `WAFOptimisticLockException`. If this
11350
+ # happens, perform another `get`, and use the new token returned by
11351
+ # that operation.
9936
11352
  # @return [String]
9937
11353
  #
9938
11354
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateRegexPatternSetRequest AWS API Documentation
@@ -9950,7 +11366,7 @@ module Aws::WAFV2
9950
11366
 
9951
11367
  # @!attribute [rw] next_lock_token
9952
11368
  # A token used for optimistic locking. WAF returns this token to your
9953
- # update requests. You use `NextLockToken` in the same manner as you
11369
+ # `update` requests. You use `NextLockToken` in the same manner as you
9954
11370
  # use `LockToken`.
9955
11371
  # @return [String]
9956
11372
  #
@@ -10211,6 +11627,7 @@ module Aws::WAFV2
10211
11627
  # managed_rule_group_statement: {
10212
11628
  # vendor_name: "VendorName", # required
10213
11629
  # name: "EntityName", # required
11630
+ # version: "VersionKeyString",
10214
11631
  # excluded_rules: [
10215
11632
  # {
10216
11633
  # name: "EntityName", # required
@@ -10224,6 +11641,42 @@ module Aws::WAFV2
10224
11641
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
10225
11642
  # key: "LabelMatchKey", # required
10226
11643
  # },
11644
+ # regex_match_statement: {
11645
+ # regex_string: "RegexPatternString", # required
11646
+ # field_to_match: { # required
11647
+ # single_header: {
11648
+ # name: "FieldToMatchData", # required
11649
+ # },
11650
+ # single_query_argument: {
11651
+ # name: "FieldToMatchData", # required
11652
+ # },
11653
+ # all_query_arguments: {
11654
+ # },
11655
+ # uri_path: {
11656
+ # },
11657
+ # query_string: {
11658
+ # },
11659
+ # body: {
11660
+ # },
11661
+ # method: {
11662
+ # },
11663
+ # json_body: {
11664
+ # match_pattern: { # required
11665
+ # all: {
11666
+ # },
11667
+ # included_paths: ["JsonPointerPath"],
11668
+ # },
11669
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
11670
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
11671
+ # },
11672
+ # },
11673
+ # text_transformations: [ # required
11674
+ # {
11675
+ # priority: 1, # required
11676
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
11677
+ # },
11678
+ # ],
11679
+ # },
10227
11680
  # },
10228
11681
  # action: {
10229
11682
  # block: {
@@ -10342,15 +11795,15 @@ module Aws::WAFV2
10342
11795
  # @return [Types::VisibilityConfig]
10343
11796
  #
10344
11797
  # @!attribute [rw] lock_token
10345
- # A token used for optimistic locking. WAF returns a token to your get
10346
- # and list requests, to mark the state of the entity at the time of
10347
- # the request. To make changes to the entity associated with the
10348
- # token, you provide the token to operations like update and delete.
10349
- # WAF uses the token to ensure that no changes have been made to the
10350
- # entity since you last retrieved it. If a change has been made, the
10351
- # update fails with a `WAFOptimisticLockException`. If this happens,
10352
- # perform another get, and use the new token returned by that
10353
- # operation.
11798
+ # A token used for optimistic locking. WAF returns a token to your
11799
+ # `get` and `list` requests, to mark the state of the entity at the
11800
+ # time of the request. To make changes to the entity associated with
11801
+ # the token, you provide the token to operations like `update` and
11802
+ # `delete`. WAF uses the token to ensure that no changes have been
11803
+ # made to the entity since you last retrieved it. If a change has been
11804
+ # made, the update fails with a `WAFOptimisticLockException`. If this
11805
+ # happens, perform another `get`, and use the new token returned by
11806
+ # that operation.
10354
11807
  # @return [String]
10355
11808
  #
10356
11809
  # @!attribute [rw] custom_response_bodies
@@ -10391,7 +11844,7 @@ module Aws::WAFV2
10391
11844
 
10392
11845
  # @!attribute [rw] next_lock_token
10393
11846
  # A token used for optimistic locking. WAF returns this token to your
10394
- # update requests. You use `NextLockToken` in the same manner as you
11847
+ # `update` requests. You use `NextLockToken` in the same manner as you
10395
11848
  # use `LockToken`.
10396
11849
  # @return [String]
10397
11850
  #
@@ -10676,6 +12129,7 @@ module Aws::WAFV2
10676
12129
  # managed_rule_group_statement: {
10677
12130
  # vendor_name: "VendorName", # required
10678
12131
  # name: "EntityName", # required
12132
+ # version: "VersionKeyString",
10679
12133
  # excluded_rules: [
10680
12134
  # {
10681
12135
  # name: "EntityName", # required
@@ -10689,6 +12143,42 @@ module Aws::WAFV2
10689
12143
  # scope: "LABEL", # required, accepts LABEL, NAMESPACE
10690
12144
  # key: "LabelMatchKey", # required
10691
12145
  # },
12146
+ # regex_match_statement: {
12147
+ # regex_string: "RegexPatternString", # required
12148
+ # field_to_match: { # required
12149
+ # single_header: {
12150
+ # name: "FieldToMatchData", # required
12151
+ # },
12152
+ # single_query_argument: {
12153
+ # name: "FieldToMatchData", # required
12154
+ # },
12155
+ # all_query_arguments: {
12156
+ # },
12157
+ # uri_path: {
12158
+ # },
12159
+ # query_string: {
12160
+ # },
12161
+ # body: {
12162
+ # },
12163
+ # method: {
12164
+ # },
12165
+ # json_body: {
12166
+ # match_pattern: { # required
12167
+ # all: {
12168
+ # },
12169
+ # included_paths: ["JsonPointerPath"],
12170
+ # },
12171
+ # match_scope: "ALL", # required, accepts ALL, KEY, VALUE
12172
+ # invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
12173
+ # },
12174
+ # },
12175
+ # text_transformations: [ # required
12176
+ # {
12177
+ # priority: 1, # required
12178
+ # type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
12179
+ # },
12180
+ # ],
12181
+ # },
10692
12182
  # },
10693
12183
  # action: {
10694
12184
  # block: {
@@ -10812,15 +12302,15 @@ module Aws::WAFV2
10812
12302
  # @return [Types::VisibilityConfig]
10813
12303
  #
10814
12304
  # @!attribute [rw] lock_token
10815
- # A token used for optimistic locking. WAF returns a token to your get
10816
- # and list requests, to mark the state of the entity at the time of
10817
- # the request. To make changes to the entity associated with the
10818
- # token, you provide the token to operations like update and delete.
10819
- # WAF uses the token to ensure that no changes have been made to the
10820
- # entity since you last retrieved it. If a change has been made, the
10821
- # update fails with a `WAFOptimisticLockException`. If this happens,
10822
- # perform another get, and use the new token returned by that
10823
- # operation.
12305
+ # A token used for optimistic locking. WAF returns a token to your
12306
+ # `get` and `list` requests, to mark the state of the entity at the
12307
+ # time of the request. To make changes to the entity associated with
12308
+ # the token, you provide the token to operations like `update` and
12309
+ # `delete`. WAF uses the token to ensure that no changes have been
12310
+ # made to the entity since you last retrieved it. If a change has been
12311
+ # made, the update fails with a `WAFOptimisticLockException`. If this
12312
+ # happens, perform another `get`, and use the new token returned by
12313
+ # that operation.
10824
12314
  # @return [String]
10825
12315
  #
10826
12316
  # @!attribute [rw] custom_response_bodies
@@ -10862,7 +12352,7 @@ module Aws::WAFV2
10862
12352
 
10863
12353
  # @!attribute [rw] next_lock_token
10864
12354
  # A token used for optimistic locking. WAF returns this token to your
10865
- # update requests. You use `NextLockToken` in the same manner as you
12355
+ # `update` requests. You use `NextLockToken` in the same manner as you
10866
12356
  # use `LockToken`.
10867
12357
  # @return [String]
10868
12358
  #
@@ -10881,12 +12371,55 @@ module Aws::WAFV2
10881
12371
  # This is used only to indicate the web request component for WAF to
10882
12372
  # inspect, in the FieldToMatch specification.
10883
12373
  #
12374
+ # JSON specification: `"UriPath": \{\}`
12375
+ #
10884
12376
  # @api private
10885
12377
  #
10886
12378
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UriPath AWS API Documentation
10887
12379
  #
10888
12380
  class UriPath < Aws::EmptyStructure; end
10889
12381
 
12382
+ # A version of the named managed rule group, that the rule group's
12383
+ # vendor publishes for use by customers.
12384
+ #
12385
+ # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
12386
+ # are Amazon Web Services and Amazon Web Services Marketplace sellers.
12387
+ #
12388
+ # Vendors, you can use the managed rule set APIs to provide controlled
12389
+ # rollout of your versioned managed rule group offerings for your
12390
+ # customers. The APIs are `ListManagedRuleSets`, `GetManagedRuleSet`,
12391
+ # `PutManagedRuleSetVersions`, and
12392
+ # `UpdateManagedRuleSetVersionExpiryDate`.
12393
+ #
12394
+ # </note>
12395
+ #
12396
+ # @note When making an API call, you may pass VersionToPublish
12397
+ # data as a hash:
12398
+ #
12399
+ # {
12400
+ # associated_rule_group_arn: "ResourceArn",
12401
+ # forecasted_lifetime: 1,
12402
+ # }
12403
+ #
12404
+ # @!attribute [rw] associated_rule_group_arn
12405
+ # The Amazon Resource Name (ARN) of the vendor's rule group that's
12406
+ # used in the published managed rule group version.
12407
+ # @return [String]
12408
+ #
12409
+ # @!attribute [rw] forecasted_lifetime
12410
+ # The amount of time the vendor expects this version of the managed
12411
+ # rule group to last, in days.
12412
+ # @return [Integer]
12413
+ #
12414
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/VersionToPublish AWS API Documentation
12415
+ #
12416
+ class VersionToPublish < Struct.new(
12417
+ :associated_rule_group_arn,
12418
+ :forecasted_lifetime)
12419
+ SENSITIVE = []
12420
+ include Aws::Structure
12421
+ end
12422
+
10890
12423
  # Defines and enables Amazon CloudWatch metrics and web request sample
10891
12424
  # collection.
10892
12425
  #
@@ -10961,6 +12494,22 @@ module Aws::WAFV2
10961
12494
  include Aws::Structure
10962
12495
  end
10963
12496
 
12497
+ # The operation failed because the specified version for the managed
12498
+ # rule group has expired. You can retrieve the available versions for
12499
+ # the managed rule group by calling
12500
+ # ListAvailableManagedRuleGroupVersions.
12501
+ #
12502
+ # @!attribute [rw] message
12503
+ # @return [String]
12504
+ #
12505
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WAFExpiredManagedRuleGroupVersionException AWS API Documentation
12506
+ #
12507
+ class WAFExpiredManagedRuleGroupVersionException < Struct.new(
12508
+ :message)
12509
+ SENSITIVE = []
12510
+ include Aws::Structure
12511
+ end
12512
+
10964
12513
  # Your request is valid, but WAF couldn’t perform the operation because
10965
12514
  # of a system problem. Retry your request.
10966
12515
  #
@@ -11006,12 +12555,15 @@ module Aws::WAFV2
11006
12555
  # @return [String]
11007
12556
  #
11008
12557
  # @!attribute [rw] field
12558
+ # The settings where the invalid parameter was found.
11009
12559
  # @return [String]
11010
12560
  #
11011
12561
  # @!attribute [rw] parameter
12562
+ # The invalid parameter that resulted in the exception.
11012
12563
  # @return [String]
11013
12564
  #
11014
12565
  # @!attribute [rw] reason
12566
+ # Additional information about the exception.
11015
12567
  # @return [String]
11016
12568
  #
11017
12569
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WAFInvalidParameterException AWS API Documentation
@@ -11077,8 +12629,8 @@ module Aws::WAFV2
11077
12629
 
11078
12630
  # WAF couldn’t perform the operation because you exceeded your resource
11079
12631
  # limit. For example, the maximum number of `WebACL` objects that you
11080
- # can create for an account. For more information, see [Limits][1] in
11081
- # the *WAF Developer Guide*.
12632
+ # can create for an Amazon Web Services account. For more information,
12633
+ # see [WAF quotas][1] in the *WAF Developer Guide*.
11082
12634
  #
11083
12635
  #
11084
12636
  #
@@ -11374,15 +12926,15 @@ module Aws::WAFV2
11374
12926
  # @return [String]
11375
12927
  #
11376
12928
  # @!attribute [rw] lock_token
11377
- # A token used for optimistic locking. WAF returns a token to your get
11378
- # and list requests, to mark the state of the entity at the time of
11379
- # the request. To make changes to the entity associated with the
11380
- # token, you provide the token to operations like update and delete.
11381
- # WAF uses the token to ensure that no changes have been made to the
11382
- # entity since you last retrieved it. If a change has been made, the
11383
- # update fails with a `WAFOptimisticLockException`. If this happens,
11384
- # perform another get, and use the new token returned by that
11385
- # operation.
12929
+ # A token used for optimistic locking. WAF returns a token to your
12930
+ # `get` and `list` requests, to mark the state of the entity at the
12931
+ # time of the request. To make changes to the entity associated with
12932
+ # the token, you provide the token to operations like `update` and
12933
+ # `delete`. WAF uses the token to ensure that no changes have been
12934
+ # made to the entity since you last retrieved it. If a change has been
12935
+ # made, the update fails with a `WAFOptimisticLockException`. If this
12936
+ # happens, perform another `get`, and use the new token returned by
12937
+ # that operation.
11386
12938
  # @return [String]
11387
12939
  #
11388
12940
  # @!attribute [rw] arn