aws-sdk-wafv2 1.23.0 → 1.27.0

data/lib/aws-sdk-wafv2/types.rb

@@ -39,6 +39,8 @@ module Aws::WAFV2
     # This is used only to indicate the web request component for WAF to
     # inspect, in the FieldToMatch specification.
     #
+    # JSON specification: `"All": \{\}`
+    #
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/All AWS API Documentation
@@ -50,6 +52,8 @@ module Aws::WAFV2
     # This is used only to indicate the web request component for WAF to
     # inspect, in the FieldToMatch specification.
     #
+    # JSON specification: `"AllQueryArguments": \{\}`
+    #
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AllQueryArguments AWS API Documentation
@@ -339,6 +343,7 @@ module Aws::WAFV2
     #             managed_rule_group_statement: {
     #               vendor_name: "VendorName", # required
     #               name: "EntityName", # required
+    #               version: "VersionKeyString",
     #               excluded_rules: [
     #                 {
     #                   name: "EntityName", # required
@@ -352,6 +357,42 @@ module Aws::WAFV2
     #               scope: "LABEL", # required, accepts LABEL, NAMESPACE
     #               key: "LabelMatchKey", # required
     #             },
+    #             regex_match_statement: {
+    #               regex_string: "RegexPatternString", # required
+    #               field_to_match: { # required
+    #                 single_header: {
+    #                   name: "FieldToMatchData", # required
+    #                 },
+    #                 single_query_argument: {
+    #                   name: "FieldToMatchData", # required
+    #                 },
+    #                 all_query_arguments: {
+    #                 },
+    #                 uri_path: {
+    #                 },
+    #                 query_string: {
+    #                 },
+    #                 body: {
+    #                 },
+    #                 method: {
+    #                 },
+    #                 json_body: {
+    #                   match_pattern: { # required
+    #                     all: {
+    #                     },
+    #                     included_paths: ["JsonPointerPath"],
+    #                   },
+    #                   match_scope: "ALL", # required, accepts ALL, KEY, VALUE
+    #                   invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
+    #                 },
+    #               },
+    #               text_transformations: [ # required
+    #                 {
+    #                   priority: 1, # required
+    #                   type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
+    #                 },
+    #               ],
+    #             },
     #           },
     #         ],
     #       }
@@ -461,6 +502,8 @@ module Aws::WAFV2
     # This is used only to indicate the web request component for WAF to
     # inspect, in the FieldToMatch specification.
     #
+    # JSON specification: `"Body": \{\}`
+    #
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Body AWS API Documentation
@@ -863,6 +906,7 @@ module Aws::WAFV2
     #               managed_rule_group_statement: {
     #                 vendor_name: "VendorName", # required
     #                 name: "EntityName", # required
+    #                 version: "VersionKeyString",
     #                 excluded_rules: [
     #                   {
     #                     name: "EntityName", # required
@@ -876,6 +920,42 @@ module Aws::WAFV2
     #                 scope: "LABEL", # required, accepts LABEL, NAMESPACE
     #                 key: "LabelMatchKey", # required
     #               },
+    #               regex_match_statement: {
+    #                 regex_string: "RegexPatternString", # required
+    #                 field_to_match: { # required
+    #                   single_header: {
+    #                     name: "FieldToMatchData", # required
+    #                   },
+    #                   single_query_argument: {
+    #                     name: "FieldToMatchData", # required
+    #                   },
+    #                   all_query_arguments: {
+    #                   },
+    #                   uri_path: {
+    #                   },
+    #                   query_string: {
+    #                   },
+    #                   body: {
+    #                   },
+    #                   method: {
+    #                   },
+    #                   json_body: {
+    #                     match_pattern: { # required
+    #                       all: {
+    #                       },
+    #                       included_paths: ["JsonPointerPath"],
+    #                     },
+    #                     match_scope: "ALL", # required, accepts ALL, KEY, VALUE
+    #                     invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
+    #                   },
+    #                 },
+    #                 text_transformations: [ # required
+    #                   {
+    #                     priority: 1, # required
+    #                     type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
+    #                   },
+    #                 ],
+    #               },
     #             },
     #             action: {
     #               block: {
@@ -1094,7 +1174,7 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] ip_address_version
-    #   Specify IPV4 or IPV6.
+    #   The version of the IP addresses, either `IPV4` or `IPV6`.
     #   @return [String]
     #
     # @!attribute [rw] addresses
@@ -1492,6 +1572,7 @@ module Aws::WAFV2
     #               managed_rule_group_statement: {
     #                 vendor_name: "VendorName", # required
     #                 name: "EntityName", # required
+    #                 version: "VersionKeyString",
     #                 excluded_rules: [
     #                   {
     #                     name: "EntityName", # required
@@ -1505,6 +1586,42 @@ module Aws::WAFV2
     #                 scope: "LABEL", # required, accepts LABEL, NAMESPACE
     #                 key: "LabelMatchKey", # required
     #               },
+    #               regex_match_statement: {
+    #                 regex_string: "RegexPatternString", # required
+    #                 field_to_match: { # required
+    #                   single_header: {
+    #                     name: "FieldToMatchData", # required
+    #                   },
+    #                   single_query_argument: {
+    #                     name: "FieldToMatchData", # required
+    #                   },
+    #                   all_query_arguments: {
+    #                   },
+    #                   uri_path: {
+    #                   },
+    #                   query_string: {
+    #                   },
+    #                   body: {
+    #                   },
+    #                   method: {
+    #                   },
+    #                   json_body: {
+    #                     match_pattern: { # required
+    #                       all: {
+    #                       },
+    #                       included_paths: ["JsonPointerPath"],
+    #                     },
+    #                     match_scope: "ALL", # required, accepts ALL, KEY, VALUE
+    #                     invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
+    #                   },
+    #                 },
+    #                 text_transformations: [ # required
+    #                   {
+    #                     priority: 1, # required
+    #                     type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
+    #                   },
+    #                 ],
+    #               },
     #             },
     #             action: {
     #               block: {
@@ -1967,6 +2084,7 @@ module Aws::WAFV2
     #               managed_rule_group_statement: {
     #                 vendor_name: "VendorName", # required
     #                 name: "EntityName", # required
+    #                 version: "VersionKeyString",
     #                 excluded_rules: [
     #                   {
     #                     name: "EntityName", # required
@@ -1980,6 +2098,42 @@ module Aws::WAFV2
     #                 scope: "LABEL", # required, accepts LABEL, NAMESPACE
     #                 key: "LabelMatchKey", # required
     #               },
+    #               regex_match_statement: {
+    #                 regex_string: "RegexPatternString", # required
+    #                 field_to_match: { # required
+    #                   single_header: {
+    #                     name: "FieldToMatchData", # required
+    #                   },
+    #                   single_query_argument: {
+    #                     name: "FieldToMatchData", # required
+    #                   },
+    #                   all_query_arguments: {
+    #                   },
+    #                   uri_path: {
+    #                   },
+    #                   query_string: {
+    #                   },
+    #                   body: {
+    #                   },
+    #                   method: {
+    #                   },
+    #                   json_body: {
+    #                     match_pattern: { # required
+    #                       all: {
+    #                       },
+    #                       included_paths: ["JsonPointerPath"],
+    #                     },
+    #                     match_scope: "ALL", # required, accepts ALL, KEY, VALUE
+    #                     invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
+    #                   },
+    #                 },
+    #                 text_transformations: [ # required
+    #                   {
+    #                     priority: 1, # required
+    #                     type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
+    #                   },
+    #                 ],
+    #               },
     #             },
     #             action: {
     #               block: {
@@ -2415,15 +2569,15 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] web_acl_lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteFirewallManagerRuleGroupsRequest AWS API Documentation
@@ -2436,15 +2590,15 @@ module Aws::WAFV2
     end
 
     # @!attribute [rw] next_web_acl_lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteFirewallManagerRuleGroupsResponse AWS API Documentation
@@ -2492,15 +2646,15 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteIPSetRequest AWS API Documentation
@@ -2605,15 +2759,15 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteRegexPatternSetRequest AWS API Documentation
@@ -2668,15 +2822,15 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteRuleGroupRequest AWS API Documentation
@@ -2731,15 +2885,15 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DeleteWebACLRequest AWS API Documentation
@@ -2764,6 +2918,7 @@ module Aws::WAFV2
     #         vendor_name: "VendorName", # required
     #         name: "EntityName", # required
     #         scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
+    #         version_name: "VersionKeyString",
     #       }
     #
     # @!attribute [rw] vendor_name
@@ -2791,16 +2946,40 @@ module Aws::WAFV2
     #   * API and SDKs - For all calls, use the Region endpoint us-east-1.
     #   @return [String]
     #
+    # @!attribute [rw] version_name
+    #   The version of the rule group. You can only use a version that is
+    #   not scheduled for expiration. If you don't provide this, WAF uses
+    #   the vendor's default version.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DescribeManagedRuleGroupRequest AWS API Documentation
     #
     class DescribeManagedRuleGroupRequest < Struct.new(
       :vendor_name,
       :name,
-      :scope)
+      :scope,
+      :version_name)
       SENSITIVE = []
       include Aws::Structure
     end
 
+    # @!attribute [rw] version_name
+    #   The managed rule group's version.
+    #   @return [String]
+    #
+    # @!attribute [rw] sns_topic_arn
+    #   The Amazon resource name (ARN) of the Amazon Simple Notification
+    #   Service SNS topic that's used to record changes to the managed rule
+    #   group. You can subscribe to the SNS topic to receive notifications
+    #   when the managed rule group is modified, such as for new versions
+    #   and for version expiration. For more information, see the [Amazon
+    #   Simple Notification Service Developer Guide][1].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/sns/latest/dg/welcome.html
+    #   @return [String]
+    #
     # @!attribute [rw] capacity
     #   The web ACL capacity units (WCUs) required for this rule group. WAF
     #   uses web ACL capacity units (WCU) to calculate and control the
@@ -2847,6 +3026,8 @@ module Aws::WAFV2
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DescribeManagedRuleGroupResponse AWS API Documentation
     #
     class DescribeManagedRuleGroupResponse < Struct.new(
+      :version_name,
+      :sns_topic_arn,
       :capacity,
       :rules,
       :label_namespace,
@@ -2923,6 +3104,14 @@ module Aws::WAFV2
     # requires it. To inspect more than one component of a web request,
     # create a separate rule statement for each component.
     #
+    # JSON specification for a `QueryString` field to match:
+    #
+    # ` "FieldToMatch": \{ "QueryString": \{\} \}`
+    #
+    # Example JSON for a `Method` field to match specification:
+    #
+    # ` "FieldToMatch": \{ "Method": \{ "Name": "DELETE" \} \}`
+    #
     # @note When making an API call, you may pass FieldToMatch
     #   data as a hash:
     #
@@ -3164,8 +3353,8 @@ module Aws::WAFV2
     #   provide the ARN of the rule group in this statement.
     #
     #   You cannot nest a `RuleGroupReferenceStatement`, for example for use
-    #   inside a `NotStatement` or `OrStatement`. It can only be referenced
-    #   as a top-level statement within a rule.
+    #   inside a `NotStatement` or `OrStatement`. You can only use a rule
+    #   group reference statement at the top level inside a web ACL.
     #   @return [Types::RuleGroupReferenceStatement]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/FirewallManagerStatement AWS API Documentation
@@ -3330,15 +3519,15 @@ module Aws::WAFV2
     #   @return [Types::IPSet]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetIPSetResponse AWS API Documentation
@@ -3382,6 +3571,79 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass GetManagedRuleSetRequest
+    #   data as a hash:
+    #
+    #       {
+    #         name: "EntityName", # required
+    #         scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
+    #         id: "EntityId", # required
+    #       }
+    #
+    # @!attribute [rw] name
+    #   The name of the managed rule set. You use this, along with the rule
+    #   set ID, to identify the rule set.
+    #
+    #   This name is assigned to the corresponding managed rule group, which
+    #   your customers can access and use.
+    #   @return [String]
+    #
+    # @!attribute [rw] scope
+    #   Specifies whether this is for an Amazon CloudFront distribution or
+    #   for a regional application. A regional application can be an
+    #   Application Load Balancer (ALB), an Amazon API Gateway REST API, or
+    #   an AppSync GraphQL API.
+    #
+    #   To work with CloudFront, you must also specify the Region US East
+    #   (N. Virginia) as follows:
+    #
+    #   * CLI - Specify the Region when you use the CloudFront scope:
+    #     `--scope=CLOUDFRONT --region=us-east-1`.
+    #
+    #   * API and SDKs - For all calls, use the Region endpoint us-east-1.
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   A unique identifier for the managed rule set. The ID is returned in
+    #   the responses to commands like `list`. You provide it to operations
+    #   like `get` and `update`.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetManagedRuleSetRequest AWS API Documentation
+    #
+    class GetManagedRuleSetRequest < Struct.new(
+      :name,
+      :scope,
+      :id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] managed_rule_set
+    #   The managed rule set that you requested.
+    #   @return [Types::ManagedRuleSet]
+    #
+    # @!attribute [rw] lock_token
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetManagedRuleSetResponse AWS API Documentation
+    #
+    class GetManagedRuleSetResponse < Struct.new(
+      :managed_rule_set,
+      :lock_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass GetPermissionPolicyRequest
     #   data as a hash:
     #
@@ -3421,6 +3683,7 @@ module Aws::WAFV2
     #         scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
     #         web_acl_name: "EntityName", # required
     #         web_acl_id: "EntityId", # required
+    #         rule_group_rule_name: "EntityName",
     #         rule_name: "EntityName", # required
     #       }
     #
@@ -3450,8 +3713,17 @@ module Aws::WAFV2
     #   like update and delete.
     #   @return [String]
     #
+    # @!attribute [rw] rule_group_rule_name
+    #   The name of the rule group reference statement in your web ACL. This
+    #   is required only when you have the rate-based rule nested inside a
+    #   rule group.
+    #   @return [String]
+    #
     # @!attribute [rw] rule_name
-    #   The name of the rate-based rule to get the keys for.
+    #   The name of the rate-based rule to get the keys for. If you have the
+    #   rule defined inside a rule group that you're using in your web ACL,
+    #   also provide the name of the rule group reference statement in the
+    #   request parameter `RuleGroupRuleName`.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetRateBasedStatementManagedKeysRequest AWS API Documentation
@@ -3460,6 +3732,7 @@ module Aws::WAFV2
       :scope,
       :web_acl_name,
       :web_acl_id,
+      :rule_group_rule_name,
       :rule_name)
       SENSITIVE = []
       include Aws::Structure
@@ -3531,15 +3804,15 @@ module Aws::WAFV2
     #   @return [Types::RegexPatternSet]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetRegexPatternSetResponse AWS API Documentation
@@ -3606,15 +3879,15 @@ module Aws::WAFV2
     #   @return [Types::RuleGroup]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetRuleGroupResponse AWS API Documentation
@@ -3809,15 +4082,15 @@ module Aws::WAFV2
     #   @return [Types::WebACL]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetWebACLResponse AWS API Documentation
@@ -3942,7 +4215,7 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] ip_address_version
-    #   Specify IPV4 or IPV6.
+    #   The version of the IP addresses, either `IPV4` or `IPV6`.
     #   @return [String]
     #
     # @!attribute [rw] addresses
@@ -4143,15 +4416,15 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @!attribute [rw] arn
@@ -4179,6 +4452,9 @@ module Aws::WAFV2
     # inspects only the parts of the JSON that result from the matches that
     # you indicate.
     #
+    # Example JSON: `"JsonBody": \{ "MatchPattern": \{ "All": \{\} \},
+    # "MatchScope": "ALL" \}`
+    #
     # @note When making an API call, you may pass JsonBody
     #   data as a hash:
     #
@@ -4220,9 +4496,9 @@ module Aws::WAFV2
     #   content only up to the first parsing failure that it encounters.
     #
     #   WAF does its best to parse the entire JSON body, but might be forced
-    #   to stop for reasons such as characters that aren't valid, duplicate
-    #   keys, truncation, and any content whose root node isn't an object
-    #   or an array.
+    #   to stop for reasons such as invalid characters, duplicate keys,
+    #   truncation, and any content whose root node isn't an object or an
+    #   array.
     #
     #   WAF parses the JSON in the following examples as two valid key,
     #   value pairs:
@@ -4418,15 +4694,27 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListAvailableManagedRuleGroupsRequest
+    # @note When making an API call, you may pass ListAvailableManagedRuleGroupVersionsRequest
     #   data as a hash:
     #
     #       {
+    #         vendor_name: "VendorName", # required
+    #         name: "EntityName", # required
     #         scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
     #         next_marker: "NextMarker",
     #         limit: 1,
     #       }
     #
+    # @!attribute [rw] vendor_name
+    #   The name of the managed rule group vendor. You use this, along with
+    #   the rule group name, to identify the rule group.
+    #   @return [String]
+    #
+    # @!attribute [rw] name
+    #   The name of the managed rule group. You use this, along with the
+    #   vendor name, to identify the rule group.
+    #   @return [String]
+    #
     # @!attribute [rw] scope
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
@@ -4457,9 +4745,11 @@ module Aws::WAFV2
     #   to get the next batch of objects.
     #   @return [Integer]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListAvailableManagedRuleGroupsRequest AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListAvailableManagedRuleGroupVersionsRequest AWS API Documentation
     #
-    class ListAvailableManagedRuleGroupsRequest < Struct.new(
+    class ListAvailableManagedRuleGroupVersionsRequest < Struct.new(
+      :vendor_name,
+      :name,
       :scope,
       :next_marker,
       :limit)
@@ -4475,19 +4765,21 @@ module Aws::WAFV2
     #   your next request.
     #   @return [String]
     #
-    # @!attribute [rw] managed_rule_groups
-    #   @return [Array<Types::ManagedRuleGroupSummary>]
+    # @!attribute [rw] versions
+    #   The versions that are currently available for the specified managed
+    #   rule group.
+    #   @return [Array<Types::ManagedRuleGroupVersion>]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListAvailableManagedRuleGroupsResponse AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListAvailableManagedRuleGroupVersionsResponse AWS API Documentation
     #
-    class ListAvailableManagedRuleGroupsResponse < Struct.new(
+    class ListAvailableManagedRuleGroupVersionsResponse < Struct.new(
       :next_marker,
-      :managed_rule_groups)
+      :versions)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListIPSetsRequest
+    # @note When making an API call, you may pass ListAvailableManagedRuleGroupsRequest
     #   data as a hash:
     #
     #       {
@@ -4526,9 +4818,9 @@ module Aws::WAFV2
     #   to get the next batch of objects.
     #   @return [Integer]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListIPSetsRequest AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListAvailableManagedRuleGroupsRequest AWS API Documentation
     #
-    class ListIPSetsRequest < Struct.new(
+    class ListAvailableManagedRuleGroupsRequest < Struct.new(
       :scope,
       :next_marker,
       :limit)
@@ -4544,25 +4836,23 @@ module Aws::WAFV2
     #   your next request.
     #   @return [String]
     #
-    # @!attribute [rw] ip_sets
-    #   Array of IPSets. This may not be the full list of IPSets that you
-    #   have defined. See the `Limit` specification for this request.
-    #   @return [Array<Types::IPSetSummary>]
+    # @!attribute [rw] managed_rule_groups
+    #   @return [Array<Types::ManagedRuleGroupSummary>]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListIPSetsResponse AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListAvailableManagedRuleGroupsResponse AWS API Documentation
     #
-    class ListIPSetsResponse < Struct.new(
+    class ListAvailableManagedRuleGroupsResponse < Struct.new(
       :next_marker,
-      :ip_sets)
+      :managed_rule_groups)
       SENSITIVE = []
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListLoggingConfigurationsRequest
+    # @note When making an API call, you may pass ListIPSetsRequest
     #   data as a hash:
     #
     #       {
-    #         scope: "CLOUDFRONT", # accepts CLOUDFRONT, REGIONAL
+    #         scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
     #         next_marker: "NextMarker",
     #         limit: 1,
     #       }
@@ -4597,9 +4887,9 @@ module Aws::WAFV2
     #   to get the next batch of objects.
     #   @return [Integer]
     #
-    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListLoggingConfigurationsRequest AWS API Documentation
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListIPSetsRequest AWS API Documentation
     #
-    class ListLoggingConfigurationsRequest < Struct.new(
+    class ListIPSetsRequest < Struct.new(
       :scope,
       :next_marker,
       :limit)
@@ -4607,8 +4897,79 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
-    # @!attribute [rw] logging_configurations
-    #   @return [Array<Types::LoggingConfiguration>]
+    # @!attribute [rw] next_marker
+    #   When you request a list of objects with a `Limit` setting, if the
+    #   number of objects that are still available for retrieval exceeds the
+    #   limit, WAF returns a `NextMarker` value in the response. To retrieve
+    #   the next batch of objects, provide the marker from the prior call in
+    #   your next request.
+    #   @return [String]
+    #
+    # @!attribute [rw] ip_sets
+    #   Array of IPSets. This may not be the full list of IPSets that you
+    #   have defined. See the `Limit` specification for this request.
+    #   @return [Array<Types::IPSetSummary>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListIPSetsResponse AWS API Documentation
+    #
+    class ListIPSetsResponse < Struct.new(
+      :next_marker,
+      :ip_sets)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass ListLoggingConfigurationsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         scope: "CLOUDFRONT", # accepts CLOUDFRONT, REGIONAL
+    #         next_marker: "NextMarker",
+    #         limit: 1,
+    #       }
+    #
+    # @!attribute [rw] scope
+    #   Specifies whether this is for an Amazon CloudFront distribution or
+    #   for a regional application. A regional application can be an
+    #   Application Load Balancer (ALB), an Amazon API Gateway REST API, or
+    #   an AppSync GraphQL API.
+    #
+    #   To work with CloudFront, you must also specify the Region US East
+    #   (N. Virginia) as follows:
+    #
+    #   * CLI - Specify the Region when you use the CloudFront scope:
+    #     `--scope=CLOUDFRONT --region=us-east-1`.
+    #
+    #   * API and SDKs - For all calls, use the Region endpoint us-east-1.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_marker
+    #   When you request a list of objects with a `Limit` setting, if the
+    #   number of objects that are still available for retrieval exceeds the
+    #   limit, WAF returns a `NextMarker` value in the response. To retrieve
+    #   the next batch of objects, provide the marker from the prior call in
+    #   your next request.
+    #   @return [String]
+    #
+    # @!attribute [rw] limit
+    #   The maximum number of objects that you want WAF to return for this
+    #   request. If more objects are available, in the response, WAF
+    #   provides a `NextMarker` value that you can use in a subsequent call
+    #   to get the next batch of objects.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListLoggingConfigurationsRequest AWS API Documentation
+    #
+    class ListLoggingConfigurationsRequest < Struct.new(
+      :scope,
+      :next_marker,
+      :limit)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] logging_configurations
+    #   @return [Array<Types::LoggingConfiguration>]
     #
     # @!attribute [rw] next_marker
     #   When you request a list of objects with a `Limit` setting, if the
@@ -4627,6 +4988,76 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListManagedRuleSetsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
+    #         next_marker: "NextMarker",
+    #         limit: 1,
+    #       }
+    #
+    # @!attribute [rw] scope
+    #   Specifies whether this is for an Amazon CloudFront distribution or
+    #   for a regional application. A regional application can be an
+    #   Application Load Balancer (ALB), an Amazon API Gateway REST API, or
+    #   an AppSync GraphQL API.
+    #
+    #   To work with CloudFront, you must also specify the Region US East
+    #   (N. Virginia) as follows:
+    #
+    #   * CLI - Specify the Region when you use the CloudFront scope:
+    #     `--scope=CLOUDFRONT --region=us-east-1`.
+    #
+    #   * API and SDKs - For all calls, use the Region endpoint us-east-1.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_marker
+    #   When you request a list of objects with a `Limit` setting, if the
+    #   number of objects that are still available for retrieval exceeds the
+    #   limit, WAF returns a `NextMarker` value in the response. To retrieve
+    #   the next batch of objects, provide the marker from the prior call in
+    #   your next request.
+    #   @return [String]
+    #
+    # @!attribute [rw] limit
+    #   The maximum number of objects that you want WAF to return for this
+    #   request. If more objects are available, in the response, WAF
+    #   provides a `NextMarker` value that you can use in a subsequent call
+    #   to get the next batch of objects.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListManagedRuleSetsRequest AWS API Documentation
+    #
+    class ListManagedRuleSetsRequest < Struct.new(
+      :scope,
+      :next_marker,
+      :limit)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] next_marker
+    #   When you request a list of objects with a `Limit` setting, if the
+    #   number of objects that are still available for retrieval exceeds the
+    #   limit, WAF returns a `NextMarker` value in the response. To retrieve
+    #   the next batch of objects, provide the marker from the prior call in
+    #   your next request.
+    #   @return [String]
+    #
+    # @!attribute [rw] managed_rule_sets
+    #   Your managed rule sets.
+    #   @return [Array<Types::ManagedRuleSetSummary>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListManagedRuleSetsResponse AWS API Documentation
+    #
+    class ListManagedRuleSetsResponse < Struct.new(
+      :next_marker,
+      :managed_rule_sets)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListRegexPatternSetsRequest
     #   data as a hash:
     #
@@ -5008,11 +5439,11 @@ module Aws::WAFV2
     #
     # @!attribute [rw] redacted_fields
     #   The parts of the request that you want to keep out of the logs. For
-    #   example, if you redact the `HEADER` field, the `HEADER` field in the
-    #   firehose will be `xxx`.
+    #   example, if you redact the `SingleHeader` field, the `HEADER` field
+    #   in the firehose will be `xxx`.
     #
-    #   <note markdown="1"> You must use one of the following values: `URI`, `QUERY_STRING`,
-    #   `HEADER`, or `METHOD`.
+    #   <note markdown="1"> You can specify only the following fields for redaction: `UriPath`,
+    #   `QueryString`, `SingleHeader`, `Method`, and `JsonBody`.
     #
     #    </note>
     #   @return [Array<Types::FieldToMatch>]
@@ -5104,6 +5535,7 @@ module Aws::WAFV2
     #       {
     #         vendor_name: "VendorName", # required
     #         name: "EntityName", # required
+    #         version: "VersionKeyString",
     #         excluded_rules: [
     #           {
     #             name: "EntityName", # required
@@ -5346,6 +5778,7 @@ module Aws::WAFV2
     #           managed_rule_group_statement: {
     #             vendor_name: "VendorName", # required
     #             name: "EntityName", # required
+    #             version: "VersionKeyString",
     #             excluded_rules: [
     #               {
     #                 name: "EntityName", # required
@@ -5359,6 +5792,42 @@ module Aws::WAFV2
     #             scope: "LABEL", # required, accepts LABEL, NAMESPACE
     #             key: "LabelMatchKey", # required
     #           },
+    #           regex_match_statement: {
+    #             regex_string: "RegexPatternString", # required
+    #             field_to_match: { # required
+    #               single_header: {
+    #                 name: "FieldToMatchData", # required
+    #               },
+    #               single_query_argument: {
+    #                 name: "FieldToMatchData", # required
+    #               },
+    #               all_query_arguments: {
+    #               },
+    #               uri_path: {
+    #               },
+    #               query_string: {
+    #               },
+    #               body: {
+    #               },
+    #               method: {
+    #               },
+    #               json_body: {
+    #                 match_pattern: { # required
+    #                   all: {
+    #                   },
+    #                   included_paths: ["JsonPointerPath"],
+    #                 },
+    #                 match_scope: "ALL", # required, accepts ALL, KEY, VALUE
+    #                 invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
+    #               },
+    #             },
+    #             text_transformations: [ # required
+    #               {
+    #                 priority: 1, # required
+    #                 type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
+    #               },
+    #             ],
+    #           },
     #         },
     #       }
     #
@@ -5372,6 +5841,14 @@ module Aws::WAFV2
     #   vendor name, to identify the rule group.
     #   @return [String]
     #
+    # @!attribute [rw] version
+    #   The version of the managed rule group to use. If you specify this,
+    #   the version setting is fixed until you change it. If you don't
+    #   specify this, WAF uses the vendor's default version, and then keeps
+    #   the version at the vendor's default when the vendor updates the
+    #   managed rule group settings.
+    #   @return [String]
+    #
     # @!attribute [rw] excluded_rules
     #   The rules whose actions are set to `COUNT` by the web ACL,
     #   regardless of the action that is set on the rule. This effectively
@@ -5392,6 +5869,7 @@ module Aws::WAFV2
     class ManagedRuleGroupStatement < Struct.new(
       :vendor_name,
       :name,
+      :version,
       :excluded_rules,
       :scope_down_statement)
       SENSITIVE = []
@@ -5403,8 +5881,9 @@ module Aws::WAFV2
     # name and vendor name, that you provide when you add a
     # ManagedRuleGroupStatement to a web ACL. Managed rule groups include
     # Amazon Web Services Managed Rules rule groups, which are free of
-    # charge to WAF customers, and Marketplace managed rule groups, which
-    # you can subscribe to through Marketplace.
+    # charge to WAF customers, and Amazon Web Services Marketplace managed
+    # rule groups, which you can subscribe to through Amazon Web Services
+    # Marketplace.
     #
     # @!attribute [rw] vendor_name
     #   The name of the managed rule group vendor. You use this, along with
@@ -5418,7 +5897,8 @@ module Aws::WAFV2
     #
     # @!attribute [rw] description
     #   The description of the managed rule group, provided by Amazon Web
-    #   Services Managed Rules or the Marketplace seller who manages it.
+    #   Services Managed Rules or the Amazon Web Services Marketplace seller
+    #   who manages it.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleGroupSummary AWS API Documentation
@@ -5431,12 +5911,263 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # Describes a single version of a managed rule group.
+    #
+    # @!attribute [rw] name
+    #   The version name.
+    #   @return [String]
+    #
+    # @!attribute [rw] last_update_timestamp
+    #   The date and time that the managed rule group owner updated the rule
+    #   group version information.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleGroupVersion AWS API Documentation
+    #
+    class ManagedRuleGroupVersion < Struct.new(
+      :name,
+      :last_update_timestamp)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # A set of rules that is managed by Amazon Web Services and Amazon Web
+    # Services Marketplace sellers to provide versioned managed rule groups
+    # for customers of WAF.
+    #
+    # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
+    # are Amazon Web Services and Amazon Web Services Marketplace sellers.
+    #
+    #  Vendors, you can use the managed rule set APIs to provide controlled
+    # rollout of your versioned managed rule group offerings for your
+    # customers. The APIs are `ListManagedRuleSets`, `GetManagedRuleSet`,
+    # `PutManagedRuleSetVersions`, and
+    # `UpdateManagedRuleSetVersionExpiryDate`.
+    #
+    #  </note>
+    #
+    # @!attribute [rw] name
+    #   The name of the managed rule set. You use this, along with the rule
+    #   set ID, to identify the rule set.
+    #
+    #   This name is assigned to the corresponding managed rule group, which
+    #   your customers can access and use.
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   A unique identifier for the managed rule set. The ID is returned in
+    #   the responses to commands like `list`. You provide it to operations
+    #   like `get` and `update`.
+    #   @return [String]
+    #
+    # @!attribute [rw] arn
+    #   The Amazon Resource Name (ARN) of the entity.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   A description of the set that helps with identification.
+    #   @return [String]
+    #
+    # @!attribute [rw] published_versions
+    #   The versions of this managed rule set that are available for use by
+    #   customers.
+    #   @return [Hash<String,Types::ManagedRuleSetVersion>]
+    #
+    # @!attribute [rw] recommended_version
+    #   The version that you would like your customers to use.
+    #   @return [String]
+    #
+    # @!attribute [rw] label_namespace
+    #   The label namespace prefix for the managed rule groups that are
+    #   offered to customers from this managed rule set. All labels that are
+    #   added by rules in the managed rule group have this prefix.
+    #
+    #   * The syntax for the label namespace prefix for a managed rule group
+    #     is the following:
+    #
+    #     `awswaf:managed:<vendor>:<rule group name>`\:
+    #
+    #   * When a rule with a label matches a web request, WAF adds the fully
+    #     qualified label to the request. A fully qualified label is made up
+    #     of the label namespace from the rule group or web ACL where the
+    #     rule is defined and the label from the rule, separated by a colon:
+    #
+    #     `<label namespace>:<label from rule>`
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleSet AWS API Documentation
+    #
+    class ManagedRuleSet < Struct.new(
+      :name,
+      :id,
+      :arn,
+      :description,
+      :published_versions,
+      :recommended_version,
+      :label_namespace)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # High-level information for a managed rule set.
+    #
+    # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
+    # are Amazon Web Services and Amazon Web Services Marketplace sellers.
+    #
+    #  Vendors, you can use the managed rule set APIs to provide controlled
+    # rollout of your versioned managed rule group offerings for your
+    # customers. The APIs are `ListManagedRuleSets`, `GetManagedRuleSet`,
+    # `PutManagedRuleSetVersions`, and
+    # `UpdateManagedRuleSetVersionExpiryDate`.
+    #
+    #  </note>
+    #
+    # @!attribute [rw] name
+    #   The name of the managed rule set. You use this, along with the rule
+    #   set ID, to identify the rule set.
+    #
+    #   This name is assigned to the corresponding managed rule group, which
+    #   your customers can access and use.
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   A unique identifier for the managed rule set. The ID is returned in
+    #   the responses to commands like `list`. You provide it to operations
+    #   like `get` and `update`.
+    #   @return [String]
+    #
+    # @!attribute [rw] description
+    #   A description of the set that helps with identification.
+    #   @return [String]
+    #
+    # @!attribute [rw] lock_token
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
+    #   @return [String]
+    #
+    # @!attribute [rw] arn
+    #   The Amazon Resource Name (ARN) of the entity.
+    #   @return [String]
+    #
+    # @!attribute [rw] label_namespace
+    #   The label namespace prefix for the managed rule groups that are
+    #   offered to customers from this managed rule set. All labels that are
+    #   added by rules in the managed rule group have this prefix.
+    #
+    #   * The syntax for the label namespace prefix for a managed rule group
+    #     is the following:
+    #
+    #     `awswaf:managed:<vendor>:<rule group name>`\:
+    #
+    #   * When a rule with a label matches a web request, WAF adds the fully
+    #     qualified label to the request. A fully qualified label is made up
+    #     of the label namespace from the rule group or web ACL where the
+    #     rule is defined and the label from the rule, separated by a colon:
+    #
+    #     `<label namespace>:<label from rule>`
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleSetSummary AWS API Documentation
+    #
+    class ManagedRuleSetSummary < Struct.new(
+      :name,
+      :id,
+      :description,
+      :lock_token,
+      :arn,
+      :label_namespace)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Information for a single version of a managed rule set.
+    #
+    # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
+    # are Amazon Web Services and Amazon Web Services Marketplace sellers.
+    #
+    #  Vendors, you can use the managed rule set APIs to provide controlled
+    # rollout of your versioned managed rule group offerings for your
+    # customers. The APIs are `ListManagedRuleSets`, `GetManagedRuleSet`,
+    # `PutManagedRuleSetVersions`, and
+    # `UpdateManagedRuleSetVersionExpiryDate`.
+    #
+    #  </note>
+    #
+    # @!attribute [rw] associated_rule_group_arn
+    #   The Amazon Resource Name (ARN) of the vendor rule group that's used
+    #   to define the published version of your managed rule group.
+    #   @return [String]
+    #
+    # @!attribute [rw] capacity
+    #   The web ACL capacity units (WCUs) required for this rule group.
+    #
+    #   WAF uses WCUs to calculate and control the operating resources that
+    #   are used to run your rules, rule groups, and web ACLs. WAF
+    #   calculates capacity differently for each rule type, to reflect the
+    #   relative cost of each rule. Simple rules that cost little to run use
+    #   fewer WCUs than more complex rules that use more processing power.
+    #   Rule group capacity is fixed at creation, which helps users plan
+    #   their web ACL WCU usage when they use a rule group. The WCU limit
+    #   for web ACLs is 1,500.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] forecasted_lifetime
+    #   The amount of time you expect this version of your managed rule
+    #   group to last, in days.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] publish_timestamp
+    #   The time that you first published this version.
+    #
+    #   Times are in Coordinated Universal Time (UTC) format. UTC format
+    #   includes the special designator, Z. For example,
+    #   "2016-09-27T14:50Z".
+    #   @return [Time]
+    #
+    # @!attribute [rw] last_update_timestamp
+    #   The last time that you updated this version.
+    #
+    #   Times are in Coordinated Universal Time (UTC) format. UTC format
+    #   includes the special designator, Z. For example,
+    #   "2016-09-27T14:50Z".
+    #   @return [Time]
+    #
+    # @!attribute [rw] expiry_timestamp
+    #   The time that this version is set to expire.
+    #
+    #   Times are in Coordinated Universal Time (UTC) format. UTC format
+    #   includes the special designator, Z. For example,
+    #   "2016-09-27T14:50Z".
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleSetVersion AWS API Documentation
+    #
+    class ManagedRuleSetVersion < Struct.new(
+      :associated_rule_group_arn,
+      :capacity,
+      :forecasted_lifetime,
+      :publish_timestamp,
+      :last_update_timestamp,
+      :expiry_timestamp)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The HTTP method of a web request. The method indicates the type of
     # operation that the request is asking the origin to perform.
     #
     # This is used only to indicate the web request component for WAF to
     # inspect, in the FieldToMatch specification.
     #
+    # JSON specification: `"Method": \{\}`
+    #
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Method AWS API Documentation
@@ -5450,6 +6181,8 @@ module Aws::WAFV2
     # This is used in the context of other settings, for example to specify
     # values for RuleAction and web ACL DefaultAction.
     #
+    # JSON specification: `"None": \{\}`
+    #
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/NoneAction AWS API Documentation
@@ -5700,6 +6433,7 @@ module Aws::WAFV2
     #           managed_rule_group_statement: {
     #             vendor_name: "VendorName", # required
     #             name: "EntityName", # required
+    #             version: "VersionKeyString",
     #             excluded_rules: [
     #               {
     #                 name: "EntityName", # required
@@ -5713,6 +6447,42 @@ module Aws::WAFV2
     #             scope: "LABEL", # required, accepts LABEL, NAMESPACE
     #             key: "LabelMatchKey", # required
     #           },
+    #           regex_match_statement: {
+    #             regex_string: "RegexPatternString", # required
+    #             field_to_match: { # required
+    #               single_header: {
+    #                 name: "FieldToMatchData", # required
+    #               },
+    #               single_query_argument: {
+    #                 name: "FieldToMatchData", # required
+    #               },
+    #               all_query_arguments: {
+    #               },
+    #               uri_path: {
+    #               },
+    #               query_string: {
+    #               },
+    #               body: {
+    #               },
+    #               method: {
+    #               },
+    #               json_body: {
+    #                 match_pattern: { # required
+    #                   all: {
+    #                   },
+    #                   included_paths: ["JsonPointerPath"],
+    #                 },
+    #                 match_scope: "ALL", # required, accepts ALL, KEY, VALUE
+    #                 invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
+    #               },
+    #             },
+    #             text_transformations: [ # required
+    #               {
+    #                 priority: 1, # required
+    #                 type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
+    #               },
+    #             ],
+    #           },
     #         },
     #       }
     #
@@ -5970,6 +6740,7 @@ module Aws::WAFV2
     #             managed_rule_group_statement: {
     #               vendor_name: "VendorName", # required
     #               name: "EntityName", # required
+    #               version: "VersionKeyString",
     #               excluded_rules: [
     #                 {
     #                   name: "EntityName", # required
@@ -5983,6 +6754,42 @@ module Aws::WAFV2
     #               scope: "LABEL", # required, accepts LABEL, NAMESPACE
     #               key: "LabelMatchKey", # required
     #             },
+    #             regex_match_statement: {
+    #               regex_string: "RegexPatternString", # required
+    #               field_to_match: { # required
+    #                 single_header: {
+    #                   name: "FieldToMatchData", # required
+    #                 },
+    #                 single_query_argument: {
+    #                   name: "FieldToMatchData", # required
+    #                 },
+    #                 all_query_arguments: {
+    #                 },
+    #                 uri_path: {
+    #                 },
+    #                 query_string: {
+    #                 },
+    #                 body: {
+    #                 },
+    #                 method: {
+    #                 },
+    #                 json_body: {
+    #                   match_pattern: { # required
+    #                     all: {
+    #                     },
+    #                     included_paths: ["JsonPointerPath"],
+    #                   },
+    #                   match_scope: "ALL", # required, accepts ALL, KEY, VALUE
+    #                   invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
+    #                 },
+    #               },
+    #               text_transformations: [ # required
+    #                 {
+    #                   priority: 1, # required
+    #                   type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
+    #                 },
+    #               ],
+    #             },
     #           },
     #         ],
     #       }
@@ -6133,6 +6940,107 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass PutManagedRuleSetVersionsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         name: "EntityName", # required
+    #         scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
+    #         id: "EntityId", # required
+    #         lock_token: "LockToken", # required
+    #         recommended_version: "VersionKeyString",
+    #         versions_to_publish: {
+    #           "VersionKeyString" => {
+    #             associated_rule_group_arn: "ResourceArn",
+    #             forecasted_lifetime: 1,
+    #           },
+    #         },
+    #       }
+    #
+    # @!attribute [rw] name
+    #   The name of the managed rule set. You use this, along with the rule
+    #   set ID, to identify the rule set.
+    #
+    #   This name is assigned to the corresponding managed rule group, which
+    #   your customers can access and use.
+    #   @return [String]
+    #
+    # @!attribute [rw] scope
+    #   Specifies whether this is for an Amazon CloudFront distribution or
+    #   for a regional application. A regional application can be an
+    #   Application Load Balancer (ALB), an Amazon API Gateway REST API, or
+    #   an AppSync GraphQL API.
+    #
+    #   To work with CloudFront, you must also specify the Region US East
+    #   (N. Virginia) as follows:
+    #
+    #   * CLI - Specify the Region when you use the CloudFront scope:
+    #     `--scope=CLOUDFRONT --region=us-east-1`.
+    #
+    #   * API and SDKs - For all calls, use the Region endpoint us-east-1.
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   A unique identifier for the managed rule set. The ID is returned in
+    #   the responses to commands like `list`. You provide it to operations
+    #   like `get` and `update`.
+    #   @return [String]
+    #
+    # @!attribute [rw] lock_token
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
+    #   @return [String]
+    #
+    # @!attribute [rw] recommended_version
+    #   The version of the named managed rule group that you'd like your
+    #   customers to choose, from among your version offerings.
+    #   @return [String]
+    #
+    # @!attribute [rw] versions_to_publish
+    #   The versions of the named managed rule group that you want to offer
+    #   to your customers.
+    #   @return [Hash<String,Types::VersionToPublish>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/PutManagedRuleSetVersionsRequest AWS API Documentation
+    #
+    class PutManagedRuleSetVersionsRequest < Struct.new(
+      :name,
+      :scope,
+      :id,
+      :lock_token,
+      :recommended_version,
+      :versions_to_publish)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] next_lock_token
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/PutManagedRuleSetVersionsResponse AWS API Documentation
+    #
+    class PutManagedRuleSetVersionsResponse < Struct.new(
+      :next_lock_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass PutPermissionPolicyRequest
     #   data as a hash:
     #
@@ -6191,6 +7099,8 @@ module Aws::WAFV2
     # This is used only to indicate the web request component for WAF to
     # inspect, in the FieldToMatch specification.
     #
+    # JSON specification: `"QueryString": \{\}`
+    #
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/QueryString AWS API Documentation
@@ -6203,6 +7113,15 @@ module Aws::WAFV2
     # You can use this to put a temporary block on requests from an IP
     # address that is sending excessive requests.
     #
+    # WAF tracks and manages web requests separately for each instance of a
+    # rate-based rule that you use. For example, if you provide the same
+    # rate-based rule settings in two web ACLs, each of the two rule
+    # statements represents a separate instance of the rate-based rule and
+    # gets its own tracking and management by WAF. If you define a
+    # rate-based rule inside a rule group, and then use that rule group in
+    # multiple places, each use creates a separate instance of the
+    # rate-based rule that gets its own tracking and management by WAF.
+    #
     # When the rule action triggers, WAF blocks additional requests from the
     # IP address until the request rate falls below the limit.
     #
@@ -6226,9 +7145,9 @@ module Aws::WAFV2
     # not meet both conditions are not counted towards the rate limit and
     # are not affected by this rule.
     #
-    # You cannot nest a `RateBasedStatement`, for example for use inside a
-    # `NotStatement` or `OrStatement`. It can only be referenced as a
-    # top-level statement within a rule.
+    # You cannot nest a `RateBasedStatement` inside another statement, for
+    # example inside a `NotStatement` or `OrStatement`. You can define a
+    # `RateBasedStatement` inside a web ACL and inside a rule group.
     #
     # @note When making an API call, you may pass RateBasedStatement
     #   data as a hash:
@@ -6473,18 +7392,55 @@ module Aws::WAFV2
     #           managed_rule_group_statement: {
     #             vendor_name: "VendorName", # required
     #             name: "EntityName", # required
+    #             version: "VersionKeyString",
     #             excluded_rules: [
     #               {
-    #                 name: "EntityName", # required
+    #                 name: "EntityName", # required
+    #               },
+    #             ],
+    #             scope_down_statement: {
+    #               # recursive Statement
+    #             },
+    #           },
+    #           label_match_statement: {
+    #             scope: "LABEL", # required, accepts LABEL, NAMESPACE
+    #             key: "LabelMatchKey", # required
+    #           },
+    #           regex_match_statement: {
+    #             regex_string: "RegexPatternString", # required
+    #             field_to_match: { # required
+    #               single_header: {
+    #                 name: "FieldToMatchData", # required
+    #               },
+    #               single_query_argument: {
+    #                 name: "FieldToMatchData", # required
+    #               },
+    #               all_query_arguments: {
+    #               },
+    #               uri_path: {
+    #               },
+    #               query_string: {
+    #               },
+    #               body: {
+    #               },
+    #               method: {
+    #               },
+    #               json_body: {
+    #                 match_pattern: { # required
+    #                   all: {
+    #                   },
+    #                   included_paths: ["JsonPointerPath"],
+    #                 },
+    #                 match_scope: "ALL", # required, accepts ALL, KEY, VALUE
+    #                 invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
+    #               },
+    #             },
+    #             text_transformations: [ # required
+    #               {
+    #                 priority: 1, # required
+    #                 type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
     #               },
     #             ],
-    #             scope_down_statement: {
-    #               # recursive Statement
-    #             },
-    #           },
-    #           label_match_statement: {
-    #             scope: "LABEL", # required, accepts LABEL, NAMESPACE
-    #             key: "LabelMatchKey", # required
     #           },
     #         },
     #         forwarded_ip_config: {
@@ -6545,10 +7501,11 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
-    # The set of IP addresses that are currently blocked for a rate-based
-    # statement.
+    # The set of IP addresses that are currently blocked for a
+    # RateBasedStatement.
     #
     # @!attribute [rw] ip_address_version
+    #   The version of the IP addresses, either `IPV4` or `IPV6`.
     #   @return [String]
     #
     # @!attribute [rw] addresses
@@ -6585,6 +7542,77 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # A rule statement used to search web request components for a match
+    # against a single regular expression.
+    #
+    # @note When making an API call, you may pass RegexMatchStatement
+    #   data as a hash:
+    #
+    #       {
+    #         regex_string: "RegexPatternString", # required
+    #         field_to_match: { # required
+    #           single_header: {
+    #             name: "FieldToMatchData", # required
+    #           },
+    #           single_query_argument: {
+    #             name: "FieldToMatchData", # required
+    #           },
+    #           all_query_arguments: {
+    #           },
+    #           uri_path: {
+    #           },
+    #           query_string: {
+    #           },
+    #           body: {
+    #           },
+    #           method: {
+    #           },
+    #           json_body: {
+    #             match_pattern: { # required
+    #               all: {
+    #               },
+    #               included_paths: ["JsonPointerPath"],
+    #             },
+    #             match_scope: "ALL", # required, accepts ALL, KEY, VALUE
+    #             invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
+    #           },
+    #         },
+    #         text_transformations: [ # required
+    #           {
+    #             priority: 1, # required
+    #             type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] regex_string
+    #   The string representing the regular expression.
+    #   @return [String]
+    #
+    # @!attribute [rw] field_to_match
+    #   The part of a web request that you want WAF to inspect. For more
+    #   information, see FieldToMatch.
+    #   @return [Types::FieldToMatch]
+    #
+    # @!attribute [rw] text_transformations
+    #   Text transformations eliminate some of the unusual formatting that
+    #   attackers use in web requests in an effort to bypass detection. If
+    #   you specify one or more transformations in a rule statement, WAF
+    #   performs all transformations on the content of the request component
+    #   identified by `FieldToMatch`, starting from the lowest priority
+    #   setting, before inspecting the content for a match.
+    #   @return [Array<Types::TextTransformation>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RegexMatchStatement AWS API Documentation
+    #
+    class RegexMatchStatement < Struct.new(
+      :regex_string,
+      :field_to_match,
+      :text_transformations)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Contains one or more regular expressions.
     #
     # WAF assigns an ARN to each `RegexPatternSet` that you create. To use a
@@ -6729,15 +7757,15 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @!attribute [rw] arn
@@ -7004,6 +8032,7 @@ module Aws::WAFV2
     #           managed_rule_group_statement: {
     #             vendor_name: "VendorName", # required
     #             name: "EntityName", # required
+    #             version: "VersionKeyString",
     #             excluded_rules: [
     #               {
     #                 name: "EntityName", # required
@@ -7017,6 +8046,42 @@ module Aws::WAFV2
     #             scope: "LABEL", # required, accepts LABEL, NAMESPACE
     #             key: "LabelMatchKey", # required
     #           },
+    #           regex_match_statement: {
+    #             regex_string: "RegexPatternString", # required
+    #             field_to_match: { # required
+    #               single_header: {
+    #                 name: "FieldToMatchData", # required
+    #               },
+    #               single_query_argument: {
+    #                 name: "FieldToMatchData", # required
+    #               },
+    #               all_query_arguments: {
+    #               },
+    #               uri_path: {
+    #               },
+    #               query_string: {
+    #               },
+    #               body: {
+    #               },
+    #               method: {
+    #               },
+    #               json_body: {
+    #                 match_pattern: { # required
+    #                   all: {
+    #                   },
+    #                   included_paths: ["JsonPointerPath"],
+    #                 },
+    #                 match_scope: "ALL", # required, accepts ALL, KEY, VALUE
+    #                 invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
+    #               },
+    #             },
+    #             text_transformations: [ # required
+    #               {
+    #                 priority: 1, # required
+    #                 type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
+    #               },
+    #             ],
+    #           },
     #         },
     #         action: {
     #           block: {
@@ -7372,8 +8437,8 @@ module Aws::WAFV2
     # provide the ARN of the rule group in this statement.
     #
     # You cannot nest a `RuleGroupReferenceStatement`, for example for use
-    # inside a `NotStatement` or `OrStatement`. It can only be referenced as
-    # a top-level statement within a rule.
+    # inside a `NotStatement` or `OrStatement`. You can only use a rule
+    # group reference statement at the top level inside a web ACL.
     #
     # @note When making an API call, you may pass RuleGroupReferenceStatement
     #   data as a hash:
@@ -7427,15 +8492,15 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @!attribute [rw] arn
@@ -7555,6 +8620,8 @@ module Aws::WAFV2
     # This is used only to indicate the web request component for WAF to
     # inspect, in the FieldToMatch specification.
     #
+    # Example JSON: `"SingleHeader": \{ "Name": "haystack" \}`
+    #
     # @note When making an API call, you may pass SingleHeader
     #   data as a hash:
     #
@@ -7578,6 +8645,8 @@ module Aws::WAFV2
     # *UserName* or *SalesRegion*. The name can be up to 30 characters long
     # and isn't case sensitive.
     #
+    # Example JSON: `"SingleQueryArgument": \{ "Name": "myArgument" \}`
+    #
     # @note When making an API call, you may pass SingleQueryArgument
     #   data as a hash:
     #
@@ -8199,6 +9268,7 @@ module Aws::WAFV2
     #             managed_rule_group_statement: {
     #               vendor_name: "VendorName", # required
     #               name: "EntityName", # required
+    #               version: "VersionKeyString",
     #               excluded_rules: [
     #                 {
     #                   name: "EntityName", # required
@@ -8212,6 +9282,42 @@ module Aws::WAFV2
     #               scope: "LABEL", # required, accepts LABEL, NAMESPACE
     #               key: "LabelMatchKey", # required
     #             },
+    #             regex_match_statement: {
+    #               regex_string: "RegexPatternString", # required
+    #               field_to_match: { # required
+    #                 single_header: {
+    #                   name: "FieldToMatchData", # required
+    #                 },
+    #                 single_query_argument: {
+    #                   name: "FieldToMatchData", # required
+    #                 },
+    #                 all_query_arguments: {
+    #                 },
+    #                 uri_path: {
+    #                 },
+    #                 query_string: {
+    #                 },
+    #                 body: {
+    #                 },
+    #                 method: {
+    #                 },
+    #                 json_body: {
+    #                   match_pattern: { # required
+    #                     all: {
+    #                     },
+    #                     included_paths: ["JsonPointerPath"],
+    #                   },
+    #                   match_scope: "ALL", # required, accepts ALL, KEY, VALUE
+    #                   invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
+    #                 },
+    #               },
+    #               text_transformations: [ # required
+    #                 {
+    #                   priority: 1, # required
+    #                   type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
+    #                 },
+    #               ],
+    #             },
     #           },
     #           forwarded_ip_config: {
     #             header_name: "ForwardedIPHeaderName", # required
@@ -8451,6 +9557,7 @@ module Aws::WAFV2
     #               managed_rule_group_statement: {
     #                 vendor_name: "VendorName", # required
     #                 name: "EntityName", # required
+    #                 version: "VersionKeyString",
     #                 excluded_rules: [
     #                   {
     #                     name: "EntityName", # required
@@ -8464,6 +9571,42 @@ module Aws::WAFV2
     #                 scope: "LABEL", # required, accepts LABEL, NAMESPACE
     #                 key: "LabelMatchKey", # required
     #               },
+    #               regex_match_statement: {
+    #                 regex_string: "RegexPatternString", # required
+    #                 field_to_match: { # required
+    #                   single_header: {
+    #                     name: "FieldToMatchData", # required
+    #                   },
+    #                   single_query_argument: {
+    #                     name: "FieldToMatchData", # required
+    #                   },
+    #                   all_query_arguments: {
+    #                   },
+    #                   uri_path: {
+    #                   },
+    #                   query_string: {
+    #                   },
+    #                   body: {
+    #                   },
+    #                   method: {
+    #                   },
+    #                   json_body: {
+    #                     match_pattern: { # required
+    #                       all: {
+    #                       },
+    #                       included_paths: ["JsonPointerPath"],
+    #                     },
+    #                     match_scope: "ALL", # required, accepts ALL, KEY, VALUE
+    #                     invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
+    #                   },
+    #                 },
+    #                 text_transformations: [ # required
+    #                   {
+    #                     priority: 1, # required
+    #                     type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
+    #                   },
+    #                 ],
+    #               },
     #             },
     #           ],
     #         },
@@ -8700,6 +9843,7 @@ module Aws::WAFV2
     #               managed_rule_group_statement: {
     #                 vendor_name: "VendorName", # required
     #                 name: "EntityName", # required
+    #                 version: "VersionKeyString",
     #                 excluded_rules: [
     #                   {
     #                     name: "EntityName", # required
@@ -8713,6 +9857,42 @@ module Aws::WAFV2
     #                 scope: "LABEL", # required, accepts LABEL, NAMESPACE
     #                 key: "LabelMatchKey", # required
     #               },
+    #               regex_match_statement: {
+    #                 regex_string: "RegexPatternString", # required
+    #                 field_to_match: { # required
+    #                   single_header: {
+    #                     name: "FieldToMatchData", # required
+    #                   },
+    #                   single_query_argument: {
+    #                     name: "FieldToMatchData", # required
+    #                   },
+    #                   all_query_arguments: {
+    #                   },
+    #                   uri_path: {
+    #                   },
+    #                   query_string: {
+    #                   },
+    #                   body: {
+    #                   },
+    #                   method: {
+    #                   },
+    #                   json_body: {
+    #                     match_pattern: { # required
+    #                       all: {
+    #                       },
+    #                       included_paths: ["JsonPointerPath"],
+    #                     },
+    #                     match_scope: "ALL", # required, accepts ALL, KEY, VALUE
+    #                     invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
+    #                   },
+    #                 },
+    #                 text_transformations: [ # required
+    #                   {
+    #                     priority: 1, # required
+    #                     type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
+    #                   },
+    #                 ],
+    #               },
     #             },
     #           ],
     #         },
@@ -8944,32 +10124,70 @@ module Aws::WAFV2
     #                 {
     #                   # recursive Statement
     #                 },
-    #               ],
-    #             },
-    #             not_statement: {
-    #               # recursive NotStatement
-    #             },
-    #             managed_rule_group_statement: {
-    #               vendor_name: "VendorName", # required
-    #               name: "EntityName", # required
-    #               excluded_rules: [
+    #               ],
+    #             },
+    #             not_statement: {
+    #               # recursive NotStatement
+    #             },
+    #             managed_rule_group_statement: {
+    #               vendor_name: "VendorName", # required
+    #               name: "EntityName", # required
+    #               version: "VersionKeyString",
+    #               excluded_rules: [
+    #                 {
+    #                   name: "EntityName", # required
+    #                 },
+    #               ],
+    #               scope_down_statement: {
+    #                 # recursive Statement
+    #               },
+    #             },
+    #             label_match_statement: {
+    #               scope: "LABEL", # required, accepts LABEL, NAMESPACE
+    #               key: "LabelMatchKey", # required
+    #             },
+    #             regex_match_statement: {
+    #               regex_string: "RegexPatternString", # required
+    #               field_to_match: { # required
+    #                 single_header: {
+    #                   name: "FieldToMatchData", # required
+    #                 },
+    #                 single_query_argument: {
+    #                   name: "FieldToMatchData", # required
+    #                 },
+    #                 all_query_arguments: {
+    #                 },
+    #                 uri_path: {
+    #                 },
+    #                 query_string: {
+    #                 },
+    #                 body: {
+    #                 },
+    #                 method: {
+    #                 },
+    #                 json_body: {
+    #                   match_pattern: { # required
+    #                     all: {
+    #                     },
+    #                     included_paths: ["JsonPointerPath"],
+    #                   },
+    #                   match_scope: "ALL", # required, accepts ALL, KEY, VALUE
+    #                   invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
+    #                 },
+    #               },
+    #               text_transformations: [ # required
     #                 {
-    #                   name: "EntityName", # required
+    #                   priority: 1, # required
+    #                   type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
     #                 },
     #               ],
-    #               scope_down_statement: {
-    #                 # recursive Statement
-    #               },
-    #             },
-    #             label_match_statement: {
-    #               scope: "LABEL", # required, accepts LABEL, NAMESPACE
-    #               key: "LabelMatchKey", # required
     #             },
     #           },
     #         },
     #         managed_rule_group_statement: {
     #           vendor_name: "VendorName", # required
     #           name: "EntityName", # required
+    #           version: "VersionKeyString",
     #           excluded_rules: [
     #             {
     #               name: "EntityName", # required
@@ -9216,12 +10434,84 @@ module Aws::WAFV2
     #               scope: "LABEL", # required, accepts LABEL, NAMESPACE
     #               key: "LabelMatchKey", # required
     #             },
+    #             regex_match_statement: {
+    #               regex_string: "RegexPatternString", # required
+    #               field_to_match: { # required
+    #                 single_header: {
+    #                   name: "FieldToMatchData", # required
+    #                 },
+    #                 single_query_argument: {
+    #                   name: "FieldToMatchData", # required
+    #                 },
+    #                 all_query_arguments: {
+    #                 },
+    #                 uri_path: {
+    #                 },
+    #                 query_string: {
+    #                 },
+    #                 body: {
+    #                 },
+    #                 method: {
+    #                 },
+    #                 json_body: {
+    #                   match_pattern: { # required
+    #                     all: {
+    #                     },
+    #                     included_paths: ["JsonPointerPath"],
+    #                   },
+    #                   match_scope: "ALL", # required, accepts ALL, KEY, VALUE
+    #                   invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
+    #                 },
+    #               },
+    #               text_transformations: [ # required
+    #                 {
+    #                   priority: 1, # required
+    #                   type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
+    #                 },
+    #               ],
+    #             },
     #           },
     #         },
     #         label_match_statement: {
     #           scope: "LABEL", # required, accepts LABEL, NAMESPACE
     #           key: "LabelMatchKey", # required
     #         },
+    #         regex_match_statement: {
+    #           regex_string: "RegexPatternString", # required
+    #           field_to_match: { # required
+    #             single_header: {
+    #               name: "FieldToMatchData", # required
+    #             },
+    #             single_query_argument: {
+    #               name: "FieldToMatchData", # required
+    #             },
+    #             all_query_arguments: {
+    #             },
+    #             uri_path: {
+    #             },
+    #             query_string: {
+    #             },
+    #             body: {
+    #             },
+    #             method: {
+    #             },
+    #             json_body: {
+    #               match_pattern: { # required
+    #                 all: {
+    #                 },
+    #                 included_paths: ["JsonPointerPath"],
+    #               },
+    #               match_scope: "ALL", # required, accepts ALL, KEY, VALUE
+    #               invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
+    #             },
+    #           },
+    #           text_transformations: [ # required
+    #             {
+    #               priority: 1, # required
+    #               type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
+    #             },
+    #           ],
+    #         },
     #       }
     #
     # @!attribute [rw] byte_match_statement
@@ -9284,8 +10574,8 @@ module Aws::WAFV2
     #   provide the ARN of the rule group in this statement.
     #
     #   You cannot nest a `RuleGroupReferenceStatement`, for example for use
-    #   inside a `NotStatement` or `OrStatement`. It can only be referenced
-    #   as a top-level statement within a rule.
+    #   inside a `NotStatement` or `OrStatement`. You can only use a rule
+    #   group reference statement at the top level inside a web ACL.
     #   @return [Types::RuleGroupReferenceStatement]
     #
     # @!attribute [rw] ip_set_reference_statement
@@ -9323,6 +10613,15 @@ module Aws::WAFV2
     #   time span. You can use this to put a temporary block on requests
     #   from an IP address that is sending excessive requests.
     #
+    #   WAF tracks and manages web requests separately for each instance of
+    #   a rate-based rule that you use. For example, if you provide the same
+    #   rate-based rule settings in two web ACLs, each of the two rule
+    #   statements represents a separate instance of the rate-based rule and
+    #   gets its own tracking and management by WAF. If you define a
+    #   rate-based rule inside a rule group, and then use that rule group in
+    #   multiple places, each use creates a separate instance of the
+    #   rate-based rule that gets its own tracking and management by WAF.
+    #
     #   When the rule action triggers, WAF blocks additional requests from
     #   the IP address until the request rate falls below the limit.
     #
@@ -9346,9 +10645,9 @@ module Aws::WAFV2
     #   do not meet both conditions are not counted towards the rate limit
     #   and are not affected by this rule.
     #
-    #   You cannot nest a `RateBasedStatement`, for example for use inside a
-    #   `NotStatement` or `OrStatement`. It can only be referenced as a
-    #   top-level statement within a rule.
+    #   You cannot nest a `RateBasedStatement` inside another statement, for
+    #   example inside a `NotStatement` or `OrStatement`. You can define a
+    #   `RateBasedStatement` inside a web ACL and inside a rule group.
     #   @return [Types::RateBasedStatement]
     #
     # @!attribute [rw] and_statement
@@ -9394,6 +10693,11 @@ module Aws::WAFV2
     #   that were added in the same context as the label match statement.
     #   @return [Types::LabelMatchStatement]
     #
+    # @!attribute [rw] regex_match_statement
+    #   A rule statement used to search web request components for a match
+    #   against a single regular expression.
+    #   @return [Types::RegexMatchStatement]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Statement AWS API Documentation
     #
     class Statement < Struct.new(
@@ -9410,7 +10714,8 @@ module Aws::WAFV2
       :or_statement,
       :not_statement,
       :managed_rule_group_statement,
-      :label_match_statement)
+      :label_match_statement,
+      :regex_match_statement)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9649,10 +10954,8 @@ module Aws::WAFV2
     #   **REPLACE\_NULLS** - Replace NULL bytes in the input with space
     #   characters (ASCII `0x20`).
     #
-    #   **SQL\_HEX\_DECODE** - Decode the following ANSI C escape sequences:
-    #   `\a`, `\b`, `\f`, `\n`, `\r`, `\t`, `\v`, `\`, `\?`, `'`, `"`,
-    #   `\xHH` (hexadecimal), `\0OOO` (octal). Encodings that aren't valid
-    #   remain in the output.
+    #   **SQL\_HEX\_DECODE** - Decode SQL hex data. Example (`0x414243`)
+    #   will be decoded to (`ABC`).
     #
     #   **URL\_DECODE** - Decode a URL-encoded value.
     #
@@ -9836,15 +11139,15 @@ module Aws::WAFV2
     #   @return [Array<String>]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateIPSetRequest AWS API Documentation
@@ -9862,7 +11165,7 @@ module Aws::WAFV2
 
     # @!attribute [rw] next_lock_token
     #   A token used for optimistic locking. WAF returns this token to your
-    #   update requests. You use `NextLockToken` in the same manner as you
+    #   `update` requests. You use `NextLockToken` in the same manner as you
     #   use `LockToken`.
     #   @return [String]
     #
@@ -9874,6 +11177,119 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass UpdateManagedRuleSetVersionExpiryDateRequest
+    #   data as a hash:
+    #
+    #       {
+    #         name: "EntityName", # required
+    #         scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
+    #         id: "EntityId", # required
+    #         lock_token: "LockToken", # required
+    #         version_to_expire: "VersionKeyString", # required
+    #         expiry_timestamp: Time.now, # required
+    #       }
+    #
+    # @!attribute [rw] name
+    #   The name of the managed rule set. You use this, along with the rule
+    #   set ID, to identify the rule set.
+    #
+    #   This name is assigned to the corresponding managed rule group, which
+    #   your customers can access and use.
+    #   @return [String]
+    #
+    # @!attribute [rw] scope
+    #   Specifies whether this is for an Amazon CloudFront distribution or
+    #   for a regional application. A regional application can be an
+    #   Application Load Balancer (ALB), an Amazon API Gateway REST API, or
+    #   an AppSync GraphQL API.
+    #
+    #   To work with CloudFront, you must also specify the Region US East
+    #   (N. Virginia) as follows:
+    #
+    #   * CLI - Specify the Region when you use the CloudFront scope:
+    #     `--scope=CLOUDFRONT --region=us-east-1`.
+    #
+    #   * API and SDKs - For all calls, use the Region endpoint us-east-1.
+    #   @return [String]
+    #
+    # @!attribute [rw] id
+    #   A unique identifier for the managed rule set. The ID is returned in
+    #   the responses to commands like `list`. You provide it to operations
+    #   like `get` and `update`.
+    #   @return [String]
+    #
+    # @!attribute [rw] lock_token
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
+    #   @return [String]
+    #
+    # @!attribute [rw] version_to_expire
+    #   The version that you want to remove from your list of offerings for
+    #   the named managed rule group.
+    #   @return [String]
+    #
+    # @!attribute [rw] expiry_timestamp
+    #   The time that you want the version to expire.
+    #
+    #   Times are in Coordinated Universal Time (UTC) format. UTC format
+    #   includes the special designator, Z. For example,
+    #   "2016-09-27T14:50Z".
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateManagedRuleSetVersionExpiryDateRequest AWS API Documentation
+    #
+    class UpdateManagedRuleSetVersionExpiryDateRequest < Struct.new(
+      :name,
+      :scope,
+      :id,
+      :lock_token,
+      :version_to_expire,
+      :expiry_timestamp)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] expiring_version
+    #   The version that is set to expire.
+    #   @return [String]
+    #
+    # @!attribute [rw] expiry_timestamp
+    #   The time that the version will expire.
+    #
+    #   Times are in Coordinated Universal Time (UTC) format. UTC format
+    #   includes the special designator, Z. For example,
+    #   "2016-09-27T14:50Z".
+    #   @return [Time]
+    #
+    # @!attribute [rw] next_lock_token
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateManagedRuleSetVersionExpiryDateResponse AWS API Documentation
+    #
+    class UpdateManagedRuleSetVersionExpiryDateResponse < Struct.new(
+      :expiring_version,
+      :expiry_timestamp,
+      :next_lock_token)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass UpdateRegexPatternSetRequest
     #   data as a hash:
     #
@@ -9924,15 +11340,15 @@ module Aws::WAFV2
     #   @return [Array<Types::Regex>]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateRegexPatternSetRequest AWS API Documentation
@@ -9950,7 +11366,7 @@ module Aws::WAFV2
 
     # @!attribute [rw] next_lock_token
     #   A token used for optimistic locking. WAF returns this token to your
-    #   update requests. You use `NextLockToken` in the same manner as you
+    #   `update` requests. You use `NextLockToken` in the same manner as you
     #   use `LockToken`.
     #   @return [String]
     #
@@ -10211,6 +11627,7 @@ module Aws::WAFV2
     #               managed_rule_group_statement: {
     #                 vendor_name: "VendorName", # required
     #                 name: "EntityName", # required
+    #                 version: "VersionKeyString",
     #                 excluded_rules: [
     #                   {
     #                     name: "EntityName", # required
@@ -10224,6 +11641,42 @@ module Aws::WAFV2
     #                 scope: "LABEL", # required, accepts LABEL, NAMESPACE
     #                 key: "LabelMatchKey", # required
     #               },
+    #               regex_match_statement: {
+    #                 regex_string: "RegexPatternString", # required
+    #                 field_to_match: { # required
+    #                   single_header: {
+    #                     name: "FieldToMatchData", # required
+    #                   },
+    #                   single_query_argument: {
+    #                     name: "FieldToMatchData", # required
+    #                   },
+    #                   all_query_arguments: {
+    #                   },
+    #                   uri_path: {
+    #                   },
+    #                   query_string: {
+    #                   },
+    #                   body: {
+    #                   },
+    #                   method: {
+    #                   },
+    #                   json_body: {
+    #                     match_pattern: { # required
+    #                       all: {
+    #                       },
+    #                       included_paths: ["JsonPointerPath"],
+    #                     },
+    #                     match_scope: "ALL", # required, accepts ALL, KEY, VALUE
+    #                     invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
+    #                   },
+    #                 },
+    #                 text_transformations: [ # required
+    #                   {
+    #                     priority: 1, # required
+    #                     type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
+    #                   },
+    #                 ],
+    #               },
     #             },
     #             action: {
     #               block: {
@@ -10342,15 +11795,15 @@ module Aws::WAFV2
     #   @return [Types::VisibilityConfig]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @!attribute [rw] custom_response_bodies
@@ -10391,7 +11844,7 @@ module Aws::WAFV2
 
     # @!attribute [rw] next_lock_token
     #   A token used for optimistic locking. WAF returns this token to your
-    #   update requests. You use `NextLockToken` in the same manner as you
+    #   `update` requests. You use `NextLockToken` in the same manner as you
     #   use `LockToken`.
     #   @return [String]
     #
@@ -10676,6 +12129,7 @@ module Aws::WAFV2
     #               managed_rule_group_statement: {
     #                 vendor_name: "VendorName", # required
     #                 name: "EntityName", # required
+    #                 version: "VersionKeyString",
     #                 excluded_rules: [
     #                   {
     #                     name: "EntityName", # required
@@ -10689,6 +12143,42 @@ module Aws::WAFV2
     #                 scope: "LABEL", # required, accepts LABEL, NAMESPACE
     #                 key: "LabelMatchKey", # required
     #               },
+    #               regex_match_statement: {
+    #                 regex_string: "RegexPatternString", # required
+    #                 field_to_match: { # required
+    #                   single_header: {
+    #                     name: "FieldToMatchData", # required
+    #                   },
+    #                   single_query_argument: {
+    #                     name: "FieldToMatchData", # required
+    #                   },
+    #                   all_query_arguments: {
+    #                   },
+    #                   uri_path: {
+    #                   },
+    #                   query_string: {
+    #                   },
+    #                   body: {
+    #                   },
+    #                   method: {
+    #                   },
+    #                   json_body: {
+    #                     match_pattern: { # required
+    #                       all: {
+    #                       },
+    #                       included_paths: ["JsonPointerPath"],
+    #                     },
+    #                     match_scope: "ALL", # required, accepts ALL, KEY, VALUE
+    #                     invalid_fallback_behavior: "MATCH", # accepts MATCH, NO_MATCH, EVALUATE_AS_STRING
+    #                   },
+    #                 },
+    #                 text_transformations: [ # required
+    #                   {
+    #                     priority: 1, # required
+    #                     type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE, BASE64_DECODE, HEX_DECODE, MD5, REPLACE_COMMENTS, ESCAPE_SEQ_DECODE, SQL_HEX_DECODE, CSS_DECODE, JS_DECODE, NORMALIZE_PATH, NORMALIZE_PATH_WIN, REMOVE_NULLS, REPLACE_NULLS, BASE64_DECODE_EXT, URL_DECODE_UNI, UTF8_TO_UNICODE
+    #                   },
+    #                 ],
+    #               },
     #             },
     #             action: {
     #               block: {
@@ -10812,15 +12302,15 @@ module Aws::WAFV2
     #   @return [Types::VisibilityConfig]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @!attribute [rw] custom_response_bodies
@@ -10862,7 +12352,7 @@ module Aws::WAFV2
 
     # @!attribute [rw] next_lock_token
     #   A token used for optimistic locking. WAF returns this token to your
-    #   update requests. You use `NextLockToken` in the same manner as you
+    #   `update` requests. You use `NextLockToken` in the same manner as you
     #   use `LockToken`.
     #   @return [String]
     #
@@ -10881,12 +12371,55 @@ module Aws::WAFV2
     # This is used only to indicate the web request component for WAF to
     # inspect, in the FieldToMatch specification.
     #
+    # JSON specification: `"UriPath": \{\}`
+    #
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UriPath AWS API Documentation
     #
     class UriPath < Aws::EmptyStructure; end
 
+    # A version of the named managed rule group, that the rule group's
+    # vendor publishes for use by customers.
+    #
+    # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
+    # are Amazon Web Services and Amazon Web Services Marketplace sellers.
+    #
+    #  Vendors, you can use the managed rule set APIs to provide controlled
+    # rollout of your versioned managed rule group offerings for your
+    # customers. The APIs are `ListManagedRuleSets`, `GetManagedRuleSet`,
+    # `PutManagedRuleSetVersions`, and
+    # `UpdateManagedRuleSetVersionExpiryDate`.
+    #
+    #  </note>
+    #
+    # @note When making an API call, you may pass VersionToPublish
+    #   data as a hash:
+    #
+    #       {
+    #         associated_rule_group_arn: "ResourceArn",
+    #         forecasted_lifetime: 1,
+    #       }
+    #
+    # @!attribute [rw] associated_rule_group_arn
+    #   The Amazon Resource Name (ARN) of the vendor's rule group that's
+    #   used in the published managed rule group version.
+    #   @return [String]
+    #
+    # @!attribute [rw] forecasted_lifetime
+    #   The amount of time the vendor expects this version of the managed
+    #   rule group to last, in days.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/VersionToPublish AWS API Documentation
+    #
+    class VersionToPublish < Struct.new(
+      :associated_rule_group_arn,
+      :forecasted_lifetime)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Defines and enables Amazon CloudWatch metrics and web request sample
     # collection.
     #
@@ -10961,6 +12494,22 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # The operation failed because the specified version for the managed
+    # rule group has expired. You can retrieve the available versions for
+    # the managed rule group by calling
+    # ListAvailableManagedRuleGroupVersions.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WAFExpiredManagedRuleGroupVersionException AWS API Documentation
+    #
+    class WAFExpiredManagedRuleGroupVersionException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Your request is valid, but WAF couldn’t perform the operation because
     # of a system problem. Retry your request.
     #
@@ -11006,12 +12555,15 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] field
+    #   The settings where the invalid parameter was found.
     #   @return [String]
     #
     # @!attribute [rw] parameter
+    #   The invalid parameter that resulted in the exception.
     #   @return [String]
     #
     # @!attribute [rw] reason
+    #   Additional information about the exception.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WAFInvalidParameterException AWS API Documentation
@@ -11077,8 +12629,8 @@ module Aws::WAFV2
 
     # WAF couldn’t perform the operation because you exceeded your resource
     # limit. For example, the maximum number of `WebACL` objects that you
-    # can create for an account. For more information, see [Limits][1] in
-    # the *WAF Developer Guide*.
+    # can create for an Amazon Web Services account. For more information,
+    # see [WAF quotas][1] in the *WAF Developer Guide*.
     #
     #
     #
@@ -11374,15 +12926,15 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] lock_token
-    #   A token used for optimistic locking. WAF returns a token to your get
-    #   and list requests, to mark the state of the entity at the time of
-    #   the request. To make changes to the entity associated with the
-    #   token, you provide the token to operations like update and delete.
-    #   WAF uses the token to ensure that no changes have been made to the
-    #   entity since you last retrieved it. If a change has been made, the
-    #   update fails with a `WAFOptimisticLockException`. If this happens,
-    #   perform another get, and use the new token returned by that
-    #   operation.
+    #   A token used for optimistic locking. WAF returns a token to your
+    #   `get` and `list` requests, to mark the state of the entity at the
+    #   time of the request. To make changes to the entity associated with
+    #   the token, you provide the token to operations like `update` and
+    #   `delete`. WAF uses the token to ensure that no changes have been
+    #   made to the entity since you last retrieved it. If a change has been
+    #   made, the update fails with a `WAFOptimisticLockException`. If this
+    #   happens, perform another `get`, and use the new token returned by
+    #   that operation.
     #   @return [String]
     #
     # @!attribute [rw] arn