aws-sdk-wafv2 1.49.0 → 1.51.0

data/lib/aws-sdk-wafv2/types.rb

@@ -43,14 +43,6 @@ module Aws::WAFV2
     #   Amazon CloudFront distributions.
     #
     #    </note>
-    #
-    #   <note markdown="1"> For regional web ACLs in Region US East (N. Virginia) us-east-1,
-    #   it's possible to configure response inspection through the APIs,
-    #   but ATP response inspection will not be enabled. You can only use
-    #   the response inspection capabilities of the ATP managed rule group
-    #   in web ACLs that protect CloudFront distributions.
-    #
-    #    </note>
     #   @return [Types::ResponseInspection]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AWSManagedRulesATPRuleSet AWS API Documentation
@@ -71,7 +63,8 @@ module Aws::WAFV2
     #   The inspection level to use for the Bot Control rule group. The
     #   common level is the least expensive. The targeted level includes all
     #   common level rules and adds rules with more advanced inspection
-    #   criteria. For details, see [WAF Bot Control rule group][1].
+    #   criteria. For details, see [WAF Bot Control rule group][1] in the
+    #   *WAF Developer Guide*.
     #
     #
     #
@@ -145,13 +138,12 @@ module Aws::WAFV2
     #   Defines custom handling for the web request.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
     #   @return [Types::CustomRequestHandling]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AllowAction AWS API Documentation
@@ -191,17 +183,23 @@ module Aws::WAFV2
     #   The ARN must be in one of the following formats:
     #
     #   * For an Application Load Balancer:
-    #     `arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
+    #     `arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
     #     `
     #
     #   * For an Amazon API Gateway REST API:
-    #     `arn:aws:apigateway:region::/restapis/api-id/stages/stage-name `
+    #     `arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
+    #     `
     #
     #   * For an AppSync GraphQL API:
-    #     `arn:aws:appsync:region:account-id:apis/GraphQLApiId `
+    #     `arn:partition:appsync:region:account-id:apis/GraphQLApiId `
     #
     #   * For an Amazon Cognito user pool:
-    #     `arn:aws:cognito-idp:region:account-id:userpool/user-pool-id `
+    #     `arn:partition:cognito-idp:region:account-id:userpool/user-pool-id
+    #     `
+    #
+    #   * For an App Runner service:
+    #     `arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
+    #     `
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AssociateWebACLRequest AWS API Documentation
@@ -217,6 +215,47 @@ module Aws::WAFV2
     #
     class AssociateWebACLResponse < Aws::EmptyStructure; end
 
+    # Specifies custom configurations for the associations between the web
+    # ACL and protected resources.
+    #
+    # Use this to customize the maximum size of the request body that your
+    # protected CloudFront distributions forward to WAF for inspection. The
+    # default is 16 KB (16,384 kilobytes).
+    #
+    # <note markdown="1"> You are charged additional fees when your protected resources forward
+    # body sizes that are larger than the default. For more information, see
+    # [WAF Pricing][1].
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: http://aws.amazon.com/waf/pricing/
+    #
+    # @!attribute [rw] request_body
+    #   Customizes the maximum size of the request body that your protected
+    #   CloudFront distributions forward to WAF for inspection. The default
+    #   size is 16 KB (16,384 kilobytes).
+    #
+    #   <note markdown="1"> You are charged additional fees when your protected resources
+    #   forward body sizes that are larger than the default. For more
+    #   information, see [WAF Pricing][1].
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: http://aws.amazon.com/waf/pricing/
+    #   @return [Hash<String,Types::RequestBodyAssociatedResourceTypeConfig>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AssociationConfig AWS API Documentation
+    #
+    class AssociationConfig < Struct.new(
+      :request_body)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Specifies that WAF should block the request and optionally defines
     # additional custom handling for the response to the web request.
     #
@@ -227,13 +266,12 @@ module Aws::WAFV2
     #   Defines a custom response for the web request.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
     #   @return [Types::CustomResponse]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/BlockAction AWS API Documentation
@@ -252,10 +290,16 @@ module Aws::WAFV2
     #
     # @!attribute [rw] oversize_handling
     #   What WAF should do if the body is larger than WAF can inspect. WAF
-    #   does not support inspecting the entire contents of the body of a web
-    #   request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB
-    #   of the request body are forwarded to WAF by the underlying host
-    #   service.
+    #   does not support inspecting the entire contents of the web request
+    #   body if the body exceeds the limit for the resource type. If the
+    #   body is larger than the limit, the underlying host service only
+    #   forwards the contents that are below the limit to WAF for
+    #   inspection.
+    #
+    #   The default limit is 8 KB (8,192 kilobytes) for regional resources
+    #   and 16 KB (16,384 kilobytes) for CloudFront distributions. For
+    #   CloudFront distributions, you can increase the limit in the web ACL
+    #   `AssociationConfig`, for additional processing fees.
     #
     #   The options for oversize handling are the following:
     #
@@ -270,7 +314,7 @@ module Aws::WAFV2
     #
     #   You can combine the `MATCH` or `NO_MATCH` settings for oversize
     #   handling with your rule and web ACL action settings, so that you
-    #   block any request whose body is over 8 KB.
+    #   block any request whose body is over the limit.
     #
     #   Default: `CONTINUE`
     #   @return [String]
@@ -296,12 +340,12 @@ module Aws::WAFV2
     #   FieldToMatch. The maximum length of the value is 200 bytes.
     #
     #   Valid values depend on the component that you specify for inspection
-    #   in `FieldToMatch`\:
+    #   in `FieldToMatch`:
     #
-    #   * `Method`\: The HTTP method that you want WAF to search for. This
+    #   * `Method`: The HTTP method that you want WAF to search for. This
     #     indicates the type of operation specified in the request.
     #
-    #   * `UriPath`\: The value that you want WAF to search for in the URI
+    #   * `UriPath`: The value that you want WAF to search for in the URI
     #     path, for example, `/images/daily-ad.jpg`.
     #
     #   If `SearchString` includes alphabetic characters A-Z and a-z, note
@@ -426,13 +470,12 @@ module Aws::WAFV2
     #   unexpired.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
     #   @return [Types::CustomRequestHandling]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CaptchaAction AWS API Documentation
@@ -535,13 +578,12 @@ module Aws::WAFV2
     #   unexpired.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
     #   @return [Types::CustomRequestHandling]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ChallengeAction AWS API Documentation
@@ -600,7 +642,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -759,13 +802,12 @@ module Aws::WAFV2
     #   Defines custom handling for the web request.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
     #   @return [Types::CustomRequestHandling]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CountAction AWS API Documentation
@@ -785,7 +827,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -891,7 +934,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -951,7 +995,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -976,8 +1021,13 @@ module Aws::WAFV2
     #   relative cost of each rule. Simple rules that cost little to run use
     #   fewer WCUs than more complex rules that use more processing power.
     #   Rule group capacity is fixed at creation, which helps users plan
-    #   their web ACL WCU usage when they use a rule group. The WCU limit
-    #   for web ACLs is 1,500.
+    #   their web ACL WCU usage when they use a rule group. For more
+    #   information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
+    #   Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
     #   @return [Integer]
     #
     # @!attribute [rw] description
@@ -1007,18 +1057,17 @@ module Aws::WAFV2
     #   the rules that you define in the rule group.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #   For information about the limits on count and size for custom
-    #   request and response settings, see [WAF quotas][3] in the [WAF
-    #   Developer Guide][2].
+    #   request and response settings, see [WAF quotas][2] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
-    #   [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
+    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
     #   @return [Hash<String,Types::CustomResponseBody>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateRuleGroupRequest AWS API Documentation
@@ -1061,7 +1110,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -1104,18 +1154,17 @@ module Aws::WAFV2
     #   rules and default actions that you define in the web ACL.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #   For information about the limits on count and size for custom
-    #   request and response settings, see [WAF quotas][3] in the [WAF
-    #   Developer Guide][2].
+    #   request and response settings, see [WAF quotas][2] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
-    #   [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
+    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
     #   @return [Hash<String,Types::CustomResponseBody>]
     #
     # @!attribute [rw] captcha_config
@@ -1147,6 +1196,25 @@ module Aws::WAFV2
     #   `usa.gov` or `co.uk` as token domains.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] association_config
+    #   Specifies custom configurations for the associations between the web
+    #   ACL and protected resources.
+    #
+    #   Use this to customize the maximum size of the request body that your
+    #   protected CloudFront distributions forward to WAF for inspection.
+    #   The default is 16 KB (16,384 kilobytes).
+    #
+    #   <note markdown="1"> You are charged additional fees when your protected resources
+    #   forward body sizes that are larger than the default. For more
+    #   information, see [WAF Pricing][1].
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: http://aws.amazon.com/waf/pricing/
+    #   @return [Types::AssociationConfig]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateWebACLRequest AWS API Documentation
     #
     class CreateWebACLRequest < Struct.new(
@@ -1160,7 +1228,8 @@ module Aws::WAFV2
       :custom_response_bodies,
       :captcha_config,
       :challenge_config,
-      :token_domains)
+      :token_domains,
+      :association_config)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1212,26 +1281,24 @@ module Aws::WAFV2
     # `CaptchaAction` for requests with valid t okens, and `AllowAction`.
     #
     # For information about customizing web requests and responses, see
-    # [Customizing web requests and responses in WAF][1] in the [WAF
-    # Developer Guide][2].
+    # [Customizing web requests and responses in WAF][1] in the *WAF
+    # Developer Guide*.
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
     #
     # @!attribute [rw] insert_headers
     #   The HTTP headers to insert into the request. Duplicate header names
     #   are not allowed.
     #
     #   For information about the limits on count and size for custom
-    #   request and response settings, see [WAF quotas][1] in the [WAF
-    #   Developer Guide][2].
+    #   request and response settings, see [WAF quotas][1] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
     #   @return [Array<Types::CustomHTTPHeader>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CustomRequestHandling AWS API Documentation
@@ -1247,25 +1314,23 @@ module Aws::WAFV2
     # BlockAction.
     #
     # For information about customizing web requests and responses, see
-    # [Customizing web requests and responses in WAF][1] in the [WAF
-    # Developer Guide][2].
+    # [Customizing web requests and responses in WAF][1] in the *WAF
+    # Developer Guide*.
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
     #
     # @!attribute [rw] response_code
     #   The HTTP status code to return to the client.
     #
     #   For a list of status codes that you can use in your custom
     #   responses, see [Supported status codes for custom response][1] in
-    #   the [WAF Developer Guide][2].
+    #   the *WAF Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
     #   @return [Integer]
     #
     # @!attribute [rw] custom_response_body_key
@@ -1284,13 +1349,12 @@ module Aws::WAFV2
     #   not allowed.
     #
     #   For information about the limits on count and size for custom
-    #   request and response settings, see [WAF quotas][1] in the [WAF
-    #   Developer Guide][2].
+    #   request and response settings, see [WAF quotas][1] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
     #   @return [Array<Types::CustomHTTPHeader>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CustomResponse AWS API Documentation
@@ -1318,13 +1382,12 @@ module Aws::WAFV2
     #   must specify JSON content in the `ContentType` setting.
     #
     #   For information about the limits on count and size for custom
-    #   request and response settings, see [WAF quotas][1] in the [WAF
-    #   Developer Guide][2].
+    #   request and response settings, see [WAF quotas][1] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CustomResponseBody AWS API Documentation
@@ -1411,7 +1474,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -1500,7 +1564,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -1553,7 +1618,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -1606,7 +1672,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -1664,7 +1731,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -1710,13 +1778,21 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] capacity
-    #   The web ACL capacity units (WCUs) required for this rule group. WAF
-    #   uses web ACL capacity units (WCU) to calculate and control the
-    #   operating resources that are used to run your rules, rule groups,
-    #   and web ACLs. WAF calculates capacity differently for each rule
-    #   type, to reflect each rule's relative cost. Rule group capacity is
-    #   fixed at creation, so users can plan their web ACL WCU usage when
-    #   they use a rule group. The WCU limit for web ACLs is 1,500.
+    #   The web ACL capacity units (WCUs) required for this rule group.
+    #
+    #   WAF uses WCUs to calculate and control the operating resources that
+    #   are used to run your rules, rule groups, and web ACLs. WAF
+    #   calculates capacity differently for each rule type, to reflect the
+    #   relative cost of each rule. Simple rules that cost little to run use
+    #   fewer WCUs than more complex rules that use more processing power.
+    #   Rule group capacity is fixed at creation, which helps users plan
+    #   their web ACL WCU usage when they use a rule group. For more
+    #   information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
+    #   Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
     #   @return [Integer]
     #
     # @!attribute [rw] rules
@@ -1729,7 +1805,7 @@ module Aws::WAFV2
     #   * The syntax for the label namespace prefix for a managed rule group
     #     is the following:
     #
-    #     `awswaf:managed:<vendor>:<rule group name>`\:
+    #     `awswaf:managed:<vendor>:<rule group name>`:
     #
     #   * When a rule with a label matches a web request, WAF adds the fully
     #     qualified label to the request. A fully qualified label is made up
@@ -1773,17 +1849,23 @@ module Aws::WAFV2
     #   The ARN must be in one of the following formats:
     #
     #   * For an Application Load Balancer:
-    #     `arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
+    #     `arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
     #     `
     #
     #   * For an Amazon API Gateway REST API:
-    #     `arn:aws:apigateway:region::/restapis/api-id/stages/stage-name `
+    #     `arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
+    #     `
     #
     #   * For an AppSync GraphQL API:
-    #     `arn:aws:appsync:region:account-id:apis/GraphQLApiId `
+    #     `arn:partition:appsync:region:account-id:apis/GraphQLApiId `
     #
     #   * For an Amazon Cognito user pool:
-    #     `arn:aws:cognito-idp:region:account-id:userpool/user-pool-id `
+    #     `arn:partition:cognito-idp:region:account-id:userpool/user-pool-id
+    #     `
+    #
+    #   * For an App Runner service:
+    #     `arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
+    #     `
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DisassociateWebACLRequest AWS API Documentation
@@ -1872,10 +1954,15 @@ module Aws::WAFV2
     #   contains any additional data that you want to send to your web
     #   server as the HTTP request body, such as data from a form.
     #
-    #   Only the first 8 KB (8192 bytes) of the request body are forwarded
-    #   to WAF for inspection by the underlying host service. For
-    #   information about how to handle oversized request bodies, see the
-    #   `Body` object configuration.
+    #   A limited amount of the request body is forwarded to WAF for
+    #   inspection by the underlying host service. For regional resources,
+    #   the limit is 8 KB (8,192 kilobytes) and for CloudFront
+    #   distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront
+    #   distributions, you can increase the limit in the web ACL's
+    #   `AssociationConfig`, for additional processing fees.
+    #
+    #   For information about how to handle oversized request bodies, see
+    #   the `Body` object configuration.
     #   @return [Types::Body]
     #
     # @!attribute [rw] method
@@ -1889,10 +1976,15 @@ module Aws::WAFV2
     #   contains any additional data that you want to send to your web
     #   server as the HTTP request body, such as data from a form.
     #
-    #   Only the first 8 KB (8192 bytes) of the request body are forwarded
-    #   to WAF for inspection by the underlying host service. For
-    #   information about how to handle oversized request bodies, see the
-    #   `JsonBody` object configuration.
+    #   A limited amount of the request body is forwarded to WAF for
+    #   inspection by the underlying host service. For regional resources,
+    #   the limit is 8 KB (8,192 kilobytes) and for CloudFront
+    #   distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront
+    #   distributions, you can increase the limit in the web ACL's
+    #   `AssociationConfig`, for additional processing fees.
+    #
+    #   For information about how to handle oversized request bodies, see
+    #   the `JsonBody` object configuration.
     #   @return [Types::JsonBody]
     #
     # @!attribute [rw] headers
@@ -2023,40 +2115,19 @@ module Aws::WAFV2
     end
 
     # The processing guidance for an Firewall Manager rule. This is like a
-    # regular rule Statement, but it can only contain a rule group
+    # regular rule Statement, but it can only contain a single rule group
     # reference.
     #
     # @!attribute [rw] managed_rule_group_statement
-    #   A rule statement used to run the rules that are defined in a managed
-    #   rule group. To use this, provide the vendor name and the name of the
-    #   rule group in this statement. You can retrieve the required names by
-    #   calling ListAvailableManagedRuleGroups.
-    #
-    #   You cannot nest a `ManagedRuleGroupStatement`, for example for use
-    #   inside a `NotStatement` or `OrStatement`. It can only be referenced
-    #   as a top-level statement within a rule.
-    #
-    #   <note markdown="1"> You are charged additional fees when you use the WAF Bot Control
-    #   managed rule group `AWSManagedRulesBotControlRuleSet` or the WAF
-    #   Fraud Control account takeover prevention (ATP) managed rule group
-    #   `AWSManagedRulesATPRuleSet`. For more information, see [WAF
-    #   Pricing][1].
-    #
-    #    </note>
-    #
-    #
-    #
-    #   [1]: http://aws.amazon.com/waf/pricing/
+    #   A statement used by Firewall Manager to run the rules that are
+    #   defined in a managed rule group. This is managed by Firewall Manager
+    #   for an Firewall Manager WAF policy.
     #   @return [Types::ManagedRuleGroupStatement]
     #
     # @!attribute [rw] rule_group_reference_statement
-    #   A rule statement used to run the rules that are defined in a
-    #   RuleGroup. To use this, create a rule group with your rules, then
-    #   provide the ARN of the rule group in this statement.
-    #
-    #   You cannot nest a `RuleGroupReferenceStatement`, for example for use
-    #   inside a `NotStatement` or `OrStatement`. You can only use a rule
-    #   group reference statement at the top level inside a web ACL.
+    #   A statement used by Firewall Manager to run the rules that are
+    #   defined in a rule group. This is managed by Firewall Manager for an
+    #   Firewall Manager WAF policy.
     #   @return [Types::RuleGroupReferenceStatement]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/FirewallManagerStatement AWS API Documentation
@@ -2233,7 +2304,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -2321,7 +2393,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -2433,7 +2506,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -2506,7 +2580,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -2566,7 +2641,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -2636,7 +2712,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -2715,17 +2792,23 @@ module Aws::WAFV2
     #   The ARN must be in one of the following formats:
     #
     #   * For an Application Load Balancer:
-    #     `arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
+    #     `arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
     #     `
     #
     #   * For an Amazon API Gateway REST API:
-    #     `arn:aws:apigateway:region::/restapis/api-id/stages/stage-name `
+    #     `arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
+    #     `
     #
     #   * For an AppSync GraphQL API:
-    #     `arn:aws:appsync:region:account-id:apis/GraphQLApiId `
+    #     `arn:partition:appsync:region:account-id:apis/GraphQLApiId `
     #
     #   * For an Amazon Cognito user pool:
-    #     `arn:aws:cognito-idp:region:account-id:userpool/user-pool-id `
+    #     `arn:partition:cognito-idp:region:account-id:userpool/user-pool-id
+    #     `
+    #
+    #   * For an App Runner service:
+    #     `arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
+    #     `
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetWebACLForResourceRequest AWS API Documentation
@@ -2758,7 +2841,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -3326,10 +3410,16 @@ module Aws::WAFV2
     #
     # @!attribute [rw] oversize_handling
     #   What WAF should do if the body is larger than WAF can inspect. WAF
-    #   does not support inspecting the entire contents of the body of a web
-    #   request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB
-    #   of the request body are forwarded to WAF by the underlying host
-    #   service.
+    #   does not support inspecting the entire contents of the web request
+    #   body if the body exceeds the limit for the resource type. If the
+    #   body is larger than the limit, the underlying host service only
+    #   forwards the contents that are below the limit to WAF for
+    #   inspection.
+    #
+    #   The default limit is 8 KB (8,192 kilobytes) for regional resources
+    #   and 16 KB (16,384 kilobytes) for CloudFront distributions. For
+    #   CloudFront distributions, you can increase the limit in the web ACL
+    #   `AssociationConfig`, for additional processing fees.
     #
     #   The options for oversize handling are the following:
     #
@@ -3344,7 +3434,7 @@ module Aws::WAFV2
     #
     #   You can combine the `MATCH` or `NO_MATCH` settings for oversize
     #   handling with your rule and web ACL action settings, so that you
-    #   block any request whose body is over 8 KB.
+    #   block any request whose body is over the limit.
     #
     #   Default: `CONTINUE`
     #   @return [String]
@@ -3516,7 +3606,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -3585,7 +3676,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -3645,7 +3737,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -3707,7 +3800,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -3767,7 +3861,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -3878,7 +3973,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -3941,8 +4037,8 @@ module Aws::WAFV2
     # @!attribute [rw] resource_type
     #   Used for web ACLs that are scoped for regional applications. A
     #   regional application can be an Application Load Balancer (ALB), an
-    #   Amazon API Gateway REST API, an AppSync GraphQL API, or an Amazon
-    #   Cognito user pool.
+    #   Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
+    #   Cognito user pool, or an App Runner service.
     #
     #   <note markdown="1"> If you don't provide a resource type, the call uses the resource
     #   type `APPLICATION_LOAD_BALANCER`.
@@ -3978,7 +4074,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -4088,7 +4185,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -4203,7 +4301,7 @@ module Aws::WAFV2
     # @!attribute [rw] redacted_fields
     #   The parts of the request that you want to keep out of the logs. For
     #   example, if you redact the `SingleHeader` field, the `HEADER` field
-    #   in the logs will be `xxx`.
+    #   in the logs will be `REDACTED`.
     #
     #   <note markdown="1"> You can specify only the following fields for redaction: `UriPath`,
     #   `QueryString`, `SingleHeader`, `Method`, and `JsonBody`.
@@ -4322,14 +4420,6 @@ module Aws::WAFV2
     #   that protect CloudFront distributions, use this to also provide the
     #   information about how your distribution responds to login requests.
     #
-    #   <note markdown="1"> For regional web ACLs in Region US East (N. Virginia) us-east-1,
-    #   it's possible to configure response inspection through the APIs,
-    #   but ATP response inspection will not be enabled. You can only use
-    #   the response inspection capabilities of the ATP managed rule group
-    #   in web ACLs that protect CloudFront distributions.
-    #
-    #    </note>
-    #
     #   This configuration replaces the individual configuration fields in
     #   `ManagedRuleGroupConfig` and provides additional feature
     #   configuration.
@@ -4571,7 +4661,7 @@ module Aws::WAFV2
     #   * The syntax for the label namespace prefix for a managed rule group
     #     is the following:
     #
-    #     `awswaf:managed:<vendor>:<rule group name>`\:
+    #     `awswaf:managed:<vendor>:<rule group name>`:
     #
     #   * When a rule with a label matches a web request, WAF adds the fully
     #     qualified label to the request. A fully qualified label is made up
@@ -4650,7 +4740,7 @@ module Aws::WAFV2
     #   * The syntax for the label namespace prefix for a managed rule group
     #     is the following:
     #
-    #     `awswaf:managed:<vendor>:<rule group name>`\:
+    #     `awswaf:managed:<vendor>:<rule group name>`:
     #
     #   * When a rule with a label matches a web request, WAF adds the fully
     #     qualified label to the request. A fully qualified label is made up
@@ -4700,8 +4790,13 @@ module Aws::WAFV2
     #   relative cost of each rule. Simple rules that cost little to run use
     #   fewer WCUs than more complex rules that use more processing power.
     #   Rule group capacity is fixed at creation, which helps users plan
-    #   their web ACL WCU usage when they use a rule group. The WCU limit
-    #   for web ACLs is 1,500.
+    #   their web ACL WCU usage when they use a rule group. For more
+    #   information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
+    #   Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
     #   @return [Integer]
     #
     # @!attribute [rw] forecasted_lifetime
@@ -4939,7 +5034,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -5021,8 +5117,7 @@ module Aws::WAFV2
     #
     #   The policy specifications must conform to the following:
     #
-    #   * The policy must be composed using IAM Policy version 2012-10-17 or
-    #     version 2015-01-01.
+    #   * The policy must be composed using IAM Policy version 2012-10-17.
     #
     #   * The policy must include specifications for `Effect`, `Action`, and
     #     `Principal`.
@@ -5377,6 +5472,39 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # Customizes the maximum size of the request body that your protected
+    # CloudFront distributions forward to WAF for inspection. The default
+    # size is 16 KB (16,384 kilobytes).
+    #
+    # <note markdown="1"> You are charged additional fees when your protected resources forward
+    # body sizes that are larger than the default. For more information, see
+    # [WAF Pricing][1].
+    #
+    #  </note>
+    #
+    # This is used in the `AssociationConfig` of the web ACL.
+    #
+    #
+    #
+    # [1]: http://aws.amazon.com/waf/pricing/
+    #
+    # @!attribute [rw] default_size_inspection_limit
+    #   Specifies the maximum size of the web request body component that an
+    #   associated CloudFront distribution should send to WAF for
+    #   inspection. This applies to statements in the web ACL that inspect
+    #   the body or JSON body.
+    #
+    #   Default: `16 KB (16,384 kilobytes)`
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RequestBodyAssociatedResourceTypeConfig AWS API Documentation
+    #
+    class RequestBodyAssociatedResourceTypeConfig < Struct.new(
+      :default_size_inspection_limit)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The criteria for inspecting login requests, used by the ATP rule group
     # to validate credentials usage.
     #
@@ -5470,14 +5598,6 @@ module Aws::WAFV2
     #
     #  </note>
     #
-    # <note markdown="1"> For regional web ACLs in Region US East (N. Virginia) us-east-1, it's
-    # possible to configure response inspection through the APIs, but ATP
-    # response inspection will not be enabled. You can only use the response
-    # inspection capabilities of the ATP managed rule group in web ACLs that
-    # protect CloudFront distributions.
-    #
-    #  </note>
-    #
     # This is part of the `AWSManagedRulesATPRuleSet` configuration in
     # `ManagedRuleGroupConfig`.
     #
@@ -5495,11 +5615,13 @@ module Aws::WAFV2
     #   @return [Types::ResponseInspectionHeader]
     #
     # @!attribute [rw] body_contains
-    #   Configures inspection of the response body.
+    #   Configures inspection of the response body. WAF can inspect the
+    #   first 65,536 bytes (64 KB) of the response body.
     #   @return [Types::ResponseInspectionBodyContains]
     #
     # @!attribute [rw] json
-    #   Configures inspection of the response JSON.
+    #   Configures inspection of the response JSON. WAF can inspect the
+    #   first 65,536 bytes (64 KB) of the response JSON.
     #   @return [Types::ResponseInspectionJson]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ResponseInspection AWS API Documentation
@@ -5513,7 +5635,8 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
-    # Configures inspection of the response body. This is part of the
+    # Configures inspection of the response body. WAF can inspect the first
+    # 65,536 bytes (64 KB) of the response body. This is part of the
     # `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet`.
     #
     # <note markdown="1"> Response inspection is available only in web ACLs that protect Amazon
@@ -5521,14 +5644,6 @@ module Aws::WAFV2
     #
     #  </note>
     #
-    # <note markdown="1"> For regional web ACLs in Region US East (N. Virginia) us-east-1, it's
-    # possible to configure response inspection through the APIs, but ATP
-    # response inspection will not be enabled. You can only use the response
-    # inspection capabilities of the ATP managed rule group in web ACLs that
-    # protect CloudFront distributions.
-    #
-    #  </note>
-    #
     # @!attribute [rw] success_strings
     #   Strings in the body of the response that indicate a successful login
     #   attempt. To be counted as a successful login, the string can be
@@ -5565,14 +5680,6 @@ module Aws::WAFV2
     #
     #  </note>
     #
-    # <note markdown="1"> For regional web ACLs in Region US East (N. Virginia) us-east-1, it's
-    # possible to configure response inspection through the APIs, but ATP
-    # response inspection will not be enabled. You can only use the response
-    # inspection capabilities of the ATP managed rule group in web ACLs that
-    # protect CloudFront distributions.
-    #
-    #  </note>
-    #
     # @!attribute [rw] name
     #   The name of the header to match against. The name must be an exact
     #   match, including case.
@@ -5609,7 +5716,8 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
-    # Configures inspection of the response JSON. This is part of the
+    # Configures inspection of the response JSON. WAF can inspect the first
+    # 65,536 bytes (64 KB) of the response JSON. This is part of the
     # `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet`.
     #
     # <note markdown="1"> Response inspection is available only in web ACLs that protect Amazon
@@ -5617,14 +5725,6 @@ module Aws::WAFV2
     #
     #  </note>
     #
-    # <note markdown="1"> For regional web ACLs in Region US East (N. Virginia) us-east-1, it's
-    # possible to configure response inspection through the APIs, but ATP
-    # response inspection will not be enabled. You can only use the response
-    # inspection capabilities of the ATP managed rule group in web ACLs that
-    # protect CloudFront distributions.
-    #
-    #  </note>
-    #
     # @!attribute [rw] identifier
     #   The identifier for the value to match against in the JSON. The
     #   identifier must be an exact match, including case.
@@ -5668,14 +5768,6 @@ module Aws::WAFV2
     #
     #  </note>
     #
-    # <note markdown="1"> For regional web ACLs in Region US East (N. Virginia) us-east-1, it's
-    # possible to configure response inspection through the APIs, but ATP
-    # response inspection will not be enabled. You can only use the response
-    # inspection capabilities of the ATP managed rule group in web ACLs that
-    # protect CloudFront distributions.
-    #
-    #  </note>
-    #
     # @!attribute [rw] success_codes
     #   Status codes in the response that indicate a successful login
     #   attempt. To be counted as a successful login, the response status
@@ -5919,8 +6011,13 @@ module Aws::WAFV2
     #   relative cost of each rule. Simple rules that cost little to run use
     #   fewer WCUs than more complex rules that use more processing power.
     #   Rule group capacity is fixed at creation, which helps users plan
-    #   their web ACL WCU usage when they use a rule group. The WCU limit
-    #   for web ACLs is 1,500.
+    #   their web ACL WCU usage when they use a rule group. For more
+    #   information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
+    #   Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
     #   @return [Integer]
     #
     # @!attribute [rw] arn
@@ -5967,18 +6064,17 @@ module Aws::WAFV2
     #   the rules that you define in the rule group.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #   For information about the limits on count and size for custom
-    #   request and response settings, see [WAF quotas][3] in the [WAF
-    #   Developer Guide][2].
+    #   request and response settings, see [WAF quotas][2] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
-    #   [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
+    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
     #   @return [Hash<String,Types::CustomResponseBody>]
     #
     # @!attribute [rw] available_labels
@@ -6265,9 +6361,14 @@ module Aws::WAFV2
     # statement to look for query strings that are longer than 100 bytes.
     #
     # If you configure WAF to inspect the request body, WAF inspects only
-    # the first 8192 bytes (8 KB). If the request body for your web requests
-    # never exceeds 8192 bytes, you could use a size constraint statement to
-    # block requests that have a request body greater than 8192 bytes.
+    # the number of bytes of the body up to the limit for the web ACL. By
+    # default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes)
+    # and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes).
+    # For CloudFront web ACLs, you can increase the limit in the web ACL
+    # `AssociationConfig`, for additional fees. If you know that the request
+    # body for your web requests should never exceed the inspection limit,
+    # you could use a size constraint statement to block requests that have
+    # a larger request body size.
     #
     # If you choose URI for the value of Part of the request to filter on,
     # the slash (/) in the URI counts as one character. For example, the URI
@@ -6389,10 +6490,14 @@ module Aws::WAFV2
     #   100 bytes.
     #
     #   If you configure WAF to inspect the request body, WAF inspects only
-    #   the first 8192 bytes (8 KB). If the request body for your web
-    #   requests never exceeds 8192 bytes, you could use a size constraint
-    #   statement to block requests that have a request body greater than
-    #   8192 bytes.
+    #   the number of bytes of the body up to the limit for the web ACL. By
+    #   default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes)
+    #   and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes).
+    #   For CloudFront web ACLs, you can increase the limit in the web ACL
+    #   `AssociationConfig`, for additional fees. If you know that the
+    #   request body for your web requests should never exceed the
+    #   inspection limit, you could use a size constraint statement to block
+    #   requests that have a larger request body size.
     #
     #   If you choose URI for the value of Part of the request to filter on,
     #   the slash (/) in the URI counts as one character. For example, the
@@ -6907,7 +7012,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -7025,7 +7131,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -7123,7 +7230,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -7195,7 +7303,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -7247,18 +7356,17 @@ module Aws::WAFV2
     #   the rules that you define in the rule group.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #   For information about the limits on count and size for custom
-    #   request and response settings, see [WAF quotas][3] in the [WAF
-    #   Developer Guide][2].
+    #   request and response settings, see [WAF quotas][2] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
-    #   [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
+    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
     #   @return [Hash<String,Types::CustomResponseBody>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateRuleGroupRequest AWS API Documentation
@@ -7299,7 +7407,8 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, or an Amazon Cognito user pool.
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
     #   (N. Virginia) as follows:
@@ -7356,18 +7465,17 @@ module Aws::WAFV2
     #   rules and default actions that you define in the web ACL.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #   For information about the limits on count and size for custom
-    #   request and response settings, see [WAF quotas][3] in the [WAF
-    #   Developer Guide][2].
+    #   request and response settings, see [WAF quotas][2] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
-    #   [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
+    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
     #   @return [Hash<String,Types::CustomResponseBody>]
     #
     # @!attribute [rw] captcha_config
@@ -7399,6 +7507,25 @@ module Aws::WAFV2
     #   `usa.gov` or `co.uk` as token domains.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] association_config
+    #   Specifies custom configurations for the associations between the web
+    #   ACL and protected resources.
+    #
+    #   Use this to customize the maximum size of the request body that your
+    #   protected CloudFront distributions forward to WAF for inspection.
+    #   The default is 16 KB (16,384 kilobytes).
+    #
+    #   <note markdown="1"> You are charged additional fees when your protected resources
+    #   forward body sizes that are larger than the default. For more
+    #   information, see [WAF Pricing][1].
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: http://aws.amazon.com/waf/pricing/
+    #   @return [Types::AssociationConfig]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateWebACLRequest AWS API Documentation
     #
     class UpdateWebACLRequest < Struct.new(
@@ -7413,7 +7540,8 @@ module Aws::WAFV2
       :custom_response_bodies,
       :captcha_config,
       :challenge_config,
-      :token_domains)
+      :token_domains,
+      :association_config)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -7508,7 +7636,7 @@ module Aws::WAFV2
     # @!attribute [rw] cloud_watch_metrics_enabled
     #   A boolean indicating whether the associated resource sends metrics
     #   to Amazon CloudWatch. For the list of available metrics, see [WAF
-    #   Metrics][1].
+    #   Metrics][1] in the *WAF Developer Guide*.
     #
     #
     #
@@ -7674,8 +7802,7 @@ module Aws::WAFV2
     #
     # The policy specifications must conform to the following:
     #
-    # * The policy must be composed using IAM Policy version 2012-10-17 or
-    #   version 2015-01-01.
+    # * The policy must be composed using IAM Policy version 2012-10-17.
     #
     # * The policy must include specifications for `Effect`, `Action`, and
     #   `Principal`.
@@ -7880,7 +8007,7 @@ module Aws::WAFV2
     # can associate a web ACL with one or more Amazon Web Services resources
     # to protect. The resources can be an Amazon CloudFront distribution, an
     # Amazon API Gateway REST API, an Application Load Balancer, an AppSync
-    # GraphQL API, or an Amazon Cognito user pool.
+    # GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     # @!attribute [rw] name
     #   The name of the web ACL. You cannot change the name of a web ACL
@@ -7929,8 +8056,13 @@ module Aws::WAFV2
     #   relative cost of each rule. Simple rules that cost little to run use
     #   fewer WCUs than more complex rules that use more processing power.
     #   Rule group capacity is fixed at creation, which helps users plan
-    #   their web ACL WCU usage when they use a rule group. The WCU limit
-    #   for web ACLs is 1,500.
+    #   their web ACL WCU usage when they use a rule group. For more
+    #   information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
+    #   Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
     #   @return [Integer]
     #
     # @!attribute [rw] pre_process_firewall_manager_rule_groups
@@ -7989,18 +8121,17 @@ module Aws::WAFV2
     #   rules and default actions that you define in the web ACL.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #   For information about the limits on count and size for custom
-    #   request and response settings, see [WAF quotas][3] in the [WAF
-    #   Developer Guide][2].
+    #   request and response settings, see [WAF quotas][2] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
-    #   [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
+    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
     #   @return [Hash<String,Types::CustomResponseBody>]
     #
     # @!attribute [rw] captcha_config
@@ -8026,6 +8157,25 @@ module Aws::WAFV2
     #   domain list, including their prefixed subdomains.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] association_config
+    #   Specifies custom configurations for the associations between the web
+    #   ACL and protected resources.
+    #
+    #   Use this to customize the maximum size of the request body that your
+    #   protected CloudFront distributions forward to WAF for inspection.
+    #   The default is 16 KB (16,384 kilobytes).
+    #
+    #   <note markdown="1"> You are charged additional fees when your protected resources
+    #   forward body sizes that are larger than the default. For more
+    #   information, see [WAF Pricing][1].
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: http://aws.amazon.com/waf/pricing/
+    #   @return [Types::AssociationConfig]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WebACL AWS API Documentation
     #
     class WebACL < Struct.new(
@@ -8044,7 +8194,8 @@ module Aws::WAFV2
       :custom_response_bodies,
       :captcha_config,
       :challenge_config,
-      :token_domains)
+      :token_domains,
+      :association_config)
       SENSITIVE = []
       include Aws::Structure
     end