aws-sdk-wafv2 1.49.0 → 1.51.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-wafv2/client.rb +159 -83
- data/lib/aws-sdk-wafv2/client_api.rb +17 -0
- data/lib/aws-sdk-wafv2/endpoint_provider.rb +0 -78
- data/lib/aws-sdk-wafv2/types.rb +409 -258
- data/lib/aws-sdk-wafv2.rb +1 -1
- metadata +2 -2
data/lib/aws-sdk-wafv2/types.rb
CHANGED
@@ -43,14 +43,6 @@ module Aws::WAFV2
|
|
43
43
|
# Amazon CloudFront distributions.
|
44
44
|
#
|
45
45
|
# </note>
|
46
|
-
#
|
47
|
-
# <note markdown="1"> For regional web ACLs in Region US East (N. Virginia) us-east-1,
|
48
|
-
# it's possible to configure response inspection through the APIs,
|
49
|
-
# but ATP response inspection will not be enabled. You can only use
|
50
|
-
# the response inspection capabilities of the ATP managed rule group
|
51
|
-
# in web ACLs that protect CloudFront distributions.
|
52
|
-
#
|
53
|
-
# </note>
|
54
46
|
# @return [Types::ResponseInspection]
|
55
47
|
#
|
56
48
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AWSManagedRulesATPRuleSet AWS API Documentation
|
@@ -71,7 +63,8 @@ module Aws::WAFV2
|
|
71
63
|
# The inspection level to use for the Bot Control rule group. The
|
72
64
|
# common level is the least expensive. The targeted level includes all
|
73
65
|
# common level rules and adds rules with more advanced inspection
|
74
|
-
# criteria. For details, see [WAF Bot Control rule group][1]
|
66
|
+
# criteria. For details, see [WAF Bot Control rule group][1] in the
|
67
|
+
# *WAF Developer Guide*.
|
75
68
|
#
|
76
69
|
#
|
77
70
|
#
|
@@ -145,13 +138,12 @@ module Aws::WAFV2
|
|
145
138
|
# Defines custom handling for the web request.
|
146
139
|
#
|
147
140
|
# For information about customizing web requests and responses, see
|
148
|
-
# [Customizing web requests and responses in WAF][1] in the
|
149
|
-
# Developer Guide
|
141
|
+
# [Customizing web requests and responses in WAF][1] in the *WAF
|
142
|
+
# Developer Guide*.
|
150
143
|
#
|
151
144
|
#
|
152
145
|
#
|
153
146
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
|
154
|
-
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
155
147
|
# @return [Types::CustomRequestHandling]
|
156
148
|
#
|
157
149
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AllowAction AWS API Documentation
|
@@ -191,17 +183,23 @@ module Aws::WAFV2
|
|
191
183
|
# The ARN must be in one of the following formats:
|
192
184
|
#
|
193
185
|
# * For an Application Load Balancer:
|
194
|
-
# `arn:
|
186
|
+
# `arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
|
195
187
|
# `
|
196
188
|
#
|
197
189
|
# * For an Amazon API Gateway REST API:
|
198
|
-
# `arn:
|
190
|
+
# `arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
|
191
|
+
# `
|
199
192
|
#
|
200
193
|
# * For an AppSync GraphQL API:
|
201
|
-
# `arn:
|
194
|
+
# `arn:partition:appsync:region:account-id:apis/GraphQLApiId `
|
202
195
|
#
|
203
196
|
# * For an Amazon Cognito user pool:
|
204
|
-
# `arn:
|
197
|
+
# `arn:partition:cognito-idp:region:account-id:userpool/user-pool-id
|
198
|
+
# `
|
199
|
+
#
|
200
|
+
# * For an App Runner service:
|
201
|
+
# `arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
|
202
|
+
# `
|
205
203
|
# @return [String]
|
206
204
|
#
|
207
205
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AssociateWebACLRequest AWS API Documentation
|
@@ -217,6 +215,47 @@ module Aws::WAFV2
|
|
217
215
|
#
|
218
216
|
class AssociateWebACLResponse < Aws::EmptyStructure; end
|
219
217
|
|
218
|
+
# Specifies custom configurations for the associations between the web
|
219
|
+
# ACL and protected resources.
|
220
|
+
#
|
221
|
+
# Use this to customize the maximum size of the request body that your
|
222
|
+
# protected CloudFront distributions forward to WAF for inspection. The
|
223
|
+
# default is 16 KB (16,384 kilobytes).
|
224
|
+
#
|
225
|
+
# <note markdown="1"> You are charged additional fees when your protected resources forward
|
226
|
+
# body sizes that are larger than the default. For more information, see
|
227
|
+
# [WAF Pricing][1].
|
228
|
+
#
|
229
|
+
# </note>
|
230
|
+
#
|
231
|
+
#
|
232
|
+
#
|
233
|
+
# [1]: http://aws.amazon.com/waf/pricing/
|
234
|
+
#
|
235
|
+
# @!attribute [rw] request_body
|
236
|
+
# Customizes the maximum size of the request body that your protected
|
237
|
+
# CloudFront distributions forward to WAF for inspection. The default
|
238
|
+
# size is 16 KB (16,384 kilobytes).
|
239
|
+
#
|
240
|
+
# <note markdown="1"> You are charged additional fees when your protected resources
|
241
|
+
# forward body sizes that are larger than the default. For more
|
242
|
+
# information, see [WAF Pricing][1].
|
243
|
+
#
|
244
|
+
# </note>
|
245
|
+
#
|
246
|
+
#
|
247
|
+
#
|
248
|
+
# [1]: http://aws.amazon.com/waf/pricing/
|
249
|
+
# @return [Hash<String,Types::RequestBodyAssociatedResourceTypeConfig>]
|
250
|
+
#
|
251
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AssociationConfig AWS API Documentation
|
252
|
+
#
|
253
|
+
class AssociationConfig < Struct.new(
|
254
|
+
:request_body)
|
255
|
+
SENSITIVE = []
|
256
|
+
include Aws::Structure
|
257
|
+
end
|
258
|
+
|
220
259
|
# Specifies that WAF should block the request and optionally defines
|
221
260
|
# additional custom handling for the response to the web request.
|
222
261
|
#
|
@@ -227,13 +266,12 @@ module Aws::WAFV2
|
|
227
266
|
# Defines a custom response for the web request.
|
228
267
|
#
|
229
268
|
# For information about customizing web requests and responses, see
|
230
|
-
# [Customizing web requests and responses in WAF][1] in the
|
231
|
-
# Developer Guide
|
269
|
+
# [Customizing web requests and responses in WAF][1] in the *WAF
|
270
|
+
# Developer Guide*.
|
232
271
|
#
|
233
272
|
#
|
234
273
|
#
|
235
274
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
|
236
|
-
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
237
275
|
# @return [Types::CustomResponse]
|
238
276
|
#
|
239
277
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/BlockAction AWS API Documentation
|
@@ -252,10 +290,16 @@ module Aws::WAFV2
|
|
252
290
|
#
|
253
291
|
# @!attribute [rw] oversize_handling
|
254
292
|
# What WAF should do if the body is larger than WAF can inspect. WAF
|
255
|
-
# does not support inspecting the entire contents of the
|
256
|
-
#
|
257
|
-
#
|
258
|
-
#
|
293
|
+
# does not support inspecting the entire contents of the web request
|
294
|
+
# body if the body exceeds the limit for the resource type. If the
|
295
|
+
# body is larger than the limit, the underlying host service only
|
296
|
+
# forwards the contents that are below the limit to WAF for
|
297
|
+
# inspection.
|
298
|
+
#
|
299
|
+
# The default limit is 8 KB (8,192 kilobytes) for regional resources
|
300
|
+
# and 16 KB (16,384 kilobytes) for CloudFront distributions. For
|
301
|
+
# CloudFront distributions, you can increase the limit in the web ACL
|
302
|
+
# `AssociationConfig`, for additional processing fees.
|
259
303
|
#
|
260
304
|
# The options for oversize handling are the following:
|
261
305
|
#
|
@@ -270,7 +314,7 @@ module Aws::WAFV2
|
|
270
314
|
#
|
271
315
|
# You can combine the `MATCH` or `NO_MATCH` settings for oversize
|
272
316
|
# handling with your rule and web ACL action settings, so that you
|
273
|
-
# block any request whose body is over
|
317
|
+
# block any request whose body is over the limit.
|
274
318
|
#
|
275
319
|
# Default: `CONTINUE`
|
276
320
|
# @return [String]
|
@@ -296,12 +340,12 @@ module Aws::WAFV2
|
|
296
340
|
# FieldToMatch. The maximum length of the value is 200 bytes.
|
297
341
|
#
|
298
342
|
# Valid values depend on the component that you specify for inspection
|
299
|
-
# in `FieldToMatch
|
343
|
+
# in `FieldToMatch`:
|
300
344
|
#
|
301
|
-
# * `Method
|
345
|
+
# * `Method`: The HTTP method that you want WAF to search for. This
|
302
346
|
# indicates the type of operation specified in the request.
|
303
347
|
#
|
304
|
-
# * `UriPath
|
348
|
+
# * `UriPath`: The value that you want WAF to search for in the URI
|
305
349
|
# path, for example, `/images/daily-ad.jpg`.
|
306
350
|
#
|
307
351
|
# If `SearchString` includes alphabetic characters A-Z and a-z, note
|
@@ -426,13 +470,12 @@ module Aws::WAFV2
|
|
426
470
|
# unexpired.
|
427
471
|
#
|
428
472
|
# For information about customizing web requests and responses, see
|
429
|
-
# [Customizing web requests and responses in WAF][1] in the
|
430
|
-
# Developer Guide
|
473
|
+
# [Customizing web requests and responses in WAF][1] in the *WAF
|
474
|
+
# Developer Guide*.
|
431
475
|
#
|
432
476
|
#
|
433
477
|
#
|
434
478
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
|
435
|
-
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
436
479
|
# @return [Types::CustomRequestHandling]
|
437
480
|
#
|
438
481
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CaptchaAction AWS API Documentation
|
@@ -535,13 +578,12 @@ module Aws::WAFV2
|
|
535
578
|
# unexpired.
|
536
579
|
#
|
537
580
|
# For information about customizing web requests and responses, see
|
538
|
-
# [Customizing web requests and responses in WAF][1] in the
|
539
|
-
# Developer Guide
|
581
|
+
# [Customizing web requests and responses in WAF][1] in the *WAF
|
582
|
+
# Developer Guide*.
|
540
583
|
#
|
541
584
|
#
|
542
585
|
#
|
543
586
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
|
544
|
-
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
545
587
|
# @return [Types::CustomRequestHandling]
|
546
588
|
#
|
547
589
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ChallengeAction AWS API Documentation
|
@@ -600,7 +642,8 @@ module Aws::WAFV2
|
|
600
642
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
601
643
|
# for a regional application. A regional application can be an
|
602
644
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
603
|
-
# AppSync GraphQL API,
|
645
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
646
|
+
# service.
|
604
647
|
#
|
605
648
|
# To work with CloudFront, you must also specify the Region US East
|
606
649
|
# (N. Virginia) as follows:
|
@@ -759,13 +802,12 @@ module Aws::WAFV2
|
|
759
802
|
# Defines custom handling for the web request.
|
760
803
|
#
|
761
804
|
# For information about customizing web requests and responses, see
|
762
|
-
# [Customizing web requests and responses in WAF][1] in the
|
763
|
-
# Developer Guide
|
805
|
+
# [Customizing web requests and responses in WAF][1] in the *WAF
|
806
|
+
# Developer Guide*.
|
764
807
|
#
|
765
808
|
#
|
766
809
|
#
|
767
810
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
|
768
|
-
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
769
811
|
# @return [Types::CustomRequestHandling]
|
770
812
|
#
|
771
813
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CountAction AWS API Documentation
|
@@ -785,7 +827,8 @@ module Aws::WAFV2
|
|
785
827
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
786
828
|
# for a regional application. A regional application can be an
|
787
829
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
788
|
-
# AppSync GraphQL API,
|
830
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
831
|
+
# service.
|
789
832
|
#
|
790
833
|
# To work with CloudFront, you must also specify the Region US East
|
791
834
|
# (N. Virginia) as follows:
|
@@ -891,7 +934,8 @@ module Aws::WAFV2
|
|
891
934
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
892
935
|
# for a regional application. A regional application can be an
|
893
936
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
894
|
-
# AppSync GraphQL API,
|
937
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
938
|
+
# service.
|
895
939
|
#
|
896
940
|
# To work with CloudFront, you must also specify the Region US East
|
897
941
|
# (N. Virginia) as follows:
|
@@ -951,7 +995,8 @@ module Aws::WAFV2
|
|
951
995
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
952
996
|
# for a regional application. A regional application can be an
|
953
997
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
954
|
-
# AppSync GraphQL API,
|
998
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
999
|
+
# service.
|
955
1000
|
#
|
956
1001
|
# To work with CloudFront, you must also specify the Region US East
|
957
1002
|
# (N. Virginia) as follows:
|
@@ -976,8 +1021,13 @@ module Aws::WAFV2
|
|
976
1021
|
# relative cost of each rule. Simple rules that cost little to run use
|
977
1022
|
# fewer WCUs than more complex rules that use more processing power.
|
978
1023
|
# Rule group capacity is fixed at creation, which helps users plan
|
979
|
-
# their web ACL WCU usage when they use a rule group.
|
980
|
-
#
|
1024
|
+
# their web ACL WCU usage when they use a rule group. For more
|
1025
|
+
# information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
|
1026
|
+
# Developer Guide*.
|
1027
|
+
#
|
1028
|
+
#
|
1029
|
+
#
|
1030
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
|
981
1031
|
# @return [Integer]
|
982
1032
|
#
|
983
1033
|
# @!attribute [rw] description
|
@@ -1007,18 +1057,17 @@ module Aws::WAFV2
|
|
1007
1057
|
# the rules that you define in the rule group.
|
1008
1058
|
#
|
1009
1059
|
# For information about customizing web requests and responses, see
|
1010
|
-
# [Customizing web requests and responses in WAF][1] in the
|
1011
|
-
# Developer Guide
|
1060
|
+
# [Customizing web requests and responses in WAF][1] in the *WAF
|
1061
|
+
# Developer Guide*.
|
1012
1062
|
#
|
1013
1063
|
# For information about the limits on count and size for custom
|
1014
|
-
# request and response settings, see [WAF quotas][
|
1015
|
-
# Developer Guide
|
1064
|
+
# request and response settings, see [WAF quotas][2] in the *WAF
|
1065
|
+
# Developer Guide*.
|
1016
1066
|
#
|
1017
1067
|
#
|
1018
1068
|
#
|
1019
1069
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
|
1020
|
-
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/
|
1021
|
-
# [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
|
1070
|
+
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
|
1022
1071
|
# @return [Hash<String,Types::CustomResponseBody>]
|
1023
1072
|
#
|
1024
1073
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateRuleGroupRequest AWS API Documentation
|
@@ -1061,7 +1110,8 @@ module Aws::WAFV2
|
|
1061
1110
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
1062
1111
|
# for a regional application. A regional application can be an
|
1063
1112
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
1064
|
-
# AppSync GraphQL API,
|
1113
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
1114
|
+
# service.
|
1065
1115
|
#
|
1066
1116
|
# To work with CloudFront, you must also specify the Region US East
|
1067
1117
|
# (N. Virginia) as follows:
|
@@ -1104,18 +1154,17 @@ module Aws::WAFV2
|
|
1104
1154
|
# rules and default actions that you define in the web ACL.
|
1105
1155
|
#
|
1106
1156
|
# For information about customizing web requests and responses, see
|
1107
|
-
# [Customizing web requests and responses in WAF][1] in the
|
1108
|
-
# Developer Guide
|
1157
|
+
# [Customizing web requests and responses in WAF][1] in the *WAF
|
1158
|
+
# Developer Guide*.
|
1109
1159
|
#
|
1110
1160
|
# For information about the limits on count and size for custom
|
1111
|
-
# request and response settings, see [WAF quotas][
|
1112
|
-
# Developer Guide
|
1161
|
+
# request and response settings, see [WAF quotas][2] in the *WAF
|
1162
|
+
# Developer Guide*.
|
1113
1163
|
#
|
1114
1164
|
#
|
1115
1165
|
#
|
1116
1166
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
|
1117
|
-
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/
|
1118
|
-
# [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
|
1167
|
+
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
|
1119
1168
|
# @return [Hash<String,Types::CustomResponseBody>]
|
1120
1169
|
#
|
1121
1170
|
# @!attribute [rw] captcha_config
|
@@ -1147,6 +1196,25 @@ module Aws::WAFV2
|
|
1147
1196
|
# `usa.gov` or `co.uk` as token domains.
|
1148
1197
|
# @return [Array<String>]
|
1149
1198
|
#
|
1199
|
+
# @!attribute [rw] association_config
|
1200
|
+
# Specifies custom configurations for the associations between the web
|
1201
|
+
# ACL and protected resources.
|
1202
|
+
#
|
1203
|
+
# Use this to customize the maximum size of the request body that your
|
1204
|
+
# protected CloudFront distributions forward to WAF for inspection.
|
1205
|
+
# The default is 16 KB (16,384 kilobytes).
|
1206
|
+
#
|
1207
|
+
# <note markdown="1"> You are charged additional fees when your protected resources
|
1208
|
+
# forward body sizes that are larger than the default. For more
|
1209
|
+
# information, see [WAF Pricing][1].
|
1210
|
+
#
|
1211
|
+
# </note>
|
1212
|
+
#
|
1213
|
+
#
|
1214
|
+
#
|
1215
|
+
# [1]: http://aws.amazon.com/waf/pricing/
|
1216
|
+
# @return [Types::AssociationConfig]
|
1217
|
+
#
|
1150
1218
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateWebACLRequest AWS API Documentation
|
1151
1219
|
#
|
1152
1220
|
class CreateWebACLRequest < Struct.new(
|
@@ -1160,7 +1228,8 @@ module Aws::WAFV2
|
|
1160
1228
|
:custom_response_bodies,
|
1161
1229
|
:captcha_config,
|
1162
1230
|
:challenge_config,
|
1163
|
-
:token_domains
|
1231
|
+
:token_domains,
|
1232
|
+
:association_config)
|
1164
1233
|
SENSITIVE = []
|
1165
1234
|
include Aws::Structure
|
1166
1235
|
end
|
@@ -1212,26 +1281,24 @@ module Aws::WAFV2
|
|
1212
1281
|
# `CaptchaAction` for requests with valid t okens, and `AllowAction`.
|
1213
1282
|
#
|
1214
1283
|
# For information about customizing web requests and responses, see
|
1215
|
-
# [Customizing web requests and responses in WAF][1] in the
|
1216
|
-
# Developer Guide
|
1284
|
+
# [Customizing web requests and responses in WAF][1] in the *WAF
|
1285
|
+
# Developer Guide*.
|
1217
1286
|
#
|
1218
1287
|
#
|
1219
1288
|
#
|
1220
1289
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
|
1221
|
-
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
1222
1290
|
#
|
1223
1291
|
# @!attribute [rw] insert_headers
|
1224
1292
|
# The HTTP headers to insert into the request. Duplicate header names
|
1225
1293
|
# are not allowed.
|
1226
1294
|
#
|
1227
1295
|
# For information about the limits on count and size for custom
|
1228
|
-
# request and response settings, see [WAF quotas][1] in the
|
1229
|
-
# Developer Guide
|
1296
|
+
# request and response settings, see [WAF quotas][1] in the *WAF
|
1297
|
+
# Developer Guide*.
|
1230
1298
|
#
|
1231
1299
|
#
|
1232
1300
|
#
|
1233
1301
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
|
1234
|
-
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
1235
1302
|
# @return [Array<Types::CustomHTTPHeader>]
|
1236
1303
|
#
|
1237
1304
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CustomRequestHandling AWS API Documentation
|
@@ -1247,25 +1314,23 @@ module Aws::WAFV2
|
|
1247
1314
|
# BlockAction.
|
1248
1315
|
#
|
1249
1316
|
# For information about customizing web requests and responses, see
|
1250
|
-
# [Customizing web requests and responses in WAF][1] in the
|
1251
|
-
# Developer Guide
|
1317
|
+
# [Customizing web requests and responses in WAF][1] in the *WAF
|
1318
|
+
# Developer Guide*.
|
1252
1319
|
#
|
1253
1320
|
#
|
1254
1321
|
#
|
1255
1322
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
|
1256
|
-
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
1257
1323
|
#
|
1258
1324
|
# @!attribute [rw] response_code
|
1259
1325
|
# The HTTP status code to return to the client.
|
1260
1326
|
#
|
1261
1327
|
# For a list of status codes that you can use in your custom
|
1262
1328
|
# responses, see [Supported status codes for custom response][1] in
|
1263
|
-
# the
|
1329
|
+
# the *WAF Developer Guide*.
|
1264
1330
|
#
|
1265
1331
|
#
|
1266
1332
|
#
|
1267
1333
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html
|
1268
|
-
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
1269
1334
|
# @return [Integer]
|
1270
1335
|
#
|
1271
1336
|
# @!attribute [rw] custom_response_body_key
|
@@ -1284,13 +1349,12 @@ module Aws::WAFV2
|
|
1284
1349
|
# not allowed.
|
1285
1350
|
#
|
1286
1351
|
# For information about the limits on count and size for custom
|
1287
|
-
# request and response settings, see [WAF quotas][1] in the
|
1288
|
-
# Developer Guide
|
1352
|
+
# request and response settings, see [WAF quotas][1] in the *WAF
|
1353
|
+
# Developer Guide*.
|
1289
1354
|
#
|
1290
1355
|
#
|
1291
1356
|
#
|
1292
1357
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
|
1293
|
-
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
1294
1358
|
# @return [Array<Types::CustomHTTPHeader>]
|
1295
1359
|
#
|
1296
1360
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CustomResponse AWS API Documentation
|
@@ -1318,13 +1382,12 @@ module Aws::WAFV2
|
|
1318
1382
|
# must specify JSON content in the `ContentType` setting.
|
1319
1383
|
#
|
1320
1384
|
# For information about the limits on count and size for custom
|
1321
|
-
# request and response settings, see [WAF quotas][1] in the
|
1322
|
-
# Developer Guide
|
1385
|
+
# request and response settings, see [WAF quotas][1] in the *WAF
|
1386
|
+
# Developer Guide*.
|
1323
1387
|
#
|
1324
1388
|
#
|
1325
1389
|
#
|
1326
1390
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
|
1327
|
-
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
|
1328
1391
|
# @return [String]
|
1329
1392
|
#
|
1330
1393
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CustomResponseBody AWS API Documentation
|
@@ -1411,7 +1474,8 @@ module Aws::WAFV2
|
|
1411
1474
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
1412
1475
|
# for a regional application. A regional application can be an
|
1413
1476
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
1414
|
-
# AppSync GraphQL API,
|
1477
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
1478
|
+
# service.
|
1415
1479
|
#
|
1416
1480
|
# To work with CloudFront, you must also specify the Region US East
|
1417
1481
|
# (N. Virginia) as follows:
|
@@ -1500,7 +1564,8 @@ module Aws::WAFV2
|
|
1500
1564
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
1501
1565
|
# for a regional application. A regional application can be an
|
1502
1566
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
1503
|
-
# AppSync GraphQL API,
|
1567
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
1568
|
+
# service.
|
1504
1569
|
#
|
1505
1570
|
# To work with CloudFront, you must also specify the Region US East
|
1506
1571
|
# (N. Virginia) as follows:
|
@@ -1553,7 +1618,8 @@ module Aws::WAFV2
|
|
1553
1618
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
1554
1619
|
# for a regional application. A regional application can be an
|
1555
1620
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
1556
|
-
# AppSync GraphQL API,
|
1621
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
1622
|
+
# service.
|
1557
1623
|
#
|
1558
1624
|
# To work with CloudFront, you must also specify the Region US East
|
1559
1625
|
# (N. Virginia) as follows:
|
@@ -1606,7 +1672,8 @@ module Aws::WAFV2
|
|
1606
1672
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
1607
1673
|
# for a regional application. A regional application can be an
|
1608
1674
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
1609
|
-
# AppSync GraphQL API,
|
1675
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
1676
|
+
# service.
|
1610
1677
|
#
|
1611
1678
|
# To work with CloudFront, you must also specify the Region US East
|
1612
1679
|
# (N. Virginia) as follows:
|
@@ -1664,7 +1731,8 @@ module Aws::WAFV2
|
|
1664
1731
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
1665
1732
|
# for a regional application. A regional application can be an
|
1666
1733
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
1667
|
-
# AppSync GraphQL API,
|
1734
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
1735
|
+
# service.
|
1668
1736
|
#
|
1669
1737
|
# To work with CloudFront, you must also specify the Region US East
|
1670
1738
|
# (N. Virginia) as follows:
|
@@ -1710,13 +1778,21 @@ module Aws::WAFV2
|
|
1710
1778
|
# @return [String]
|
1711
1779
|
#
|
1712
1780
|
# @!attribute [rw] capacity
|
1713
|
-
# The web ACL capacity units (WCUs) required for this rule group.
|
1714
|
-
#
|
1715
|
-
#
|
1716
|
-
#
|
1717
|
-
#
|
1718
|
-
#
|
1719
|
-
#
|
1781
|
+
# The web ACL capacity units (WCUs) required for this rule group.
|
1782
|
+
#
|
1783
|
+
# WAF uses WCUs to calculate and control the operating resources that
|
1784
|
+
# are used to run your rules, rule groups, and web ACLs. WAF
|
1785
|
+
# calculates capacity differently for each rule type, to reflect the
|
1786
|
+
# relative cost of each rule. Simple rules that cost little to run use
|
1787
|
+
# fewer WCUs than more complex rules that use more processing power.
|
1788
|
+
# Rule group capacity is fixed at creation, which helps users plan
|
1789
|
+
# their web ACL WCU usage when they use a rule group. For more
|
1790
|
+
# information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
|
1791
|
+
# Developer Guide*.
|
1792
|
+
#
|
1793
|
+
#
|
1794
|
+
#
|
1795
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
|
1720
1796
|
# @return [Integer]
|
1721
1797
|
#
|
1722
1798
|
# @!attribute [rw] rules
|
@@ -1729,7 +1805,7 @@ module Aws::WAFV2
|
|
1729
1805
|
# * The syntax for the label namespace prefix for a managed rule group
|
1730
1806
|
# is the following:
|
1731
1807
|
#
|
1732
|
-
# `awswaf:managed:<vendor>:<rule group name
|
1808
|
+
# `awswaf:managed:<vendor>:<rule group name>`:
|
1733
1809
|
#
|
1734
1810
|
# * When a rule with a label matches a web request, WAF adds the fully
|
1735
1811
|
# qualified label to the request. A fully qualified label is made up
|
@@ -1773,17 +1849,23 @@ module Aws::WAFV2
|
|
1773
1849
|
# The ARN must be in one of the following formats:
|
1774
1850
|
#
|
1775
1851
|
# * For an Application Load Balancer:
|
1776
|
-
# `arn:
|
1852
|
+
# `arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
|
1777
1853
|
# `
|
1778
1854
|
#
|
1779
1855
|
# * For an Amazon API Gateway REST API:
|
1780
|
-
# `arn:
|
1856
|
+
# `arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
|
1857
|
+
# `
|
1781
1858
|
#
|
1782
1859
|
# * For an AppSync GraphQL API:
|
1783
|
-
# `arn:
|
1860
|
+
# `arn:partition:appsync:region:account-id:apis/GraphQLApiId `
|
1784
1861
|
#
|
1785
1862
|
# * For an Amazon Cognito user pool:
|
1786
|
-
# `arn:
|
1863
|
+
# `arn:partition:cognito-idp:region:account-id:userpool/user-pool-id
|
1864
|
+
# `
|
1865
|
+
#
|
1866
|
+
# * For an App Runner service:
|
1867
|
+
# `arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
|
1868
|
+
# `
|
1787
1869
|
# @return [String]
|
1788
1870
|
#
|
1789
1871
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/DisassociateWebACLRequest AWS API Documentation
|
@@ -1872,10 +1954,15 @@ module Aws::WAFV2
|
|
1872
1954
|
# contains any additional data that you want to send to your web
|
1873
1955
|
# server as the HTTP request body, such as data from a form.
|
1874
1956
|
#
|
1875
|
-
#
|
1876
|
-
#
|
1877
|
-
#
|
1878
|
-
#
|
1957
|
+
# A limited amount of the request body is forwarded to WAF for
|
1958
|
+
# inspection by the underlying host service. For regional resources,
|
1959
|
+
# the limit is 8 KB (8,192 kilobytes) and for CloudFront
|
1960
|
+
# distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront
|
1961
|
+
# distributions, you can increase the limit in the web ACL's
|
1962
|
+
# `AssociationConfig`, for additional processing fees.
|
1963
|
+
#
|
1964
|
+
# For information about how to handle oversized request bodies, see
|
1965
|
+
# the `Body` object configuration.
|
1879
1966
|
# @return [Types::Body]
|
1880
1967
|
#
|
1881
1968
|
# @!attribute [rw] method
|
@@ -1889,10 +1976,15 @@ module Aws::WAFV2
|
|
1889
1976
|
# contains any additional data that you want to send to your web
|
1890
1977
|
# server as the HTTP request body, such as data from a form.
|
1891
1978
|
#
|
1892
|
-
#
|
1893
|
-
#
|
1894
|
-
#
|
1895
|
-
#
|
1979
|
+
# A limited amount of the request body is forwarded to WAF for
|
1980
|
+
# inspection by the underlying host service. For regional resources,
|
1981
|
+
# the limit is 8 KB (8,192 kilobytes) and for CloudFront
|
1982
|
+
# distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront
|
1983
|
+
# distributions, you can increase the limit in the web ACL's
|
1984
|
+
# `AssociationConfig`, for additional processing fees.
|
1985
|
+
#
|
1986
|
+
# For information about how to handle oversized request bodies, see
|
1987
|
+
# the `JsonBody` object configuration.
|
1896
1988
|
# @return [Types::JsonBody]
|
1897
1989
|
#
|
1898
1990
|
# @!attribute [rw] headers
|
@@ -2023,40 +2115,19 @@ module Aws::WAFV2
|
|
2023
2115
|
end
|
2024
2116
|
|
2025
2117
|
# The processing guidance for an Firewall Manager rule. This is like a
|
2026
|
-
# regular rule Statement, but it can only contain a rule group
|
2118
|
+
# regular rule Statement, but it can only contain a single rule group
|
2027
2119
|
# reference.
|
2028
2120
|
#
|
2029
2121
|
# @!attribute [rw] managed_rule_group_statement
|
2030
|
-
# A
|
2031
|
-
#
|
2032
|
-
#
|
2033
|
-
# calling ListAvailableManagedRuleGroups.
|
2034
|
-
#
|
2035
|
-
# You cannot nest a `ManagedRuleGroupStatement`, for example for use
|
2036
|
-
# inside a `NotStatement` or `OrStatement`. It can only be referenced
|
2037
|
-
# as a top-level statement within a rule.
|
2038
|
-
#
|
2039
|
-
# <note markdown="1"> You are charged additional fees when you use the WAF Bot Control
|
2040
|
-
# managed rule group `AWSManagedRulesBotControlRuleSet` or the WAF
|
2041
|
-
# Fraud Control account takeover prevention (ATP) managed rule group
|
2042
|
-
# `AWSManagedRulesATPRuleSet`. For more information, see [WAF
|
2043
|
-
# Pricing][1].
|
2044
|
-
#
|
2045
|
-
# </note>
|
2046
|
-
#
|
2047
|
-
#
|
2048
|
-
#
|
2049
|
-
# [1]: http://aws.amazon.com/waf/pricing/
|
2122
|
+
# A statement used by Firewall Manager to run the rules that are
|
2123
|
+
# defined in a managed rule group. This is managed by Firewall Manager
|
2124
|
+
# for an Firewall Manager WAF policy.
|
2050
2125
|
# @return [Types::ManagedRuleGroupStatement]
|
2051
2126
|
#
|
2052
2127
|
# @!attribute [rw] rule_group_reference_statement
|
2053
|
-
# A
|
2054
|
-
#
|
2055
|
-
#
|
2056
|
-
#
|
2057
|
-
# You cannot nest a `RuleGroupReferenceStatement`, for example for use
|
2058
|
-
# inside a `NotStatement` or `OrStatement`. You can only use a rule
|
2059
|
-
# group reference statement at the top level inside a web ACL.
|
2128
|
+
# A statement used by Firewall Manager to run the rules that are
|
2129
|
+
# defined in a rule group. This is managed by Firewall Manager for an
|
2130
|
+
# Firewall Manager WAF policy.
|
2060
2131
|
# @return [Types::RuleGroupReferenceStatement]
|
2061
2132
|
#
|
2062
2133
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/FirewallManagerStatement AWS API Documentation
|
@@ -2233,7 +2304,8 @@ module Aws::WAFV2
|
|
2233
2304
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
2234
2305
|
# for a regional application. A regional application can be an
|
2235
2306
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
2236
|
-
# AppSync GraphQL API,
|
2307
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
2308
|
+
# service.
|
2237
2309
|
#
|
2238
2310
|
# To work with CloudFront, you must also specify the Region US East
|
2239
2311
|
# (N. Virginia) as follows:
|
@@ -2321,7 +2393,8 @@ module Aws::WAFV2
|
|
2321
2393
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
2322
2394
|
# for a regional application. A regional application can be an
|
2323
2395
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
2324
|
-
# AppSync GraphQL API,
|
2396
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
2397
|
+
# service.
|
2325
2398
|
#
|
2326
2399
|
# To work with CloudFront, you must also specify the Region US East
|
2327
2400
|
# (N. Virginia) as follows:
|
@@ -2433,7 +2506,8 @@ module Aws::WAFV2
|
|
2433
2506
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
2434
2507
|
# for a regional application. A regional application can be an
|
2435
2508
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
2436
|
-
# AppSync GraphQL API,
|
2509
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
2510
|
+
# service.
|
2437
2511
|
#
|
2438
2512
|
# To work with CloudFront, you must also specify the Region US East
|
2439
2513
|
# (N. Virginia) as follows:
|
@@ -2506,7 +2580,8 @@ module Aws::WAFV2
|
|
2506
2580
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
2507
2581
|
# for a regional application. A regional application can be an
|
2508
2582
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
2509
|
-
# AppSync GraphQL API,
|
2583
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
2584
|
+
# service.
|
2510
2585
|
#
|
2511
2586
|
# To work with CloudFront, you must also specify the Region US East
|
2512
2587
|
# (N. Virginia) as follows:
|
@@ -2566,7 +2641,8 @@ module Aws::WAFV2
|
|
2566
2641
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
2567
2642
|
# for a regional application. A regional application can be an
|
2568
2643
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
2569
|
-
# AppSync GraphQL API,
|
2644
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
2645
|
+
# service.
|
2570
2646
|
#
|
2571
2647
|
# To work with CloudFront, you must also specify the Region US East
|
2572
2648
|
# (N. Virginia) as follows:
|
@@ -2636,7 +2712,8 @@ module Aws::WAFV2
|
|
2636
2712
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
2637
2713
|
# for a regional application. A regional application can be an
|
2638
2714
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
2639
|
-
# AppSync GraphQL API,
|
2715
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
2716
|
+
# service.
|
2640
2717
|
#
|
2641
2718
|
# To work with CloudFront, you must also specify the Region US East
|
2642
2719
|
# (N. Virginia) as follows:
|
@@ -2715,17 +2792,23 @@ module Aws::WAFV2
|
|
2715
2792
|
# The ARN must be in one of the following formats:
|
2716
2793
|
#
|
2717
2794
|
# * For an Application Load Balancer:
|
2718
|
-
# `arn:
|
2795
|
+
# `arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
|
2719
2796
|
# `
|
2720
2797
|
#
|
2721
2798
|
# * For an Amazon API Gateway REST API:
|
2722
|
-
# `arn:
|
2799
|
+
# `arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
|
2800
|
+
# `
|
2723
2801
|
#
|
2724
2802
|
# * For an AppSync GraphQL API:
|
2725
|
-
# `arn:
|
2803
|
+
# `arn:partition:appsync:region:account-id:apis/GraphQLApiId `
|
2726
2804
|
#
|
2727
2805
|
# * For an Amazon Cognito user pool:
|
2728
|
-
# `arn:
|
2806
|
+
# `arn:partition:cognito-idp:region:account-id:userpool/user-pool-id
|
2807
|
+
# `
|
2808
|
+
#
|
2809
|
+
# * For an App Runner service:
|
2810
|
+
# `arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
|
2811
|
+
# `
|
2729
2812
|
# @return [String]
|
2730
2813
|
#
|
2731
2814
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetWebACLForResourceRequest AWS API Documentation
|
@@ -2758,7 +2841,8 @@ module Aws::WAFV2
|
|
2758
2841
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
2759
2842
|
# for a regional application. A regional application can be an
|
2760
2843
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
2761
|
-
# AppSync GraphQL API,
|
2844
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
2845
|
+
# service.
|
2762
2846
|
#
|
2763
2847
|
# To work with CloudFront, you must also specify the Region US East
|
2764
2848
|
# (N. Virginia) as follows:
|
@@ -3326,10 +3410,16 @@ module Aws::WAFV2
|
|
3326
3410
|
#
|
3327
3411
|
# @!attribute [rw] oversize_handling
|
3328
3412
|
# What WAF should do if the body is larger than WAF can inspect. WAF
|
3329
|
-
# does not support inspecting the entire contents of the
|
3330
|
-
#
|
3331
|
-
#
|
3332
|
-
#
|
3413
|
+
# does not support inspecting the entire contents of the web request
|
3414
|
+
# body if the body exceeds the limit for the resource type. If the
|
3415
|
+
# body is larger than the limit, the underlying host service only
|
3416
|
+
# forwards the contents that are below the limit to WAF for
|
3417
|
+
# inspection.
|
3418
|
+
#
|
3419
|
+
# The default limit is 8 KB (8,192 kilobytes) for regional resources
|
3420
|
+
# and 16 KB (16,384 kilobytes) for CloudFront distributions. For
|
3421
|
+
# CloudFront distributions, you can increase the limit in the web ACL
|
3422
|
+
# `AssociationConfig`, for additional processing fees.
|
3333
3423
|
#
|
3334
3424
|
# The options for oversize handling are the following:
|
3335
3425
|
#
|
@@ -3344,7 +3434,7 @@ module Aws::WAFV2
|
|
3344
3434
|
#
|
3345
3435
|
# You can combine the `MATCH` or `NO_MATCH` settings for oversize
|
3346
3436
|
# handling with your rule and web ACL action settings, so that you
|
3347
|
-
# block any request whose body is over
|
3437
|
+
# block any request whose body is over the limit.
|
3348
3438
|
#
|
3349
3439
|
# Default: `CONTINUE`
|
3350
3440
|
# @return [String]
|
@@ -3516,7 +3606,8 @@ module Aws::WAFV2
|
|
3516
3606
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
3517
3607
|
# for a regional application. A regional application can be an
|
3518
3608
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
3519
|
-
# AppSync GraphQL API,
|
3609
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
3610
|
+
# service.
|
3520
3611
|
#
|
3521
3612
|
# To work with CloudFront, you must also specify the Region US East
|
3522
3613
|
# (N. Virginia) as follows:
|
@@ -3585,7 +3676,8 @@ module Aws::WAFV2
|
|
3585
3676
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
3586
3677
|
# for a regional application. A regional application can be an
|
3587
3678
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
3588
|
-
# AppSync GraphQL API,
|
3679
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
3680
|
+
# service.
|
3589
3681
|
#
|
3590
3682
|
# To work with CloudFront, you must also specify the Region US East
|
3591
3683
|
# (N. Virginia) as follows:
|
@@ -3645,7 +3737,8 @@ module Aws::WAFV2
|
|
3645
3737
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
3646
3738
|
# for a regional application. A regional application can be an
|
3647
3739
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
3648
|
-
# AppSync GraphQL API,
|
3740
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
3741
|
+
# service.
|
3649
3742
|
#
|
3650
3743
|
# To work with CloudFront, you must also specify the Region US East
|
3651
3744
|
# (N. Virginia) as follows:
|
@@ -3707,7 +3800,8 @@ module Aws::WAFV2
|
|
3707
3800
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
3708
3801
|
# for a regional application. A regional application can be an
|
3709
3802
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
3710
|
-
# AppSync GraphQL API,
|
3803
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
3804
|
+
# service.
|
3711
3805
|
#
|
3712
3806
|
# To work with CloudFront, you must also specify the Region US East
|
3713
3807
|
# (N. Virginia) as follows:
|
@@ -3767,7 +3861,8 @@ module Aws::WAFV2
|
|
3767
3861
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
3768
3862
|
# for a regional application. A regional application can be an
|
3769
3863
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
3770
|
-
# AppSync GraphQL API,
|
3864
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
3865
|
+
# service.
|
3771
3866
|
#
|
3772
3867
|
# To work with CloudFront, you must also specify the Region US East
|
3773
3868
|
# (N. Virginia) as follows:
|
@@ -3878,7 +3973,8 @@ module Aws::WAFV2
|
|
3878
3973
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
3879
3974
|
# for a regional application. A regional application can be an
|
3880
3975
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
3881
|
-
# AppSync GraphQL API,
|
3976
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
3977
|
+
# service.
|
3882
3978
|
#
|
3883
3979
|
# To work with CloudFront, you must also specify the Region US East
|
3884
3980
|
# (N. Virginia) as follows:
|
@@ -3941,8 +4037,8 @@ module Aws::WAFV2
|
|
3941
4037
|
# @!attribute [rw] resource_type
|
3942
4038
|
# Used for web ACLs that are scoped for regional applications. A
|
3943
4039
|
# regional application can be an Application Load Balancer (ALB), an
|
3944
|
-
# Amazon API Gateway REST API, an AppSync GraphQL API,
|
3945
|
-
# Cognito user pool.
|
4040
|
+
# Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
|
4041
|
+
# Cognito user pool, or an App Runner service.
|
3946
4042
|
#
|
3947
4043
|
# <note markdown="1"> If you don't provide a resource type, the call uses the resource
|
3948
4044
|
# type `APPLICATION_LOAD_BALANCER`.
|
@@ -3978,7 +4074,8 @@ module Aws::WAFV2
|
|
3978
4074
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
3979
4075
|
# for a regional application. A regional application can be an
|
3980
4076
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
3981
|
-
# AppSync GraphQL API,
|
4077
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
4078
|
+
# service.
|
3982
4079
|
#
|
3983
4080
|
# To work with CloudFront, you must also specify the Region US East
|
3984
4081
|
# (N. Virginia) as follows:
|
@@ -4088,7 +4185,8 @@ module Aws::WAFV2
|
|
4088
4185
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
4089
4186
|
# for a regional application. A regional application can be an
|
4090
4187
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
4091
|
-
# AppSync GraphQL API,
|
4188
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
4189
|
+
# service.
|
4092
4190
|
#
|
4093
4191
|
# To work with CloudFront, you must also specify the Region US East
|
4094
4192
|
# (N. Virginia) as follows:
|
@@ -4203,7 +4301,7 @@ module Aws::WAFV2
|
|
4203
4301
|
# @!attribute [rw] redacted_fields
|
4204
4302
|
# The parts of the request that you want to keep out of the logs. For
|
4205
4303
|
# example, if you redact the `SingleHeader` field, the `HEADER` field
|
4206
|
-
# in the logs will be `
|
4304
|
+
# in the logs will be `REDACTED`.
|
4207
4305
|
#
|
4208
4306
|
# <note markdown="1"> You can specify only the following fields for redaction: `UriPath`,
|
4209
4307
|
# `QueryString`, `SingleHeader`, `Method`, and `JsonBody`.
|
@@ -4322,14 +4420,6 @@ module Aws::WAFV2
|
|
4322
4420
|
# that protect CloudFront distributions, use this to also provide the
|
4323
4421
|
# information about how your distribution responds to login requests.
|
4324
4422
|
#
|
4325
|
-
# <note markdown="1"> For regional web ACLs in Region US East (N. Virginia) us-east-1,
|
4326
|
-
# it's possible to configure response inspection through the APIs,
|
4327
|
-
# but ATP response inspection will not be enabled. You can only use
|
4328
|
-
# the response inspection capabilities of the ATP managed rule group
|
4329
|
-
# in web ACLs that protect CloudFront distributions.
|
4330
|
-
#
|
4331
|
-
# </note>
|
4332
|
-
#
|
4333
4423
|
# This configuration replaces the individual configuration fields in
|
4334
4424
|
# `ManagedRuleGroupConfig` and provides additional feature
|
4335
4425
|
# configuration.
|
@@ -4571,7 +4661,7 @@ module Aws::WAFV2
|
|
4571
4661
|
# * The syntax for the label namespace prefix for a managed rule group
|
4572
4662
|
# is the following:
|
4573
4663
|
#
|
4574
|
-
# `awswaf:managed:<vendor>:<rule group name
|
4664
|
+
# `awswaf:managed:<vendor>:<rule group name>`:
|
4575
4665
|
#
|
4576
4666
|
# * When a rule with a label matches a web request, WAF adds the fully
|
4577
4667
|
# qualified label to the request. A fully qualified label is made up
|
@@ -4650,7 +4740,7 @@ module Aws::WAFV2
|
|
4650
4740
|
# * The syntax for the label namespace prefix for a managed rule group
|
4651
4741
|
# is the following:
|
4652
4742
|
#
|
4653
|
-
# `awswaf:managed:<vendor>:<rule group name
|
4743
|
+
# `awswaf:managed:<vendor>:<rule group name>`:
|
4654
4744
|
#
|
4655
4745
|
# * When a rule with a label matches a web request, WAF adds the fully
|
4656
4746
|
# qualified label to the request. A fully qualified label is made up
|
@@ -4700,8 +4790,13 @@ module Aws::WAFV2
|
|
4700
4790
|
# relative cost of each rule. Simple rules that cost little to run use
|
4701
4791
|
# fewer WCUs than more complex rules that use more processing power.
|
4702
4792
|
# Rule group capacity is fixed at creation, which helps users plan
|
4703
|
-
# their web ACL WCU usage when they use a rule group.
|
4704
|
-
#
|
4793
|
+
# their web ACL WCU usage when they use a rule group. For more
|
4794
|
+
# information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
|
4795
|
+
# Developer Guide*.
|
4796
|
+
#
|
4797
|
+
#
|
4798
|
+
#
|
4799
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
|
4705
4800
|
# @return [Integer]
|
4706
4801
|
#
|
4707
4802
|
# @!attribute [rw] forecasted_lifetime
|
@@ -4939,7 +5034,8 @@ module Aws::WAFV2
|
|
4939
5034
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
4940
5035
|
# for a regional application. A regional application can be an
|
4941
5036
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
4942
|
-
# AppSync GraphQL API,
|
5037
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
5038
|
+
# service.
|
4943
5039
|
#
|
4944
5040
|
# To work with CloudFront, you must also specify the Region US East
|
4945
5041
|
# (N. Virginia) as follows:
|
@@ -5021,8 +5117,7 @@ module Aws::WAFV2
|
|
5021
5117
|
#
|
5022
5118
|
# The policy specifications must conform to the following:
|
5023
5119
|
#
|
5024
|
-
# * The policy must be composed using IAM Policy version 2012-10-17
|
5025
|
-
# version 2015-01-01.
|
5120
|
+
# * The policy must be composed using IAM Policy version 2012-10-17.
|
5026
5121
|
#
|
5027
5122
|
# * The policy must include specifications for `Effect`, `Action`, and
|
5028
5123
|
# `Principal`.
|
@@ -5377,6 +5472,39 @@ module Aws::WAFV2
|
|
5377
5472
|
include Aws::Structure
|
5378
5473
|
end
|
5379
5474
|
|
5475
|
+
# Customizes the maximum size of the request body that your protected
|
5476
|
+
# CloudFront distributions forward to WAF for inspection. The default
|
5477
|
+
# size is 16 KB (16,384 kilobytes).
|
5478
|
+
#
|
5479
|
+
# <note markdown="1"> You are charged additional fees when your protected resources forward
|
5480
|
+
# body sizes that are larger than the default. For more information, see
|
5481
|
+
# [WAF Pricing][1].
|
5482
|
+
#
|
5483
|
+
# </note>
|
5484
|
+
#
|
5485
|
+
# This is used in the `AssociationConfig` of the web ACL.
|
5486
|
+
#
|
5487
|
+
#
|
5488
|
+
#
|
5489
|
+
# [1]: http://aws.amazon.com/waf/pricing/
|
5490
|
+
#
|
5491
|
+
# @!attribute [rw] default_size_inspection_limit
|
5492
|
+
# Specifies the maximum size of the web request body component that an
|
5493
|
+
# associated CloudFront distribution should send to WAF for
|
5494
|
+
# inspection. This applies to statements in the web ACL that inspect
|
5495
|
+
# the body or JSON body.
|
5496
|
+
#
|
5497
|
+
# Default: `16 KB (16,384 kilobytes)`
|
5498
|
+
# @return [String]
|
5499
|
+
#
|
5500
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RequestBodyAssociatedResourceTypeConfig AWS API Documentation
|
5501
|
+
#
|
5502
|
+
class RequestBodyAssociatedResourceTypeConfig < Struct.new(
|
5503
|
+
:default_size_inspection_limit)
|
5504
|
+
SENSITIVE = []
|
5505
|
+
include Aws::Structure
|
5506
|
+
end
|
5507
|
+
|
5380
5508
|
# The criteria for inspecting login requests, used by the ATP rule group
|
5381
5509
|
# to validate credentials usage.
|
5382
5510
|
#
|
@@ -5470,14 +5598,6 @@ module Aws::WAFV2
|
|
5470
5598
|
#
|
5471
5599
|
# </note>
|
5472
5600
|
#
|
5473
|
-
# <note markdown="1"> For regional web ACLs in Region US East (N. Virginia) us-east-1, it's
|
5474
|
-
# possible to configure response inspection through the APIs, but ATP
|
5475
|
-
# response inspection will not be enabled. You can only use the response
|
5476
|
-
# inspection capabilities of the ATP managed rule group in web ACLs that
|
5477
|
-
# protect CloudFront distributions.
|
5478
|
-
#
|
5479
|
-
# </note>
|
5480
|
-
#
|
5481
5601
|
# This is part of the `AWSManagedRulesATPRuleSet` configuration in
|
5482
5602
|
# `ManagedRuleGroupConfig`.
|
5483
5603
|
#
|
@@ -5495,11 +5615,13 @@ module Aws::WAFV2
|
|
5495
5615
|
# @return [Types::ResponseInspectionHeader]
|
5496
5616
|
#
|
5497
5617
|
# @!attribute [rw] body_contains
|
5498
|
-
# Configures inspection of the response body.
|
5618
|
+
# Configures inspection of the response body. WAF can inspect the
|
5619
|
+
# first 65,536 bytes (64 KB) of the response body.
|
5499
5620
|
# @return [Types::ResponseInspectionBodyContains]
|
5500
5621
|
#
|
5501
5622
|
# @!attribute [rw] json
|
5502
|
-
# Configures inspection of the response JSON.
|
5623
|
+
# Configures inspection of the response JSON. WAF can inspect the
|
5624
|
+
# first 65,536 bytes (64 KB) of the response JSON.
|
5503
5625
|
# @return [Types::ResponseInspectionJson]
|
5504
5626
|
#
|
5505
5627
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ResponseInspection AWS API Documentation
|
@@ -5513,7 +5635,8 @@ module Aws::WAFV2
|
|
5513
5635
|
include Aws::Structure
|
5514
5636
|
end
|
5515
5637
|
|
5516
|
-
# Configures inspection of the response body.
|
5638
|
+
# Configures inspection of the response body. WAF can inspect the first
|
5639
|
+
# 65,536 bytes (64 KB) of the response body. This is part of the
|
5517
5640
|
# `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet`.
|
5518
5641
|
#
|
5519
5642
|
# <note markdown="1"> Response inspection is available only in web ACLs that protect Amazon
|
@@ -5521,14 +5644,6 @@ module Aws::WAFV2
|
|
5521
5644
|
#
|
5522
5645
|
# </note>
|
5523
5646
|
#
|
5524
|
-
# <note markdown="1"> For regional web ACLs in Region US East (N. Virginia) us-east-1, it's
|
5525
|
-
# possible to configure response inspection through the APIs, but ATP
|
5526
|
-
# response inspection will not be enabled. You can only use the response
|
5527
|
-
# inspection capabilities of the ATP managed rule group in web ACLs that
|
5528
|
-
# protect CloudFront distributions.
|
5529
|
-
#
|
5530
|
-
# </note>
|
5531
|
-
#
|
5532
5647
|
# @!attribute [rw] success_strings
|
5533
5648
|
# Strings in the body of the response that indicate a successful login
|
5534
5649
|
# attempt. To be counted as a successful login, the string can be
|
@@ -5565,14 +5680,6 @@ module Aws::WAFV2
|
|
5565
5680
|
#
|
5566
5681
|
# </note>
|
5567
5682
|
#
|
5568
|
-
# <note markdown="1"> For regional web ACLs in Region US East (N. Virginia) us-east-1, it's
|
5569
|
-
# possible to configure response inspection through the APIs, but ATP
|
5570
|
-
# response inspection will not be enabled. You can only use the response
|
5571
|
-
# inspection capabilities of the ATP managed rule group in web ACLs that
|
5572
|
-
# protect CloudFront distributions.
|
5573
|
-
#
|
5574
|
-
# </note>
|
5575
|
-
#
|
5576
5683
|
# @!attribute [rw] name
|
5577
5684
|
# The name of the header to match against. The name must be an exact
|
5578
5685
|
# match, including case.
|
@@ -5609,7 +5716,8 @@ module Aws::WAFV2
|
|
5609
5716
|
include Aws::Structure
|
5610
5717
|
end
|
5611
5718
|
|
5612
|
-
# Configures inspection of the response JSON.
|
5719
|
+
# Configures inspection of the response JSON. WAF can inspect the first
|
5720
|
+
# 65,536 bytes (64 KB) of the response JSON. This is part of the
|
5613
5721
|
# `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet`.
|
5614
5722
|
#
|
5615
5723
|
# <note markdown="1"> Response inspection is available only in web ACLs that protect Amazon
|
@@ -5617,14 +5725,6 @@ module Aws::WAFV2
|
|
5617
5725
|
#
|
5618
5726
|
# </note>
|
5619
5727
|
#
|
5620
|
-
# <note markdown="1"> For regional web ACLs in Region US East (N. Virginia) us-east-1, it's
|
5621
|
-
# possible to configure response inspection through the APIs, but ATP
|
5622
|
-
# response inspection will not be enabled. You can only use the response
|
5623
|
-
# inspection capabilities of the ATP managed rule group in web ACLs that
|
5624
|
-
# protect CloudFront distributions.
|
5625
|
-
#
|
5626
|
-
# </note>
|
5627
|
-
#
|
5628
5728
|
# @!attribute [rw] identifier
|
5629
5729
|
# The identifier for the value to match against in the JSON. The
|
5630
5730
|
# identifier must be an exact match, including case.
|
@@ -5668,14 +5768,6 @@ module Aws::WAFV2
|
|
5668
5768
|
#
|
5669
5769
|
# </note>
|
5670
5770
|
#
|
5671
|
-
# <note markdown="1"> For regional web ACLs in Region US East (N. Virginia) us-east-1, it's
|
5672
|
-
# possible to configure response inspection through the APIs, but ATP
|
5673
|
-
# response inspection will not be enabled. You can only use the response
|
5674
|
-
# inspection capabilities of the ATP managed rule group in web ACLs that
|
5675
|
-
# protect CloudFront distributions.
|
5676
|
-
#
|
5677
|
-
# </note>
|
5678
|
-
#
|
5679
5771
|
# @!attribute [rw] success_codes
|
5680
5772
|
# Status codes in the response that indicate a successful login
|
5681
5773
|
# attempt. To be counted as a successful login, the response status
|
@@ -5919,8 +6011,13 @@ module Aws::WAFV2
|
|
5919
6011
|
# relative cost of each rule. Simple rules that cost little to run use
|
5920
6012
|
# fewer WCUs than more complex rules that use more processing power.
|
5921
6013
|
# Rule group capacity is fixed at creation, which helps users plan
|
5922
|
-
# their web ACL WCU usage when they use a rule group.
|
5923
|
-
#
|
6014
|
+
# their web ACL WCU usage when they use a rule group. For more
|
6015
|
+
# information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
|
6016
|
+
# Developer Guide*.
|
6017
|
+
#
|
6018
|
+
#
|
6019
|
+
#
|
6020
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
|
5924
6021
|
# @return [Integer]
|
5925
6022
|
#
|
5926
6023
|
# @!attribute [rw] arn
|
@@ -5967,18 +6064,17 @@ module Aws::WAFV2
|
|
5967
6064
|
# the rules that you define in the rule group.
|
5968
6065
|
#
|
5969
6066
|
# For information about customizing web requests and responses, see
|
5970
|
-
# [Customizing web requests and responses in WAF][1] in the
|
5971
|
-
# Developer Guide
|
6067
|
+
# [Customizing web requests and responses in WAF][1] in the *WAF
|
6068
|
+
# Developer Guide*.
|
5972
6069
|
#
|
5973
6070
|
# For information about the limits on count and size for custom
|
5974
|
-
# request and response settings, see [WAF quotas][
|
5975
|
-
# Developer Guide
|
6071
|
+
# request and response settings, see [WAF quotas][2] in the *WAF
|
6072
|
+
# Developer Guide*.
|
5976
6073
|
#
|
5977
6074
|
#
|
5978
6075
|
#
|
5979
6076
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
|
5980
|
-
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/
|
5981
|
-
# [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
|
6077
|
+
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
|
5982
6078
|
# @return [Hash<String,Types::CustomResponseBody>]
|
5983
6079
|
#
|
5984
6080
|
# @!attribute [rw] available_labels
|
@@ -6265,9 +6361,14 @@ module Aws::WAFV2
|
|
6265
6361
|
# statement to look for query strings that are longer than 100 bytes.
|
6266
6362
|
#
|
6267
6363
|
# If you configure WAF to inspect the request body, WAF inspects only
|
6268
|
-
# the
|
6269
|
-
#
|
6270
|
-
#
|
6364
|
+
# the number of bytes of the body up to the limit for the web ACL. By
|
6365
|
+
# default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes)
|
6366
|
+
# and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes).
|
6367
|
+
# For CloudFront web ACLs, you can increase the limit in the web ACL
|
6368
|
+
# `AssociationConfig`, for additional fees. If you know that the request
|
6369
|
+
# body for your web requests should never exceed the inspection limit,
|
6370
|
+
# you could use a size constraint statement to block requests that have
|
6371
|
+
# a larger request body size.
|
6271
6372
|
#
|
6272
6373
|
# If you choose URI for the value of Part of the request to filter on,
|
6273
6374
|
# the slash (/) in the URI counts as one character. For example, the URI
|
@@ -6389,10 +6490,14 @@ module Aws::WAFV2
|
|
6389
6490
|
# 100 bytes.
|
6390
6491
|
#
|
6391
6492
|
# If you configure WAF to inspect the request body, WAF inspects only
|
6392
|
-
# the
|
6393
|
-
#
|
6394
|
-
#
|
6395
|
-
#
|
6493
|
+
# the number of bytes of the body up to the limit for the web ACL. By
|
6494
|
+
# default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes)
|
6495
|
+
# and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes).
|
6496
|
+
# For CloudFront web ACLs, you can increase the limit in the web ACL
|
6497
|
+
# `AssociationConfig`, for additional fees. If you know that the
|
6498
|
+
# request body for your web requests should never exceed the
|
6499
|
+
# inspection limit, you could use a size constraint statement to block
|
6500
|
+
# requests that have a larger request body size.
|
6396
6501
|
#
|
6397
6502
|
# If you choose URI for the value of Part of the request to filter on,
|
6398
6503
|
# the slash (/) in the URI counts as one character. For example, the
|
@@ -6907,7 +7012,8 @@ module Aws::WAFV2
|
|
6907
7012
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
6908
7013
|
# for a regional application. A regional application can be an
|
6909
7014
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
6910
|
-
# AppSync GraphQL API,
|
7015
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
7016
|
+
# service.
|
6911
7017
|
#
|
6912
7018
|
# To work with CloudFront, you must also specify the Region US East
|
6913
7019
|
# (N. Virginia) as follows:
|
@@ -7025,7 +7131,8 @@ module Aws::WAFV2
|
|
7025
7131
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
7026
7132
|
# for a regional application. A regional application can be an
|
7027
7133
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
7028
|
-
# AppSync GraphQL API,
|
7134
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
7135
|
+
# service.
|
7029
7136
|
#
|
7030
7137
|
# To work with CloudFront, you must also specify the Region US East
|
7031
7138
|
# (N. Virginia) as follows:
|
@@ -7123,7 +7230,8 @@ module Aws::WAFV2
|
|
7123
7230
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
7124
7231
|
# for a regional application. A regional application can be an
|
7125
7232
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
7126
|
-
# AppSync GraphQL API,
|
7233
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
7234
|
+
# service.
|
7127
7235
|
#
|
7128
7236
|
# To work with CloudFront, you must also specify the Region US East
|
7129
7237
|
# (N. Virginia) as follows:
|
@@ -7195,7 +7303,8 @@ module Aws::WAFV2
|
|
7195
7303
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
7196
7304
|
# for a regional application. A regional application can be an
|
7197
7305
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
7198
|
-
# AppSync GraphQL API,
|
7306
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
7307
|
+
# service.
|
7199
7308
|
#
|
7200
7309
|
# To work with CloudFront, you must also specify the Region US East
|
7201
7310
|
# (N. Virginia) as follows:
|
@@ -7247,18 +7356,17 @@ module Aws::WAFV2
|
|
7247
7356
|
# the rules that you define in the rule group.
|
7248
7357
|
#
|
7249
7358
|
# For information about customizing web requests and responses, see
|
7250
|
-
# [Customizing web requests and responses in WAF][1] in the
|
7251
|
-
# Developer Guide
|
7359
|
+
# [Customizing web requests and responses in WAF][1] in the *WAF
|
7360
|
+
# Developer Guide*.
|
7252
7361
|
#
|
7253
7362
|
# For information about the limits on count and size for custom
|
7254
|
-
# request and response settings, see [WAF quotas][
|
7255
|
-
# Developer Guide
|
7363
|
+
# request and response settings, see [WAF quotas][2] in the *WAF
|
7364
|
+
# Developer Guide*.
|
7256
7365
|
#
|
7257
7366
|
#
|
7258
7367
|
#
|
7259
7368
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
|
7260
|
-
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/
|
7261
|
-
# [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
|
7369
|
+
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
|
7262
7370
|
# @return [Hash<String,Types::CustomResponseBody>]
|
7263
7371
|
#
|
7264
7372
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateRuleGroupRequest AWS API Documentation
|
@@ -7299,7 +7407,8 @@ module Aws::WAFV2
|
|
7299
7407
|
# Specifies whether this is for an Amazon CloudFront distribution or
|
7300
7408
|
# for a regional application. A regional application can be an
|
7301
7409
|
# Application Load Balancer (ALB), an Amazon API Gateway REST API, an
|
7302
|
-
# AppSync GraphQL API,
|
7410
|
+
# AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
|
7411
|
+
# service.
|
7303
7412
|
#
|
7304
7413
|
# To work with CloudFront, you must also specify the Region US East
|
7305
7414
|
# (N. Virginia) as follows:
|
@@ -7356,18 +7465,17 @@ module Aws::WAFV2
|
|
7356
7465
|
# rules and default actions that you define in the web ACL.
|
7357
7466
|
#
|
7358
7467
|
# For information about customizing web requests and responses, see
|
7359
|
-
# [Customizing web requests and responses in WAF][1] in the
|
7360
|
-
# Developer Guide
|
7468
|
+
# [Customizing web requests and responses in WAF][1] in the *WAF
|
7469
|
+
# Developer Guide*.
|
7361
7470
|
#
|
7362
7471
|
# For information about the limits on count and size for custom
|
7363
|
-
# request and response settings, see [WAF quotas][
|
7364
|
-
# Developer Guide
|
7472
|
+
# request and response settings, see [WAF quotas][2] in the *WAF
|
7473
|
+
# Developer Guide*.
|
7365
7474
|
#
|
7366
7475
|
#
|
7367
7476
|
#
|
7368
7477
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
|
7369
|
-
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/
|
7370
|
-
# [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
|
7478
|
+
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
|
7371
7479
|
# @return [Hash<String,Types::CustomResponseBody>]
|
7372
7480
|
#
|
7373
7481
|
# @!attribute [rw] captcha_config
|
@@ -7399,6 +7507,25 @@ module Aws::WAFV2
|
|
7399
7507
|
# `usa.gov` or `co.uk` as token domains.
|
7400
7508
|
# @return [Array<String>]
|
7401
7509
|
#
|
7510
|
+
# @!attribute [rw] association_config
|
7511
|
+
# Specifies custom configurations for the associations between the web
|
7512
|
+
# ACL and protected resources.
|
7513
|
+
#
|
7514
|
+
# Use this to customize the maximum size of the request body that your
|
7515
|
+
# protected CloudFront distributions forward to WAF for inspection.
|
7516
|
+
# The default is 16 KB (16,384 kilobytes).
|
7517
|
+
#
|
7518
|
+
# <note markdown="1"> You are charged additional fees when your protected resources
|
7519
|
+
# forward body sizes that are larger than the default. For more
|
7520
|
+
# information, see [WAF Pricing][1].
|
7521
|
+
#
|
7522
|
+
# </note>
|
7523
|
+
#
|
7524
|
+
#
|
7525
|
+
#
|
7526
|
+
# [1]: http://aws.amazon.com/waf/pricing/
|
7527
|
+
# @return [Types::AssociationConfig]
|
7528
|
+
#
|
7402
7529
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateWebACLRequest AWS API Documentation
|
7403
7530
|
#
|
7404
7531
|
class UpdateWebACLRequest < Struct.new(
|
@@ -7413,7 +7540,8 @@ module Aws::WAFV2
|
|
7413
7540
|
:custom_response_bodies,
|
7414
7541
|
:captcha_config,
|
7415
7542
|
:challenge_config,
|
7416
|
-
:token_domains
|
7543
|
+
:token_domains,
|
7544
|
+
:association_config)
|
7417
7545
|
SENSITIVE = []
|
7418
7546
|
include Aws::Structure
|
7419
7547
|
end
|
@@ -7508,7 +7636,7 @@ module Aws::WAFV2
|
|
7508
7636
|
# @!attribute [rw] cloud_watch_metrics_enabled
|
7509
7637
|
# A boolean indicating whether the associated resource sends metrics
|
7510
7638
|
# to Amazon CloudWatch. For the list of available metrics, see [WAF
|
7511
|
-
# Metrics][1]
|
7639
|
+
# Metrics][1] in the *WAF Developer Guide*.
|
7512
7640
|
#
|
7513
7641
|
#
|
7514
7642
|
#
|
@@ -7674,8 +7802,7 @@ module Aws::WAFV2
|
|
7674
7802
|
#
|
7675
7803
|
# The policy specifications must conform to the following:
|
7676
7804
|
#
|
7677
|
-
# * The policy must be composed using IAM Policy version 2012-10-17
|
7678
|
-
# version 2015-01-01.
|
7805
|
+
# * The policy must be composed using IAM Policy version 2012-10-17.
|
7679
7806
|
#
|
7680
7807
|
# * The policy must include specifications for `Effect`, `Action`, and
|
7681
7808
|
# `Principal`.
|
@@ -7880,7 +8007,7 @@ module Aws::WAFV2
|
|
7880
8007
|
# can associate a web ACL with one or more Amazon Web Services resources
|
7881
8008
|
# to protect. The resources can be an Amazon CloudFront distribution, an
|
7882
8009
|
# Amazon API Gateway REST API, an Application Load Balancer, an AppSync
|
7883
|
-
# GraphQL API,
|
8010
|
+
# GraphQL API, an Amazon Cognito user pool, or an App Runner service.
|
7884
8011
|
#
|
7885
8012
|
# @!attribute [rw] name
|
7886
8013
|
# The name of the web ACL. You cannot change the name of a web ACL
|
@@ -7929,8 +8056,13 @@ module Aws::WAFV2
|
|
7929
8056
|
# relative cost of each rule. Simple rules that cost little to run use
|
7930
8057
|
# fewer WCUs than more complex rules that use more processing power.
|
7931
8058
|
# Rule group capacity is fixed at creation, which helps users plan
|
7932
|
-
# their web ACL WCU usage when they use a rule group.
|
7933
|
-
#
|
8059
|
+
# their web ACL WCU usage when they use a rule group. For more
|
8060
|
+
# information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
|
8061
|
+
# Developer Guide*.
|
8062
|
+
#
|
8063
|
+
#
|
8064
|
+
#
|
8065
|
+
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
|
7934
8066
|
# @return [Integer]
|
7935
8067
|
#
|
7936
8068
|
# @!attribute [rw] pre_process_firewall_manager_rule_groups
|
@@ -7989,18 +8121,17 @@ module Aws::WAFV2
|
|
7989
8121
|
# rules and default actions that you define in the web ACL.
|
7990
8122
|
#
|
7991
8123
|
# For information about customizing web requests and responses, see
|
7992
|
-
# [Customizing web requests and responses in WAF][1] in the
|
7993
|
-
# Developer Guide
|
8124
|
+
# [Customizing web requests and responses in WAF][1] in the *WAF
|
8125
|
+
# Developer Guide*.
|
7994
8126
|
#
|
7995
8127
|
# For information about the limits on count and size for custom
|
7996
|
-
# request and response settings, see [WAF quotas][
|
7997
|
-
# Developer Guide
|
8128
|
+
# request and response settings, see [WAF quotas][2] in the *WAF
|
8129
|
+
# Developer Guide*.
|
7998
8130
|
#
|
7999
8131
|
#
|
8000
8132
|
#
|
8001
8133
|
# [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
|
8002
|
-
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/
|
8003
|
-
# [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
|
8134
|
+
# [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
|
8004
8135
|
# @return [Hash<String,Types::CustomResponseBody>]
|
8005
8136
|
#
|
8006
8137
|
# @!attribute [rw] captcha_config
|
@@ -8026,6 +8157,25 @@ module Aws::WAFV2
|
|
8026
8157
|
# domain list, including their prefixed subdomains.
|
8027
8158
|
# @return [Array<String>]
|
8028
8159
|
#
|
8160
|
+
# @!attribute [rw] association_config
|
8161
|
+
# Specifies custom configurations for the associations between the web
|
8162
|
+
# ACL and protected resources.
|
8163
|
+
#
|
8164
|
+
# Use this to customize the maximum size of the request body that your
|
8165
|
+
# protected CloudFront distributions forward to WAF for inspection.
|
8166
|
+
# The default is 16 KB (16,384 kilobytes).
|
8167
|
+
#
|
8168
|
+
# <note markdown="1"> You are charged additional fees when your protected resources
|
8169
|
+
# forward body sizes that are larger than the default. For more
|
8170
|
+
# information, see [WAF Pricing][1].
|
8171
|
+
#
|
8172
|
+
# </note>
|
8173
|
+
#
|
8174
|
+
#
|
8175
|
+
#
|
8176
|
+
# [1]: http://aws.amazon.com/waf/pricing/
|
8177
|
+
# @return [Types::AssociationConfig]
|
8178
|
+
#
|
8029
8179
|
# @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WebACL AWS API Documentation
|
8030
8180
|
#
|
8031
8181
|
class WebACL < Struct.new(
|
@@ -8044,7 +8194,8 @@ module Aws::WAFV2
|
|
8044
8194
|
:custom_response_bodies,
|
8045
8195
|
:captcha_config,
|
8046
8196
|
:challenge_config,
|
8047
|
-
:token_domains
|
8197
|
+
:token_domains,
|
8198
|
+
:association_config)
|
8048
8199
|
SENSITIVE = []
|
8049
8200
|
include Aws::Structure
|
8050
8201
|
end
|