aws-sdk-wafv2 1.5.0 → 1.10.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/lib/aws-sdk-wafv2.rb +3 -1
  3. data/lib/aws-sdk-wafv2/client.rb +128 -16
  4. data/lib/aws-sdk-wafv2/client_api.rb +21 -0
  5. data/lib/aws-sdk-wafv2/errors.rb +2 -0
  6. data/lib/aws-sdk-wafv2/resource.rb +2 -0
  7. data/lib/aws-sdk-wafv2/types.rb +616 -47
  8. metadata +4 -4
data/lib/aws-sdk-wafv2/errors.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
data/lib/aws-sdk-wafv2/resource.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
data/lib/aws-sdk-wafv2/types.rb CHANGED
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # WARNING ABOUT GENERATED CODE
2
4
  #
3
5
  # This file is generated. See the contributing guide for more information:
@@ -183,6 +185,10 @@ module Aws::WAFV2
183
185
  # },
184
186
  # geo_match_statement: {
185
187
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
188
+ # forwarded_ip_config: {
189
+ # header_name: "ForwardedIPHeaderName", # required
190
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
191
+ # },
186
192
  # },
187
193
  # rule_group_reference_statement: {
188
194
  # arn: "ResourceArn", # required
@@ -194,6 +200,11 @@ module Aws::WAFV2
194
200
  # },
195
201
  # ip_set_reference_statement: {
196
202
  # arn: "ResourceArn", # required
203
+ # ip_set_forwarded_ip_config: {
204
+ # header_name: "ForwardedIPHeaderName", # required
205
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
206
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
207
+ # },
197
208
  # },
198
209
  # regex_pattern_set_reference_statement: {
199
210
  # arn: "ResourceArn", # required
@@ -224,10 +235,14 @@ module Aws::WAFV2
224
235
  # },
225
236
  # rate_based_statement: {
226
237
  # limit: 1, # required
227
- # aggregate_key_type: "IP", # required, accepts IP
238
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
228
239
  # scope_down_statement: {
229
240
  # # recursive Statement
230
241
  # },
242
+ # forwarded_ip_config: {
243
+ # header_name: "ForwardedIPHeaderName", # required
244
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
245
+ # },
231
246
  # },
232
247
  # and_statement: {
233
248
  # statements: { # required
@@ -266,6 +281,7 @@ module Aws::WAFV2
266
281
  #
267
282
  class AndStatement < Struct.new(
268
283
  :statements)
284
+ SENSITIVE = []
269
285
  include Aws::Structure
270
286
  end
271
287
 
@@ -301,6 +317,7 @@ module Aws::WAFV2
301
317
  class AssociateWebACLRequest < Struct.new(
302
318
  :web_acl_arn,
303
319
  :resource_arn)
320
+ SENSITIVE = []
304
321
  include Aws::Structure
305
322
  end
306
323
 
@@ -501,6 +518,7 @@ module Aws::WAFV2
501
518
  :field_to_match,
502
519
  :text_transformations,
503
520
  :positional_constraint)
521
+ SENSITIVE = []
504
522
  include Aws::Structure
505
523
  end
506
524
 
@@ -624,6 +642,10 @@ module Aws::WAFV2
624
642
  # },
625
643
  # geo_match_statement: {
626
644
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
645
+ # forwarded_ip_config: {
646
+ # header_name: "ForwardedIPHeaderName", # required
647
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
648
+ # },
627
649
  # },
628
650
  # rule_group_reference_statement: {
629
651
  # arn: "ResourceArn", # required
@@ -635,6 +657,11 @@ module Aws::WAFV2
635
657
  # },
636
658
  # ip_set_reference_statement: {
637
659
  # arn: "ResourceArn", # required
660
+ # ip_set_forwarded_ip_config: {
661
+ # header_name: "ForwardedIPHeaderName", # required
662
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
663
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
664
+ # },
638
665
  # },
639
666
  # regex_pattern_set_reference_statement: {
640
667
  # arn: "ResourceArn", # required
@@ -665,10 +692,14 @@ module Aws::WAFV2
665
692
  # },
666
693
  # rate_based_statement: {
667
694
  # limit: 1, # required
668
- # aggregate_key_type: "IP", # required, accepts IP
695
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
669
696
  # scope_down_statement: {
670
697
  # # recursive Statement
671
698
  # },
699
+ # forwarded_ip_config: {
700
+ # header_name: "ForwardedIPHeaderName", # required
701
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
702
+ # },
672
703
  # },
673
704
  # and_statement: {
674
705
  # statements: [ # required
@@ -746,6 +777,7 @@ module Aws::WAFV2
746
777
  class CheckCapacityRequest < Struct.new(
747
778
  :scope,
748
779
  :rules)
780
+ SENSITIVE = []
749
781
  include Aws::Structure
750
782
  end
751
783
 
@@ -757,6 +789,7 @@ module Aws::WAFV2
757
789
  #
758
790
  class CheckCapacityResponse < Struct.new(
759
791
  :capacity)
792
+ SENSITIVE = []
760
793
  include Aws::Structure
761
794
  end
762
795
 
@@ -875,6 +908,7 @@ module Aws::WAFV2
875
908
  :ip_address_version,
876
909
  :addresses,
877
910
  :tags)
911
+ SENSITIVE = []
878
912
  include Aws::Structure
879
913
  end
880
914
 
@@ -889,6 +923,7 @@ module Aws::WAFV2
889
923
  #
890
924
  class CreateIPSetResponse < Struct.new(
891
925
  :summary)
926
+ SENSITIVE = []
892
927
  include Aws::Structure
893
928
  end
894
929
 
@@ -952,6 +987,7 @@ module Aws::WAFV2
952
987
  :description,
953
988
  :regular_expression_list,
954
989
  :tags)
990
+ SENSITIVE = []
955
991
  include Aws::Structure
956
992
  end
957
993
 
@@ -967,6 +1003,7 @@ module Aws::WAFV2
967
1003
  #
968
1004
  class CreateRegexPatternSetResponse < Struct.new(
969
1005
  :summary)
1006
+ SENSITIVE = []
970
1007
  include Aws::Structure
971
1008
  end
972
1009
 
@@ -1093,6 +1130,10 @@ module Aws::WAFV2
1093
1130
  # },
1094
1131
  # geo_match_statement: {
1095
1132
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
1133
+ # forwarded_ip_config: {
1134
+ # header_name: "ForwardedIPHeaderName", # required
1135
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
1136
+ # },
1096
1137
  # },
1097
1138
  # rule_group_reference_statement: {
1098
1139
  # arn: "ResourceArn", # required
@@ -1104,6 +1145,11 @@ module Aws::WAFV2
1104
1145
  # },
1105
1146
  # ip_set_reference_statement: {
1106
1147
  # arn: "ResourceArn", # required
1148
+ # ip_set_forwarded_ip_config: {
1149
+ # header_name: "ForwardedIPHeaderName", # required
1150
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
1151
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
1152
+ # },
1107
1153
  # },
1108
1154
  # regex_pattern_set_reference_statement: {
1109
1155
  # arn: "ResourceArn", # required
@@ -1134,10 +1180,14 @@ module Aws::WAFV2
1134
1180
  # },
1135
1181
  # rate_based_statement: {
1136
1182
  # limit: 1, # required
1137
- # aggregate_key_type: "IP", # required, accepts IP
1183
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
1138
1184
  # scope_down_statement: {
1139
1185
  # # recursive Statement
1140
1186
  # },
1187
+ # forwarded_ip_config: {
1188
+ # header_name: "ForwardedIPHeaderName", # required
1189
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
1190
+ # },
1141
1191
  # },
1142
1192
  # and_statement: {
1143
1193
  # statements: [ # required
@@ -1270,6 +1320,7 @@ module Aws::WAFV2
1270
1320
  :rules,
1271
1321
  :visibility_config,
1272
1322
  :tags)
1323
+ SENSITIVE = []
1273
1324
  include Aws::Structure
1274
1325
  end
1275
1326
 
@@ -1285,6 +1336,7 @@ module Aws::WAFV2
1285
1336
  #
1286
1337
  class CreateRuleGroupResponse < Struct.new(
1287
1338
  :summary)
1339
+ SENSITIVE = []
1288
1340
  include Aws::Structure
1289
1341
  end
1290
1342
 
@@ -1416,6 +1468,10 @@ module Aws::WAFV2
1416
1468
  # },
1417
1469
  # geo_match_statement: {
1418
1470
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
1471
+ # forwarded_ip_config: {
1472
+ # header_name: "ForwardedIPHeaderName", # required
1473
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
1474
+ # },
1419
1475
  # },
1420
1476
  # rule_group_reference_statement: {
1421
1477
  # arn: "ResourceArn", # required
@@ -1427,6 +1483,11 @@ module Aws::WAFV2
1427
1483
  # },
1428
1484
  # ip_set_reference_statement: {
1429
1485
  # arn: "ResourceArn", # required
1486
+ # ip_set_forwarded_ip_config: {
1487
+ # header_name: "ForwardedIPHeaderName", # required
1488
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
1489
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
1490
+ # },
1430
1491
  # },
1431
1492
  # regex_pattern_set_reference_statement: {
1432
1493
  # arn: "ResourceArn", # required
@@ -1457,10 +1518,14 @@ module Aws::WAFV2
1457
1518
  # },
1458
1519
  # rate_based_statement: {
1459
1520
  # limit: 1, # required
1460
- # aggregate_key_type: "IP", # required, accepts IP
1521
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
1461
1522
  # scope_down_statement: {
1462
1523
  # # recursive Statement
1463
1524
  # },
1525
+ # forwarded_ip_config: {
1526
+ # header_name: "ForwardedIPHeaderName", # required
1527
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
1528
+ # },
1464
1529
  # },
1465
1530
  # and_statement: {
1466
1531
  # statements: [ # required
@@ -1580,6 +1645,7 @@ module Aws::WAFV2
1580
1645
  :rules,
1581
1646
  :visibility_config,
1582
1647
  :tags)
1648
+ SENSITIVE = []
1583
1649
  include Aws::Structure
1584
1650
  end
1585
1651
 
@@ -1594,6 +1660,7 @@ module Aws::WAFV2
1594
1660
  #
1595
1661
  class CreateWebACLResponse < Struct.new(
1596
1662
  :summary)
1663
+ SENSITIVE = []
1597
1664
  include Aws::Structure
1598
1665
  end
1599
1666
 
@@ -1635,6 +1702,7 @@ module Aws::WAFV2
1635
1702
  class DefaultAction < Struct.new(
1636
1703
  :block,
1637
1704
  :allow)
1705
+ SENSITIVE = []
1638
1706
  include Aws::Structure
1639
1707
  end
1640
1708
 
@@ -1667,6 +1735,7 @@ module Aws::WAFV2
1667
1735
  class DeleteFirewallManagerRuleGroupsRequest < Struct.new(
1668
1736
  :web_acl_arn,
1669
1737
  :web_acl_lock_token)
1738
+ SENSITIVE = []
1670
1739
  include Aws::Structure
1671
1740
  end
1672
1741
 
@@ -1686,6 +1755,7 @@ module Aws::WAFV2
1686
1755
  #
1687
1756
  class DeleteFirewallManagerRuleGroupsResponse < Struct.new(
1688
1757
  :next_web_acl_lock_token)
1758
+ SENSITIVE = []
1689
1759
  include Aws::Structure
1690
1760
  end
1691
1761
 
@@ -1743,6 +1813,7 @@ module Aws::WAFV2
1743
1813
  :scope,
1744
1814
  :id,
1745
1815
  :lock_token)
1816
+ SENSITIVE = []
1746
1817
  include Aws::Structure
1747
1818
  end
1748
1819
 
@@ -1766,6 +1837,7 @@ module Aws::WAFV2
1766
1837
  #
1767
1838
  class DeleteLoggingConfigurationRequest < Struct.new(
1768
1839
  :resource_arn)
1840
+ SENSITIVE = []
1769
1841
  include Aws::Structure
1770
1842
  end
1771
1843
 
@@ -1791,6 +1863,7 @@ module Aws::WAFV2
1791
1863
  #
1792
1864
  class DeletePermissionPolicyRequest < Struct.new(
1793
1865
  :resource_arn)
1866
+ SENSITIVE = []
1794
1867
  include Aws::Structure
1795
1868
  end
1796
1869
 
@@ -1852,6 +1925,7 @@ module Aws::WAFV2
1852
1925
  :scope,
1853
1926
  :id,
1854
1927
  :lock_token)
1928
+ SENSITIVE = []
1855
1929
  include Aws::Structure
1856
1930
  end
1857
1931
 
@@ -1913,6 +1987,7 @@ module Aws::WAFV2
1913
1987
  :scope,
1914
1988
  :id,
1915
1989
  :lock_token)
1990
+ SENSITIVE = []
1916
1991
  include Aws::Structure
1917
1992
  end
1918
1993
 
@@ -1974,6 +2049,7 @@ module Aws::WAFV2
1974
2049
  :scope,
1975
2050
  :id,
1976
2051
  :lock_token)
2052
+ SENSITIVE = []
1977
2053
  include Aws::Structure
1978
2054
  end
1979
2055
 
@@ -2020,6 +2096,7 @@ module Aws::WAFV2
2020
2096
  :vendor_name,
2021
2097
  :name,
2022
2098
  :scope)
2099
+ SENSITIVE = []
2023
2100
  include Aws::Structure
2024
2101
  end
2025
2102
 
@@ -2041,6 +2118,7 @@ module Aws::WAFV2
2041
2118
  class DescribeManagedRuleGroupResponse < Struct.new(
2042
2119
  :capacity,
2043
2120
  :rules)
2121
+ SENSITIVE = []
2044
2122
  include Aws::Structure
2045
2123
  end
2046
2124
 
@@ -2069,6 +2147,7 @@ module Aws::WAFV2
2069
2147
  #
2070
2148
  class DisassociateWebACLRequest < Struct.new(
2071
2149
  :resource_arn)
2150
+ SENSITIVE = []
2072
2151
  include Aws::Structure
2073
2152
  end
2074
2153
 
@@ -2107,6 +2186,7 @@ module Aws::WAFV2
2107
2186
  #
2108
2187
  class ExcludedRule < Struct.new(
2109
2188
  :name)
2189
+ SENSITIVE = []
2110
2190
  include Aws::Structure
2111
2191
  end
2112
2192
 
@@ -2211,6 +2291,7 @@ module Aws::WAFV2
2211
2291
  :query_string,
2212
2292
  :body,
2213
2293
  :method)
2294
+ SENSITIVE = []
2214
2295
  include Aws::Structure
2215
2296
  end
2216
2297
 
@@ -2278,6 +2359,7 @@ module Aws::WAFV2
2278
2359
  :firewall_manager_statement,
2279
2360
  :override_action,
2280
2361
  :visibility_config)
2362
+ SENSITIVE = []
2281
2363
  include Aws::Structure
2282
2364
  end
2283
2365
 
@@ -2333,6 +2415,70 @@ module Aws::WAFV2
2333
2415
  class FirewallManagerStatement < Struct.new(
2334
2416
  :managed_rule_group_statement,
2335
2417
  :rule_group_reference_statement)
2418
+ SENSITIVE = []
2419
+ include Aws::Structure
2420
+ end
2421
+
2422
+ # The configuration for inspecting IP addresses in an HTTP header that
2423
+ # you specify, instead of using the IP address that's reported by the
2424
+ # web request origin. Commonly, this is the X-Forwarded-For (XFF)
2425
+ # header, but you can specify any header name.
2426
+ #
2427
+ # <note markdown="1"> If the specified header isn't present in the request, AWS WAF
2428
+ # doesn't apply the rule to the web request at all.
2429
+ #
2430
+ # </note>
2431
+ #
2432
+ # This configuration is used for GeoMatchStatement and
2433
+ # RateBasedStatement. For IPSetReferenceStatement, use
2434
+ # IPSetForwardedIPConfig instead.
2435
+ #
2436
+ # AWS WAF only evaluates the first IP address found in the specified
2437
+ # HTTP header.
2438
+ #
2439
+ # @note When making an API call, you may pass ForwardedIPConfig
2440
+ # data as a hash:
2441
+ #
2442
+ # {
2443
+ # header_name: "ForwardedIPHeaderName", # required
2444
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
2445
+ # }
2446
+ #
2447
+ # @!attribute [rw] header_name
2448
+ # The name of the HTTP header to use for the IP address. For example,
2449
+ # to use the X-Forwarded-For (XFF) header, set this to
2450
+ # `X-Forwarded-For`.
2451
+ #
2452
+ # <note markdown="1"> If the specified header isn't present in the request, AWS WAF
2453
+ # doesn't apply the rule to the web request at all.
2454
+ #
2455
+ # </note>
2456
+ # @return [String]
2457
+ #
2458
+ # @!attribute [rw] fallback_behavior
2459
+ # The match status to assign to the web request if the request
2460
+ # doesn't have a valid IP address in the specified position.
2461
+ #
2462
+ # <note markdown="1"> If the specified header isn't present in the request, AWS WAF
2463
+ # doesn't apply the rule to the web request at all.
2464
+ #
2465
+ # </note>
2466
+ #
2467
+ # You can specify the following fallback behaviors:
2468
+ #
2469
+ # * MATCH - Treat the web request as matching the rule statement. AWS
2470
+ # WAF applies the rule action to the request.
2471
+ #
2472
+ # * NO\_MATCH - Treat the web request as not matching the rule
2473
+ # statement.
2474
+ # @return [String]
2475
+ #
2476
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ForwardedIPConfig AWS API Documentation
2477
+ #
2478
+ class ForwardedIPConfig < Struct.new(
2479
+ :header_name,
2480
+ :fallback_behavior)
2481
+ SENSITIVE = []
2336
2482
  include Aws::Structure
2337
2483
  end
2338
2484
 
@@ -2355,6 +2501,10 @@ module Aws::WAFV2
2355
2501
  #
2356
2502
  # {
2357
2503
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
2504
+ # forwarded_ip_config: {
2505
+ # header_name: "ForwardedIPHeaderName", # required
2506
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
2507
+ # },
2358
2508
  # }
2359
2509
  #
2360
2510
  # @!attribute [rw] country_codes
@@ -2363,10 +2513,24 @@ module Aws::WAFV2
2363
2513
  # standard.
2364
2514
  # @return [Array<String>]
2365
2515
  #
2516
+ # @!attribute [rw] forwarded_ip_config
2517
+ # The configuration for inspecting IP addresses in an HTTP header that
2518
+ # you specify, instead of using the IP address that's reported by the
2519
+ # web request origin. Commonly, this is the X-Forwarded-For (XFF)
2520
+ # header, but you can specify any header name.
2521
+ #
2522
+ # <note markdown="1"> If the specified header isn't present in the request, AWS WAF
2523
+ # doesn't apply the rule to the web request at all.
2524
+ #
2525
+ # </note>
2526
+ # @return [Types::ForwardedIPConfig]
2527
+ #
2366
2528
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GeoMatchStatement AWS API Documentation
2367
2529
  #
2368
2530
  class GeoMatchStatement < Struct.new(
2369
- :country_codes)
2531
+ :country_codes,
2532
+ :forwarded_ip_config)
2533
+ SENSITIVE = []
2370
2534
  include Aws::Structure
2371
2535
  end
2372
2536
 
@@ -2410,6 +2574,7 @@ module Aws::WAFV2
2410
2574
  :name,
2411
2575
  :scope,
2412
2576
  :id)
2577
+ SENSITIVE = []
2413
2578
  include Aws::Structure
2414
2579
  end
2415
2580
 
@@ -2433,6 +2598,7 @@ module Aws::WAFV2
2433
2598
  class GetIPSetResponse < Struct.new(
2434
2599
  :ip_set,
2435
2600
  :lock_token)
2601
+ SENSITIVE = []
2436
2602
  include Aws::Structure
2437
2603
  end
2438
2604
 
@@ -2452,6 +2618,7 @@ module Aws::WAFV2
2452
2618
  #
2453
2619
  class GetLoggingConfigurationRequest < Struct.new(
2454
2620
  :resource_arn)
2621
+ SENSITIVE = []
2455
2622
  include Aws::Structure
2456
2623
  end
2457
2624
 
@@ -2463,6 +2630,7 @@ module Aws::WAFV2
2463
2630
  #
2464
2631
  class GetLoggingConfigurationResponse < Struct.new(
2465
2632
  :logging_configuration)
2633
+ SENSITIVE = []
2466
2634
  include Aws::Structure
2467
2635
  end
2468
2636
 
@@ -2482,6 +2650,7 @@ module Aws::WAFV2
2482
2650
  #
2483
2651
  class GetPermissionPolicyRequest < Struct.new(
2484
2652
  :resource_arn)
2653
+ SENSITIVE = []
2485
2654
  include Aws::Structure
2486
2655
  end
2487
2656
 
@@ -2493,6 +2662,7 @@ module Aws::WAFV2
2493
2662
  #
2494
2663
  class GetPermissionPolicyResponse < Struct.new(
2495
2664
  :policy)
2665
+ SENSITIVE = []
2496
2666
  include Aws::Structure
2497
2667
  end
2498
2668
 
@@ -2542,6 +2712,7 @@ module Aws::WAFV2
2542
2712
  :web_acl_name,
2543
2713
  :web_acl_id,
2544
2714
  :rule_name)
2715
+ SENSITIVE = []
2545
2716
  include Aws::Structure
2546
2717
  end
2547
2718
 
@@ -2558,6 +2729,7 @@ module Aws::WAFV2
2558
2729
  class GetRateBasedStatementManagedKeysResponse < Struct.new(
2559
2730
  :managed_keys_ipv4,
2560
2731
  :managed_keys_ipv6)
2732
+ SENSITIVE = []
2561
2733
  include Aws::Structure
2562
2734
  end
2563
2735
 
@@ -2601,6 +2773,7 @@ module Aws::WAFV2
2601
2773
  :name,
2602
2774
  :scope,
2603
2775
  :id)
2776
+ SENSITIVE = []
2604
2777
  include Aws::Structure
2605
2778
  end
2606
2779
 
@@ -2624,6 +2797,7 @@ module Aws::WAFV2
2624
2797
  class GetRegexPatternSetResponse < Struct.new(
2625
2798
  :regex_pattern_set,
2626
2799
  :lock_token)
2800
+ SENSITIVE = []
2627
2801
  include Aws::Structure
2628
2802
  end
2629
2803
 
@@ -2667,6 +2841,7 @@ module Aws::WAFV2
2667
2841
  :name,
2668
2842
  :scope,
2669
2843
  :id)
2844
+ SENSITIVE = []
2670
2845
  include Aws::Structure
2671
2846
  end
2672
2847
 
@@ -2690,6 +2865,7 @@ module Aws::WAFV2
2690
2865
  class GetRuleGroupResponse < Struct.new(
2691
2866
  :rule_group,
2692
2867
  :lock_token)
2868
+ SENSITIVE = []
2693
2869
  include Aws::Structure
2694
2870
  end
2695
2871
 
@@ -2734,9 +2910,10 @@ module Aws::WAFV2
2734
2910
  # @!attribute [rw] time_window
2735
2911
  # The start date and time and the end date and time of the range for
2736
2912
  # which you want `GetSampledRequests` to return a sample of requests.
2737
- # Specify the date and time in the following format:
2738
- # `"2016-09-27T14:50Z"`. You can specify any time range in the
2739
- # previous three hours.
2913
+ # You must specify the times in Coordinated Universal Time (UTC)
2914
+ # format. UTC format includes the special designator, `Z`. For
2915
+ # example, `"2016-09-27T14:50Z"`. You can specify any time range in
2916
+ # the previous three hours.
2740
2917
  # @return [Types::TimeWindow]
2741
2918
  #
2742
2919
  # @!attribute [rw] max_items
@@ -2755,6 +2932,7 @@ module Aws::WAFV2
2755
2932
  :scope,
2756
2933
  :time_window,
2757
2934
  :max_items)
2935
+ SENSITIVE = []
2758
2936
  include Aws::Structure
2759
2937
  end
2760
2938
 
@@ -2775,7 +2953,8 @@ module Aws::WAFV2
2775
2953
  # `GetSampledRequests` request. However, if your AWS resource received
2776
2954
  # more than 5,000 requests during the time range that you specified in
2777
2955
  # the request, `GetSampledRequests` returns the time range for the
2778
- # first 5,000 requests.
2956
+ # first 5,000 requests. Times are in Coordinated Universal Time (UTC)
2957
+ # format.
2779
2958
  # @return [Types::TimeWindow]
2780
2959
  #
2781
2960
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetSampledRequestsResponse AWS API Documentation
@@ -2784,6 +2963,7 @@ module Aws::WAFV2
2784
2963
  :sampled_requests,
2785
2964
  :population_size,
2786
2965
  :time_window)
2966
+ SENSITIVE = []
2787
2967
  include Aws::Structure
2788
2968
  end
2789
2969
 
@@ -2802,6 +2982,7 @@ module Aws::WAFV2
2802
2982
  #
2803
2983
  class GetWebACLForResourceRequest < Struct.new(
2804
2984
  :resource_arn)
2985
+ SENSITIVE = []
2805
2986
  include Aws::Structure
2806
2987
  end
2807
2988
 
@@ -2814,6 +2995,7 @@ module Aws::WAFV2
2814
2995
  #
2815
2996
  class GetWebACLForResourceResponse < Struct.new(
2816
2997
  :web_acl)
2998
+ SENSITIVE = []
2817
2999
  include Aws::Structure
2818
3000
  end
2819
3001
 
@@ -2857,6 +3039,7 @@ module Aws::WAFV2
2857
3039
  :name,
2858
3040
  :scope,
2859
3041
  :id)
3042
+ SENSITIVE = []
2860
3043
  include Aws::Structure
2861
3044
  end
2862
3045
 
@@ -2882,6 +3065,7 @@ module Aws::WAFV2
2882
3065
  class GetWebACLResponse < Struct.new(
2883
3066
  :web_acl,
2884
3067
  :lock_token)
3068
+ SENSITIVE = []
2885
3069
  include Aws::Structure
2886
3070
  end
2887
3071
 
@@ -2914,6 +3098,7 @@ module Aws::WAFV2
2914
3098
  class HTTPHeader < Struct.new(
2915
3099
  :name,
2916
3100
  :value)
3101
+ SENSITIVE = []
2917
3102
  include Aws::Structure
2918
3103
  end
2919
3104
 
@@ -2982,6 +3167,7 @@ module Aws::WAFV2
2982
3167
  :method,
2983
3168
  :http_version,
2984
3169
  :headers)
3170
+ SENSITIVE = []
2985
3171
  include Aws::Structure
2986
3172
  end
2987
3173
 
@@ -3074,6 +3260,89 @@ module Aws::WAFV2
3074
3260
  :description,
3075
3261
  :ip_address_version,
3076
3262
  :addresses)
3263
+ SENSITIVE = []
3264
+ include Aws::Structure
3265
+ end
3266
+
3267
+ # The configuration for inspecting IP addresses in an HTTP header that
3268
+ # you specify, instead of using the IP address that's reported by the
3269
+ # web request origin. Commonly, this is the X-Forwarded-For (XFF)
3270
+ # header, but you can specify any header name.
3271
+ #
3272
+ # <note markdown="1"> If the specified header isn't present in the request, AWS WAF
3273
+ # doesn't apply the rule to the web request at all.
3274
+ #
3275
+ # </note>
3276
+ #
3277
+ # This configuration is used only for IPSetReferenceStatement. For
3278
+ # GeoMatchStatement and RateBasedStatement, use ForwardedIPConfig
3279
+ # instead.
3280
+ #
3281
+ # @note When making an API call, you may pass IPSetForwardedIPConfig
3282
+ # data as a hash:
3283
+ #
3284
+ # {
3285
+ # header_name: "ForwardedIPHeaderName", # required
3286
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
3287
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
3288
+ # }
3289
+ #
3290
+ # @!attribute [rw] header_name
3291
+ # The name of the HTTP header to use for the IP address. For example,
3292
+ # to use the X-Forwarded-For (XFF) header, set this to
3293
+ # `X-Forwarded-For`.
3294
+ #
3295
+ # <note markdown="1"> If the specified header isn't present in the request, AWS WAF
3296
+ # doesn't apply the rule to the web request at all.
3297
+ #
3298
+ # </note>
3299
+ # @return [String]
3300
+ #
3301
+ # @!attribute [rw] fallback_behavior
3302
+ # The match status to assign to the web request if the request
3303
+ # doesn't have a valid IP address in the specified position.
3304
+ #
3305
+ # <note markdown="1"> If the specified header isn't present in the request, AWS WAF
3306
+ # doesn't apply the rule to the web request at all.
3307
+ #
3308
+ # </note>
3309
+ #
3310
+ # You can specify the following fallback behaviors:
3311
+ #
3312
+ # * MATCH - Treat the web request as matching the rule statement. AWS
3313
+ # WAF applies the rule action to the request.
3314
+ #
3315
+ # * NO\_MATCH - Treat the web request as not matching the rule
3316
+ # statement.
3317
+ # @return [String]
3318
+ #
3319
+ # @!attribute [rw] position
3320
+ # The position in the header to search for the IP address. The header
3321
+ # can contain IP addresses of the original client and also of proxies.
3322
+ # For example, the header value could be `10.1.1.1, 127.0.0.0,
3323
+ # 10.10.10.10` where the first IP address identifies the original
3324
+ # client and the rest identify proxies that the request went through.
3325
+ #
3326
+ # The options for this setting are the following:
3327
+ #
3328
+ # * FIRST - Inspect the first IP address in the list of IP addresses
3329
+ # in the header. This is usually the client's original IP.
3330
+ #
3331
+ # * LAST - Inspect the last IP address in the list of IP addresses in
3332
+ # the header.
3333
+ #
3334
+ # * ANY - Inspect all IP addresses in the header for a match. If the
3335
+ # header contains more than 10 IP addresses, AWS WAF inspects the
3336
+ # last 10.
3337
+ # @return [String]
3338
+ #
3339
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/IPSetForwardedIPConfig AWS API Documentation
3340
+ #
3341
+ class IPSetForwardedIPConfig < Struct.new(
3342
+ :header_name,
3343
+ :fallback_behavior,
3344
+ :position)
3345
+ SENSITIVE = []
3077
3346
  include Aws::Structure
3078
3347
  end
3079
3348
 
@@ -3103,6 +3372,11 @@ module Aws::WAFV2
3103
3372
  #
3104
3373
  # {
3105
3374
  # arn: "ResourceArn", # required
3375
+ # ip_set_forwarded_ip_config: {
3376
+ # header_name: "ForwardedIPHeaderName", # required
3377
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
3378
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
3379
+ # },
3106
3380
  # }
3107
3381
  #
3108
3382
  # @!attribute [rw] arn
@@ -3110,10 +3384,24 @@ module Aws::WAFV2
3110
3384
  # references.
3111
3385
  # @return [String]
3112
3386
  #
3387
+ # @!attribute [rw] ip_set_forwarded_ip_config
3388
+ # The configuration for inspecting IP addresses in an HTTP header that
3389
+ # you specify, instead of using the IP address that's reported by the
3390
+ # web request origin. Commonly, this is the X-Forwarded-For (XFF)
3391
+ # header, but you can specify any header name.
3392
+ #
3393
+ # <note markdown="1"> If the specified header isn't present in the request, AWS WAF
3394
+ # doesn't apply the rule to the web request at all.
3395
+ #
3396
+ # </note>
3397
+ # @return [Types::IPSetForwardedIPConfig]
3398
+ #
3113
3399
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/IPSetReferenceStatement AWS API Documentation
3114
3400
  #
3115
3401
  class IPSetReferenceStatement < Struct.new(
3116
- :arn)
3402
+ :arn,
3403
+ :ip_set_forwarded_ip_config)
3404
+ SENSITIVE = []
3117
3405
  include Aws::Structure
3118
3406
  end
3119
3407
 
@@ -3173,6 +3461,7 @@ module Aws::WAFV2
3173
3461
  :description,
3174
3462
  :lock_token,
3175
3463
  :arn)
3464
+ SENSITIVE = []
3176
3465
  include Aws::Structure
3177
3466
  end
3178
3467
 
@@ -3220,6 +3509,7 @@ module Aws::WAFV2
3220
3509
  :scope,
3221
3510
  :next_marker,
3222
3511
  :limit)
3512
+ SENSITIVE = []
3223
3513
  include Aws::Structure
3224
3514
  end
3225
3515
 
@@ -3239,6 +3529,7 @@ module Aws::WAFV2
3239
3529
  class ListAvailableManagedRuleGroupsResponse < Struct.new(
3240
3530
  :next_marker,
3241
3531
  :managed_rule_groups)
3532
+ SENSITIVE = []
3242
3533
  include Aws::Structure
3243
3534
  end
3244
3535
 
@@ -3286,6 +3577,7 @@ module Aws::WAFV2
3286
3577
  :scope,
3287
3578
  :next_marker,
3288
3579
  :limit)
3580
+ SENSITIVE = []
3289
3581
  include Aws::Structure
3290
3582
  end
3291
3583
 
@@ -3307,6 +3599,7 @@ module Aws::WAFV2
3307
3599
  class ListIPSetsResponse < Struct.new(
3308
3600
  :next_marker,
3309
3601
  :ip_sets)
3602
+ SENSITIVE = []
3310
3603
  include Aws::Structure
3311
3604
  end
3312
3605
 
@@ -3354,6 +3647,7 @@ module Aws::WAFV2
3354
3647
  :scope,
3355
3648
  :next_marker,
3356
3649
  :limit)
3650
+ SENSITIVE = []
3357
3651
  include Aws::Structure
3358
3652
  end
3359
3653
 
@@ -3373,6 +3667,7 @@ module Aws::WAFV2
3373
3667
  class ListLoggingConfigurationsResponse < Struct.new(
3374
3668
  :logging_configurations,
3375
3669
  :next_marker)
3670
+ SENSITIVE = []
3376
3671
  include Aws::Structure
3377
3672
  end
3378
3673
 
@@ -3420,6 +3715,7 @@ module Aws::WAFV2
3420
3715
  :scope,
3421
3716
  :next_marker,
3422
3717
  :limit)
3718
+ SENSITIVE = []
3423
3719
  include Aws::Structure
3424
3720
  end
3425
3721
 
@@ -3439,6 +3735,7 @@ module Aws::WAFV2
3439
3735
  class ListRegexPatternSetsResponse < Struct.new(
3440
3736
  :next_marker,
3441
3737
  :regex_pattern_sets)
3738
+ SENSITIVE = []
3442
3739
  include Aws::Structure
3443
3740
  end
3444
3741
 
@@ -3465,6 +3762,7 @@ module Aws::WAFV2
3465
3762
  class ListResourcesForWebACLRequest < Struct.new(
3466
3763
  :web_acl_arn,
3467
3764
  :resource_type)
3765
+ SENSITIVE = []
3468
3766
  include Aws::Structure
3469
3767
  end
3470
3768
 
@@ -3477,6 +3775,7 @@ module Aws::WAFV2
3477
3775
  #
3478
3776
  class ListResourcesForWebACLResponse < Struct.new(
3479
3777
  :resource_arns)
3778
+ SENSITIVE = []
3480
3779
  include Aws::Structure
3481
3780
  end
3482
3781
 
@@ -3524,6 +3823,7 @@ module Aws::WAFV2
3524
3823
  :scope,
3525
3824
  :next_marker,
3526
3825
  :limit)
3826
+ SENSITIVE = []
3527
3827
  include Aws::Structure
3528
3828
  end
3529
3829
 
@@ -3543,6 +3843,7 @@ module Aws::WAFV2
3543
3843
  class ListRuleGroupsResponse < Struct.new(
3544
3844
  :next_marker,
3545
3845
  :rule_groups)
3846
+ SENSITIVE = []
3546
3847
  include Aws::Structure
3547
3848
  end
3548
3849
 
@@ -3580,6 +3881,7 @@ module Aws::WAFV2
3580
3881
  :next_marker,
3581
3882
  :limit,
3582
3883
  :resource_arn)
3884
+ SENSITIVE = []
3583
3885
  include Aws::Structure
3584
3886
  end
3585
3887
 
@@ -3600,6 +3902,7 @@ module Aws::WAFV2
3600
3902
  class ListTagsForResourceResponse < Struct.new(
3601
3903
  :next_marker,
3602
3904
  :tag_info_for_resource)
3905
+ SENSITIVE = []
3603
3906
  include Aws::Structure
3604
3907
  end
3605
3908
 
@@ -3647,6 +3950,7 @@ module Aws::WAFV2
3647
3950
  :scope,
3648
3951
  :next_marker,
3649
3952
  :limit)
3953
+ SENSITIVE = []
3650
3954
  include Aws::Structure
3651
3955
  end
3652
3956
 
@@ -3666,6 +3970,7 @@ module Aws::WAFV2
3666
3970
  class ListWebACLsResponse < Struct.new(
3667
3971
  :next_marker,
3668
3972
  :web_acls)
3973
+ SENSITIVE = []
3669
3974
  include Aws::Structure
3670
3975
  end
3671
3976
 
@@ -3711,6 +4016,7 @@ module Aws::WAFV2
3711
4016
  # },
3712
4017
  # },
3713
4018
  # ],
4019
+ # managed_by_firewall_manager: false,
3714
4020
  # }
3715
4021
  #
3716
4022
  # @!attribute [rw] resource_arn
@@ -3725,16 +4031,29 @@ module Aws::WAFV2
3725
4031
  #
3726
4032
  # @!attribute [rw] redacted_fields
3727
4033
  # The parts of the request that you want to keep out of the logs. For
3728
- # example, if you redact the cookie field, the cookie field in the
4034
+ # example, if you redact the `HEADER` field, the `HEADER` field in the
3729
4035
  # firehose will be `xxx`.
4036
+ #
4037
+ # <note markdown="1"> You must use one of the following values: `URI`, `QUERY_STRING`,
4038
+ # `HEADER`, or `METHOD`.
4039
+ #
4040
+ # </note>
3730
4041
  # @return [Array<Types::FieldToMatch>]
3731
4042
  #
4043
+ # @!attribute [rw] managed_by_firewall_manager
4044
+ # Indicates whether the logging configuration was created by AWS
4045
+ # Firewall Manager, as part of an AWS WAF policy configuration. If
4046
+ # true, only Firewall Manager can modify or delete the configuration.
4047
+ # @return [Boolean]
4048
+ #
3732
4049
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/LoggingConfiguration AWS API Documentation
3733
4050
  #
3734
4051
  class LoggingConfiguration < Struct.new(
3735
4052
  :resource_arn,
3736
4053
  :log_destination_configs,
3737
- :redacted_fields)
4054
+ :redacted_fields,
4055
+ :managed_by_firewall_manager)
4056
+ SENSITIVE = []
3738
4057
  include Aws::Structure
3739
4058
  end
3740
4059
 
@@ -3793,6 +4112,7 @@ module Aws::WAFV2
3793
4112
  :vendor_name,
3794
4113
  :name,
3795
4114
  :excluded_rules)
4115
+ SENSITIVE = []
3796
4116
  include Aws::Structure
3797
4117
  end
3798
4118
 
@@ -3836,6 +4156,7 @@ module Aws::WAFV2
3836
4156
  :vendor_name,
3837
4157
  :name,
3838
4158
  :description)
4159
+ SENSITIVE = []
3839
4160
  include Aws::Structure
3840
4161
  end
3841
4162
 
@@ -4015,6 +4336,10 @@ module Aws::WAFV2
4015
4336
  # },
4016
4337
  # geo_match_statement: {
4017
4338
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
4339
+ # forwarded_ip_config: {
4340
+ # header_name: "ForwardedIPHeaderName", # required
4341
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
4342
+ # },
4018
4343
  # },
4019
4344
  # rule_group_reference_statement: {
4020
4345
  # arn: "ResourceArn", # required
@@ -4026,6 +4351,11 @@ module Aws::WAFV2
4026
4351
  # },
4027
4352
  # ip_set_reference_statement: {
4028
4353
  # arn: "ResourceArn", # required
4354
+ # ip_set_forwarded_ip_config: {
4355
+ # header_name: "ForwardedIPHeaderName", # required
4356
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
4357
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
4358
+ # },
4029
4359
  # },
4030
4360
  # regex_pattern_set_reference_statement: {
4031
4361
  # arn: "ResourceArn", # required
@@ -4056,10 +4386,14 @@ module Aws::WAFV2
4056
4386
  # },
4057
4387
  # rate_based_statement: {
4058
4388
  # limit: 1, # required
4059
- # aggregate_key_type: "IP", # required, accepts IP
4389
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
4060
4390
  # scope_down_statement: {
4061
4391
  # # recursive Statement
4062
4392
  # },
4393
+ # forwarded_ip_config: {
4394
+ # header_name: "ForwardedIPHeaderName", # required
4395
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
4396
+ # },
4063
4397
  # },
4064
4398
  # and_statement: {
4065
4399
  # statements: [ # required
@@ -4101,6 +4435,7 @@ module Aws::WAFV2
4101
4435
  #
4102
4436
  class NotStatement < Struct.new(
4103
4437
  :statement)
4438
+ SENSITIVE = []
4104
4439
  include Aws::Structure
4105
4440
  end
4106
4441
 
@@ -4234,6 +4569,10 @@ module Aws::WAFV2
4234
4569
  # },
4235
4570
  # geo_match_statement: {
4236
4571
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
4572
+ # forwarded_ip_config: {
4573
+ # header_name: "ForwardedIPHeaderName", # required
4574
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
4575
+ # },
4237
4576
  # },
4238
4577
  # rule_group_reference_statement: {
4239
4578
  # arn: "ResourceArn", # required
@@ -4245,6 +4584,11 @@ module Aws::WAFV2
4245
4584
  # },
4246
4585
  # ip_set_reference_statement: {
4247
4586
  # arn: "ResourceArn", # required
4587
+ # ip_set_forwarded_ip_config: {
4588
+ # header_name: "ForwardedIPHeaderName", # required
4589
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
4590
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
4591
+ # },
4248
4592
  # },
4249
4593
  # regex_pattern_set_reference_statement: {
4250
4594
  # arn: "ResourceArn", # required
@@ -4275,10 +4619,14 @@ module Aws::WAFV2
4275
4619
  # },
4276
4620
  # rate_based_statement: {
4277
4621
  # limit: 1, # required
4278
- # aggregate_key_type: "IP", # required, accepts IP
4622
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
4279
4623
  # scope_down_statement: {
4280
4624
  # # recursive Statement
4281
4625
  # },
4626
+ # forwarded_ip_config: {
4627
+ # header_name: "ForwardedIPHeaderName", # required
4628
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
4629
+ # },
4282
4630
  # },
4283
4631
  # and_statement: {
4284
4632
  # statements: { # required
@@ -4317,6 +4665,7 @@ module Aws::WAFV2
4317
4665
  #
4318
4666
  class OrStatement < Struct.new(
4319
4667
  :statements)
4668
+ SENSITIVE = []
4320
4669
  include Aws::Structure
4321
4670
  end
4322
4671
 
@@ -4360,6 +4709,7 @@ module Aws::WAFV2
4360
4709
  class OverrideAction < Struct.new(
4361
4710
  :count,
4362
4711
  :none)
4712
+ SENSITIVE = []
4363
4713
  include Aws::Structure
4364
4714
  end
4365
4715
 
@@ -4390,6 +4740,7 @@ module Aws::WAFV2
4390
4740
  # },
4391
4741
  # },
4392
4742
  # ],
4743
+ # managed_by_firewall_manager: false,
4393
4744
  # },
4394
4745
  # }
4395
4746
  #
@@ -4400,6 +4751,7 @@ module Aws::WAFV2
4400
4751
  #
4401
4752
  class PutLoggingConfigurationRequest < Struct.new(
4402
4753
  :logging_configuration)
4754
+ SENSITIVE = []
4403
4755
  include Aws::Structure
4404
4756
  end
4405
4757
 
@@ -4410,6 +4762,7 @@ module Aws::WAFV2
4410
4762
  #
4411
4763
  class PutLoggingConfigurationResponse < Struct.new(
4412
4764
  :logging_configuration)
4765
+ SENSITIVE = []
4413
4766
  include Aws::Structure
4414
4767
  end
4415
4768
 
@@ -4457,6 +4810,7 @@ module Aws::WAFV2
4457
4810
  class PutPermissionPolicyRequest < Struct.new(
4458
4811
  :resource_arn,
4459
4812
  :policy)
4813
+ SENSITIVE = []
4460
4814
  include Aws::Structure
4461
4815
  end
4462
4816
 
@@ -4536,7 +4890,7 @@ module Aws::WAFV2
4536
4890
  #
4537
4891
  # {
4538
4892
  # limit: 1, # required
4539
- # aggregate_key_type: "IP", # required, accepts IP
4893
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
4540
4894
  # scope_down_statement: {
4541
4895
  # byte_match_statement: {
4542
4896
  # search_string: "data", # required
@@ -4648,6 +5002,10 @@ module Aws::WAFV2
4648
5002
  # },
4649
5003
  # geo_match_statement: {
4650
5004
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
5005
+ # forwarded_ip_config: {
5006
+ # header_name: "ForwardedIPHeaderName", # required
5007
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
5008
+ # },
4651
5009
  # },
4652
5010
  # rule_group_reference_statement: {
4653
5011
  # arn: "ResourceArn", # required
@@ -4659,6 +5017,11 @@ module Aws::WAFV2
4659
5017
  # },
4660
5018
  # ip_set_reference_statement: {
4661
5019
  # arn: "ResourceArn", # required
5020
+ # ip_set_forwarded_ip_config: {
5021
+ # header_name: "ForwardedIPHeaderName", # required
5022
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
5023
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
5024
+ # },
4662
5025
  # },
4663
5026
  # regex_pattern_set_reference_statement: {
4664
5027
  # arn: "ResourceArn", # required
@@ -4689,10 +5052,14 @@ module Aws::WAFV2
4689
5052
  # },
4690
5053
  # rate_based_statement: {
4691
5054
  # limit: 1, # required
4692
- # aggregate_key_type: "IP", # required, accepts IP
5055
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
4693
5056
  # scope_down_statement: {
4694
5057
  # # recursive Statement
4695
5058
  # },
5059
+ # forwarded_ip_config: {
5060
+ # header_name: "ForwardedIPHeaderName", # required
5061
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
5062
+ # },
4696
5063
  # },
4697
5064
  # and_statement: {
4698
5065
  # statements: [ # required
@@ -4723,18 +5090,28 @@ module Aws::WAFV2
4723
5090
  # ],
4724
5091
  # },
4725
5092
  # },
5093
+ # forwarded_ip_config: {
5094
+ # header_name: "ForwardedIPHeaderName", # required
5095
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
5096
+ # },
4726
5097
  # }
4727
5098
  #
4728
5099
  # @!attribute [rw] limit
4729
5100
  # The limit on requests per 5-minute period for a single originating
4730
- # IP address. If the statement includes a `ScopDownStatement`, this
5101
+ # IP address. If the statement includes a `ScopeDownStatement`, this
4731
5102
  # limit is applied only to the requests that match the statement.
4732
5103
  # @return [Integer]
4733
5104
  #
4734
5105
  # @!attribute [rw] aggregate_key_type
4735
- # Setting that indicates how to aggregate the request counts.
4736
- # Currently, you must set this to `IP`. The request counts are
4737
- # aggregated on IP addresses.
5106
+ # Setting that indicates how to aggregate the request counts. The
5107
+ # options are the following:
5108
+ #
5109
+ # * IP - Aggregate the request counts on the IP address from the web
5110
+ # request origin.
5111
+ #
5112
+ # * FORWARDED\_IP - Aggregate the request counts on the first IP
5113
+ # address in an HTTP header. If you use this, configure the
5114
+ # `ForwardedIPConfig`, to specify the header to use.
4738
5115
  # @return [String]
4739
5116
  #
4740
5117
  # @!attribute [rw] scope_down_statement
@@ -4744,12 +5121,28 @@ module Aws::WAFV2
4744
5121
  # this scope-down statement.
4745
5122
  # @return [Types::Statement]
4746
5123
  #
5124
+ # @!attribute [rw] forwarded_ip_config
5125
+ # The configuration for inspecting IP addresses in an HTTP header that
5126
+ # you specify, instead of using the IP address that's reported by the
5127
+ # web request origin. Commonly, this is the X-Forwarded-For (XFF)
5128
+ # header, but you can specify any header name.
5129
+ #
5130
+ # <note markdown="1"> If the specified header isn't present in the request, AWS WAF
5131
+ # doesn't apply the rule to the web request at all.
5132
+ #
5133
+ # </note>
5134
+ #
5135
+ # This is required if `AggregateKeyType` is set to `FORWARDED_IP`.
5136
+ # @return [Types::ForwardedIPConfig]
5137
+ #
4747
5138
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RateBasedStatement AWS API Documentation
4748
5139
  #
4749
5140
  class RateBasedStatement < Struct.new(
4750
5141
  :limit,
4751
5142
  :aggregate_key_type,
4752
- :scope_down_statement)
5143
+ :scope_down_statement,
5144
+ :forwarded_ip_config)
5145
+ SENSITIVE = []
4753
5146
  include Aws::Structure
4754
5147
  end
4755
5148
 
@@ -4779,6 +5172,7 @@ module Aws::WAFV2
4779
5172
  class RateBasedStatementManagedKeysIPSet < Struct.new(
4780
5173
  :ip_address_version,
4781
5174
  :addresses)
5175
+ SENSITIVE = []
4782
5176
  include Aws::Structure
4783
5177
  end
4784
5178
 
@@ -4810,6 +5204,7 @@ module Aws::WAFV2
4810
5204
  #
4811
5205
  class Regex < Struct.new(
4812
5206
  :regex_string)
5207
+ SENSITIVE = []
4813
5208
  include Aws::Structure
4814
5209
  end
4815
5210
 
@@ -4862,6 +5257,7 @@ module Aws::WAFV2
4862
5257
  :arn,
4863
5258
  :description,
4864
5259
  :regular_expression_list)
5260
+ SENSITIVE = []
4865
5261
  include Aws::Structure
4866
5262
  end
4867
5263
 
@@ -4945,6 +5341,7 @@ module Aws::WAFV2
4945
5341
  :arn,
4946
5342
  :field_to_match,
4947
5343
  :text_transformations)
5344
+ SENSITIVE = []
4948
5345
  include Aws::Structure
4949
5346
  end
4950
5347
 
@@ -5005,6 +5402,7 @@ module Aws::WAFV2
5005
5402
  :description,
5006
5403
  :lock_token,
5007
5404
  :arn)
5405
+ SENSITIVE = []
5008
5406
  include Aws::Structure
5009
5407
  end
5010
5408
 
@@ -5142,6 +5540,10 @@ module Aws::WAFV2
5142
5540
  # },
5143
5541
  # geo_match_statement: {
5144
5542
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
5543
+ # forwarded_ip_config: {
5544
+ # header_name: "ForwardedIPHeaderName", # required
5545
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
5546
+ # },
5145
5547
  # },
5146
5548
  # rule_group_reference_statement: {
5147
5549
  # arn: "ResourceArn", # required
@@ -5153,6 +5555,11 @@ module Aws::WAFV2
5153
5555
  # },
5154
5556
  # ip_set_reference_statement: {
5155
5557
  # arn: "ResourceArn", # required
5558
+ # ip_set_forwarded_ip_config: {
5559
+ # header_name: "ForwardedIPHeaderName", # required
5560
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
5561
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
5562
+ # },
5156
5563
  # },
5157
5564
  # regex_pattern_set_reference_statement: {
5158
5565
  # arn: "ResourceArn", # required
@@ -5183,10 +5590,14 @@ module Aws::WAFV2
5183
5590
  # },
5184
5591
  # rate_based_statement: {
5185
5592
  # limit: 1, # required
5186
- # aggregate_key_type: "IP", # required, accepts IP
5593
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
5187
5594
  # scope_down_statement: {
5188
5595
  # # recursive Statement
5189
5596
  # },
5597
+ # forwarded_ip_config: {
5598
+ # header_name: "ForwardedIPHeaderName", # required
5599
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
5600
+ # },
5190
5601
  # },
5191
5602
  # and_statement: {
5192
5603
  # statements: [ # required
@@ -5308,6 +5719,7 @@ module Aws::WAFV2
5308
5719
  :action,
5309
5720
  :override_action,
5310
5721
  :visibility_config)
5722
+ SENSITIVE = []
5311
5723
  include Aws::Structure
5312
5724
  end
5313
5725
 
@@ -5356,6 +5768,7 @@ module Aws::WAFV2
5356
5768
  :block,
5357
5769
  :allow,
5358
5770
  :count)
5771
+ SENSITIVE = []
5359
5772
  include Aws::Structure
5360
5773
  end
5361
5774
 
@@ -5436,6 +5849,7 @@ module Aws::WAFV2
5436
5849
  :description,
5437
5850
  :rules,
5438
5851
  :visibility_config)
5852
+ SENSITIVE = []
5439
5853
  include Aws::Structure
5440
5854
  end
5441
5855
 
@@ -5484,6 +5898,7 @@ module Aws::WAFV2
5484
5898
  class RuleGroupReferenceStatement < Struct.new(
5485
5899
  :arn,
5486
5900
  :excluded_rules)
5901
+ SENSITIVE = []
5487
5902
  include Aws::Structure
5488
5903
  end
5489
5904
 
@@ -5544,6 +5959,7 @@ module Aws::WAFV2
5544
5959
  :description,
5545
5960
  :lock_token,
5546
5961
  :arn)
5962
+ SENSITIVE = []
5547
5963
  include Aws::Structure
5548
5964
  end
5549
5965
 
@@ -5590,6 +6006,7 @@ module Aws::WAFV2
5590
6006
  class RuleSummary < Struct.new(
5591
6007
  :name,
5592
6008
  :action)
6009
+ SENSITIVE = []
5593
6010
  include Aws::Structure
5594
6011
  end
5595
6012
 
@@ -5636,7 +6053,7 @@ module Aws::WAFV2
5636
6053
  # groups, the format for this name is `<vendor name>#<managed rule
5637
6054
  # group name>#<rule name>`. For your own rule groups, the format for
5638
6055
  # this name is `<rule group name>#<rule name>`. If the rule is not in
5639
- # a rule group, the format is `<rule name>`.
6056
+ # a rule group, this field is absent.
5640
6057
  # @return [String]
5641
6058
  #
5642
6059
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/SampledHTTPRequest AWS API Documentation
@@ -5647,6 +6064,7 @@ module Aws::WAFV2
5647
6064
  :timestamp,
5648
6065
  :action,
5649
6066
  :rule_name_within_rule_group)
6067
+ SENSITIVE = []
5650
6068
  include Aws::Structure
5651
6069
  end
5652
6070
 
@@ -5682,6 +6100,7 @@ module Aws::WAFV2
5682
6100
  #
5683
6101
  class SingleHeader < Struct.new(
5684
6102
  :name)
6103
+ SENSITIVE = []
5685
6104
  include Aws::Structure
5686
6105
  end
5687
6106
 
@@ -5715,6 +6134,7 @@ module Aws::WAFV2
5715
6134
  #
5716
6135
  class SingleQueryArgument < Struct.new(
5717
6136
  :name)
6137
+ SENSITIVE = []
5718
6138
  include Aws::Structure
5719
6139
  end
5720
6140
 
@@ -5806,6 +6226,7 @@ module Aws::WAFV2
5806
6226
  :comparison_operator,
5807
6227
  :size,
5808
6228
  :text_transformations)
6229
+ SENSITIVE = []
5809
6230
  include Aws::Structure
5810
6231
  end
5811
6232
 
@@ -5878,6 +6299,7 @@ module Aws::WAFV2
5878
6299
  class SqliMatchStatement < Struct.new(
5879
6300
  :field_to_match,
5880
6301
  :text_transformations)
6302
+ SENSITIVE = []
5881
6303
  include Aws::Structure
5882
6304
  end
5883
6305
 
@@ -6009,6 +6431,10 @@ module Aws::WAFV2
6009
6431
  # },
6010
6432
  # geo_match_statement: {
6011
6433
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
6434
+ # forwarded_ip_config: {
6435
+ # header_name: "ForwardedIPHeaderName", # required
6436
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
6437
+ # },
6012
6438
  # },
6013
6439
  # rule_group_reference_statement: {
6014
6440
  # arn: "ResourceArn", # required
@@ -6020,6 +6446,11 @@ module Aws::WAFV2
6020
6446
  # },
6021
6447
  # ip_set_reference_statement: {
6022
6448
  # arn: "ResourceArn", # required
6449
+ # ip_set_forwarded_ip_config: {
6450
+ # header_name: "ForwardedIPHeaderName", # required
6451
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
6452
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
6453
+ # },
6023
6454
  # },
6024
6455
  # regex_pattern_set_reference_statement: {
6025
6456
  # arn: "ResourceArn", # required
@@ -6050,7 +6481,7 @@ module Aws::WAFV2
6050
6481
  # },
6051
6482
  # rate_based_statement: {
6052
6483
  # limit: 1, # required
6053
- # aggregate_key_type: "IP", # required, accepts IP
6484
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
6054
6485
  # scope_down_statement: {
6055
6486
  # byte_match_statement: {
6056
6487
  # search_string: "data", # required
@@ -6162,6 +6593,10 @@ module Aws::WAFV2
6162
6593
  # },
6163
6594
  # geo_match_statement: {
6164
6595
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
6596
+ # forwarded_ip_config: {
6597
+ # header_name: "ForwardedIPHeaderName", # required
6598
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
6599
+ # },
6165
6600
  # },
6166
6601
  # rule_group_reference_statement: {
6167
6602
  # arn: "ResourceArn", # required
@@ -6173,6 +6608,11 @@ module Aws::WAFV2
6173
6608
  # },
6174
6609
  # ip_set_reference_statement: {
6175
6610
  # arn: "ResourceArn", # required
6611
+ # ip_set_forwarded_ip_config: {
6612
+ # header_name: "ForwardedIPHeaderName", # required
6613
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
6614
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
6615
+ # },
6176
6616
  # },
6177
6617
  # regex_pattern_set_reference_statement: {
6178
6618
  # arn: "ResourceArn", # required
@@ -6233,6 +6673,10 @@ module Aws::WAFV2
6233
6673
  # ],
6234
6674
  # },
6235
6675
  # },
6676
+ # forwarded_ip_config: {
6677
+ # header_name: "ForwardedIPHeaderName", # required
6678
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
6679
+ # },
6236
6680
  # },
6237
6681
  # and_statement: {
6238
6682
  # statements: [ # required
@@ -6347,6 +6791,10 @@ module Aws::WAFV2
6347
6791
  # },
6348
6792
  # geo_match_statement: {
6349
6793
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
6794
+ # forwarded_ip_config: {
6795
+ # header_name: "ForwardedIPHeaderName", # required
6796
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
6797
+ # },
6350
6798
  # },
6351
6799
  # rule_group_reference_statement: {
6352
6800
  # arn: "ResourceArn", # required
@@ -6358,6 +6806,11 @@ module Aws::WAFV2
6358
6806
  # },
6359
6807
  # ip_set_reference_statement: {
6360
6808
  # arn: "ResourceArn", # required
6809
+ # ip_set_forwarded_ip_config: {
6810
+ # header_name: "ForwardedIPHeaderName", # required
6811
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
6812
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
6813
+ # },
6361
6814
  # },
6362
6815
  # regex_pattern_set_reference_statement: {
6363
6816
  # arn: "ResourceArn", # required
@@ -6388,10 +6841,14 @@ module Aws::WAFV2
6388
6841
  # },
6389
6842
  # rate_based_statement: {
6390
6843
  # limit: 1, # required
6391
- # aggregate_key_type: "IP", # required, accepts IP
6844
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
6392
6845
  # scope_down_statement: {
6393
6846
  # # recursive Statement
6394
6847
  # },
6848
+ # forwarded_ip_config: {
6849
+ # header_name: "ForwardedIPHeaderName", # required
6850
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
6851
+ # },
6395
6852
  # },
6396
6853
  # and_statement: {
6397
6854
  # # recursive AndStatement
@@ -6531,6 +6988,10 @@ module Aws::WAFV2
6531
6988
  # },
6532
6989
  # geo_match_statement: {
6533
6990
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
6991
+ # forwarded_ip_config: {
6992
+ # header_name: "ForwardedIPHeaderName", # required
6993
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
6994
+ # },
6534
6995
  # },
6535
6996
  # rule_group_reference_statement: {
6536
6997
  # arn: "ResourceArn", # required
@@ -6542,6 +7003,11 @@ module Aws::WAFV2
6542
7003
  # },
6543
7004
  # ip_set_reference_statement: {
6544
7005
  # arn: "ResourceArn", # required
7006
+ # ip_set_forwarded_ip_config: {
7007
+ # header_name: "ForwardedIPHeaderName", # required
7008
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
7009
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
7010
+ # },
6545
7011
  # },
6546
7012
  # regex_pattern_set_reference_statement: {
6547
7013
  # arn: "ResourceArn", # required
@@ -6572,10 +7038,14 @@ module Aws::WAFV2
6572
7038
  # },
6573
7039
  # rate_based_statement: {
6574
7040
  # limit: 1, # required
6575
- # aggregate_key_type: "IP", # required, accepts IP
7041
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
6576
7042
  # scope_down_statement: {
6577
7043
  # # recursive Statement
6578
7044
  # },
7045
+ # forwarded_ip_config: {
7046
+ # header_name: "ForwardedIPHeaderName", # required
7047
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
7048
+ # },
6579
7049
  # },
6580
7050
  # and_statement: {
6581
7051
  # statements: { # required
@@ -6714,6 +7184,10 @@ module Aws::WAFV2
6714
7184
  # },
6715
7185
  # geo_match_statement: {
6716
7186
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
7187
+ # forwarded_ip_config: {
7188
+ # header_name: "ForwardedIPHeaderName", # required
7189
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
7190
+ # },
6717
7191
  # },
6718
7192
  # rule_group_reference_statement: {
6719
7193
  # arn: "ResourceArn", # required
@@ -6725,6 +7199,11 @@ module Aws::WAFV2
6725
7199
  # },
6726
7200
  # ip_set_reference_statement: {
6727
7201
  # arn: "ResourceArn", # required
7202
+ # ip_set_forwarded_ip_config: {
7203
+ # header_name: "ForwardedIPHeaderName", # required
7204
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
7205
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
7206
+ # },
6728
7207
  # },
6729
7208
  # regex_pattern_set_reference_statement: {
6730
7209
  # arn: "ResourceArn", # required
@@ -6755,10 +7234,14 @@ module Aws::WAFV2
6755
7234
  # },
6756
7235
  # rate_based_statement: {
6757
7236
  # limit: 1, # required
6758
- # aggregate_key_type: "IP", # required, accepts IP
7237
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
6759
7238
  # scope_down_statement: {
6760
7239
  # # recursive Statement
6761
7240
  # },
7241
+ # forwarded_ip_config: {
7242
+ # header_name: "ForwardedIPHeaderName", # required
7243
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
7244
+ # },
6762
7245
  # },
6763
7246
  # and_statement: {
6764
7247
  # statements: [ # required
@@ -6971,6 +7454,7 @@ module Aws::WAFV2
6971
7454
  :or_statement,
6972
7455
  :not_statement,
6973
7456
  :managed_rule_group_statement)
7457
+ SENSITIVE = []
6974
7458
  include Aws::Structure
6975
7459
  end
6976
7460
 
@@ -6981,12 +7465,19 @@ module Aws::WAFV2
6981
7465
  #
6982
7466
  # </note>
6983
7467
  #
6984
- # A collection of key:value pairs associated with an AWS resource. The
6985
- # key:value pair can be anything you define. Typically, the tag key
6986
- # represents a category (such as "environment") and the tag value
6987
- # represents a specific value within that category (such as "test,"
6988
- # "development," or "production"). You can add up to 50 tags to each
6989
- # AWS resource.
7468
+ # A tag associated with an AWS resource. Tags are key:value pairs that
7469
+ # you can use to categorize and manage your resources, for purposes like
7470
+ # billing or other management. Typically, the tag key represents a
7471
+ # category, such as "environment", and the tag value represents a
7472
+ # specific value within that category, such as "test,"
7473
+ # "development," or "production". Or you might set the tag key to
7474
+ # "customer" and the value to the customer name or ID. You can specify
7475
+ # one or more tags to add to each AWS resource, up to 50 tags for a
7476
+ # resource.
7477
+ #
7478
+ # You can tag the AWS resources that you manage through AWS WAF: web
7479
+ # ACLs, rule groups, IP sets, and regex pattern sets. You can't manage
7480
+ # or view tags through the AWS WAF console.
6990
7481
  #
6991
7482
  #
6992
7483
  #
@@ -7017,6 +7508,7 @@ module Aws::WAFV2
7017
7508
  class Tag < Struct.new(
7018
7509
  :key,
7019
7510
  :value)
7511
+ SENSITIVE = []
7020
7512
  include Aws::Structure
7021
7513
  end
7022
7514
 
@@ -7027,7 +7519,19 @@ module Aws::WAFV2
7027
7519
  #
7028
7520
  # </note>
7029
7521
  #
7030
- # The collection of tagging definitions for an AWS resource.
7522
+ # The collection of tagging definitions for an AWS resource. Tags are
7523
+ # key:value pairs that you can use to categorize and manage your
7524
+ # resources, for purposes like billing or other management. Typically,
7525
+ # the tag key represents a category, such as "environment", and the
7526
+ # tag value represents a specific value within that category, such as
7527
+ # "test," "development," or "production". Or you might set the tag
7528
+ # key to "customer" and the value to the customer name or ID. You can
7529
+ # specify one or more tags to add to each AWS resource, up to 50 tags
7530
+ # for a resource.
7531
+ #
7532
+ # You can tag the AWS resources that you manage through AWS WAF: web
7533
+ # ACLs, rule groups, IP sets, and regex pattern sets. You can't manage
7534
+ # or view tags through the AWS WAF console.
7031
7535
  #
7032
7536
  #
7033
7537
  #
@@ -7046,6 +7550,7 @@ module Aws::WAFV2
7046
7550
  class TagInfoForResource < Struct.new(
7047
7551
  :resource_arn,
7048
7552
  :tag_list)
7553
+ SENSITIVE = []
7049
7554
  include Aws::Structure
7050
7555
  end
7051
7556
 
@@ -7075,6 +7580,7 @@ module Aws::WAFV2
7075
7580
  class TagResourceRequest < Struct.new(
7076
7581
  :resource_arn,
7077
7582
  :tags)
7583
+ SENSITIVE = []
7078
7584
  include Aws::Structure
7079
7585
  end
7080
7586
 
@@ -7189,6 +7695,7 @@ module Aws::WAFV2
7189
7695
  class TextTransformation < Struct.new(
7190
7696
  :priority,
7191
7697
  :type)
7698
+ SENSITIVE = []
7192
7699
  include Aws::Structure
7193
7700
  end
7194
7701
 
@@ -7203,6 +7710,11 @@ module Aws::WAFV2
7203
7710
  # specify the time range for which you want AWS WAF to return a sample
7204
7711
  # of web requests.
7205
7712
  #
7713
+ # You must specify the times in Coordinated Universal Time (UTC) format.
7714
+ # UTC format includes the special designator, `Z`. For example,
7715
+ # `"2016-09-27T14:50Z"`. You can specify any time range in the previous
7716
+ # three hours.
7717
+ #
7206
7718
  # In a GetSampledRequests response, the `StartTime` and `EndTime`
7207
7719
  # objects specify the time range for which AWS WAF actually returned a
7208
7720
  # sample of web requests. AWS WAF gets the specified number of requests
@@ -7227,17 +7739,19 @@ module Aws::WAFV2
7227
7739
  # @!attribute [rw] start_time
7228
7740
  # The beginning of the time range from which you want
7229
7741
  # `GetSampledRequests` to return a sample of the requests that your
7230
- # AWS resource received. Specify the date and time in the following
7231
- # format: `"2016-09-27T14:50Z"`. You can specify any time range in the
7232
- # previous three hours.
7742
+ # AWS resource received. You must specify the times in Coordinated
7743
+ # Universal Time (UTC) format. UTC format includes the special
7744
+ # designator, `Z`. For example, `"2016-09-27T14:50Z"`. You can specify
7745
+ # any time range in the previous three hours.
7233
7746
  # @return [Time]
7234
7747
  #
7235
7748
  # @!attribute [rw] end_time
7236
7749
  # The end of the time range from which you want `GetSampledRequests`
7237
7750
  # to return a sample of the requests that your AWS resource received.
7238
- # Specify the date and time in the following format:
7239
- # `"2016-09-27T14:50Z"`. You can specify any time range in the
7240
- # previous three hours.
7751
+ # You must specify the times in Coordinated Universal Time (UTC)
7752
+ # format. UTC format includes the special designator, `Z`. For
7753
+ # example, `"2016-09-27T14:50Z"`. You can specify any time range in
7754
+ # the previous three hours.
7241
7755
  # @return [Time]
7242
7756
  #
7243
7757
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/TimeWindow AWS API Documentation
@@ -7245,6 +7759,7 @@ module Aws::WAFV2
7245
7759
  class TimeWindow < Struct.new(
7246
7760
  :start_time,
7247
7761
  :end_time)
7762
+ SENSITIVE = []
7248
7763
  include Aws::Structure
7249
7764
  end
7250
7765
 
@@ -7270,6 +7785,7 @@ module Aws::WAFV2
7270
7785
  class UntagResourceRequest < Struct.new(
7271
7786
  :resource_arn,
7272
7787
  :tag_keys)
7788
+ SENSITIVE = []
7273
7789
  include Aws::Structure
7274
7790
  end
7275
7791
 
@@ -7375,6 +7891,7 @@ module Aws::WAFV2
7375
7891
  :description,
7376
7892
  :addresses,
7377
7893
  :lock_token)
7894
+ SENSITIVE = []
7378
7895
  include Aws::Structure
7379
7896
  end
7380
7897
 
@@ -7388,6 +7905,7 @@ module Aws::WAFV2
7388
7905
  #
7389
7906
  class UpdateIPSetResponse < Struct.new(
7390
7907
  :next_lock_token)
7908
+ SENSITIVE = []
7391
7909
  include Aws::Structure
7392
7910
  end
7393
7911
 
@@ -7461,6 +7979,7 @@ module Aws::WAFV2
7461
7979
  :description,
7462
7980
  :regular_expression_list,
7463
7981
  :lock_token)
7982
+ SENSITIVE = []
7464
7983
  include Aws::Structure
7465
7984
  end
7466
7985
 
@@ -7474,6 +7993,7 @@ module Aws::WAFV2
7474
7993
  #
7475
7994
  class UpdateRegexPatternSetResponse < Struct.new(
7476
7995
  :next_lock_token)
7996
+ SENSITIVE = []
7477
7997
  include Aws::Structure
7478
7998
  end
7479
7999
 
@@ -7600,6 +8120,10 @@ module Aws::WAFV2
7600
8120
  # },
7601
8121
  # geo_match_statement: {
7602
8122
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
8123
+ # forwarded_ip_config: {
8124
+ # header_name: "ForwardedIPHeaderName", # required
8125
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
8126
+ # },
7603
8127
  # },
7604
8128
  # rule_group_reference_statement: {
7605
8129
  # arn: "ResourceArn", # required
@@ -7611,6 +8135,11 @@ module Aws::WAFV2
7611
8135
  # },
7612
8136
  # ip_set_reference_statement: {
7613
8137
  # arn: "ResourceArn", # required
8138
+ # ip_set_forwarded_ip_config: {
8139
+ # header_name: "ForwardedIPHeaderName", # required
8140
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
8141
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
8142
+ # },
7614
8143
  # },
7615
8144
  # regex_pattern_set_reference_statement: {
7616
8145
  # arn: "ResourceArn", # required
@@ -7641,10 +8170,14 @@ module Aws::WAFV2
7641
8170
  # },
7642
8171
  # rate_based_statement: {
7643
8172
  # limit: 1, # required
7644
- # aggregate_key_type: "IP", # required, accepts IP
8173
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
7645
8174
  # scope_down_statement: {
7646
8175
  # # recursive Statement
7647
8176
  # },
8177
+ # forwarded_ip_config: {
8178
+ # header_name: "ForwardedIPHeaderName", # required
8179
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
8180
+ # },
7648
8181
  # },
7649
8182
  # and_statement: {
7650
8183
  # statements: [ # required
@@ -7768,6 +8301,7 @@ module Aws::WAFV2
7768
8301
  :rules,
7769
8302
  :visibility_config,
7770
8303
  :lock_token)
8304
+ SENSITIVE = []
7771
8305
  include Aws::Structure
7772
8306
  end
7773
8307
 
@@ -7781,6 +8315,7 @@ module Aws::WAFV2
7781
8315
  #
7782
8316
  class UpdateRuleGroupResponse < Struct.new(
7783
8317
  :next_lock_token)
8318
+ SENSITIVE = []
7784
8319
  include Aws::Structure
7785
8320
  end
7786
8321
 
@@ -7913,6 +8448,10 @@ module Aws::WAFV2
7913
8448
  # },
7914
8449
  # geo_match_statement: {
7915
8450
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
8451
+ # forwarded_ip_config: {
8452
+ # header_name: "ForwardedIPHeaderName", # required
8453
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
8454
+ # },
7916
8455
  # },
7917
8456
  # rule_group_reference_statement: {
7918
8457
  # arn: "ResourceArn", # required
@@ -7924,6 +8463,11 @@ module Aws::WAFV2
7924
8463
  # },
7925
8464
  # ip_set_reference_statement: {
7926
8465
  # arn: "ResourceArn", # required
8466
+ # ip_set_forwarded_ip_config: {
8467
+ # header_name: "ForwardedIPHeaderName", # required
8468
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
8469
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
8470
+ # },
7927
8471
  # },
7928
8472
  # regex_pattern_set_reference_statement: {
7929
8473
  # arn: "ResourceArn", # required
@@ -7954,10 +8498,14 @@ module Aws::WAFV2
7954
8498
  # },
7955
8499
  # rate_based_statement: {
7956
8500
  # limit: 1, # required
7957
- # aggregate_key_type: "IP", # required, accepts IP
8501
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
7958
8502
  # scope_down_statement: {
7959
8503
  # # recursive Statement
7960
8504
  # },
8505
+ # forwarded_ip_config: {
8506
+ # header_name: "ForwardedIPHeaderName", # required
8507
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
8508
+ # },
7961
8509
  # },
7962
8510
  # and_statement: {
7963
8511
  # statements: [ # required
@@ -8087,6 +8635,7 @@ module Aws::WAFV2
8087
8635
  :rules,
8088
8636
  :visibility_config,
8089
8637
  :lock_token)
8638
+ SENSITIVE = []
8090
8639
  include Aws::Structure
8091
8640
  end
8092
8641
 
@@ -8100,6 +8649,7 @@ module Aws::WAFV2
8100
8649
  #
8101
8650
  class UpdateWebACLResponse < Struct.new(
8102
8651
  :next_lock_token)
8652
+ SENSITIVE = []
8103
8653
  include Aws::Structure
8104
8654
  end
8105
8655
 
@@ -8167,11 +8717,11 @@ module Aws::WAFV2
8167
8717
  # @return [Boolean]
8168
8718
  #
8169
8719
  # @!attribute [rw] metric_name
8170
- # A name of the CloudWatch metric. The name can contain only
8171
- # alphanumeric characters (A-Z, a-z, 0-9), with length from one to 128
8172
- # characters. It can't contain whitespace or metric names reserved
8173
- # for AWS WAF, for example "All" and "Default\_Action." You can't
8174
- # change a `MetricName` after you create a `VisibilityConfig`.
8720
+ # A name of the CloudWatch metric. The name can contain only the
8721
+ # characters: A-Z, a-z, 0-9, - (hyphen), and \_ (underscore). The name
8722
+ # can be from one to 128 characters long. It can't contain whitespace
8723
+ # or metric names reserved for AWS WAF, for example "All" and
8724
+ # "Default\_Action."
8175
8725
  # @return [String]
8176
8726
  #
8177
8727
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/VisibilityConfig AWS API Documentation
@@ -8180,6 +8730,7 @@ module Aws::WAFV2
8180
8730
  :sampled_requests_enabled,
8181
8731
  :cloud_watch_metrics_enabled,
8182
8732
  :metric_name)
8733
+ SENSITIVE = []
8183
8734
  include Aws::Structure
8184
8735
  end
8185
8736
 
@@ -8193,6 +8744,7 @@ module Aws::WAFV2
8193
8744
  #
8194
8745
  class WAFAssociatedItemException < Struct.new(
8195
8746
  :message)
8747
+ SENSITIVE = []
8196
8748
  include Aws::Structure
8197
8749
  end
8198
8750
 
@@ -8206,6 +8758,7 @@ module Aws::WAFV2
8206
8758
  #
8207
8759
  class WAFDuplicateItemException < Struct.new(
8208
8760
  :message)
8761
+ SENSITIVE = []
8209
8762
  include Aws::Structure
8210
8763
  end
8211
8764
 
@@ -8219,6 +8772,7 @@ module Aws::WAFV2
8219
8772
  #
8220
8773
  class WAFInternalErrorException < Struct.new(
8221
8774
  :message)
8775
+ SENSITIVE = []
8222
8776
  include Aws::Structure
8223
8777
  end
8224
8778
 
@@ -8231,6 +8785,7 @@ module Aws::WAFV2
8231
8785
  #
8232
8786
  class WAFInvalidOperationException < Struct.new(
8233
8787
  :message)
8788
+ SENSITIVE = []
8234
8789
  include Aws::Structure
8235
8790
  end
8236
8791
 
@@ -8267,6 +8822,7 @@ module Aws::WAFV2
8267
8822
  :field,
8268
8823
  :parameter,
8269
8824
  :reason)
8825
+ SENSITIVE = []
8270
8826
  include Aws::Structure
8271
8827
  end
8272
8828
 
@@ -8302,6 +8858,7 @@ module Aws::WAFV2
8302
8858
  #
8303
8859
  class WAFInvalidPermissionPolicyException < Struct.new(
8304
8860
  :message)
8861
+ SENSITIVE = []
8305
8862
  include Aws::Structure
8306
8863
  end
8307
8864
 
@@ -8315,6 +8872,7 @@ module Aws::WAFV2
8315
8872
  #
8316
8873
  class WAFInvalidResourceException < Struct.new(
8317
8874
  :message)
8875
+ SENSITIVE = []
8318
8876
  include Aws::Structure
8319
8877
  end
8320
8878
 
@@ -8334,6 +8892,7 @@ module Aws::WAFV2
8334
8892
  #
8335
8893
  class WAFLimitsExceededException < Struct.new(
8336
8894
  :message)
8895
+ SENSITIVE = []
8337
8896
  include Aws::Structure
8338
8897
  end
8339
8898
 
@@ -8347,6 +8906,7 @@ module Aws::WAFV2
8347
8906
  #
8348
8907
  class WAFNonexistentItemException < Struct.new(
8349
8908
  :message)
8909
+ SENSITIVE = []
8350
8910
  include Aws::Structure
8351
8911
  end
8352
8912
 
@@ -8362,6 +8922,7 @@ module Aws::WAFV2
8362
8922
  #
8363
8923
  class WAFOptimisticLockException < Struct.new(
8364
8924
  :message)
8925
+ SENSITIVE = []
8365
8926
  include Aws::Structure
8366
8927
  end
8367
8928
 
@@ -8382,6 +8943,7 @@ module Aws::WAFV2
8382
8943
  #
8383
8944
  class WAFServiceLinkedRoleErrorException < Struct.new(
8384
8945
  :message)
8946
+ SENSITIVE = []
8385
8947
  include Aws::Structure
8386
8948
  end
8387
8949
 
@@ -8392,6 +8954,7 @@ module Aws::WAFV2
8392
8954
  #
8393
8955
  class WAFSubscriptionNotFoundException < Struct.new(
8394
8956
  :message)
8957
+ SENSITIVE = []
8395
8958
  include Aws::Structure
8396
8959
  end
8397
8960
 
@@ -8404,6 +8967,7 @@ module Aws::WAFV2
8404
8967
  #
8405
8968
  class WAFTagOperationException < Struct.new(
8406
8969
  :message)
8970
+ SENSITIVE = []
8407
8971
  include Aws::Structure
8408
8972
  end
8409
8973
 
@@ -8417,6 +8981,7 @@ module Aws::WAFV2
8417
8981
  #
8418
8982
  class WAFTagOperationInternalErrorException < Struct.new(
8419
8983
  :message)
8984
+ SENSITIVE = []
8420
8985
  include Aws::Structure
8421
8986
  end
8422
8987
 
@@ -8430,6 +8995,7 @@ module Aws::WAFV2
8430
8995
  #
8431
8996
  class WAFUnavailableEntityException < Struct.new(
8432
8997
  :message)
8998
+ SENSITIVE = []
8433
8999
  include Aws::Structure
8434
9000
  end
8435
9001
 
@@ -8552,6 +9118,7 @@ module Aws::WAFV2
8552
9118
  :pre_process_firewall_manager_rule_groups,
8553
9119
  :post_process_firewall_manager_rule_groups,
8554
9120
  :managed_by_firewall_manager)
9121
+ SENSITIVE = []
8555
9122
  include Aws::Structure
8556
9123
  end
8557
9124
 
@@ -8611,6 +9178,7 @@ module Aws::WAFV2
8611
9178
  :description,
8612
9179
  :lock_token,
8613
9180
  :arn)
9181
+ SENSITIVE = []
8614
9182
  include Aws::Structure
8615
9183
  end
8616
9184
 
@@ -8683,6 +9251,7 @@ module Aws::WAFV2
8683
9251
  class XssMatchStatement < Struct.new(
8684
9252
  :field_to_match,
8685
9253
  :text_transformations)
9254
+ SENSITIVE = []
8686
9255
  include Aws::Structure
8687
9256
  end
8688
9257