aws-sdk-wafv2 1.51.0 → 1.53.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -63,8 +63,7 @@ module Aws::WAFV2
63
63
  # The inspection level to use for the Bot Control rule group. The
64
64
  # common level is the least expensive. The targeted level includes all
65
65
  # common level rules and adds rules with more advanced inspection
66
- # criteria. For details, see [WAF Bot Control rule group][1] in the
67
- # *WAF Developer Guide*.
66
+ # criteria. For details, see [WAF Bot Control rule group][1].
68
67
  #
69
68
  #
70
69
  #
@@ -138,12 +137,13 @@ module Aws::WAFV2
138
137
  # Defines custom handling for the web request.
139
138
  #
140
139
  # For information about customizing web requests and responses, see
141
- # [Customizing web requests and responses in WAF][1] in the *WAF
142
- # Developer Guide*.
140
+ # [Customizing web requests and responses in WAF][1] in the [WAF
141
+ # Developer Guide][2].
143
142
  #
144
143
  #
145
144
  #
146
145
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
146
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
147
147
  # @return [Types::CustomRequestHandling]
148
148
  #
149
149
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AllowAction AWS API Documentation
@@ -183,22 +183,20 @@ module Aws::WAFV2
183
183
  # The ARN must be in one of the following formats:
184
184
  #
185
185
  # * For an Application Load Balancer:
186
- # `arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
186
+ # `arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
187
187
  # `
188
188
  #
189
189
  # * For an Amazon API Gateway REST API:
190
- # `arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
191
- # `
190
+ # `arn:aws:apigateway:region::/restapis/api-id/stages/stage-name `
192
191
  #
193
192
  # * For an AppSync GraphQL API:
194
- # `arn:partition:appsync:region:account-id:apis/GraphQLApiId `
193
+ # `arn:aws:appsync:region:account-id:apis/GraphQLApiId `
195
194
  #
196
195
  # * For an Amazon Cognito user pool:
197
- # `arn:partition:cognito-idp:region:account-id:userpool/user-pool-id
198
- # `
196
+ # `arn:aws:cognito-idp:region:account-id:userpool/user-pool-id `
199
197
  #
200
198
  # * For an App Runner service:
201
- # `arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
199
+ # `arn:aws:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
202
200
  # `
203
201
  # @return [String]
204
202
  #
@@ -215,47 +213,6 @@ module Aws::WAFV2
215
213
  #
216
214
  class AssociateWebACLResponse < Aws::EmptyStructure; end
217
215
 
218
- # Specifies custom configurations for the associations between the web
219
- # ACL and protected resources.
220
- #
221
- # Use this to customize the maximum size of the request body that your
222
- # protected CloudFront distributions forward to WAF for inspection. The
223
- # default is 16 KB (16,384 kilobytes).
224
- #
225
- # <note markdown="1"> You are charged additional fees when your protected resources forward
226
- # body sizes that are larger than the default. For more information, see
227
- # [WAF Pricing][1].
228
- #
229
- # </note>
230
- #
231
- #
232
- #
233
- # [1]: http://aws.amazon.com/waf/pricing/
234
- #
235
- # @!attribute [rw] request_body
236
- # Customizes the maximum size of the request body that your protected
237
- # CloudFront distributions forward to WAF for inspection. The default
238
- # size is 16 KB (16,384 kilobytes).
239
- #
240
- # <note markdown="1"> You are charged additional fees when your protected resources
241
- # forward body sizes that are larger than the default. For more
242
- # information, see [WAF Pricing][1].
243
- #
244
- # </note>
245
- #
246
- #
247
- #
248
- # [1]: http://aws.amazon.com/waf/pricing/
249
- # @return [Hash<String,Types::RequestBodyAssociatedResourceTypeConfig>]
250
- #
251
- # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AssociationConfig AWS API Documentation
252
- #
253
- class AssociationConfig < Struct.new(
254
- :request_body)
255
- SENSITIVE = []
256
- include Aws::Structure
257
- end
258
-
259
216
  # Specifies that WAF should block the request and optionally defines
260
217
  # additional custom handling for the response to the web request.
261
218
  #
@@ -266,12 +223,13 @@ module Aws::WAFV2
266
223
  # Defines a custom response for the web request.
267
224
  #
268
225
  # For information about customizing web requests and responses, see
269
- # [Customizing web requests and responses in WAF][1] in the *WAF
270
- # Developer Guide*.
226
+ # [Customizing web requests and responses in WAF][1] in the [WAF
227
+ # Developer Guide][2].
271
228
  #
272
229
  #
273
230
  #
274
231
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
232
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
275
233
  # @return [Types::CustomResponse]
276
234
  #
277
235
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/BlockAction AWS API Documentation
@@ -290,16 +248,10 @@ module Aws::WAFV2
290
248
  #
291
249
  # @!attribute [rw] oversize_handling
292
250
  # What WAF should do if the body is larger than WAF can inspect. WAF
293
- # does not support inspecting the entire contents of the web request
294
- # body if the body exceeds the limit for the resource type. If the
295
- # body is larger than the limit, the underlying host service only
296
- # forwards the contents that are below the limit to WAF for
297
- # inspection.
298
- #
299
- # The default limit is 8 KB (8,192 kilobytes) for regional resources
300
- # and 16 KB (16,384 kilobytes) for CloudFront distributions. For
301
- # CloudFront distributions, you can increase the limit in the web ACL
302
- # `AssociationConfig`, for additional processing fees.
251
+ # does not support inspecting the entire contents of the body of a web
252
+ # request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB
253
+ # of the request body are forwarded to WAF by the underlying host
254
+ # service.
303
255
  #
304
256
  # The options for oversize handling are the following:
305
257
  #
@@ -314,7 +266,7 @@ module Aws::WAFV2
314
266
  #
315
267
  # You can combine the `MATCH` or `NO_MATCH` settings for oversize
316
268
  # handling with your rule and web ACL action settings, so that you
317
- # block any request whose body is over the limit.
269
+ # block any request whose body is over 8 KB.
318
270
  #
319
271
  # Default: `CONTINUE`
320
272
  # @return [String]
@@ -470,12 +422,13 @@ module Aws::WAFV2
470
422
  # unexpired.
471
423
  #
472
424
  # For information about customizing web requests and responses, see
473
- # [Customizing web requests and responses in WAF][1] in the *WAF
474
- # Developer Guide*.
425
+ # [Customizing web requests and responses in WAF][1] in the [WAF
426
+ # Developer Guide][2].
475
427
  #
476
428
  #
477
429
  #
478
430
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
431
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
479
432
  # @return [Types::CustomRequestHandling]
480
433
  #
481
434
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CaptchaAction AWS API Documentation
@@ -578,12 +531,13 @@ module Aws::WAFV2
578
531
  # unexpired.
579
532
  #
580
533
  # For information about customizing web requests and responses, see
581
- # [Customizing web requests and responses in WAF][1] in the *WAF
582
- # Developer Guide*.
534
+ # [Customizing web requests and responses in WAF][1] in the [WAF
535
+ # Developer Guide][2].
583
536
  #
584
537
  #
585
538
  #
586
539
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
540
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
587
541
  # @return [Types::CustomRequestHandling]
588
542
  #
589
543
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ChallengeAction AWS API Documentation
@@ -642,7 +596,7 @@ module Aws::WAFV2
642
596
  # Specifies whether this is for an Amazon CloudFront distribution or
643
597
  # for a regional application. A regional application can be an
644
598
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
645
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
599
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
646
600
  # service.
647
601
  #
648
602
  # To work with CloudFront, you must also specify the Region US East
@@ -802,12 +756,13 @@ module Aws::WAFV2
802
756
  # Defines custom handling for the web request.
803
757
  #
804
758
  # For information about customizing web requests and responses, see
805
- # [Customizing web requests and responses in WAF][1] in the *WAF
806
- # Developer Guide*.
759
+ # [Customizing web requests and responses in WAF][1] in the [WAF
760
+ # Developer Guide][2].
807
761
  #
808
762
  #
809
763
  #
810
764
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
765
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
811
766
  # @return [Types::CustomRequestHandling]
812
767
  #
813
768
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CountAction AWS API Documentation
@@ -827,7 +782,7 @@ module Aws::WAFV2
827
782
  # Specifies whether this is for an Amazon CloudFront distribution or
828
783
  # for a regional application. A regional application can be an
829
784
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
830
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
785
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
831
786
  # service.
832
787
  #
833
788
  # To work with CloudFront, you must also specify the Region US East
@@ -934,7 +889,7 @@ module Aws::WAFV2
934
889
  # Specifies whether this is for an Amazon CloudFront distribution or
935
890
  # for a regional application. A regional application can be an
936
891
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
937
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
892
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
938
893
  # service.
939
894
  #
940
895
  # To work with CloudFront, you must also specify the Region US East
@@ -995,7 +950,7 @@ module Aws::WAFV2
995
950
  # Specifies whether this is for an Amazon CloudFront distribution or
996
951
  # for a regional application. A regional application can be an
997
952
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
998
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
953
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
999
954
  # service.
1000
955
  #
1001
956
  # To work with CloudFront, you must also specify the Region US East
@@ -1021,13 +976,8 @@ module Aws::WAFV2
1021
976
  # relative cost of each rule. Simple rules that cost little to run use
1022
977
  # fewer WCUs than more complex rules that use more processing power.
1023
978
  # Rule group capacity is fixed at creation, which helps users plan
1024
- # their web ACL WCU usage when they use a rule group. For more
1025
- # information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
1026
- # Developer Guide*.
1027
- #
1028
- #
1029
- #
1030
- # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
979
+ # their web ACL WCU usage when they use a rule group. The WCU limit
980
+ # for web ACLs is 1,500.
1031
981
  # @return [Integer]
1032
982
  #
1033
983
  # @!attribute [rw] description
@@ -1057,17 +1007,18 @@ module Aws::WAFV2
1057
1007
  # the rules that you define in the rule group.
1058
1008
  #
1059
1009
  # For information about customizing web requests and responses, see
1060
- # [Customizing web requests and responses in WAF][1] in the *WAF
1061
- # Developer Guide*.
1010
+ # [Customizing web requests and responses in WAF][1] in the [WAF
1011
+ # Developer Guide][2].
1062
1012
  #
1063
1013
  # For information about the limits on count and size for custom
1064
- # request and response settings, see [WAF quotas][2] in the *WAF
1065
- # Developer Guide*.
1014
+ # request and response settings, see [WAF quotas][3] in the [WAF
1015
+ # Developer Guide][2].
1066
1016
  #
1067
1017
  #
1068
1018
  #
1069
1019
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
1070
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
1020
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
1021
+ # [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
1071
1022
  # @return [Hash<String,Types::CustomResponseBody>]
1072
1023
  #
1073
1024
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateRuleGroupRequest AWS API Documentation
@@ -1110,7 +1061,7 @@ module Aws::WAFV2
1110
1061
  # Specifies whether this is for an Amazon CloudFront distribution or
1111
1062
  # for a regional application. A regional application can be an
1112
1063
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
1113
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
1064
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
1114
1065
  # service.
1115
1066
  #
1116
1067
  # To work with CloudFront, you must also specify the Region US East
@@ -1154,17 +1105,18 @@ module Aws::WAFV2
1154
1105
  # rules and default actions that you define in the web ACL.
1155
1106
  #
1156
1107
  # For information about customizing web requests and responses, see
1157
- # [Customizing web requests and responses in WAF][1] in the *WAF
1158
- # Developer Guide*.
1108
+ # [Customizing web requests and responses in WAF][1] in the [WAF
1109
+ # Developer Guide][2].
1159
1110
  #
1160
1111
  # For information about the limits on count and size for custom
1161
- # request and response settings, see [WAF quotas][2] in the *WAF
1162
- # Developer Guide*.
1112
+ # request and response settings, see [WAF quotas][3] in the [WAF
1113
+ # Developer Guide][2].
1163
1114
  #
1164
1115
  #
1165
1116
  #
1166
1117
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
1167
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
1118
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
1119
+ # [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
1168
1120
  # @return [Hash<String,Types::CustomResponseBody>]
1169
1121
  #
1170
1122
  # @!attribute [rw] captcha_config
@@ -1196,25 +1148,6 @@ module Aws::WAFV2
1196
1148
  # `usa.gov` or `co.uk` as token domains.
1197
1149
  # @return [Array<String>]
1198
1150
  #
1199
- # @!attribute [rw] association_config
1200
- # Specifies custom configurations for the associations between the web
1201
- # ACL and protected resources.
1202
- #
1203
- # Use this to customize the maximum size of the request body that your
1204
- # protected CloudFront distributions forward to WAF for inspection.
1205
- # The default is 16 KB (16,384 kilobytes).
1206
- #
1207
- # <note markdown="1"> You are charged additional fees when your protected resources
1208
- # forward body sizes that are larger than the default. For more
1209
- # information, see [WAF Pricing][1].
1210
- #
1211
- # </note>
1212
- #
1213
- #
1214
- #
1215
- # [1]: http://aws.amazon.com/waf/pricing/
1216
- # @return [Types::AssociationConfig]
1217
- #
1218
1151
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateWebACLRequest AWS API Documentation
1219
1152
  #
1220
1153
  class CreateWebACLRequest < Struct.new(
@@ -1228,8 +1161,7 @@ module Aws::WAFV2
1228
1161
  :custom_response_bodies,
1229
1162
  :captcha_config,
1230
1163
  :challenge_config,
1231
- :token_domains,
1232
- :association_config)
1164
+ :token_domains)
1233
1165
  SENSITIVE = []
1234
1166
  include Aws::Structure
1235
1167
  end
@@ -1281,24 +1213,26 @@ module Aws::WAFV2
1281
1213
  # `CaptchaAction` for requests with valid t okens, and `AllowAction`.
1282
1214
  #
1283
1215
  # For information about customizing web requests and responses, see
1284
- # [Customizing web requests and responses in WAF][1] in the *WAF
1285
- # Developer Guide*.
1216
+ # [Customizing web requests and responses in WAF][1] in the [WAF
1217
+ # Developer Guide][2].
1286
1218
  #
1287
1219
  #
1288
1220
  #
1289
1221
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
1222
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
1290
1223
  #
1291
1224
  # @!attribute [rw] insert_headers
1292
1225
  # The HTTP headers to insert into the request. Duplicate header names
1293
1226
  # are not allowed.
1294
1227
  #
1295
1228
  # For information about the limits on count and size for custom
1296
- # request and response settings, see [WAF quotas][1] in the *WAF
1297
- # Developer Guide*.
1229
+ # request and response settings, see [WAF quotas][1] in the [WAF
1230
+ # Developer Guide][2].
1298
1231
  #
1299
1232
  #
1300
1233
  #
1301
1234
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
1235
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
1302
1236
  # @return [Array<Types::CustomHTTPHeader>]
1303
1237
  #
1304
1238
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CustomRequestHandling AWS API Documentation
@@ -1314,23 +1248,25 @@ module Aws::WAFV2
1314
1248
  # BlockAction.
1315
1249
  #
1316
1250
  # For information about customizing web requests and responses, see
1317
- # [Customizing web requests and responses in WAF][1] in the *WAF
1318
- # Developer Guide*.
1251
+ # [Customizing web requests and responses in WAF][1] in the [WAF
1252
+ # Developer Guide][2].
1319
1253
  #
1320
1254
  #
1321
1255
  #
1322
1256
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
1257
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
1323
1258
  #
1324
1259
  # @!attribute [rw] response_code
1325
1260
  # The HTTP status code to return to the client.
1326
1261
  #
1327
1262
  # For a list of status codes that you can use in your custom
1328
1263
  # responses, see [Supported status codes for custom response][1] in
1329
- # the *WAF Developer Guide*.
1264
+ # the [WAF Developer Guide][2].
1330
1265
  #
1331
1266
  #
1332
1267
  #
1333
1268
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html
1269
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
1334
1270
  # @return [Integer]
1335
1271
  #
1336
1272
  # @!attribute [rw] custom_response_body_key
@@ -1349,12 +1285,13 @@ module Aws::WAFV2
1349
1285
  # not allowed.
1350
1286
  #
1351
1287
  # For information about the limits on count and size for custom
1352
- # request and response settings, see [WAF quotas][1] in the *WAF
1353
- # Developer Guide*.
1288
+ # request and response settings, see [WAF quotas][1] in the [WAF
1289
+ # Developer Guide][2].
1354
1290
  #
1355
1291
  #
1356
1292
  #
1357
1293
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
1294
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
1358
1295
  # @return [Array<Types::CustomHTTPHeader>]
1359
1296
  #
1360
1297
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CustomResponse AWS API Documentation
@@ -1382,12 +1319,13 @@ module Aws::WAFV2
1382
1319
  # must specify JSON content in the `ContentType` setting.
1383
1320
  #
1384
1321
  # For information about the limits on count and size for custom
1385
- # request and response settings, see [WAF quotas][1] in the *WAF
1386
- # Developer Guide*.
1322
+ # request and response settings, see [WAF quotas][1] in the [WAF
1323
+ # Developer Guide][2].
1387
1324
  #
1388
1325
  #
1389
1326
  #
1390
1327
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
1328
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
1391
1329
  # @return [String]
1392
1330
  #
1393
1331
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CustomResponseBody AWS API Documentation
@@ -1474,7 +1412,7 @@ module Aws::WAFV2
1474
1412
  # Specifies whether this is for an Amazon CloudFront distribution or
1475
1413
  # for a regional application. A regional application can be an
1476
1414
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
1477
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
1415
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
1478
1416
  # service.
1479
1417
  #
1480
1418
  # To work with CloudFront, you must also specify the Region US East
@@ -1564,7 +1502,7 @@ module Aws::WAFV2
1564
1502
  # Specifies whether this is for an Amazon CloudFront distribution or
1565
1503
  # for a regional application. A regional application can be an
1566
1504
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
1567
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
1505
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
1568
1506
  # service.
1569
1507
  #
1570
1508
  # To work with CloudFront, you must also specify the Region US East
@@ -1618,7 +1556,7 @@ module Aws::WAFV2
1618
1556
  # Specifies whether this is for an Amazon CloudFront distribution or
1619
1557
  # for a regional application. A regional application can be an
1620
1558
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
1621
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
1559
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
1622
1560
  # service.
1623
1561
  #
1624
1562
  # To work with CloudFront, you must also specify the Region US East
@@ -1672,7 +1610,7 @@ module Aws::WAFV2
1672
1610
  # Specifies whether this is for an Amazon CloudFront distribution or
1673
1611
  # for a regional application. A regional application can be an
1674
1612
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
1675
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
1613
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
1676
1614
  # service.
1677
1615
  #
1678
1616
  # To work with CloudFront, you must also specify the Region US East
@@ -1731,7 +1669,7 @@ module Aws::WAFV2
1731
1669
  # Specifies whether this is for an Amazon CloudFront distribution or
1732
1670
  # for a regional application. A regional application can be an
1733
1671
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
1734
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
1672
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
1735
1673
  # service.
1736
1674
  #
1737
1675
  # To work with CloudFront, you must also specify the Region US East
@@ -1778,21 +1716,13 @@ module Aws::WAFV2
1778
1716
  # @return [String]
1779
1717
  #
1780
1718
  # @!attribute [rw] capacity
1781
- # The web ACL capacity units (WCUs) required for this rule group.
1782
- #
1783
- # WAF uses WCUs to calculate and control the operating resources that
1784
- # are used to run your rules, rule groups, and web ACLs. WAF
1785
- # calculates capacity differently for each rule type, to reflect the
1786
- # relative cost of each rule. Simple rules that cost little to run use
1787
- # fewer WCUs than more complex rules that use more processing power.
1788
- # Rule group capacity is fixed at creation, which helps users plan
1789
- # their web ACL WCU usage when they use a rule group. For more
1790
- # information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
1791
- # Developer Guide*.
1792
- #
1793
- #
1794
- #
1795
- # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
1719
+ # The web ACL capacity units (WCUs) required for this rule group. WAF
1720
+ # uses web ACL capacity units (WCU) to calculate and control the
1721
+ # operating resources that are used to run your rules, rule groups,
1722
+ # and web ACLs. WAF calculates capacity differently for each rule
1723
+ # type, to reflect each rule's relative cost. Rule group capacity is
1724
+ # fixed at creation, so users can plan their web ACL WCU usage when
1725
+ # they use a rule group. The WCU limit for web ACLs is 1,500.
1796
1726
  # @return [Integer]
1797
1727
  #
1798
1728
  # @!attribute [rw] rules
@@ -1849,22 +1779,20 @@ module Aws::WAFV2
1849
1779
  # The ARN must be in one of the following formats:
1850
1780
  #
1851
1781
  # * For an Application Load Balancer:
1852
- # `arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
1782
+ # `arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
1853
1783
  # `
1854
1784
  #
1855
1785
  # * For an Amazon API Gateway REST API:
1856
- # `arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
1857
- # `
1786
+ # `arn:aws:apigateway:region::/restapis/api-id/stages/stage-name `
1858
1787
  #
1859
1788
  # * For an AppSync GraphQL API:
1860
- # `arn:partition:appsync:region:account-id:apis/GraphQLApiId `
1789
+ # `arn:aws:appsync:region:account-id:apis/GraphQLApiId `
1861
1790
  #
1862
1791
  # * For an Amazon Cognito user pool:
1863
- # `arn:partition:cognito-idp:region:account-id:userpool/user-pool-id
1864
- # `
1792
+ # `arn:aws:cognito-idp:region:account-id:userpool/user-pool-id `
1865
1793
  #
1866
1794
  # * For an App Runner service:
1867
- # `arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
1795
+ # `arn:aws:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
1868
1796
  # `
1869
1797
  # @return [String]
1870
1798
  #
@@ -1954,15 +1882,10 @@ module Aws::WAFV2
1954
1882
  # contains any additional data that you want to send to your web
1955
1883
  # server as the HTTP request body, such as data from a form.
1956
1884
  #
1957
- # A limited amount of the request body is forwarded to WAF for
1958
- # inspection by the underlying host service. For regional resources,
1959
- # the limit is 8 KB (8,192 kilobytes) and for CloudFront
1960
- # distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront
1961
- # distributions, you can increase the limit in the web ACL's
1962
- # `AssociationConfig`, for additional processing fees.
1963
- #
1964
- # For information about how to handle oversized request bodies, see
1965
- # the `Body` object configuration.
1885
+ # Only the first 8 KB (8192 bytes) of the request body are forwarded
1886
+ # to WAF for inspection by the underlying host service. For
1887
+ # information about how to handle oversized request bodies, see the
1888
+ # `Body` object configuration.
1966
1889
  # @return [Types::Body]
1967
1890
  #
1968
1891
  # @!attribute [rw] method
@@ -1976,15 +1899,10 @@ module Aws::WAFV2
1976
1899
  # contains any additional data that you want to send to your web
1977
1900
  # server as the HTTP request body, such as data from a form.
1978
1901
  #
1979
- # A limited amount of the request body is forwarded to WAF for
1980
- # inspection by the underlying host service. For regional resources,
1981
- # the limit is 8 KB (8,192 kilobytes) and for CloudFront
1982
- # distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront
1983
- # distributions, you can increase the limit in the web ACL's
1984
- # `AssociationConfig`, for additional processing fees.
1985
- #
1986
- # For information about how to handle oversized request bodies, see
1987
- # the `JsonBody` object configuration.
1902
+ # Only the first 8 KB (8192 bytes) of the request body are forwarded
1903
+ # to WAF for inspection by the underlying host service. For
1904
+ # information about how to handle oversized request bodies, see the
1905
+ # `JsonBody` object configuration.
1988
1906
  # @return [Types::JsonBody]
1989
1907
  #
1990
1908
  # @!attribute [rw] headers
@@ -2115,19 +2033,40 @@ module Aws::WAFV2
2115
2033
  end
2116
2034
 
2117
2035
  # The processing guidance for an Firewall Manager rule. This is like a
2118
- # regular rule Statement, but it can only contain a single rule group
2036
+ # regular rule Statement, but it can only contain a rule group
2119
2037
  # reference.
2120
2038
  #
2121
2039
  # @!attribute [rw] managed_rule_group_statement
2122
- # A statement used by Firewall Manager to run the rules that are
2123
- # defined in a managed rule group. This is managed by Firewall Manager
2124
- # for an Firewall Manager WAF policy.
2040
+ # A rule statement used to run the rules that are defined in a managed
2041
+ # rule group. To use this, provide the vendor name and the name of the
2042
+ # rule group in this statement. You can retrieve the required names by
2043
+ # calling ListAvailableManagedRuleGroups.
2044
+ #
2045
+ # You cannot nest a `ManagedRuleGroupStatement`, for example for use
2046
+ # inside a `NotStatement` or `OrStatement`. It can only be referenced
2047
+ # as a top-level statement within a rule.
2048
+ #
2049
+ # <note markdown="1"> You are charged additional fees when you use the WAF Bot Control
2050
+ # managed rule group `AWSManagedRulesBotControlRuleSet` or the WAF
2051
+ # Fraud Control account takeover prevention (ATP) managed rule group
2052
+ # `AWSManagedRulesATPRuleSet`. For more information, see [WAF
2053
+ # Pricing][1].
2054
+ #
2055
+ # </note>
2056
+ #
2057
+ #
2058
+ #
2059
+ # [1]: http://aws.amazon.com/waf/pricing/
2125
2060
  # @return [Types::ManagedRuleGroupStatement]
2126
2061
  #
2127
2062
  # @!attribute [rw] rule_group_reference_statement
2128
- # A statement used by Firewall Manager to run the rules that are
2129
- # defined in a rule group. This is managed by Firewall Manager for an
2130
- # Firewall Manager WAF policy.
2063
+ # A rule statement used to run the rules that are defined in a
2064
+ # RuleGroup. To use this, create a rule group with your rules, then
2065
+ # provide the ARN of the rule group in this statement.
2066
+ #
2067
+ # You cannot nest a `RuleGroupReferenceStatement`, for example for use
2068
+ # inside a `NotStatement` or `OrStatement`. You can only use a rule
2069
+ # group reference statement at the top level inside a web ACL.
2131
2070
  # @return [Types::RuleGroupReferenceStatement]
2132
2071
  #
2133
2072
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/FirewallManagerStatement AWS API Documentation
@@ -2304,7 +2243,7 @@ module Aws::WAFV2
2304
2243
  # Specifies whether this is for an Amazon CloudFront distribution or
2305
2244
  # for a regional application. A regional application can be an
2306
2245
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
2307
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
2246
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
2308
2247
  # service.
2309
2248
  #
2310
2249
  # To work with CloudFront, you must also specify the Region US East
@@ -2393,7 +2332,7 @@ module Aws::WAFV2
2393
2332
  # Specifies whether this is for an Amazon CloudFront distribution or
2394
2333
  # for a regional application. A regional application can be an
2395
2334
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
2396
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
2335
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
2397
2336
  # service.
2398
2337
  #
2399
2338
  # To work with CloudFront, you must also specify the Region US East
@@ -2506,7 +2445,7 @@ module Aws::WAFV2
2506
2445
  # Specifies whether this is for an Amazon CloudFront distribution or
2507
2446
  # for a regional application. A regional application can be an
2508
2447
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
2509
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
2448
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
2510
2449
  # service.
2511
2450
  #
2512
2451
  # To work with CloudFront, you must also specify the Region US East
@@ -2580,7 +2519,7 @@ module Aws::WAFV2
2580
2519
  # Specifies whether this is for an Amazon CloudFront distribution or
2581
2520
  # for a regional application. A regional application can be an
2582
2521
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
2583
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
2522
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
2584
2523
  # service.
2585
2524
  #
2586
2525
  # To work with CloudFront, you must also specify the Region US East
@@ -2641,7 +2580,7 @@ module Aws::WAFV2
2641
2580
  # Specifies whether this is for an Amazon CloudFront distribution or
2642
2581
  # for a regional application. A regional application can be an
2643
2582
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
2644
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
2583
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
2645
2584
  # service.
2646
2585
  #
2647
2586
  # To work with CloudFront, you must also specify the Region US East
@@ -2712,7 +2651,7 @@ module Aws::WAFV2
2712
2651
  # Specifies whether this is for an Amazon CloudFront distribution or
2713
2652
  # for a regional application. A regional application can be an
2714
2653
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
2715
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
2654
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
2716
2655
  # service.
2717
2656
  #
2718
2657
  # To work with CloudFront, you must also specify the Region US East
@@ -2792,22 +2731,20 @@ module Aws::WAFV2
2792
2731
  # The ARN must be in one of the following formats:
2793
2732
  #
2794
2733
  # * For an Application Load Balancer:
2795
- # `arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
2734
+ # `arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
2796
2735
  # `
2797
2736
  #
2798
2737
  # * For an Amazon API Gateway REST API:
2799
- # `arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
2800
- # `
2738
+ # `arn:aws:apigateway:region::/restapis/api-id/stages/stage-name `
2801
2739
  #
2802
2740
  # * For an AppSync GraphQL API:
2803
- # `arn:partition:appsync:region:account-id:apis/GraphQLApiId `
2741
+ # `arn:aws:appsync:region:account-id:apis/GraphQLApiId `
2804
2742
  #
2805
2743
  # * For an Amazon Cognito user pool:
2806
- # `arn:partition:cognito-idp:region:account-id:userpool/user-pool-id
2807
- # `
2744
+ # `arn:aws:cognito-idp:region:account-id:userpool/user-pool-id `
2808
2745
  #
2809
2746
  # * For an App Runner service:
2810
- # `arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
2747
+ # `arn:aws:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
2811
2748
  # `
2812
2749
  # @return [String]
2813
2750
  #
@@ -2841,7 +2778,7 @@ module Aws::WAFV2
2841
2778
  # Specifies whether this is for an Amazon CloudFront distribution or
2842
2779
  # for a regional application. A regional application can be an
2843
2780
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
2844
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
2781
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
2845
2782
  # service.
2846
2783
  #
2847
2784
  # To work with CloudFront, you must also specify the Region US East
@@ -3410,16 +3347,10 @@ module Aws::WAFV2
3410
3347
  #
3411
3348
  # @!attribute [rw] oversize_handling
3412
3349
  # What WAF should do if the body is larger than WAF can inspect. WAF
3413
- # does not support inspecting the entire contents of the web request
3414
- # body if the body exceeds the limit for the resource type. If the
3415
- # body is larger than the limit, the underlying host service only
3416
- # forwards the contents that are below the limit to WAF for
3417
- # inspection.
3418
- #
3419
- # The default limit is 8 KB (8,192 kilobytes) for regional resources
3420
- # and 16 KB (16,384 kilobytes) for CloudFront distributions. For
3421
- # CloudFront distributions, you can increase the limit in the web ACL
3422
- # `AssociationConfig`, for additional processing fees.
3350
+ # does not support inspecting the entire contents of the body of a web
3351
+ # request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB
3352
+ # of the request body are forwarded to WAF by the underlying host
3353
+ # service.
3423
3354
  #
3424
3355
  # The options for oversize handling are the following:
3425
3356
  #
@@ -3434,7 +3365,7 @@ module Aws::WAFV2
3434
3365
  #
3435
3366
  # You can combine the `MATCH` or `NO_MATCH` settings for oversize
3436
3367
  # handling with your rule and web ACL action settings, so that you
3437
- # block any request whose body is over the limit.
3368
+ # block any request whose body is over 8 KB.
3438
3369
  #
3439
3370
  # Default: `CONTINUE`
3440
3371
  # @return [String]
@@ -3606,7 +3537,7 @@ module Aws::WAFV2
3606
3537
  # Specifies whether this is for an Amazon CloudFront distribution or
3607
3538
  # for a regional application. A regional application can be an
3608
3539
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
3609
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
3540
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
3610
3541
  # service.
3611
3542
  #
3612
3543
  # To work with CloudFront, you must also specify the Region US East
@@ -3676,7 +3607,7 @@ module Aws::WAFV2
3676
3607
  # Specifies whether this is for an Amazon CloudFront distribution or
3677
3608
  # for a regional application. A regional application can be an
3678
3609
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
3679
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
3610
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
3680
3611
  # service.
3681
3612
  #
3682
3613
  # To work with CloudFront, you must also specify the Region US East
@@ -3737,7 +3668,7 @@ module Aws::WAFV2
3737
3668
  # Specifies whether this is for an Amazon CloudFront distribution or
3738
3669
  # for a regional application. A regional application can be an
3739
3670
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
3740
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
3671
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
3741
3672
  # service.
3742
3673
  #
3743
3674
  # To work with CloudFront, you must also specify the Region US East
@@ -3800,7 +3731,7 @@ module Aws::WAFV2
3800
3731
  # Specifies whether this is for an Amazon CloudFront distribution or
3801
3732
  # for a regional application. A regional application can be an
3802
3733
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
3803
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
3734
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
3804
3735
  # service.
3805
3736
  #
3806
3737
  # To work with CloudFront, you must also specify the Region US East
@@ -3861,7 +3792,7 @@ module Aws::WAFV2
3861
3792
  # Specifies whether this is for an Amazon CloudFront distribution or
3862
3793
  # for a regional application. A regional application can be an
3863
3794
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
3864
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
3795
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
3865
3796
  # service.
3866
3797
  #
3867
3798
  # To work with CloudFront, you must also specify the Region US East
@@ -3973,7 +3904,7 @@ module Aws::WAFV2
3973
3904
  # Specifies whether this is for an Amazon CloudFront distribution or
3974
3905
  # for a regional application. A regional application can be an
3975
3906
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
3976
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
3907
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
3977
3908
  # service.
3978
3909
  #
3979
3910
  # To work with CloudFront, you must also specify the Region US East
@@ -4037,7 +3968,7 @@ module Aws::WAFV2
4037
3968
  # @!attribute [rw] resource_type
4038
3969
  # Used for web ACLs that are scoped for regional applications. A
4039
3970
  # regional application can be an Application Load Balancer (ALB), an
4040
- # Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
3971
+ # Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon
4041
3972
  # Cognito user pool, or an App Runner service.
4042
3973
  #
4043
3974
  # <note markdown="1"> If you don't provide a resource type, the call uses the resource
@@ -4074,7 +4005,7 @@ module Aws::WAFV2
4074
4005
  # Specifies whether this is for an Amazon CloudFront distribution or
4075
4006
  # for a regional application. A regional application can be an
4076
4007
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
4077
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
4008
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
4078
4009
  # service.
4079
4010
  #
4080
4011
  # To work with CloudFront, you must also specify the Region US East
@@ -4185,7 +4116,7 @@ module Aws::WAFV2
4185
4116
  # Specifies whether this is for an Amazon CloudFront distribution or
4186
4117
  # for a regional application. A regional application can be an
4187
4118
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
4188
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
4119
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
4189
4120
  # service.
4190
4121
  #
4191
4122
  # To work with CloudFront, you must also specify the Region US East
@@ -4790,13 +4721,8 @@ module Aws::WAFV2
4790
4721
  # relative cost of each rule. Simple rules that cost little to run use
4791
4722
  # fewer WCUs than more complex rules that use more processing power.
4792
4723
  # Rule group capacity is fixed at creation, which helps users plan
4793
- # their web ACL WCU usage when they use a rule group. For more
4794
- # information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
4795
- # Developer Guide*.
4796
- #
4797
- #
4798
- #
4799
- # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
4724
+ # their web ACL WCU usage when they use a rule group. The WCU limit
4725
+ # for web ACLs is 1,500.
4800
4726
  # @return [Integer]
4801
4727
  #
4802
4728
  # @!attribute [rw] forecasted_lifetime
@@ -5034,7 +4960,7 @@ module Aws::WAFV2
5034
4960
  # Specifies whether this is for an Amazon CloudFront distribution or
5035
4961
  # for a regional application. A regional application can be an
5036
4962
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
5037
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
4963
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
5038
4964
  # service.
5039
4965
  #
5040
4966
  # To work with CloudFront, you must also specify the Region US East
@@ -5117,7 +5043,8 @@ module Aws::WAFV2
5117
5043
  #
5118
5044
  # The policy specifications must conform to the following:
5119
5045
  #
5120
- # * The policy must be composed using IAM Policy version 2012-10-17.
5046
+ # * The policy must be composed using IAM Policy version 2012-10-17 or
5047
+ # version 2015-01-01.
5121
5048
  #
5122
5049
  # * The policy must include specifications for `Effect`, `Action`, and
5123
5050
  # `Principal`.
@@ -5472,39 +5399,6 @@ module Aws::WAFV2
5472
5399
  include Aws::Structure
5473
5400
  end
5474
5401
 
5475
- # Customizes the maximum size of the request body that your protected
5476
- # CloudFront distributions forward to WAF for inspection. The default
5477
- # size is 16 KB (16,384 kilobytes).
5478
- #
5479
- # <note markdown="1"> You are charged additional fees when your protected resources forward
5480
- # body sizes that are larger than the default. For more information, see
5481
- # [WAF Pricing][1].
5482
- #
5483
- # </note>
5484
- #
5485
- # This is used in the `AssociationConfig` of the web ACL.
5486
- #
5487
- #
5488
- #
5489
- # [1]: http://aws.amazon.com/waf/pricing/
5490
- #
5491
- # @!attribute [rw] default_size_inspection_limit
5492
- # Specifies the maximum size of the web request body component that an
5493
- # associated CloudFront distribution should send to WAF for
5494
- # inspection. This applies to statements in the web ACL that inspect
5495
- # the body or JSON body.
5496
- #
5497
- # Default: `16 KB (16,384 kilobytes)`
5498
- # @return [String]
5499
- #
5500
- # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RequestBodyAssociatedResourceTypeConfig AWS API Documentation
5501
- #
5502
- class RequestBodyAssociatedResourceTypeConfig < Struct.new(
5503
- :default_size_inspection_limit)
5504
- SENSITIVE = []
5505
- include Aws::Structure
5506
- end
5507
-
5508
5402
  # The criteria for inspecting login requests, used by the ATP rule group
5509
5403
  # to validate credentials usage.
5510
5404
  #
@@ -6011,13 +5905,8 @@ module Aws::WAFV2
6011
5905
  # relative cost of each rule. Simple rules that cost little to run use
6012
5906
  # fewer WCUs than more complex rules that use more processing power.
6013
5907
  # Rule group capacity is fixed at creation, which helps users plan
6014
- # their web ACL WCU usage when they use a rule group. For more
6015
- # information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
6016
- # Developer Guide*.
6017
- #
6018
- #
6019
- #
6020
- # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
5908
+ # their web ACL WCU usage when they use a rule group. The WCU limit
5909
+ # for web ACLs is 1,500.
6021
5910
  # @return [Integer]
6022
5911
  #
6023
5912
  # @!attribute [rw] arn
@@ -6064,17 +5953,18 @@ module Aws::WAFV2
6064
5953
  # the rules that you define in the rule group.
6065
5954
  #
6066
5955
  # For information about customizing web requests and responses, see
6067
- # [Customizing web requests and responses in WAF][1] in the *WAF
6068
- # Developer Guide*.
5956
+ # [Customizing web requests and responses in WAF][1] in the [WAF
5957
+ # Developer Guide][2].
6069
5958
  #
6070
5959
  # For information about the limits on count and size for custom
6071
- # request and response settings, see [WAF quotas][2] in the *WAF
6072
- # Developer Guide*.
5960
+ # request and response settings, see [WAF quotas][3] in the [WAF
5961
+ # Developer Guide][2].
6073
5962
  #
6074
5963
  #
6075
5964
  #
6076
5965
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
6077
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
5966
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
5967
+ # [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
6078
5968
  # @return [Hash<String,Types::CustomResponseBody>]
6079
5969
  #
6080
5970
  # @!attribute [rw] available_labels
@@ -6361,14 +6251,9 @@ module Aws::WAFV2
6361
6251
  # statement to look for query strings that are longer than 100 bytes.
6362
6252
  #
6363
6253
  # If you configure WAF to inspect the request body, WAF inspects only
6364
- # the number of bytes of the body up to the limit for the web ACL. By
6365
- # default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes)
6366
- # and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes).
6367
- # For CloudFront web ACLs, you can increase the limit in the web ACL
6368
- # `AssociationConfig`, for additional fees. If you know that the request
6369
- # body for your web requests should never exceed the inspection limit,
6370
- # you could use a size constraint statement to block requests that have
6371
- # a larger request body size.
6254
+ # the first 8192 bytes (8 KB). If the request body for your web requests
6255
+ # never exceeds 8192 bytes, you could use a size constraint statement to
6256
+ # block requests that have a request body greater than 8192 bytes.
6372
6257
  #
6373
6258
  # If you choose URI for the value of Part of the request to filter on,
6374
6259
  # the slash (/) in the URI counts as one character. For example, the URI
@@ -6490,14 +6375,10 @@ module Aws::WAFV2
6490
6375
  # 100 bytes.
6491
6376
  #
6492
6377
  # If you configure WAF to inspect the request body, WAF inspects only
6493
- # the number of bytes of the body up to the limit for the web ACL. By
6494
- # default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes)
6495
- # and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes).
6496
- # For CloudFront web ACLs, you can increase the limit in the web ACL
6497
- # `AssociationConfig`, for additional fees. If you know that the
6498
- # request body for your web requests should never exceed the
6499
- # inspection limit, you could use a size constraint statement to block
6500
- # requests that have a larger request body size.
6378
+ # the first 8192 bytes (8 KB). If the request body for your web
6379
+ # requests never exceeds 8192 bytes, you could use a size constraint
6380
+ # statement to block requests that have a request body greater than
6381
+ # 8192 bytes.
6501
6382
  #
6502
6383
  # If you choose URI for the value of Part of the request to filter on,
6503
6384
  # the slash (/) in the URI counts as one character. For example, the
@@ -7012,7 +6893,7 @@ module Aws::WAFV2
7012
6893
  # Specifies whether this is for an Amazon CloudFront distribution or
7013
6894
  # for a regional application. A regional application can be an
7014
6895
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
7015
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
6896
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
7016
6897
  # service.
7017
6898
  #
7018
6899
  # To work with CloudFront, you must also specify the Region US East
@@ -7131,7 +7012,7 @@ module Aws::WAFV2
7131
7012
  # Specifies whether this is for an Amazon CloudFront distribution or
7132
7013
  # for a regional application. A regional application can be an
7133
7014
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
7134
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
7015
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
7135
7016
  # service.
7136
7017
  #
7137
7018
  # To work with CloudFront, you must also specify the Region US East
@@ -7230,7 +7111,7 @@ module Aws::WAFV2
7230
7111
  # Specifies whether this is for an Amazon CloudFront distribution or
7231
7112
  # for a regional application. A regional application can be an
7232
7113
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
7233
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
7114
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
7234
7115
  # service.
7235
7116
  #
7236
7117
  # To work with CloudFront, you must also specify the Region US East
@@ -7303,7 +7184,7 @@ module Aws::WAFV2
7303
7184
  # Specifies whether this is for an Amazon CloudFront distribution or
7304
7185
  # for a regional application. A regional application can be an
7305
7186
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
7306
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
7187
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
7307
7188
  # service.
7308
7189
  #
7309
7190
  # To work with CloudFront, you must also specify the Region US East
@@ -7356,17 +7237,18 @@ module Aws::WAFV2
7356
7237
  # the rules that you define in the rule group.
7357
7238
  #
7358
7239
  # For information about customizing web requests and responses, see
7359
- # [Customizing web requests and responses in WAF][1] in the *WAF
7360
- # Developer Guide*.
7240
+ # [Customizing web requests and responses in WAF][1] in the [WAF
7241
+ # Developer Guide][2].
7361
7242
  #
7362
7243
  # For information about the limits on count and size for custom
7363
- # request and response settings, see [WAF quotas][2] in the *WAF
7364
- # Developer Guide*.
7244
+ # request and response settings, see [WAF quotas][3] in the [WAF
7245
+ # Developer Guide][2].
7365
7246
  #
7366
7247
  #
7367
7248
  #
7368
7249
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
7369
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
7250
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
7251
+ # [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
7370
7252
  # @return [Hash<String,Types::CustomResponseBody>]
7371
7253
  #
7372
7254
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateRuleGroupRequest AWS API Documentation
@@ -7407,7 +7289,7 @@ module Aws::WAFV2
7407
7289
  # Specifies whether this is for an Amazon CloudFront distribution or
7408
7290
  # for a regional application. A regional application can be an
7409
7291
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
7410
- # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
7292
+ # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
7411
7293
  # service.
7412
7294
  #
7413
7295
  # To work with CloudFront, you must also specify the Region US East
@@ -7465,17 +7347,18 @@ module Aws::WAFV2
7465
7347
  # rules and default actions that you define in the web ACL.
7466
7348
  #
7467
7349
  # For information about customizing web requests and responses, see
7468
- # [Customizing web requests and responses in WAF][1] in the *WAF
7469
- # Developer Guide*.
7350
+ # [Customizing web requests and responses in WAF][1] in the [WAF
7351
+ # Developer Guide][2].
7470
7352
  #
7471
7353
  # For information about the limits on count and size for custom
7472
- # request and response settings, see [WAF quotas][2] in the *WAF
7473
- # Developer Guide*.
7354
+ # request and response settings, see [WAF quotas][3] in the [WAF
7355
+ # Developer Guide][2].
7474
7356
  #
7475
7357
  #
7476
7358
  #
7477
7359
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
7478
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
7360
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
7361
+ # [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
7479
7362
  # @return [Hash<String,Types::CustomResponseBody>]
7480
7363
  #
7481
7364
  # @!attribute [rw] captcha_config
@@ -7507,25 +7390,6 @@ module Aws::WAFV2
7507
7390
  # `usa.gov` or `co.uk` as token domains.
7508
7391
  # @return [Array<String>]
7509
7392
  #
7510
- # @!attribute [rw] association_config
7511
- # Specifies custom configurations for the associations between the web
7512
- # ACL and protected resources.
7513
- #
7514
- # Use this to customize the maximum size of the request body that your
7515
- # protected CloudFront distributions forward to WAF for inspection.
7516
- # The default is 16 KB (16,384 kilobytes).
7517
- #
7518
- # <note markdown="1"> You are charged additional fees when your protected resources
7519
- # forward body sizes that are larger than the default. For more
7520
- # information, see [WAF Pricing][1].
7521
- #
7522
- # </note>
7523
- #
7524
- #
7525
- #
7526
- # [1]: http://aws.amazon.com/waf/pricing/
7527
- # @return [Types::AssociationConfig]
7528
- #
7529
7393
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateWebACLRequest AWS API Documentation
7530
7394
  #
7531
7395
  class UpdateWebACLRequest < Struct.new(
@@ -7540,8 +7404,7 @@ module Aws::WAFV2
7540
7404
  :custom_response_bodies,
7541
7405
  :captcha_config,
7542
7406
  :challenge_config,
7543
- :token_domains,
7544
- :association_config)
7407
+ :token_domains)
7545
7408
  SENSITIVE = []
7546
7409
  include Aws::Structure
7547
7410
  end
@@ -7636,7 +7499,7 @@ module Aws::WAFV2
7636
7499
  # @!attribute [rw] cloud_watch_metrics_enabled
7637
7500
  # A boolean indicating whether the associated resource sends metrics
7638
7501
  # to Amazon CloudWatch. For the list of available metrics, see [WAF
7639
- # Metrics][1] in the *WAF Developer Guide*.
7502
+ # Metrics][1].
7640
7503
  #
7641
7504
  #
7642
7505
  #
@@ -7802,7 +7665,8 @@ module Aws::WAFV2
7802
7665
  #
7803
7666
  # The policy specifications must conform to the following:
7804
7667
  #
7805
- # * The policy must be composed using IAM Policy version 2012-10-17.
7668
+ # * The policy must be composed using IAM Policy version 2012-10-17 or
7669
+ # version 2015-01-01.
7806
7670
  #
7807
7671
  # * The policy must include specifications for `Effect`, `Action`, and
7808
7672
  # `Principal`.
@@ -8007,7 +7871,7 @@ module Aws::WAFV2
8007
7871
  # can associate a web ACL with one or more Amazon Web Services resources
8008
7872
  # to protect. The resources can be an Amazon CloudFront distribution, an
8009
7873
  # Amazon API Gateway REST API, an Application Load Balancer, an AppSync
8010
- # GraphQL API, an Amazon Cognito user pool, or an App Runner service.
7874
+ # GraphQL API, Amazon Cognito user pool, or an App Runner service.
8011
7875
  #
8012
7876
  # @!attribute [rw] name
8013
7877
  # The name of the web ACL. You cannot change the name of a web ACL
@@ -8056,13 +7920,8 @@ module Aws::WAFV2
8056
7920
  # relative cost of each rule. Simple rules that cost little to run use
8057
7921
  # fewer WCUs than more complex rules that use more processing power.
8058
7922
  # Rule group capacity is fixed at creation, which helps users plan
8059
- # their web ACL WCU usage when they use a rule group. For more
8060
- # information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
8061
- # Developer Guide*.
8062
- #
8063
- #
8064
- #
8065
- # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
7923
+ # their web ACL WCU usage when they use a rule group. The WCU limit
7924
+ # for web ACLs is 1,500.
8066
7925
  # @return [Integer]
8067
7926
  #
8068
7927
  # @!attribute [rw] pre_process_firewall_manager_rule_groups
@@ -8121,17 +7980,18 @@ module Aws::WAFV2
8121
7980
  # rules and default actions that you define in the web ACL.
8122
7981
  #
8123
7982
  # For information about customizing web requests and responses, see
8124
- # [Customizing web requests and responses in WAF][1] in the *WAF
8125
- # Developer Guide*.
7983
+ # [Customizing web requests and responses in WAF][1] in the [WAF
7984
+ # Developer Guide][2].
8126
7985
  #
8127
7986
  # For information about the limits on count and size for custom
8128
- # request and response settings, see [WAF quotas][2] in the *WAF
8129
- # Developer Guide*.
7987
+ # request and response settings, see [WAF quotas][3] in the [WAF
7988
+ # Developer Guide][2].
8130
7989
  #
8131
7990
  #
8132
7991
  #
8133
7992
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
8134
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
7993
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
7994
+ # [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
8135
7995
  # @return [Hash<String,Types::CustomResponseBody>]
8136
7996
  #
8137
7997
  # @!attribute [rw] captcha_config
@@ -8157,25 +8017,6 @@ module Aws::WAFV2
8157
8017
  # domain list, including their prefixed subdomains.
8158
8018
  # @return [Array<String>]
8159
8019
  #
8160
- # @!attribute [rw] association_config
8161
- # Specifies custom configurations for the associations between the web
8162
- # ACL and protected resources.
8163
- #
8164
- # Use this to customize the maximum size of the request body that your
8165
- # protected CloudFront distributions forward to WAF for inspection.
8166
- # The default is 16 KB (16,384 kilobytes).
8167
- #
8168
- # <note markdown="1"> You are charged additional fees when your protected resources
8169
- # forward body sizes that are larger than the default. For more
8170
- # information, see [WAF Pricing][1].
8171
- #
8172
- # </note>
8173
- #
8174
- #
8175
- #
8176
- # [1]: http://aws.amazon.com/waf/pricing/
8177
- # @return [Types::AssociationConfig]
8178
- #
8179
8020
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WebACL AWS API Documentation
8180
8021
  #
8181
8022
  class WebACL < Struct.new(
@@ -8194,8 +8035,7 @@ module Aws::WAFV2
8194
8035
  :custom_response_bodies,
8195
8036
  :captcha_config,
8196
8037
  :challenge_config,
8197
- :token_domains,
8198
- :association_config)
8038
+ :token_domains)
8199
8039
  SENSITIVE = []
8200
8040
  include Aws::Structure
8201
8041
  end