aws-sdk-wafv2 1.53.0 → 1.55.0

data/lib/aws-sdk-wafv2/client.rb

@@ -381,13 +381,13 @@ module Aws::WAFV2
     # Associates a web ACL with a regional application resource, to protect
     # the resource. A regional application can be an Application Load
     # Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL
-    # API, a Amazon Cognito user pool, or an App Runner service.
+    # API, an Amazon Cognito user pool, or an App Runner service.
     #
     # For Amazon CloudFront, don't use this call. Instead, use your
     # CloudFront distribution configuration. To associate a web ACL, in the
     # CloudFront call `UpdateDistribution`, set the web ACL ID to the Amazon
     # Resource Name (ARN) of the web ACL. For information, see
-    # [UpdateDistribution][1].
+    # [UpdateDistribution][1] in the *Amazon CloudFront Developer Guide*.
     #
     # When you make changes to web ACLs or web ACL components, like rules
     # and rule groups, WAF propagates the changes everywhere that the web
@@ -418,20 +418,21 @@ module Aws::WAFV2
     #   The ARN must be in one of the following formats:
     #
     #   * For an Application Load Balancer:
-    #     `arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
+    #     `arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
     #     `
     #
     #   * For an Amazon API Gateway REST API:
-    #     `arn:aws:apigateway:region::/restapis/api-id/stages/stage-name `
+    #     `arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
+    #     `
     #
     #   * For an AppSync GraphQL API:
-    #     `arn:aws:appsync:region:account-id:apis/GraphQLApiId `
+    #     `arn:partition:appsync:region:account-id:apis/GraphQLApiId `
     #
     #   * For an Amazon Cognito user pool:
-    #     `arn:aws:cognito-idp:region:account-id:userpool/user-pool-id `
+    #     `arn:partition:cognito-idp:region:account-id:userpool/user-pool-id `
     #
     #   * For an App Runner service:
-    #     `arn:aws:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
+    #     `arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
     #     `
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -462,13 +463,18 @@ module Aws::WAFV2
     # of each rule. Simple rules that cost little to run use fewer WCUs than
     # more complex rules that use more processing power. Rule group capacity
     # is fixed at creation, which helps users plan their web ACL WCU usage
-    # when they use a rule group. The WCU limit for web ACLs is 1,500.
+    # when they use a rule group. For more information, see [WAF web ACL
+    # capacity units (WCU)][1] in the *WAF Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
     #
     # @option params [required, String] :scope
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -1185,6 +1191,63 @@ module Aws::WAFV2
       req.send_request(options)
     end
 
+    # Creates an API key for use in the integration of the CAPTCHA API in
+    # your JavaScript client applications. The integration lets you
+    # customize the placement and characteristics of the CAPTCHA puzzle for
+    # your end users. For more information about the CAPTCHA JavaScript
+    # integration, see [WAF client application integration][1] in the *WAF
+    # Developer Guide*.
+    #
+    # The CAPTCHA API requires a key that authorizes CAPTCHA use from the
+    # client application domain. You can use a single key for up to 5
+    # domains. After you generate a key, you can copy it for use in your
+    # JavaScript integration.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html
+    #
+    # @option params [required, String] :scope
+    #   Specifies whether this is for an Amazon CloudFront distribution or for
+    #   a regional application. A regional application can be an Application
+    #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
+    #
+    #   To work with CloudFront, you must also specify the Region US East (N.
+    #   Virginia) as follows:
+    #
+    #   * CLI - Specify the Region when you use the CloudFront scope:
+    #     `--scope=CLOUDFRONT --region=us-east-1`.
+    #
+    #   * API and SDKs - For all calls, use the Region endpoint us-east-1.
+    #
+    # @option params [required, Array<String>] :token_domains
+    #   The client application domains that you want to use this API key for.
+    #
+    # @return [Types::CreateAPIKeyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::CreateAPIKeyResponse#api_key #api_key} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.create_api_key({
+    #     scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
+    #     token_domains: ["TokenDomain"], # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.api_key #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateAPIKey AWS API Documentation
+    #
+    # @overload create_api_key(params = {})
+    # @param [Hash] params ({})
+    def create_api_key(params = {}, options = {})
+      req = build_request(:create_api_key, params)
+      req.send_request(options)
+    end
+
     # Creates an IPSet, which you use to identify web requests that
     # originate from specific IP addresses or ranges of IP addresses. For
     # example, if you're receiving a lot of requests from a ranges of IP
@@ -1199,7 +1262,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -1309,7 +1372,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -1384,7 +1447,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -1408,7 +1471,12 @@ module Aws::WAFV2
     #   of each rule. Simple rules that cost little to run use fewer WCUs than
     #   more complex rules that use more processing power. Rule group capacity
     #   is fixed at creation, which helps users plan their web ACL WCU usage
-    #   when they use a rule group. The WCU limit for web ACLs is 1,500.
+    #   when they use a rule group. For more information, see [WAF web ACL
+    #   capacity units (WCU)][1] in the *WAF Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
     #
     # @option params [String] :description
     #   A description of the rule group that helps with identification.
@@ -1433,18 +1501,17 @@ module Aws::WAFV2
     #   rules that you define in the rule group.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #   For information about the limits on count and size for custom request
-    #   and response settings, see [WAF quotas][3] in the [WAF Developer
-    #   Guide][2].
+    #   and response settings, see [WAF quotas][2] in the *WAF Developer
+    #   Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
-    #   [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
+    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
     #
     # @return [Types::CreateRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -2184,7 +2251,7 @@ module Aws::WAFV2
     # can associate a web ACL with one or more Amazon Web Services resources
     # to protect. The resources can be an Amazon CloudFront distribution, an
     # Amazon API Gateway REST API, an Application Load Balancer, an AppSync
-    # GraphQL API, Amazon Cognito user pool, or an App Runner service.
+    # GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     # @option params [required, String] :name
     #   The name of the web ACL. You cannot change the name of a web ACL after
@@ -2194,7 +2261,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -2231,18 +2298,17 @@ module Aws::WAFV2
     #   rules and default actions that you define in the web ACL.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #   For information about the limits on count and size for custom request
-    #   and response settings, see [WAF quotas][3] in the [WAF Developer
-    #   Guide][2].
+    #   and response settings, see [WAF quotas][2] in the *WAF Developer
+    #   Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
-    #   [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
+    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
     #
     # @option params [Types::CaptchaConfig] :captcha_config
     #   Specifies how WAF should handle `CAPTCHA` evaluations for rules that
@@ -2270,6 +2336,24 @@ module Aws::WAFV2
     #   Public suffixes aren't allowed. For example, you can't use `usa.gov`
     #   or `co.uk` as token domains.
     #
+    # @option params [Types::AssociationConfig] :association_config
+    #   Specifies custom configurations for the associations between the web
+    #   ACL and protected resources.
+    #
+    #   Use this to customize the maximum size of the request body that your
+    #   protected CloudFront distributions forward to WAF for inspection. The
+    #   default is 16 KB (16,384 kilobytes).
+    #
+    #   <note markdown="1"> You are charged additional fees when your protected resources forward
+    #   body sizes that are larger than the default. For more information, see
+    #   [WAF Pricing][1].
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: http://aws.amazon.com/waf/pricing/
+    #
     # @return [Types::CreateWebACLResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::CreateWebACLResponse#summary #summary} => Types::WebACLSummary
@@ -3012,6 +3096,13 @@ module Aws::WAFV2
     #       },
     #     },
     #     token_domains: ["TokenDomain"],
+    #     association_config: {
+    #       request_body: {
+    #         "CLOUDFRONT" => {
+    #           default_size_inspection_limit: "KB_16", # required, accepts KB_16, KB_32, KB_48, KB_64
+    #         },
+    #       },
+    #     },
     #   })
     #
     # @example Response structure
@@ -3084,7 +3175,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -3189,7 +3280,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -3244,7 +3335,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -3303,7 +3394,8 @@ module Aws::WAFV2
     #
     #   * For Amazon CloudFront distributions, use the CloudFront call
     #     `ListDistributionsByWebACLId`. For information, see
-    #     [ListDistributionsByWebACLId][1].
+    #     [ListDistributionsByWebACLId][1] in the *Amazon CloudFront API
+    #     Reference*.
     #
     # * To disassociate a resource from a web ACL, use the following calls:
     #
@@ -3311,7 +3403,7 @@ module Aws::WAFV2
     #
     #   * For Amazon CloudFront distributions, provide an empty web ACL ID
     #     in the CloudFront call `UpdateDistribution`. For information, see
-    #     [UpdateDistribution][2].
+    #     [UpdateDistribution][2] in the *Amazon CloudFront API Reference*.
     #
     #  </note>
     #
@@ -3328,7 +3420,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -3388,7 +3480,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -3465,12 +3557,13 @@ module Aws::WAFV2
     # existing web ACL association. A resource can have at most one web ACL
     # association. A regional application can be an Application Load
     # Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL
-    # API, a Amazon Cognito user pool, or an App Runner service.
+    # API, an Amazon Cognito user pool, or an App Runner service.
     #
     # For Amazon CloudFront, don't use this call. Instead, use your
     # CloudFront distribution configuration. To disassociate a web ACL,
     # provide an empty web ACL ID in the CloudFront call
-    # `UpdateDistribution`. For information, see [UpdateDistribution][1].
+    # `UpdateDistribution`. For information, see [UpdateDistribution][1] in
+    # the *Amazon CloudFront API Reference*.
     #
     #
     #
@@ -3483,20 +3576,21 @@ module Aws::WAFV2
     #   The ARN must be in one of the following formats:
     #
     #   * For an Application Load Balancer:
-    #     `arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
+    #     `arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
     #     `
     #
     #   * For an Amazon API Gateway REST API:
-    #     `arn:aws:apigateway:region::/restapis/api-id/stages/stage-name `
+    #     `arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
+    #     `
     #
     #   * For an AppSync GraphQL API:
-    #     `arn:aws:appsync:region:account-id:apis/GraphQLApiId `
+    #     `arn:partition:appsync:region:account-id:apis/GraphQLApiId `
     #
     #   * For an Amazon Cognito user pool:
-    #     `arn:aws:cognito-idp:region:account-id:userpool/user-pool-id `
+    #     `arn:partition:cognito-idp:region:account-id:userpool/user-pool-id `
     #
     #   * For an App Runner service:
-    #     `arn:aws:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
+    #     `arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
     #     `
     #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
@@ -3560,6 +3654,53 @@ module Aws::WAFV2
       req.send_request(options)
     end
 
+    # Returns your API key in decrypted form. Use this to check the token
+    # domains that you have defined for the key.
+    #
+    # @option params [required, String] :scope
+    #   Specifies whether this is for an Amazon CloudFront distribution or for
+    #   a regional application. A regional application can be an Application
+    #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
+    #
+    #   To work with CloudFront, you must also specify the Region US East (N.
+    #   Virginia) as follows:
+    #
+    #   * CLI - Specify the Region when you use the CloudFront scope:
+    #     `--scope=CLOUDFRONT --region=us-east-1`.
+    #
+    #   * API and SDKs - For all calls, use the Region endpoint us-east-1.
+    #
+    # @option params [required, String] :api_key
+    #   The encrypted API key.
+    #
+    # @return [Types::GetDecryptedAPIKeyResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::GetDecryptedAPIKeyResponse#token_domains #token_domains} => Array&lt;String&gt;
+    #   * {Types::GetDecryptedAPIKeyResponse#creation_timestamp #creation_timestamp} => Time
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.get_decrypted_api_key({
+    #     scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
+    #     api_key: "APIKey", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.token_domains #=> Array
+    #   resp.token_domains[0] #=> String
+    #   resp.creation_timestamp #=> Time
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetDecryptedAPIKey AWS API Documentation
+    #
+    # @overload get_decrypted_api_key(params = {})
+    # @param [Hash] params ({})
+    def get_decrypted_api_key(params = {}, options = {})
+      req = build_request(:get_decrypted_api_key, params)
+      req.send_request(options)
+    end
+
     # Retrieves the specified IPSet.
     #
     # @option params [required, String] :name
@@ -3570,7 +3711,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -3702,7 +3843,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -3859,7 +4000,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -3932,7 +4073,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -3989,7 +4130,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -4345,7 +4486,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -4441,7 +4582,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -5309,6 +5450,8 @@ module Aws::WAFV2
     #   resp.web_acl.challenge_config.immunity_time_property.immunity_time #=> Integer
     #   resp.web_acl.token_domains #=> Array
     #   resp.web_acl.token_domains[0] #=> String
+    #   resp.web_acl.association_config.request_body #=> Hash
+    #   resp.web_acl.association_config.request_body["AssociatedResourceType"].default_size_inspection_limit #=> String, one of "KB_16", "KB_32", "KB_48", "KB_64"
     #   resp.lock_token #=> String
     #   resp.application_integration_url #=> String
     #
@@ -5330,20 +5473,21 @@ module Aws::WAFV2
     #   The ARN must be in one of the following formats:
     #
     #   * For an Application Load Balancer:
-    #     `arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
+    #     `arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
     #     `
     #
     #   * For an Amazon API Gateway REST API:
-    #     `arn:aws:apigateway:region::/restapis/api-id/stages/stage-name `
+    #     `arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
+    #     `
     #
     #   * For an AppSync GraphQL API:
-    #     `arn:aws:appsync:region:account-id:apis/GraphQLApiId `
+    #     `arn:partition:appsync:region:account-id:apis/GraphQLApiId `
     #
     #   * For an Amazon Cognito user pool:
-    #     `arn:aws:cognito-idp:region:account-id:userpool/user-pool-id `
+    #     `arn:partition:cognito-idp:region:account-id:userpool/user-pool-id `
     #
     #   * For an App Runner service:
-    #     `arn:aws:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
+    #     `arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
     #     `
     #
     # @return [Types::GetWebACLForResourceResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
@@ -6195,6 +6339,8 @@ module Aws::WAFV2
     #   resp.web_acl.challenge_config.immunity_time_property.immunity_time #=> Integer
     #   resp.web_acl.token_domains #=> Array
     #   resp.web_acl.token_domains[0] #=> String
+    #   resp.web_acl.association_config.request_body #=> Hash
+    #   resp.web_acl.association_config.request_body["AssociatedResourceType"].default_size_inspection_limit #=> String, one of "KB_16", "KB_32", "KB_48", "KB_64"
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetWebACLForResource AWS API Documentation
     #
@@ -6205,6 +6351,70 @@ module Aws::WAFV2
       req.send_request(options)
     end
 
+    # Retrieves a list of the API keys that you've defined for the
+    # specified scope.
+    #
+    # @option params [required, String] :scope
+    #   Specifies whether this is for an Amazon CloudFront distribution or for
+    #   a regional application. A regional application can be an Application
+    #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
+    #
+    #   To work with CloudFront, you must also specify the Region US East (N.
+    #   Virginia) as follows:
+    #
+    #   * CLI - Specify the Region when you use the CloudFront scope:
+    #     `--scope=CLOUDFRONT --region=us-east-1`.
+    #
+    #   * API and SDKs - For all calls, use the Region endpoint us-east-1.
+    #
+    # @option params [String] :next_marker
+    #   When you request a list of objects with a `Limit` setting, if the
+    #   number of objects that are still available for retrieval exceeds the
+    #   limit, WAF returns a `NextMarker` value in the response. To retrieve
+    #   the next batch of objects, provide the marker from the prior call in
+    #   your next request.
+    #
+    # @option params [Integer] :limit
+    #   The maximum number of objects that you want WAF to return for this
+    #   request. If more objects are available, in the response, WAF provides
+    #   a `NextMarker` value that you can use in a subsequent call to get the
+    #   next batch of objects.
+    #
+    # @return [Types::ListAPIKeysResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListAPIKeysResponse#next_marker #next_marker} => String
+    #   * {Types::ListAPIKeysResponse#api_key_summaries #api_key_summaries} => Array&lt;Types::APIKeySummary&gt;
+    #   * {Types::ListAPIKeysResponse#application_integration_url #application_integration_url} => String
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_api_keys({
+    #     scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
+    #     next_marker: "NextMarker",
+    #     limit: 1,
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.next_marker #=> String
+    #   resp.api_key_summaries #=> Array
+    #   resp.api_key_summaries[0].token_domains #=> Array
+    #   resp.api_key_summaries[0].token_domains[0] #=> String
+    #   resp.api_key_summaries[0].api_key #=> String
+    #   resp.api_key_summaries[0].creation_timestamp #=> Time
+    #   resp.api_key_summaries[0].version #=> Integer
+    #   resp.application_integration_url #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListAPIKeys AWS API Documentation
+    #
+    # @overload list_api_keys(params = {})
+    # @param [Hash] params ({})
+    def list_api_keys(params = {}, options = {})
+      req = build_request(:list_api_keys, params)
+      req.send_request(options)
+    end
+
     # Returns a list of the available versions for the specified managed
     # rule group.
     #
@@ -6220,7 +6430,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -6285,7 +6495,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -6346,7 +6556,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -6407,7 +6617,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -6506,7 +6716,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -6627,7 +6837,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -6693,7 +6903,7 @@ module Aws::WAFV2
     # @option params [String] :resource_type
     #   Used for web ACLs that are scoped for regional applications. A
     #   regional application can be an Application Load Balancer (ALB), an
-    #   Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
+    #   Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito
     #   user pool, or an App Runner service.
     #
     #   <note markdown="1"> If you don't provide a resource type, the call uses the resource type
@@ -6735,7 +6945,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -6854,7 +7064,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -7131,7 +7341,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -7221,8 +7431,7 @@ module Aws::WAFV2
     #
     #   The policy specifications must conform to the following:
     #
-    #   * The policy must be composed using IAM Policy version 2012-10-17 or
-    #     version 2015-01-01.
+    #   * The policy must be composed using IAM Policy version 2012-10-17.
     #
     #   * The policy must include specifications for `Effect`, `Action`, and
     #     `Principal`.
@@ -7370,7 +7579,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -7495,7 +7704,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -7601,7 +7810,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -7707,7 +7916,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -7752,18 +7961,17 @@ module Aws::WAFV2
     #   rules that you define in the rule group.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #   For information about the limits on count and size for custom request
-    #   and response settings, see [WAF quotas][3] in the [WAF Developer
-    #   Guide][2].
+    #   and response settings, see [WAF quotas][2] in the *WAF Developer
+    #   Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
-    #   [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
+    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
     #
     # @return [Types::UpdateRuleGroupResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -8524,7 +8732,7 @@ module Aws::WAFV2
     # can associate a web ACL with one or more Amazon Web Services resources
     # to protect. The resources can be an Amazon CloudFront distribution, an
     # Amazon API Gateway REST API, an Application Load Balancer, an AppSync
-    # GraphQL API, Amazon Cognito user pool, or an App Runner service.
+    # GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     # @option params [required, String] :name
     #   The name of the web ACL. You cannot change the name of a web ACL after
@@ -8534,7 +8742,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or for
     #   a regional application. A regional application can be an Application
     #   Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync
-    #   GraphQL API, a Amazon Cognito user pool, or an App Runner service.
+    #   GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     #   To work with CloudFront, you must also specify the Region US East (N.
     #   Virginia) as follows:
@@ -8583,18 +8791,17 @@ module Aws::WAFV2
     #   rules and default actions that you define in the web ACL.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #   For information about the limits on count and size for custom request
-    #   and response settings, see [WAF quotas][3] in the [WAF Developer
-    #   Guide][2].
+    #   and response settings, see [WAF quotas][2] in the *WAF Developer
+    #   Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
-    #   [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
+    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
     #
     # @option params [Types::CaptchaConfig] :captcha_config
     #   Specifies how WAF should handle `CAPTCHA` evaluations for rules that
@@ -8622,6 +8829,24 @@ module Aws::WAFV2
     #   Public suffixes aren't allowed. For example, you can't use `usa.gov`
     #   or `co.uk` as token domains.
     #
+    # @option params [Types::AssociationConfig] :association_config
+    #   Specifies custom configurations for the associations between the web
+    #   ACL and protected resources.
+    #
+    #   Use this to customize the maximum size of the request body that your
+    #   protected CloudFront distributions forward to WAF for inspection. The
+    #   default is 16 KB (16,384 kilobytes).
+    #
+    #   <note markdown="1"> You are charged additional fees when your protected resources forward
+    #   body sizes that are larger than the default. For more information, see
+    #   [WAF Pricing][1].
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: http://aws.amazon.com/waf/pricing/
+    #
     # @return [Types::UpdateWebACLResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::UpdateWebACLResponse#next_lock_token #next_lock_token} => String
@@ -9360,6 +9585,13 @@ module Aws::WAFV2
     #       },
     #     },
     #     token_domains: ["TokenDomain"],
+    #     association_config: {
+    #       request_body: {
+    #         "CLOUDFRONT" => {
+    #           default_size_inspection_limit: "KB_16", # required, accepts KB_16, KB_32, KB_48, KB_64
+    #         },
+    #       },
+    #     },
     #   })
     #
     # @example Response structure
@@ -9388,7 +9620,7 @@ module Aws::WAFV2
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-wafv2'
-      context[:gem_version] = '1.53.0'
+      context[:gem_version] = '1.55.0'
       Seahorse::Client::Request.new(handlers, context)
     end