aws-sdk-wafv2 1.53.0 → 1.55.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -10,6 +10,44 @@
10
10
  module Aws::WAFV2
11
11
  module Types
12
12
 
13
+ # Information for a single API key.
14
+ #
15
+ # @!attribute [rw] token_domains
16
+ # The token domains that are defined in this API key.
17
+ # @return [Array<String>]
18
+ #
19
+ # @!attribute [rw] api_key
20
+ # The generated, encrypted API key. You can copy this for use in your
21
+ # JavaScript CAPTCHA integration.
22
+ #
23
+ # For information about how to use this in your CAPTCHA JavaScript
24
+ # integration, see [WAF client application integration][1] in the *WAF
25
+ # Developer Guide*.
26
+ #
27
+ #
28
+ #
29
+ # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html
30
+ # @return [String]
31
+ #
32
+ # @!attribute [rw] creation_timestamp
33
+ # The date and time that the key was created.
34
+ # @return [Time]
35
+ #
36
+ # @!attribute [rw] version
37
+ # Internal value used by WAF to manage the key.
38
+ # @return [Integer]
39
+ #
40
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/APIKeySummary AWS API Documentation
41
+ #
42
+ class APIKeySummary < Struct.new(
43
+ :token_domains,
44
+ :api_key,
45
+ :creation_timestamp,
46
+ :version)
47
+ SENSITIVE = []
48
+ include Aws::Structure
49
+ end
50
+
13
51
  # Details for your use of the account takeover prevention managed rule
14
52
  # group, `AWSManagedRulesATPRuleSet`. This configuration is used in
15
53
  # `ManagedRuleGroupConfig`.
@@ -63,7 +101,8 @@ module Aws::WAFV2
63
101
  # The inspection level to use for the Bot Control rule group. The
64
102
  # common level is the least expensive. The targeted level includes all
65
103
  # common level rules and adds rules with more advanced inspection
66
- # criteria. For details, see [WAF Bot Control rule group][1].
104
+ # criteria. For details, see [WAF Bot Control rule group][1] in the
105
+ # *WAF Developer Guide*.
67
106
  #
68
107
  #
69
108
  #
@@ -137,13 +176,12 @@ module Aws::WAFV2
137
176
  # Defines custom handling for the web request.
138
177
  #
139
178
  # For information about customizing web requests and responses, see
140
- # [Customizing web requests and responses in WAF][1] in the [WAF
141
- # Developer Guide][2].
179
+ # [Customizing web requests and responses in WAF][1] in the *WAF
180
+ # Developer Guide*.
142
181
  #
143
182
  #
144
183
  #
145
184
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
146
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
147
185
  # @return [Types::CustomRequestHandling]
148
186
  #
149
187
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AllowAction AWS API Documentation
@@ -183,20 +221,22 @@ module Aws::WAFV2
183
221
  # The ARN must be in one of the following formats:
184
222
  #
185
223
  # * For an Application Load Balancer:
186
- # `arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
224
+ # `arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
187
225
  # `
188
226
  #
189
227
  # * For an Amazon API Gateway REST API:
190
- # `arn:aws:apigateway:region::/restapis/api-id/stages/stage-name `
228
+ # `arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
229
+ # `
191
230
  #
192
231
  # * For an AppSync GraphQL API:
193
- # `arn:aws:appsync:region:account-id:apis/GraphQLApiId `
232
+ # `arn:partition:appsync:region:account-id:apis/GraphQLApiId `
194
233
  #
195
234
  # * For an Amazon Cognito user pool:
196
- # `arn:aws:cognito-idp:region:account-id:userpool/user-pool-id `
235
+ # `arn:partition:cognito-idp:region:account-id:userpool/user-pool-id
236
+ # `
197
237
  #
198
238
  # * For an App Runner service:
199
- # `arn:aws:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
239
+ # `arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
200
240
  # `
201
241
  # @return [String]
202
242
  #
@@ -213,6 +253,47 @@ module Aws::WAFV2
213
253
  #
214
254
  class AssociateWebACLResponse < Aws::EmptyStructure; end
215
255
 
256
+ # Specifies custom configurations for the associations between the web
257
+ # ACL and protected resources.
258
+ #
259
+ # Use this to customize the maximum size of the request body that your
260
+ # protected CloudFront distributions forward to WAF for inspection. The
261
+ # default is 16 KB (16,384 kilobytes).
262
+ #
263
+ # <note markdown="1"> You are charged additional fees when your protected resources forward
264
+ # body sizes that are larger than the default. For more information, see
265
+ # [WAF Pricing][1].
266
+ #
267
+ # </note>
268
+ #
269
+ #
270
+ #
271
+ # [1]: http://aws.amazon.com/waf/pricing/
272
+ #
273
+ # @!attribute [rw] request_body
274
+ # Customizes the maximum size of the request body that your protected
275
+ # CloudFront distributions forward to WAF for inspection. The default
276
+ # size is 16 KB (16,384 kilobytes).
277
+ #
278
+ # <note markdown="1"> You are charged additional fees when your protected resources
279
+ # forward body sizes that are larger than the default. For more
280
+ # information, see [WAF Pricing][1].
281
+ #
282
+ # </note>
283
+ #
284
+ #
285
+ #
286
+ # [1]: http://aws.amazon.com/waf/pricing/
287
+ # @return [Hash<String,Types::RequestBodyAssociatedResourceTypeConfig>]
288
+ #
289
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AssociationConfig AWS API Documentation
290
+ #
291
+ class AssociationConfig < Struct.new(
292
+ :request_body)
293
+ SENSITIVE = []
294
+ include Aws::Structure
295
+ end
296
+
216
297
  # Specifies that WAF should block the request and optionally defines
217
298
  # additional custom handling for the response to the web request.
218
299
  #
@@ -223,13 +304,12 @@ module Aws::WAFV2
223
304
  # Defines a custom response for the web request.
224
305
  #
225
306
  # For information about customizing web requests and responses, see
226
- # [Customizing web requests and responses in WAF][1] in the [WAF
227
- # Developer Guide][2].
307
+ # [Customizing web requests and responses in WAF][1] in the *WAF
308
+ # Developer Guide*.
228
309
  #
229
310
  #
230
311
  #
231
312
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
232
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
233
313
  # @return [Types::CustomResponse]
234
314
  #
235
315
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/BlockAction AWS API Documentation
@@ -248,10 +328,16 @@ module Aws::WAFV2
248
328
  #
249
329
  # @!attribute [rw] oversize_handling
250
330
  # What WAF should do if the body is larger than WAF can inspect. WAF
251
- # does not support inspecting the entire contents of the body of a web
252
- # request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB
253
- # of the request body are forwarded to WAF by the underlying host
254
- # service.
331
+ # does not support inspecting the entire contents of the web request
332
+ # body if the body exceeds the limit for the resource type. If the
333
+ # body is larger than the limit, the underlying host service only
334
+ # forwards the contents that are below the limit to WAF for
335
+ # inspection.
336
+ #
337
+ # The default limit is 8 KB (8,192 kilobytes) for regional resources
338
+ # and 16 KB (16,384 kilobytes) for CloudFront distributions. For
339
+ # CloudFront distributions, you can increase the limit in the web ACL
340
+ # `AssociationConfig`, for additional processing fees.
255
341
  #
256
342
  # The options for oversize handling are the following:
257
343
  #
@@ -266,7 +352,7 @@ module Aws::WAFV2
266
352
  #
267
353
  # You can combine the `MATCH` or `NO_MATCH` settings for oversize
268
354
  # handling with your rule and web ACL action settings, so that you
269
- # block any request whose body is over 8 KB.
355
+ # block any request whose body is over the limit.
270
356
  #
271
357
  # Default: `CONTINUE`
272
358
  # @return [String]
@@ -422,13 +508,12 @@ module Aws::WAFV2
422
508
  # unexpired.
423
509
  #
424
510
  # For information about customizing web requests and responses, see
425
- # [Customizing web requests and responses in WAF][1] in the [WAF
426
- # Developer Guide][2].
511
+ # [Customizing web requests and responses in WAF][1] in the *WAF
512
+ # Developer Guide*.
427
513
  #
428
514
  #
429
515
  #
430
516
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
431
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
432
517
  # @return [Types::CustomRequestHandling]
433
518
  #
434
519
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CaptchaAction AWS API Documentation
@@ -531,13 +616,12 @@ module Aws::WAFV2
531
616
  # unexpired.
532
617
  #
533
618
  # For information about customizing web requests and responses, see
534
- # [Customizing web requests and responses in WAF][1] in the [WAF
535
- # Developer Guide][2].
619
+ # [Customizing web requests and responses in WAF][1] in the *WAF
620
+ # Developer Guide*.
536
621
  #
537
622
  #
538
623
  #
539
624
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
540
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
541
625
  # @return [Types::CustomRequestHandling]
542
626
  #
543
627
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ChallengeAction AWS API Documentation
@@ -596,7 +680,7 @@ module Aws::WAFV2
596
680
  # Specifies whether this is for an Amazon CloudFront distribution or
597
681
  # for a regional application. A regional application can be an
598
682
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
599
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
683
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
600
684
  # service.
601
685
  #
602
686
  # To work with CloudFront, you must also specify the Region US East
@@ -756,13 +840,12 @@ module Aws::WAFV2
756
840
  # Defines custom handling for the web request.
757
841
  #
758
842
  # For information about customizing web requests and responses, see
759
- # [Customizing web requests and responses in WAF][1] in the [WAF
760
- # Developer Guide][2].
843
+ # [Customizing web requests and responses in WAF][1] in the *WAF
844
+ # Developer Guide*.
761
845
  #
762
846
  #
763
847
  #
764
848
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
765
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
766
849
  # @return [Types::CustomRequestHandling]
767
850
  #
768
851
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CountAction AWS API Documentation
@@ -773,6 +856,57 @@ module Aws::WAFV2
773
856
  include Aws::Structure
774
857
  end
775
858
 
859
+ # @!attribute [rw] scope
860
+ # Specifies whether this is for an Amazon CloudFront distribution or
861
+ # for a regional application. A regional application can be an
862
+ # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
863
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
864
+ # service.
865
+ #
866
+ # To work with CloudFront, you must also specify the Region US East
867
+ # (N. Virginia) as follows:
868
+ #
869
+ # * CLI - Specify the Region when you use the CloudFront scope:
870
+ # `--scope=CLOUDFRONT --region=us-east-1`.
871
+ #
872
+ # * API and SDKs - For all calls, use the Region endpoint us-east-1.
873
+ # @return [String]
874
+ #
875
+ # @!attribute [rw] token_domains
876
+ # The client application domains that you want to use this API key
877
+ # for.
878
+ # @return [Array<String>]
879
+ #
880
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateAPIKeyRequest AWS API Documentation
881
+ #
882
+ class CreateAPIKeyRequest < Struct.new(
883
+ :scope,
884
+ :token_domains)
885
+ SENSITIVE = []
886
+ include Aws::Structure
887
+ end
888
+
889
+ # @!attribute [rw] api_key
890
+ # The generated, encrypted API key. You can copy this for use in your
891
+ # JavaScript CAPTCHA integration.
892
+ #
893
+ # For information about how to use this in your CAPTCHA JavaScript
894
+ # integration, see [WAF client application integration][1] in the *WAF
895
+ # Developer Guide*.
896
+ #
897
+ #
898
+ #
899
+ # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html
900
+ # @return [String]
901
+ #
902
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateAPIKeyResponse AWS API Documentation
903
+ #
904
+ class CreateAPIKeyResponse < Struct.new(
905
+ :api_key)
906
+ SENSITIVE = []
907
+ include Aws::Structure
908
+ end
909
+
776
910
  # @!attribute [rw] name
777
911
  # The name of the IP set. You cannot change the name of an `IPSet`
778
912
  # after you create it.
@@ -782,7 +916,7 @@ module Aws::WAFV2
782
916
  # Specifies whether this is for an Amazon CloudFront distribution or
783
917
  # for a regional application. A regional application can be an
784
918
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
785
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
919
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
786
920
  # service.
787
921
  #
788
922
  # To work with CloudFront, you must also specify the Region US East
@@ -889,7 +1023,7 @@ module Aws::WAFV2
889
1023
  # Specifies whether this is for an Amazon CloudFront distribution or
890
1024
  # for a regional application. A regional application can be an
891
1025
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
892
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
1026
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
893
1027
  # service.
894
1028
  #
895
1029
  # To work with CloudFront, you must also specify the Region US East
@@ -950,7 +1084,7 @@ module Aws::WAFV2
950
1084
  # Specifies whether this is for an Amazon CloudFront distribution or
951
1085
  # for a regional application. A regional application can be an
952
1086
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
953
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
1087
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
954
1088
  # service.
955
1089
  #
956
1090
  # To work with CloudFront, you must also specify the Region US East
@@ -976,8 +1110,13 @@ module Aws::WAFV2
976
1110
  # relative cost of each rule. Simple rules that cost little to run use
977
1111
  # fewer WCUs than more complex rules that use more processing power.
978
1112
  # Rule group capacity is fixed at creation, which helps users plan
979
- # their web ACL WCU usage when they use a rule group. The WCU limit
980
- # for web ACLs is 1,500.
1113
+ # their web ACL WCU usage when they use a rule group. For more
1114
+ # information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
1115
+ # Developer Guide*.
1116
+ #
1117
+ #
1118
+ #
1119
+ # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
981
1120
  # @return [Integer]
982
1121
  #
983
1122
  # @!attribute [rw] description
@@ -1007,18 +1146,17 @@ module Aws::WAFV2
1007
1146
  # the rules that you define in the rule group.
1008
1147
  #
1009
1148
  # For information about customizing web requests and responses, see
1010
- # [Customizing web requests and responses in WAF][1] in the [WAF
1011
- # Developer Guide][2].
1149
+ # [Customizing web requests and responses in WAF][1] in the *WAF
1150
+ # Developer Guide*.
1012
1151
  #
1013
1152
  # For information about the limits on count and size for custom
1014
- # request and response settings, see [WAF quotas][3] in the [WAF
1015
- # Developer Guide][2].
1153
+ # request and response settings, see [WAF quotas][2] in the *WAF
1154
+ # Developer Guide*.
1016
1155
  #
1017
1156
  #
1018
1157
  #
1019
1158
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
1020
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
1021
- # [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
1159
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
1022
1160
  # @return [Hash<String,Types::CustomResponseBody>]
1023
1161
  #
1024
1162
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateRuleGroupRequest AWS API Documentation
@@ -1061,7 +1199,7 @@ module Aws::WAFV2
1061
1199
  # Specifies whether this is for an Amazon CloudFront distribution or
1062
1200
  # for a regional application. A regional application can be an
1063
1201
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
1064
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
1202
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
1065
1203
  # service.
1066
1204
  #
1067
1205
  # To work with CloudFront, you must also specify the Region US East
@@ -1105,18 +1243,17 @@ module Aws::WAFV2
1105
1243
  # rules and default actions that you define in the web ACL.
1106
1244
  #
1107
1245
  # For information about customizing web requests and responses, see
1108
- # [Customizing web requests and responses in WAF][1] in the [WAF
1109
- # Developer Guide][2].
1246
+ # [Customizing web requests and responses in WAF][1] in the *WAF
1247
+ # Developer Guide*.
1110
1248
  #
1111
1249
  # For information about the limits on count and size for custom
1112
- # request and response settings, see [WAF quotas][3] in the [WAF
1113
- # Developer Guide][2].
1250
+ # request and response settings, see [WAF quotas][2] in the *WAF
1251
+ # Developer Guide*.
1114
1252
  #
1115
1253
  #
1116
1254
  #
1117
1255
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
1118
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
1119
- # [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
1256
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
1120
1257
  # @return [Hash<String,Types::CustomResponseBody>]
1121
1258
  #
1122
1259
  # @!attribute [rw] captcha_config
@@ -1148,6 +1285,25 @@ module Aws::WAFV2
1148
1285
  # `usa.gov` or `co.uk` as token domains.
1149
1286
  # @return [Array<String>]
1150
1287
  #
1288
+ # @!attribute [rw] association_config
1289
+ # Specifies custom configurations for the associations between the web
1290
+ # ACL and protected resources.
1291
+ #
1292
+ # Use this to customize the maximum size of the request body that your
1293
+ # protected CloudFront distributions forward to WAF for inspection.
1294
+ # The default is 16 KB (16,384 kilobytes).
1295
+ #
1296
+ # <note markdown="1"> You are charged additional fees when your protected resources
1297
+ # forward body sizes that are larger than the default. For more
1298
+ # information, see [WAF Pricing][1].
1299
+ #
1300
+ # </note>
1301
+ #
1302
+ #
1303
+ #
1304
+ # [1]: http://aws.amazon.com/waf/pricing/
1305
+ # @return [Types::AssociationConfig]
1306
+ #
1151
1307
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateWebACLRequest AWS API Documentation
1152
1308
  #
1153
1309
  class CreateWebACLRequest < Struct.new(
@@ -1161,7 +1317,8 @@ module Aws::WAFV2
1161
1317
  :custom_response_bodies,
1162
1318
  :captcha_config,
1163
1319
  :challenge_config,
1164
- :token_domains)
1320
+ :token_domains,
1321
+ :association_config)
1165
1322
  SENSITIVE = []
1166
1323
  include Aws::Structure
1167
1324
  end
@@ -1213,26 +1370,24 @@ module Aws::WAFV2
1213
1370
  # `CaptchaAction` for requests with valid t okens, and `AllowAction`.
1214
1371
  #
1215
1372
  # For information about customizing web requests and responses, see
1216
- # [Customizing web requests and responses in WAF][1] in the [WAF
1217
- # Developer Guide][2].
1373
+ # [Customizing web requests and responses in WAF][1] in the *WAF
1374
+ # Developer Guide*.
1218
1375
  #
1219
1376
  #
1220
1377
  #
1221
1378
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
1222
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
1223
1379
  #
1224
1380
  # @!attribute [rw] insert_headers
1225
1381
  # The HTTP headers to insert into the request. Duplicate header names
1226
1382
  # are not allowed.
1227
1383
  #
1228
1384
  # For information about the limits on count and size for custom
1229
- # request and response settings, see [WAF quotas][1] in the [WAF
1230
- # Developer Guide][2].
1385
+ # request and response settings, see [WAF quotas][1] in the *WAF
1386
+ # Developer Guide*.
1231
1387
  #
1232
1388
  #
1233
1389
  #
1234
1390
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
1235
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
1236
1391
  # @return [Array<Types::CustomHTTPHeader>]
1237
1392
  #
1238
1393
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CustomRequestHandling AWS API Documentation
@@ -1248,25 +1403,23 @@ module Aws::WAFV2
1248
1403
  # BlockAction.
1249
1404
  #
1250
1405
  # For information about customizing web requests and responses, see
1251
- # [Customizing web requests and responses in WAF][1] in the [WAF
1252
- # Developer Guide][2].
1406
+ # [Customizing web requests and responses in WAF][1] in the *WAF
1407
+ # Developer Guide*.
1253
1408
  #
1254
1409
  #
1255
1410
  #
1256
1411
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
1257
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
1258
1412
  #
1259
1413
  # @!attribute [rw] response_code
1260
1414
  # The HTTP status code to return to the client.
1261
1415
  #
1262
1416
  # For a list of status codes that you can use in your custom
1263
1417
  # responses, see [Supported status codes for custom response][1] in
1264
- # the [WAF Developer Guide][2].
1418
+ # the *WAF Developer Guide*.
1265
1419
  #
1266
1420
  #
1267
1421
  #
1268
1422
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html
1269
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
1270
1423
  # @return [Integer]
1271
1424
  #
1272
1425
  # @!attribute [rw] custom_response_body_key
@@ -1285,13 +1438,12 @@ module Aws::WAFV2
1285
1438
  # not allowed.
1286
1439
  #
1287
1440
  # For information about the limits on count and size for custom
1288
- # request and response settings, see [WAF quotas][1] in the [WAF
1289
- # Developer Guide][2].
1441
+ # request and response settings, see [WAF quotas][1] in the *WAF
1442
+ # Developer Guide*.
1290
1443
  #
1291
1444
  #
1292
1445
  #
1293
1446
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
1294
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
1295
1447
  # @return [Array<Types::CustomHTTPHeader>]
1296
1448
  #
1297
1449
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CustomResponse AWS API Documentation
@@ -1319,13 +1471,12 @@ module Aws::WAFV2
1319
1471
  # must specify JSON content in the `ContentType` setting.
1320
1472
  #
1321
1473
  # For information about the limits on count and size for custom
1322
- # request and response settings, see [WAF quotas][1] in the [WAF
1323
- # Developer Guide][2].
1474
+ # request and response settings, see [WAF quotas][1] in the *WAF
1475
+ # Developer Guide*.
1324
1476
  #
1325
1477
  #
1326
1478
  #
1327
1479
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
1328
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
1329
1480
  # @return [String]
1330
1481
  #
1331
1482
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CustomResponseBody AWS API Documentation
@@ -1412,7 +1563,7 @@ module Aws::WAFV2
1412
1563
  # Specifies whether this is for an Amazon CloudFront distribution or
1413
1564
  # for a regional application. A regional application can be an
1414
1565
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
1415
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
1566
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
1416
1567
  # service.
1417
1568
  #
1418
1569
  # To work with CloudFront, you must also specify the Region US East
@@ -1502,7 +1653,7 @@ module Aws::WAFV2
1502
1653
  # Specifies whether this is for an Amazon CloudFront distribution or
1503
1654
  # for a regional application. A regional application can be an
1504
1655
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
1505
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
1656
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
1506
1657
  # service.
1507
1658
  #
1508
1659
  # To work with CloudFront, you must also specify the Region US East
@@ -1556,7 +1707,7 @@ module Aws::WAFV2
1556
1707
  # Specifies whether this is for an Amazon CloudFront distribution or
1557
1708
  # for a regional application. A regional application can be an
1558
1709
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
1559
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
1710
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
1560
1711
  # service.
1561
1712
  #
1562
1713
  # To work with CloudFront, you must also specify the Region US East
@@ -1610,7 +1761,7 @@ module Aws::WAFV2
1610
1761
  # Specifies whether this is for an Amazon CloudFront distribution or
1611
1762
  # for a regional application. A regional application can be an
1612
1763
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
1613
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
1764
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
1614
1765
  # service.
1615
1766
  #
1616
1767
  # To work with CloudFront, you must also specify the Region US East
@@ -1669,7 +1820,7 @@ module Aws::WAFV2
1669
1820
  # Specifies whether this is for an Amazon CloudFront distribution or
1670
1821
  # for a regional application. A regional application can be an
1671
1822
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
1672
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
1823
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
1673
1824
  # service.
1674
1825
  #
1675
1826
  # To work with CloudFront, you must also specify the Region US East
@@ -1716,13 +1867,21 @@ module Aws::WAFV2
1716
1867
  # @return [String]
1717
1868
  #
1718
1869
  # @!attribute [rw] capacity
1719
- # The web ACL capacity units (WCUs) required for this rule group. WAF
1720
- # uses web ACL capacity units (WCU) to calculate and control the
1721
- # operating resources that are used to run your rules, rule groups,
1722
- # and web ACLs. WAF calculates capacity differently for each rule
1723
- # type, to reflect each rule's relative cost. Rule group capacity is
1724
- # fixed at creation, so users can plan their web ACL WCU usage when
1725
- # they use a rule group. The WCU limit for web ACLs is 1,500.
1870
+ # The web ACL capacity units (WCUs) required for this rule group.
1871
+ #
1872
+ # WAF uses WCUs to calculate and control the operating resources that
1873
+ # are used to run your rules, rule groups, and web ACLs. WAF
1874
+ # calculates capacity differently for each rule type, to reflect the
1875
+ # relative cost of each rule. Simple rules that cost little to run use
1876
+ # fewer WCUs than more complex rules that use more processing power.
1877
+ # Rule group capacity is fixed at creation, which helps users plan
1878
+ # their web ACL WCU usage when they use a rule group. For more
1879
+ # information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
1880
+ # Developer Guide*.
1881
+ #
1882
+ #
1883
+ #
1884
+ # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
1726
1885
  # @return [Integer]
1727
1886
  #
1728
1887
  # @!attribute [rw] rules
@@ -1779,20 +1938,22 @@ module Aws::WAFV2
1779
1938
  # The ARN must be in one of the following formats:
1780
1939
  #
1781
1940
  # * For an Application Load Balancer:
1782
- # `arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
1941
+ # `arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
1783
1942
  # `
1784
1943
  #
1785
1944
  # * For an Amazon API Gateway REST API:
1786
- # `arn:aws:apigateway:region::/restapis/api-id/stages/stage-name `
1945
+ # `arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
1946
+ # `
1787
1947
  #
1788
1948
  # * For an AppSync GraphQL API:
1789
- # `arn:aws:appsync:region:account-id:apis/GraphQLApiId `
1949
+ # `arn:partition:appsync:region:account-id:apis/GraphQLApiId `
1790
1950
  #
1791
1951
  # * For an Amazon Cognito user pool:
1792
- # `arn:aws:cognito-idp:region:account-id:userpool/user-pool-id `
1952
+ # `arn:partition:cognito-idp:region:account-id:userpool/user-pool-id
1953
+ # `
1793
1954
  #
1794
1955
  # * For an App Runner service:
1795
- # `arn:aws:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
1956
+ # `arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
1796
1957
  # `
1797
1958
  # @return [String]
1798
1959
  #
@@ -1882,10 +2043,15 @@ module Aws::WAFV2
1882
2043
  # contains any additional data that you want to send to your web
1883
2044
  # server as the HTTP request body, such as data from a form.
1884
2045
  #
1885
- # Only the first 8 KB (8192 bytes) of the request body are forwarded
1886
- # to WAF for inspection by the underlying host service. For
1887
- # information about how to handle oversized request bodies, see the
1888
- # `Body` object configuration.
2046
+ # A limited amount of the request body is forwarded to WAF for
2047
+ # inspection by the underlying host service. For regional resources,
2048
+ # the limit is 8 KB (8,192 kilobytes) and for CloudFront
2049
+ # distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront
2050
+ # distributions, you can increase the limit in the web ACL's
2051
+ # `AssociationConfig`, for additional processing fees.
2052
+ #
2053
+ # For information about how to handle oversized request bodies, see
2054
+ # the `Body` object configuration.
1889
2055
  # @return [Types::Body]
1890
2056
  #
1891
2057
  # @!attribute [rw] method
@@ -1899,10 +2065,15 @@ module Aws::WAFV2
1899
2065
  # contains any additional data that you want to send to your web
1900
2066
  # server as the HTTP request body, such as data from a form.
1901
2067
  #
1902
- # Only the first 8 KB (8192 bytes) of the request body are forwarded
1903
- # to WAF for inspection by the underlying host service. For
1904
- # information about how to handle oversized request bodies, see the
1905
- # `JsonBody` object configuration.
2068
+ # A limited amount of the request body is forwarded to WAF for
2069
+ # inspection by the underlying host service. For regional resources,
2070
+ # the limit is 8 KB (8,192 kilobytes) and for CloudFront
2071
+ # distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront
2072
+ # distributions, you can increase the limit in the web ACL's
2073
+ # `AssociationConfig`, for additional processing fees.
2074
+ #
2075
+ # For information about how to handle oversized request bodies, see
2076
+ # the `JsonBody` object configuration.
1906
2077
  # @return [Types::JsonBody]
1907
2078
  #
1908
2079
  # @!attribute [rw] headers
@@ -2033,40 +2204,19 @@ module Aws::WAFV2
2033
2204
  end
2034
2205
 
2035
2206
  # The processing guidance for an Firewall Manager rule. This is like a
2036
- # regular rule Statement, but it can only contain a rule group
2207
+ # regular rule Statement, but it can only contain a single rule group
2037
2208
  # reference.
2038
2209
  #
2039
2210
  # @!attribute [rw] managed_rule_group_statement
2040
- # A rule statement used to run the rules that are defined in a managed
2041
- # rule group. To use this, provide the vendor name and the name of the
2042
- # rule group in this statement. You can retrieve the required names by
2043
- # calling ListAvailableManagedRuleGroups.
2044
- #
2045
- # You cannot nest a `ManagedRuleGroupStatement`, for example for use
2046
- # inside a `NotStatement` or `OrStatement`. It can only be referenced
2047
- # as a top-level statement within a rule.
2048
- #
2049
- # <note markdown="1"> You are charged additional fees when you use the WAF Bot Control
2050
- # managed rule group `AWSManagedRulesBotControlRuleSet` or the WAF
2051
- # Fraud Control account takeover prevention (ATP) managed rule group
2052
- # `AWSManagedRulesATPRuleSet`. For more information, see [WAF
2053
- # Pricing][1].
2054
- #
2055
- # </note>
2056
- #
2057
- #
2058
- #
2059
- # [1]: http://aws.amazon.com/waf/pricing/
2211
+ # A statement used by Firewall Manager to run the rules that are
2212
+ # defined in a managed rule group. This is managed by Firewall Manager
2213
+ # for an Firewall Manager WAF policy.
2060
2214
  # @return [Types::ManagedRuleGroupStatement]
2061
2215
  #
2062
2216
  # @!attribute [rw] rule_group_reference_statement
2063
- # A rule statement used to run the rules that are defined in a
2064
- # RuleGroup. To use this, create a rule group with your rules, then
2065
- # provide the ARN of the rule group in this statement.
2066
- #
2067
- # You cannot nest a `RuleGroupReferenceStatement`, for example for use
2068
- # inside a `NotStatement` or `OrStatement`. You can only use a rule
2069
- # group reference statement at the top level inside a web ACL.
2217
+ # A statement used by Firewall Manager to run the rules that are
2218
+ # defined in a rule group. This is managed by Firewall Manager for an
2219
+ # Firewall Manager WAF policy.
2070
2220
  # @return [Types::RuleGroupReferenceStatement]
2071
2221
  #
2072
2222
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/FirewallManagerStatement AWS API Documentation
@@ -2234,6 +2384,52 @@ module Aws::WAFV2
2234
2384
  include Aws::Structure
2235
2385
  end
2236
2386
 
2387
+ # @!attribute [rw] scope
2388
+ # Specifies whether this is for an Amazon CloudFront distribution or
2389
+ # for a regional application. A regional application can be an
2390
+ # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
2391
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
2392
+ # service.
2393
+ #
2394
+ # To work with CloudFront, you must also specify the Region US East
2395
+ # (N. Virginia) as follows:
2396
+ #
2397
+ # * CLI - Specify the Region when you use the CloudFront scope:
2398
+ # `--scope=CLOUDFRONT --region=us-east-1`.
2399
+ #
2400
+ # * API and SDKs - For all calls, use the Region endpoint us-east-1.
2401
+ # @return [String]
2402
+ #
2403
+ # @!attribute [rw] api_key
2404
+ # The encrypted API key.
2405
+ # @return [String]
2406
+ #
2407
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetDecryptedAPIKeyRequest AWS API Documentation
2408
+ #
2409
+ class GetDecryptedAPIKeyRequest < Struct.new(
2410
+ :scope,
2411
+ :api_key)
2412
+ SENSITIVE = []
2413
+ include Aws::Structure
2414
+ end
2415
+
2416
+ # @!attribute [rw] token_domains
2417
+ # The token domains that are defined in this API key.
2418
+ # @return [Array<String>]
2419
+ #
2420
+ # @!attribute [rw] creation_timestamp
2421
+ # The date and time that the key was created.
2422
+ # @return [Time]
2423
+ #
2424
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetDecryptedAPIKeyResponse AWS API Documentation
2425
+ #
2426
+ class GetDecryptedAPIKeyResponse < Struct.new(
2427
+ :token_domains,
2428
+ :creation_timestamp)
2429
+ SENSITIVE = []
2430
+ include Aws::Structure
2431
+ end
2432
+
2237
2433
  # @!attribute [rw] name
2238
2434
  # The name of the IP set. You cannot change the name of an `IPSet`
2239
2435
  # after you create it.
@@ -2243,7 +2439,7 @@ module Aws::WAFV2
2243
2439
  # Specifies whether this is for an Amazon CloudFront distribution or
2244
2440
  # for a regional application. A regional application can be an
2245
2441
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
2246
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
2442
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
2247
2443
  # service.
2248
2444
  #
2249
2445
  # To work with CloudFront, you must also specify the Region US East
@@ -2332,7 +2528,7 @@ module Aws::WAFV2
2332
2528
  # Specifies whether this is for an Amazon CloudFront distribution or
2333
2529
  # for a regional application. A regional application can be an
2334
2530
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
2335
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
2531
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
2336
2532
  # service.
2337
2533
  #
2338
2534
  # To work with CloudFront, you must also specify the Region US East
@@ -2445,7 +2641,7 @@ module Aws::WAFV2
2445
2641
  # Specifies whether this is for an Amazon CloudFront distribution or
2446
2642
  # for a regional application. A regional application can be an
2447
2643
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
2448
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
2644
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
2449
2645
  # service.
2450
2646
  #
2451
2647
  # To work with CloudFront, you must also specify the Region US East
@@ -2519,7 +2715,7 @@ module Aws::WAFV2
2519
2715
  # Specifies whether this is for an Amazon CloudFront distribution or
2520
2716
  # for a regional application. A regional application can be an
2521
2717
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
2522
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
2718
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
2523
2719
  # service.
2524
2720
  #
2525
2721
  # To work with CloudFront, you must also specify the Region US East
@@ -2580,7 +2776,7 @@ module Aws::WAFV2
2580
2776
  # Specifies whether this is for an Amazon CloudFront distribution or
2581
2777
  # for a regional application. A regional application can be an
2582
2778
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
2583
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
2779
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
2584
2780
  # service.
2585
2781
  #
2586
2782
  # To work with CloudFront, you must also specify the Region US East
@@ -2651,7 +2847,7 @@ module Aws::WAFV2
2651
2847
  # Specifies whether this is for an Amazon CloudFront distribution or
2652
2848
  # for a regional application. A regional application can be an
2653
2849
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
2654
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
2850
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
2655
2851
  # service.
2656
2852
  #
2657
2853
  # To work with CloudFront, you must also specify the Region US East
@@ -2731,20 +2927,22 @@ module Aws::WAFV2
2731
2927
  # The ARN must be in one of the following formats:
2732
2928
  #
2733
2929
  # * For an Application Load Balancer:
2734
- # `arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
2930
+ # `arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
2735
2931
  # `
2736
2932
  #
2737
2933
  # * For an Amazon API Gateway REST API:
2738
- # `arn:aws:apigateway:region::/restapis/api-id/stages/stage-name `
2934
+ # `arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
2935
+ # `
2739
2936
  #
2740
2937
  # * For an AppSync GraphQL API:
2741
- # `arn:aws:appsync:region:account-id:apis/GraphQLApiId `
2938
+ # `arn:partition:appsync:region:account-id:apis/GraphQLApiId `
2742
2939
  #
2743
2940
  # * For an Amazon Cognito user pool:
2744
- # `arn:aws:cognito-idp:region:account-id:userpool/user-pool-id `
2941
+ # `arn:partition:cognito-idp:region:account-id:userpool/user-pool-id
2942
+ # `
2745
2943
  #
2746
2944
  # * For an App Runner service:
2747
- # `arn:aws:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
2945
+ # `arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
2748
2946
  # `
2749
2947
  # @return [String]
2750
2948
  #
@@ -2778,7 +2976,7 @@ module Aws::WAFV2
2778
2976
  # Specifies whether this is for an Amazon CloudFront distribution or
2779
2977
  # for a regional application. A regional application can be an
2780
2978
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
2781
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
2979
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
2782
2980
  # service.
2783
2981
  #
2784
2982
  # To work with CloudFront, you must also specify the Region US East
@@ -3347,10 +3545,16 @@ module Aws::WAFV2
3347
3545
  #
3348
3546
  # @!attribute [rw] oversize_handling
3349
3547
  # What WAF should do if the body is larger than WAF can inspect. WAF
3350
- # does not support inspecting the entire contents of the body of a web
3351
- # request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB
3352
- # of the request body are forwarded to WAF by the underlying host
3353
- # service.
3548
+ # does not support inspecting the entire contents of the web request
3549
+ # body if the body exceeds the limit for the resource type. If the
3550
+ # body is larger than the limit, the underlying host service only
3551
+ # forwards the contents that are below the limit to WAF for
3552
+ # inspection.
3553
+ #
3554
+ # The default limit is 8 KB (8,192 kilobytes) for regional resources
3555
+ # and 16 KB (16,384 kilobytes) for CloudFront distributions. For
3556
+ # CloudFront distributions, you can increase the limit in the web ACL
3557
+ # `AssociationConfig`, for additional processing fees.
3354
3558
  #
3355
3559
  # The options for oversize handling are the following:
3356
3560
  #
@@ -3365,7 +3569,7 @@ module Aws::WAFV2
3365
3569
  #
3366
3570
  # You can combine the `MATCH` or `NO_MATCH` settings for oversize
3367
3571
  # handling with your rule and web ACL action settings, so that you
3368
- # block any request whose body is over 8 KB.
3572
+ # block any request whose body is over the limit.
3369
3573
  #
3370
3574
  # Default: `CONTINUE`
3371
3575
  # @return [String]
@@ -3523,6 +3727,83 @@ module Aws::WAFV2
3523
3727
  include Aws::Structure
3524
3728
  end
3525
3729
 
3730
+ # @!attribute [rw] scope
3731
+ # Specifies whether this is for an Amazon CloudFront distribution or
3732
+ # for a regional application. A regional application can be an
3733
+ # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
3734
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
3735
+ # service.
3736
+ #
3737
+ # To work with CloudFront, you must also specify the Region US East
3738
+ # (N. Virginia) as follows:
3739
+ #
3740
+ # * CLI - Specify the Region when you use the CloudFront scope:
3741
+ # `--scope=CLOUDFRONT --region=us-east-1`.
3742
+ #
3743
+ # * API and SDKs - For all calls, use the Region endpoint us-east-1.
3744
+ # @return [String]
3745
+ #
3746
+ # @!attribute [rw] next_marker
3747
+ # When you request a list of objects with a `Limit` setting, if the
3748
+ # number of objects that are still available for retrieval exceeds the
3749
+ # limit, WAF returns a `NextMarker` value in the response. To retrieve
3750
+ # the next batch of objects, provide the marker from the prior call in
3751
+ # your next request.
3752
+ # @return [String]
3753
+ #
3754
+ # @!attribute [rw] limit
3755
+ # The maximum number of objects that you want WAF to return for this
3756
+ # request. If more objects are available, in the response, WAF
3757
+ # provides a `NextMarker` value that you can use in a subsequent call
3758
+ # to get the next batch of objects.
3759
+ # @return [Integer]
3760
+ #
3761
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListAPIKeysRequest AWS API Documentation
3762
+ #
3763
+ class ListAPIKeysRequest < Struct.new(
3764
+ :scope,
3765
+ :next_marker,
3766
+ :limit)
3767
+ SENSITIVE = []
3768
+ include Aws::Structure
3769
+ end
3770
+
3771
+ # @!attribute [rw] next_marker
3772
+ # When you request a list of objects with a `Limit` setting, if the
3773
+ # number of objects that are still available for retrieval exceeds the
3774
+ # limit, WAF returns a `NextMarker` value in the response. To retrieve
3775
+ # the next batch of objects, provide the marker from the prior call in
3776
+ # your next request.
3777
+ # @return [String]
3778
+ #
3779
+ # @!attribute [rw] api_key_summaries
3780
+ # The array of key summaries. If you specified a `Limit` in your
3781
+ # request, this might not be the full list.
3782
+ # @return [Array<Types::APIKeySummary>]
3783
+ #
3784
+ # @!attribute [rw] application_integration_url
3785
+ # The CAPTCHA application integration URL, for use in your JavaScript
3786
+ # implementation.
3787
+ #
3788
+ # For information about how to use this in your CAPTCHA JavaScript
3789
+ # integration, see [WAF client application integration][1] in the *WAF
3790
+ # Developer Guide*.
3791
+ #
3792
+ #
3793
+ #
3794
+ # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html
3795
+ # @return [String]
3796
+ #
3797
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListAPIKeysResponse AWS API Documentation
3798
+ #
3799
+ class ListAPIKeysResponse < Struct.new(
3800
+ :next_marker,
3801
+ :api_key_summaries,
3802
+ :application_integration_url)
3803
+ SENSITIVE = []
3804
+ include Aws::Structure
3805
+ end
3806
+
3526
3807
  # @!attribute [rw] vendor_name
3527
3808
  # The name of the managed rule group vendor. You use this, along with
3528
3809
  # the rule group name, to identify the rule group.
@@ -3537,7 +3818,7 @@ module Aws::WAFV2
3537
3818
  # Specifies whether this is for an Amazon CloudFront distribution or
3538
3819
  # for a regional application. A regional application can be an
3539
3820
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
3540
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
3821
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
3541
3822
  # service.
3542
3823
  #
3543
3824
  # To work with CloudFront, you must also specify the Region US East
@@ -3586,7 +3867,8 @@ module Aws::WAFV2
3586
3867
  #
3587
3868
  # @!attribute [rw] versions
3588
3869
  # The versions that are currently available for the specified managed
3589
- # rule group.
3870
+ # rule group. If you specified a `Limit` in your request, this might
3871
+ # not be the full list.
3590
3872
  # @return [Array<Types::ManagedRuleGroupVersion>]
3591
3873
  #
3592
3874
  # @!attribute [rw] current_default_version
@@ -3607,7 +3889,7 @@ module Aws::WAFV2
3607
3889
  # Specifies whether this is for an Amazon CloudFront distribution or
3608
3890
  # for a regional application. A regional application can be an
3609
3891
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
3610
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
3892
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
3611
3893
  # service.
3612
3894
  #
3613
3895
  # To work with CloudFront, you must also specify the Region US East
@@ -3653,6 +3935,8 @@ module Aws::WAFV2
3653
3935
  # @return [String]
3654
3936
  #
3655
3937
  # @!attribute [rw] managed_rule_groups
3938
+ # Array of managed rule groups that you can use. If you specified a
3939
+ # `Limit` in your request, this might not be the full list.
3656
3940
  # @return [Array<Types::ManagedRuleGroupSummary>]
3657
3941
  #
3658
3942
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListAvailableManagedRuleGroupsResponse AWS API Documentation
@@ -3668,7 +3952,7 @@ module Aws::WAFV2
3668
3952
  # Specifies whether this is for an Amazon CloudFront distribution or
3669
3953
  # for a regional application. A regional application can be an
3670
3954
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
3671
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
3955
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
3672
3956
  # service.
3673
3957
  #
3674
3958
  # To work with CloudFront, you must also specify the Region US East
@@ -3714,8 +3998,8 @@ module Aws::WAFV2
3714
3998
  # @return [String]
3715
3999
  #
3716
4000
  # @!attribute [rw] ip_sets
3717
- # Array of IPSets. This may not be the full list of IPSets that you
3718
- # have defined. See the `Limit` specification for this request.
4001
+ # Array of IPSets. If you specified a `Limit` in your request, this
4002
+ # might not be the full list.
3719
4003
  # @return [Array<Types::IPSetSummary>]
3720
4004
  #
3721
4005
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListIPSetsResponse AWS API Documentation
@@ -3731,7 +4015,7 @@ module Aws::WAFV2
3731
4015
  # Specifies whether this is for an Amazon CloudFront distribution or
3732
4016
  # for a regional application. A regional application can be an
3733
4017
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
3734
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
4018
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
3735
4019
  # service.
3736
4020
  #
3737
4021
  # To work with CloudFront, you must also specify the Region US East
@@ -3769,6 +4053,8 @@ module Aws::WAFV2
3769
4053
  end
3770
4054
 
3771
4055
  # @!attribute [rw] logging_configurations
4056
+ # Array of logging configurations. If you specified a `Limit` in your
4057
+ # request, this might not be the full list.
3772
4058
  # @return [Array<Types::LoggingConfiguration>]
3773
4059
  #
3774
4060
  # @!attribute [rw] next_marker
@@ -3792,7 +4078,7 @@ module Aws::WAFV2
3792
4078
  # Specifies whether this is for an Amazon CloudFront distribution or
3793
4079
  # for a regional application. A regional application can be an
3794
4080
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
3795
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
4081
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
3796
4082
  # service.
3797
4083
  #
3798
4084
  # To work with CloudFront, you must also specify the Region US East
@@ -3838,7 +4124,8 @@ module Aws::WAFV2
3838
4124
  # @return [String]
3839
4125
  #
3840
4126
  # @!attribute [rw] managed_rule_sets
3841
- # Your managed rule sets.
4127
+ # Your managed rule sets. If you specified a `Limit` in your request,
4128
+ # this might not be the full list.
3842
4129
  # @return [Array<Types::ManagedRuleSetSummary>]
3843
4130
  #
3844
4131
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListManagedRuleSetsResponse AWS API Documentation
@@ -3880,7 +4167,9 @@ module Aws::WAFV2
3880
4167
  end
3881
4168
 
3882
4169
  # @!attribute [rw] release_summaries
3883
- # High level information for the available SDK releases.
4170
+ # The high level information for the available SDK releases. If you
4171
+ # specified a `Limit` in your request, this might not be the full
4172
+ # list.
3884
4173
  # @return [Array<Types::ReleaseSummary>]
3885
4174
  #
3886
4175
  # @!attribute [rw] next_marker
@@ -3904,7 +4193,7 @@ module Aws::WAFV2
3904
4193
  # Specifies whether this is for an Amazon CloudFront distribution or
3905
4194
  # for a regional application. A regional application can be an
3906
4195
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
3907
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
4196
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
3908
4197
  # service.
3909
4198
  #
3910
4199
  # To work with CloudFront, you must also specify the Region US East
@@ -3950,6 +4239,8 @@ module Aws::WAFV2
3950
4239
  # @return [String]
3951
4240
  #
3952
4241
  # @!attribute [rw] regex_pattern_sets
4242
+ # Array of regex pattern sets. If you specified a `Limit` in your
4243
+ # request, this might not be the full list.
3953
4244
  # @return [Array<Types::RegexPatternSetSummary>]
3954
4245
  #
3955
4246
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListRegexPatternSetsResponse AWS API Documentation
@@ -3968,7 +4259,7 @@ module Aws::WAFV2
3968
4259
  # @!attribute [rw] resource_type
3969
4260
  # Used for web ACLs that are scoped for regional applications. A
3970
4261
  # regional application can be an Application Load Balancer (ALB), an
3971
- # Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon
4262
+ # Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
3972
4263
  # Cognito user pool, or an App Runner service.
3973
4264
  #
3974
4265
  # <note markdown="1"> If you don't provide a resource type, the call uses the resource
@@ -4005,7 +4296,7 @@ module Aws::WAFV2
4005
4296
  # Specifies whether this is for an Amazon CloudFront distribution or
4006
4297
  # for a regional application. A regional application can be an
4007
4298
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
4008
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
4299
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
4009
4300
  # service.
4010
4301
  #
4011
4302
  # To work with CloudFront, you must also specify the Region US East
@@ -4051,6 +4342,8 @@ module Aws::WAFV2
4051
4342
  # @return [String]
4052
4343
  #
4053
4344
  # @!attribute [rw] rule_groups
4345
+ # Array of rule groups. If you specified a `Limit` in your request,
4346
+ # this might not be the full list.
4054
4347
  # @return [Array<Types::RuleGroupSummary>]
4055
4348
  #
4056
4349
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListRuleGroupsResponse AWS API Documentation
@@ -4100,7 +4393,9 @@ module Aws::WAFV2
4100
4393
  # @return [String]
4101
4394
  #
4102
4395
  # @!attribute [rw] tag_info_for_resource
4103
- # The collection of tagging definitions for the resource.
4396
+ # The collection of tagging definitions for the resource. If you
4397
+ # specified a `Limit` in your request, this might not be the full
4398
+ # list.
4104
4399
  # @return [Types::TagInfoForResource]
4105
4400
  #
4106
4401
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListTagsForResourceResponse AWS API Documentation
@@ -4116,7 +4411,7 @@ module Aws::WAFV2
4116
4411
  # Specifies whether this is for an Amazon CloudFront distribution or
4117
4412
  # for a regional application. A regional application can be an
4118
4413
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
4119
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
4414
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
4120
4415
  # service.
4121
4416
  #
4122
4417
  # To work with CloudFront, you must also specify the Region US East
@@ -4162,6 +4457,8 @@ module Aws::WAFV2
4162
4457
  # @return [String]
4163
4458
  #
4164
4459
  # @!attribute [rw] web_acls
4460
+ # Array of web ACLs. If you specified a `Limit` in your request, this
4461
+ # might not be the full list.
4165
4462
  # @return [Array<Types::WebACLSummary>]
4166
4463
  #
4167
4464
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListWebACLsResponse AWS API Documentation
@@ -4721,8 +5018,13 @@ module Aws::WAFV2
4721
5018
  # relative cost of each rule. Simple rules that cost little to run use
4722
5019
  # fewer WCUs than more complex rules that use more processing power.
4723
5020
  # Rule group capacity is fixed at creation, which helps users plan
4724
- # their web ACL WCU usage when they use a rule group. The WCU limit
4725
- # for web ACLs is 1,500.
5021
+ # their web ACL WCU usage when they use a rule group. For more
5022
+ # information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
5023
+ # Developer Guide*.
5024
+ #
5025
+ #
5026
+ #
5027
+ # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
4726
5028
  # @return [Integer]
4727
5029
  #
4728
5030
  # @!attribute [rw] forecasted_lifetime
@@ -4960,7 +5262,7 @@ module Aws::WAFV2
4960
5262
  # Specifies whether this is for an Amazon CloudFront distribution or
4961
5263
  # for a regional application. A regional application can be an
4962
5264
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
4963
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
5265
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
4964
5266
  # service.
4965
5267
  #
4966
5268
  # To work with CloudFront, you must also specify the Region US East
@@ -5043,8 +5345,7 @@ module Aws::WAFV2
5043
5345
  #
5044
5346
  # The policy specifications must conform to the following:
5045
5347
  #
5046
- # * The policy must be composed using IAM Policy version 2012-10-17 or
5047
- # version 2015-01-01.
5348
+ # * The policy must be composed using IAM Policy version 2012-10-17.
5048
5349
  #
5049
5350
  # * The policy must include specifications for `Effect`, `Action`, and
5050
5351
  # `Principal`.
@@ -5399,6 +5700,39 @@ module Aws::WAFV2
5399
5700
  include Aws::Structure
5400
5701
  end
5401
5702
 
5703
+ # Customizes the maximum size of the request body that your protected
5704
+ # CloudFront distributions forward to WAF for inspection. The default
5705
+ # size is 16 KB (16,384 kilobytes).
5706
+ #
5707
+ # <note markdown="1"> You are charged additional fees when your protected resources forward
5708
+ # body sizes that are larger than the default. For more information, see
5709
+ # [WAF Pricing][1].
5710
+ #
5711
+ # </note>
5712
+ #
5713
+ # This is used in the `AssociationConfig` of the web ACL.
5714
+ #
5715
+ #
5716
+ #
5717
+ # [1]: http://aws.amazon.com/waf/pricing/
5718
+ #
5719
+ # @!attribute [rw] default_size_inspection_limit
5720
+ # Specifies the maximum size of the web request body component that an
5721
+ # associated CloudFront distribution should send to WAF for
5722
+ # inspection. This applies to statements in the web ACL that inspect
5723
+ # the body or JSON body.
5724
+ #
5725
+ # Default: `16 KB (16,384 kilobytes)`
5726
+ # @return [String]
5727
+ #
5728
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RequestBodyAssociatedResourceTypeConfig AWS API Documentation
5729
+ #
5730
+ class RequestBodyAssociatedResourceTypeConfig < Struct.new(
5731
+ :default_size_inspection_limit)
5732
+ SENSITIVE = []
5733
+ include Aws::Structure
5734
+ end
5735
+
5402
5736
  # The criteria for inspecting login requests, used by the ATP rule group
5403
5737
  # to validate credentials usage.
5404
5738
  #
@@ -5905,8 +6239,13 @@ module Aws::WAFV2
5905
6239
  # relative cost of each rule. Simple rules that cost little to run use
5906
6240
  # fewer WCUs than more complex rules that use more processing power.
5907
6241
  # Rule group capacity is fixed at creation, which helps users plan
5908
- # their web ACL WCU usage when they use a rule group. The WCU limit
5909
- # for web ACLs is 1,500.
6242
+ # their web ACL WCU usage when they use a rule group. For more
6243
+ # information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
6244
+ # Developer Guide*.
6245
+ #
6246
+ #
6247
+ #
6248
+ # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
5910
6249
  # @return [Integer]
5911
6250
  #
5912
6251
  # @!attribute [rw] arn
@@ -5953,18 +6292,17 @@ module Aws::WAFV2
5953
6292
  # the rules that you define in the rule group.
5954
6293
  #
5955
6294
  # For information about customizing web requests and responses, see
5956
- # [Customizing web requests and responses in WAF][1] in the [WAF
5957
- # Developer Guide][2].
6295
+ # [Customizing web requests and responses in WAF][1] in the *WAF
6296
+ # Developer Guide*.
5958
6297
  #
5959
6298
  # For information about the limits on count and size for custom
5960
- # request and response settings, see [WAF quotas][3] in the [WAF
5961
- # Developer Guide][2].
6299
+ # request and response settings, see [WAF quotas][2] in the *WAF
6300
+ # Developer Guide*.
5962
6301
  #
5963
6302
  #
5964
6303
  #
5965
6304
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
5966
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
5967
- # [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
6305
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
5968
6306
  # @return [Hash<String,Types::CustomResponseBody>]
5969
6307
  #
5970
6308
  # @!attribute [rw] available_labels
@@ -6251,9 +6589,14 @@ module Aws::WAFV2
6251
6589
  # statement to look for query strings that are longer than 100 bytes.
6252
6590
  #
6253
6591
  # If you configure WAF to inspect the request body, WAF inspects only
6254
- # the first 8192 bytes (8 KB). If the request body for your web requests
6255
- # never exceeds 8192 bytes, you could use a size constraint statement to
6256
- # block requests that have a request body greater than 8192 bytes.
6592
+ # the number of bytes of the body up to the limit for the web ACL. By
6593
+ # default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes)
6594
+ # and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes).
6595
+ # For CloudFront web ACLs, you can increase the limit in the web ACL
6596
+ # `AssociationConfig`, for additional fees. If you know that the request
6597
+ # body for your web requests should never exceed the inspection limit,
6598
+ # you could use a size constraint statement to block requests that have
6599
+ # a larger request body size.
6257
6600
  #
6258
6601
  # If you choose URI for the value of Part of the request to filter on,
6259
6602
  # the slash (/) in the URI counts as one character. For example, the URI
@@ -6375,10 +6718,14 @@ module Aws::WAFV2
6375
6718
  # 100 bytes.
6376
6719
  #
6377
6720
  # If you configure WAF to inspect the request body, WAF inspects only
6378
- # the first 8192 bytes (8 KB). If the request body for your web
6379
- # requests never exceeds 8192 bytes, you could use a size constraint
6380
- # statement to block requests that have a request body greater than
6381
- # 8192 bytes.
6721
+ # the number of bytes of the body up to the limit for the web ACL. By
6722
+ # default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes)
6723
+ # and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes).
6724
+ # For CloudFront web ACLs, you can increase the limit in the web ACL
6725
+ # `AssociationConfig`, for additional fees. If you know that the
6726
+ # request body for your web requests should never exceed the
6727
+ # inspection limit, you could use a size constraint statement to block
6728
+ # requests that have a larger request body size.
6382
6729
  #
6383
6730
  # If you choose URI for the value of Part of the request to filter on,
6384
6731
  # the slash (/) in the URI counts as one character. For example, the
@@ -6893,7 +7240,7 @@ module Aws::WAFV2
6893
7240
  # Specifies whether this is for an Amazon CloudFront distribution or
6894
7241
  # for a regional application. A regional application can be an
6895
7242
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
6896
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
7243
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
6897
7244
  # service.
6898
7245
  #
6899
7246
  # To work with CloudFront, you must also specify the Region US East
@@ -7012,7 +7359,7 @@ module Aws::WAFV2
7012
7359
  # Specifies whether this is for an Amazon CloudFront distribution or
7013
7360
  # for a regional application. A regional application can be an
7014
7361
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
7015
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
7362
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
7016
7363
  # service.
7017
7364
  #
7018
7365
  # To work with CloudFront, you must also specify the Region US East
@@ -7111,7 +7458,7 @@ module Aws::WAFV2
7111
7458
  # Specifies whether this is for an Amazon CloudFront distribution or
7112
7459
  # for a regional application. A regional application can be an
7113
7460
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
7114
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
7461
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
7115
7462
  # service.
7116
7463
  #
7117
7464
  # To work with CloudFront, you must also specify the Region US East
@@ -7184,7 +7531,7 @@ module Aws::WAFV2
7184
7531
  # Specifies whether this is for an Amazon CloudFront distribution or
7185
7532
  # for a regional application. A regional application can be an
7186
7533
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
7187
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
7534
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
7188
7535
  # service.
7189
7536
  #
7190
7537
  # To work with CloudFront, you must also specify the Region US East
@@ -7237,18 +7584,17 @@ module Aws::WAFV2
7237
7584
  # the rules that you define in the rule group.
7238
7585
  #
7239
7586
  # For information about customizing web requests and responses, see
7240
- # [Customizing web requests and responses in WAF][1] in the [WAF
7241
- # Developer Guide][2].
7587
+ # [Customizing web requests and responses in WAF][1] in the *WAF
7588
+ # Developer Guide*.
7242
7589
  #
7243
7590
  # For information about the limits on count and size for custom
7244
- # request and response settings, see [WAF quotas][3] in the [WAF
7245
- # Developer Guide][2].
7591
+ # request and response settings, see [WAF quotas][2] in the *WAF
7592
+ # Developer Guide*.
7246
7593
  #
7247
7594
  #
7248
7595
  #
7249
7596
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
7250
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
7251
- # [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
7597
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
7252
7598
  # @return [Hash<String,Types::CustomResponseBody>]
7253
7599
  #
7254
7600
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateRuleGroupRequest AWS API Documentation
@@ -7289,7 +7635,7 @@ module Aws::WAFV2
7289
7635
  # Specifies whether this is for an Amazon CloudFront distribution or
7290
7636
  # for a regional application. A regional application can be an
7291
7637
  # Application Load Balancer (ALB), an Amazon API Gateway REST API, an
7292
- # AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
7638
+ # AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
7293
7639
  # service.
7294
7640
  #
7295
7641
  # To work with CloudFront, you must also specify the Region US East
@@ -7347,18 +7693,17 @@ module Aws::WAFV2
7347
7693
  # rules and default actions that you define in the web ACL.
7348
7694
  #
7349
7695
  # For information about customizing web requests and responses, see
7350
- # [Customizing web requests and responses in WAF][1] in the [WAF
7351
- # Developer Guide][2].
7696
+ # [Customizing web requests and responses in WAF][1] in the *WAF
7697
+ # Developer Guide*.
7352
7698
  #
7353
7699
  # For information about the limits on count and size for custom
7354
- # request and response settings, see [WAF quotas][3] in the [WAF
7355
- # Developer Guide][2].
7700
+ # request and response settings, see [WAF quotas][2] in the *WAF
7701
+ # Developer Guide*.
7356
7702
  #
7357
7703
  #
7358
7704
  #
7359
7705
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
7360
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
7361
- # [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
7706
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
7362
7707
  # @return [Hash<String,Types::CustomResponseBody>]
7363
7708
  #
7364
7709
  # @!attribute [rw] captcha_config
@@ -7390,6 +7735,25 @@ module Aws::WAFV2
7390
7735
  # `usa.gov` or `co.uk` as token domains.
7391
7736
  # @return [Array<String>]
7392
7737
  #
7738
+ # @!attribute [rw] association_config
7739
+ # Specifies custom configurations for the associations between the web
7740
+ # ACL and protected resources.
7741
+ #
7742
+ # Use this to customize the maximum size of the request body that your
7743
+ # protected CloudFront distributions forward to WAF for inspection.
7744
+ # The default is 16 KB (16,384 kilobytes).
7745
+ #
7746
+ # <note markdown="1"> You are charged additional fees when your protected resources
7747
+ # forward body sizes that are larger than the default. For more
7748
+ # information, see [WAF Pricing][1].
7749
+ #
7750
+ # </note>
7751
+ #
7752
+ #
7753
+ #
7754
+ # [1]: http://aws.amazon.com/waf/pricing/
7755
+ # @return [Types::AssociationConfig]
7756
+ #
7393
7757
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateWebACLRequest AWS API Documentation
7394
7758
  #
7395
7759
  class UpdateWebACLRequest < Struct.new(
@@ -7404,7 +7768,8 @@ module Aws::WAFV2
7404
7768
  :custom_response_bodies,
7405
7769
  :captcha_config,
7406
7770
  :challenge_config,
7407
- :token_domains)
7771
+ :token_domains,
7772
+ :association_config)
7408
7773
  SENSITIVE = []
7409
7774
  include Aws::Structure
7410
7775
  end
@@ -7499,7 +7864,7 @@ module Aws::WAFV2
7499
7864
  # @!attribute [rw] cloud_watch_metrics_enabled
7500
7865
  # A boolean indicating whether the associated resource sends metrics
7501
7866
  # to Amazon CloudWatch. For the list of available metrics, see [WAF
7502
- # Metrics][1].
7867
+ # Metrics][1] in the *WAF Developer Guide*.
7503
7868
  #
7504
7869
  #
7505
7870
  #
@@ -7665,8 +8030,7 @@ module Aws::WAFV2
7665
8030
  #
7666
8031
  # The policy specifications must conform to the following:
7667
8032
  #
7668
- # * The policy must be composed using IAM Policy version 2012-10-17 or
7669
- # version 2015-01-01.
8033
+ # * The policy must be composed using IAM Policy version 2012-10-17.
7670
8034
  #
7671
8035
  # * The policy must include specifications for `Effect`, `Action`, and
7672
8036
  # `Principal`.
@@ -7871,7 +8235,7 @@ module Aws::WAFV2
7871
8235
  # can associate a web ACL with one or more Amazon Web Services resources
7872
8236
  # to protect. The resources can be an Amazon CloudFront distribution, an
7873
8237
  # Amazon API Gateway REST API, an Application Load Balancer, an AppSync
7874
- # GraphQL API, Amazon Cognito user pool, or an App Runner service.
8238
+ # GraphQL API, an Amazon Cognito user pool, or an App Runner service.
7875
8239
  #
7876
8240
  # @!attribute [rw] name
7877
8241
  # The name of the web ACL. You cannot change the name of a web ACL
@@ -7920,8 +8284,13 @@ module Aws::WAFV2
7920
8284
  # relative cost of each rule. Simple rules that cost little to run use
7921
8285
  # fewer WCUs than more complex rules that use more processing power.
7922
8286
  # Rule group capacity is fixed at creation, which helps users plan
7923
- # their web ACL WCU usage when they use a rule group. The WCU limit
7924
- # for web ACLs is 1,500.
8287
+ # their web ACL WCU usage when they use a rule group. For more
8288
+ # information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
8289
+ # Developer Guide*.
8290
+ #
8291
+ #
8292
+ #
8293
+ # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
7925
8294
  # @return [Integer]
7926
8295
  #
7927
8296
  # @!attribute [rw] pre_process_firewall_manager_rule_groups
@@ -7980,18 +8349,17 @@ module Aws::WAFV2
7980
8349
  # rules and default actions that you define in the web ACL.
7981
8350
  #
7982
8351
  # For information about customizing web requests and responses, see
7983
- # [Customizing web requests and responses in WAF][1] in the [WAF
7984
- # Developer Guide][2].
8352
+ # [Customizing web requests and responses in WAF][1] in the *WAF
8353
+ # Developer Guide*.
7985
8354
  #
7986
8355
  # For information about the limits on count and size for custom
7987
- # request and response settings, see [WAF quotas][3] in the [WAF
7988
- # Developer Guide][2].
8356
+ # request and response settings, see [WAF quotas][2] in the *WAF
8357
+ # Developer Guide*.
7989
8358
  #
7990
8359
  #
7991
8360
  #
7992
8361
  # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
7993
- # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
7994
- # [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
8362
+ # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
7995
8363
  # @return [Hash<String,Types::CustomResponseBody>]
7996
8364
  #
7997
8365
  # @!attribute [rw] captcha_config
@@ -8017,6 +8385,25 @@ module Aws::WAFV2
8017
8385
  # domain list, including their prefixed subdomains.
8018
8386
  # @return [Array<String>]
8019
8387
  #
8388
+ # @!attribute [rw] association_config
8389
+ # Specifies custom configurations for the associations between the web
8390
+ # ACL and protected resources.
8391
+ #
8392
+ # Use this to customize the maximum size of the request body that your
8393
+ # protected CloudFront distributions forward to WAF for inspection.
8394
+ # The default is 16 KB (16,384 kilobytes).
8395
+ #
8396
+ # <note markdown="1"> You are charged additional fees when your protected resources
8397
+ # forward body sizes that are larger than the default. For more
8398
+ # information, see [WAF Pricing][1].
8399
+ #
8400
+ # </note>
8401
+ #
8402
+ #
8403
+ #
8404
+ # [1]: http://aws.amazon.com/waf/pricing/
8405
+ # @return [Types::AssociationConfig]
8406
+ #
8020
8407
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WebACL AWS API Documentation
8021
8408
  #
8022
8409
  class WebACL < Struct.new(
@@ -8035,7 +8422,8 @@ module Aws::WAFV2
8035
8422
  :custom_response_bodies,
8036
8423
  :captcha_config,
8037
8424
  :challenge_config,
8038
- :token_domains)
8425
+ :token_domains,
8426
+ :association_config)
8039
8427
  SENSITIVE = []
8040
8428
  include Aws::Structure
8041
8429
  end