aws-sdk-wafv2 1.53.0 → 1.55.0

data/lib/aws-sdk-wafv2/types.rb

@@ -10,6 +10,44 @@
 module Aws::WAFV2
   module Types
 
+    # Information for a single API key.
+    #
+    # @!attribute [rw] token_domains
+    #   The token domains that are defined in this API key.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] api_key
+    #   The generated, encrypted API key. You can copy this for use in your
+    #   JavaScript CAPTCHA integration.
+    #
+    #   For information about how to use this in your CAPTCHA JavaScript
+    #   integration, see [WAF client application integration][1] in the *WAF
+    #   Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html
+    #   @return [String]
+    #
+    # @!attribute [rw] creation_timestamp
+    #   The date and time that the key was created.
+    #   @return [Time]
+    #
+    # @!attribute [rw] version
+    #   Internal value used by WAF to manage the key.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/APIKeySummary AWS API Documentation
+    #
+    class APIKeySummary < Struct.new(
+      :token_domains,
+      :api_key,
+      :creation_timestamp,
+      :version)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Details for your use of the account takeover prevention managed rule
     # group, `AWSManagedRulesATPRuleSet`. This configuration is used in
     # `ManagedRuleGroupConfig`.
@@ -63,7 +101,8 @@ module Aws::WAFV2
     #   The inspection level to use for the Bot Control rule group. The
     #   common level is the least expensive. The targeted level includes all
     #   common level rules and adds rules with more advanced inspection
-    #   criteria. For details, see [WAF Bot Control rule group][1].
+    #   criteria. For details, see [WAF Bot Control rule group][1] in the
+    #   *WAF Developer Guide*.
     #
     #
     #
@@ -137,13 +176,12 @@ module Aws::WAFV2
     #   Defines custom handling for the web request.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
     #   @return [Types::CustomRequestHandling]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AllowAction AWS API Documentation
@@ -183,20 +221,22 @@ module Aws::WAFV2
     #   The ARN must be in one of the following formats:
     #
     #   * For an Application Load Balancer:
-    #     `arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
+    #     `arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
     #     `
     #
     #   * For an Amazon API Gateway REST API:
-    #     `arn:aws:apigateway:region::/restapis/api-id/stages/stage-name `
+    #     `arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
+    #     `
     #
     #   * For an AppSync GraphQL API:
-    #     `arn:aws:appsync:region:account-id:apis/GraphQLApiId `
+    #     `arn:partition:appsync:region:account-id:apis/GraphQLApiId `
     #
     #   * For an Amazon Cognito user pool:
-    #     `arn:aws:cognito-idp:region:account-id:userpool/user-pool-id `
+    #     `arn:partition:cognito-idp:region:account-id:userpool/user-pool-id
+    #     `
     #
     #   * For an App Runner service:
-    #     `arn:aws:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
+    #     `arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
     #     `
     #   @return [String]
     #
@@ -213,6 +253,47 @@ module Aws::WAFV2
     #
     class AssociateWebACLResponse < Aws::EmptyStructure; end
 
+    # Specifies custom configurations for the associations between the web
+    # ACL and protected resources.
+    #
+    # Use this to customize the maximum size of the request body that your
+    # protected CloudFront distributions forward to WAF for inspection. The
+    # default is 16 KB (16,384 kilobytes).
+    #
+    # <note markdown="1"> You are charged additional fees when your protected resources forward
+    # body sizes that are larger than the default. For more information, see
+    # [WAF Pricing][1].
+    #
+    #  </note>
+    #
+    #
+    #
+    # [1]: http://aws.amazon.com/waf/pricing/
+    #
+    # @!attribute [rw] request_body
+    #   Customizes the maximum size of the request body that your protected
+    #   CloudFront distributions forward to WAF for inspection. The default
+    #   size is 16 KB (16,384 kilobytes).
+    #
+    #   <note markdown="1"> You are charged additional fees when your protected resources
+    #   forward body sizes that are larger than the default. For more
+    #   information, see [WAF Pricing][1].
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: http://aws.amazon.com/waf/pricing/
+    #   @return [Hash<String,Types::RequestBodyAssociatedResourceTypeConfig>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AssociationConfig AWS API Documentation
+    #
+    class AssociationConfig < Struct.new(
+      :request_body)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # Specifies that WAF should block the request and optionally defines
     # additional custom handling for the response to the web request.
     #
@@ -223,13 +304,12 @@ module Aws::WAFV2
     #   Defines a custom response for the web request.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
     #   @return [Types::CustomResponse]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/BlockAction AWS API Documentation
@@ -248,10 +328,16 @@ module Aws::WAFV2
     #
     # @!attribute [rw] oversize_handling
     #   What WAF should do if the body is larger than WAF can inspect. WAF
-    #   does not support inspecting the entire contents of the body of a web
-    #   request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB
-    #   of the request body are forwarded to WAF by the underlying host
-    #   service.
+    #   does not support inspecting the entire contents of the web request
+    #   body if the body exceeds the limit for the resource type. If the
+    #   body is larger than the limit, the underlying host service only
+    #   forwards the contents that are below the limit to WAF for
+    #   inspection.
+    #
+    #   The default limit is 8 KB (8,192 kilobytes) for regional resources
+    #   and 16 KB (16,384 kilobytes) for CloudFront distributions. For
+    #   CloudFront distributions, you can increase the limit in the web ACL
+    #   `AssociationConfig`, for additional processing fees.
     #
     #   The options for oversize handling are the following:
     #
@@ -266,7 +352,7 @@ module Aws::WAFV2
     #
     #   You can combine the `MATCH` or `NO_MATCH` settings for oversize
     #   handling with your rule and web ACL action settings, so that you
-    #   block any request whose body is over 8 KB.
+    #   block any request whose body is over the limit.
     #
     #   Default: `CONTINUE`
     #   @return [String]
@@ -422,13 +508,12 @@ module Aws::WAFV2
     #   unexpired.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
     #   @return [Types::CustomRequestHandling]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CaptchaAction AWS API Documentation
@@ -531,13 +616,12 @@ module Aws::WAFV2
     #   unexpired.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
     #   @return [Types::CustomRequestHandling]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ChallengeAction AWS API Documentation
@@ -596,7 +680,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -756,13 +840,12 @@ module Aws::WAFV2
     #   Defines custom handling for the web request.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
     #   @return [Types::CustomRequestHandling]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CountAction AWS API Documentation
@@ -773,6 +856,57 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # @!attribute [rw] scope
+    #   Specifies whether this is for an Amazon CloudFront distribution or
+    #   for a regional application. A regional application can be an
+    #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
+    #
+    #   To work with CloudFront, you must also specify the Region US East
+    #   (N. Virginia) as follows:
+    #
+    #   * CLI - Specify the Region when you use the CloudFront scope:
+    #     `--scope=CLOUDFRONT --region=us-east-1`.
+    #
+    #   * API and SDKs - For all calls, use the Region endpoint us-east-1.
+    #   @return [String]
+    #
+    # @!attribute [rw] token_domains
+    #   The client application domains that you want to use this API key
+    #   for.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateAPIKeyRequest AWS API Documentation
+    #
+    class CreateAPIKeyRequest < Struct.new(
+      :scope,
+      :token_domains)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] api_key
+    #   The generated, encrypted API key. You can copy this for use in your
+    #   JavaScript CAPTCHA integration.
+    #
+    #   For information about how to use this in your CAPTCHA JavaScript
+    #   integration, see [WAF client application integration][1] in the *WAF
+    #   Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateAPIKeyResponse AWS API Documentation
+    #
+    class CreateAPIKeyResponse < Struct.new(
+      :api_key)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] name
     #   The name of the IP set. You cannot change the name of an `IPSet`
     #   after you create it.
@@ -782,7 +916,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -889,7 +1023,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -950,7 +1084,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -976,8 +1110,13 @@ module Aws::WAFV2
     #   relative cost of each rule. Simple rules that cost little to run use
     #   fewer WCUs than more complex rules that use more processing power.
     #   Rule group capacity is fixed at creation, which helps users plan
-    #   their web ACL WCU usage when they use a rule group. The WCU limit
-    #   for web ACLs is 1,500.
+    #   their web ACL WCU usage when they use a rule group. For more
+    #   information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
+    #   Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
     #   @return [Integer]
     #
     # @!attribute [rw] description
@@ -1007,18 +1146,17 @@ module Aws::WAFV2
     #   the rules that you define in the rule group.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #   For information about the limits on count and size for custom
-    #   request and response settings, see [WAF quotas][3] in the [WAF
-    #   Developer Guide][2].
+    #   request and response settings, see [WAF quotas][2] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
-    #   [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
+    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
     #   @return [Hash<String,Types::CustomResponseBody>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateRuleGroupRequest AWS API Documentation
@@ -1061,7 +1199,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -1105,18 +1243,17 @@ module Aws::WAFV2
     #   rules and default actions that you define in the web ACL.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #   For information about the limits on count and size for custom
-    #   request and response settings, see [WAF quotas][3] in the [WAF
-    #   Developer Guide][2].
+    #   request and response settings, see [WAF quotas][2] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
-    #   [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
+    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
     #   @return [Hash<String,Types::CustomResponseBody>]
     #
     # @!attribute [rw] captcha_config
@@ -1148,6 +1285,25 @@ module Aws::WAFV2
     #   `usa.gov` or `co.uk` as token domains.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] association_config
+    #   Specifies custom configurations for the associations between the web
+    #   ACL and protected resources.
+    #
+    #   Use this to customize the maximum size of the request body that your
+    #   protected CloudFront distributions forward to WAF for inspection.
+    #   The default is 16 KB (16,384 kilobytes).
+    #
+    #   <note markdown="1"> You are charged additional fees when your protected resources
+    #   forward body sizes that are larger than the default. For more
+    #   information, see [WAF Pricing][1].
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: http://aws.amazon.com/waf/pricing/
+    #   @return [Types::AssociationConfig]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CreateWebACLRequest AWS API Documentation
     #
     class CreateWebACLRequest < Struct.new(
@@ -1161,7 +1317,8 @@ module Aws::WAFV2
       :custom_response_bodies,
       :captcha_config,
       :challenge_config,
-      :token_domains)
+      :token_domains,
+      :association_config)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -1213,26 +1370,24 @@ module Aws::WAFV2
     # `CaptchaAction` for requests with valid t okens, and `AllowAction`.
     #
     # For information about customizing web requests and responses, see
-    # [Customizing web requests and responses in WAF][1] in the [WAF
-    # Developer Guide][2].
+    # [Customizing web requests and responses in WAF][1] in the *WAF
+    # Developer Guide*.
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
     #
     # @!attribute [rw] insert_headers
     #   The HTTP headers to insert into the request. Duplicate header names
     #   are not allowed.
     #
     #   For information about the limits on count and size for custom
-    #   request and response settings, see [WAF quotas][1] in the [WAF
-    #   Developer Guide][2].
+    #   request and response settings, see [WAF quotas][1] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
     #   @return [Array<Types::CustomHTTPHeader>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CustomRequestHandling AWS API Documentation
@@ -1248,25 +1403,23 @@ module Aws::WAFV2
     # BlockAction.
     #
     # For information about customizing web requests and responses, see
-    # [Customizing web requests and responses in WAF][1] in the [WAF
-    # Developer Guide][2].
+    # [Customizing web requests and responses in WAF][1] in the *WAF
+    # Developer Guide*.
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
     #
     # @!attribute [rw] response_code
     #   The HTTP status code to return to the client.
     #
     #   For a list of status codes that you can use in your custom
     #   responses, see [Supported status codes for custom response][1] in
-    #   the [WAF Developer Guide][2].
+    #   the *WAF Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
     #   @return [Integer]
     #
     # @!attribute [rw] custom_response_body_key
@@ -1285,13 +1438,12 @@ module Aws::WAFV2
     #   not allowed.
     #
     #   For information about the limits on count and size for custom
-    #   request and response settings, see [WAF quotas][1] in the [WAF
-    #   Developer Guide][2].
+    #   request and response settings, see [WAF quotas][1] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
     #   @return [Array<Types::CustomHTTPHeader>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CustomResponse AWS API Documentation
@@ -1319,13 +1471,12 @@ module Aws::WAFV2
     #   must specify JSON content in the `ContentType` setting.
     #
     #   For information about the limits on count and size for custom
-    #   request and response settings, see [WAF quotas][1] in the [WAF
-    #   Developer Guide][2].
+    #   request and response settings, see [WAF quotas][1] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/CustomResponseBody AWS API Documentation
@@ -1412,7 +1563,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -1502,7 +1653,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -1556,7 +1707,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -1610,7 +1761,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -1669,7 +1820,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -1716,13 +1867,21 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] capacity
-    #   The web ACL capacity units (WCUs) required for this rule group. WAF
-    #   uses web ACL capacity units (WCU) to calculate and control the
-    #   operating resources that are used to run your rules, rule groups,
-    #   and web ACLs. WAF calculates capacity differently for each rule
-    #   type, to reflect each rule's relative cost. Rule group capacity is
-    #   fixed at creation, so users can plan their web ACL WCU usage when
-    #   they use a rule group. The WCU limit for web ACLs is 1,500.
+    #   The web ACL capacity units (WCUs) required for this rule group.
+    #
+    #   WAF uses WCUs to calculate and control the operating resources that
+    #   are used to run your rules, rule groups, and web ACLs. WAF
+    #   calculates capacity differently for each rule type, to reflect the
+    #   relative cost of each rule. Simple rules that cost little to run use
+    #   fewer WCUs than more complex rules that use more processing power.
+    #   Rule group capacity is fixed at creation, which helps users plan
+    #   their web ACL WCU usage when they use a rule group. For more
+    #   information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
+    #   Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
     #   @return [Integer]
     #
     # @!attribute [rw] rules
@@ -1779,20 +1938,22 @@ module Aws::WAFV2
     #   The ARN must be in one of the following formats:
     #
     #   * For an Application Load Balancer:
-    #     `arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
+    #     `arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
     #     `
     #
     #   * For an Amazon API Gateway REST API:
-    #     `arn:aws:apigateway:region::/restapis/api-id/stages/stage-name `
+    #     `arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
+    #     `
     #
     #   * For an AppSync GraphQL API:
-    #     `arn:aws:appsync:region:account-id:apis/GraphQLApiId `
+    #     `arn:partition:appsync:region:account-id:apis/GraphQLApiId `
     #
     #   * For an Amazon Cognito user pool:
-    #     `arn:aws:cognito-idp:region:account-id:userpool/user-pool-id `
+    #     `arn:partition:cognito-idp:region:account-id:userpool/user-pool-id
+    #     `
     #
     #   * For an App Runner service:
-    #     `arn:aws:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
+    #     `arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
     #     `
     #   @return [String]
     #
@@ -1882,10 +2043,15 @@ module Aws::WAFV2
     #   contains any additional data that you want to send to your web
     #   server as the HTTP request body, such as data from a form.
     #
-    #   Only the first 8 KB (8192 bytes) of the request body are forwarded
-    #   to WAF for inspection by the underlying host service. For
-    #   information about how to handle oversized request bodies, see the
-    #   `Body` object configuration.
+    #   A limited amount of the request body is forwarded to WAF for
+    #   inspection by the underlying host service. For regional resources,
+    #   the limit is 8 KB (8,192 kilobytes) and for CloudFront
+    #   distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront
+    #   distributions, you can increase the limit in the web ACL's
+    #   `AssociationConfig`, for additional processing fees.
+    #
+    #   For information about how to handle oversized request bodies, see
+    #   the `Body` object configuration.
     #   @return [Types::Body]
     #
     # @!attribute [rw] method
@@ -1899,10 +2065,15 @@ module Aws::WAFV2
     #   contains any additional data that you want to send to your web
     #   server as the HTTP request body, such as data from a form.
     #
-    #   Only the first 8 KB (8192 bytes) of the request body are forwarded
-    #   to WAF for inspection by the underlying host service. For
-    #   information about how to handle oversized request bodies, see the
-    #   `JsonBody` object configuration.
+    #   A limited amount of the request body is forwarded to WAF for
+    #   inspection by the underlying host service. For regional resources,
+    #   the limit is 8 KB (8,192 kilobytes) and for CloudFront
+    #   distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront
+    #   distributions, you can increase the limit in the web ACL's
+    #   `AssociationConfig`, for additional processing fees.
+    #
+    #   For information about how to handle oversized request bodies, see
+    #   the `JsonBody` object configuration.
     #   @return [Types::JsonBody]
     #
     # @!attribute [rw] headers
@@ -2033,40 +2204,19 @@ module Aws::WAFV2
     end
 
     # The processing guidance for an Firewall Manager rule. This is like a
-    # regular rule Statement, but it can only contain a rule group
+    # regular rule Statement, but it can only contain a single rule group
     # reference.
     #
     # @!attribute [rw] managed_rule_group_statement
-    #   A rule statement used to run the rules that are defined in a managed
-    #   rule group. To use this, provide the vendor name and the name of the
-    #   rule group in this statement. You can retrieve the required names by
-    #   calling ListAvailableManagedRuleGroups.
-    #
-    #   You cannot nest a `ManagedRuleGroupStatement`, for example for use
-    #   inside a `NotStatement` or `OrStatement`. It can only be referenced
-    #   as a top-level statement within a rule.
-    #
-    #   <note markdown="1"> You are charged additional fees when you use the WAF Bot Control
-    #   managed rule group `AWSManagedRulesBotControlRuleSet` or the WAF
-    #   Fraud Control account takeover prevention (ATP) managed rule group
-    #   `AWSManagedRulesATPRuleSet`. For more information, see [WAF
-    #   Pricing][1].
-    #
-    #    </note>
-    #
-    #
-    #
-    #   [1]: http://aws.amazon.com/waf/pricing/
+    #   A statement used by Firewall Manager to run the rules that are
+    #   defined in a managed rule group. This is managed by Firewall Manager
+    #   for an Firewall Manager WAF policy.
     #   @return [Types::ManagedRuleGroupStatement]
     #
     # @!attribute [rw] rule_group_reference_statement
-    #   A rule statement used to run the rules that are defined in a
-    #   RuleGroup. To use this, create a rule group with your rules, then
-    #   provide the ARN of the rule group in this statement.
-    #
-    #   You cannot nest a `RuleGroupReferenceStatement`, for example for use
-    #   inside a `NotStatement` or `OrStatement`. You can only use a rule
-    #   group reference statement at the top level inside a web ACL.
+    #   A statement used by Firewall Manager to run the rules that are
+    #   defined in a rule group. This is managed by Firewall Manager for an
+    #   Firewall Manager WAF policy.
     #   @return [Types::RuleGroupReferenceStatement]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/FirewallManagerStatement AWS API Documentation
@@ -2234,6 +2384,52 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # @!attribute [rw] scope
+    #   Specifies whether this is for an Amazon CloudFront distribution or
+    #   for a regional application. A regional application can be an
+    #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
+    #
+    #   To work with CloudFront, you must also specify the Region US East
+    #   (N. Virginia) as follows:
+    #
+    #   * CLI - Specify the Region when you use the CloudFront scope:
+    #     `--scope=CLOUDFRONT --region=us-east-1`.
+    #
+    #   * API and SDKs - For all calls, use the Region endpoint us-east-1.
+    #   @return [String]
+    #
+    # @!attribute [rw] api_key
+    #   The encrypted API key.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetDecryptedAPIKeyRequest AWS API Documentation
+    #
+    class GetDecryptedAPIKeyRequest < Struct.new(
+      :scope,
+      :api_key)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] token_domains
+    #   The token domains that are defined in this API key.
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] creation_timestamp
+    #   The date and time that the key was created.
+    #   @return [Time]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetDecryptedAPIKeyResponse AWS API Documentation
+    #
+    class GetDecryptedAPIKeyResponse < Struct.new(
+      :token_domains,
+      :creation_timestamp)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] name
     #   The name of the IP set. You cannot change the name of an `IPSet`
     #   after you create it.
@@ -2243,7 +2439,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -2332,7 +2528,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -2445,7 +2641,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -2519,7 +2715,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -2580,7 +2776,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -2651,7 +2847,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -2731,20 +2927,22 @@ module Aws::WAFV2
     #   The ARN must be in one of the following formats:
     #
     #   * For an Application Load Balancer:
-    #     `arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
+    #     `arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
     #     `
     #
     #   * For an Amazon API Gateway REST API:
-    #     `arn:aws:apigateway:region::/restapis/api-id/stages/stage-name `
+    #     `arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
+    #     `
     #
     #   * For an AppSync GraphQL API:
-    #     `arn:aws:appsync:region:account-id:apis/GraphQLApiId `
+    #     `arn:partition:appsync:region:account-id:apis/GraphQLApiId `
     #
     #   * For an Amazon Cognito user pool:
-    #     `arn:aws:cognito-idp:region:account-id:userpool/user-pool-id `
+    #     `arn:partition:cognito-idp:region:account-id:userpool/user-pool-id
+    #     `
     #
     #   * For an App Runner service:
-    #     `arn:aws:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
+    #     `arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
     #     `
     #   @return [String]
     #
@@ -2778,7 +2976,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -3347,10 +3545,16 @@ module Aws::WAFV2
     #
     # @!attribute [rw] oversize_handling
     #   What WAF should do if the body is larger than WAF can inspect. WAF
-    #   does not support inspecting the entire contents of the body of a web
-    #   request when the body exceeds 8 KB (8192 bytes). Only the first 8 KB
-    #   of the request body are forwarded to WAF by the underlying host
-    #   service.
+    #   does not support inspecting the entire contents of the web request
+    #   body if the body exceeds the limit for the resource type. If the
+    #   body is larger than the limit, the underlying host service only
+    #   forwards the contents that are below the limit to WAF for
+    #   inspection.
+    #
+    #   The default limit is 8 KB (8,192 kilobytes) for regional resources
+    #   and 16 KB (16,384 kilobytes) for CloudFront distributions. For
+    #   CloudFront distributions, you can increase the limit in the web ACL
+    #   `AssociationConfig`, for additional processing fees.
     #
     #   The options for oversize handling are the following:
     #
@@ -3365,7 +3569,7 @@ module Aws::WAFV2
     #
     #   You can combine the `MATCH` or `NO_MATCH` settings for oversize
     #   handling with your rule and web ACL action settings, so that you
-    #   block any request whose body is over 8 KB.
+    #   block any request whose body is over the limit.
     #
     #   Default: `CONTINUE`
     #   @return [String]
@@ -3523,6 +3727,83 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # @!attribute [rw] scope
+    #   Specifies whether this is for an Amazon CloudFront distribution or
+    #   for a regional application. A regional application can be an
+    #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
+    #   service.
+    #
+    #   To work with CloudFront, you must also specify the Region US East
+    #   (N. Virginia) as follows:
+    #
+    #   * CLI - Specify the Region when you use the CloudFront scope:
+    #     `--scope=CLOUDFRONT --region=us-east-1`.
+    #
+    #   * API and SDKs - For all calls, use the Region endpoint us-east-1.
+    #   @return [String]
+    #
+    # @!attribute [rw] next_marker
+    #   When you request a list of objects with a `Limit` setting, if the
+    #   number of objects that are still available for retrieval exceeds the
+    #   limit, WAF returns a `NextMarker` value in the response. To retrieve
+    #   the next batch of objects, provide the marker from the prior call in
+    #   your next request.
+    #   @return [String]
+    #
+    # @!attribute [rw] limit
+    #   The maximum number of objects that you want WAF to return for this
+    #   request. If more objects are available, in the response, WAF
+    #   provides a `NextMarker` value that you can use in a subsequent call
+    #   to get the next batch of objects.
+    #   @return [Integer]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListAPIKeysRequest AWS API Documentation
+    #
+    class ListAPIKeysRequest < Struct.new(
+      :scope,
+      :next_marker,
+      :limit)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] next_marker
+    #   When you request a list of objects with a `Limit` setting, if the
+    #   number of objects that are still available for retrieval exceeds the
+    #   limit, WAF returns a `NextMarker` value in the response. To retrieve
+    #   the next batch of objects, provide the marker from the prior call in
+    #   your next request.
+    #   @return [String]
+    #
+    # @!attribute [rw] api_key_summaries
+    #   The array of key summaries. If you specified a `Limit` in your
+    #   request, this might not be the full list.
+    #   @return [Array<Types::APIKeySummary>]
+    #
+    # @!attribute [rw] application_integration_url
+    #   The CAPTCHA application integration URL, for use in your JavaScript
+    #   implementation.
+    #
+    #   For information about how to use this in your CAPTCHA JavaScript
+    #   integration, see [WAF client application integration][1] in the *WAF
+    #   Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListAPIKeysResponse AWS API Documentation
+    #
+    class ListAPIKeysResponse < Struct.new(
+      :next_marker,
+      :api_key_summaries,
+      :application_integration_url)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] vendor_name
     #   The name of the managed rule group vendor. You use this, along with
     #   the rule group name, to identify the rule group.
@@ -3537,7 +3818,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -3586,7 +3867,8 @@ module Aws::WAFV2
     #
     # @!attribute [rw] versions
     #   The versions that are currently available for the specified managed
-    #   rule group.
+    #   rule group. If you specified a `Limit` in your request, this might
+    #   not be the full list.
     #   @return [Array<Types::ManagedRuleGroupVersion>]
     #
     # @!attribute [rw] current_default_version
@@ -3607,7 +3889,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -3653,6 +3935,8 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] managed_rule_groups
+    #   Array of managed rule groups that you can use. If you specified a
+    #   `Limit` in your request, this might not be the full list.
     #   @return [Array<Types::ManagedRuleGroupSummary>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListAvailableManagedRuleGroupsResponse AWS API Documentation
@@ -3668,7 +3952,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -3714,8 +3998,8 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] ip_sets
-    #   Array of IPSets. This may not be the full list of IPSets that you
-    #   have defined. See the `Limit` specification for this request.
+    #   Array of IPSets. If you specified a `Limit` in your request, this
+    #   might not be the full list.
     #   @return [Array<Types::IPSetSummary>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListIPSetsResponse AWS API Documentation
@@ -3731,7 +4015,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -3769,6 +4053,8 @@ module Aws::WAFV2
     end
 
     # @!attribute [rw] logging_configurations
+    #   Array of logging configurations. If you specified a `Limit` in your
+    #   request, this might not be the full list.
     #   @return [Array<Types::LoggingConfiguration>]
     #
     # @!attribute [rw] next_marker
@@ -3792,7 +4078,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -3838,7 +4124,8 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] managed_rule_sets
-    #   Your managed rule sets.
+    #   Your managed rule sets. If you specified a `Limit` in your request,
+    #   this might not be the full list.
     #   @return [Array<Types::ManagedRuleSetSummary>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListManagedRuleSetsResponse AWS API Documentation
@@ -3880,7 +4167,9 @@ module Aws::WAFV2
     end
 
     # @!attribute [rw] release_summaries
-    #   High level information for the available SDK releases.
+    #   The high level information for the available SDK releases. If you
+    #   specified a `Limit` in your request, this might not be the full
+    #   list.
     #   @return [Array<Types::ReleaseSummary>]
     #
     # @!attribute [rw] next_marker
@@ -3904,7 +4193,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -3950,6 +4239,8 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] regex_pattern_sets
+    #   Array of regex pattern sets. If you specified a `Limit` in your
+    #   request, this might not be the full list.
     #   @return [Array<Types::RegexPatternSetSummary>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListRegexPatternSetsResponse AWS API Documentation
@@ -3968,7 +4259,7 @@ module Aws::WAFV2
     # @!attribute [rw] resource_type
     #   Used for web ACLs that are scoped for regional applications. A
     #   regional application can be an Application Load Balancer (ALB), an
-    #   Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon
+    #   Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
     #   Cognito user pool, or an App Runner service.
     #
     #   <note markdown="1"> If you don't provide a resource type, the call uses the resource
@@ -4005,7 +4296,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -4051,6 +4342,8 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] rule_groups
+    #   Array of rule groups. If you specified a `Limit` in your request,
+    #   this might not be the full list.
     #   @return [Array<Types::RuleGroupSummary>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListRuleGroupsResponse AWS API Documentation
@@ -4100,7 +4393,9 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] tag_info_for_resource
-    #   The collection of tagging definitions for the resource.
+    #   The collection of tagging definitions for the resource. If you
+    #   specified a `Limit` in your request, this might not be the full
+    #   list.
     #   @return [Types::TagInfoForResource]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListTagsForResourceResponse AWS API Documentation
@@ -4116,7 +4411,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -4162,6 +4457,8 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] web_acls
+    #   Array of web ACLs. If you specified a `Limit` in your request, this
+    #   might not be the full list.
     #   @return [Array<Types::WebACLSummary>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ListWebACLsResponse AWS API Documentation
@@ -4721,8 +5018,13 @@ module Aws::WAFV2
     #   relative cost of each rule. Simple rules that cost little to run use
     #   fewer WCUs than more complex rules that use more processing power.
     #   Rule group capacity is fixed at creation, which helps users plan
-    #   their web ACL WCU usage when they use a rule group. The WCU limit
-    #   for web ACLs is 1,500.
+    #   their web ACL WCU usage when they use a rule group. For more
+    #   information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
+    #   Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
     #   @return [Integer]
     #
     # @!attribute [rw] forecasted_lifetime
@@ -4960,7 +5262,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -5043,8 +5345,7 @@ module Aws::WAFV2
     #
     #   The policy specifications must conform to the following:
     #
-    #   * The policy must be composed using IAM Policy version 2012-10-17 or
-    #     version 2015-01-01.
+    #   * The policy must be composed using IAM Policy version 2012-10-17.
     #
     #   * The policy must include specifications for `Effect`, `Action`, and
     #     `Principal`.
@@ -5399,6 +5700,39 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # Customizes the maximum size of the request body that your protected
+    # CloudFront distributions forward to WAF for inspection. The default
+    # size is 16 KB (16,384 kilobytes).
+    #
+    # <note markdown="1"> You are charged additional fees when your protected resources forward
+    # body sizes that are larger than the default. For more information, see
+    # [WAF Pricing][1].
+    #
+    #  </note>
+    #
+    # This is used in the `AssociationConfig` of the web ACL.
+    #
+    #
+    #
+    # [1]: http://aws.amazon.com/waf/pricing/
+    #
+    # @!attribute [rw] default_size_inspection_limit
+    #   Specifies the maximum size of the web request body component that an
+    #   associated CloudFront distribution should send to WAF for
+    #   inspection. This applies to statements in the web ACL that inspect
+    #   the body or JSON body.
+    #
+    #   Default: `16 KB (16,384 kilobytes)`
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RequestBodyAssociatedResourceTypeConfig AWS API Documentation
+    #
+    class RequestBodyAssociatedResourceTypeConfig < Struct.new(
+      :default_size_inspection_limit)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # The criteria for inspecting login requests, used by the ATP rule group
     # to validate credentials usage.
     #
@@ -5905,8 +6239,13 @@ module Aws::WAFV2
     #   relative cost of each rule. Simple rules that cost little to run use
     #   fewer WCUs than more complex rules that use more processing power.
     #   Rule group capacity is fixed at creation, which helps users plan
-    #   their web ACL WCU usage when they use a rule group. The WCU limit
-    #   for web ACLs is 1,500.
+    #   their web ACL WCU usage when they use a rule group. For more
+    #   information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
+    #   Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
     #   @return [Integer]
     #
     # @!attribute [rw] arn
@@ -5953,18 +6292,17 @@ module Aws::WAFV2
     #   the rules that you define in the rule group.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #   For information about the limits on count and size for custom
-    #   request and response settings, see [WAF quotas][3] in the [WAF
-    #   Developer Guide][2].
+    #   request and response settings, see [WAF quotas][2] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
-    #   [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
+    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
     #   @return [Hash<String,Types::CustomResponseBody>]
     #
     # @!attribute [rw] available_labels
@@ -6251,9 +6589,14 @@ module Aws::WAFV2
     # statement to look for query strings that are longer than 100 bytes.
     #
     # If you configure WAF to inspect the request body, WAF inspects only
-    # the first 8192 bytes (8 KB). If the request body for your web requests
-    # never exceeds 8192 bytes, you could use a size constraint statement to
-    # block requests that have a request body greater than 8192 bytes.
+    # the number of bytes of the body up to the limit for the web ACL. By
+    # default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes)
+    # and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes).
+    # For CloudFront web ACLs, you can increase the limit in the web ACL
+    # `AssociationConfig`, for additional fees. If you know that the request
+    # body for your web requests should never exceed the inspection limit,
+    # you could use a size constraint statement to block requests that have
+    # a larger request body size.
     #
     # If you choose URI for the value of Part of the request to filter on,
     # the slash (/) in the URI counts as one character. For example, the URI
@@ -6375,10 +6718,14 @@ module Aws::WAFV2
     #   100 bytes.
     #
     #   If you configure WAF to inspect the request body, WAF inspects only
-    #   the first 8192 bytes (8 KB). If the request body for your web
-    #   requests never exceeds 8192 bytes, you could use a size constraint
-    #   statement to block requests that have a request body greater than
-    #   8192 bytes.
+    #   the number of bytes of the body up to the limit for the web ACL. By
+    #   default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes)
+    #   and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes).
+    #   For CloudFront web ACLs, you can increase the limit in the web ACL
+    #   `AssociationConfig`, for additional fees. If you know that the
+    #   request body for your web requests should never exceed the
+    #   inspection limit, you could use a size constraint statement to block
+    #   requests that have a larger request body size.
     #
     #   If you choose URI for the value of Part of the request to filter on,
     #   the slash (/) in the URI counts as one character. For example, the
@@ -6893,7 +7240,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -7012,7 +7359,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -7111,7 +7458,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -7184,7 +7531,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -7237,18 +7584,17 @@ module Aws::WAFV2
     #   the rules that you define in the rule group.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #   For information about the limits on count and size for custom
-    #   request and response settings, see [WAF quotas][3] in the [WAF
-    #   Developer Guide][2].
+    #   request and response settings, see [WAF quotas][2] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
-    #   [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
+    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
     #   @return [Hash<String,Types::CustomResponseBody>]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateRuleGroupRequest AWS API Documentation
@@ -7289,7 +7635,7 @@ module Aws::WAFV2
     #   Specifies whether this is for an Amazon CloudFront distribution or
     #   for a regional application. A regional application can be an
     #   Application Load Balancer (ALB), an Amazon API Gateway REST API, an
-    #   AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner
+    #   AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner
     #   service.
     #
     #   To work with CloudFront, you must also specify the Region US East
@@ -7347,18 +7693,17 @@ module Aws::WAFV2
     #   rules and default actions that you define in the web ACL.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #   For information about the limits on count and size for custom
-    #   request and response settings, see [WAF quotas][3] in the [WAF
-    #   Developer Guide][2].
+    #   request and response settings, see [WAF quotas][2] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
-    #   [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
+    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
     #   @return [Hash<String,Types::CustomResponseBody>]
     #
     # @!attribute [rw] captcha_config
@@ -7390,6 +7735,25 @@ module Aws::WAFV2
     #   `usa.gov` or `co.uk` as token domains.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] association_config
+    #   Specifies custom configurations for the associations between the web
+    #   ACL and protected resources.
+    #
+    #   Use this to customize the maximum size of the request body that your
+    #   protected CloudFront distributions forward to WAF for inspection.
+    #   The default is 16 KB (16,384 kilobytes).
+    #
+    #   <note markdown="1"> You are charged additional fees when your protected resources
+    #   forward body sizes that are larger than the default. For more
+    #   information, see [WAF Pricing][1].
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: http://aws.amazon.com/waf/pricing/
+    #   @return [Types::AssociationConfig]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UpdateWebACLRequest AWS API Documentation
     #
     class UpdateWebACLRequest < Struct.new(
@@ -7404,7 +7768,8 @@ module Aws::WAFV2
       :custom_response_bodies,
       :captcha_config,
       :challenge_config,
-      :token_domains)
+      :token_domains,
+      :association_config)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -7499,7 +7864,7 @@ module Aws::WAFV2
     # @!attribute [rw] cloud_watch_metrics_enabled
     #   A boolean indicating whether the associated resource sends metrics
     #   to Amazon CloudWatch. For the list of available metrics, see [WAF
-    #   Metrics][1].
+    #   Metrics][1] in the *WAF Developer Guide*.
     #
     #
     #
@@ -7665,8 +8030,7 @@ module Aws::WAFV2
     #
     # The policy specifications must conform to the following:
     #
-    # * The policy must be composed using IAM Policy version 2012-10-17 or
-    #   version 2015-01-01.
+    # * The policy must be composed using IAM Policy version 2012-10-17.
     #
     # * The policy must include specifications for `Effect`, `Action`, and
     #   `Principal`.
@@ -7871,7 +8235,7 @@ module Aws::WAFV2
     # can associate a web ACL with one or more Amazon Web Services resources
     # to protect. The resources can be an Amazon CloudFront distribution, an
     # Amazon API Gateway REST API, an Application Load Balancer, an AppSync
-    # GraphQL API, Amazon Cognito user pool, or an App Runner service.
+    # GraphQL API, an Amazon Cognito user pool, or an App Runner service.
     #
     # @!attribute [rw] name
     #   The name of the web ACL. You cannot change the name of a web ACL
@@ -7920,8 +8284,13 @@ module Aws::WAFV2
     #   relative cost of each rule. Simple rules that cost little to run use
     #   fewer WCUs than more complex rules that use more processing power.
     #   Rule group capacity is fixed at creation, which helps users plan
-    #   their web ACL WCU usage when they use a rule group. The WCU limit
-    #   for web ACLs is 1,500.
+    #   their web ACL WCU usage when they use a rule group. For more
+    #   information, see [WAF web ACL capacity units (WCU)][1] in the *WAF
+    #   Developer Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html
     #   @return [Integer]
     #
     # @!attribute [rw] pre_process_firewall_manager_rule_groups
@@ -7980,18 +8349,17 @@ module Aws::WAFV2
     #   rules and default actions that you define in the web ACL.
     #
     #   For information about customizing web requests and responses, see
-    #   [Customizing web requests and responses in WAF][1] in the [WAF
-    #   Developer Guide][2].
+    #   [Customizing web requests and responses in WAF][1] in the *WAF
+    #   Developer Guide*.
     #
     #   For information about the limits on count and size for custom
-    #   request and response settings, see [WAF quotas][3] in the [WAF
-    #   Developer Guide][2].
+    #   request and response settings, see [WAF quotas][2] in the *WAF
+    #   Developer Guide*.
     #
     #
     #
     #   [1]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html
-    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html
-    #   [3]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
+    #   [2]: https://docs.aws.amazon.com/waf/latest/developerguide/limits.html
     #   @return [Hash<String,Types::CustomResponseBody>]
     #
     # @!attribute [rw] captcha_config
@@ -8017,6 +8385,25 @@ module Aws::WAFV2
     #   domain list, including their prefixed subdomains.
     #   @return [Array<String>]
     #
+    # @!attribute [rw] association_config
+    #   Specifies custom configurations for the associations between the web
+    #   ACL and protected resources.
+    #
+    #   Use this to customize the maximum size of the request body that your
+    #   protected CloudFront distributions forward to WAF for inspection.
+    #   The default is 16 KB (16,384 kilobytes).
+    #
+    #   <note markdown="1"> You are charged additional fees when your protected resources
+    #   forward body sizes that are larger than the default. For more
+    #   information, see [WAF Pricing][1].
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: http://aws.amazon.com/waf/pricing/
+    #   @return [Types::AssociationConfig]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WebACL AWS API Documentation
     #
     class WebACL < Struct.new(
@@ -8035,7 +8422,8 @@ module Aws::WAFV2
       :custom_response_bodies,
       :captcha_config,
       :challenge_config,
-      :token_domains)
+      :token_domains,
+      :association_config)
       SENSITIVE = []
       include Aws::Structure
     end