aws-sdk-wafv2 1.7.0 → 1.12.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/lib/aws-sdk-wafv2.rb +3 -2
  3. data/lib/aws-sdk-wafv2/client.rb +145 -22
  4. data/lib/aws-sdk-wafv2/client_api.rb +19 -0
  5. data/lib/aws-sdk-wafv2/types.rb +485 -47
  6. metadata +2 -2
data/lib/aws-sdk-wafv2/types.rb CHANGED
@@ -185,6 +185,10 @@ module Aws::WAFV2
185
185
  # },
186
186
  # geo_match_statement: {
187
187
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
188
+ # forwarded_ip_config: {
189
+ # header_name: "ForwardedIPHeaderName", # required
190
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
191
+ # },
188
192
  # },
189
193
  # rule_group_reference_statement: {
190
194
  # arn: "ResourceArn", # required
@@ -196,6 +200,11 @@ module Aws::WAFV2
196
200
  # },
197
201
  # ip_set_reference_statement: {
198
202
  # arn: "ResourceArn", # required
203
+ # ip_set_forwarded_ip_config: {
204
+ # header_name: "ForwardedIPHeaderName", # required
205
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
206
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
207
+ # },
199
208
  # },
200
209
  # regex_pattern_set_reference_statement: {
201
210
  # arn: "ResourceArn", # required
@@ -226,10 +235,14 @@ module Aws::WAFV2
226
235
  # },
227
236
  # rate_based_statement: {
228
237
  # limit: 1, # required
229
- # aggregate_key_type: "IP", # required, accepts IP
238
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
230
239
  # scope_down_statement: {
231
240
  # # recursive Statement
232
241
  # },
242
+ # forwarded_ip_config: {
243
+ # header_name: "ForwardedIPHeaderName", # required
244
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
245
+ # },
233
246
  # },
234
247
  # and_statement: {
235
248
  # statements: { # required
@@ -629,6 +642,10 @@ module Aws::WAFV2
629
642
  # },
630
643
  # geo_match_statement: {
631
644
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
645
+ # forwarded_ip_config: {
646
+ # header_name: "ForwardedIPHeaderName", # required
647
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
648
+ # },
632
649
  # },
633
650
  # rule_group_reference_statement: {
634
651
  # arn: "ResourceArn", # required
@@ -640,6 +657,11 @@ module Aws::WAFV2
640
657
  # },
641
658
  # ip_set_reference_statement: {
642
659
  # arn: "ResourceArn", # required
660
+ # ip_set_forwarded_ip_config: {
661
+ # header_name: "ForwardedIPHeaderName", # required
662
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
663
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
664
+ # },
643
665
  # },
644
666
  # regex_pattern_set_reference_statement: {
645
667
  # arn: "ResourceArn", # required
@@ -670,10 +692,14 @@ module Aws::WAFV2
670
692
  # },
671
693
  # rate_based_statement: {
672
694
  # limit: 1, # required
673
- # aggregate_key_type: "IP", # required, accepts IP
695
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
674
696
  # scope_down_statement: {
675
697
  # # recursive Statement
676
698
  # },
699
+ # forwarded_ip_config: {
700
+ # header_name: "ForwardedIPHeaderName", # required
701
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
702
+ # },
677
703
  # },
678
704
  # and_statement: {
679
705
  # statements: [ # required
@@ -1104,6 +1130,10 @@ module Aws::WAFV2
1104
1130
  # },
1105
1131
  # geo_match_statement: {
1106
1132
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
1133
+ # forwarded_ip_config: {
1134
+ # header_name: "ForwardedIPHeaderName", # required
1135
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
1136
+ # },
1107
1137
  # },
1108
1138
  # rule_group_reference_statement: {
1109
1139
  # arn: "ResourceArn", # required
@@ -1115,6 +1145,11 @@ module Aws::WAFV2
1115
1145
  # },
1116
1146
  # ip_set_reference_statement: {
1117
1147
  # arn: "ResourceArn", # required
1148
+ # ip_set_forwarded_ip_config: {
1149
+ # header_name: "ForwardedIPHeaderName", # required
1150
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
1151
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
1152
+ # },
1118
1153
  # },
1119
1154
  # regex_pattern_set_reference_statement: {
1120
1155
  # arn: "ResourceArn", # required
@@ -1145,10 +1180,14 @@ module Aws::WAFV2
1145
1180
  # },
1146
1181
  # rate_based_statement: {
1147
1182
  # limit: 1, # required
1148
- # aggregate_key_type: "IP", # required, accepts IP
1183
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
1149
1184
  # scope_down_statement: {
1150
1185
  # # recursive Statement
1151
1186
  # },
1187
+ # forwarded_ip_config: {
1188
+ # header_name: "ForwardedIPHeaderName", # required
1189
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
1190
+ # },
1152
1191
  # },
1153
1192
  # and_statement: {
1154
1193
  # statements: [ # required
@@ -1429,6 +1468,10 @@ module Aws::WAFV2
1429
1468
  # },
1430
1469
  # geo_match_statement: {
1431
1470
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
1471
+ # forwarded_ip_config: {
1472
+ # header_name: "ForwardedIPHeaderName", # required
1473
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
1474
+ # },
1432
1475
  # },
1433
1476
  # rule_group_reference_statement: {
1434
1477
  # arn: "ResourceArn", # required
@@ -1440,6 +1483,11 @@ module Aws::WAFV2
1440
1483
  # },
1441
1484
  # ip_set_reference_statement: {
1442
1485
  # arn: "ResourceArn", # required
1486
+ # ip_set_forwarded_ip_config: {
1487
+ # header_name: "ForwardedIPHeaderName", # required
1488
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
1489
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
1490
+ # },
1443
1491
  # },
1444
1492
  # regex_pattern_set_reference_statement: {
1445
1493
  # arn: "ResourceArn", # required
@@ -1470,10 +1518,14 @@ module Aws::WAFV2
1470
1518
  # },
1471
1519
  # rate_based_statement: {
1472
1520
  # limit: 1, # required
1473
- # aggregate_key_type: "IP", # required, accepts IP
1521
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
1474
1522
  # scope_down_statement: {
1475
1523
  # # recursive Statement
1476
1524
  # },
1525
+ # forwarded_ip_config: {
1526
+ # header_name: "ForwardedIPHeaderName", # required
1527
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
1528
+ # },
1477
1529
  # },
1478
1530
  # and_statement: {
1479
1531
  # statements: [ # required
@@ -2367,6 +2419,69 @@ module Aws::WAFV2
2367
2419
  include Aws::Structure
2368
2420
  end
2369
2421
 
2422
+ # The configuration for inspecting IP addresses in an HTTP header that
2423
+ # you specify, instead of using the IP address that's reported by the
2424
+ # web request origin. Commonly, this is the X-Forwarded-For (XFF)
2425
+ # header, but you can specify any header name.
2426
+ #
2427
+ # <note markdown="1"> If the specified header isn't present in the request, AWS WAF
2428
+ # doesn't apply the rule to the web request at all.
2429
+ #
2430
+ # </note>
2431
+ #
2432
+ # This configuration is used for GeoMatchStatement and
2433
+ # RateBasedStatement. For IPSetReferenceStatement, use
2434
+ # IPSetForwardedIPConfig instead.
2435
+ #
2436
+ # AWS WAF only evaluates the first IP address found in the specified
2437
+ # HTTP header.
2438
+ #
2439
+ # @note When making an API call, you may pass ForwardedIPConfig
2440
+ # data as a hash:
2441
+ #
2442
+ # {
2443
+ # header_name: "ForwardedIPHeaderName", # required
2444
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
2445
+ # }
2446
+ #
2447
+ # @!attribute [rw] header_name
2448
+ # The name of the HTTP header to use for the IP address. For example,
2449
+ # to use the X-Forwarded-For (XFF) header, set this to
2450
+ # `X-Forwarded-For`.
2451
+ #
2452
+ # <note markdown="1"> If the specified header isn't present in the request, AWS WAF
2453
+ # doesn't apply the rule to the web request at all.
2454
+ #
2455
+ # </note>
2456
+ # @return [String]
2457
+ #
2458
+ # @!attribute [rw] fallback_behavior
2459
+ # The match status to assign to the web request if the request
2460
+ # doesn't have a valid IP address in the specified position.
2461
+ #
2462
+ # <note markdown="1"> If the specified header isn't present in the request, AWS WAF
2463
+ # doesn't apply the rule to the web request at all.
2464
+ #
2465
+ # </note>
2466
+ #
2467
+ # You can specify the following fallback behaviors:
2468
+ #
2469
+ # * MATCH - Treat the web request as matching the rule statement. AWS
2470
+ # WAF applies the rule action to the request.
2471
+ #
2472
+ # * NO\_MATCH - Treat the web request as not matching the rule
2473
+ # statement.
2474
+ # @return [String]
2475
+ #
2476
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ForwardedIPConfig AWS API Documentation
2477
+ #
2478
+ class ForwardedIPConfig < Struct.new(
2479
+ :header_name,
2480
+ :fallback_behavior)
2481
+ SENSITIVE = []
2482
+ include Aws::Structure
2483
+ end
2484
+
2370
2485
  # <note markdown="1"> This is the latest version of **AWS WAF**, named AWS WAFV2, released
2371
2486
  # in November, 2019. For information, including how to migrate your AWS
2372
2487
  # WAF resources from the prior release, see the [AWS WAF Developer
@@ -2386,6 +2501,10 @@ module Aws::WAFV2
2386
2501
  #
2387
2502
  # {
2388
2503
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
2504
+ # forwarded_ip_config: {
2505
+ # header_name: "ForwardedIPHeaderName", # required
2506
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
2507
+ # },
2389
2508
  # }
2390
2509
  #
2391
2510
  # @!attribute [rw] country_codes
@@ -2394,10 +2513,23 @@ module Aws::WAFV2
2394
2513
  # standard.
2395
2514
  # @return [Array<String>]
2396
2515
  #
2516
+ # @!attribute [rw] forwarded_ip_config
2517
+ # The configuration for inspecting IP addresses in an HTTP header that
2518
+ # you specify, instead of using the IP address that's reported by the
2519
+ # web request origin. Commonly, this is the X-Forwarded-For (XFF)
2520
+ # header, but you can specify any header name.
2521
+ #
2522
+ # <note markdown="1"> If the specified header isn't present in the request, AWS WAF
2523
+ # doesn't apply the rule to the web request at all.
2524
+ #
2525
+ # </note>
2526
+ # @return [Types::ForwardedIPConfig]
2527
+ #
2397
2528
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GeoMatchStatement AWS API Documentation
2398
2529
  #
2399
2530
  class GeoMatchStatement < Struct.new(
2400
- :country_codes)
2531
+ :country_codes,
2532
+ :forwarded_ip_config)
2401
2533
  SENSITIVE = []
2402
2534
  include Aws::Structure
2403
2535
  end
@@ -2778,9 +2910,10 @@ module Aws::WAFV2
2778
2910
  # @!attribute [rw] time_window
2779
2911
  # The start date and time and the end date and time of the range for
2780
2912
  # which you want `GetSampledRequests` to return a sample of requests.
2781
- # Specify the date and time in the following format:
2782
- # `"2016-09-27T14:50Z"`. You can specify any time range in the
2783
- # previous three hours.
2913
+ # You must specify the times in Coordinated Universal Time (UTC)
2914
+ # format. UTC format includes the special designator, `Z`. For
2915
+ # example, `"2016-09-27T14:50Z"`. You can specify any time range in
2916
+ # the previous three hours.
2784
2917
  # @return [Types::TimeWindow]
2785
2918
  #
2786
2919
  # @!attribute [rw] max_items
@@ -2820,7 +2953,8 @@ module Aws::WAFV2
2820
2953
  # `GetSampledRequests` request. However, if your AWS resource received
2821
2954
  # more than 5,000 requests during the time range that you specified in
2822
2955
  # the request, `GetSampledRequests` returns the time range for the
2823
- # first 5,000 requests.
2956
+ # first 5,000 requests. Times are in Coordinated Universal Time (UTC)
2957
+ # format.
2824
2958
  # @return [Types::TimeWindow]
2825
2959
  #
2826
2960
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetSampledRequestsResponse AWS API Documentation
@@ -3130,6 +3264,88 @@ module Aws::WAFV2
3130
3264
  include Aws::Structure
3131
3265
  end
3132
3266
 
3267
+ # The configuration for inspecting IP addresses in an HTTP header that
3268
+ # you specify, instead of using the IP address that's reported by the
3269
+ # web request origin. Commonly, this is the X-Forwarded-For (XFF)
3270
+ # header, but you can specify any header name.
3271
+ #
3272
+ # <note markdown="1"> If the specified header isn't present in the request, AWS WAF
3273
+ # doesn't apply the rule to the web request at all.
3274
+ #
3275
+ # </note>
3276
+ #
3277
+ # This configuration is used only for IPSetReferenceStatement. For
3278
+ # GeoMatchStatement and RateBasedStatement, use ForwardedIPConfig
3279
+ # instead.
3280
+ #
3281
+ # @note When making an API call, you may pass IPSetForwardedIPConfig
3282
+ # data as a hash:
3283
+ #
3284
+ # {
3285
+ # header_name: "ForwardedIPHeaderName", # required
3286
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
3287
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
3288
+ # }
3289
+ #
3290
+ # @!attribute [rw] header_name
3291
+ # The name of the HTTP header to use for the IP address. For example,
3292
+ # to use the X-Forwarded-For (XFF) header, set this to
3293
+ # `X-Forwarded-For`.
3294
+ #
3295
+ # <note markdown="1"> If the specified header isn't present in the request, AWS WAF
3296
+ # doesn't apply the rule to the web request at all.
3297
+ #
3298
+ # </note>
3299
+ # @return [String]
3300
+ #
3301
+ # @!attribute [rw] fallback_behavior
3302
+ # The match status to assign to the web request if the request
3303
+ # doesn't have a valid IP address in the specified position.
3304
+ #
3305
+ # <note markdown="1"> If the specified header isn't present in the request, AWS WAF
3306
+ # doesn't apply the rule to the web request at all.
3307
+ #
3308
+ # </note>
3309
+ #
3310
+ # You can specify the following fallback behaviors:
3311
+ #
3312
+ # * MATCH - Treat the web request as matching the rule statement. AWS
3313
+ # WAF applies the rule action to the request.
3314
+ #
3315
+ # * NO\_MATCH - Treat the web request as not matching the rule
3316
+ # statement.
3317
+ # @return [String]
3318
+ #
3319
+ # @!attribute [rw] position
3320
+ # The position in the header to search for the IP address. The header
3321
+ # can contain IP addresses of the original client and also of proxies.
3322
+ # For example, the header value could be `10.1.1.1, 127.0.0.0,
3323
+ # 10.10.10.10` where the first IP address identifies the original
3324
+ # client and the rest identify proxies that the request went through.
3325
+ #
3326
+ # The options for this setting are the following:
3327
+ #
3328
+ # * FIRST - Inspect the first IP address in the list of IP addresses
3329
+ # in the header. This is usually the client's original IP.
3330
+ #
3331
+ # * LAST - Inspect the last IP address in the list of IP addresses in
3332
+ # the header.
3333
+ #
3334
+ # * ANY - Inspect all IP addresses in the header for a match. If the
3335
+ # header contains more than 10 IP addresses, AWS WAF inspects the
3336
+ # last 10.
3337
+ # @return [String]
3338
+ #
3339
+ # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/IPSetForwardedIPConfig AWS API Documentation
3340
+ #
3341
+ class IPSetForwardedIPConfig < Struct.new(
3342
+ :header_name,
3343
+ :fallback_behavior,
3344
+ :position)
3345
+ SENSITIVE = []
3346
+ include Aws::Structure
3347
+ end
3348
+
3133
3349
  # <note markdown="1"> This is the latest version of **AWS WAF**, named AWS WAFV2, released
3134
3350
  # in November, 2019. For information, including how to migrate your AWS
3135
3351
  # WAF resources from the prior release, see the [AWS WAF Developer
@@ -3156,6 +3372,11 @@ module Aws::WAFV2
3156
3372
  #
3157
3373
  # {
3158
3374
  # arn: "ResourceArn", # required
3375
+ # ip_set_forwarded_ip_config: {
3376
+ # header_name: "ForwardedIPHeaderName", # required
3377
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
3378
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
3379
+ # },
3159
3380
  # }
3160
3381
  #
3161
3382
  # @!attribute [rw] arn
@@ -3163,10 +3384,23 @@ module Aws::WAFV2
3163
3384
  # references.
3164
3385
  # @return [String]
3165
3386
  #
3387
+ # @!attribute [rw] ip_set_forwarded_ip_config
3388
+ # The configuration for inspecting IP addresses in an HTTP header that
3389
+ # you specify, instead of using the IP address that's reported by the
3390
+ # web request origin. Commonly, this is the X-Forwarded-For (XFF)
3391
+ # header, but you can specify any header name.
3392
+ #
3393
+ # <note markdown="1"> If the specified header isn't present in the request, AWS WAF
3394
+ # doesn't apply the rule to the web request at all.
3395
+ #
3396
+ # </note>
3397
+ # @return [Types::IPSetForwardedIPConfig]
3398
+ #
3166
3399
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/IPSetReferenceStatement AWS API Documentation
3167
3400
  #
3168
3401
  class IPSetReferenceStatement < Struct.new(
3169
- :arn)
3402
+ :arn,
3403
+ :ip_set_forwarded_ip_config)
3170
3404
  SENSITIVE = []
3171
3405
  include Aws::Structure
3172
3406
  end
@@ -3782,6 +4016,7 @@ module Aws::WAFV2
3782
4016
  # },
3783
4017
  # },
3784
4018
  # ],
4019
+ # managed_by_firewall_manager: false,
3785
4020
  # }
3786
4021
  #
3787
4022
  # @!attribute [rw] resource_arn
@@ -3796,16 +4031,28 @@ module Aws::WAFV2
3796
4031
  #
3797
4032
  # @!attribute [rw] redacted_fields
3798
4033
  # The parts of the request that you want to keep out of the logs. For
3799
- # example, if you redact the cookie field, the cookie field in the
4034
+ # example, if you redact the `HEADER` field, the `HEADER` field in the
3800
4035
  # firehose will be `xxx`.
4036
+ #
4037
+ # <note markdown="1"> You must use one of the following values: `URI`, `QUERY_STRING`,
4038
+ # `HEADER`, or `METHOD`.
4039
+ #
4040
+ # </note>
3801
4041
  # @return [Array<Types::FieldToMatch>]
3802
4042
  #
4043
+ # @!attribute [rw] managed_by_firewall_manager
4044
+ # Indicates whether the logging configuration was created by AWS
4045
+ # Firewall Manager, as part of an AWS WAF policy configuration. If
4046
+ # true, only Firewall Manager can modify or delete the configuration.
4047
+ # @return [Boolean]
4048
+ #
3803
4049
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/LoggingConfiguration AWS API Documentation
3804
4050
  #
3805
4051
  class LoggingConfiguration < Struct.new(
3806
4052
  :resource_arn,
3807
4053
  :log_destination_configs,
3808
- :redacted_fields)
4054
+ :redacted_fields,
4055
+ :managed_by_firewall_manager)
3809
4056
  SENSITIVE = []
3810
4057
  include Aws::Structure
3811
4058
  end
@@ -4089,6 +4336,10 @@ module Aws::WAFV2
4089
4336
  # },
4090
4337
  # geo_match_statement: {
4091
4338
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
4339
+ # forwarded_ip_config: {
4340
+ # header_name: "ForwardedIPHeaderName", # required
4341
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
4342
+ # },
4092
4343
  # },
4093
4344
  # rule_group_reference_statement: {
4094
4345
  # arn: "ResourceArn", # required
@@ -4100,6 +4351,11 @@ module Aws::WAFV2
4100
4351
  # },
4101
4352
  # ip_set_reference_statement: {
4102
4353
  # arn: "ResourceArn", # required
4354
+ # ip_set_forwarded_ip_config: {
4355
+ # header_name: "ForwardedIPHeaderName", # required
4356
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
4357
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
4358
+ # },
4103
4359
  # },
4104
4360
  # regex_pattern_set_reference_statement: {
4105
4361
  # arn: "ResourceArn", # required
@@ -4130,10 +4386,14 @@ module Aws::WAFV2
4130
4386
  # },
4131
4387
  # rate_based_statement: {
4132
4388
  # limit: 1, # required
4133
- # aggregate_key_type: "IP", # required, accepts IP
4389
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
4134
4390
  # scope_down_statement: {
4135
4391
  # # recursive Statement
4136
4392
  # },
4393
+ # forwarded_ip_config: {
4394
+ # header_name: "ForwardedIPHeaderName", # required
4395
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
4396
+ # },
4137
4397
  # },
4138
4398
  # and_statement: {
4139
4399
  # statements: [ # required
@@ -4309,6 +4569,10 @@ module Aws::WAFV2
4309
4569
  # },
4310
4570
  # geo_match_statement: {
4311
4571
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
4572
+ # forwarded_ip_config: {
4573
+ # header_name: "ForwardedIPHeaderName", # required
4574
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
4575
+ # },
4312
4576
  # },
4313
4577
  # rule_group_reference_statement: {
4314
4578
  # arn: "ResourceArn", # required
@@ -4320,6 +4584,11 @@ module Aws::WAFV2
4320
4584
  # },
4321
4585
  # ip_set_reference_statement: {
4322
4586
  # arn: "ResourceArn", # required
4587
+ # ip_set_forwarded_ip_config: {
4588
+ # header_name: "ForwardedIPHeaderName", # required
4589
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
4590
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
4591
+ # },
4323
4592
  # },
4324
4593
  # regex_pattern_set_reference_statement: {
4325
4594
  # arn: "ResourceArn", # required
@@ -4350,10 +4619,14 @@ module Aws::WAFV2
4350
4619
  # },
4351
4620
  # rate_based_statement: {
4352
4621
  # limit: 1, # required
4353
- # aggregate_key_type: "IP", # required, accepts IP
4622
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
4354
4623
  # scope_down_statement: {
4355
4624
  # # recursive Statement
4356
4625
  # },
4626
+ # forwarded_ip_config: {
4627
+ # header_name: "ForwardedIPHeaderName", # required
4628
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
4629
+ # },
4357
4630
  # },
4358
4631
  # and_statement: {
4359
4632
  # statements: { # required
@@ -4467,6 +4740,7 @@ module Aws::WAFV2
4467
4740
  # },
4468
4741
  # },
4469
4742
  # ],
4743
+ # managed_by_firewall_manager: false,
4470
4744
  # },
4471
4745
  # }
4472
4746
  #
@@ -4616,7 +4890,7 @@ module Aws::WAFV2
4616
4890
  #
4617
4891
  # {
4618
4892
  # limit: 1, # required
4619
- # aggregate_key_type: "IP", # required, accepts IP
4893
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
4620
4894
  # scope_down_statement: {
4621
4895
  # byte_match_statement: {
4622
4896
  # search_string: "data", # required
@@ -4728,6 +5002,10 @@ module Aws::WAFV2
4728
5002
  # },
4729
5003
  # geo_match_statement: {
4730
5004
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
5005
+ # forwarded_ip_config: {
5006
+ # header_name: "ForwardedIPHeaderName", # required
5007
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
5008
+ # },
4731
5009
  # },
4732
5010
  # rule_group_reference_statement: {
4733
5011
  # arn: "ResourceArn", # required
@@ -4739,6 +5017,11 @@ module Aws::WAFV2
4739
5017
  # },
4740
5018
  # ip_set_reference_statement: {
4741
5019
  # arn: "ResourceArn", # required
5020
+ # ip_set_forwarded_ip_config: {
5021
+ # header_name: "ForwardedIPHeaderName", # required
5022
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
5023
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
5024
+ # },
4742
5025
  # },
4743
5026
  # regex_pattern_set_reference_statement: {
4744
5027
  # arn: "ResourceArn", # required
@@ -4769,10 +5052,14 @@ module Aws::WAFV2
4769
5052
  # },
4770
5053
  # rate_based_statement: {
4771
5054
  # limit: 1, # required
4772
- # aggregate_key_type: "IP", # required, accepts IP
5055
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
4773
5056
  # scope_down_statement: {
4774
5057
  # # recursive Statement
4775
5058
  # },
5059
+ # forwarded_ip_config: {
5060
+ # header_name: "ForwardedIPHeaderName", # required
5061
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
5062
+ # },
4776
5063
  # },
4777
5064
  # and_statement: {
4778
5065
  # statements: [ # required
@@ -4803,18 +5090,28 @@ module Aws::WAFV2
4803
5090
  # ],
4804
5091
  # },
4805
5092
  # },
5093
+ # forwarded_ip_config: {
5094
+ # header_name: "ForwardedIPHeaderName", # required
5095
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
5096
+ # },
4806
5097
  # }
4807
5098
  #
4808
5099
  # @!attribute [rw] limit
4809
5100
  # The limit on requests per 5-minute period for a single originating
4810
- # IP address. If the statement includes a `ScopDownStatement`, this
5101
+ # IP address. If the statement includes a `ScopeDownStatement`, this
4811
5102
  # limit is applied only to the requests that match the statement.
4812
5103
  # @return [Integer]
4813
5104
  #
4814
5105
  # @!attribute [rw] aggregate_key_type
4815
- # Setting that indicates how to aggregate the request counts.
4816
- # Currently, you must set this to `IP`. The request counts are
4817
- # aggregated on IP addresses.
5106
+ # Setting that indicates how to aggregate the request counts. The
5107
+ # options are the following:
5108
+ #
5109
+ # * IP - Aggregate the request counts on the IP address from the web
5110
+ # request origin.
5111
+ #
5112
+ # * FORWARDED\_IP - Aggregate the request counts on the first IP
5113
+ # address in an HTTP header. If you use this, configure the
5114
+ # `ForwardedIPConfig`, to specify the header to use.
4818
5115
  # @return [String]
4819
5116
  #
4820
5117
  # @!attribute [rw] scope_down_statement
@@ -4824,12 +5121,27 @@ module Aws::WAFV2
4824
5121
  # this scope-down statement.
4825
5122
  # @return [Types::Statement]
4826
5123
  #
5124
+ # @!attribute [rw] forwarded_ip_config
5125
+ # The configuration for inspecting IP addresses in an HTTP header that
5126
+ # you specify, instead of using the IP address that's reported by the
5127
+ # web request origin. Commonly, this is the X-Forwarded-For (XFF)
5128
+ # header, but you can specify any header name.
5129
+ #
5130
+ # <note markdown="1"> If the specified header isn't present in the request, AWS WAF
5131
+ # doesn't apply the rule to the web request at all.
5132
+ #
5133
+ # </note>
5134
+ #
5135
+ # This is required if `AggregateKeyType` is set to `FORWARDED_IP`.
5136
+ # @return [Types::ForwardedIPConfig]
5137
+ #
4827
5138
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/RateBasedStatement AWS API Documentation
4828
5139
  #
4829
5140
  class RateBasedStatement < Struct.new(
4830
5141
  :limit,
4831
5142
  :aggregate_key_type,
4832
- :scope_down_statement)
5143
+ :scope_down_statement,
5144
+ :forwarded_ip_config)
4833
5145
  SENSITIVE = []
4834
5146
  include Aws::Structure
4835
5147
  end
@@ -5228,6 +5540,10 @@ module Aws::WAFV2
5228
5540
  # },
5229
5541
  # geo_match_statement: {
5230
5542
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
5543
+ # forwarded_ip_config: {
5544
+ # header_name: "ForwardedIPHeaderName", # required
5545
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
5546
+ # },
5231
5547
  # },
5232
5548
  # rule_group_reference_statement: {
5233
5549
  # arn: "ResourceArn", # required
@@ -5239,6 +5555,11 @@ module Aws::WAFV2
5239
5555
  # },
5240
5556
  # ip_set_reference_statement: {
5241
5557
  # arn: "ResourceArn", # required
5558
+ # ip_set_forwarded_ip_config: {
5559
+ # header_name: "ForwardedIPHeaderName", # required
5560
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
5561
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
5562
+ # },
5242
5563
  # },
5243
5564
  # regex_pattern_set_reference_statement: {
5244
5565
  # arn: "ResourceArn", # required
@@ -5269,10 +5590,14 @@ module Aws::WAFV2
5269
5590
  # },
5270
5591
  # rate_based_statement: {
5271
5592
  # limit: 1, # required
5272
- # aggregate_key_type: "IP", # required, accepts IP
5593
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
5273
5594
  # scope_down_statement: {
5274
5595
  # # recursive Statement
5275
5596
  # },
5597
+ # forwarded_ip_config: {
5598
+ # header_name: "ForwardedIPHeaderName", # required
5599
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
5600
+ # },
5276
5601
  # },
5277
5602
  # and_statement: {
5278
5603
  # statements: [ # required
@@ -5728,7 +6053,7 @@ module Aws::WAFV2
5728
6053
  # groups, the format for this name is `<vendor name>#<managed rule
5729
6054
  # group name>#<rule name>`. For your own rule groups, the format for
5730
6055
  # this name is `<rule group name>#<rule name>`. If the rule is not in
5731
- # a rule group, the format is `<rule name>`.
6056
+ # a rule group, this field is absent.
5732
6057
  # @return [String]
5733
6058
  #
5734
6059
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/SampledHTTPRequest AWS API Documentation
@@ -6106,6 +6431,10 @@ module Aws::WAFV2
6106
6431
  # },
6107
6432
  # geo_match_statement: {
6108
6433
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
6434
+ # forwarded_ip_config: {
6435
+ # header_name: "ForwardedIPHeaderName", # required
6436
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
6437
+ # },
6109
6438
  # },
6110
6439
  # rule_group_reference_statement: {
6111
6440
  # arn: "ResourceArn", # required
@@ -6117,6 +6446,11 @@ module Aws::WAFV2
6117
6446
  # },
6118
6447
  # ip_set_reference_statement: {
6119
6448
  # arn: "ResourceArn", # required
6449
+ # ip_set_forwarded_ip_config: {
6450
+ # header_name: "ForwardedIPHeaderName", # required
6451
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
6452
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
6453
+ # },
6120
6454
  # },
6121
6455
  # regex_pattern_set_reference_statement: {
6122
6456
  # arn: "ResourceArn", # required
@@ -6147,7 +6481,7 @@ module Aws::WAFV2
6147
6481
  # },
6148
6482
  # rate_based_statement: {
6149
6483
  # limit: 1, # required
6150
- # aggregate_key_type: "IP", # required, accepts IP
6484
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
6151
6485
  # scope_down_statement: {
6152
6486
  # byte_match_statement: {
6153
6487
  # search_string: "data", # required
@@ -6259,6 +6593,10 @@ module Aws::WAFV2
6259
6593
  # },
6260
6594
  # geo_match_statement: {
6261
6595
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
6596
+ # forwarded_ip_config: {
6597
+ # header_name: "ForwardedIPHeaderName", # required
6598
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
6599
+ # },
6262
6600
  # },
6263
6601
  # rule_group_reference_statement: {
6264
6602
  # arn: "ResourceArn", # required
@@ -6270,6 +6608,11 @@ module Aws::WAFV2
6270
6608
  # },
6271
6609
  # ip_set_reference_statement: {
6272
6610
  # arn: "ResourceArn", # required
6611
+ # ip_set_forwarded_ip_config: {
6612
+ # header_name: "ForwardedIPHeaderName", # required
6613
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
6614
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
6615
+ # },
6273
6616
  # },
6274
6617
  # regex_pattern_set_reference_statement: {
6275
6618
  # arn: "ResourceArn", # required
@@ -6330,6 +6673,10 @@ module Aws::WAFV2
6330
6673
  # ],
6331
6674
  # },
6332
6675
  # },
6676
+ # forwarded_ip_config: {
6677
+ # header_name: "ForwardedIPHeaderName", # required
6678
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
6679
+ # },
6333
6680
  # },
6334
6681
  # and_statement: {
6335
6682
  # statements: [ # required
@@ -6444,6 +6791,10 @@ module Aws::WAFV2
6444
6791
  # },
6445
6792
  # geo_match_statement: {
6446
6793
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
6794
+ # forwarded_ip_config: {
6795
+ # header_name: "ForwardedIPHeaderName", # required
6796
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
6797
+ # },
6447
6798
  # },
6448
6799
  # rule_group_reference_statement: {
6449
6800
  # arn: "ResourceArn", # required
@@ -6455,6 +6806,11 @@ module Aws::WAFV2
6455
6806
  # },
6456
6807
  # ip_set_reference_statement: {
6457
6808
  # arn: "ResourceArn", # required
6809
+ # ip_set_forwarded_ip_config: {
6810
+ # header_name: "ForwardedIPHeaderName", # required
6811
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
6812
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
6813
+ # },
6458
6814
  # },
6459
6815
  # regex_pattern_set_reference_statement: {
6460
6816
  # arn: "ResourceArn", # required
@@ -6485,10 +6841,14 @@ module Aws::WAFV2
6485
6841
  # },
6486
6842
  # rate_based_statement: {
6487
6843
  # limit: 1, # required
6488
- # aggregate_key_type: "IP", # required, accepts IP
6844
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
6489
6845
  # scope_down_statement: {
6490
6846
  # # recursive Statement
6491
6847
  # },
6848
+ # forwarded_ip_config: {
6849
+ # header_name: "ForwardedIPHeaderName", # required
6850
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
6851
+ # },
6492
6852
  # },
6493
6853
  # and_statement: {
6494
6854
  # # recursive AndStatement
@@ -6628,6 +6988,10 @@ module Aws::WAFV2
6628
6988
  # },
6629
6989
  # geo_match_statement: {
6630
6990
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
6991
+ # forwarded_ip_config: {
6992
+ # header_name: "ForwardedIPHeaderName", # required
6993
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
6994
+ # },
6631
6995
  # },
6632
6996
  # rule_group_reference_statement: {
6633
6997
  # arn: "ResourceArn", # required
@@ -6639,6 +7003,11 @@ module Aws::WAFV2
6639
7003
  # },
6640
7004
  # ip_set_reference_statement: {
6641
7005
  # arn: "ResourceArn", # required
7006
+ # ip_set_forwarded_ip_config: {
7007
+ # header_name: "ForwardedIPHeaderName", # required
7008
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
7009
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
7010
+ # },
6642
7011
  # },
6643
7012
  # regex_pattern_set_reference_statement: {
6644
7013
  # arn: "ResourceArn", # required
@@ -6669,10 +7038,14 @@ module Aws::WAFV2
6669
7038
  # },
6670
7039
  # rate_based_statement: {
6671
7040
  # limit: 1, # required
6672
- # aggregate_key_type: "IP", # required, accepts IP
7041
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
6673
7042
  # scope_down_statement: {
6674
7043
  # # recursive Statement
6675
7044
  # },
7045
+ # forwarded_ip_config: {
7046
+ # header_name: "ForwardedIPHeaderName", # required
7047
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
7048
+ # },
6676
7049
  # },
6677
7050
  # and_statement: {
6678
7051
  # statements: { # required
@@ -6811,6 +7184,10 @@ module Aws::WAFV2
6811
7184
  # },
6812
7185
  # geo_match_statement: {
6813
7186
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
7187
+ # forwarded_ip_config: {
7188
+ # header_name: "ForwardedIPHeaderName", # required
7189
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
7190
+ # },
6814
7191
  # },
6815
7192
  # rule_group_reference_statement: {
6816
7193
  # arn: "ResourceArn", # required
@@ -6822,6 +7199,11 @@ module Aws::WAFV2
6822
7199
  # },
6823
7200
  # ip_set_reference_statement: {
6824
7201
  # arn: "ResourceArn", # required
7202
+ # ip_set_forwarded_ip_config: {
7203
+ # header_name: "ForwardedIPHeaderName", # required
7204
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
7205
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
7206
+ # },
6825
7207
  # },
6826
7208
  # regex_pattern_set_reference_statement: {
6827
7209
  # arn: "ResourceArn", # required
@@ -6852,10 +7234,14 @@ module Aws::WAFV2
6852
7234
  # },
6853
7235
  # rate_based_statement: {
6854
7236
  # limit: 1, # required
6855
- # aggregate_key_type: "IP", # required, accepts IP
7237
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
6856
7238
  # scope_down_statement: {
6857
7239
  # # recursive Statement
6858
7240
  # },
7241
+ # forwarded_ip_config: {
7242
+ # header_name: "ForwardedIPHeaderName", # required
7243
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
7244
+ # },
6859
7245
  # },
6860
7246
  # and_statement: {
6861
7247
  # statements: [ # required
@@ -7079,12 +7465,19 @@ module Aws::WAFV2
7079
7465
  #
7080
7466
  # </note>
7081
7467
  #
7082
- # A collection of key:value pairs associated with an AWS resource. The
7083
- # key:value pair can be anything you define. Typically, the tag key
7084
- # represents a category (such as "environment") and the tag value
7085
- # represents a specific value within that category (such as "test,"
7086
- # "development," or "production"). You can add up to 50 tags to each
7087
- # AWS resource.
7468
+ # A tag associated with an AWS resource. Tags are key:value pairs that
7469
+ # you can use to categorize and manage your resources, for purposes like
7470
+ # billing or other management. Typically, the tag key represents a
7471
+ # category, such as "environment", and the tag value represents a
7472
+ # specific value within that category, such as "test,"
7473
+ # "development," or "production". Or you might set the tag key to
7474
+ # "customer" and the value to the customer name or ID. You can specify
7475
+ # one or more tags to add to each AWS resource, up to 50 tags for a
7476
+ # resource.
7477
+ #
7478
+ # You can tag the AWS resources that you manage through AWS WAF: web
7479
+ # ACLs, rule groups, IP sets, and regex pattern sets. You can't manage
7480
+ # or view tags through the AWS WAF console.
7088
7481
  #
7089
7482
  #
7090
7483
  #
@@ -7126,7 +7519,19 @@ module Aws::WAFV2
7126
7519
  #
7127
7520
  # </note>
7128
7521
  #
7129
- # The collection of tagging definitions for an AWS resource.
7522
+ # The collection of tagging definitions for an AWS resource. Tags are
7523
+ # key:value pairs that you can use to categorize and manage your
7524
+ # resources, for purposes like billing or other management. Typically,
7525
+ # the tag key represents a category, such as "environment", and the
7526
+ # tag value represents a specific value within that category, such as
7527
+ # "test," "development," or "production". Or you might set the tag
7528
+ # key to "customer" and the value to the customer name or ID. You can
7529
+ # specify one or more tags to add to each AWS resource, up to 50 tags
7530
+ # for a resource.
7531
+ #
7532
+ # You can tag the AWS resources that you manage through AWS WAF: web
7533
+ # ACLs, rule groups, IP sets, and regex pattern sets. You can't manage
7534
+ # or view tags through the AWS WAF console.
7130
7535
  #
7131
7536
  #
7132
7537
  #
@@ -7305,6 +7710,11 @@ module Aws::WAFV2
7305
7710
  # specify the time range for which you want AWS WAF to return a sample
7306
7711
  # of web requests.
7307
7712
  #
7713
+ # You must specify the times in Coordinated Universal Time (UTC) format.
7714
+ # UTC format includes the special designator, `Z`. For example,
7715
+ # `"2016-09-27T14:50Z"`. You can specify any time range in the previous
7716
+ # three hours.
7717
+ #
7308
7718
  # In a GetSampledRequests response, the `StartTime` and `EndTime`
7309
7719
  # objects specify the time range for which AWS WAF actually returned a
7310
7720
  # sample of web requests. AWS WAF gets the specified number of requests
@@ -7329,17 +7739,19 @@ module Aws::WAFV2
7329
7739
  # @!attribute [rw] start_time
7330
7740
  # The beginning of the time range from which you want
7331
7741
  # `GetSampledRequests` to return a sample of the requests that your
7332
- # AWS resource received. Specify the date and time in the following
7333
- # format: `"2016-09-27T14:50Z"`. You can specify any time range in the
7334
- # previous three hours.
7742
+ # AWS resource received. You must specify the times in Coordinated
7743
+ # Universal Time (UTC) format. UTC format includes the special
7744
+ # designator, `Z`. For example, `"2016-09-27T14:50Z"`. You can specify
7745
+ # any time range in the previous three hours.
7335
7746
  # @return [Time]
7336
7747
  #
7337
7748
  # @!attribute [rw] end_time
7338
7749
  # The end of the time range from which you want `GetSampledRequests`
7339
7750
  # to return a sample of the requests that your AWS resource received.
7340
- # Specify the date and time in the following format:
7341
- # `"2016-09-27T14:50Z"`. You can specify any time range in the
7342
- # previous three hours.
7751
+ # You must specify the times in Coordinated Universal Time (UTC)
7752
+ # format. UTC format includes the special designator, `Z`. For
7753
+ # example, `"2016-09-27T14:50Z"`. You can specify any time range in
7754
+ # the previous three hours.
7343
7755
  # @return [Time]
7344
7756
  #
7345
7757
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/TimeWindow AWS API Documentation
@@ -7708,6 +8120,10 @@ module Aws::WAFV2
7708
8120
  # },
7709
8121
  # geo_match_statement: {
7710
8122
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
8123
+ # forwarded_ip_config: {
8124
+ # header_name: "ForwardedIPHeaderName", # required
8125
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
8126
+ # },
7711
8127
  # },
7712
8128
  # rule_group_reference_statement: {
7713
8129
  # arn: "ResourceArn", # required
@@ -7719,6 +8135,11 @@ module Aws::WAFV2
7719
8135
  # },
7720
8136
  # ip_set_reference_statement: {
7721
8137
  # arn: "ResourceArn", # required
8138
+ # ip_set_forwarded_ip_config: {
8139
+ # header_name: "ForwardedIPHeaderName", # required
8140
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
8141
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
8142
+ # },
7722
8143
  # },
7723
8144
  # regex_pattern_set_reference_statement: {
7724
8145
  # arn: "ResourceArn", # required
@@ -7749,10 +8170,14 @@ module Aws::WAFV2
7749
8170
  # },
7750
8171
  # rate_based_statement: {
7751
8172
  # limit: 1, # required
7752
- # aggregate_key_type: "IP", # required, accepts IP
8173
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
7753
8174
  # scope_down_statement: {
7754
8175
  # # recursive Statement
7755
8176
  # },
8177
+ # forwarded_ip_config: {
8178
+ # header_name: "ForwardedIPHeaderName", # required
8179
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
8180
+ # },
7756
8181
  # },
7757
8182
  # and_statement: {
7758
8183
  # statements: [ # required
@@ -8023,6 +8448,10 @@ module Aws::WAFV2
8023
8448
  # },
8024
8449
  # geo_match_statement: {
8025
8450
  # country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
8451
+ # forwarded_ip_config: {
8452
+ # header_name: "ForwardedIPHeaderName", # required
8453
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
8454
+ # },
8026
8455
  # },
8027
8456
  # rule_group_reference_statement: {
8028
8457
  # arn: "ResourceArn", # required
@@ -8034,6 +8463,11 @@ module Aws::WAFV2
8034
8463
  # },
8035
8464
  # ip_set_reference_statement: {
8036
8465
  # arn: "ResourceArn", # required
8466
+ # ip_set_forwarded_ip_config: {
8467
+ # header_name: "ForwardedIPHeaderName", # required
8468
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
8469
+ # position: "FIRST", # required, accepts FIRST, LAST, ANY
8470
+ # },
8037
8471
  # },
8038
8472
  # regex_pattern_set_reference_statement: {
8039
8473
  # arn: "ResourceArn", # required
@@ -8064,10 +8498,14 @@ module Aws::WAFV2
8064
8498
  # },
8065
8499
  # rate_based_statement: {
8066
8500
  # limit: 1, # required
8067
- # aggregate_key_type: "IP", # required, accepts IP
8501
+ # aggregate_key_type: "IP", # required, accepts IP, FORWARDED_IP
8068
8502
  # scope_down_statement: {
8069
8503
  # # recursive Statement
8070
8504
  # },
8505
+ # forwarded_ip_config: {
8506
+ # header_name: "ForwardedIPHeaderName", # required
8507
+ # fallback_behavior: "MATCH", # required, accepts MATCH, NO_MATCH
8508
+ # },
8071
8509
  # },
8072
8510
  # and_statement: {
8073
8511
  # statements: [ # required
@@ -8279,11 +8717,11 @@ module Aws::WAFV2
8279
8717
  # @return [Boolean]
8280
8718
  #
8281
8719
  # @!attribute [rw] metric_name
8282
- # A name of the CloudWatch metric. The name can contain only
8283
- # alphanumeric characters (A-Z, a-z, 0-9), with length from one to 128
8284
- # characters. It can't contain whitespace or metric names reserved
8285
- # for AWS WAF, for example "All" and "Default\_Action." You can't
8286
- # change a `MetricName` after you create a `VisibilityConfig`.
8720
+ # A name of the CloudWatch metric. The name can contain only the
8721
+ # characters: A-Z, a-z, 0-9, - (hyphen), and \_ (underscore). The name
8722
+ # can be from one to 128 characters long. It can't contain whitespace
8723
+ # or metric names reserved for AWS WAF, for example "All" and
8724
+ # "Default\_Action."
8287
8725
  # @return [String]
8288
8726
  #
8289
8727
  # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/VisibilityConfig AWS API Documentation