aws-sdk-wafv2 1.71.0 → 1.72.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8e00844559f62d3387cf55af655844eb473e4b8d134a25f3fcbdee6d9b072d86
-  data.tar.gz: d7c3714c5b20ade977f2c47fa619ef9bea79546a3da83ef62ed859b19f24e627
+  metadata.gz: 667eb0c7becd2a1a7a54f79947025353b7e9bce0491d8363a7ececbf87643bda
+  data.tar.gz: 40af3093da425f3127efa326e50994b8bcb6e6b02467a4165bc60252a91eb5a9
 SHA512:
-  metadata.gz: 73d56cd51cc562735ce5c627059b683f1dd121fd3de2d45b321ebc40447ba192dceca247ec83b100f5a380e9fdafa691935f09a98297a6de3116fbc7a4eff81b
-  data.tar.gz: d8824365f71c77f8245c903abcad4f13ad000d67b52ea5e73bd7d217ee574a88db024a11094040036bf194185b27bcd3a162332d524027b68ff2ba5bdb989ec6
+  metadata.gz: 1d1639fd9b0f249643a2f484f02eb0f1724c531a25327d1f84c8c5cb527e07017b89aaebf3b72c5de847c55424f1013c0f6870b9c2ed98eec3c97f88f7d00376
+  data.tar.gz: e085a883e262bae5d4e47b9f11b1648cba050194679d68a024d8b4e55e1eac5a46dbeddec169adcc4173177997e77ee1b424250c3bc56c5be6e252a17f3d335e

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.72.0 (2023-10-27)
+------------------
+
+* Feature - Updates the descriptions for the calls that manage web ACL associations, to provide information for customer-managed IAM policies.
+
 1.71.0 (2023-09-28)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.71.0
+1.72.0

data/lib/aws-sdk-wafv2/client.rb

@@ -410,23 +410,41 @@ module Aws::WAFV2
     # Resource Name (ARN) of the web ACL. For information, see
     # [UpdateDistribution][1] in the *Amazon CloudFront Developer Guide*.
     #
-    # When you make changes to web ACLs or web ACL components, like rules
-    # and rule groups, WAF propagates the changes everywhere that the web
-    # ACL and its components are stored and used. Your changes are applied
-    # within seconds, but there might be a brief period of inconsistency
-    # when the changes have arrived in some places and not in others. So,
-    # for example, if you change a rule action setting, the action might be
-    # the old action in one area and the new action in another area. Or if
-    # you add an IP address to an IP set used in a blocking rule, the new
-    # address might briefly be blocked in one area while still allowed in
-    # another. This temporary inconsistency can occur when you first
-    # associate a web ACL with an Amazon Web Services resource and when you
-    # change a web ACL that is already associated with a resource.
-    # Generally, any inconsistencies of this type last only a few seconds.
+    # **Required permissions for customer-managed IAM policies**
+    #
+    # This call requires permissions that are specific to the protected
+    # resource type. For details, see [Permissions for AssociateWebACL][2]
+    # in the *WAF Developer Guide*.
+    #
+    # **Temporary inconsistencies during updates**
+    #
+    # When you create or change a web ACL or other WAF resources, the
+    # changes take a small amount of time to propagate to all areas where
+    # the resources are stored. The propagation time can be from a few
+    # seconds to a number of minutes.
+    #
+    # The following are examples of the temporary inconsistencies that you
+    # might notice during change propagation:
+    #
+    # * After you create a web ACL, if you try to associate it with a
+    #   resource, you might get an exception indicating that the web ACL is
+    #   unavailable.
+    #
+    # * After you add a rule group to a web ACL, the new rule group rules
+    #   might be in effect in one area where the web ACL is used and not in
+    #   another.
+    #
+    # * After you change a rule action setting, you might see the old action
+    #   in some places and the new action in others.
+    #
+    # * After you add an IP address to an IP set that is in use in a
+    #   blocking rule, the new address might be blocked in one area while
+    #   still allowed in another.
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html
+    # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/security_iam_service-with-iam.html#security_iam_action-AssociateWebACL
     #
     # @option params [required, String] :web_acl_arn
     #   The Amazon Resource Name (ARN) of the web ACL that you want to
@@ -4138,9 +4156,16 @@ module Aws::WAFV2
     # `UpdateDistribution`. For information, see [UpdateDistribution][1] in
     # the *Amazon CloudFront API Reference*.
     #
+    # **Required permissions for customer-managed IAM policies**
+    #
+    # This call requires permissions that are specific to the protected
+    # resource type. For details, see [Permissions for
+    # DisassociateWebACL][2] in the *WAF Developer Guide*.
+    #
     #
     #
     # [1]: https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html
+    # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/security_iam_service-with-iam.html#security_iam_action-DisassociateWebACL
     #
     # @option params [required, String] :resource_arn
     #   The Amazon Resource Name (ARN) of the resource to disassociate from
@@ -5285,6 +5310,27 @@ module Aws::WAFV2
 
     # Retrieves the WebACL for the specified resource.
     #
+    # This call uses `GetWebACL`, to verify that your account has permission
+    # to access the retrieved web ACL. If you get an error that indicates
+    # that your account isn't authorized to perform `wafv2:GetWebACL` on
+    # the resource, that error won't be included in your CloudTrail event
+    # history.
+    #
+    # For Amazon CloudFront, don't use this call. Instead, call the
+    # CloudFront action `GetDistributionConfig`. For information, see
+    # [GetDistributionConfig][1] in the *Amazon CloudFront API Reference*.
+    #
+    # **Required permissions for customer-managed IAM policies**
+    #
+    # This call requires permissions that are specific to the protected
+    # resource type. For details, see [Permissions for
+    # GetWebACLForResource][2] in the *WAF Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_GetDistributionConfig.html
+    # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/security_iam_service-with-iam.html#security_iam_action-GetWebACLForResource
+    #
     # @option params [required, String] :resource_arn
     #   The Amazon Resource Name (ARN) of the resource whose web ACL you want
     #   to retrieve.
@@ -5894,9 +5940,23 @@ module Aws::WAFV2
     end
 
     # Retrieves an array of the Amazon Resource Names (ARNs) for the
-    # regional resources that are associated with the specified web ACL. If
-    # you want the list of Amazon CloudFront resources, use the CloudFront
-    # call `ListDistributionsByWebACLId`.
+    # regional resources that are associated with the specified web ACL.
+    #
+    # For Amazon CloudFront, don't use this call. Instead, use the
+    # CloudFront call `ListDistributionsByWebACLId`. For information, see
+    # [ListDistributionsByWebACLId][1] in the *Amazon CloudFront API
+    # Reference*.
+    #
+    # **Required permissions for customer-managed IAM policies**
+    #
+    # This call requires permissions that are specific to the protected
+    # resource type. For details, see [Permissions for
+    # ListResourcesForWebACL][2] in the *WAF Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributionsByWebACLId.html
+    # [2]: https://docs.aws.amazon.com/waf/latest/developerguide/security_iam_service-with-iam.html#security_iam_action-ListResourcesForWebACL
     #
     # @option params [required, String] :web_acl_arn
     #   The Amazon Resource Name (ARN) of the web ACL.
@@ -6570,19 +6630,30 @@ module Aws::WAFV2
     #
     #  </note>
     #
-    # When you make changes to web ACLs or web ACL components, like rules
-    # and rule groups, WAF propagates the changes everywhere that the web
-    # ACL and its components are stored and used. Your changes are applied
-    # within seconds, but there might be a brief period of inconsistency
-    # when the changes have arrived in some places and not in others. So,
-    # for example, if you change a rule action setting, the action might be
-    # the old action in one area and the new action in another area. Or if
-    # you add an IP address to an IP set used in a blocking rule, the new
-    # address might briefly be blocked in one area while still allowed in
-    # another. This temporary inconsistency can occur when you first
-    # associate a web ACL with an Amazon Web Services resource and when you
-    # change a web ACL that is already associated with a resource.
-    # Generally, any inconsistencies of this type last only a few seconds.
+    # **Temporary inconsistencies during updates**
+    #
+    # When you create or change a web ACL or other WAF resources, the
+    # changes take a small amount of time to propagate to all areas where
+    # the resources are stored. The propagation time can be from a few
+    # seconds to a number of minutes.
+    #
+    # The following are examples of the temporary inconsistencies that you
+    # might notice during change propagation:
+    #
+    # * After you create a web ACL, if you try to associate it with a
+    #   resource, you might get an exception indicating that the web ACL is
+    #   unavailable.
+    #
+    # * After you add a rule group to a web ACL, the new rule group rules
+    #   might be in effect in one area where the web ACL is used and not in
+    #   another.
+    #
+    # * After you change a rule action setting, you might see the old action
+    #   in some places and the new action in others.
+    #
+    # * After you add an IP address to an IP set that is in use in a
+    #   blocking rule, the new address might be blocked in one area while
+    #   still allowed in another.
     #
     # @option params [required, String] :name
     #   The name of the IP set. You cannot change the name of an `IPSet` after
@@ -6803,19 +6874,30 @@ module Aws::WAFV2
     #
     #  </note>
     #
-    # When you make changes to web ACLs or web ACL components, like rules
-    # and rule groups, WAF propagates the changes everywhere that the web
-    # ACL and its components are stored and used. Your changes are applied
-    # within seconds, but there might be a brief period of inconsistency
-    # when the changes have arrived in some places and not in others. So,
-    # for example, if you change a rule action setting, the action might be
-    # the old action in one area and the new action in another area. Or if
-    # you add an IP address to an IP set used in a blocking rule, the new
-    # address might briefly be blocked in one area while still allowed in
-    # another. This temporary inconsistency can occur when you first
-    # associate a web ACL with an Amazon Web Services resource and when you
-    # change a web ACL that is already associated with a resource.
-    # Generally, any inconsistencies of this type last only a few seconds.
+    # **Temporary inconsistencies during updates**
+    #
+    # When you create or change a web ACL or other WAF resources, the
+    # changes take a small amount of time to propagate to all areas where
+    # the resources are stored. The propagation time can be from a few
+    # seconds to a number of minutes.
+    #
+    # The following are examples of the temporary inconsistencies that you
+    # might notice during change propagation:
+    #
+    # * After you create a web ACL, if you try to associate it with a
+    #   resource, you might get an exception indicating that the web ACL is
+    #   unavailable.
+    #
+    # * After you add a rule group to a web ACL, the new rule group rules
+    #   might be in effect in one area where the web ACL is used and not in
+    #   another.
+    #
+    # * After you change a rule action setting, you might see the old action
+    #   in some places and the new action in others.
+    #
+    # * After you add an IP address to an IP set that is in use in a
+    #   blocking rule, the new address might be blocked in one area while
+    #   still allowed in another.
     #
     # @option params [required, String] :name
     #   The name of the set. You cannot change the name after you create the
@@ -6904,26 +6986,37 @@ module Aws::WAFV2
     #
     #  </note>
     #
-    # When you make changes to web ACLs or web ACL components, like rules
-    # and rule groups, WAF propagates the changes everywhere that the web
-    # ACL and its components are stored and used. Your changes are applied
-    # within seconds, but there might be a brief period of inconsistency
-    # when the changes have arrived in some places and not in others. So,
-    # for example, if you change a rule action setting, the action might be
-    # the old action in one area and the new action in another area. Or if
-    # you add an IP address to an IP set used in a blocking rule, the new
-    # address might briefly be blocked in one area while still allowed in
-    # another. This temporary inconsistency can occur when you first
-    # associate a web ACL with an Amazon Web Services resource and when you
-    # change a web ACL that is already associated with a resource.
-    # Generally, any inconsistencies of this type last only a few seconds.
-    #
     # A rule group defines a collection of rules to inspect and control web
     # requests that you can use in a WebACL. When you create a rule group,
     # you define an immutable capacity limit. If you update a rule group,
     # you must stay within the capacity. This allows others to reuse the
     # rule group with confidence in its capacity requirements.
     #
+    # **Temporary inconsistencies during updates**
+    #
+    # When you create or change a web ACL or other WAF resources, the
+    # changes take a small amount of time to propagate to all areas where
+    # the resources are stored. The propagation time can be from a few
+    # seconds to a number of minutes.
+    #
+    # The following are examples of the temporary inconsistencies that you
+    # might notice during change propagation:
+    #
+    # * After you create a web ACL, if you try to associate it with a
+    #   resource, you might get an exception indicating that the web ACL is
+    #   unavailable.
+    #
+    # * After you add a rule group to a web ACL, the new rule group rules
+    #   might be in effect in one area where the web ACL is used and not in
+    #   another.
+    #
+    # * After you change a rule action setting, you might see the old action
+    #   in some places and the new action in others.
+    #
+    # * After you add an IP address to an IP set that is in use in a
+    #   blocking rule, the new address might be blocked in one area while
+    #   still allowed in another.
+    #
     # @option params [required, String] :name
     #   The name of the rule group. You cannot change the name of a rule group
     #   after you create it.
@@ -7867,20 +7960,6 @@ module Aws::WAFV2
     #
     #  </note>
     #
-    # When you make changes to web ACLs or web ACL components, like rules
-    # and rule groups, WAF propagates the changes everywhere that the web
-    # ACL and its components are stored and used. Your changes are applied
-    # within seconds, but there might be a brief period of inconsistency
-    # when the changes have arrived in some places and not in others. So,
-    # for example, if you change a rule action setting, the action might be
-    # the old action in one area and the new action in another area. Or if
-    # you add an IP address to an IP set used in a blocking rule, the new
-    # address might briefly be blocked in one area while still allowed in
-    # another. This temporary inconsistency can occur when you first
-    # associate a web ACL with an Amazon Web Services resource and when you
-    # change a web ACL that is already associated with a resource.
-    # Generally, any inconsistencies of this type last only a few seconds.
-    #
     # A web ACL defines a collection of rules to use to inspect and control
     # web requests. Each rule has a statement that defines what to look for
     # in web requests and an action that WAF applies to requests that match
@@ -7894,6 +7973,31 @@ module Aws::WAFV2
     # Cognito user pool, an App Runner service, or an Amazon Web Services
     # Verified Access instance.
     #
+    # **Temporary inconsistencies during updates**
+    #
+    # When you create or change a web ACL or other WAF resources, the
+    # changes take a small amount of time to propagate to all areas where
+    # the resources are stored. The propagation time can be from a few
+    # seconds to a number of minutes.
+    #
+    # The following are examples of the temporary inconsistencies that you
+    # might notice during change propagation:
+    #
+    # * After you create a web ACL, if you try to associate it with a
+    #   resource, you might get an exception indicating that the web ACL is
+    #   unavailable.
+    #
+    # * After you add a rule group to a web ACL, the new rule group rules
+    #   might be in effect in one area where the web ACL is used and not in
+    #   another.
+    #
+    # * After you change a rule action setting, you might see the old action
+    #   in some places and the new action in others.
+    #
+    # * After you add an IP address to an IP set that is in use in a
+    #   blocking rule, the new address might be blocked in one area while
+    #   still allowed in another.
+    #
     # @option params [required, String] :name
     #   The name of the web ACL. You cannot change the name of a web ACL after
     #   you create it.
@@ -8922,7 +9026,7 @@ module Aws::WAFV2
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-wafv2'
-      context[:gem_version] = '1.71.0'
+      context[:gem_version] = '1.72.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-wafv2/endpoint_provider.rb

@@ -32,7 +32,7 @@ module Aws::WAFV2
             raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
           end
           if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
-            if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
+            if Aws::Endpoints::Matchers.boolean_equals?(Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"), true)
               return Aws::Endpoints::Endpoint.new(url: "https://wafv2-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
             end
             raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"

data/lib/aws-sdk-wafv2/types.rb

@@ -554,10 +554,9 @@ module Aws::WAFV2
     #     includes it in the logs. For information about the logging fields,
     #     see [Log fields][1] in the *WAF Developer Guide*.
     #
-    #   * `HeaderOrder`: The comma-separated list of header names to match
-    #     for. WAF creates a string that contains the ordered list of header
-    #     names, from the headers in the web request, and then matches
-    #     against that string.
+    #   * `HeaderOrder`: The list of header names to match for. WAF creates
+    #     a string that contains the ordered list of header names, from the
+    #     headers in the web request, and then matches against that string.
     #
     #   If `SearchString` includes alphabetic characters A-Z and a-z, note
     #   that the value is case sensitive.
@@ -978,7 +977,14 @@ module Aws::WAFV2
     #
     # @!attribute [rw] match_scope
     #   The parts of the cookies to inspect with the rule inspection
-    #   criteria. If you specify `All`, WAF inspects both keys and values.
+    #   criteria. If you specify `ALL`, WAF inspects both keys and values.
+    #
+    #   `All` does not require a match to be found in the keys and a match
+    #   to be found in the values. It requires a match to be found in the
+    #   keys or the values or both. To require a match in the keys and in
+    #   the values, use a logical `AND` statement to combine two match
+    #   rules, one that inspects the keys and another that inspects the
+    #   values.
     #   @return [String]
     #
     # @!attribute [rw] oversize_handling
@@ -3561,7 +3567,14 @@ module Aws::WAFV2
     #
     # @!attribute [rw] match_scope
     #   The parts of the headers to match with the rule inspection criteria.
-    #   If you specify `All`, WAF inspects both keys and values.
+    #   If you specify `ALL`, WAF inspects both keys and values.
+    #
+    #   `All` does not require a match to be found in the keys and a match
+    #   to be found in the values. It requires a match to be found in the
+    #   keys or the values or both. To require a match in the keys and in
+    #   the values, use a logical `AND` statement to combine two match
+    #   rules, one that inspects the keys and another that inspects the
+    #   values.
     #   @return [String]
     #
     # @!attribute [rw] oversize_handling
@@ -3928,7 +3941,14 @@ module Aws::WAFV2
     #
     # @!attribute [rw] match_scope
     #   The parts of the JSON to match against using the `MatchPattern`. If
-    #   you specify `All`, WAF matches against keys and values.
+    #   you specify `ALL`, WAF matches against keys and values.
+    #
+    #   `All` does not require a match to be found in the keys and a match
+    #   to be found in the values. It requires a match to be found in the
+    #   keys or the values or both. To require a match in the keys and in
+    #   the values, use a logical `AND` statement to combine two match
+    #   rules, one that inspects the keys and another that inspects the
+    #   values.
     #   @return [String]
     #
     # @!attribute [rw] invalid_fallback_behavior

data/lib/aws-sdk-wafv2.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-wafv2/customizations'
 # @!group service
 module Aws::WAFV2
 
-  GEM_VERSION = '1.71.0'
+  GEM_VERSION = '1.72.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-wafv2
 version: !ruby/object:Gem::Version
-  version: 1.71.0
+  version: 1.72.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2023-09-28 00:00:00.000000000 Z
+date: 2023-10-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core