aws-sdk-wafv2 1.25.0 → 1.26.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cb49a706a00149bebb04513c27c0a4b06a07b289ec12b61f61a7baa56e42497f
-  data.tar.gz: 8df72980626b54247131d670e10a157768ce39eec58a59261fd1800805ad9141
+  metadata.gz: c01cb4efa4631f585d688dd9c4e9944b2bfada503466284fe6e0cedf9b157b08
+  data.tar.gz: cb4f619aebbc1dd1fb8f953ad6d5fc9da8acd51deb1005670a2ce8303abbc9da
 SHA512:
-  metadata.gz: a7311e59e04ec522aab351d96f484a216fe869b05de8aa8ee79a58229ea8da27445e47afe7d05cdbf0ac281e8aa08873b210b846ca0992fedbc065542b381f3d
-  data.tar.gz: 25e78ba0c2e7c83423b6331c29d8c680399409916fecc3f71016dbb7d336a266b47bf95a8a4d20d962d4adfbf2ce236a30ae446c6252353de7d30c1a56134b85
+  metadata.gz: 0ab84e826ad092a4a406cf7b324d50a1d78cf84feac1ae8432c3eb4f9800c87bc9f1218fa53d54a91de42f977f68c2153227564f3ee026adce8cf3c0ed18aeb8
+  data.tar.gz: 284c2c4a0eb71d94eef5df5e6770bbedc7136508adee7d4e2e37295186754a5971713d31ae1db2d4b7e05982105e08a6cae65530eb0843fa8573d484879dd528

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.26.0 (2021-09-14)
+------------------
+
+* Feature - This release adds support for including rate based rules in a rule group.
+
 1.25.0 (2021-09-01)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.25.0
+1.26.0

data/lib/aws-sdk-wafv2/client.rb

@@ -2379,7 +2379,7 @@ module Aws::WAFV2
     # Retrieves the specified managed rule set.
     #
     # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
-    # are Amazon Web Services and Marketplace sellers.
+    # are Amazon Web Services and Amazon Web Services Marketplace sellers.
     #
     #  Vendors, you can use the managed rule set APIs to provide controlled
     # rollout of your versioned managed rule group offerings for your
@@ -2485,10 +2485,24 @@ module Aws::WAFV2
       req.send_request(options)
     end
 
-    # Retrieves the keys that are currently blocked by a rate-based rule.
-    # The maximum number of managed keys that can be blocked for a single
-    # rate-based rule is 10,000. If more than 10,000 addresses exceed the
-    # rate limit, those with the highest rates are blocked.
+    # Retrieves the keys that are currently blocked by a rate-based rule
+    # instance. The maximum number of managed keys that can be blocked for a
+    # single rate-based rule instance is 10,000. If more than 10,000
+    # addresses exceed the rate limit, those with the highest rates are
+    # blocked.
+    #
+    # For a rate-based rule that you've defined inside a rule group,
+    # provide the name of the rule group reference statement in your
+    # request, in addition to the rate-based rule name and the web ACL name.
+    #
+    # WAF monitors web requests and manages keys independently for each
+    # unique combination of web ACL, optional rule group, and rate-based
+    # rule. For example, if you define a rate-based rule inside a rule
+    # group, and then use the rule group in a web ACL, WAF monitors web
+    # requests and manages keys for that web ACL, rule group reference
+    # statement, and rate-based rule instance. If you use the same rule
+    # group in a second web ACL, WAF monitors web requests and manages keys
+    # for this second usage completely independent of your first.
     #
     # @option params [required, String] :scope
     #   Specifies whether this is for an Amazon CloudFront distribution or for
@@ -2513,8 +2527,16 @@ module Aws::WAFV2
     #   responses to create and list commands. You provide it to operations
     #   like update and delete.
     #
+    # @option params [String] :rule_group_rule_name
+    #   The name of the rule group reference statement in your web ACL. This
+    #   is required only when you have the rate-based rule nested inside a
+    #   rule group.
+    #
     # @option params [required, String] :rule_name
-    #   The name of the rate-based rule to get the keys for.
+    #   The name of the rate-based rule to get the keys for. If you have the
+    #   rule defined inside a rule group that you're using in your web ACL,
+    #   also provide the name of the rule group reference statement in the
+    #   request parameter `RuleGroupRuleName`.
     #
     # @return [Types::GetRateBasedStatementManagedKeysResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
@@ -2527,6 +2549,7 @@ module Aws::WAFV2
     #     scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
     #     web_acl_name: "EntityName", # required
     #     web_acl_id: "EntityId", # required
+    #     rule_group_rule_name: "EntityName",
     #     rule_name: "EntityName", # required
     #   })
     #
@@ -3638,8 +3661,8 @@ module Aws::WAFV2
 
     # Retrieves an array of managed rule groups that are available for you
     # to use. This list includes all Amazon Web Services Managed Rules rule
-    # groups and all of the Marketplace managed rule groups that you're
-    # subscribed to.
+    # groups and all of the Amazon Web Services Marketplace managed rule
+    # groups that you're subscribed to.
     #
     # @option params [required, String] :scope
     #   Specifies whether this is for an Amazon CloudFront distribution or for
@@ -3837,7 +3860,7 @@ module Aws::WAFV2
     # Retrieves the managed rule sets that you own.
     #
     # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
-    # are Amazon Web Services and Marketplace sellers.
+    # are Amazon Web Services and Amazon Web Services Marketplace sellers.
     #
     #  Vendors, you can use the managed rule set APIs to provide controlled
     # rollout of your versioned managed rule group offerings for your
@@ -4329,7 +4352,7 @@ module Aws::WAFV2
     # with versioning.
     #
     # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
-    # are Amazon Web Services and Marketplace sellers.
+    # are Amazon Web Services and Amazon Web Services Marketplace sellers.
     #
     #  Vendors, you can use the managed rule set APIs to provide controlled
     # rollout of your versioned managed rule group offerings for your
@@ -4672,7 +4695,7 @@ module Aws::WAFV2
     # ListAvailableManagedRuleGroupVersions for the managed rule group.
     #
     # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
-    # are Amazon Web Services and Marketplace sellers.
+    # are Amazon Web Services and Amazon Web Services Marketplace sellers.
     #
     #  Vendors, you can use the managed rule set APIs to provide controlled
     # rollout of your versioned managed rule group offerings for your
@@ -5759,7 +5782,7 @@ module Aws::WAFV2
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-wafv2'
-      context[:gem_version] = '1.25.0'
+      context[:gem_version] = '1.26.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-wafv2/client_api.rb

@@ -560,6 +560,7 @@ module Aws::WAFV2
     GetRateBasedStatementManagedKeysRequest.add_member(:scope, Shapes::ShapeRef.new(shape: Scope, required: true, location_name: "Scope"))
     GetRateBasedStatementManagedKeysRequest.add_member(:web_acl_name, Shapes::ShapeRef.new(shape: EntityName, required: true, location_name: "WebACLName"))
     GetRateBasedStatementManagedKeysRequest.add_member(:web_acl_id, Shapes::ShapeRef.new(shape: EntityId, required: true, location_name: "WebACLId"))
+    GetRateBasedStatementManagedKeysRequest.add_member(:rule_group_rule_name, Shapes::ShapeRef.new(shape: EntityName, location_name: "RuleGroupRuleName"))
     GetRateBasedStatementManagedKeysRequest.add_member(:rule_name, Shapes::ShapeRef.new(shape: EntityName, required: true, location_name: "RuleName"))
     GetRateBasedStatementManagedKeysRequest.struct_class = Types::GetRateBasedStatementManagedKeysRequest
 

data/lib/aws-sdk-wafv2/types.rb

@@ -39,6 +39,8 @@ module Aws::WAFV2
     # This is used only to indicate the web request component for WAF to
     # inspect, in the FieldToMatch specification.
     #
+    # JSON specification: `"All": \{\}`
+    #
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/All AWS API Documentation
@@ -50,6 +52,8 @@ module Aws::WAFV2
     # This is used only to indicate the web request component for WAF to
     # inspect, in the FieldToMatch specification.
     #
+    # JSON specification: `"AllQueryArguments": \{\}`
+    #
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/AllQueryArguments AWS API Documentation
@@ -462,6 +466,8 @@ module Aws::WAFV2
     # This is used only to indicate the web request component for WAF to
     # inspect, in the FieldToMatch specification.
     #
+    # JSON specification: `"Body": \{\}`
+    #
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Body AWS API Documentation
@@ -2954,6 +2960,14 @@ module Aws::WAFV2
     # requires it. To inspect more than one component of a web request,
     # create a separate rule statement for each component.
     #
+    # JSON specification for a `QueryString` field to match:
+    #
+    # ` "FieldToMatch": \{ "QueryString": \{\} \}`
+    #
+    # Example JSON for a `Method` field to match specification:
+    #
+    # ` "FieldToMatch": \{ "Method": \{ "Name": "DELETE" \} \}`
+    #
     # @note When making an API call, you may pass FieldToMatch
     #   data as a hash:
     #
@@ -3195,8 +3209,8 @@ module Aws::WAFV2
     #   provide the ARN of the rule group in this statement.
     #
     #   You cannot nest a `RuleGroupReferenceStatement`, for example for use
-    #   inside a `NotStatement` or `OrStatement`. It can only be referenced
-    #   as a top-level statement within a rule.
+    #   inside a `NotStatement` or `OrStatement`. You can only use a rule
+    #   group reference statement at the top level inside a web ACL.
     #   @return [Types::RuleGroupReferenceStatement]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/FirewallManagerStatement AWS API Documentation
@@ -3525,6 +3539,7 @@ module Aws::WAFV2
     #         scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
     #         web_acl_name: "EntityName", # required
     #         web_acl_id: "EntityId", # required
+    #         rule_group_rule_name: "EntityName",
     #         rule_name: "EntityName", # required
     #       }
     #
@@ -3554,8 +3569,17 @@ module Aws::WAFV2
     #   like update and delete.
     #   @return [String]
     #
+    # @!attribute [rw] rule_group_rule_name
+    #   The name of the rule group reference statement in your web ACL. This
+    #   is required only when you have the rate-based rule nested inside a
+    #   rule group.
+    #   @return [String]
+    #
     # @!attribute [rw] rule_name
-    #   The name of the rate-based rule to get the keys for.
+    #   The name of the rate-based rule to get the keys for. If you have the
+    #   rule defined inside a rule group that you're using in your web ACL,
+    #   also provide the name of the rule group reference statement in the
+    #   request parameter `RuleGroupRuleName`.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/GetRateBasedStatementManagedKeysRequest AWS API Documentation
@@ -3564,6 +3588,7 @@ module Aws::WAFV2
       :scope,
       :web_acl_name,
       :web_acl_id,
+      :rule_group_rule_name,
       :rule_name)
       SENSITIVE = []
       include Aws::Structure
@@ -4283,6 +4308,9 @@ module Aws::WAFV2
     # inspects only the parts of the JSON that result from the matches that
     # you indicate.
     #
+    # Example JSON: `"JsonBody": \{ "MatchPattern": \{ "All": \{\} \},
+    # "MatchScope": "ALL" \}`
+    #
     # @note When making an API call, you may pass JsonBody
     #   data as a hash:
     #
@@ -5267,11 +5295,11 @@ module Aws::WAFV2
     #
     # @!attribute [rw] redacted_fields
     #   The parts of the request that you want to keep out of the logs. For
-    #   example, if you redact the `HEADER` field, the `HEADER` field in the
-    #   firehose will be `xxx`.
+    #   example, if you redact the `SingleHeader` field, the `HEADER` field
+    #   in the firehose will be `xxx`.
     #
-    #   <note markdown="1"> You must use one of the following values: `URI`, `QUERY_STRING`,
-    #   `HEADER`, or `METHOD`.
+    #   <note markdown="1"> You can specify only the following fields for redaction: `UriPath`,
+    #   `QueryString`, `SingleHeader`, `Method`, and `JsonBody`.
     #
     #    </note>
     #   @return [Array<Types::FieldToMatch>]
@@ -5673,8 +5701,9 @@ module Aws::WAFV2
     # name and vendor name, that you provide when you add a
     # ManagedRuleGroupStatement to a web ACL. Managed rule groups include
     # Amazon Web Services Managed Rules rule groups, which are free of
-    # charge to WAF customers, and Marketplace managed rule groups, which
-    # you can subscribe to through Marketplace.
+    # charge to WAF customers, and Amazon Web Services Marketplace managed
+    # rule groups, which you can subscribe to through Amazon Web Services
+    # Marketplace.
     #
     # @!attribute [rw] vendor_name
     #   The name of the managed rule group vendor. You use this, along with
@@ -5688,7 +5717,8 @@ module Aws::WAFV2
     #
     # @!attribute [rw] description
     #   The description of the managed rule group, provided by Amazon Web
-    #   Services Managed Rules or the Marketplace seller who manages it.
+    #   Services Managed Rules or the Amazon Web Services Marketplace seller
+    #   who manages it.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/ManagedRuleGroupSummary AWS API Documentation
@@ -5721,11 +5751,12 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
-    # A set of rules that is managed by Amazon Web Services and Marketplace
-    # sellers to provide versioned managed rule groups for customers of WAF.
+    # A set of rules that is managed by Amazon Web Services and Amazon Web
+    # Services Marketplace sellers to provide versioned managed rule groups
+    # for customers of WAF.
     #
     # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
-    # are Amazon Web Services and Marketplace sellers.
+    # are Amazon Web Services and Amazon Web Services Marketplace sellers.
     #
     #  Vendors, you can use the managed rule set APIs to provide controlled
     # rollout of your versioned managed rule group offerings for your
@@ -5801,7 +5832,7 @@ module Aws::WAFV2
     # High-level information for a managed rule set.
     #
     # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
-    # are Amazon Web Services and Marketplace sellers.
+    # are Amazon Web Services and Amazon Web Services Marketplace sellers.
     #
     #  Vendors, you can use the managed rule set APIs to provide controlled
     # rollout of your versioned managed rule group offerings for your
@@ -5879,7 +5910,7 @@ module Aws::WAFV2
     # Information for a single version of a managed rule set.
     #
     # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
-    # are Amazon Web Services and Marketplace sellers.
+    # are Amazon Web Services and Amazon Web Services Marketplace sellers.
     #
     #  Vendors, you can use the managed rule set APIs to provide controlled
     # rollout of your versioned managed rule group offerings for your
@@ -5955,6 +5986,8 @@ module Aws::WAFV2
     # This is used only to indicate the web request component for WAF to
     # inspect, in the FieldToMatch specification.
     #
+    # JSON specification: `"Method": \{\}`
+    #
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/Method AWS API Documentation
@@ -5968,6 +6001,8 @@ module Aws::WAFV2
     # This is used in the context of other settings, for example to specify
     # values for RuleAction and web ACL DefaultAction.
     #
+    # JSON specification: `"None": \{\}`
+    #
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/NoneAction AWS API Documentation
@@ -6812,6 +6847,8 @@ module Aws::WAFV2
     # This is used only to indicate the web request component for WAF to
     # inspect, in the FieldToMatch specification.
     #
+    # JSON specification: `"QueryString": \{\}`
+    #
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/QueryString AWS API Documentation
@@ -6824,6 +6861,15 @@ module Aws::WAFV2
     # You can use this to put a temporary block on requests from an IP
     # address that is sending excessive requests.
     #
+    # WAF tracks and manages web requests separately for each instance of a
+    # rate-based rule that you use. For example, if you provide the same
+    # rate-based rule settings in two web ACLs, each of the two rule
+    # statements represents a separate instance of the rate-based rule and
+    # gets its own tracking and management by WAF. If you define a
+    # rate-based rule inside a rule group, and then use that rule group in
+    # multiple places, each use creates a separate instance of the
+    # rate-based rule that gets its own tracking and management by WAF.
+    #
     # When the rule action triggers, WAF blocks additional requests from the
     # IP address until the request rate falls below the limit.
     #
@@ -6847,9 +6893,9 @@ module Aws::WAFV2
     # not meet both conditions are not counted towards the rate limit and
     # are not affected by this rule.
     #
-    # You cannot nest a `RateBasedStatement`, for example for use inside a
-    # `NotStatement` or `OrStatement`. It can only be referenced as a
-    # top-level statement within a rule.
+    # You cannot nest a `RateBasedStatement` inside another statement, for
+    # example inside a `NotStatement` or `OrStatement`. You can define a
+    # `RateBasedStatement` inside a web ACL and inside a rule group.
     #
     # @note When making an API call, you may pass RateBasedStatement
     #   data as a hash:
@@ -7167,8 +7213,8 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
-    # The set of IP addresses that are currently blocked for a rate-based
-    # statement.
+    # The set of IP addresses that are currently blocked for a
+    # RateBasedStatement.
     #
     # @!attribute [rw] ip_address_version
     #   The version of the IP addresses, either `IPV4` or `IPV6`.
@@ -7996,8 +8042,8 @@ module Aws::WAFV2
     # provide the ARN of the rule group in this statement.
     #
     # You cannot nest a `RuleGroupReferenceStatement`, for example for use
-    # inside a `NotStatement` or `OrStatement`. It can only be referenced as
-    # a top-level statement within a rule.
+    # inside a `NotStatement` or `OrStatement`. You can only use a rule
+    # group reference statement at the top level inside a web ACL.
     #
     # @note When making an API call, you may pass RuleGroupReferenceStatement
     #   data as a hash:
@@ -8179,6 +8225,8 @@ module Aws::WAFV2
     # This is used only to indicate the web request component for WAF to
     # inspect, in the FieldToMatch specification.
     #
+    # Example JSON: `"SingleHeader": \{ "Name": "haystack" \}`
+    #
     # @note When making an API call, you may pass SingleHeader
     #   data as a hash:
     #
@@ -8202,6 +8250,8 @@ module Aws::WAFV2
     # *UserName* or *SalesRegion*. The name can be up to 30 characters long
     # and isn't case sensitive.
     #
+    # Example JSON: `"SingleQueryArgument": \{ "Name": "myArgument" \}`
+    #
     # @note When making an API call, you may pass SingleQueryArgument
     #   data as a hash:
     #
@@ -9913,8 +9963,8 @@ module Aws::WAFV2
     #   provide the ARN of the rule group in this statement.
     #
     #   You cannot nest a `RuleGroupReferenceStatement`, for example for use
-    #   inside a `NotStatement` or `OrStatement`. It can only be referenced
-    #   as a top-level statement within a rule.
+    #   inside a `NotStatement` or `OrStatement`. You can only use a rule
+    #   group reference statement at the top level inside a web ACL.
     #   @return [Types::RuleGroupReferenceStatement]
     #
     # @!attribute [rw] ip_set_reference_statement
@@ -9952,6 +10002,15 @@ module Aws::WAFV2
     #   time span. You can use this to put a temporary block on requests
     #   from an IP address that is sending excessive requests.
     #
+    #   WAF tracks and manages web requests separately for each instance of
+    #   a rate-based rule that you use. For example, if you provide the same
+    #   rate-based rule settings in two web ACLs, each of the two rule
+    #   statements represents a separate instance of the rate-based rule and
+    #   gets its own tracking and management by WAF. If you define a
+    #   rate-based rule inside a rule group, and then use that rule group in
+    #   multiple places, each use creates a separate instance of the
+    #   rate-based rule that gets its own tracking and management by WAF.
+    #
     #   When the rule action triggers, WAF blocks additional requests from
     #   the IP address until the request rate falls below the limit.
     #
@@ -9975,9 +10034,9 @@ module Aws::WAFV2
     #   do not meet both conditions are not counted towards the rate limit
     #   and are not affected by this rule.
     #
-    #   You cannot nest a `RateBasedStatement`, for example for use inside a
-    #   `NotStatement` or `OrStatement`. It can only be referenced as a
-    #   top-level statement within a rule.
+    #   You cannot nest a `RateBasedStatement` inside another statement, for
+    #   example inside a `NotStatement` or `OrStatement`. You can define a
+    #   `RateBasedStatement` inside a web ACL and inside a rule group.
     #   @return [Types::RateBasedStatement]
     #
     # @!attribute [rw] and_statement
@@ -11623,6 +11682,8 @@ module Aws::WAFV2
     # This is used only to indicate the web request component for WAF to
     # inspect, in the FieldToMatch specification.
     #
+    # JSON specification: `"UriPath": \{\}`
+    #
     # @api private
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/UriPath AWS API Documentation
@@ -11633,7 +11694,7 @@ module Aws::WAFV2
     # vendor publishes for use by customers.
     #
     # <note markdown="1"> This is intended for use only by vendors of managed rule sets. Vendors
-    # are Amazon Web Services and Marketplace sellers.
+    # are Amazon Web Services and Amazon Web Services Marketplace sellers.
     #
     #  Vendors, you can use the managed rule set APIs to provide controlled
     # rollout of your versioned managed rule group offerings for your

data/lib/aws-sdk-wafv2.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-wafv2/customizations'
 # @!group service
 module Aws::WAFV2
 
-  GEM_VERSION = '1.25.0'
+  GEM_VERSION = '1.26.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-wafv2
 version: !ruby/object:Gem::Version
-  version: 1.25.0
+  version: 1.26.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-09-01 00:00:00.000000000 Z
+date: 2021-09-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core