aws-sdk-wafv2 1.30.0 → 1.31.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 98b51813c9f78ac6f0365cc3dc004f07ffe648292e2d94a97e5bd61c65154168
-  data.tar.gz: 5996ef24059d82e2dd2544c99a69fe8bfe4d87d3ecef6191e44091b2c836555f
+  metadata.gz: b3b1c92cb789ccf4f30ff1c2d2e5b2d7814f58ed48f6c122cf00a223d6b96714
+  data.tar.gz: 2e0b15160d174f1ebd884e92eca57256d43f5dc04273090f1c65698827167467
 SHA512:
-  metadata.gz: e8bb8b44f34f925ef9b19554fa968f54df6501511e95bd948e7692b36ab756bc3bf6b2b9b02e00ce0abed38204f85bc955d8cdf127b7bbc2337009dc1a59c1ba
-  data.tar.gz: 6eeece73c0fbfd8a2ae12b0c6b77017aff7a86c35f5bcadf9dc31ec9daf38a6c6b2b80312102fb2195c04a9c7bacf3aa16e2d30ec3e183f0e48cc78c2c571156
+  metadata.gz: 884441ff2f923c2c198f3ae70edc67688646cc318a1fad59701e1bb4a10f9486b96efb1d82ff56c66b0ed61afe1bdb71b729bf48d166acc28ec4bc962bcebefc
+  data.tar.gz: 03e62ccd185255c3004e2b05bd9b7aaf60c81ae687b789b1bd290bfd9bf9fd225dbe9265b2bff33a8b667f5ed8c1f65cd5b8c06dbdb8eea6a6ea52f1cd6f2172

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.31.0 (2021-11-15)
+------------------
+
+* Feature - Your options for logging web ACL traffic now include Amazon CloudWatch Logs log groups and Amazon S3 buckets.
+
 1.30.0 (2021-11-08)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.30.0
+1.31.0

data/lib/aws-sdk-wafv2/client.rb

@@ -4479,28 +4479,22 @@ module Aws::WAFV2
     # You can access information about all traffic that WAF inspects using
     # the following steps:
     #
-    # 1.  Create an Amazon Kinesis Data Firehose.
-    #
-    #     Create the data firehose with a PUT source and in the Region that
-    #     you are operating. If you are capturing logs for Amazon
-    #     CloudFront, always create the firehose in US East (N. Virginia).
-    #
-    #     Give the data firehose a name that starts with the prefix
-    #     `aws-waf-logs-`. For example, `aws-waf-logs-us-east-2-analytics`.
-    #
-    #     <note markdown="1"> Do not create the data firehose using a `Kinesis stream` as your
-    #     source.
-    #
-    #      </note>
-    #
-    # 2.  Associate that firehose to your web ACL using a
+    # 1.  Create your logging destination. You can use an Amazon CloudWatch
+    #     Logs log group, an Amazon Simple Storage Service (Amazon S3)
+    #     bucket, or an Amazon Kinesis Data Firehose. For information about
+    #     configuring logging destinations and the permissions that are
+    #     required for each, see [Logging web ACL traffic information][1] in
+    #     the *WAF Developer Guide*.
+    #
+    # 2.  Associate your logging destination to your web ACL using a
     #     `PutLoggingConfiguration` request.
     #
     # When you successfully enable logging using a `PutLoggingConfiguration`
-    # request, WAF will create a service linked role with the necessary
-    # permissions to write logs to the Amazon Kinesis Data Firehose. For
-    # more information, see [Logging Web ACL Traffic Information][1] in the
-    # *WAF Developer Guide*.
+    # request, WAF creates an additional role or policy that is required to
+    # write logs to the logging destination. For an Amazon CloudWatch Logs
+    # log group, WAF creates a resource policy on the log group. For an
+    # Amazon S3 bucket, WAF creates a bucket policy. For an Amazon Kinesis
+    # Data Firehose, WAF creates a service-linked role.
     #
     # <note markdown="1"> This operation completely replaces the mutable specifications that you
     # already have for the logging configuration with the ones that you
@@ -6156,7 +6150,7 @@ module Aws::WAFV2
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-wafv2'
-      context[:gem_version] = '1.30.0'
+      context[:gem_version] = '1.31.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-wafv2/client_api.rb

@@ -292,6 +292,7 @@ module Aws::WAFV2
     WAFInvalidPermissionPolicyException = Shapes::StructureShape.new(name: 'WAFInvalidPermissionPolicyException')
     WAFInvalidResourceException = Shapes::StructureShape.new(name: 'WAFInvalidResourceException')
     WAFLimitsExceededException = Shapes::StructureShape.new(name: 'WAFLimitsExceededException')
+    WAFLogDestinationPermissionIssueException = Shapes::StructureShape.new(name: 'WAFLogDestinationPermissionIssueException')
     WAFNonexistentItemException = Shapes::StructureShape.new(name: 'WAFNonexistentItemException')
     WAFOptimisticLockException = Shapes::StructureShape.new(name: 'WAFOptimisticLockException')
     WAFServiceLinkedRoleErrorException = Shapes::StructureShape.new(name: 'WAFServiceLinkedRoleErrorException')
@@ -1186,6 +1187,9 @@ module Aws::WAFV2
     WAFLimitsExceededException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
     WAFLimitsExceededException.struct_class = Types::WAFLimitsExceededException
 
+    WAFLogDestinationPermissionIssueException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
+    WAFLogDestinationPermissionIssueException.struct_class = Types::WAFLogDestinationPermissionIssueException
+
     WAFNonexistentItemException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessage, location_name: "Message"))
     WAFNonexistentItemException.struct_class = Types::WAFNonexistentItemException
 
@@ -1728,6 +1732,7 @@ module Aws::WAFV2
         o.errors << Shapes::ShapeRef.new(shape: WAFInvalidParameterException)
         o.errors << Shapes::ShapeRef.new(shape: WAFInvalidOperationException)
         o.errors << Shapes::ShapeRef.new(shape: WAFLimitsExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: WAFLogDestinationPermissionIssueException)
       end)
 
       api.add_operation(:put_managed_rule_set_versions, Seahorse::Model::Operation.new.tap do |o|

data/lib/aws-sdk-wafv2/errors.rb

@@ -36,6 +36,7 @@ module Aws::WAFV2
   # * {WAFInvalidPermissionPolicyException}
   # * {WAFInvalidResourceException}
   # * {WAFLimitsExceededException}
+  # * {WAFLogDestinationPermissionIssueException}
   # * {WAFNonexistentItemException}
   # * {WAFOptimisticLockException}
   # * {WAFServiceLinkedRoleErrorException}
@@ -200,6 +201,21 @@ module Aws::WAFV2
       end
     end
 
+    class WAFLogDestinationPermissionIssueException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::WAFV2::Types::WAFLogDestinationPermissionIssueException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
     class WAFNonexistentItemException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-wafv2/types.rb

@@ -5563,11 +5563,18 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
-    # Defines an association between Amazon Kinesis Data Firehose
-    # destinations and a web ACL resource, for logging from WAF. As part of
-    # the association, you can specify parts of the standard logging fields
-    # to keep out of the logs and you can specify filters so that you log
-    # only a subset of the logging records.
+    # Defines an association between logging destinations and a web ACL
+    # resource, for logging from WAF. As part of the association, you can
+    # specify parts of the standard logging fields to keep out of the logs
+    # and you can specify filters so that you log only a subset of the
+    # logging records.
+    #
+    # For information about configuring web ACL logging destinations, see
+    # [Logging web ACL traffic information][1] in the *WAF Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/logging.html
     #
     # @note When making an API call, you may pass LoggingConfiguration
     #   data as a hash:
@@ -5632,14 +5639,14 @@ module Aws::WAFV2
     #   @return [String]
     #
     # @!attribute [rw] log_destination_configs
-    #   The Amazon Kinesis Data Firehose Amazon Resource Name (ARNs) that
+    #   The Amazon Resource Names (ARNs) of the logging destinations that
     #   you want to associate with the web ACL.
     #   @return [Array<String>]
     #
     # @!attribute [rw] redacted_fields
     #   The parts of the request that you want to keep out of the logs. For
     #   example, if you redact the `SingleHeader` field, the `HEADER` field
-    #   in the firehose will be `xxx`.
+    #   in the logs will be `xxx`.
     #
     #   <note markdown="1"> You can specify only the following fields for redaction: `UriPath`,
     #   `QueryString`, `SingleHeader`, `Method`, and `JsonBody`.
@@ -12940,6 +12947,25 @@ module Aws::WAFV2
       include Aws::Structure
     end
 
+    # The operation failed because you don't have the permissions that your
+    # logging configuration requires. For information, see [Logging web ACL
+    # traffic information][1] in the *WAF Developer Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/waf/latest/developerguide/logging.html
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/wafv2-2019-07-29/WAFLogDestinationPermissionIssueException AWS API Documentation
+    #
+    class WAFLogDestinationPermissionIssueException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # WAF couldn’t perform the operation because your resource doesn’t
     # exist.
     #

data/lib/aws-sdk-wafv2.rb

@@ -48,6 +48,6 @@ require_relative 'aws-sdk-wafv2/customizations'
 # @!group service
 module Aws::WAFV2
 
-  GEM_VERSION = '1.30.0'
+  GEM_VERSION = '1.31.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-wafv2
 version: !ruby/object:Gem::Version
-  version: 1.30.0
+  version: 1.31.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-11-08 00:00:00.000000000 Z
+date: 2021-11-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core