@aws-sdk/client-wafv2 3.226.0 → 3.231.0

package/dist-cjs/endpoint/ruleset.js

@@ -6,7 +6,7 @@ exports.ruleSet = {
     parameters: {
         Region: {
             builtIn: "AWS::Region",
-            required: false,
+            required: true,
             documentation: "The AWS region used to dispatch the request.",
             type: "String",
         },
@@ -56,15 +56,6 @@ exports.ruleSet = {
                                 },
                             ],
                         },
-                        {
-                            fn: "parseURL",
-                            argv: [
-                                {
-                                    ref: "Endpoint",
-                                },
-                            ],
-                            assign: "url",
-                        },
                     ],
                     type: "tree",
                     rules: [

package/dist-cjs/runtimeConfig.browser.js

@@ -7,8 +7,8 @@ const sha256_browser_1 = require("@aws-crypto/sha256-browser");
 const config_resolver_1 = require("@aws-sdk/config-resolver");
 const fetch_http_handler_1 = require("@aws-sdk/fetch-http-handler");
 const invalid_dependency_1 = require("@aws-sdk/invalid-dependency");
-const middleware_retry_1 = require("@aws-sdk/middleware-retry");
 const util_body_length_browser_1 = require("@aws-sdk/util-body-length-browser");
+const util_retry_1 = require("@aws-sdk/util-retry");
 const util_user_agent_browser_1 = require("@aws-sdk/util-user-agent-browser");
 const util_utf8_browser_1 = require("@aws-sdk/util-utf8-browser");
 const runtimeConfig_shared_1 = require("./runtimeConfig.shared");
@@ -27,10 +27,10 @@ const getRuntimeConfig = (config) => {
         credentialDefaultProvider: config?.credentialDefaultProvider ?? ((_) => () => Promise.reject(new Error("Credential is missing"))),
         defaultUserAgentProvider: config?.defaultUserAgentProvider ??
             (0, util_user_agent_browser_1.defaultUserAgent)({ serviceId: clientSharedValues.serviceId, clientVersion: package_json_1.default.version }),
-        maxAttempts: config?.maxAttempts ?? middleware_retry_1.DEFAULT_MAX_ATTEMPTS,
+        maxAttempts: config?.maxAttempts ?? util_retry_1.DEFAULT_MAX_ATTEMPTS,
         region: config?.region ?? (0, invalid_dependency_1.invalidProvider)("Region is missing"),
         requestHandler: config?.requestHandler ?? new fetch_http_handler_1.FetchHttpHandler(defaultConfigProvider),
-        retryMode: config?.retryMode ?? (async () => (await defaultConfigProvider()).retryMode || middleware_retry_1.DEFAULT_RETRY_MODE),
+        retryMode: config?.retryMode ?? (async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE),
         sha256: config?.sha256 ?? sha256_browser_1.Sha256,
         streamCollector: config?.streamCollector ?? fetch_http_handler_1.streamCollector,
         useDualstackEndpoint: config?.useDualstackEndpoint ?? (() => Promise.resolve(config_resolver_1.DEFAULT_USE_DUALSTACK_ENDPOINT)),

package/dist-cjs/runtimeConfig.js

@@ -11,6 +11,7 @@ const middleware_retry_1 = require("@aws-sdk/middleware-retry");
 const node_config_provider_1 = require("@aws-sdk/node-config-provider");
 const node_http_handler_1 = require("@aws-sdk/node-http-handler");
 const util_body_length_node_1 = require("@aws-sdk/util-body-length-node");
+const util_retry_1 = require("@aws-sdk/util-retry");
 const util_user_agent_node_1 = require("@aws-sdk/util-user-agent-node");
 const util_utf8_node_1 = require("@aws-sdk/util-utf8-node");
 const runtimeConfig_shared_1 = require("./runtimeConfig.shared");
@@ -37,7 +38,7 @@ const getRuntimeConfig = (config) => {
         retryMode: config?.retryMode ??
             (0, node_config_provider_1.loadConfig)({
                 ...middleware_retry_1.NODE_RETRY_MODE_CONFIG_OPTIONS,
-                default: async () => (await defaultConfigProvider()).retryMode || middleware_retry_1.DEFAULT_RETRY_MODE,
+                default: async () => (await defaultConfigProvider()).retryMode || util_retry_1.DEFAULT_RETRY_MODE,
             }),
         sha256: config?.sha256 ?? hash_node_1.Hash.bind(null, "sha256"),
         streamCollector: config?.streamCollector ?? node_http_handler_1.streamCollector,

package/dist-es/endpoint/ruleset.js

@@ -3,7 +3,7 @@ export const ruleSet = {
     parameters: {
         Region: {
             builtIn: "AWS::Region",
-            required: false,
+            required: true,
             documentation: "The AWS region used to dispatch the request.",
             type: "String",
         },
@@ -53,15 +53,6 @@ export const ruleSet = {
                                 },
                             ],
                         },
-                        {
-                            fn: "parseURL",
-                            argv: [
-                                {
-                                    ref: "Endpoint",
-                                },
-                            ],
-                            assign: "url",
-                        },
                     ],
                     type: "tree",
                     rules: [

package/dist-es/runtimeConfig.browser.js

@@ -3,8 +3,8 @@ import { Sha256 } from "@aws-crypto/sha256-browser";
 import { DEFAULT_USE_DUALSTACK_ENDPOINT, DEFAULT_USE_FIPS_ENDPOINT } from "@aws-sdk/config-resolver";
 import { FetchHttpHandler as RequestHandler, streamCollector } from "@aws-sdk/fetch-http-handler";
 import { invalidProvider } from "@aws-sdk/invalid-dependency";
-import { DEFAULT_MAX_ATTEMPTS, DEFAULT_RETRY_MODE } from "@aws-sdk/middleware-retry";
 import { calculateBodyLength } from "@aws-sdk/util-body-length-browser";
+import { DEFAULT_MAX_ATTEMPTS, DEFAULT_RETRY_MODE } from "@aws-sdk/util-retry";
 import { defaultUserAgent } from "@aws-sdk/util-user-agent-browser";
 import { fromUtf8, toUtf8 } from "@aws-sdk/util-utf8-browser";
 import { getRuntimeConfig as getSharedRuntimeConfig } from "./runtimeConfig.shared";

package/dist-es/runtimeConfig.js

@@ -3,10 +3,11 @@ import { decorateDefaultCredentialProvider } from "@aws-sdk/client-sts";
 import { NODE_REGION_CONFIG_FILE_OPTIONS, NODE_REGION_CONFIG_OPTIONS, NODE_USE_DUALSTACK_ENDPOINT_CONFIG_OPTIONS, NODE_USE_FIPS_ENDPOINT_CONFIG_OPTIONS, } from "@aws-sdk/config-resolver";
 import { defaultProvider as credentialDefaultProvider } from "@aws-sdk/credential-provider-node";
 import { Hash } from "@aws-sdk/hash-node";
-import { DEFAULT_RETRY_MODE, NODE_MAX_ATTEMPT_CONFIG_OPTIONS, NODE_RETRY_MODE_CONFIG_OPTIONS, } from "@aws-sdk/middleware-retry";
+import { NODE_MAX_ATTEMPT_CONFIG_OPTIONS, NODE_RETRY_MODE_CONFIG_OPTIONS } from "@aws-sdk/middleware-retry";
 import { loadConfig as loadNodeConfig } from "@aws-sdk/node-config-provider";
 import { NodeHttpHandler as RequestHandler, streamCollector } from "@aws-sdk/node-http-handler";
 import { calculateBodyLength } from "@aws-sdk/util-body-length-node";
+import { DEFAULT_RETRY_MODE } from "@aws-sdk/util-retry";
 import { defaultUserAgent } from "@aws-sdk/util-user-agent-node";
 import { fromUtf8, toUtf8 } from "@aws-sdk/util-utf8-node";
 import { getRuntimeConfig as getSharedRuntimeConfig } from "./runtimeConfig.shared";

package/dist-types/WAFV2.d.ts

@@ -116,7 +116,6 @@ export declare class WAFV2 extends WAFV2Client {
      *          <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To
      *          associate a web ACL, in the CloudFront call <code>UpdateDistribution</code>, set the web ACL ID
      *          to the Amazon Resource Name (ARN) of the web ACL. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>.</p>
-     *
      *          <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>
      */
     associateWebACL(args: AssociateWebACLCommandInput, options?: __HttpHandlerOptions): Promise<AssociateWebACLCommandOutput>;
@@ -465,9 +464,10 @@ export declare class WAFV2 extends WAFV2Client {
      *          steps:</p>
      *          <ol>
      *             <li>
-     *                <p>Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose.
-     *                  For information about configuring logging destinations and the permissions that are required for each, see
-     *                  <a href="https://docs.aws.amazon.com/waf/latest/developerguide/logging.html">Logging web ACL traffic information</a>
+     *                <p>Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose. </p>
+     *                <p>The name that you give the destination must start with <code>aws-waf-logs-</code>. Depending on the type of destination, you might need to configure additional settings or permissions. </p>
+     *                <p>For configuration requirements and pricing information for each destination type, see
+     *                  <a href="https://docs.aws.amazon.com/waf/latest/developerguide/logging.html">Logging web ACL traffic</a>
      *                  in the <i>WAF Developer Guide</i>.</p>
      *             </li>
      *             <li>
@@ -555,7 +555,6 @@ export declare class WAFV2 extends WAFV2Client {
      *          <note>
      *             <p>This operation completely replaces the mutable specifications that you already have for the IP set with the ones that you provide to this call. To modify the IP set, retrieve it by calling <a>GetIPSet</a>, update the settings as needed, and then provide the complete IP set specification to this call.</p>
      *          </note>
-     *
      *          <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>
      */
     updateIPSet(args: UpdateIPSetCommandInput, options?: __HttpHandlerOptions): Promise<UpdateIPSetCommandOutput>;
@@ -578,7 +577,6 @@ export declare class WAFV2 extends WAFV2Client {
      *          <note>
      *             <p>This operation completely replaces the mutable specifications that you already have for the regex pattern set with the ones that you provide to this call. To modify the regex pattern set, retrieve it by calling <a>GetRegexPatternSet</a>, update the settings as needed, and then provide the complete regex pattern set specification to this call.</p>
      *          </note>
-     *
      *          <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>
      */
     updateRegexPatternSet(args: UpdateRegexPatternSetCommandInput, options?: __HttpHandlerOptions): Promise<UpdateRegexPatternSetCommandOutput>;
@@ -589,7 +587,6 @@ export declare class WAFV2 extends WAFV2Client {
      *          <note>
      *             <p>This operation completely replaces the mutable specifications that you already have for the rule group with the ones that you provide to this call. To modify the rule group, retrieve it by calling <a>GetRuleGroup</a>, update the settings as needed, and then provide the complete rule group specification to this call.</p>
      *          </note>
-     *
      *          <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>
      *          <p> A rule group defines a collection of rules to inspect and control web requests that you can use in a <a>WebACL</a>. When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements. </p>
      */
@@ -599,7 +596,6 @@ export declare class WAFV2 extends WAFV2Client {
     /**
      * <p>Updates the specified <a>WebACL</a>. While updating a web ACL, WAF provides
      *          continuous coverage to the resources that you have associated with the web ACL. </p>
-     *
      *          <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>
      *          <note>
      *             <p>This operation completely replaces the mutable specifications that you already have for the web ACL with the ones that you provide to this call. To modify the web ACL, retrieve it by calling <a>GetWebACL</a>, update the settings as needed, and then provide the complete web ACL specification to this call.</p>

package/dist-types/commands/AssociateWebACLCommand.d.ts

@@ -13,7 +13,6 @@ export interface AssociateWebACLCommandOutput extends AssociateWebACLResponse, _
  *          <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To
  *          associate a web ACL, in the CloudFront call <code>UpdateDistribution</code>, set the web ACL ID
  *          to the Amazon Resource Name (ARN) of the web ACL. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>.</p>
- *
  *          <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

package/dist-types/commands/PutLoggingConfigurationCommand.d.ts

@@ -17,9 +17,10 @@ export interface PutLoggingConfigurationCommandOutput extends PutLoggingConfigur
  *          steps:</p>
  *          <ol>
  *             <li>
- *                <p>Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose.
- *                  For information about configuring logging destinations and the permissions that are required for each, see
- *                  <a href="https://docs.aws.amazon.com/waf/latest/developerguide/logging.html">Logging web ACL traffic information</a>
+ *                <p>Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose. </p>
+ *                <p>The name that you give the destination must start with <code>aws-waf-logs-</code>. Depending on the type of destination, you might need to configure additional settings or permissions. </p>
+ *                <p>For configuration requirements and pricing information for each destination type, see
+ *                  <a href="https://docs.aws.amazon.com/waf/latest/developerguide/logging.html">Logging web ACL traffic</a>
  *                  in the <i>WAF Developer Guide</i>.</p>
  *             </li>
  *             <li>

package/dist-types/commands/UpdateIPSetCommand.d.ts

@@ -12,7 +12,6 @@ export interface UpdateIPSetCommandOutput extends UpdateIPSetResponse, __Metadat
  *          <note>
  *             <p>This operation completely replaces the mutable specifications that you already have for the IP set with the ones that you provide to this call. To modify the IP set, retrieve it by calling <a>GetIPSet</a>, update the settings as needed, and then provide the complete IP set specification to this call.</p>
  *          </note>
- *
  *          <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

package/dist-types/commands/UpdateRegexPatternSetCommand.d.ts

@@ -12,7 +12,6 @@ export interface UpdateRegexPatternSetCommandOutput extends UpdateRegexPatternSe
  *          <note>
  *             <p>This operation completely replaces the mutable specifications that you already have for the regex pattern set with the ones that you provide to this call. To modify the regex pattern set, retrieve it by calling <a>GetRegexPatternSet</a>, update the settings as needed, and then provide the complete regex pattern set specification to this call.</p>
  *          </note>
- *
  *          <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

package/dist-types/commands/UpdateRuleGroupCommand.d.ts

@@ -12,7 +12,6 @@ export interface UpdateRuleGroupCommandOutput extends UpdateRuleGroupResponse, _
  *          <note>
  *             <p>This operation completely replaces the mutable specifications that you already have for the rule group with the ones that you provide to this call. To modify the rule group, retrieve it by calling <a>GetRuleGroup</a>, update the settings as needed, and then provide the complete rule group specification to this call.</p>
  *          </note>
- *
  *          <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>
  *          <p> A rule group defines a collection of rules to inspect and control web requests that you can use in a <a>WebACL</a>. When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements. </p>
  * @example

package/dist-types/commands/UpdateWebACLCommand.d.ts

@@ -10,7 +10,6 @@ export interface UpdateWebACLCommandOutput extends UpdateWebACLResponse, __Metad
 /**
  * <p>Updates the specified <a>WebACL</a>. While updating a web ACL, WAF provides
  *          continuous coverage to the resources that you have associated with the web ACL. </p>
- *
  *          <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>
  *          <note>
  *             <p>This operation completely replaces the mutable specifications that you already have for the web ACL with the ones that you provide to this call. To modify the web ACL, retrieve it by calling <a>GetWebACL</a>, update the settings as needed, and then provide the complete web ACL specification to this call.</p>

package/dist-types/endpoint/EndpointParameters.d.ts

@@ -12,7 +12,7 @@ export declare const resolveClientEndpointParameters: <T>(options: T & ClientInp
     defaultSigningName: string;
 };
 export interface EndpointParameters extends __EndpointParameters {
-    Region?: string;
+    Region: string;
     UseDualStack?: boolean;
     UseFIPS?: boolean;
     Endpoint?: string;

package/dist-types/models/models_0.d.ts

@@ -1115,12 +1115,9 @@ export declare enum FallbackBehavior {
 }
 /**
  * <p>The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name. </p>
- *
  *          <note>
  *             <p>If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.</p>
  *          </note>
- *
- *
  *          <p>This configuration is used for <a>GeoMatchStatement</a> and <a>RateBasedStatement</a>. For <a>IPSetReferenceStatement</a>, use <a>IPSetForwardedIPConfig</a> instead. </p>
  *          <p>WAF only evaluates the first IP address found in the specified HTTP header.
  *       </p>
@@ -1128,7 +1125,6 @@ export declare enum FallbackBehavior {
 export interface ForwardedIPConfig {
     /**
      * <p>The name of the HTTP header to use for the IP address. For example, to use the X-Forwarded-For (XFF) header, set this to <code>X-Forwarded-For</code>.</p>
-     *
      *          <note>
      *             <p>If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.</p>
      *          </note>
@@ -1136,11 +1132,9 @@ export interface ForwardedIPConfig {
     HeaderName: string | undefined;
     /**
      * <p>The match status to assign to the web request if the request doesn't have a valid IP address in the specified position.</p>
-     *
      *          <note>
      *             <p>If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.</p>
      *          </note>
-     *
      *          <p>You can specify the following fallback behaviors:</p>
      *          <ul>
      *             <li>
@@ -1179,7 +1173,6 @@ export interface GeoMatchStatement {
     CountryCodes?: (CountryCode | string)[];
     /**
      * <p>The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name. </p>
-     *
      *          <note>
      *             <p>If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.</p>
      *          </note>
@@ -1193,18 +1186,14 @@ export declare enum ForwardedIPPosition {
 }
 /**
  * <p>The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name. </p>
- *
  *          <note>
  *             <p>If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.</p>
  *          </note>
- *
- *
  *          <p>This configuration is used only for <a>IPSetReferenceStatement</a>. For <a>GeoMatchStatement</a> and <a>RateBasedStatement</a>, use <a>ForwardedIPConfig</a> instead. </p>
  */
 export interface IPSetForwardedIPConfig {
     /**
      * <p>The name of the HTTP header to use for the IP address. For example, to use the X-Forwarded-For (XFF) header, set this to <code>X-Forwarded-For</code>.</p>
-     *
      *          <note>
      *             <p>If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.</p>
      *          </note>
@@ -1212,11 +1201,9 @@ export interface IPSetForwardedIPConfig {
     HeaderName: string | undefined;
     /**
      * <p>The match status to assign to the web request if the request doesn't have a valid IP address in the specified position.</p>
-     *
      *          <note>
      *             <p>If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.</p>
      *          </note>
-     *
      *          <p>You can specify the following fallback behaviors:</p>
      *          <ul>
      *             <li>
@@ -1265,7 +1252,6 @@ export interface IPSetReferenceStatement {
     ARN: string | undefined;
     /**
      * <p>The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name. </p>
-     *
      *          <note>
      *             <p>If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.</p>
      *          </note>
@@ -1440,23 +1426,23 @@ export interface BlockAction {
  *                <p>If the request includes a valid, unexpired <code>CAPTCHA</code> token,
  *                WAF applies any custom request handling and labels that you've configured and then allows the web request inspection to
  *                proceed to the next rule, similar to a <code>CountAction</code>. </p>
- *            </li>
+ *             </li>
  *             <li>
  *                <p>If the request doesn't include a valid, unexpired token, WAF
  *                    discontinues the web ACL evaluation of the request and blocks it from going to its intended destination.</p>
  *                <p>WAF generates a response that it sends back to the client, which includes the following: </p>
  *                <ul>
  *                   <li>
- *                        <p>The header <code>x-amzn-waf-action</code> with a value of <code>captcha</code>. </p>
- *                    </li>
+ *                      <p>The header <code>x-amzn-waf-action</code> with a value of <code>captcha</code>. </p>
+ *                   </li>
  *                   <li>
- *                        <p>The HTTP status code <code>405 Method Not Allowed</code>. </p>
- *                    </li>
+ *                      <p>The HTTP status code <code>405 Method Not Allowed</code>. </p>
+ *                   </li>
  *                   <li>
- *                        <p>If the request contains an <code>Accept</code> header with a value of <code>text/html</code>, the response includes a <code>CAPTCHA</code> JavaScript page interstitial. </p>
- *                    </li>
+ *                      <p>If the request contains an <code>Accept</code> header with a value of <code>text/html</code>, the response includes a <code>CAPTCHA</code> JavaScript page interstitial. </p>
+ *                   </li>
  *                </ul>
- *            </li>
+ *             </li>
  *          </ul>
  *          <p>You can configure the expiration time
  *                in the <code>CaptchaConfig</code>
@@ -1485,14 +1471,14 @@ export interface CaptchaAction {
  *                <p>WAF then generates a challenge response that it sends back to the client, which includes the following: </p>
  *                <ul>
  *                   <li>
- *                        <p>The header <code>x-amzn-waf-action</code> with a value of <code>challenge</code>. </p>
- *                    </li>
+ *                      <p>The header <code>x-amzn-waf-action</code> with a value of <code>challenge</code>. </p>
+ *                   </li>
  *                   <li>
- *                        <p>The HTTP status code <code>202 Request Accepted</code>. </p>
- *                    </li>
+ *                      <p>The HTTP status code <code>202 Request Accepted</code>. </p>
+ *                   </li>
  *                   <li>
- *                        <p>If the request contains an <code>Accept</code> header with a value of <code>text/html</code>, the response includes a JavaScript page interstitial with a challenge script. </p>
- *                    </li>
+ *                      <p>If the request contains an <code>Accept</code> header with a value of <code>text/html</code>, the response includes a JavaScript page interstitial with a challenge script. </p>
+ *                   </li>
  *                </ul>
  *                <p>Challenges run silent browser interrogations in the background, and don't generally affect the end user experience. </p>
  *                <p>A challenge enforces token acquisition using an interstitial JavaScript challenge that inspects the client session for legitimate behavior. The challenge blocks bots or at least increases the cost of operating sophisticated bots. </p>
@@ -1724,7 +1710,6 @@ export interface AssociateWebACLRequest {
     WebACLArn: string | undefined;
     /**
      * <p>The Amazon Resource Name (ARN) of the resource to associate with the web ACL. </p>
-     *
      *          <p>The ARN must be in one of the following formats:</p>
      *          <ul>
      *             <li>
@@ -2724,7 +2709,6 @@ export interface DescribeManagedRuleGroupResponse {
      *                <p>
      *                   <code><label namespace>:<label from rule></code>
      *                </p>
-     *
      *             </li>
      *          </ul>
      */
@@ -2741,7 +2725,6 @@ export interface DescribeManagedRuleGroupResponse {
 export interface DisassociateWebACLRequest {
     /**
      * <p>The Amazon Resource Name (ARN) of the resource to disassociate from the web ACL. </p>
-     *
      *          <p>The ARN must be in one of the following formats:</p>
      *          <ul>
      *             <li>
@@ -2979,9 +2962,10 @@ export interface LoggingFilter {
  *          steps:</p>
  *          <ol>
  *             <li>
- *                <p>Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose.
- *                  For information about configuring logging destinations and the permissions that are required for each, see
- *                  <a href="https://docs.aws.amazon.com/waf/latest/developerguide/logging.html">Logging web ACL traffic information</a>
+ *                <p>Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose. </p>
+ *                <p>The name that you give the destination must start with <code>aws-waf-logs-</code>. Depending on the type of destination, you might need to configure additional settings or permissions. </p>
+ *                <p>For configuration requirements and pricing information for each destination type, see
+ *                  <a href="https://docs.aws.amazon.com/waf/latest/developerguide/logging.html">Logging web ACL traffic</a>
  *                  in the <i>WAF Developer Guide</i>.</p>
  *             </li>
  *             <li>
@@ -3080,7 +3064,7 @@ export interface ManagedRuleSetVersion {
     AssociatedRuleGroupArn?: string;
     /**
      * <p>The web ACL capacity units (WCUs) required for this rule group.</p>
-     *           <p>WAF uses WCUs to calculate and control the operating
+     *          <p>WAF uses WCUs to calculate and control the operating
      *          resources that are used to run your rules, rule groups, and web ACLs. WAF
      *          calculates capacity differently for each rule type, to reflect the relative cost of each rule.
      *          Simple rules that cost little to run use fewer WCUs than more complex rules
@@ -3158,7 +3142,6 @@ export interface ManagedRuleSet {
      *                <p>
      *                   <code><label namespace>:<label from rule></code>
      *                </p>
-     *
      *             </li>
      *          </ul>
      */
@@ -3669,7 +3652,6 @@ export interface GetWebACLRequest {
 export interface GetWebACLForResourceRequest {
     /**
      * <p>The Amazon Resource Name (ARN) of the resource whose web ACL you want to retrieve. </p>
-     *
      *          <p>The ARN must be in one of the following formats:</p>
      *          <ul>
      *             <li>
@@ -3970,7 +3952,6 @@ export interface ManagedRuleSetSummary {
      *                <p>
      *                   <code><label namespace>:<label from rule></code>
      *                </p>
-     *
      *             </li>
      *          </ul>
      */
@@ -4344,7 +4325,6 @@ export interface PutPermissionPolicyRequest {
     ResourceArn: string | undefined;
     /**
      * <p>The policy to attach to the specified rule group. </p>
-     *
      *          <p>The policy specifications must conform to the following:</p>
      *          <ul>
      *             <li>
@@ -4375,7 +4355,6 @@ export interface PutPermissionPolicyResponse {
 }
 /**
  * <p>The operation failed because the specified policy isn't in the proper format. </p>
- *
  *          <p>The policy specifications must conform to the following:</p>
  *          <ul>
  *             <li>
@@ -4826,12 +4805,9 @@ export interface RateBasedStatement {
     ScopeDownStatement?: Statement;
     /**
      * <p>The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name. </p>
-     *
      *          <note>
      *             <p>If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.</p>
      *          </note>
-     *
-     *
      *          <p>This is required if <code>AggregateKeyType</code> is set to
      *          <code>FORWARDED_IP</code>.</p>
      */
@@ -4861,7 +4837,7 @@ export interface Rule {
     Statement: Statement | undefined;
     /**
      * <p>The action that WAF should take on a web request when it matches the rule statement. Settings at the web ACL level can override the rule action setting. </p>
-     *         <p>This is used only for rules whose statements do not reference a rule group. Rule statements that reference a rule group include <code>RuleGroupReferenceStatement</code> and <code>ManagedRuleGroupStatement</code>. </p>
+     *          <p>This is used only for rules whose statements do not reference a rule group. Rule statements that reference a rule group include <code>RuleGroupReferenceStatement</code> and <code>ManagedRuleGroupStatement</code>. </p>
      *          <p>You must specify either this <code>Action</code> setting or the rule <code>OverrideAction</code> setting, but not both:</p>
      *          <ul>
      *             <li>
@@ -5036,10 +5012,10 @@ export interface CreateRuleGroupRequest {
     Scope: Scope | string | undefined;
     /**
      * <p>The web ACL capacity units (WCUs) required for this rule group.</p>
-     *           <p>When you create your own rule group, you define this, and you cannot change it after creation.
+     *          <p>When you create your own rule group, you define this, and you cannot change it after creation.
      *           When you add or modify the rules in a rule group, WAF enforces this limit. You can check the capacity
      *           for a set of rules using <a>CheckCapacity</a>.</p>
-     *           <p>WAF uses WCUs to calculate and control the operating
+     *          <p>WAF uses WCUs to calculate and control the operating
      *          resources that are used to run your rules, rule groups, and web ACLs. WAF
      *          calculates capacity differently for each rule type, to reflect the relative cost of each rule.
      *          Simple rules that cost little to run use fewer WCUs than more complex rules
@@ -5139,6 +5115,7 @@ export interface CreateWebACLRequest {
      * <p>Specifies the domains that WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When WAF provides a token, it uses the domain of the Amazon Web Services resource that the web ACL is protecting. If you don't specify a list of token domains, WAF accepts tokens only for the domain of the protected resource. With a token domain list, WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.</p>
      *          <p>Example JSON: <code>"TokenDomains": { "mywebsite.com", "myotherwebsite.com" }</code>
      *          </p>
+     *          <p>Public suffixes aren't allowed. For example, you can't use <code>usa.gov</code> or <code>co.uk</code> as token domains.</p>
      */
     TokenDomains?: string[];
 }
@@ -5156,10 +5133,10 @@ export interface RuleGroup {
     Id: string | undefined;
     /**
      * <p>The web ACL capacity units (WCUs) required for this rule group.</p>
-     *           <p>When you create your own rule group, you define this, and you cannot change it after creation.
+     *          <p>When you create your own rule group, you define this, and you cannot change it after creation.
      *           When you add or modify the rules in a rule group, WAF enforces this limit. You can check the capacity
      *           for a set of rules using <a>CheckCapacity</a>.</p>
-     *           <p>WAF uses WCUs to calculate and control the operating
+     *          <p>WAF uses WCUs to calculate and control the operating
      *          resources that are used to run your rules, rule groups, and web ACLs. WAF
      *          calculates capacity differently for each rule type, to reflect the relative cost of each rule.
      *          Simple rules that cost little to run use fewer WCUs than more complex rules
@@ -5202,7 +5179,6 @@ export interface RuleGroup {
      *                <p>
      *                   <code><label namespace>:<label from rule></code>
      *                </p>
-     *
      *             </li>
      *          </ul>
      */
@@ -5340,6 +5316,7 @@ export interface UpdateWebACLRequest {
      * <p>Specifies the domains that WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When WAF provides a token, it uses the domain of the Amazon Web Services resource that the web ACL is protecting. If you don't specify a list of token domains, WAF accepts tokens only for the domain of the protected resource. With a token domain list, WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.</p>
      *          <p>Example JSON: <code>"TokenDomains": { "mywebsite.com", "myotherwebsite.com" }</code>
      *          </p>
+     *          <p>Public suffixes aren't allowed. For example, you can't use <code>usa.gov</code> or <code>co.uk</code> as token domains.</p>
      */
     TokenDomains?: string[];
 }
@@ -5442,7 +5419,6 @@ export interface WebACL {
      *                <p>
      *                   <code><label namespace>:<label from rule></code>
      *                </p>
-     *
      *             </li>
      *          </ul>
      */

package/dist-types/runtimeConfig.browser.d.ts

@@ -31,7 +31,7 @@ export declare const getRuntimeConfig: (config: WAFV2ClientConfig) => {
         logger?: import("@aws-sdk/types").Logger | undefined;
     }) => import("@aws-sdk/types").EndpointV2;
     tls?: boolean | undefined;
-    retryStrategy?: import("@aws-sdk/types").RetryStrategy | undefined;
+    retryStrategy?: import("@aws-sdk/types").RetryStrategy | import("@aws-sdk/types").RetryStrategyV2 | undefined;
     credentials?: import("@aws-sdk/types").AwsCredentialIdentity | import("@aws-sdk/types").Provider<import("@aws-sdk/types").AwsCredentialIdentity> | undefined;
     signer?: import("@aws-sdk/types").RequestSigner | ((authScheme?: import("@aws-sdk/types").AuthScheme | undefined) => Promise<import("@aws-sdk/types").RequestSigner>) | undefined;
     signingEscapePath?: boolean | undefined;

package/dist-types/runtimeConfig.d.ts

@@ -31,7 +31,7 @@ export declare const getRuntimeConfig: (config: WAFV2ClientConfig) => {
         logger?: import("@aws-sdk/types").Logger | undefined;
     }) => import("@aws-sdk/types").EndpointV2;
     tls?: boolean | undefined;
-    retryStrategy?: import("@aws-sdk/types").RetryStrategy | undefined;
+    retryStrategy?: import("@aws-sdk/types").RetryStrategy | import("@aws-sdk/types").RetryStrategyV2 | undefined;
     credentials?: import("@aws-sdk/types").AwsCredentialIdentity | import("@aws-sdk/types").Provider<import("@aws-sdk/types").AwsCredentialIdentity> | undefined;
     signer?: import("@aws-sdk/types").RequestSigner | ((authScheme?: import("@aws-sdk/types").AuthScheme | undefined) => Promise<import("@aws-sdk/types").RequestSigner>) | undefined;
     signingEscapePath?: boolean | undefined;

package/dist-types/runtimeConfig.native.d.ts

@@ -30,7 +30,7 @@ export declare const getRuntimeConfig: (config: WAFV2ClientConfig) => {
         logger?: import("@aws-sdk/types").Logger | undefined;
     }) => import("@aws-sdk/types").EndpointV2;
     tls?: boolean | undefined;
-    retryStrategy?: import("@aws-sdk/types").RetryStrategy | undefined;
+    retryStrategy?: import("@aws-sdk/types").RetryStrategy | import("@aws-sdk/types").RetryStrategyV2 | undefined;
     credentials?: import("@aws-sdk/types").AwsCredentialIdentity | import("@aws-sdk/types").Provider<import("@aws-sdk/types").AwsCredentialIdentity> | undefined;
     signer?: import("@aws-sdk/types").RequestSigner | ((authScheme?: import("@aws-sdk/types").AuthScheme | undefined) => Promise<import("@aws-sdk/types").RequestSigner>) | undefined;
     signingEscapePath?: boolean | undefined;

package/dist-types/ts3.4/endpoint/EndpointParameters.d.ts

@@ -27,7 +27,7 @@ export declare const resolveClientEndpointParameters: <T>(
     defaultSigningName: string;
   };
 export interface EndpointParameters extends __EndpointParameters {
-  Region?: string;
+  Region: string;
   UseDualStack?: boolean;
   UseFIPS?: boolean;
   Endpoint?: string;

package/dist-types/ts3.4/runtimeConfig.browser.d.ts

@@ -62,7 +62,10 @@ export declare const getRuntimeConfig: (config: WAFV2ClientConfig) => {
     }
   ) => import("@aws-sdk/types").EndpointV2;
   tls?: boolean | undefined;
-  retryStrategy?: import("@aws-sdk/types").RetryStrategy | undefined;
+  retryStrategy?:
+    | import("@aws-sdk/types").RetryStrategy
+    | import("@aws-sdk/types").RetryStrategyV2
+    | undefined;
   credentials?:
     | import("@aws-sdk/types").AwsCredentialIdentity
     | import("@aws-sdk/types").Provider<

package/dist-types/ts3.4/runtimeConfig.d.ts

@@ -62,7 +62,10 @@ export declare const getRuntimeConfig: (config: WAFV2ClientConfig) => {
     }
   ) => import("@aws-sdk/types").EndpointV2;
   tls?: boolean | undefined;
-  retryStrategy?: import("@aws-sdk/types").RetryStrategy | undefined;
+  retryStrategy?:
+    | import("@aws-sdk/types").RetryStrategy
+    | import("@aws-sdk/types").RetryStrategyV2
+    | undefined;
   credentials?:
     | import("@aws-sdk/types").AwsCredentialIdentity
     | import("@aws-sdk/types").Provider<

package/dist-types/ts3.4/runtimeConfig.native.d.ts

@@ -51,7 +51,10 @@ export declare const getRuntimeConfig: (config: WAFV2ClientConfig) => {
     }
   ) => import("@aws-sdk/types").EndpointV2;
   tls?: boolean | undefined;
-  retryStrategy?: import("@aws-sdk/types").RetryStrategy | undefined;
+  retryStrategy?:
+    | import("@aws-sdk/types").RetryStrategy
+    | import("@aws-sdk/types").RetryStrategyV2
+    | undefined;
   credentials?:
     | import("@aws-sdk/types").AwsCredentialIdentity
     | import("@aws-sdk/types").Provider<

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@aws-sdk/client-wafv2",
   "description": "AWS SDK for JavaScript Wafv2 Client for Node.js, Browser and React Native",
-  "version": "3.226.0",
+  "version": "3.231.0",
   "scripts": {
     "build": "concurrently 'yarn:build:cjs' 'yarn:build:es' 'yarn:build:types'",
     "build:cjs": "tsc -p tsconfig.cjs.json",
@@ -19,9 +19,9 @@
   "dependencies": {
     "@aws-crypto/sha256-browser": "2.0.0",
     "@aws-crypto/sha256-js": "2.0.0",
-    "@aws-sdk/client-sts": "3.226.0",
-    "@aws-sdk/config-resolver": "3.226.0",
-    "@aws-sdk/credential-provider-node": "3.226.0",
+    "@aws-sdk/client-sts": "3.231.0",
+    "@aws-sdk/config-resolver": "3.231.0",
+    "@aws-sdk/credential-provider-node": "3.231.0",
     "@aws-sdk/fetch-http-handler": "3.226.0",
     "@aws-sdk/hash-node": "3.226.0",
     "@aws-sdk/invalid-dependency": "3.226.0",
@@ -30,7 +30,7 @@
     "@aws-sdk/middleware-host-header": "3.226.0",
     "@aws-sdk/middleware-logger": "3.226.0",
     "@aws-sdk/middleware-recursion-detection": "3.226.0",
-    "@aws-sdk/middleware-retry": "3.226.0",
+    "@aws-sdk/middleware-retry": "3.229.0",
     "@aws-sdk/middleware-serde": "3.226.0",
     "@aws-sdk/middleware-signing": "3.226.0",
     "@aws-sdk/middleware-stack": "3.226.0",
@@ -45,8 +45,9 @@
     "@aws-sdk/util-body-length-browser": "3.188.0",
     "@aws-sdk/util-body-length-node": "3.208.0",
     "@aws-sdk/util-defaults-mode-browser": "3.226.0",
-    "@aws-sdk/util-defaults-mode-node": "3.226.0",
+    "@aws-sdk/util-defaults-mode-node": "3.231.0",
     "@aws-sdk/util-endpoints": "3.226.0",
+    "@aws-sdk/util-retry": "3.229.0",
     "@aws-sdk/util-user-agent-browser": "3.226.0",
     "@aws-sdk/util-user-agent-node": "3.226.0",
     "@aws-sdk/util-utf8-browser": "3.188.0",