@aws-sdk/client-wafv2 3.303.0 → 3.305.0

package/README.md

@@ -39,7 +39,7 @@ Guide</a>.</p>
 <ul>
 <li>
 <p>For regional applications, you can use any of the endpoints in the list.
-A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service. </p>
+A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. </p>
 </li>
 <li>
 <p>For Amazon CloudFront applications, you must use the API endpoint listed for

package/dist-cjs/endpoint/ruleset.js

@@ -1,7 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ruleSet = void 0;
-const s = "required", t = "fn", u = "argv", v = "ref";
-const a = "isSet", b = "tree", c = "error", d = "endpoint", e = "PartitionResult", f = "stringEquals", g = { [s]: false, "type": "String" }, h = { [s]: true, "default": false, "type": "Boolean" }, i = { [v]: "Endpoint" }, j = { [t]: "booleanEquals", [u]: [{ [v]: "UseFIPS" }, true] }, k = { [t]: "booleanEquals", [u]: [{ [v]: "UseDualStack" }, true] }, l = {}, m = { [v]: "Region" }, n = { [t]: "booleanEquals", [u]: [true, { [t]: "getAttr", [u]: [{ [v]: e }, "supportsFIPS"] }] }, o = { [t]: "booleanEquals", [u]: [true, { [t]: "getAttr", [u]: [{ [v]: e }, "supportsDualStack"] }] }, p = [j], q = [k], r = [m];
-const _data = { version: "1.0", parameters: { Region: g, UseDualStack: h, UseFIPS: h, Endpoint: g }, rules: [{ conditions: [{ [t]: a, [u]: [i] }], type: b, rules: [{ conditions: p, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: c }, { type: b, rules: [{ conditions: q, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: c }, { endpoint: { url: i, properties: l, headers: l }, type: d }] }] }, { type: b, rules: [{ conditions: [{ [t]: a, [u]: r }], type: b, rules: [{ conditions: [{ [t]: "aws.partition", [u]: r, assign: e }], type: b, rules: [{ conditions: [j, k], type: b, rules: [{ conditions: [n, o], type: b, rules: [{ type: b, rules: [{ endpoint: { url: "https://wafv2-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: l, headers: l }, type: d }] }] }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: c }] }, { conditions: p, type: b, rules: [{ conditions: [n], type: b, rules: [{ type: b, rules: [{ endpoint: { url: "https://wafv2-fips.{Region}.{PartitionResult#dnsSuffix}", properties: l, headers: l }, type: d }] }] }, { error: "FIPS is enabled but this partition does not support FIPS", type: c }] }, { conditions: q, type: b, rules: [{ conditions: [o], type: b, rules: [{ type: b, rules: [{ endpoint: { url: "https://wafv2.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: l, headers: l }, type: d }] }] }, { error: "DualStack is enabled but this partition does not support DualStack", type: c }] }, { type: b, rules: [{ conditions: [{ [t]: f, [u]: [m, "af-south-1"] }], endpoint: { url: "https://wafv2.af-south-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "ap-east-1"] }], endpoint: { url: "https://wafv2.ap-east-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "ap-northeast-1"] }], endpoint: { url: "https://wafv2.ap-northeast-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "ap-northeast-2"] }], endpoint: { url: "https://wafv2.ap-northeast-2.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "ap-northeast-3"] }], endpoint: { url: "https://wafv2.ap-northeast-3.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "ap-south-1"] }], endpoint: { url: "https://wafv2.ap-south-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "ap-southeast-1"] }], endpoint: { url: "https://wafv2.ap-southeast-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "ap-southeast-2"] }], endpoint: { url: "https://wafv2.ap-southeast-2.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "ap-southeast-3"] }], endpoint: { url: "https://wafv2.ap-southeast-3.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "ca-central-1"] }], endpoint: { url: "https://wafv2.ca-central-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "eu-central-1"] }], endpoint: { url: "https://wafv2.eu-central-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "eu-north-1"] }], endpoint: { url: "https://wafv2.eu-north-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "eu-south-1"] }], endpoint: { url: "https://wafv2.eu-south-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "eu-west-1"] }], endpoint: { url: "https://wafv2.eu-west-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "eu-west-2"] }], endpoint: { url: "https://wafv2.eu-west-2.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "eu-west-3"] }], endpoint: { url: "https://wafv2.eu-west-3.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "me-south-1"] }], endpoint: { url: "https://wafv2.me-south-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "sa-east-1"] }], endpoint: { url: "https://wafv2.sa-east-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "us-east-1"] }], endpoint: { url: "https://wafv2.us-east-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "us-east-2"] }], endpoint: { url: "https://wafv2.us-east-2.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "us-west-1"] }], endpoint: { url: "https://wafv2.us-west-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "us-west-2"] }], endpoint: { url: "https://wafv2.us-west-2.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "cn-north-1"] }], endpoint: { url: "https://wafv2.cn-north-1.amazonaws.com.cn", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "cn-northwest-1"] }], endpoint: { url: "https://wafv2.cn-northwest-1.amazonaws.com.cn", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "us-gov-east-1"] }], endpoint: { url: "https://wafv2.us-gov-east-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "us-gov-west-1"] }], endpoint: { url: "https://wafv2.us-gov-west-1.amazonaws.com", properties: l, headers: l }, type: d }, { endpoint: { url: "https://wafv2.{Region}.{PartitionResult#dnsSuffix}", properties: l, headers: l }, type: d }] }] }] }, { error: "Invalid Configuration: Missing Region", type: c }] }] };
+const q = "required", r = "fn", s = "argv", t = "ref";
+const a = "isSet", b = "tree", c = "error", d = "endpoint", e = "PartitionResult", f = { [q]: false, "type": "String" }, g = { [q]: true, "default": false, "type": "Boolean" }, h = { [t]: "Endpoint" }, i = { [r]: "booleanEquals", [s]: [{ [t]: "UseFIPS" }, true] }, j = { [r]: "booleanEquals", [s]: [{ [t]: "UseDualStack" }, true] }, k = {}, l = { [r]: "booleanEquals", [s]: [true, { [r]: "getAttr", [s]: [{ [t]: e }, "supportsFIPS"] }] }, m = { [r]: "booleanEquals", [s]: [true, { [r]: "getAttr", [s]: [{ [t]: e }, "supportsDualStack"] }] }, n = [i], o = [j], p = [{ [t]: "Region" }];
+const _data = { version: "1.0", parameters: { Region: f, UseDualStack: g, UseFIPS: g, Endpoint: f }, rules: [{ conditions: [{ [r]: a, [s]: [h] }], type: b, rules: [{ conditions: n, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: c }, { type: b, rules: [{ conditions: o, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: c }, { endpoint: { url: h, properties: k, headers: k }, type: d }] }] }, { type: b, rules: [{ conditions: [{ [r]: a, [s]: p }], type: b, rules: [{ conditions: [{ [r]: "aws.partition", [s]: p, assign: e }], type: b, rules: [{ conditions: [i, j], type: b, rules: [{ conditions: [l, m], type: b, rules: [{ type: b, rules: [{ endpoint: { url: "https://wafv2-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: k, headers: k }, type: d }] }] }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: c }] }, { conditions: n, type: b, rules: [{ conditions: [l], type: b, rules: [{ type: b, rules: [{ endpoint: { url: "https://wafv2-fips.{Region}.{PartitionResult#dnsSuffix}", properties: k, headers: k }, type: d }] }] }, { error: "FIPS is enabled but this partition does not support FIPS", type: c }] }, { conditions: o, type: b, rules: [{ conditions: [m], type: b, rules: [{ type: b, rules: [{ endpoint: { url: "https://wafv2.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: k, headers: k }, type: d }] }] }, { error: "DualStack is enabled but this partition does not support DualStack", type: c }] }, { type: b, rules: [{ endpoint: { url: "https://wafv2.{Region}.{PartitionResult#dnsSuffix}", properties: k, headers: k }, type: d }] }] }] }, { error: "Invalid Configuration: Missing Region", type: c }] }] };
 exports.ruleSet = _data;

package/dist-cjs/models/models_0.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.WAFInvalidPermissionPolicyException = exports.WAFServiceLinkedRoleErrorException = exports.WAFLogDestinationPermissionIssueException = exports.ResourceType = exports.FailureReason = exports.FilterRequirement = exports.FilterBehavior = exports.Platform = exports.WAFAssociatedItemException = exports.WAFConfigurationWarningException = exports.ResponseContentType = exports.WAFTagOperationInternalErrorException = exports.WAFTagOperationException = exports.WAFOptimisticLockException = exports.WAFDuplicateItemException = exports.IPAddressVersion = exports.WAFSubscriptionNotFoundException = exports.WAFLimitsExceededException = exports.WAFInvalidResourceException = exports.WAFExpiredManagedRuleGroupVersionException = exports.Scope = exports.WAFUnavailableEntityException = exports.WAFNonexistentItemException = exports.WAFInvalidParameterException = exports.ParameterExceptionField = exports.WAFInvalidOperationException = exports.WAFInternalErrorException = exports.SensitivityLevel = exports.ComparisonOperator = exports.RateBasedStatementAggregateKeyType = exports.InspectionLevel = exports.PayloadType = exports.LabelMatchScope = exports.ForwardedIPPosition = exports.FallbackBehavior = exports.CountryCode = exports.TextTransformationType = exports.PositionalConstraint = exports.JsonMatchScope = exports.BodyParsingFallbackBehavior = exports.MapMatchScope = exports.OversizeHandling = exports.ActionValue = void 0;
+exports.WAFInvalidPermissionPolicyException = exports.WAFServiceLinkedRoleErrorException = exports.WAFLogDestinationPermissionIssueException = exports.ResourceType = exports.FailureReason = exports.FilterRequirement = exports.FilterBehavior = exports.Platform = exports.WAFAssociatedItemException = exports.WAFConfigurationWarningException = exports.ResponseContentType = exports.WAFTagOperationInternalErrorException = exports.WAFTagOperationException = exports.WAFOptimisticLockException = exports.WAFDuplicateItemException = exports.IPAddressVersion = exports.WAFSubscriptionNotFoundException = exports.WAFLimitsExceededException = exports.WAFInvalidResourceException = exports.WAFExpiredManagedRuleGroupVersionException = exports.Scope = exports.SizeInspectionLimit = exports.WAFUnavailableEntityException = exports.WAFNonexistentItemException = exports.WAFInvalidParameterException = exports.ParameterExceptionField = exports.WAFInvalidOperationException = exports.WAFInternalErrorException = exports.AssociatedResourceType = exports.SensitivityLevel = exports.ComparisonOperator = exports.RateBasedStatementAggregateKeyType = exports.InspectionLevel = exports.PayloadType = exports.LabelMatchScope = exports.ForwardedIPPosition = exports.FallbackBehavior = exports.CountryCode = exports.TextTransformationType = exports.PositionalConstraint = exports.JsonMatchScope = exports.BodyParsingFallbackBehavior = exports.MapMatchScope = exports.OversizeHandling = exports.ActionValue = void 0;
 const WAFV2ServiceException_1 = require("./WAFV2ServiceException");
 exports.ActionValue = {
     ALLOW: "ALLOW",
@@ -349,6 +349,9 @@ exports.SensitivityLevel = {
     HIGH: "HIGH",
     LOW: "LOW",
 };
+exports.AssociatedResourceType = {
+    CLOUDFRONT: "CLOUDFRONT",
+};
 class WAFInternalErrorException extends WAFV2ServiceException_1.WAFV2ServiceException {
     constructor(opts) {
         super({
@@ -380,6 +383,7 @@ exports.WAFInvalidOperationException = WAFInvalidOperationException;
 exports.ParameterExceptionField = {
     AND_STATEMENT: "AND_STATEMENT",
     ASSOCIABLE_RESOURCE: "ASSOCIABLE_RESOURCE",
+    ASSOCIATED_RESOURCE_TYPE: "ASSOCIATED_RESOURCE_TYPE",
     ATP_RULE_SET_RESPONSE_INSPECTION: "ATP_RULE_SET_RESPONSE_INSPECTION",
     BODY_PARSING_FALLBACK_BEHAVIOR: "BODY_PARSING_FALLBACK_BEHAVIOR",
     BYTE_MATCH_STATEMENT: "BYTE_MATCH_STATEMENT",
@@ -489,6 +493,12 @@ class WAFUnavailableEntityException extends WAFV2ServiceException_1.WAFV2Service
     }
 }
 exports.WAFUnavailableEntityException = WAFUnavailableEntityException;
+exports.SizeInspectionLimit = {
+    KB_16: "KB_16",
+    KB_32: "KB_32",
+    KB_48: "KB_48",
+    KB_64: "KB_64",
+};
 exports.Scope = {
     CLOUDFRONT: "CLOUDFRONT",
     REGIONAL: "REGIONAL",

package/dist-cjs/protocols/Aws_json1_1.js

@@ -2963,6 +2963,11 @@ const serializeAws_json1_1AssociateWebACLRequest = (input, context) => {
         ...(input.WebACLArn != null && { WebACLArn: input.WebACLArn }),
     };
 };
+const serializeAws_json1_1AssociationConfig = (input, context) => {
+    return {
+        ...(input.RequestBody != null && { RequestBody: serializeAws_json1_1RequestBody(input.RequestBody, context) }),
+    };
+};
 const serializeAws_json1_1AWSManagedRulesATPRuleSet = (input, context) => {
     return {
         ...(input.LoginPath != null && { LoginPath: input.LoginPath }),
@@ -3132,6 +3137,9 @@ const serializeAws_json1_1CreateRuleGroupRequest = (input, context) => {
 };
 const serializeAws_json1_1CreateWebACLRequest = (input, context) => {
     return {
+        ...(input.AssociationConfig != null && {
+            AssociationConfig: serializeAws_json1_1AssociationConfig(input.AssociationConfig, context),
+        }),
         ...(input.CaptchaConfig != null && {
             CaptchaConfig: serializeAws_json1_1CaptchaConfig(input.CaptchaConfig, context),
         }),
@@ -3761,6 +3769,20 @@ const serializeAws_json1_1RegularExpressionList = (input, context) => {
         return serializeAws_json1_1Regex(entry, context);
     });
 };
+const serializeAws_json1_1RequestBody = (input, context) => {
+    return Object.entries(input).reduce((acc, [key, value]) => {
+        if (value === null) {
+            return acc;
+        }
+        acc[key] = serializeAws_json1_1RequestBodyAssociatedResourceTypeConfig(value, context);
+        return acc;
+    }, {});
+};
+const serializeAws_json1_1RequestBodyAssociatedResourceTypeConfig = (input, context) => {
+    return {
+        ...(input.DefaultSizeInspectionLimit != null && { DefaultSizeInspectionLimit: input.DefaultSizeInspectionLimit }),
+    };
+};
 const serializeAws_json1_1RequestInspection = (input, context) => {
     return {
         ...(input.PasswordField != null && {
@@ -4130,6 +4152,9 @@ const serializeAws_json1_1UpdateRuleGroupRequest = (input, context) => {
 };
 const serializeAws_json1_1UpdateWebACLRequest = (input, context) => {
     return {
+        ...(input.AssociationConfig != null && {
+            AssociationConfig: serializeAws_json1_1AssociationConfig(input.AssociationConfig, context),
+        }),
         ...(input.CaptchaConfig != null && {
             CaptchaConfig: serializeAws_json1_1CaptchaConfig(input.CaptchaConfig, context),
         }),
@@ -4218,6 +4243,11 @@ const deserializeAws_json1_1AndStatement = (output, context) => {
 const deserializeAws_json1_1AssociateWebACLResponse = (output, context) => {
     return {};
 };
+const deserializeAws_json1_1AssociationConfig = (output, context) => {
+    return {
+        RequestBody: output.RequestBody != null ? deserializeAws_json1_1RequestBody(output.RequestBody, context) : undefined,
+    };
+};
 const deserializeAws_json1_1AWSManagedRulesATPRuleSet = (output, context) => {
     return {
         LoginPath: (0, smithy_client_1.expectString)(output.LoginPath),
@@ -5258,6 +5288,20 @@ const deserializeAws_json1_1ReleaseSummary = (output, context) => {
         Timestamp: output.Timestamp != null ? (0, smithy_client_1.expectNonNull)((0, smithy_client_1.parseEpochTimestamp)((0, smithy_client_1.expectNumber)(output.Timestamp))) : undefined,
     };
 };
+const deserializeAws_json1_1RequestBody = (output, context) => {
+    return Object.entries(output).reduce((acc, [key, value]) => {
+        if (value === null) {
+            return acc;
+        }
+        acc[key] = deserializeAws_json1_1RequestBodyAssociatedResourceTypeConfig(value, context);
+        return acc;
+    }, {});
+};
+const deserializeAws_json1_1RequestBodyAssociatedResourceTypeConfig = (output, context) => {
+    return {
+        DefaultSizeInspectionLimit: (0, smithy_client_1.expectString)(output.DefaultSizeInspectionLimit),
+    };
+};
 const deserializeAws_json1_1RequestInspection = (output, context) => {
     return {
         PasswordField: output.PasswordField != null ? deserializeAws_json1_1PasswordField(output.PasswordField, context) : undefined,
@@ -5857,6 +5901,9 @@ const deserializeAws_json1_1WAFUnavailableEntityException = (output, context) =>
 const deserializeAws_json1_1WebACL = (output, context) => {
     return {
         ARN: (0, smithy_client_1.expectString)(output.ARN),
+        AssociationConfig: output.AssociationConfig != null
+            ? deserializeAws_json1_1AssociationConfig(output.AssociationConfig, context)
+            : undefined,
         Capacity: (0, smithy_client_1.expectLong)(output.Capacity),
         CaptchaConfig: output.CaptchaConfig != null ? deserializeAws_json1_1CaptchaConfig(output.CaptchaConfig, context) : undefined,
         ChallengeConfig: output.ChallengeConfig != null

package/dist-es/endpoint/ruleset.js

@@ -1,4 +1,4 @@
-const s = "required", t = "fn", u = "argv", v = "ref";
-const a = "isSet", b = "tree", c = "error", d = "endpoint", e = "PartitionResult", f = "stringEquals", g = { [s]: false, "type": "String" }, h = { [s]: true, "default": false, "type": "Boolean" }, i = { [v]: "Endpoint" }, j = { [t]: "booleanEquals", [u]: [{ [v]: "UseFIPS" }, true] }, k = { [t]: "booleanEquals", [u]: [{ [v]: "UseDualStack" }, true] }, l = {}, m = { [v]: "Region" }, n = { [t]: "booleanEquals", [u]: [true, { [t]: "getAttr", [u]: [{ [v]: e }, "supportsFIPS"] }] }, o = { [t]: "booleanEquals", [u]: [true, { [t]: "getAttr", [u]: [{ [v]: e }, "supportsDualStack"] }] }, p = [j], q = [k], r = [m];
-const _data = { version: "1.0", parameters: { Region: g, UseDualStack: h, UseFIPS: h, Endpoint: g }, rules: [{ conditions: [{ [t]: a, [u]: [i] }], type: b, rules: [{ conditions: p, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: c }, { type: b, rules: [{ conditions: q, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: c }, { endpoint: { url: i, properties: l, headers: l }, type: d }] }] }, { type: b, rules: [{ conditions: [{ [t]: a, [u]: r }], type: b, rules: [{ conditions: [{ [t]: "aws.partition", [u]: r, assign: e }], type: b, rules: [{ conditions: [j, k], type: b, rules: [{ conditions: [n, o], type: b, rules: [{ type: b, rules: [{ endpoint: { url: "https://wafv2-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: l, headers: l }, type: d }] }] }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: c }] }, { conditions: p, type: b, rules: [{ conditions: [n], type: b, rules: [{ type: b, rules: [{ endpoint: { url: "https://wafv2-fips.{Region}.{PartitionResult#dnsSuffix}", properties: l, headers: l }, type: d }] }] }, { error: "FIPS is enabled but this partition does not support FIPS", type: c }] }, { conditions: q, type: b, rules: [{ conditions: [o], type: b, rules: [{ type: b, rules: [{ endpoint: { url: "https://wafv2.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: l, headers: l }, type: d }] }] }, { error: "DualStack is enabled but this partition does not support DualStack", type: c }] }, { type: b, rules: [{ conditions: [{ [t]: f, [u]: [m, "af-south-1"] }], endpoint: { url: "https://wafv2.af-south-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "ap-east-1"] }], endpoint: { url: "https://wafv2.ap-east-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "ap-northeast-1"] }], endpoint: { url: "https://wafv2.ap-northeast-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "ap-northeast-2"] }], endpoint: { url: "https://wafv2.ap-northeast-2.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "ap-northeast-3"] }], endpoint: { url: "https://wafv2.ap-northeast-3.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "ap-south-1"] }], endpoint: { url: "https://wafv2.ap-south-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "ap-southeast-1"] }], endpoint: { url: "https://wafv2.ap-southeast-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "ap-southeast-2"] }], endpoint: { url: "https://wafv2.ap-southeast-2.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "ap-southeast-3"] }], endpoint: { url: "https://wafv2.ap-southeast-3.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "ca-central-1"] }], endpoint: { url: "https://wafv2.ca-central-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "eu-central-1"] }], endpoint: { url: "https://wafv2.eu-central-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "eu-north-1"] }], endpoint: { url: "https://wafv2.eu-north-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "eu-south-1"] }], endpoint: { url: "https://wafv2.eu-south-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "eu-west-1"] }], endpoint: { url: "https://wafv2.eu-west-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "eu-west-2"] }], endpoint: { url: "https://wafv2.eu-west-2.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "eu-west-3"] }], endpoint: { url: "https://wafv2.eu-west-3.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "me-south-1"] }], endpoint: { url: "https://wafv2.me-south-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "sa-east-1"] }], endpoint: { url: "https://wafv2.sa-east-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "us-east-1"] }], endpoint: { url: "https://wafv2.us-east-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "us-east-2"] }], endpoint: { url: "https://wafv2.us-east-2.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "us-west-1"] }], endpoint: { url: "https://wafv2.us-west-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "us-west-2"] }], endpoint: { url: "https://wafv2.us-west-2.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "cn-north-1"] }], endpoint: { url: "https://wafv2.cn-north-1.amazonaws.com.cn", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "cn-northwest-1"] }], endpoint: { url: "https://wafv2.cn-northwest-1.amazonaws.com.cn", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "us-gov-east-1"] }], endpoint: { url: "https://wafv2.us-gov-east-1.amazonaws.com", properties: l, headers: l }, type: d }, { conditions: [{ [t]: f, [u]: [m, "us-gov-west-1"] }], endpoint: { url: "https://wafv2.us-gov-west-1.amazonaws.com", properties: l, headers: l }, type: d }, { endpoint: { url: "https://wafv2.{Region}.{PartitionResult#dnsSuffix}", properties: l, headers: l }, type: d }] }] }] }, { error: "Invalid Configuration: Missing Region", type: c }] }] };
+const q = "required", r = "fn", s = "argv", t = "ref";
+const a = "isSet", b = "tree", c = "error", d = "endpoint", e = "PartitionResult", f = { [q]: false, "type": "String" }, g = { [q]: true, "default": false, "type": "Boolean" }, h = { [t]: "Endpoint" }, i = { [r]: "booleanEquals", [s]: [{ [t]: "UseFIPS" }, true] }, j = { [r]: "booleanEquals", [s]: [{ [t]: "UseDualStack" }, true] }, k = {}, l = { [r]: "booleanEquals", [s]: [true, { [r]: "getAttr", [s]: [{ [t]: e }, "supportsFIPS"] }] }, m = { [r]: "booleanEquals", [s]: [true, { [r]: "getAttr", [s]: [{ [t]: e }, "supportsDualStack"] }] }, n = [i], o = [j], p = [{ [t]: "Region" }];
+const _data = { version: "1.0", parameters: { Region: f, UseDualStack: g, UseFIPS: g, Endpoint: f }, rules: [{ conditions: [{ [r]: a, [s]: [h] }], type: b, rules: [{ conditions: n, error: "Invalid Configuration: FIPS and custom endpoint are not supported", type: c }, { type: b, rules: [{ conditions: o, error: "Invalid Configuration: Dualstack and custom endpoint are not supported", type: c }, { endpoint: { url: h, properties: k, headers: k }, type: d }] }] }, { type: b, rules: [{ conditions: [{ [r]: a, [s]: p }], type: b, rules: [{ conditions: [{ [r]: "aws.partition", [s]: p, assign: e }], type: b, rules: [{ conditions: [i, j], type: b, rules: [{ conditions: [l, m], type: b, rules: [{ type: b, rules: [{ endpoint: { url: "https://wafv2-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: k, headers: k }, type: d }] }] }, { error: "FIPS and DualStack are enabled, but this partition does not support one or both", type: c }] }, { conditions: n, type: b, rules: [{ conditions: [l], type: b, rules: [{ type: b, rules: [{ endpoint: { url: "https://wafv2-fips.{Region}.{PartitionResult#dnsSuffix}", properties: k, headers: k }, type: d }] }] }, { error: "FIPS is enabled but this partition does not support FIPS", type: c }] }, { conditions: o, type: b, rules: [{ conditions: [m], type: b, rules: [{ type: b, rules: [{ endpoint: { url: "https://wafv2.{Region}.{PartitionResult#dualStackDnsSuffix}", properties: k, headers: k }, type: d }] }] }, { error: "DualStack is enabled but this partition does not support DualStack", type: c }] }, { type: b, rules: [{ endpoint: { url: "https://wafv2.{Region}.{PartitionResult#dnsSuffix}", properties: k, headers: k }, type: d }] }] }] }, { error: "Invalid Configuration: Missing Region", type: c }] }] };
 export const ruleSet = _data;

package/dist-es/models/models_0.js

@@ -346,6 +346,9 @@ export const SensitivityLevel = {
     HIGH: "HIGH",
     LOW: "LOW",
 };
+export const AssociatedResourceType = {
+    CLOUDFRONT: "CLOUDFRONT",
+};
 export class WAFInternalErrorException extends __BaseException {
     constructor(opts) {
         super({
@@ -375,6 +378,7 @@ export class WAFInvalidOperationException extends __BaseException {
 export const ParameterExceptionField = {
     AND_STATEMENT: "AND_STATEMENT",
     ASSOCIABLE_RESOURCE: "ASSOCIABLE_RESOURCE",
+    ASSOCIATED_RESOURCE_TYPE: "ASSOCIATED_RESOURCE_TYPE",
     ATP_RULE_SET_RESPONSE_INSPECTION: "ATP_RULE_SET_RESPONSE_INSPECTION",
     BODY_PARSING_FALLBACK_BEHAVIOR: "BODY_PARSING_FALLBACK_BEHAVIOR",
     BYTE_MATCH_STATEMENT: "BYTE_MATCH_STATEMENT",
@@ -481,6 +485,12 @@ export class WAFUnavailableEntityException extends __BaseException {
         this.Message = opts.Message;
     }
 }
+export const SizeInspectionLimit = {
+    KB_16: "KB_16",
+    KB_32: "KB_32",
+    KB_48: "KB_48",
+    KB_64: "KB_64",
+};
 export const Scope = {
     CLOUDFRONT: "CLOUDFRONT",
     REGIONAL: "REGIONAL",

package/dist-es/protocols/Aws_json1_1.js

@@ -2863,6 +2863,11 @@ const serializeAws_json1_1AssociateWebACLRequest = (input, context) => {
         ...(input.WebACLArn != null && { WebACLArn: input.WebACLArn }),
     };
 };
+const serializeAws_json1_1AssociationConfig = (input, context) => {
+    return {
+        ...(input.RequestBody != null && { RequestBody: serializeAws_json1_1RequestBody(input.RequestBody, context) }),
+    };
+};
 const serializeAws_json1_1AWSManagedRulesATPRuleSet = (input, context) => {
     return {
         ...(input.LoginPath != null && { LoginPath: input.LoginPath }),
@@ -3032,6 +3037,9 @@ const serializeAws_json1_1CreateRuleGroupRequest = (input, context) => {
 };
 const serializeAws_json1_1CreateWebACLRequest = (input, context) => {
     return {
+        ...(input.AssociationConfig != null && {
+            AssociationConfig: serializeAws_json1_1AssociationConfig(input.AssociationConfig, context),
+        }),
         ...(input.CaptchaConfig != null && {
             CaptchaConfig: serializeAws_json1_1CaptchaConfig(input.CaptchaConfig, context),
         }),
@@ -3661,6 +3669,20 @@ const serializeAws_json1_1RegularExpressionList = (input, context) => {
         return serializeAws_json1_1Regex(entry, context);
     });
 };
+const serializeAws_json1_1RequestBody = (input, context) => {
+    return Object.entries(input).reduce((acc, [key, value]) => {
+        if (value === null) {
+            return acc;
+        }
+        acc[key] = serializeAws_json1_1RequestBodyAssociatedResourceTypeConfig(value, context);
+        return acc;
+    }, {});
+};
+const serializeAws_json1_1RequestBodyAssociatedResourceTypeConfig = (input, context) => {
+    return {
+        ...(input.DefaultSizeInspectionLimit != null && { DefaultSizeInspectionLimit: input.DefaultSizeInspectionLimit }),
+    };
+};
 const serializeAws_json1_1RequestInspection = (input, context) => {
     return {
         ...(input.PasswordField != null && {
@@ -4030,6 +4052,9 @@ const serializeAws_json1_1UpdateRuleGroupRequest = (input, context) => {
 };
 const serializeAws_json1_1UpdateWebACLRequest = (input, context) => {
     return {
+        ...(input.AssociationConfig != null && {
+            AssociationConfig: serializeAws_json1_1AssociationConfig(input.AssociationConfig, context),
+        }),
         ...(input.CaptchaConfig != null && {
             CaptchaConfig: serializeAws_json1_1CaptchaConfig(input.CaptchaConfig, context),
         }),
@@ -4118,6 +4143,11 @@ const deserializeAws_json1_1AndStatement = (output, context) => {
 const deserializeAws_json1_1AssociateWebACLResponse = (output, context) => {
     return {};
 };
+const deserializeAws_json1_1AssociationConfig = (output, context) => {
+    return {
+        RequestBody: output.RequestBody != null ? deserializeAws_json1_1RequestBody(output.RequestBody, context) : undefined,
+    };
+};
 const deserializeAws_json1_1AWSManagedRulesATPRuleSet = (output, context) => {
     return {
         LoginPath: __expectString(output.LoginPath),
@@ -5158,6 +5188,20 @@ const deserializeAws_json1_1ReleaseSummary = (output, context) => {
         Timestamp: output.Timestamp != null ? __expectNonNull(__parseEpochTimestamp(__expectNumber(output.Timestamp))) : undefined,
     };
 };
+const deserializeAws_json1_1RequestBody = (output, context) => {
+    return Object.entries(output).reduce((acc, [key, value]) => {
+        if (value === null) {
+            return acc;
+        }
+        acc[key] = deserializeAws_json1_1RequestBodyAssociatedResourceTypeConfig(value, context);
+        return acc;
+    }, {});
+};
+const deserializeAws_json1_1RequestBodyAssociatedResourceTypeConfig = (output, context) => {
+    return {
+        DefaultSizeInspectionLimit: __expectString(output.DefaultSizeInspectionLimit),
+    };
+};
 const deserializeAws_json1_1RequestInspection = (output, context) => {
     return {
         PasswordField: output.PasswordField != null ? deserializeAws_json1_1PasswordField(output.PasswordField, context) : undefined,
@@ -5757,6 +5801,9 @@ const deserializeAws_json1_1WAFUnavailableEntityException = (output, context) =>
 const deserializeAws_json1_1WebACL = (output, context) => {
     return {
         ARN: __expectString(output.ARN),
+        AssociationConfig: output.AssociationConfig != null
+            ? deserializeAws_json1_1AssociationConfig(output.AssociationConfig, context)
+            : undefined,
         Capacity: __expectLong(output.Capacity),
         CaptchaConfig: output.CaptchaConfig != null ? deserializeAws_json1_1CaptchaConfig(output.CaptchaConfig, context) : undefined,
         ChallengeConfig: output.ChallengeConfig != null

package/dist-types/WAFV2.d.ts

@@ -79,7 +79,7 @@ import { WAFV2Client } from "./WAFV2Client";
  *          <ul>
  *             <li>
  *                <p>For regional applications, you can use any of the endpoints in the list.
- *                A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service. </p>
+ *                A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. </p>
  *             </li>
  *             <li>
  *                <p>For Amazon CloudFront applications, you must use the API endpoint listed for
@@ -113,10 +113,10 @@ export declare class WAFV2 extends WAFV2Client {
     /**
      * @public
      * <p>Associates a web ACL with a regional application resource, to protect the resource.
-     *          A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     *          A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To
      *          associate a web ACL, in the CloudFront call <code>UpdateDistribution</code>, set the web ACL ID
-     *          to the Amazon Resource Name (ARN) of the web ACL. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>.</p>
+     *          to the Amazon Resource Name (ARN) of the web ACL. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a> in the <i>Amazon CloudFront Developer Guide</i>. </p>
      *          <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>
      */
     associateWebACL(args: AssociateWebACLCommandInput, options?: __HttpHandlerOptions): Promise<AssociateWebACLCommandOutput>;
@@ -134,8 +134,8 @@ export declare class WAFV2 extends WAFV2Client {
      *          Simple rules that cost little to run use fewer WCUs than more complex rules
      * 				that use more processing power.
      * 				Rule group capacity is fixed at creation, which helps users plan their
-     *          web ACL WCU usage when they use a rule group.
-     *          The WCU limit for web ACLs is 1,500.  </p>
+     *          web ACL WCU usage when they use a rule group. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html">WAF web ACL capacity units (WCU)</a>
+     *     in the <i>WAF Developer Guide</i>. </p>
      */
     checkCapacity(args: CheckCapacityCommandInput, options?: __HttpHandlerOptions): Promise<CheckCapacityCommandOutput>;
     checkCapacity(args: CheckCapacityCommandInput, cb: (err: any, data?: CheckCapacityCommandOutput) => void): void;
@@ -169,7 +169,7 @@ export declare class WAFV2 extends WAFV2Client {
     /**
      * @public
      * <p>Creates a <a>WebACL</a> per the specifications provided.</p>
-     *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.  </p>
+     *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      */
     createWebACL(args: CreateWebACLCommandInput, options?: __HttpHandlerOptions): Promise<CreateWebACLCommandOutput>;
     createWebACL(args: CreateWebACLCommandInput, cb: (err: any, data?: CreateWebACLCommandOutput) => void): void;
@@ -236,7 +236,8 @@ export declare class WAFV2 extends WAFV2Client {
      *                      </li>
      *                      <li>
      *                         <p>For Amazon CloudFront distributions, use the CloudFront call
-     *                            <code>ListDistributionsByWebACLId</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributionsByWebACLId.html">ListDistributionsByWebACLId</a>.</p>
+     *                            <code>ListDistributionsByWebACLId</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributionsByWebACLId.html">ListDistributionsByWebACLId</a>
+     *                                in the <i>Amazon CloudFront API Reference</i>. </p>
      *                      </li>
      *                   </ul>
      *                </li>
@@ -248,7 +249,8 @@ export declare class WAFV2 extends WAFV2Client {
      *                      </li>
      *                      <li>
      *                         <p>For Amazon CloudFront distributions, provide an empty web ACL ID in the CloudFront call
-     *                            <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>.</p>
+     *                            <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>
+     *                                in the <i>Amazon CloudFront API Reference</i>. </p>
      *                      </li>
      *                   </ul>
      *                </li>
@@ -269,10 +271,10 @@ export declare class WAFV2 extends WAFV2Client {
     /**
      * @public
      * <p>Disassociates the specified regional application resource from any existing web ACL
-     *          association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     *          association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To
      *          disassociate a web ACL, provide an empty web ACL ID in the CloudFront call
-     *             <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>.</p>
+     *             <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a> in the <i>Amazon CloudFront API Reference</i>. </p>
      */
     disassociateWebACL(args: DisassociateWebACLCommandInput, options?: __HttpHandlerOptions): Promise<DisassociateWebACLCommandOutput>;
     disassociateWebACL(args: DisassociateWebACLCommandInput, cb: (err: any, data?: DisassociateWebACLCommandOutput) => void): void;
@@ -713,7 +715,7 @@ export declare class WAFV2 extends WAFV2Client {
      *             </ol>
      *          </note>
      *          <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>
-     *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.  </p>
+     *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      */
     updateWebACL(args: UpdateWebACLCommandInput, options?: __HttpHandlerOptions): Promise<UpdateWebACLCommandOutput>;
     updateWebACL(args: UpdateWebACLCommandInput, cb: (err: any, data?: UpdateWebACLCommandOutput) => void): void;

package/dist-types/WAFV2Client.d.ts

@@ -220,7 +220,7 @@ export interface WAFV2ClientResolvedConfig extends WAFV2ClientResolvedConfigType
  *          <ul>
  *             <li>
  *                <p>For regional applications, you can use any of the endpoints in the list.
- *                A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service. </p>
+ *                A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. </p>
  *             </li>
  *             <li>
  *                <p>For Amazon CloudFront applications, you must use the API endpoint listed for

package/dist-types/commands/AssociateWebACLCommand.d.ts

@@ -20,10 +20,10 @@ export interface AssociateWebACLCommandOutput extends AssociateWebACLResponse, _
 /**
  * @public
  * <p>Associates a web ACL with a regional application resource, to protect the resource.
- *          A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+ *          A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
  *          <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To
  *          associate a web ACL, in the CloudFront call <code>UpdateDistribution</code>, set the web ACL ID
- *          to the Amazon Resource Name (ARN) of the web ACL. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>.</p>
+ *          to the Amazon Resource Name (ARN) of the web ACL. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a> in the <i>Amazon CloudFront Developer Guide</i>. </p>
  *          <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

package/dist-types/commands/CheckCapacityCommand.d.ts

@@ -29,8 +29,8 @@ export interface CheckCapacityCommandOutput extends CheckCapacityResponse, __Met
  *          Simple rules that cost little to run use fewer WCUs than more complex rules
  * 				that use more processing power.
  * 				Rule group capacity is fixed at creation, which helps users plan their
- *          web ACL WCU usage when they use a rule group.
- *          The WCU limit for web ACLs is 1,500.  </p>
+ *          web ACL WCU usage when they use a rule group. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html">WAF web ACL capacity units (WCU)</a>
+ *     in the <i>WAF Developer Guide</i>. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/CreateWebACLCommand.d.ts

@@ -20,7 +20,7 @@ export interface CreateWebACLCommandOutput extends CreateWebACLResponse, __Metad
 /**
  * @public
  * <p>Creates a <a>WebACL</a> per the specifications provided.</p>
- *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.  </p>
+ *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -786,6 +786,13 @@ export interface CreateWebACLCommandOutput extends CreateWebACLResponse, __Metad
  *   TokenDomains: [ // TokenDomains
  *     "STRING_VALUE",
  *   ],
+ *   AssociationConfig: { // AssociationConfig
+ *     RequestBody: { // RequestBody
+ *       "<keys>": { // RequestBodyAssociatedResourceTypeConfig
+ *         DefaultSizeInspectionLimit: "KB_16" || "KB_32" || "KB_48" || "KB_64", // required
+ *       },
+ *     },
+ *   },
  * };
  * const command = new CreateWebACLCommand(input);
  * const response = await client.send(command);

package/dist-types/commands/DeleteWebACLCommand.d.ts

@@ -34,7 +34,8 @@ export interface DeleteWebACLCommandOutput extends DeleteWebACLResponse, __Metad
  *                      </li>
  *                      <li>
  *                         <p>For Amazon CloudFront distributions, use the CloudFront call
- *                            <code>ListDistributionsByWebACLId</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributionsByWebACLId.html">ListDistributionsByWebACLId</a>.</p>
+ *                            <code>ListDistributionsByWebACLId</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributionsByWebACLId.html">ListDistributionsByWebACLId</a>
+ *                                in the <i>Amazon CloudFront API Reference</i>. </p>
  *                      </li>
  *                   </ul>
  *                </li>
@@ -46,7 +47,8 @@ export interface DeleteWebACLCommandOutput extends DeleteWebACLResponse, __Metad
  *                      </li>
  *                      <li>
  *                         <p>For Amazon CloudFront distributions, provide an empty web ACL ID in the CloudFront call
- *                            <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>.</p>
+ *                            <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>
+ *                                in the <i>Amazon CloudFront API Reference</i>. </p>
  *                      </li>
  *                   </ul>
  *                </li>

package/dist-types/commands/DisassociateWebACLCommand.d.ts

@@ -20,10 +20,10 @@ export interface DisassociateWebACLCommandOutput extends DisassociateWebACLRespo
 /**
  * @public
  * <p>Disassociates the specified regional application resource from any existing web ACL
- *          association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+ *          association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
  *          <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To
  *          disassociate a web ACL, provide an empty web ACL ID in the CloudFront call
- *             <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>.</p>
+ *             <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a> in the <i>Amazon CloudFront API Reference</i>. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/PutPermissionPolicyCommand.d.ts

@@ -86,7 +86,7 @@ export interface PutPermissionPolicyCommandOutput extends PutPermissionPolicyRes
  *          <p>The policy specifications must conform to the following:</p>
  *          <ul>
  *             <li>
- *                <p>The policy must be composed using IAM Policy version 2012-10-17 or version 2015-01-01.</p>
+ *                <p>The policy must be composed using IAM Policy version 2012-10-17.</p>
  *             </li>
  *             <li>
  *                <p>The policy must include specifications for <code>Effect</code>, <code>Action</code>, and <code>Principal</code>.</p>

package/dist-types/commands/UpdateWebACLCommand.d.ts

@@ -38,7 +38,7 @@ export interface UpdateWebACLCommandOutput extends UpdateWebACLResponse, __Metad
  *             </ol>
  *          </note>
  *          <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>
- *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.  </p>
+ *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -800,6 +800,13 @@ export interface UpdateWebACLCommandOutput extends UpdateWebACLResponse, __Metad
  *   TokenDomains: [ // TokenDomains
  *     "STRING_VALUE",
  *   ],
+ *   AssociationConfig: { // AssociationConfig
+ *     RequestBody: { // RequestBody
+ *       "<keys>": { // RequestBodyAssociatedResourceTypeConfig
+ *         DefaultSizeInspectionLimit: "KB_16" || "KB_32" || "KB_48" || "KB_64", // required
+ *       },
+ *     },
+ *   },
  * };
  * const command = new UpdateWebACLCommand(input);
  * const response = await client.send(command);