@aws-sdk/client-wafv2 3.303.0 → 3.305.0

package/dist-types/models/models_0.d.ts

@@ -62,14 +62,15 @@ export interface CustomHTTPHeader {
  * <p>Custom request handling behavior that inserts custom headers into a web request. You can
  *       add custom request handling for WAF to use when the rule action doesn't block the request.
  *           For example, <code>CaptchaAction</code> for requests with valid t okens, and <code>AllowAction</code>. </p>
- *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
- *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+ *          <p>For information about customizing web requests and responses,
+ *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+ *     in the <i>WAF Developer Guide</i>. </p>
  */
 export interface CustomRequestHandling {
     /**
      * <p>The HTTP headers to insert into the request. Duplicate header names are not allowed. </p>
-     *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a> in the
-     *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+     *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a>
+     *      in the <i>WAF Developer Guide</i>. </p>
      */
     InsertHeaders: CustomHTTPHeader[] | undefined;
 }
@@ -82,8 +83,9 @@ export interface CustomRequestHandling {
 export interface AllowAction {
     /**
      * <p>Defines custom handling for the web request.</p>
-     *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
-     *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+     *          <p>For information about customizing web requests and responses,
+     *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+     *     in the <i>WAF Developer Guide</i>. </p>
      */
     CustomRequestHandling?: CustomRequestHandling;
 }
@@ -118,9 +120,11 @@ export type OversizeHandling = (typeof OversizeHandling)[keyof typeof OversizeHa
 export interface Body {
     /**
      * <p>What WAF should do if the body is larger than WAF can inspect.
-     *     WAF does not support inspecting the entire contents of the body of a web request
-     *       when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to
-     *     WAF by the underlying host service. </p>
+     *     WAF does not support inspecting the entire contents of the web request body if the body
+     *     exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service
+     *     only forwards the contents that are below the limit to WAF for inspection. </p>
+     *          <p>The default limit is 8 KB (8,192 kilobytes) for regional resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions,
+     *     you can increase the limit in the web ACL <code>AssociationConfig</code>, for additional processing fees. </p>
      *          <p>The options for oversize handling are the following:</p>
      *          <ul>
      *             <li>
@@ -139,7 +143,7 @@ export interface Body {
      *             </li>
      *          </ul>
      *          <p>You can combine the <code>MATCH</code> or <code>NO_MATCH</code>
-     *       settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over 8 KB. </p>
+     *       settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit. </p>
      *          <p>Default: <code>CONTINUE</code>
      *          </p>
      */
@@ -429,9 +433,11 @@ export interface JsonBody {
     InvalidFallbackBehavior?: BodyParsingFallbackBehavior | string;
     /**
      * <p>What WAF should do if the body is larger than WAF can inspect.
-     *     WAF does not support inspecting the entire contents of the body of a web request
-     *       when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to
-     *     WAF by the underlying host service. </p>
+     *     WAF does not support inspecting the entire contents of the web request body if the body
+     *     exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service
+     *     only forwards the contents that are below the limit to WAF for inspection. </p>
+     *          <p>The default limit is 8 KB (8,192 kilobytes) for regional resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions,
+     *     you can increase the limit in the web ACL <code>AssociationConfig</code>, for additional processing fees. </p>
      *          <p>The options for oversize handling are the following:</p>
      *          <ul>
      *             <li>
@@ -450,7 +456,7 @@ export interface JsonBody {
      *             </li>
      *          </ul>
      *          <p>You can combine the <code>MATCH</code> or <code>NO_MATCH</code>
-     *       settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over 8 KB. </p>
+     *       settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit. </p>
      *          <p>Default: <code>CONTINUE</code>
      *          </p>
      */
@@ -571,8 +577,10 @@ export interface FieldToMatch {
      * <p>Inspect the request body as plain text. The request body immediately follows the request
      *          headers. This is the part of a request that contains any additional data that you want to
      *          send to your web server as the HTTP request body, such as data from a form. </p>
-     *          <p>Only the first 8 KB (8192 bytes) of the request body are forwarded to WAF for
-     *          inspection by the underlying host service. For information about how to handle oversized
+     *          <p>A limited amount of the request body is forwarded to WAF for
+     *       inspection by the underlying host service. For regional resources, the limit is 8 KB (8,192 kilobytes) and for CloudFront distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront distributions,
+     *     you can increase the limit in the web ACL's <code>AssociationConfig</code>, for additional processing fees. </p>
+     *          <p>For information about how to handle oversized
      *          request bodies, see the <code>Body</code> object configuration. </p>
      */
     Body?: Body;
@@ -585,8 +593,10 @@ export interface FieldToMatch {
      * <p>Inspect the request body as JSON. The request body immediately follows the request
      *          headers. This is the part of a request that contains any additional data that you want to
      *          send to your web server as the HTTP request body, such as data from a form. </p>
-     *          <p>Only the first 8 KB (8192 bytes) of the request body are forwarded to WAF for
-     *          inspection by the underlying host service. For information about how to handle oversized
+     *          <p>A limited amount of the request body is forwarded to WAF for
+     *       inspection by the underlying host service. For regional resources, the limit is 8 KB (8,192 kilobytes) and for CloudFront distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront distributions,
+     *     you can increase the limit in the web ACL's <code>AssociationConfig</code>, for additional processing fees. </p>
+     *          <p>For information about how to handle oversized
      *          request bodies, see the <code>JsonBody</code> object configuration. </p>
      */
     JsonBody?: JsonBody;
@@ -1692,7 +1702,8 @@ export interface AWSManagedRulesBotControlRuleSet {
     /**
      * <p>The inspection level to use for the Bot Control rule group. The common level is the least expensive. The
      *            targeted level includes all common level rules and adds rules with more advanced inspection criteria. For
-     *    details, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html">WAF Bot Control rule group</a>.</p>
+     *    details, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html">WAF Bot Control rule group</a>
+     *                in the <i>WAF Developer Guide</i>.</p>
      */
     InspectionLevel: InspectionLevel | string | undefined;
 }
@@ -1764,14 +1775,15 @@ export interface ManagedRuleGroupConfig {
  * @public
  * <p>A custom response to send to the client. You can define a custom response for rule
  *          actions and default web ACL actions that are set to <a>BlockAction</a>. </p>
- *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
- *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+ *          <p>For information about customizing web requests and responses,
+ *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+ *     in the <i>WAF Developer Guide</i>. </p>
  */
 export interface CustomResponse {
     /**
      * <p>The HTTP status code to return to the client. </p>
-     *          <p>For a list of status codes that you can use in your custom responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html">Supported status codes for custom response</a> in the
-     *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+     *          <p>For a list of status codes that you can use in your custom responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html">Supported status codes for custom response</a>
+     *      in the <i>WAF Developer Guide</i>. </p>
      */
     ResponseCode: number | undefined;
     /**
@@ -1785,8 +1797,8 @@ export interface CustomResponse {
     CustomResponseBodyKey?: string;
     /**
      * <p>The HTTP headers to use in the response. Duplicate header names are not allowed. </p>
-     *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a> in the
-     *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+     *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a>
+     *      in the <i>WAF Developer Guide</i>. </p>
      */
     ResponseHeaders?: CustomHTTPHeader[];
 }
@@ -1799,8 +1811,9 @@ export interface CustomResponse {
 export interface BlockAction {
     /**
      * <p>Defines a custom response for the web request.</p>
-     *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
-     *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+     *          <p>For information about customizing web requests and responses,
+     *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+     *     in the <i>WAF Developer Guide</i>. </p>
      */
     CustomResponse?: CustomResponse;
 }
@@ -1838,8 +1851,9 @@ export interface BlockAction {
 export interface CaptchaAction {
     /**
      * <p>Defines custom handling for the web request, used when the <code>CAPTCHA</code> inspection determines that the request's token is valid and unexpired.</p>
-     *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
-     *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+     *          <p>For information about customizing web requests and responses,
+     *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+     *     in the <i>WAF Developer Guide</i>. </p>
      */
     CustomRequestHandling?: CustomRequestHandling;
 }
@@ -1881,8 +1895,9 @@ export interface CaptchaAction {
 export interface ChallengeAction {
     /**
      * <p>Defines custom handling for the web request, used when the challenge inspection determines that the request's token is valid and unexpired.</p>
-     *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
-     *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+     *          <p>For information about customizing web requests and responses,
+     *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+     *     in the <i>WAF Developer Guide</i>. </p>
      */
     CustomRequestHandling?: CustomRequestHandling;
 }
@@ -1895,8 +1910,9 @@ export interface ChallengeAction {
 export interface CountAction {
     /**
      * <p>Defines custom handling for the web request.</p>
-     *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
-     *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+     *          <p>For information about customizing web requests and responses,
+     *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+     *     in the <i>WAF Developer Guide</i>. </p>
      */
     CustomRequestHandling?: CustomRequestHandling;
 }
@@ -2039,7 +2055,7 @@ export type ComparisonOperator = (typeof ComparisonOperator)[keyof typeof Compar
 /**
  * @public
  * <p>A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes. </p>
- *          <p>If you configure WAF to inspect the request body, WAF inspects only the first 8192 bytes (8 KB). If the request body for your web requests never exceeds 8192 bytes, you could use a size constraint statement to block requests that have a request body greater than 8192 bytes.</p>
+ *          <p>If you configure WAF to inspect the request body, WAF inspects only the number of bytes of the body up to the limit for the web ACL. By default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes) and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes). For CloudFront web ACLs, you can increase the limit in the web ACL <code>AssociationConfig</code>, for additional fees. If you know that the request body for your web requests should never exceed the inspection limit, you could use a size constraint statement to block requests that have a larger request body size.</p>
  *          <p>If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI <code>/logo.jpg</code> is nine characters long.</p>
  */
 export interface SizeConstraintStatement {
@@ -2122,6 +2138,17 @@ export interface XssMatchStatement {
      */
     TextTransformations: TextTransformation[] | undefined;
 }
+/**
+ * @public
+ * @enum
+ */
+export declare const AssociatedResourceType: {
+    readonly CLOUDFRONT: "CLOUDFRONT";
+};
+/**
+ * @public
+ */
+export type AssociatedResourceType = (typeof AssociatedResourceType)[keyof typeof AssociatedResourceType];
 /**
  * @public
  */
@@ -2136,27 +2163,27 @@ export interface AssociateWebACLRequest {
      *          <p>The ARN must be in one of the following formats:</p>
      *          <ul>
      *             <li>
-     *                <p>For an Application Load Balancer: <code>arn:aws:elasticloadbalancing:<i>region</i>:<i>account-id</i>:loadbalancer/app/<i>load-balancer-name</i>/<i>load-balancer-id</i>
+     *                <p>For an Application Load Balancer: <code>arn:<i>partition</i>:elasticloadbalancing:<i>region</i>:<i>account-id</i>:loadbalancer/app/<i>load-balancer-name</i>/<i>load-balancer-id</i>
      *                   </code>
      *                </p>
      *             </li>
      *             <li>
-     *                <p>For an Amazon API Gateway REST API: <code>arn:aws:apigateway:<i>region</i>::/restapis/<i>api-id</i>/stages/<i>stage-name</i>
+     *                <p>For an Amazon API Gateway REST API: <code>arn:<i>partition</i>:apigateway:<i>region</i>::/restapis/<i>api-id</i>/stages/<i>stage-name</i>
      *                   </code>
      *                </p>
      *             </li>
      *             <li>
-     *                <p>For an AppSync GraphQL API: <code>arn:aws:appsync:<i>region</i>:<i>account-id</i>:apis/<i>GraphQLApiId</i>
+     *                <p>For an AppSync GraphQL API: <code>arn:<i>partition</i>:appsync:<i>region</i>:<i>account-id</i>:apis/<i>GraphQLApiId</i>
      *                   </code>
      *                </p>
      *             </li>
      *             <li>
-     *                <p>For an Amazon Cognito user pool: <code>arn:aws:cognito-idp:<i>region</i>:<i>account-id</i>:userpool/<i>user-pool-id</i>
+     *                <p>For an Amazon Cognito user pool: <code>arn:<i>partition</i>:cognito-idp:<i>region</i>:<i>account-id</i>:userpool/<i>user-pool-id</i>
      *                   </code>
      *                </p>
      *             </li>
      *             <li>
-     *                <p>For an App Runner service: <code>arn:aws:apprunner:<i>region</i>:<i>account-id</i>:service/<i>apprunner-service-name</i>/<i>apprunner-service-id</i>
+     *                <p>For an App Runner service: <code>arn:<i>partition</i>:apprunner:<i>region</i>:<i>account-id</i>:service/<i>apprunner-service-name</i>/<i>apprunner-service-id</i>
      *                   </code>
      *                </p>
      *             </li>
@@ -2203,6 +2230,7 @@ export declare class WAFInvalidOperationException extends __BaseException {
 export declare const ParameterExceptionField: {
     readonly AND_STATEMENT: "AND_STATEMENT";
     readonly ASSOCIABLE_RESOURCE: "ASSOCIABLE_RESOURCE";
+    readonly ASSOCIATED_RESOURCE_TYPE: "ASSOCIATED_RESOURCE_TYPE";
     readonly ATP_RULE_SET_RESPONSE_INSPECTION: "ATP_RULE_SET_RESPONSE_INSPECTION";
     readonly BODY_PARSING_FALLBACK_BEHAVIOR: "BODY_PARSING_FALLBACK_BEHAVIOR";
     readonly BYTE_MATCH_STATEMENT: "BYTE_MATCH_STATEMENT";
@@ -2347,6 +2375,53 @@ export declare class WAFUnavailableEntityException extends __BaseException {
      */
     constructor(opts: __ExceptionOptionType<WAFUnavailableEntityException, __BaseException>);
 }
+/**
+ * @public
+ * @enum
+ */
+export declare const SizeInspectionLimit: {
+    readonly KB_16: "KB_16";
+    readonly KB_32: "KB_32";
+    readonly KB_48: "KB_48";
+    readonly KB_64: "KB_64";
+};
+/**
+ * @public
+ */
+export type SizeInspectionLimit = (typeof SizeInspectionLimit)[keyof typeof SizeInspectionLimit];
+/**
+ * @public
+ * <p>Customizes the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default size is 16 KB (16,384 kilobytes). </p>
+ *          <note>
+ *             <p>You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see <a href="http://aws.amazon.com/waf/pricing/">WAF Pricing</a>.</p>
+ *          </note>
+ *          <p>This is used in the <code>AssociationConfig</code> of the web ACL. </p>
+ */
+export interface RequestBodyAssociatedResourceTypeConfig {
+    /**
+     * <p>Specifies the maximum size of the web request body component that an associated CloudFront distribution should send to WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. </p>
+     *          <p>Default: <code>16 KB (16,384 kilobytes)</code>
+     *          </p>
+     */
+    DefaultSizeInspectionLimit: SizeInspectionLimit | string | undefined;
+}
+/**
+ * @public
+ * <p>Specifies custom configurations for the associations between the web ACL and protected resources.  </p>
+ *          <p>Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes). </p>
+ *          <note>
+ *             <p>You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see <a href="http://aws.amazon.com/waf/pricing/">WAF Pricing</a>.</p>
+ *          </note>
+ */
+export interface AssociationConfig {
+    /**
+     * <p>Customizes the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default size is 16 KB (16,384 kilobytes). </p>
+     *          <note>
+     *             <p>You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see <a href="http://aws.amazon.com/waf/pricing/">WAF Pricing</a>.</p>
+     *          </note>
+     */
+    RequestBody?: Record<string, RequestBodyAssociatedResourceTypeConfig>;
+}
 /**
  * @public
  * <p>Used for CAPTCHA and challenge token settings. Determines
@@ -2443,7 +2518,7 @@ export interface VisibilityConfig {
     /**
      * <p>A boolean indicating whether the associated resource sends metrics to Amazon CloudWatch. For the
      *          list of available metrics, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics">WAF
-     *             Metrics</a>.</p>
+     *             Metrics</a> in the <i>WAF Developer Guide</i>.</p>
      */
     CloudWatchMetricsEnabled: boolean | undefined;
     /**
@@ -2581,7 +2656,7 @@ export interface CreateIPSetRequest {
      */
     Name: string | undefined;
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -2755,7 +2830,7 @@ export interface CreateRegexPatternSetRequest {
      */
     Name: string | undefined;
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -2844,8 +2919,8 @@ export interface CustomResponseBody {
      * <p>The payload of the custom response. </p>
      *          <p>You can use JSON escape strings in JSON content. To do this, you must specify JSON
      *          content in the <code>ContentType</code> setting. </p>
-     *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a> in the
-     *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+     *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a>
+     *      in the <i>WAF Developer Guide</i>. </p>
      */
     Content: string | undefined;
 }
@@ -2989,7 +3064,7 @@ export interface DeleteIPSetRequest {
      */
     Name: string | undefined;
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -3068,7 +3143,7 @@ export interface DeleteRegexPatternSetRequest {
      */
     Name: string | undefined;
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -3103,7 +3178,7 @@ export interface DeleteRuleGroupRequest {
      */
     Name: string | undefined;
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -3138,7 +3213,7 @@ export interface DeleteWebACLRequest {
      */
     Name: string | undefined;
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -3177,7 +3252,7 @@ export interface DescribeManagedRuleGroupRequest {
      */
     Name: string | undefined;
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -3249,12 +3324,15 @@ export interface DescribeManagedRuleGroupResponse {
      */
     SnsTopicArn?: string;
     /**
-     * <p>The web ACL capacity units (WCUs) required for this rule group. WAF uses web ACL
-     *          capacity units (WCU) to calculate and control the operating resources that are used to run
-     *          your rules, rule groups, and web ACLs. WAF calculates capacity differently for each rule
-     *          type, to reflect each rule's relative cost. Rule group capacity is fixed at creation, so
-     *          users can plan their web ACL WCU usage when they use a rule group. The WCU limit for web
-     *          ACLs is 1,500. </p>
+     * <p>The web ACL capacity units (WCUs) required for this rule group.</p>
+     *          <p>WAF uses WCUs to calculate and control the operating
+     *          resources that are used to run your rules, rule groups, and web ACLs. WAF
+     *          calculates capacity differently for each rule type, to reflect the relative cost of each rule.
+     *          Simple rules that cost little to run use fewer WCUs than more complex rules
+     * 				that use more processing power.
+     * 				Rule group capacity is fixed at creation, which helps users plan their
+     *          web ACL WCU usage when they use a rule group. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html">WAF web ACL capacity units (WCU)</a>
+     *     in the <i>WAF Developer Guide</i>. </p>
      */
     Capacity?: number;
     /**
@@ -3296,27 +3374,27 @@ export interface DisassociateWebACLRequest {
      *          <p>The ARN must be in one of the following formats:</p>
      *          <ul>
      *             <li>
-     *                <p>For an Application Load Balancer: <code>arn:aws:elasticloadbalancing:<i>region</i>:<i>account-id</i>:loadbalancer/app/<i>load-balancer-name</i>/<i>load-balancer-id</i>
+     *                <p>For an Application Load Balancer: <code>arn:<i>partition</i>:elasticloadbalancing:<i>region</i>:<i>account-id</i>:loadbalancer/app/<i>load-balancer-name</i>/<i>load-balancer-id</i>
      *                   </code>
      *                </p>
      *             </li>
      *             <li>
-     *                <p>For an Amazon API Gateway REST API: <code>arn:aws:apigateway:<i>region</i>::/restapis/<i>api-id</i>/stages/<i>stage-name</i>
+     *                <p>For an Amazon API Gateway REST API: <code>arn:<i>partition</i>:apigateway:<i>region</i>::/restapis/<i>api-id</i>/stages/<i>stage-name</i>
      *                   </code>
      *                </p>
      *             </li>
      *             <li>
-     *                <p>For an AppSync GraphQL API: <code>arn:aws:appsync:<i>region</i>:<i>account-id</i>:apis/<i>GraphQLApiId</i>
+     *                <p>For an AppSync GraphQL API: <code>arn:<i>partition</i>:appsync:<i>region</i>:<i>account-id</i>:apis/<i>GraphQLApiId</i>
      *                   </code>
      *                </p>
      *             </li>
      *             <li>
-     *                <p>For an Amazon Cognito user pool: <code>arn:aws:cognito-idp:<i>region</i>:<i>account-id</i>:userpool/<i>user-pool-id</i>
+     *                <p>For an Amazon Cognito user pool: <code>arn:<i>partition</i>:cognito-idp:<i>region</i>:<i>account-id</i>:userpool/<i>user-pool-id</i>
      *                   </code>
      *                </p>
      *             </li>
      *             <li>
-     *                <p>For an App Runner service: <code>arn:aws:apprunner:<i>region</i>:<i>account-id</i>:service/<i>apprunner-service-name</i>/<i>apprunner-service-id</i>
+     *                <p>For an App Runner service: <code>arn:<i>partition</i>:apprunner:<i>region</i>:<i>account-id</i>:service/<i>apprunner-service-name</i>/<i>apprunner-service-id</i>
      *                   </code>
      *                </p>
      *             </li>
@@ -3373,7 +3451,7 @@ export interface GetIPSetRequest {
      */
     Name: string | undefined;
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -3659,7 +3737,7 @@ export interface GetManagedRuleSetRequest {
      */
     Name: string | undefined;
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -3698,8 +3776,8 @@ export interface ManagedRuleSetVersion {
      *          Simple rules that cost little to run use fewer WCUs than more complex rules
      * 				that use more processing power.
      * 				Rule group capacity is fixed at creation, which helps users plan their
-     *          web ACL WCU usage when they use a rule group.
-     *          The WCU limit for web ACLs is 1,500.  </p>
+     *          web ACL WCU usage when they use a rule group. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html">WAF web ACL capacity units (WCU)</a>
+     *     in the <i>WAF Developer Guide</i>. </p>
      */
     Capacity?: number;
     /**
@@ -3860,7 +3938,7 @@ export interface GetPermissionPolicyResponse {
  */
 export interface GetRateBasedStatementManagedKeysRequest {
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -3928,7 +4006,7 @@ export interface GetRegexPatternSetRequest {
      */
     Name: string | undefined;
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -3995,7 +4073,7 @@ export interface GetRuleGroupRequest {
      */
     Name?: string;
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -4066,7 +4144,7 @@ export interface GetSampledRequestsRequest {
      */
     RuleMetricName: string | undefined;
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -4317,7 +4395,7 @@ export interface GetWebACLRequest {
      */
     Name: string | undefined;
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -4343,27 +4421,27 @@ export interface GetWebACLForResourceRequest {
      *          <p>The ARN must be in one of the following formats:</p>
      *          <ul>
      *             <li>
-     *                <p>For an Application Load Balancer: <code>arn:aws:elasticloadbalancing:<i>region</i>:<i>account-id</i>:loadbalancer/app/<i>load-balancer-name</i>/<i>load-balancer-id</i>
+     *                <p>For an Application Load Balancer: <code>arn:<i>partition</i>:elasticloadbalancing:<i>region</i>:<i>account-id</i>:loadbalancer/app/<i>load-balancer-name</i>/<i>load-balancer-id</i>
      *                   </code>
      *                </p>
      *             </li>
      *             <li>
-     *                <p>For an Amazon API Gateway REST API: <code>arn:aws:apigateway:<i>region</i>::/restapis/<i>api-id</i>/stages/<i>stage-name</i>
+     *                <p>For an Amazon API Gateway REST API: <code>arn:<i>partition</i>:apigateway:<i>region</i>::/restapis/<i>api-id</i>/stages/<i>stage-name</i>
      *                   </code>
      *                </p>
      *             </li>
      *             <li>
-     *                <p>For an AppSync GraphQL API: <code>arn:aws:appsync:<i>region</i>:<i>account-id</i>:apis/<i>GraphQLApiId</i>
+     *                <p>For an AppSync GraphQL API: <code>arn:<i>partition</i>:appsync:<i>region</i>:<i>account-id</i>:apis/<i>GraphQLApiId</i>
      *                   </code>
      *                </p>
      *             </li>
      *             <li>
-     *                <p>For an Amazon Cognito user pool: <code>arn:aws:cognito-idp:<i>region</i>:<i>account-id</i>:userpool/<i>user-pool-id</i>
+     *                <p>For an Amazon Cognito user pool: <code>arn:<i>partition</i>:cognito-idp:<i>region</i>:<i>account-id</i>:userpool/<i>user-pool-id</i>
      *                   </code>
      *                </p>
      *             </li>
      *             <li>
-     *                <p>For an App Runner service: <code>arn:aws:apprunner:<i>region</i>:<i>account-id</i>:service/<i>apprunner-service-name</i>/<i>apprunner-service-id</i>
+     *                <p>For an App Runner service: <code>arn:<i>partition</i>:apprunner:<i>region</i>:<i>account-id</i>:service/<i>apprunner-service-name</i>/<i>apprunner-service-id</i>
      *                   </code>
      *                </p>
      *             </li>
@@ -4376,7 +4454,7 @@ export interface GetWebACLForResourceRequest {
  */
 export interface ListAvailableManagedRuleGroupsRequest {
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -4452,7 +4530,7 @@ export interface ListAvailableManagedRuleGroupVersionsRequest {
      */
     Name: string | undefined;
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -4516,7 +4594,7 @@ export interface ListAvailableManagedRuleGroupVersionsResponse {
  */
 export interface ListIPSetsRequest {
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -4562,7 +4640,7 @@ export interface ListIPSetsResponse {
  */
 export interface ListLoggingConfigurationsRequest {
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -4607,7 +4685,7 @@ export interface ListLoggingConfigurationsResponse {
  */
 export interface ListManagedRuleSetsRequest {
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -4750,7 +4828,7 @@ export interface ListMobileSdkReleasesResponse {
  */
 export interface ListRegexPatternSetsRequest {
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -4815,7 +4893,7 @@ export interface ListResourcesForWebACLRequest {
     WebACLArn: string | undefined;
     /**
      * <p>Used for web ACLs that are scoped for regional applications.
-     *          A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service. </p>
+     *          A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. </p>
      *          <note>
      *             <p>If you don't provide a resource type, the call uses the resource type <code>APPLICATION_LOAD_BALANCER</code>. </p>
      *          </note>
@@ -4838,7 +4916,7 @@ export interface ListResourcesForWebACLResponse {
  */
 export interface ListRuleGroupsRequest {
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -4942,7 +5020,7 @@ export interface ListTagsForResourceResponse {
  */
 export interface ListWebACLsRequest {
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -5065,7 +5143,7 @@ export interface PutManagedRuleSetVersionsRequest {
      */
     Name: string | undefined;
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -5119,7 +5197,7 @@ export interface PutPermissionPolicyRequest {
      *          <p>The policy specifications must conform to the following:</p>
      *          <ul>
      *             <li>
-     *                <p>The policy must be composed using IAM Policy version 2012-10-17 or version 2015-01-01.</p>
+     *                <p>The policy must be composed using IAM Policy version 2012-10-17.</p>
      *             </li>
      *             <li>
      *                <p>The policy must include specifications for <code>Effect</code>, <code>Action</code>, and <code>Principal</code>.</p>
@@ -5153,7 +5231,7 @@ export interface PutPermissionPolicyResponse {
  *          <p>The policy specifications must conform to the following:</p>
  *          <ul>
  *             <li>
- *                <p>The policy must be composed using IAM Policy version 2012-10-17 or version 2015-01-01.</p>
+ *                <p>The policy must be composed using IAM Policy version 2012-10-17.</p>
  *             </li>
  *             <li>
  *                <p>The policy must include specifications for <code>Effect</code>, <code>Action</code>, and <code>Principal</code>.</p>
@@ -5228,7 +5306,7 @@ export interface UpdateIPSetRequest {
      */
     Name: string | undefined;
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -5311,7 +5389,7 @@ export interface UpdateManagedRuleSetVersionExpiryDateRequest {
      */
     Name: string | undefined;
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -5369,7 +5447,7 @@ export interface UpdateRegexPatternSetRequest {
      */
     Name: string | undefined;
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -5447,7 +5525,7 @@ export interface Statement {
     XssMatchStatement?: XssMatchStatement;
     /**
      * <p>A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes. </p>
-     *          <p>If you configure WAF to inspect the request body, WAF inspects only the first 8192 bytes (8 KB). If the request body for your web requests never exceeds 8192 bytes, you could use a size constraint statement to block requests that have a request body greater than 8192 bytes.</p>
+     *          <p>If you configure WAF to inspect the request body, WAF inspects only the number of bytes of the body up to the limit for the web ACL. By default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes) and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes). For CloudFront web ACLs, you can increase the limit in the web ACL <code>AssociationConfig</code>, for additional fees. If you know that the request body for your web requests should never exceed the inspection limit, you could use a size constraint statement to block requests that have a larger request body size.</p>
      *          <p>If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI <code>/logo.jpg</code> is nine characters long.</p>
      */
     SizeConstraintStatement?: SizeConstraintStatement;
@@ -5761,21 +5839,15 @@ export interface OrStatement {
 }
 /**
  * @public
- * <p>The processing guidance for an Firewall Manager rule. This is like a regular rule <a>Statement</a>, but it can only contain a rule group reference.</p>
+ * <p>The processing guidance for an Firewall Manager rule. This is like a regular rule <a>Statement</a>, but it can only contain a single rule group reference.</p>
  */
 export interface FirewallManagerStatement {
     /**
-     * <p>A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling <a>ListAvailableManagedRuleGroups</a>.</p>
-     *          <p>You cannot nest a <code>ManagedRuleGroupStatement</code>, for example for use inside a <code>NotStatement</code> or <code>OrStatement</code>. It can only be referenced as a top-level statement within a rule.</p>
-     *          <note>
-     *             <p>You are charged additional fees when you use the WAF Bot Control managed rule group <code>AWSManagedRulesBotControlRuleSet</code> or the WAF Fraud Control account takeover prevention (ATP) managed rule group <code>AWSManagedRulesATPRuleSet</code>. For more information, see <a href="http://aws.amazon.com/waf/pricing/">WAF Pricing</a>.</p>
-     *          </note>
+     * <p>A statement used by Firewall Manager to run the rules that are defined in a managed rule group. This is managed by Firewall Manager for an Firewall Manager WAF policy.</p>
      */
     ManagedRuleGroupStatement?: ManagedRuleGroupStatement;
     /**
-     * <p>A rule statement used to run the rules that are defined in a <a>RuleGroup</a>. To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.</p>
-     *          <p>You cannot nest a <code>RuleGroupReferenceStatement</code>, for example for use inside a <code>NotStatement</code> or <code>OrStatement</code>. You
-     *       can only use a rule group reference statement at the top level inside a web ACL. </p>
+     * <p>A statement used by Firewall Manager to run the rules that are defined in a rule group. This is managed by Firewall Manager for an Firewall Manager WAF policy.</p>
      */
     RuleGroupReferenceStatement?: RuleGroupReferenceStatement;
 }
@@ -5818,7 +5890,7 @@ export interface FirewallManagerRuleGroup {
  */
 export interface CheckCapacityRequest {
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -5845,7 +5917,7 @@ export interface CreateRuleGroupRequest {
      */
     Name: string | undefined;
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -5868,8 +5940,8 @@ export interface CreateRuleGroupRequest {
      *          Simple rules that cost little to run use fewer WCUs than more complex rules
      * 				that use more processing power.
      * 				Rule group capacity is fixed at creation, which helps users plan their
-     *          web ACL WCU usage when they use a rule group.
-     *          The WCU limit for web ACLs is 1,500.  </p>
+     *          web ACL WCU usage when they use a rule group. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html">WAF web ACL capacity units (WCU)</a>
+     *     in the <i>WAF Developer Guide</i>. </p>
      */
     Capacity: number | undefined;
     /**
@@ -5893,10 +5965,11 @@ export interface CreateRuleGroupRequest {
     Tags?: Tag[];
     /**
      * <p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the rule group, and then use them in the rules that you define in the rule group. </p>
-     *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
-     *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
-     *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a> in the
-     *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+     *          <p>For information about customizing web requests and responses,
+     *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+     *     in the <i>WAF Developer Guide</i>. </p>
+     *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a>
+     *      in the <i>WAF Developer Guide</i>. </p>
      */
     CustomResponseBodies?: Record<string, CustomResponseBody>;
 }
@@ -5909,7 +5982,7 @@ export interface CreateWebACLRequest {
      */
     Name: string | undefined;
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -5946,10 +6019,11 @@ export interface CreateWebACLRequest {
     Tags?: Tag[];
     /**
      * <p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL. </p>
-     *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
-     *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
-     *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a> in the
-     *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+     *          <p>For information about customizing web requests and responses,
+     *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+     *     in the <i>WAF Developer Guide</i>. </p>
+     *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a>
+     *      in the <i>WAF Developer Guide</i>. </p>
      */
     CustomResponseBodies?: Record<string, CustomResponseBody>;
     /**
@@ -5968,6 +6042,14 @@ export interface CreateWebACLRequest {
      *          <p>Public suffixes aren't allowed. For example, you can't use <code>usa.gov</code> or <code>co.uk</code> as token domains.</p>
      */
     TokenDomains?: string[];
+    /**
+     * <p>Specifies custom configurations for the associations between the web ACL and protected resources.  </p>
+     *          <p>Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes). </p>
+     *          <note>
+     *             <p>You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see <a href="http://aws.amazon.com/waf/pricing/">WAF Pricing</a>.</p>
+     *          </note>
+     */
+    AssociationConfig?: AssociationConfig;
 }
 /**
  * @public
@@ -5993,8 +6075,8 @@ export interface RuleGroup {
      *          Simple rules that cost little to run use fewer WCUs than more complex rules
      * 				that use more processing power.
      * 				Rule group capacity is fixed at creation, which helps users plan their
-     *          web ACL WCU usage when they use a rule group.
-     *          The WCU limit for web ACLs is 1,500.  </p>
+     *          web ACL WCU usage when they use a rule group. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html">WAF web ACL capacity units (WCU)</a>
+     *     in the <i>WAF Developer Guide</i>. </p>
      */
     Capacity: number | undefined;
     /**
@@ -6036,10 +6118,11 @@ export interface RuleGroup {
     LabelNamespace?: string;
     /**
      * <p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the rule group, and then use them in the rules that you define in the rule group. </p>
-     *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
-     *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
-     *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a> in the
-     *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+     *          <p>For information about customizing web requests and responses,
+     *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+     *     in the <i>WAF Developer Guide</i>. </p>
+     *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a>
+     *      in the <i>WAF Developer Guide</i>. </p>
      */
     CustomResponseBodies?: Record<string, CustomResponseBody>;
     /**
@@ -6060,7 +6143,7 @@ export interface UpdateRuleGroupRequest {
      */
     Name: string | undefined;
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -6097,10 +6180,11 @@ export interface UpdateRuleGroupRequest {
     LockToken: string | undefined;
     /**
      * <p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the rule group, and then use them in the rules that you define in the rule group. </p>
-     *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
-     *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
-     *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a> in the
-     *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+     *          <p>For information about customizing web requests and responses,
+     *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+     *     in the <i>WAF Developer Guide</i>. </p>
+     *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a>
+     *      in the <i>WAF Developer Guide</i>. </p>
      */
     CustomResponseBodies?: Record<string, CustomResponseBody>;
 }
@@ -6113,7 +6197,7 @@ export interface UpdateWebACLRequest {
      */
     Name: string | undefined;
     /**
-     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
      *          <ul>
      *             <li>
@@ -6154,10 +6238,11 @@ export interface UpdateWebACLRequest {
     LockToken: string | undefined;
     /**
      * <p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL. </p>
-     *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
-     *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
-     *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a> in the
-     *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+     *          <p>For information about customizing web requests and responses,
+     *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+     *     in the <i>WAF Developer Guide</i>. </p>
+     *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a>
+     *      in the <i>WAF Developer Guide</i>. </p>
      */
     CustomResponseBodies?: Record<string, CustomResponseBody>;
     /**
@@ -6176,6 +6261,14 @@ export interface UpdateWebACLRequest {
      *          <p>Public suffixes aren't allowed. For example, you can't use <code>usa.gov</code> or <code>co.uk</code> as token domains.</p>
      */
     TokenDomains?: string[];
+    /**
+     * <p>Specifies custom configurations for the associations between the web ACL and protected resources.  </p>
+     *          <p>Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes). </p>
+     *          <note>
+     *             <p>You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see <a href="http://aws.amazon.com/waf/pricing/">WAF Pricing</a>.</p>
+     *          </note>
+     */
+    AssociationConfig?: AssociationConfig;
 }
 /**
  * @public
@@ -6192,7 +6285,7 @@ export interface GetRuleGroupResponse {
 }
 /**
  * @public
- * <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.  </p>
+ * <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
  */
 export interface WebACL {
     /**
@@ -6237,8 +6330,8 @@ export interface WebACL {
      *          Simple rules that cost little to run use fewer WCUs than more complex rules
      * 				that use more processing power.
      * 				Rule group capacity is fixed at creation, which helps users plan their
-     *          web ACL WCU usage when they use a rule group.
-     *          The WCU limit for web ACLs is 1,500.  </p>
+     *          web ACL WCU usage when they use a rule group. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html">WAF web ACL capacity units (WCU)</a>
+     *     in the <i>WAF Developer Guide</i>. </p>
      */
     Capacity?: number;
     /**
@@ -6286,10 +6379,11 @@ export interface WebACL {
     LabelNamespace?: string;
     /**
      * <p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL. </p>
-     *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
-     *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
-     *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a> in the
-     *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+     *          <p>For information about customizing web requests and responses,
+     *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+     *     in the <i>WAF Developer Guide</i>. </p>
+     *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a>
+     *      in the <i>WAF Developer Guide</i>. </p>
      */
     CustomResponseBodies?: Record<string, CustomResponseBody>;
     /**
@@ -6305,6 +6399,14 @@ export interface WebACL {
      * <p>Specifies the domains that WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When WAF provides a token, it uses the domain of the Amazon Web Services resource that the web ACL is protecting. If you don't specify a list of token domains, WAF accepts tokens only for the domain of the protected resource. With a token domain list, WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.</p>
      */
     TokenDomains?: string[];
+    /**
+     * <p>Specifies custom configurations for the associations between the web ACL and protected resources.  </p>
+     *          <p>Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes). </p>
+     *          <note>
+     *             <p>You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see <a href="http://aws.amazon.com/waf/pricing/">WAF Pricing</a>.</p>
+     *          </note>
+     */
+    AssociationConfig?: AssociationConfig;
 }
 /**
  * @public
@@ -6330,7 +6432,8 @@ export interface GetWebACLResponse {
      */
     LockToken?: string;
     /**
-     * <p>The URL to use in SDK integrations with Amazon Web Services managed rule groups. For example, you can use the integration SDKs with the account takeover prevention managed rule group <code>AWSManagedRulesATPRuleSet</code>. This is only populated if you are using a rule group in your web ACL that integrates with your applications in this way. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html">WAF client application integration</a> in the <i>WAF Developer Guide</i>.</p>
+     * <p>The URL to use in SDK integrations with Amazon Web Services managed rule groups. For example, you can use the integration SDKs with the account takeover prevention managed rule group <code>AWSManagedRulesATPRuleSet</code>. This is only populated if you are using a rule group in your web ACL that integrates with your applications in this way. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html">WAF client application integration</a>
+     * in the <i>WAF Developer Guide</i>.</p>
      */
     ApplicationIntegrationURL?: string;
 }