@aws-sdk/client-wafv2 3.309.0 → 3.311.0

package/README.md

@@ -39,7 +39,7 @@ Guide</a>.</p>
 <ul>
 <li>
 <p>For regional applications, you can use any of the endpoints in the list.
-A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service. </p>
+A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. </p>
 </li>
 <li>
 <p>For Amazon CloudFront applications, you must use the API endpoint listed for

package/dist-cjs/models/models_0.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.WAFInvalidPermissionPolicyException = exports.WAFServiceLinkedRoleErrorException = exports.WAFLogDestinationPermissionIssueException = exports.ResourceType = exports.FailureReason = exports.FilterRequirement = exports.FilterBehavior = exports.Platform = exports.WAFAssociatedItemException = exports.WAFConfigurationWarningException = exports.ResponseContentType = exports.WAFTagOperationInternalErrorException = exports.WAFTagOperationException = exports.WAFOptimisticLockException = exports.WAFDuplicateItemException = exports.IPAddressVersion = exports.WAFSubscriptionNotFoundException = exports.WAFLimitsExceededException = exports.WAFInvalidResourceException = exports.WAFExpiredManagedRuleGroupVersionException = exports.Scope = exports.WAFUnavailableEntityException = exports.WAFNonexistentItemException = exports.WAFInvalidParameterException = exports.ParameterExceptionField = exports.WAFInvalidOperationException = exports.WAFInternalErrorException = exports.SensitivityLevel = exports.ComparisonOperator = exports.RateBasedStatementAggregateKeyType = exports.InspectionLevel = exports.PayloadType = exports.LabelMatchScope = exports.ForwardedIPPosition = exports.FallbackBehavior = exports.CountryCode = exports.TextTransformationType = exports.PositionalConstraint = exports.JsonMatchScope = exports.BodyParsingFallbackBehavior = exports.MapMatchScope = exports.OversizeHandling = exports.ActionValue = void 0;
+exports.WAFInvalidPermissionPolicyException = exports.WAFServiceLinkedRoleErrorException = exports.WAFLogDestinationPermissionIssueException = exports.ResourceType = exports.FailureReason = exports.FilterRequirement = exports.FilterBehavior = exports.Platform = exports.WAFAssociatedItemException = exports.WAFConfigurationWarningException = exports.ResponseContentType = exports.WAFTagOperationInternalErrorException = exports.WAFTagOperationException = exports.WAFOptimisticLockException = exports.WAFDuplicateItemException = exports.IPAddressVersion = exports.WAFSubscriptionNotFoundException = exports.WAFLimitsExceededException = exports.WAFInvalidResourceException = exports.WAFExpiredManagedRuleGroupVersionException = exports.Scope = exports.SizeInspectionLimit = exports.WAFUnavailableEntityException = exports.WAFNonexistentItemException = exports.WAFInvalidParameterException = exports.ParameterExceptionField = exports.WAFInvalidOperationException = exports.WAFInternalErrorException = exports.AssociatedResourceType = exports.SensitivityLevel = exports.ComparisonOperator = exports.RateBasedStatementAggregateKeyType = exports.InspectionLevel = exports.PayloadType = exports.LabelMatchScope = exports.ForwardedIPPosition = exports.FallbackBehavior = exports.CountryCode = exports.TextTransformationType = exports.PositionalConstraint = exports.JsonMatchScope = exports.BodyParsingFallbackBehavior = exports.MapMatchScope = exports.OversizeHandling = exports.ActionValue = void 0;
 const WAFV2ServiceException_1 = require("./WAFV2ServiceException");
 exports.ActionValue = {
     ALLOW: "ALLOW",
@@ -349,6 +349,9 @@ exports.SensitivityLevel = {
     HIGH: "HIGH",
     LOW: "LOW",
 };
+exports.AssociatedResourceType = {
+    CLOUDFRONT: "CLOUDFRONT",
+};
 class WAFInternalErrorException extends WAFV2ServiceException_1.WAFV2ServiceException {
     constructor(opts) {
         super({
@@ -380,6 +383,7 @@ exports.WAFInvalidOperationException = WAFInvalidOperationException;
 exports.ParameterExceptionField = {
     AND_STATEMENT: "AND_STATEMENT",
     ASSOCIABLE_RESOURCE: "ASSOCIABLE_RESOURCE",
+    ASSOCIATED_RESOURCE_TYPE: "ASSOCIATED_RESOURCE_TYPE",
     ATP_RULE_SET_RESPONSE_INSPECTION: "ATP_RULE_SET_RESPONSE_INSPECTION",
     BODY_PARSING_FALLBACK_BEHAVIOR: "BODY_PARSING_FALLBACK_BEHAVIOR",
     BYTE_MATCH_STATEMENT: "BYTE_MATCH_STATEMENT",
@@ -489,6 +493,12 @@ class WAFUnavailableEntityException extends WAFV2ServiceException_1.WAFV2Service
     }
 }
 exports.WAFUnavailableEntityException = WAFUnavailableEntityException;
+exports.SizeInspectionLimit = {
+    KB_16: "KB_16",
+    KB_32: "KB_32",
+    KB_48: "KB_48",
+    KB_64: "KB_64",
+};
 exports.Scope = {
     CLOUDFRONT: "CLOUDFRONT",
     REGIONAL: "REGIONAL",

package/dist-cjs/protocols/Aws_json1_1.js

@@ -2963,6 +2963,11 @@ const se_AssociateWebACLRequest = (input, context) => {
         ...(input.WebACLArn != null && { WebACLArn: input.WebACLArn }),
     };
 };
+const se_AssociationConfig = (input, context) => {
+    return {
+        ...(input.RequestBody != null && { RequestBody: se_RequestBody(input.RequestBody, context) }),
+    };
+};
 const se_AWSManagedRulesATPRuleSet = (input, context) => {
     return {
         ...(input.LoginPath != null && { LoginPath: input.LoginPath }),
@@ -3120,6 +3125,9 @@ const se_CreateRuleGroupRequest = (input, context) => {
 };
 const se_CreateWebACLRequest = (input, context) => {
     return {
+        ...(input.AssociationConfig != null && {
+            AssociationConfig: se_AssociationConfig(input.AssociationConfig, context),
+        }),
         ...(input.CaptchaConfig != null && { CaptchaConfig: se_CaptchaConfig(input.CaptchaConfig, context) }),
         ...(input.ChallengeConfig != null && { ChallengeConfig: se_ChallengeConfig(input.ChallengeConfig, context) }),
         ...(input.CustomResponseBodies != null && {
@@ -3713,6 +3721,20 @@ const se_RegularExpressionList = (input, context) => {
         return se_Regex(entry, context);
     });
 };
+const se_RequestBody = (input, context) => {
+    return Object.entries(input).reduce((acc, [key, value]) => {
+        if (value === null) {
+            return acc;
+        }
+        acc[key] = se_RequestBodyAssociatedResourceTypeConfig(value, context);
+        return acc;
+    }, {});
+};
+const se_RequestBodyAssociatedResourceTypeConfig = (input, context) => {
+    return {
+        ...(input.DefaultSizeInspectionLimit != null && { DefaultSizeInspectionLimit: input.DefaultSizeInspectionLimit }),
+    };
+};
 const se_RequestInspection = (input, context) => {
     return {
         ...(input.PasswordField != null && { PasswordField: se_PasswordField(input.PasswordField, context) }),
@@ -4062,6 +4084,9 @@ const se_UpdateRuleGroupRequest = (input, context) => {
 };
 const se_UpdateWebACLRequest = (input, context) => {
     return {
+        ...(input.AssociationConfig != null && {
+            AssociationConfig: se_AssociationConfig(input.AssociationConfig, context),
+        }),
         ...(input.CaptchaConfig != null && { CaptchaConfig: se_CaptchaConfig(input.CaptchaConfig, context) }),
         ...(input.ChallengeConfig != null && { ChallengeConfig: se_ChallengeConfig(input.ChallengeConfig, context) }),
         ...(input.CustomResponseBodies != null && {
@@ -4142,6 +4167,11 @@ const de_AndStatement = (output, context) => {
 const de_AssociateWebACLResponse = (output, context) => {
     return {};
 };
+const de_AssociationConfig = (output, context) => {
+    return {
+        RequestBody: output.RequestBody != null ? de_RequestBody(output.RequestBody, context) : undefined,
+    };
+};
 const de_AWSManagedRulesATPRuleSet = (output, context) => {
     return {
         LoginPath: (0, smithy_client_1.expectString)(output.LoginPath),
@@ -5122,6 +5152,20 @@ const de_ReleaseSummary = (output, context) => {
         Timestamp: output.Timestamp != null ? (0, smithy_client_1.expectNonNull)((0, smithy_client_1.parseEpochTimestamp)((0, smithy_client_1.expectNumber)(output.Timestamp))) : undefined,
     };
 };
+const de_RequestBody = (output, context) => {
+    return Object.entries(output).reduce((acc, [key, value]) => {
+        if (value === null) {
+            return acc;
+        }
+        acc[key] = de_RequestBodyAssociatedResourceTypeConfig(value, context);
+        return acc;
+    }, {});
+};
+const de_RequestBodyAssociatedResourceTypeConfig = (output, context) => {
+    return {
+        DefaultSizeInspectionLimit: (0, smithy_client_1.expectString)(output.DefaultSizeInspectionLimit),
+    };
+};
 const de_RequestInspection = (output, context) => {
     return {
         PasswordField: output.PasswordField != null ? de_PasswordField(output.PasswordField, context) : undefined,
@@ -5677,6 +5721,7 @@ const de_WAFUnavailableEntityException = (output, context) => {
 const de_WebACL = (output, context) => {
     return {
         ARN: (0, smithy_client_1.expectString)(output.ARN),
+        AssociationConfig: output.AssociationConfig != null ? de_AssociationConfig(output.AssociationConfig, context) : undefined,
         Capacity: (0, smithy_client_1.expectLong)(output.Capacity),
         CaptchaConfig: output.CaptchaConfig != null ? de_CaptchaConfig(output.CaptchaConfig, context) : undefined,
         ChallengeConfig: output.ChallengeConfig != null ? de_ChallengeConfig(output.ChallengeConfig, context) : undefined,

package/dist-es/models/models_0.js

@@ -346,6 +346,9 @@ export const SensitivityLevel = {
     HIGH: "HIGH",
     LOW: "LOW",
 };
+export const AssociatedResourceType = {
+    CLOUDFRONT: "CLOUDFRONT",
+};
 export class WAFInternalErrorException extends __BaseException {
     constructor(opts) {
         super({
@@ -375,6 +378,7 @@ export class WAFInvalidOperationException extends __BaseException {
 export const ParameterExceptionField = {
     AND_STATEMENT: "AND_STATEMENT",
     ASSOCIABLE_RESOURCE: "ASSOCIABLE_RESOURCE",
+    ASSOCIATED_RESOURCE_TYPE: "ASSOCIATED_RESOURCE_TYPE",
     ATP_RULE_SET_RESPONSE_INSPECTION: "ATP_RULE_SET_RESPONSE_INSPECTION",
     BODY_PARSING_FALLBACK_BEHAVIOR: "BODY_PARSING_FALLBACK_BEHAVIOR",
     BYTE_MATCH_STATEMENT: "BYTE_MATCH_STATEMENT",
@@ -481,6 +485,12 @@ export class WAFUnavailableEntityException extends __BaseException {
         this.Message = opts.Message;
     }
 }
+export const SizeInspectionLimit = {
+    KB_16: "KB_16",
+    KB_32: "KB_32",
+    KB_48: "KB_48",
+    KB_64: "KB_64",
+};
 export const Scope = {
     CLOUDFRONT: "CLOUDFRONT",
     REGIONAL: "REGIONAL",

package/dist-es/protocols/Aws_json1_1.js

@@ -2863,6 +2863,11 @@ const se_AssociateWebACLRequest = (input, context) => {
         ...(input.WebACLArn != null && { WebACLArn: input.WebACLArn }),
     };
 };
+const se_AssociationConfig = (input, context) => {
+    return {
+        ...(input.RequestBody != null && { RequestBody: se_RequestBody(input.RequestBody, context) }),
+    };
+};
 const se_AWSManagedRulesATPRuleSet = (input, context) => {
     return {
         ...(input.LoginPath != null && { LoginPath: input.LoginPath }),
@@ -3020,6 +3025,9 @@ const se_CreateRuleGroupRequest = (input, context) => {
 };
 const se_CreateWebACLRequest = (input, context) => {
     return {
+        ...(input.AssociationConfig != null && {
+            AssociationConfig: se_AssociationConfig(input.AssociationConfig, context),
+        }),
         ...(input.CaptchaConfig != null && { CaptchaConfig: se_CaptchaConfig(input.CaptchaConfig, context) }),
         ...(input.ChallengeConfig != null && { ChallengeConfig: se_ChallengeConfig(input.ChallengeConfig, context) }),
         ...(input.CustomResponseBodies != null && {
@@ -3613,6 +3621,20 @@ const se_RegularExpressionList = (input, context) => {
         return se_Regex(entry, context);
     });
 };
+const se_RequestBody = (input, context) => {
+    return Object.entries(input).reduce((acc, [key, value]) => {
+        if (value === null) {
+            return acc;
+        }
+        acc[key] = se_RequestBodyAssociatedResourceTypeConfig(value, context);
+        return acc;
+    }, {});
+};
+const se_RequestBodyAssociatedResourceTypeConfig = (input, context) => {
+    return {
+        ...(input.DefaultSizeInspectionLimit != null && { DefaultSizeInspectionLimit: input.DefaultSizeInspectionLimit }),
+    };
+};
 const se_RequestInspection = (input, context) => {
     return {
         ...(input.PasswordField != null && { PasswordField: se_PasswordField(input.PasswordField, context) }),
@@ -3962,6 +3984,9 @@ const se_UpdateRuleGroupRequest = (input, context) => {
 };
 const se_UpdateWebACLRequest = (input, context) => {
     return {
+        ...(input.AssociationConfig != null && {
+            AssociationConfig: se_AssociationConfig(input.AssociationConfig, context),
+        }),
         ...(input.CaptchaConfig != null && { CaptchaConfig: se_CaptchaConfig(input.CaptchaConfig, context) }),
         ...(input.ChallengeConfig != null && { ChallengeConfig: se_ChallengeConfig(input.ChallengeConfig, context) }),
         ...(input.CustomResponseBodies != null && {
@@ -4042,6 +4067,11 @@ const de_AndStatement = (output, context) => {
 const de_AssociateWebACLResponse = (output, context) => {
     return {};
 };
+const de_AssociationConfig = (output, context) => {
+    return {
+        RequestBody: output.RequestBody != null ? de_RequestBody(output.RequestBody, context) : undefined,
+    };
+};
 const de_AWSManagedRulesATPRuleSet = (output, context) => {
     return {
         LoginPath: __expectString(output.LoginPath),
@@ -5022,6 +5052,20 @@ const de_ReleaseSummary = (output, context) => {
         Timestamp: output.Timestamp != null ? __expectNonNull(__parseEpochTimestamp(__expectNumber(output.Timestamp))) : undefined,
     };
 };
+const de_RequestBody = (output, context) => {
+    return Object.entries(output).reduce((acc, [key, value]) => {
+        if (value === null) {
+            return acc;
+        }
+        acc[key] = de_RequestBodyAssociatedResourceTypeConfig(value, context);
+        return acc;
+    }, {});
+};
+const de_RequestBodyAssociatedResourceTypeConfig = (output, context) => {
+    return {
+        DefaultSizeInspectionLimit: __expectString(output.DefaultSizeInspectionLimit),
+    };
+};
 const de_RequestInspection = (output, context) => {
     return {
         PasswordField: output.PasswordField != null ? de_PasswordField(output.PasswordField, context) : undefined,
@@ -5577,6 +5621,7 @@ const de_WAFUnavailableEntityException = (output, context) => {
 const de_WebACL = (output, context) => {
     return {
         ARN: __expectString(output.ARN),
+        AssociationConfig: output.AssociationConfig != null ? de_AssociationConfig(output.AssociationConfig, context) : undefined,
         Capacity: __expectLong(output.Capacity),
         CaptchaConfig: output.CaptchaConfig != null ? de_CaptchaConfig(output.CaptchaConfig, context) : undefined,
         ChallengeConfig: output.ChallengeConfig != null ? de_ChallengeConfig(output.ChallengeConfig, context) : undefined,

package/dist-types/WAFV2.d.ts

@@ -79,7 +79,7 @@ import { WAFV2Client } from "./WAFV2Client";
  *          <ul>
  *             <li>
  *                <p>For regional applications, you can use any of the endpoints in the list.
- *                A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service. </p>
+ *                A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. </p>
  *             </li>
  *             <li>
  *                <p>For Amazon CloudFront applications, you must use the API endpoint listed for
@@ -113,10 +113,10 @@ export declare class WAFV2 extends WAFV2Client {
     /**
      * @public
      * <p>Associates a web ACL with a regional application resource, to protect the resource.
-     *          A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     *          A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To
      *          associate a web ACL, in the CloudFront call <code>UpdateDistribution</code>, set the web ACL ID
-     *          to the Amazon Resource Name (ARN) of the web ACL. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>.</p>
+     *          to the Amazon Resource Name (ARN) of the web ACL. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a> in the <i>Amazon CloudFront Developer Guide</i>. </p>
      *          <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>
      */
     associateWebACL(args: AssociateWebACLCommandInput, options?: __HttpHandlerOptions): Promise<AssociateWebACLCommandOutput>;
@@ -134,8 +134,8 @@ export declare class WAFV2 extends WAFV2Client {
      *          Simple rules that cost little to run use fewer WCUs than more complex rules
      * 				that use more processing power.
      * 				Rule group capacity is fixed at creation, which helps users plan their
-     *          web ACL WCU usage when they use a rule group.
-     *          The WCU limit for web ACLs is 1,500.  </p>
+     *          web ACL WCU usage when they use a rule group. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html">WAF web ACL capacity units (WCU)</a>
+     *     in the <i>WAF Developer Guide</i>. </p>
      */
     checkCapacity(args: CheckCapacityCommandInput, options?: __HttpHandlerOptions): Promise<CheckCapacityCommandOutput>;
     checkCapacity(args: CheckCapacityCommandInput, cb: (err: any, data?: CheckCapacityCommandOutput) => void): void;
@@ -169,7 +169,7 @@ export declare class WAFV2 extends WAFV2Client {
     /**
      * @public
      * <p>Creates a <a>WebACL</a> per the specifications provided.</p>
-     *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.  </p>
+     *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      */
     createWebACL(args: CreateWebACLCommandInput, options?: __HttpHandlerOptions): Promise<CreateWebACLCommandOutput>;
     createWebACL(args: CreateWebACLCommandInput, cb: (err: any, data?: CreateWebACLCommandOutput) => void): void;
@@ -236,7 +236,8 @@ export declare class WAFV2 extends WAFV2Client {
      *                      </li>
      *                      <li>
      *                         <p>For Amazon CloudFront distributions, use the CloudFront call
-     *                            <code>ListDistributionsByWebACLId</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributionsByWebACLId.html">ListDistributionsByWebACLId</a>.</p>
+     *                            <code>ListDistributionsByWebACLId</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributionsByWebACLId.html">ListDistributionsByWebACLId</a>
+     *                                in the <i>Amazon CloudFront API Reference</i>. </p>
      *                      </li>
      *                   </ul>
      *                </li>
@@ -248,7 +249,8 @@ export declare class WAFV2 extends WAFV2Client {
      *                      </li>
      *                      <li>
      *                         <p>For Amazon CloudFront distributions, provide an empty web ACL ID in the CloudFront call
-     *                            <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>.</p>
+     *                            <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>
+     *                                in the <i>Amazon CloudFront API Reference</i>. </p>
      *                      </li>
      *                   </ul>
      *                </li>
@@ -269,10 +271,10 @@ export declare class WAFV2 extends WAFV2Client {
     /**
      * @public
      * <p>Disassociates the specified regional application resource from any existing web ACL
-     *          association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+     *          association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      *          <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To
      *          disassociate a web ACL, provide an empty web ACL ID in the CloudFront call
-     *             <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>.</p>
+     *             <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a> in the <i>Amazon CloudFront API Reference</i>. </p>
      */
     disassociateWebACL(args: DisassociateWebACLCommandInput, options?: __HttpHandlerOptions): Promise<DisassociateWebACLCommandOutput>;
     disassociateWebACL(args: DisassociateWebACLCommandInput, cb: (err: any, data?: DisassociateWebACLCommandOutput) => void): void;
@@ -713,7 +715,7 @@ export declare class WAFV2 extends WAFV2Client {
      *             </ol>
      *          </note>
      *          <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>
-     *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.  </p>
+     *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
      */
     updateWebACL(args: UpdateWebACLCommandInput, options?: __HttpHandlerOptions): Promise<UpdateWebACLCommandOutput>;
     updateWebACL(args: UpdateWebACLCommandInput, cb: (err: any, data?: UpdateWebACLCommandOutput) => void): void;

package/dist-types/WAFV2Client.d.ts

@@ -220,7 +220,7 @@ export interface WAFV2ClientResolvedConfig extends WAFV2ClientResolvedConfigType
  *          <ul>
  *             <li>
  *                <p>For regional applications, you can use any of the endpoints in the list.
- *                A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service. </p>
+ *                A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. </p>
  *             </li>
  *             <li>
  *                <p>For Amazon CloudFront applications, you must use the API endpoint listed for

package/dist-types/commands/AssociateWebACLCommand.d.ts

@@ -20,10 +20,10 @@ export interface AssociateWebACLCommandOutput extends AssociateWebACLResponse, _
 /**
  * @public
  * <p>Associates a web ACL with a regional application resource, to protect the resource.
- *          A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+ *          A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
  *          <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To
  *          associate a web ACL, in the CloudFront call <code>UpdateDistribution</code>, set the web ACL ID
- *          to the Amazon Resource Name (ARN) of the web ACL. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>.</p>
+ *          to the Amazon Resource Name (ARN) of the web ACL. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a> in the <i>Amazon CloudFront Developer Guide</i>. </p>
  *          <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.

package/dist-types/commands/CheckCapacityCommand.d.ts

@@ -29,8 +29,8 @@ export interface CheckCapacityCommandOutput extends CheckCapacityResponse, __Met
  *          Simple rules that cost little to run use fewer WCUs than more complex rules
  * 				that use more processing power.
  * 				Rule group capacity is fixed at creation, which helps users plan their
- *          web ACL WCU usage when they use a rule group.
- *          The WCU limit for web ACLs is 1,500.  </p>
+ *          web ACL WCU usage when they use a rule group. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html">WAF web ACL capacity units (WCU)</a>
+ *     in the <i>WAF Developer Guide</i>. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/CreateWebACLCommand.d.ts

@@ -20,7 +20,7 @@ export interface CreateWebACLCommandOutput extends CreateWebACLResponse, __Metad
 /**
  * @public
  * <p>Creates a <a>WebACL</a> per the specifications provided.</p>
- *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.  </p>
+ *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -786,6 +786,13 @@ export interface CreateWebACLCommandOutput extends CreateWebACLResponse, __Metad
  *   TokenDomains: [ // TokenDomains
  *     "STRING_VALUE",
  *   ],
+ *   AssociationConfig: { // AssociationConfig
+ *     RequestBody: { // RequestBody
+ *       "<keys>": { // RequestBodyAssociatedResourceTypeConfig
+ *         DefaultSizeInspectionLimit: "KB_16" || "KB_32" || "KB_48" || "KB_64", // required
+ *       },
+ *     },
+ *   },
  * };
  * const command = new CreateWebACLCommand(input);
  * const response = await client.send(command);

package/dist-types/commands/DeleteWebACLCommand.d.ts

@@ -34,7 +34,8 @@ export interface DeleteWebACLCommandOutput extends DeleteWebACLResponse, __Metad
  *                      </li>
  *                      <li>
  *                         <p>For Amazon CloudFront distributions, use the CloudFront call
- *                            <code>ListDistributionsByWebACLId</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributionsByWebACLId.html">ListDistributionsByWebACLId</a>.</p>
+ *                            <code>ListDistributionsByWebACLId</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributionsByWebACLId.html">ListDistributionsByWebACLId</a>
+ *                                in the <i>Amazon CloudFront API Reference</i>. </p>
  *                      </li>
  *                   </ul>
  *                </li>
@@ -46,7 +47,8 @@ export interface DeleteWebACLCommandOutput extends DeleteWebACLResponse, __Metad
  *                      </li>
  *                      <li>
  *                         <p>For Amazon CloudFront distributions, provide an empty web ACL ID in the CloudFront call
- *                            <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>.</p>
+ *                            <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>
+ *                                in the <i>Amazon CloudFront API Reference</i>. </p>
  *                      </li>
  *                   </ul>
  *                </li>

package/dist-types/commands/DisassociateWebACLCommand.d.ts

@@ -20,10 +20,10 @@ export interface DisassociateWebACLCommandOutput extends DisassociateWebACLRespo
 /**
  * @public
  * <p>Disassociates the specified regional application resource from any existing web ACL
- *          association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+ *          association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
  *          <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To
  *          disassociate a web ACL, provide an empty web ACL ID in the CloudFront call
- *             <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>.</p>
+ *             <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a> in the <i>Amazon CloudFront API Reference</i>. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/PutPermissionPolicyCommand.d.ts

@@ -86,7 +86,7 @@ export interface PutPermissionPolicyCommandOutput extends PutPermissionPolicyRes
  *          <p>The policy specifications must conform to the following:</p>
  *          <ul>
  *             <li>
- *                <p>The policy must be composed using IAM Policy version 2012-10-17 or version 2015-01-01.</p>
+ *                <p>The policy must be composed using IAM Policy version 2012-10-17.</p>
  *             </li>
  *             <li>
  *                <p>The policy must include specifications for <code>Effect</code>, <code>Action</code>, and <code>Principal</code>.</p>

package/dist-types/commands/UpdateWebACLCommand.d.ts

@@ -38,7 +38,7 @@ export interface UpdateWebACLCommandOutput extends UpdateWebACLResponse, __Metad
  *             </ol>
  *          </note>
  *          <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>
- *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.  </p>
+ *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -800,6 +800,13 @@ export interface UpdateWebACLCommandOutput extends UpdateWebACLResponse, __Metad
  *   TokenDomains: [ // TokenDomains
  *     "STRING_VALUE",
  *   ],
+ *   AssociationConfig: { // AssociationConfig
+ *     RequestBody: { // RequestBody
+ *       "<keys>": { // RequestBodyAssociatedResourceTypeConfig
+ *         DefaultSizeInspectionLimit: "KB_16" || "KB_32" || "KB_48" || "KB_64", // required
+ *       },
+ *     },
+ *   },
  * };
  * const command = new UpdateWebACLCommand(input);
  * const response = await client.send(command);