@aws-sdk/client-wafv2 3.743.0 → 3.749.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -5
- package/dist-cjs/index.js +19 -0
- package/dist-es/models/models_0.js +12 -0
- package/dist-es/protocols/Aws_json1_1.js +3 -0
- package/dist-types/WAFV2.d.ts +5 -5
- package/dist-types/WAFV2Client.d.ts +5 -5
- package/dist-types/commands/AssociateWebACLCommand.d.ts +3 -6
- package/dist-types/commands/CheckCapacityCommand.d.ts +1 -1
- package/dist-types/commands/CreateRuleGroupCommand.d.ts +1 -1
- package/dist-types/commands/CreateWebACLCommand.d.ts +17 -2
- package/dist-types/commands/DeleteWebACLCommand.d.ts +6 -6
- package/dist-types/commands/DisassociateWebACLCommand.d.ts +3 -5
- package/dist-types/commands/GetWebACLCommand.d.ts +15 -0
- package/dist-types/commands/GetWebACLForResourceCommand.d.ts +16 -1
- package/dist-types/commands/ListResourcesForWebACLCommand.d.ts +1 -1
- package/dist-types/commands/PutLoggingConfigurationCommand.d.ts +1 -0
- package/dist-types/commands/UpdateRuleGroupCommand.d.ts +1 -1
- package/dist-types/commands/UpdateWebACLCommand.d.ts +17 -2
- package/dist-types/index.d.ts +5 -5
- package/dist-types/models/models_0.d.ts +202 -54
- package/dist-types/ts3.4/models/models_0.d.ts +32 -0
- package/package.json +12 -12
|
@@ -709,7 +709,8 @@ export interface UriPath {
|
|
|
709
709
|
* </li>
|
|
710
710
|
* <li>
|
|
711
711
|
* <p>If you have request sampling enabled, the redacted fields configuration for logging has no impact on sampling.
|
|
712
|
-
*
|
|
712
|
+
* You can only exclude fields from request sampling by disabling sampling in the web ACL visibility configuration
|
|
713
|
+
* or by configuring data protection for the web ACL.</p>
|
|
713
714
|
* </li>
|
|
714
715
|
* </ul>
|
|
715
716
|
* </li>
|
|
@@ -2132,38 +2133,38 @@ export interface AWSManagedRulesBotControlRuleSet {
|
|
|
2132
2133
|
*/
|
|
2133
2134
|
export interface ManagedRuleGroupConfig {
|
|
2134
2135
|
/**
|
|
2135
|
-
* @deprecated
|
|
2136
|
-
*
|
|
2137
2136
|
* <note>
|
|
2138
2137
|
* <p>Instead of this setting, provide your configuration under <code>AWSManagedRulesATPRuleSet</code>. </p>
|
|
2139
2138
|
* </note>
|
|
2139
|
+
*
|
|
2140
|
+
* @deprecated
|
|
2140
2141
|
* @public
|
|
2141
2142
|
*/
|
|
2142
2143
|
LoginPath?: string | undefined;
|
|
2143
2144
|
/**
|
|
2144
|
-
* @deprecated
|
|
2145
|
-
*
|
|
2146
2145
|
* <note>
|
|
2147
2146
|
* <p>Instead of this setting, provide your configuration under the request inspection configuration for <code>AWSManagedRulesATPRuleSet</code> or <code>AWSManagedRulesACFPRuleSet</code>. </p>
|
|
2148
2147
|
* </note>
|
|
2148
|
+
*
|
|
2149
|
+
* @deprecated
|
|
2149
2150
|
* @public
|
|
2150
2151
|
*/
|
|
2151
2152
|
PayloadType?: PayloadType | undefined;
|
|
2152
2153
|
/**
|
|
2153
|
-
* @deprecated
|
|
2154
|
-
*
|
|
2155
2154
|
* <note>
|
|
2156
2155
|
* <p>Instead of this setting, provide your configuration under the request inspection configuration for <code>AWSManagedRulesATPRuleSet</code> or <code>AWSManagedRulesACFPRuleSet</code>. </p>
|
|
2157
2156
|
* </note>
|
|
2157
|
+
*
|
|
2158
|
+
* @deprecated
|
|
2158
2159
|
* @public
|
|
2159
2160
|
*/
|
|
2160
2161
|
UsernameField?: UsernameField | undefined;
|
|
2161
2162
|
/**
|
|
2162
|
-
* @deprecated
|
|
2163
|
-
*
|
|
2164
2163
|
* <note>
|
|
2165
2164
|
* <p>Instead of this setting, provide your configuration under the request inspection configuration for <code>AWSManagedRulesATPRuleSet</code> or <code>AWSManagedRulesACFPRuleSet</code>. </p>
|
|
2166
2165
|
* </note>
|
|
2166
|
+
*
|
|
2167
|
+
* @deprecated
|
|
2167
2168
|
* @public
|
|
2168
2169
|
*/
|
|
2169
2170
|
PasswordField?: PasswordField | undefined;
|
|
@@ -2386,12 +2387,18 @@ export interface RuleAction {
|
|
|
2386
2387
|
}
|
|
2387
2388
|
/**
|
|
2388
2389
|
* <p>Action setting to use in the place of a rule action that is configured inside the rule group. You specify one override for each rule whose action you want to change. </p>
|
|
2390
|
+
* <note>
|
|
2391
|
+
* <p>Take care to verify the rule names in your overrides. If you provide a rule name that doesn't match the name of any rule in the rule group, WAF doesn't return an error and doesn't apply the override setting.</p>
|
|
2392
|
+
* </note>
|
|
2389
2393
|
* <p>You can use overrides for testing, for example you can override all of rule actions to <code>Count</code> and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.</p>
|
|
2390
2394
|
* @public
|
|
2391
2395
|
*/
|
|
2392
2396
|
export interface RuleActionOverride {
|
|
2393
2397
|
/**
|
|
2394
2398
|
* <p>The name of the rule to override.</p>
|
|
2399
|
+
* <note>
|
|
2400
|
+
* <p>Take care to verify the rule names in your overrides. If you provide a rule name that doesn't match the name of any rule in the rule group, WAF doesn't return an error and doesn't apply the override setting.</p>
|
|
2401
|
+
* </note>
|
|
2395
2402
|
* @public
|
|
2396
2403
|
*/
|
|
2397
2404
|
Name: string | undefined;
|
|
@@ -2672,6 +2679,9 @@ export interface RuleGroupReferenceStatement {
|
|
|
2672
2679
|
ExcludedRules?: ExcludedRule[] | undefined;
|
|
2673
2680
|
/**
|
|
2674
2681
|
* <p>Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. </p>
|
|
2682
|
+
* <note>
|
|
2683
|
+
* <p>Take care to verify the rule names in your overrides. If you provide a rule name that doesn't match the name of any rule in the rule group, WAF doesn't return an error and doesn't apply the override setting.</p>
|
|
2684
|
+
* </note>
|
|
2675
2685
|
* <p>You can use overrides for testing, for example you can override all of rule actions to <code>Count</code> and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.</p>
|
|
2676
2686
|
* @public
|
|
2677
2687
|
*/
|
|
@@ -2926,6 +2936,7 @@ export declare const ParameterExceptionField: {
|
|
|
2926
2936
|
readonly CUSTOM_REQUEST_HANDLING: "CUSTOM_REQUEST_HANDLING";
|
|
2927
2937
|
readonly CUSTOM_RESPONSE: "CUSTOM_RESPONSE";
|
|
2928
2938
|
readonly CUSTOM_RESPONSE_BODY: "CUSTOM_RESPONSE_BODY";
|
|
2939
|
+
readonly DATA_PROTECTION_CONFIG: "DATA_PROTECTION_CONFIG";
|
|
2929
2940
|
readonly DEFAULT_ACTION: "DEFAULT_ACTION";
|
|
2930
2941
|
readonly ENTITY_LIMIT: "ENTITY_LIMIT";
|
|
2931
2942
|
readonly EXCLUDED_RULE: "EXCLUDED_RULE";
|
|
@@ -3052,7 +3063,7 @@ export declare class WAFNonexistentItemException extends __BaseException {
|
|
|
3052
3063
|
* <p>WAF couldn’t retrieve a resource that you specified for this operation.
|
|
3053
3064
|
* If you've just created a resource that you're using in this operation, you might
|
|
3054
3065
|
* just need to wait a few minutes. It can take from a few seconds to a number of minutes
|
|
3055
|
-
* for changes to propagate. Verify the
|
|
3066
|
+
* for changes to propagate. Verify the resource specifications in your request
|
|
3056
3067
|
* parameters and then retry the operation.</p>
|
|
3057
3068
|
* @public
|
|
3058
3069
|
*/
|
|
@@ -3225,9 +3236,11 @@ export interface VisibilityConfig {
|
|
|
3225
3236
|
/**
|
|
3226
3237
|
* <p>Indicates whether WAF should store a sampling of the web requests that
|
|
3227
3238
|
* match the rules. You can view the sampled requests through the WAF console. </p>
|
|
3239
|
+
* <p>If you configure data protection for the web ACL, the protection applies to the web ACL's sampled web request data. </p>
|
|
3228
3240
|
* <note>
|
|
3229
3241
|
* <p>Request sampling doesn't provide a field redaction option, and any field redaction that you specify in your logging configuration doesn't affect sampling.
|
|
3230
|
-
*
|
|
3242
|
+
* You can only exclude fields from request sampling by disabling sampling in the web ACL visibility configuration
|
|
3243
|
+
* or by configuring data protection for the web ACL.</p>
|
|
3231
3244
|
* </note>
|
|
3232
3245
|
* @public
|
|
3233
3246
|
*/
|
|
@@ -3343,7 +3356,7 @@ export declare class WAFSubscriptionNotFoundException extends __BaseException {
|
|
|
3343
3356
|
*/
|
|
3344
3357
|
export interface CreateAPIKeyRequest {
|
|
3345
3358
|
/**
|
|
3346
|
-
* <p>Specifies whether this is for
|
|
3359
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
3347
3360
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
3348
3361
|
* <ul>
|
|
3349
3362
|
* <li>
|
|
@@ -3425,7 +3438,7 @@ export interface CreateIPSetRequest {
|
|
|
3425
3438
|
*/
|
|
3426
3439
|
Name: string | undefined;
|
|
3427
3440
|
/**
|
|
3428
|
-
* <p>Specifies whether this is for
|
|
3441
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
3429
3442
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
3430
3443
|
* <ul>
|
|
3431
3444
|
* <li>
|
|
@@ -3612,7 +3625,7 @@ export interface CreateRegexPatternSetRequest {
|
|
|
3612
3625
|
*/
|
|
3613
3626
|
Name: string | undefined;
|
|
3614
3627
|
/**
|
|
3615
|
-
* <p>Specifies whether this is for
|
|
3628
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
3616
3629
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
3617
3630
|
* <ul>
|
|
3618
3631
|
* <li>
|
|
@@ -3759,6 +3772,110 @@ export interface CreateRuleGroupResponse {
|
|
|
3759
3772
|
*/
|
|
3760
3773
|
Summary?: RuleGroupSummary | undefined;
|
|
3761
3774
|
}
|
|
3775
|
+
/**
|
|
3776
|
+
* @public
|
|
3777
|
+
* @enum
|
|
3778
|
+
*/
|
|
3779
|
+
export declare const DataProtectionAction: {
|
|
3780
|
+
readonly HASH: "HASH";
|
|
3781
|
+
readonly SUBSTITUTION: "SUBSTITUTION";
|
|
3782
|
+
};
|
|
3783
|
+
/**
|
|
3784
|
+
* @public
|
|
3785
|
+
*/
|
|
3786
|
+
export type DataProtectionAction = (typeof DataProtectionAction)[keyof typeof DataProtectionAction];
|
|
3787
|
+
/**
|
|
3788
|
+
* @public
|
|
3789
|
+
* @enum
|
|
3790
|
+
*/
|
|
3791
|
+
export declare const FieldToProtectType: {
|
|
3792
|
+
readonly BODY: "BODY";
|
|
3793
|
+
readonly QUERY_STRING: "QUERY_STRING";
|
|
3794
|
+
readonly SINGLE_COOKIE: "SINGLE_COOKIE";
|
|
3795
|
+
readonly SINGLE_HEADER: "SINGLE_HEADER";
|
|
3796
|
+
readonly SINGLE_QUERY_ARGUMENT: "SINGLE_QUERY_ARGUMENT";
|
|
3797
|
+
};
|
|
3798
|
+
/**
|
|
3799
|
+
* @public
|
|
3800
|
+
*/
|
|
3801
|
+
export type FieldToProtectType = (typeof FieldToProtectType)[keyof typeof FieldToProtectType];
|
|
3802
|
+
/**
|
|
3803
|
+
* <p>Specifies a field type and keys to protect in stored web request data. This is part of the data protection configuration for a web ACL. </p>
|
|
3804
|
+
* @public
|
|
3805
|
+
*/
|
|
3806
|
+
export interface FieldToProtect {
|
|
3807
|
+
/**
|
|
3808
|
+
* <p>Specifies the web request component type to protect. </p>
|
|
3809
|
+
* @public
|
|
3810
|
+
*/
|
|
3811
|
+
FieldType: FieldToProtectType | undefined;
|
|
3812
|
+
/**
|
|
3813
|
+
* <p>Specifies the keys to protect for the specified field type. If you don't specify any key, then all keys for the field type are protected. </p>
|
|
3814
|
+
* @public
|
|
3815
|
+
*/
|
|
3816
|
+
FieldKeys?: string[] | undefined;
|
|
3817
|
+
}
|
|
3818
|
+
/**
|
|
3819
|
+
* <p>Specifies the protection behavior for a field type. This is part of the data protection configuration for a web ACL. </p>
|
|
3820
|
+
* @public
|
|
3821
|
+
*/
|
|
3822
|
+
export interface DataProtection {
|
|
3823
|
+
/**
|
|
3824
|
+
* <p>Specifies the field type and optional keys to apply the protection behavior to. </p>
|
|
3825
|
+
* @public
|
|
3826
|
+
*/
|
|
3827
|
+
Field: FieldToProtect | undefined;
|
|
3828
|
+
/**
|
|
3829
|
+
* <p>Specifies how to protect the field. WAF can apply a one-way hash to the field or hard code a string substitution. </p>
|
|
3830
|
+
* <ul>
|
|
3831
|
+
* <li>
|
|
3832
|
+
* <p>One-way hash example: <code>ade099751dEXAMPLEHASH2ea9f3393f80dd5d3bEXAMPLEHASH966ae0d3cd5a1e</code>
|
|
3833
|
+
* </p>
|
|
3834
|
+
* </li>
|
|
3835
|
+
* <li>
|
|
3836
|
+
* <p>Substitution example: <code>REDACTED</code>
|
|
3837
|
+
* </p>
|
|
3838
|
+
* </li>
|
|
3839
|
+
* </ul>
|
|
3840
|
+
* @public
|
|
3841
|
+
*/
|
|
3842
|
+
Action: DataProtectionAction | undefined;
|
|
3843
|
+
/**
|
|
3844
|
+
* <p>Specifies whether to also protect any rule match details from the web ACL logs when applying data protection this field type and keys. WAF logs these details for non-terminating
|
|
3845
|
+
* matching rules and for the terminating matching rule. For additional information, see
|
|
3846
|
+
* <a href="https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html">Log fields for web ACL traffic</a> in the
|
|
3847
|
+
* <i>WAF Developer Guide</i>.</p>
|
|
3848
|
+
* <p>Default: <code>FALSE</code>
|
|
3849
|
+
* </p>
|
|
3850
|
+
* @public
|
|
3851
|
+
*/
|
|
3852
|
+
ExcludeRuleMatchDetails?: boolean | undefined;
|
|
3853
|
+
/**
|
|
3854
|
+
* <p>Specifies whether to also protect any rate-based rule details from the web ACL logs when applying data protection for this field type and keys.
|
|
3855
|
+
* For additional information, see the log field <code>rateBasedRuleList</code> at
|
|
3856
|
+
* <a href="https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html">Log fields for web ACL traffic</a> in the
|
|
3857
|
+
* <i>WAF Developer Guide</i>.</p>
|
|
3858
|
+
* <p>Default: <code>FALSE</code>
|
|
3859
|
+
* </p>
|
|
3860
|
+
* @public
|
|
3861
|
+
*/
|
|
3862
|
+
ExcludeRateBasedDetails?: boolean | undefined;
|
|
3863
|
+
}
|
|
3864
|
+
/**
|
|
3865
|
+
* <p>Specifies data protection to apply to the web request data that WAF stores for the web ACL. This is a web ACL level data protection option. </p>
|
|
3866
|
+
* <p>The data protection that you configure for the web ACL alters the data that's available for any other data collection activity,
|
|
3867
|
+
* including WAF logging, web ACL request sampling, Amazon Web Services Managed Rules, and Amazon Security Lake data collection and management. Your other option for data protection is in the logging configuration, which only affects logging. </p>
|
|
3868
|
+
* <p>This is part of the data protection configuration for a web ACL. </p>
|
|
3869
|
+
* @public
|
|
3870
|
+
*/
|
|
3871
|
+
export interface DataProtectionConfig {
|
|
3872
|
+
/**
|
|
3873
|
+
* <p>An array of data protection configurations for specific web request field types. This is defined for each
|
|
3874
|
+
* web ACL. WAF applies the specified protection to all web requests that the web ACL inspects. </p>
|
|
3875
|
+
* @public
|
|
3876
|
+
*/
|
|
3877
|
+
DataProtections: DataProtection[] | undefined;
|
|
3878
|
+
}
|
|
3762
3879
|
/**
|
|
3763
3880
|
* <p>In a <a>WebACL</a>, this is the action that you want WAF to perform
|
|
3764
3881
|
* when a web request doesn't match any of the rules in the <code>WebACL</code>. The default
|
|
@@ -3846,7 +3963,7 @@ export declare class WAFConfigurationWarningException extends __BaseException {
|
|
|
3846
3963
|
*/
|
|
3847
3964
|
export interface DeleteAPIKeyRequest {
|
|
3848
3965
|
/**
|
|
3849
|
-
* <p>Specifies whether this is for
|
|
3966
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
3850
3967
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
3851
3968
|
* <ul>
|
|
3852
3969
|
* <li>
|
|
@@ -3905,7 +4022,7 @@ export interface DeleteIPSetRequest {
|
|
|
3905
4022
|
*/
|
|
3906
4023
|
Name: string | undefined;
|
|
3907
4024
|
/**
|
|
3908
|
-
* <p>Specifies whether this is for
|
|
4025
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
3909
4026
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
3910
4027
|
* <ul>
|
|
3911
4028
|
* <li>
|
|
@@ -4030,7 +4147,7 @@ export interface DeleteRegexPatternSetRequest {
|
|
|
4030
4147
|
*/
|
|
4031
4148
|
Name: string | undefined;
|
|
4032
4149
|
/**
|
|
4033
|
-
* <p>Specifies whether this is for
|
|
4150
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
4034
4151
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
4035
4152
|
* <ul>
|
|
4036
4153
|
* <li>
|
|
@@ -4069,7 +4186,7 @@ export interface DeleteRuleGroupRequest {
|
|
|
4069
4186
|
*/
|
|
4070
4187
|
Name: string | undefined;
|
|
4071
4188
|
/**
|
|
4072
|
-
* <p>Specifies whether this is for
|
|
4189
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
4073
4190
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
4074
4191
|
* <ul>
|
|
4075
4192
|
* <li>
|
|
@@ -4108,7 +4225,7 @@ export interface DeleteWebACLRequest {
|
|
|
4108
4225
|
*/
|
|
4109
4226
|
Name: string | undefined;
|
|
4110
4227
|
/**
|
|
4111
|
-
* <p>Specifies whether this is for
|
|
4228
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
4112
4229
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
4113
4230
|
* <ul>
|
|
4114
4231
|
* <li>
|
|
@@ -4142,7 +4259,7 @@ export interface DeleteWebACLResponse {
|
|
|
4142
4259
|
*/
|
|
4143
4260
|
export interface DescribeAllManagedProductsRequest {
|
|
4144
4261
|
/**
|
|
4145
|
-
* <p>Specifies whether this is for
|
|
4262
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
4146
4263
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
4147
4264
|
* <ul>
|
|
4148
4265
|
* <li>
|
|
@@ -4231,7 +4348,7 @@ export interface DescribeManagedProductsByVendorRequest {
|
|
|
4231
4348
|
*/
|
|
4232
4349
|
VendorName: string | undefined;
|
|
4233
4350
|
/**
|
|
4234
|
-
* <p>Specifies whether this is for
|
|
4351
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
4235
4352
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
4236
4353
|
* <ul>
|
|
4237
4354
|
* <li>
|
|
@@ -4270,7 +4387,7 @@ export interface DescribeManagedRuleGroupRequest {
|
|
|
4270
4387
|
*/
|
|
4271
4388
|
Name: string | undefined;
|
|
4272
4389
|
/**
|
|
4273
|
-
* <p>Specifies whether this is for
|
|
4390
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
4274
4391
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
4275
4392
|
* <ul>
|
|
4276
4393
|
* <li>
|
|
@@ -4486,7 +4603,7 @@ export interface GenerateMobileSdkReleaseUrlResponse {
|
|
|
4486
4603
|
*/
|
|
4487
4604
|
export interface GetDecryptedAPIKeyRequest {
|
|
4488
4605
|
/**
|
|
4489
|
-
* <p>Specifies whether this is for
|
|
4606
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
4490
4607
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
4491
4608
|
* <ul>
|
|
4492
4609
|
* <li>
|
|
@@ -4530,7 +4647,7 @@ export interface GetIPSetRequest {
|
|
|
4530
4647
|
*/
|
|
4531
4648
|
Name: string | undefined;
|
|
4532
4649
|
/**
|
|
4533
|
-
* <p>Specifies whether this is for
|
|
4650
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
4534
4651
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
4535
4652
|
* <ul>
|
|
4536
4653
|
* <li>
|
|
@@ -4768,6 +4885,7 @@ export interface LoggingFilter {
|
|
|
4768
4885
|
* from WAF. As part of the association, you can specify parts of the standard logging
|
|
4769
4886
|
* fields to keep out of the logs and you can specify filters so that you log only a subset of
|
|
4770
4887
|
* the logging records. </p>
|
|
4888
|
+
* <p>If you configure data protection for the web ACL, the protection applies to the data that WAF sends to the logs. </p>
|
|
4771
4889
|
* <note>
|
|
4772
4890
|
* <p>You can define one logging destination per web ACL.</p>
|
|
4773
4891
|
* </note>
|
|
@@ -4817,6 +4935,7 @@ export interface LoggingConfiguration {
|
|
|
4817
4935
|
* redact the <code>SingleHeader</code> field, the <code>HEADER</code> field in the logs will
|
|
4818
4936
|
* be <code>REDACTED</code> for all rules that use the <code>SingleHeader</code>
|
|
4819
4937
|
* <code>FieldToMatch</code> setting. </p>
|
|
4938
|
+
* <p>If you configure data protection for the web ACL, the protection applies to the data that WAF sends to the logs. </p>
|
|
4820
4939
|
* <p>Redaction applies only to the component that's specified in the rule's <code>FieldToMatch</code> setting, so the <code>SingleHeader</code> redaction
|
|
4821
4940
|
* doesn't apply to rules that use the <code>Headers</code>
|
|
4822
4941
|
* <code>FieldToMatch</code>.</p>
|
|
@@ -4825,8 +4944,8 @@ export interface LoggingConfiguration {
|
|
|
4825
4944
|
* <code>QueryString</code>, <code>SingleHeader</code>, and <code>Method</code>.</p>
|
|
4826
4945
|
* </note>
|
|
4827
4946
|
* <note>
|
|
4828
|
-
* <p>This setting has no impact on request sampling.
|
|
4829
|
-
*
|
|
4947
|
+
* <p>This setting has no impact on request sampling. You can only exclude fields from request sampling by disabling sampling in the web ACL visibility configuration
|
|
4948
|
+
* or by configuring data protection for the web ACL.</p>
|
|
4830
4949
|
* </note>
|
|
4831
4950
|
* @public
|
|
4832
4951
|
*/
|
|
@@ -4888,7 +5007,7 @@ export interface GetManagedRuleSetRequest {
|
|
|
4888
5007
|
*/
|
|
4889
5008
|
Name: string | undefined;
|
|
4890
5009
|
/**
|
|
4891
|
-
* <p>Specifies whether this is for
|
|
5010
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
4892
5011
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
4893
5012
|
* <ul>
|
|
4894
5013
|
* <li>
|
|
@@ -5115,7 +5234,7 @@ export interface GetPermissionPolicyResponse {
|
|
|
5115
5234
|
*/
|
|
5116
5235
|
export interface GetRateBasedStatementManagedKeysRequest {
|
|
5117
5236
|
/**
|
|
5118
|
-
* <p>Specifies whether this is for
|
|
5237
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
5119
5238
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
5120
5239
|
* <ul>
|
|
5121
5240
|
* <li>
|
|
@@ -5210,7 +5329,7 @@ export interface GetRegexPatternSetRequest {
|
|
|
5210
5329
|
*/
|
|
5211
5330
|
Name: string | undefined;
|
|
5212
5331
|
/**
|
|
5213
|
-
* <p>Specifies whether this is for
|
|
5332
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
5214
5333
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
5215
5334
|
* <ul>
|
|
5216
5335
|
* <li>
|
|
@@ -5287,7 +5406,7 @@ export interface GetRuleGroupRequest {
|
|
|
5287
5406
|
*/
|
|
5288
5407
|
Name?: string | undefined;
|
|
5289
5408
|
/**
|
|
5290
|
-
* <p>Specifies whether this is for
|
|
5409
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
5291
5410
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
5292
5411
|
* <ul>
|
|
5293
5412
|
* <li>
|
|
@@ -5365,7 +5484,7 @@ export interface GetSampledRequestsRequest {
|
|
|
5365
5484
|
*/
|
|
5366
5485
|
RuleMetricName: string | undefined;
|
|
5367
5486
|
/**
|
|
5368
|
-
* <p>Specifies whether this is for
|
|
5487
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
5369
5488
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
5370
5489
|
* <ul>
|
|
5371
5490
|
* <li>
|
|
@@ -5648,7 +5767,7 @@ export interface GetWebACLRequest {
|
|
|
5648
5767
|
*/
|
|
5649
5768
|
Name: string | undefined;
|
|
5650
5769
|
/**
|
|
5651
|
-
* <p>Specifies whether this is for
|
|
5770
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
5652
5771
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
5653
5772
|
* <ul>
|
|
5654
5773
|
* <li>
|
|
@@ -5715,7 +5834,7 @@ export interface GetWebACLForResourceRequest {
|
|
|
5715
5834
|
*/
|
|
5716
5835
|
export interface ListAPIKeysRequest {
|
|
5717
5836
|
/**
|
|
5718
|
-
* <p>Specifies whether this is for
|
|
5837
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
5719
5838
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
5720
5839
|
* <ul>
|
|
5721
5840
|
* <li>
|
|
@@ -5770,7 +5889,7 @@ export interface ListAPIKeysResponse {
|
|
|
5770
5889
|
*/
|
|
5771
5890
|
export interface ListAvailableManagedRuleGroupsRequest {
|
|
5772
5891
|
/**
|
|
5773
|
-
* <p>Specifies whether this is for
|
|
5892
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
5774
5893
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
5775
5894
|
* <ul>
|
|
5776
5895
|
* <li>
|
|
@@ -5857,7 +5976,7 @@ export interface ListAvailableManagedRuleGroupVersionsRequest {
|
|
|
5857
5976
|
*/
|
|
5858
5977
|
Name: string | undefined;
|
|
5859
5978
|
/**
|
|
5860
|
-
* <p>Specifies whether this is for
|
|
5979
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
5861
5980
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
5862
5981
|
* <ul>
|
|
5863
5982
|
* <li>
|
|
@@ -5929,7 +6048,7 @@ export interface ListAvailableManagedRuleGroupVersionsResponse {
|
|
|
5929
6048
|
*/
|
|
5930
6049
|
export interface ListIPSetsRequest {
|
|
5931
6050
|
/**
|
|
5932
|
-
* <p>Specifies whether this is for
|
|
6051
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
5933
6052
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
5934
6053
|
* <ul>
|
|
5935
6054
|
* <li>
|
|
@@ -5979,7 +6098,7 @@ export interface ListIPSetsResponse {
|
|
|
5979
6098
|
*/
|
|
5980
6099
|
export interface ListLoggingConfigurationsRequest {
|
|
5981
6100
|
/**
|
|
5982
|
-
* <p>Specifies whether this is for
|
|
6101
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
5983
6102
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
5984
6103
|
* <ul>
|
|
5985
6104
|
* <li>
|
|
@@ -6039,7 +6158,7 @@ export interface ListLoggingConfigurationsResponse {
|
|
|
6039
6158
|
*/
|
|
6040
6159
|
export interface ListManagedRuleSetsRequest {
|
|
6041
6160
|
/**
|
|
6042
|
-
* <p>Specifies whether this is for
|
|
6161
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
6043
6162
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
6044
6163
|
* <ul>
|
|
6045
6164
|
* <li>
|
|
@@ -6200,7 +6319,7 @@ export interface ListMobileSdkReleasesResponse {
|
|
|
6200
6319
|
*/
|
|
6201
6320
|
export interface ListRegexPatternSetsRequest {
|
|
6202
6321
|
/**
|
|
6203
|
-
* <p>Specifies whether this is for
|
|
6322
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
6204
6323
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
6205
6324
|
* <ul>
|
|
6206
6325
|
* <li>
|
|
@@ -6271,8 +6390,10 @@ export interface ListResourcesForWebACLRequest {
|
|
|
6271
6390
|
*/
|
|
6272
6391
|
WebACLArn: string | undefined;
|
|
6273
6392
|
/**
|
|
6274
|
-
* <p>
|
|
6275
|
-
*
|
|
6393
|
+
* <p>Retrieves the web ACLs that are used by the specified resource type. </p>
|
|
6394
|
+
* <p>For Amazon CloudFront, don't use this call. Instead, use the CloudFront call
|
|
6395
|
+
* <code>ListDistributionsByWebACLId</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributionsByWebACLId.html">ListDistributionsByWebACLId</a>
|
|
6396
|
+
* in the <i>Amazon CloudFront API Reference</i>. </p>
|
|
6276
6397
|
* <note>
|
|
6277
6398
|
* <p>If you don't provide a resource type, the call uses the resource type <code>APPLICATION_LOAD_BALANCER</code>. </p>
|
|
6278
6399
|
* </note>
|
|
@@ -6297,7 +6418,7 @@ export interface ListResourcesForWebACLResponse {
|
|
|
6297
6418
|
*/
|
|
6298
6419
|
export interface ListRuleGroupsRequest {
|
|
6299
6420
|
/**
|
|
6300
|
-
* <p>Specifies whether this is for
|
|
6421
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
6301
6422
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
6302
6423
|
* <ul>
|
|
6303
6424
|
* <li>
|
|
@@ -6413,7 +6534,7 @@ export interface ListTagsForResourceResponse {
|
|
|
6413
6534
|
*/
|
|
6414
6535
|
export interface ListWebACLsRequest {
|
|
6415
6536
|
/**
|
|
6416
|
-
* <p>Specifies whether this is for
|
|
6537
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
6417
6538
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
6418
6539
|
* <ul>
|
|
6419
6540
|
* <li>
|
|
@@ -6546,7 +6667,7 @@ export interface PutManagedRuleSetVersionsRequest {
|
|
|
6546
6667
|
*/
|
|
6547
6668
|
Name: string | undefined;
|
|
6548
6669
|
/**
|
|
6549
|
-
* <p>Specifies whether this is for
|
|
6670
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
6550
6671
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
6551
6672
|
* <ul>
|
|
6552
6673
|
* <li>
|
|
@@ -6722,7 +6843,7 @@ export interface UpdateIPSetRequest {
|
|
|
6722
6843
|
*/
|
|
6723
6844
|
Name: string | undefined;
|
|
6724
6845
|
/**
|
|
6725
|
-
* <p>Specifies whether this is for
|
|
6846
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
6726
6847
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
6727
6848
|
* <ul>
|
|
6728
6849
|
* <li>
|
|
@@ -6812,7 +6933,7 @@ export interface UpdateManagedRuleSetVersionExpiryDateRequest {
|
|
|
6812
6933
|
*/
|
|
6813
6934
|
Name: string | undefined;
|
|
6814
6935
|
/**
|
|
6815
|
-
* <p>Specifies whether this is for
|
|
6936
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
6816
6937
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
6817
6938
|
* <ul>
|
|
6818
6939
|
* <li>
|
|
@@ -6879,7 +7000,7 @@ export interface UpdateRegexPatternSetRequest {
|
|
|
6879
7000
|
*/
|
|
6880
7001
|
Name: string | undefined;
|
|
6881
7002
|
/**
|
|
6882
|
-
* <p>Specifies whether this is for
|
|
7003
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
6883
7004
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
6884
7005
|
* <ul>
|
|
6885
7006
|
* <li>
|
|
@@ -7184,6 +7305,9 @@ export interface ManagedRuleGroupStatement {
|
|
|
7184
7305
|
ManagedRuleGroupConfigs?: ManagedRuleGroupConfig[] | undefined;
|
|
7185
7306
|
/**
|
|
7186
7307
|
* <p>Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change. </p>
|
|
7308
|
+
* <note>
|
|
7309
|
+
* <p>Take care to verify the rule names in your overrides. If you provide a rule name that doesn't match the name of any rule in the rule group, WAF doesn't return an error and doesn't apply the override setting.</p>
|
|
7310
|
+
* </note>
|
|
7187
7311
|
* <p>You can use overrides for testing, for example you can override all of rule actions to <code>Count</code> and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.</p>
|
|
7188
7312
|
* @public
|
|
7189
7313
|
*/
|
|
@@ -7274,7 +7398,7 @@ export interface NotStatement {
|
|
|
7274
7398
|
*/
|
|
7275
7399
|
export interface RateBasedStatement {
|
|
7276
7400
|
/**
|
|
7277
|
-
* <p>The limit on requests
|
|
7401
|
+
* <p>The limit on requests during the specified evaluation window for a single aggregation instance for the rate-based rule.
|
|
7278
7402
|
* If the rate-based statement includes a <code>ScopeDownStatement</code>, this limit is applied only to the
|
|
7279
7403
|
* requests that match the statement.</p>
|
|
7280
7404
|
* <p>Examples: </p>
|
|
@@ -7421,6 +7545,9 @@ export interface Rule {
|
|
|
7421
7545
|
* fully qualified labels to matching web requests. A fully qualified label is the
|
|
7422
7546
|
* concatenation of a label namespace and a rule label. The rule's rule group or web ACL
|
|
7423
7547
|
* defines the label namespace. </p>
|
|
7548
|
+
* <note>
|
|
7549
|
+
* <p>Any rule that isn't a rule group reference statement or managed rule group statement can add labels to matching web requests.</p>
|
|
7550
|
+
* </note>
|
|
7424
7551
|
* <p>Rules that run after this rule in the web ACL can match against these labels using a
|
|
7425
7552
|
* <code>LabelMatchStatement</code>.</p>
|
|
7426
7553
|
* <p>For each label, provide a case-sensitive string containing optional namespaces and a
|
|
@@ -7549,7 +7676,7 @@ export interface FirewallManagerRuleGroup {
|
|
|
7549
7676
|
*/
|
|
7550
7677
|
export interface CheckCapacityRequest {
|
|
7551
7678
|
/**
|
|
7552
|
-
* <p>Specifies whether this is for
|
|
7679
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
7553
7680
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
7554
7681
|
* <ul>
|
|
7555
7682
|
* <li>
|
|
@@ -7579,7 +7706,7 @@ export interface CreateRuleGroupRequest {
|
|
|
7579
7706
|
*/
|
|
7580
7707
|
Name: string | undefined;
|
|
7581
7708
|
/**
|
|
7582
|
-
* <p>Specifies whether this is for
|
|
7709
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
7583
7710
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
7584
7711
|
* <ul>
|
|
7585
7712
|
* <li>
|
|
@@ -7652,7 +7779,7 @@ export interface CreateWebACLRequest {
|
|
|
7652
7779
|
*/
|
|
7653
7780
|
Name: string | undefined;
|
|
7654
7781
|
/**
|
|
7655
|
-
* <p>Specifies whether this is for
|
|
7782
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
7656
7783
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
7657
7784
|
* <ul>
|
|
7658
7785
|
* <li>
|
|
@@ -7688,6 +7815,13 @@ export interface CreateWebACLRequest {
|
|
|
7688
7815
|
* @public
|
|
7689
7816
|
*/
|
|
7690
7817
|
VisibilityConfig: VisibilityConfig | undefined;
|
|
7818
|
+
/**
|
|
7819
|
+
* <p>Specifies data protection to apply to the web request data that WAF stores for the web ACL. This is a web ACL level data protection option. </p>
|
|
7820
|
+
* <p>The data protection that you configure for the web ACL alters the data that's available for any other data collection activity,
|
|
7821
|
+
* including WAF logging, web ACL request sampling, Amazon Web Services Managed Rules, and Amazon Security Lake data collection and management. Your other option for data protection is in the logging configuration, which only affects logging. </p>
|
|
7822
|
+
* @public
|
|
7823
|
+
*/
|
|
7824
|
+
DataProtectionConfig?: DataProtectionConfig | undefined;
|
|
7691
7825
|
/**
|
|
7692
7826
|
* <p>An array of key:value pairs to associate with the resource.</p>
|
|
7693
7827
|
* @public
|
|
@@ -7838,7 +7972,7 @@ export interface UpdateRuleGroupRequest {
|
|
|
7838
7972
|
*/
|
|
7839
7973
|
Name: string | undefined;
|
|
7840
7974
|
/**
|
|
7841
|
-
* <p>Specifies whether this is for
|
|
7975
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
7842
7976
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
7843
7977
|
* <ul>
|
|
7844
7978
|
* <li>
|
|
@@ -7900,7 +8034,7 @@ export interface UpdateWebACLRequest {
|
|
|
7900
8034
|
*/
|
|
7901
8035
|
Name: string | undefined;
|
|
7902
8036
|
/**
|
|
7903
|
-
* <p>Specifies whether this is for
|
|
8037
|
+
* <p>Specifies whether this is for a global resource type, such as a Amazon CloudFront distribution. </p>
|
|
7904
8038
|
* <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
|
|
7905
8039
|
* <ul>
|
|
7906
8040
|
* <li>
|
|
@@ -7941,6 +8075,13 @@ export interface UpdateWebACLRequest {
|
|
|
7941
8075
|
* @public
|
|
7942
8076
|
*/
|
|
7943
8077
|
VisibilityConfig: VisibilityConfig | undefined;
|
|
8078
|
+
/**
|
|
8079
|
+
* <p>Specifies data protection to apply to the web request data that WAF stores for the web ACL. This is a web ACL level data protection option. </p>
|
|
8080
|
+
* <p>The data protection that you configure for the web ACL alters the data that's available for any other data collection activity,
|
|
8081
|
+
* including WAF logging, web ACL request sampling, Amazon Web Services Managed Rules, and Amazon Security Lake data collection and management. Your other option for data protection is in the logging configuration, which only affects logging. </p>
|
|
8082
|
+
* @public
|
|
8083
|
+
*/
|
|
8084
|
+
DataProtectionConfig?: DataProtectionConfig | undefined;
|
|
7944
8085
|
/**
|
|
7945
8086
|
* <p>A token used for optimistic locking. WAF returns a token to your <code>get</code> and <code>list</code> requests, to mark the state of the entity at the time of the request. To make changes to the entity associated with the token, you provide the token to operations like <code>update</code> and <code>delete</code>. WAF uses the token to ensure that no changes have been made to the entity since you last retrieved it. If a change has been made, the update fails with a <code>WAFOptimisticLockException</code>. If this happens, perform another <code>get</code>, and use the new token returned by that operation. </p>
|
|
7946
8087
|
* @public
|
|
@@ -8003,7 +8144,7 @@ export interface GetRuleGroupResponse {
|
|
|
8003
8144
|
LockToken?: string | undefined;
|
|
8004
8145
|
}
|
|
8005
8146
|
/**
|
|
8006
|
-
* <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The
|
|
8147
|
+
* <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resource types include Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync GraphQL API, Amazon Cognito user pool, App Runner service, and Amazon Web Services Verified Access instance. </p>
|
|
8007
8148
|
* @public
|
|
8008
8149
|
*/
|
|
8009
8150
|
export interface WebACL {
|
|
@@ -8048,6 +8189,13 @@ export interface WebACL {
|
|
|
8048
8189
|
* @public
|
|
8049
8190
|
*/
|
|
8050
8191
|
VisibilityConfig: VisibilityConfig | undefined;
|
|
8192
|
+
/**
|
|
8193
|
+
* <p>Specifies data protection to apply to the web request data that WAF stores for the web ACL. This is a web ACL level data protection option. </p>
|
|
8194
|
+
* <p>The data protection that you configure for the web ACL alters the data that's available for any other data collection activity,
|
|
8195
|
+
* including WAF logging, web ACL request sampling, Amazon Web Services Managed Rules, and Amazon Security Lake data collection and management. Your other option for data protection is in the logging configuration, which only affects logging. </p>
|
|
8196
|
+
* @public
|
|
8197
|
+
*/
|
|
8198
|
+
DataProtectionConfig?: DataProtectionConfig | undefined;
|
|
8051
8199
|
/**
|
|
8052
8200
|
* <p>The web ACL capacity units (WCUs) currently being used by this web ACL. </p>
|
|
8053
8201
|
* <p>WAF uses WCUs to calculate and control the operating
|