@aws-sdk/client-wafv2 3.744.0 → 3.749.0

package/README.md

@@ -6,7 +6,7 @@
 
 AWS SDK for JavaScript WAFV2 Client for Node.js, Browser and React Native.
 
-<fullname>WAF</fullname>
+<fullname>WAF </fullname>
 <note>
 
 <p>This is the latest version of the <b>WAF</b> API,
@@ -20,8 +20,8 @@ WAF resources that you created before. WAF Classic support will end on September
 see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
 </note>
 <p>WAF is a web application firewall that lets you monitor the HTTP and HTTPS
-requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync
-GraphQL API, Amazon Cognito user pool, App Runner service, or Amazon Web Services Verified Access instance. WAF also lets you control access to your content,
+requests that are forwarded to a protected resource. Protected resource types include Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync
+GraphQL API, Amazon Cognito user pool, App Runner service, and Amazon Web Services Verified Access instance. WAF also lets you control access to your content,
 to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that
 you specify, such as the IP addresses that requests originate from or the values of query
 strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code
@@ -33,11 +33,11 @@ Guide</a>.</p>
 <p>You can make calls using the endpoints listed in <a href="https://docs.aws.amazon.com/general/latest/gr/waf.html">WAF endpoints and quotas</a>. </p>
 <ul>
 <li>
-<p>For regional applications, you can use any of the endpoints in the list.
+<p>For regional resources, you can use any of the endpoints in the list.
 A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance. </p>
 </li>
 <li>
-<p>For Amazon CloudFront applications, you must use the API endpoint listed for
+<p>For Amazon CloudFront, you must use the API endpoint listed for
 US East (N. Virginia): us-east-1.</p>
 </li>
 </ul>

package/dist-cjs/index.js

@@ -33,6 +33,7 @@ __export(src_exports, {
   CreateRegexPatternSetCommand: () => CreateRegexPatternSetCommand,
   CreateRuleGroupCommand: () => CreateRuleGroupCommand,
   CreateWebACLCommand: () => CreateWebACLCommand,
+  DataProtectionAction: () => DataProtectionAction,
   DeleteAPIKeyCommand: () => DeleteAPIKeyCommand,
   DeleteFirewallManagerRuleGroupsCommand: () => DeleteFirewallManagerRuleGroupsCommand,
   DeleteIPSetCommand: () => DeleteIPSetCommand,
@@ -47,6 +48,7 @@ __export(src_exports, {
   DisassociateWebACLCommand: () => DisassociateWebACLCommand,
   FailureReason: () => FailureReason,
   FallbackBehavior: () => FallbackBehavior,
+  FieldToProtectType: () => FieldToProtectType,
   FilterBehavior: () => FilterBehavior,
   FilterRequirement: () => FilterRequirement,
   ForwardedIPPosition: () => ForwardedIPPosition,
@@ -712,6 +714,7 @@ var ParameterExceptionField = {
   CUSTOM_REQUEST_HANDLING: "CUSTOM_REQUEST_HANDLING",
   CUSTOM_RESPONSE: "CUSTOM_RESPONSE",
   CUSTOM_RESPONSE_BODY: "CUSTOM_RESPONSE_BODY",
+  DATA_PROTECTION_CONFIG: "DATA_PROTECTION_CONFIG",
   DEFAULT_ACTION: "DEFAULT_ACTION",
   ENTITY_LIMIT: "ENTITY_LIMIT",
   EXCLUDED_RULE: "EXCLUDED_RULE",
@@ -1030,6 +1033,17 @@ var ResponseContentType = {
   TEXT_HTML: "TEXT_HTML",
   TEXT_PLAIN: "TEXT_PLAIN"
 };
+var DataProtectionAction = {
+  HASH: "HASH",
+  SUBSTITUTION: "SUBSTITUTION"
+};
+var FieldToProtectType = {
+  BODY: "BODY",
+  QUERY_STRING: "QUERY_STRING",
+  SINGLE_COOKIE: "SINGLE_COOKIE",
+  SINGLE_HEADER: "SINGLE_HEADER",
+  SINGLE_QUERY_ARGUMENT: "SINGLE_QUERY_ARGUMENT"
+};
 var WAFConfigurationWarningException = class _WAFConfigurationWarningException extends WAFV2ServiceException {
   static {
     __name(this, "WAFConfigurationWarningException");
@@ -2490,6 +2504,7 @@ var se_CreateWebACLRequest = /* @__PURE__ */ __name((input, context) => {
     CaptchaConfig: import_smithy_client._json,
     ChallengeConfig: import_smithy_client._json,
     CustomResponseBodies: import_smithy_client._json,
+    DataProtectionConfig: import_smithy_client._json,
     DefaultAction: import_smithy_client._json,
     Description: [],
     Name: [],
@@ -2616,6 +2631,7 @@ var se_UpdateWebACLRequest = /* @__PURE__ */ __name((input, context) => {
     CaptchaConfig: import_smithy_client._json,
     ChallengeConfig: import_smithy_client._json,
     CustomResponseBodies: import_smithy_client._json,
+    DataProtectionConfig: import_smithy_client._json,
     DefaultAction: import_smithy_client._json,
     Description: [],
     Id: [],
@@ -2931,6 +2947,7 @@ var de_WebACL = /* @__PURE__ */ __name((output, context) => {
     CaptchaConfig: import_smithy_client._json,
     ChallengeConfig: import_smithy_client._json,
     CustomResponseBodies: import_smithy_client._json,
+    DataProtectionConfig: import_smithy_client._json,
     DefaultAction: import_smithy_client._json,
     Description: import_smithy_client.expectString,
     Id: import_smithy_client.expectString,
@@ -3945,6 +3962,8 @@ var WAFV2 = class extends WAFV2Client {
   WAFTagOperationException,
   WAFTagOperationInternalErrorException,
   ResponseContentType,
+  DataProtectionAction,
+  FieldToProtectType,
   WAFConfigurationWarningException,
   WAFAssociatedItemException,
   LogScope,

package/dist-es/models/models_0.js

@@ -398,6 +398,7 @@ export const ParameterExceptionField = {
     CUSTOM_REQUEST_HANDLING: "CUSTOM_REQUEST_HANDLING",
     CUSTOM_RESPONSE: "CUSTOM_RESPONSE",
     CUSTOM_RESPONSE_BODY: "CUSTOM_RESPONSE_BODY",
+    DATA_PROTECTION_CONFIG: "DATA_PROTECTION_CONFIG",
     DEFAULT_ACTION: "DEFAULT_ACTION",
     ENTITY_LIMIT: "ENTITY_LIMIT",
     EXCLUDED_RULE: "EXCLUDED_RULE",
@@ -634,6 +635,17 @@ export const ResponseContentType = {
     TEXT_HTML: "TEXT_HTML",
     TEXT_PLAIN: "TEXT_PLAIN",
 };
+export const DataProtectionAction = {
+    HASH: "HASH",
+    SUBSTITUTION: "SUBSTITUTION",
+};
+export const FieldToProtectType = {
+    BODY: "BODY",
+    QUERY_STRING: "QUERY_STRING",
+    SINGLE_COOKIE: "SINGLE_COOKIE",
+    SINGLE_HEADER: "SINGLE_HEADER",
+    SINGLE_QUERY_ARGUMENT: "SINGLE_QUERY_ARGUMENT",
+};
 export class WAFConfigurationWarningException extends __BaseException {
     name = "WAFConfigurationWarningException";
     $fault = "client";

package/dist-es/protocols/Aws_json1_1.js

@@ -1310,6 +1310,7 @@ const se_CreateWebACLRequest = (input, context) => {
         CaptchaConfig: _json,
         ChallengeConfig: _json,
         CustomResponseBodies: _json,
+        DataProtectionConfig: _json,
         DefaultAction: _json,
         Description: [],
         Name: [],
@@ -1440,6 +1441,7 @@ const se_UpdateWebACLRequest = (input, context) => {
         CaptchaConfig: _json,
         ChallengeConfig: _json,
         CustomResponseBodies: _json,
+        DataProtectionConfig: _json,
         DefaultAction: _json,
         Description: [],
         Id: [],
@@ -1769,6 +1771,7 @@ const de_WebACL = (output, context) => {
         CaptchaConfig: _json,
         ChallengeConfig: _json,
         CustomResponseBodies: _json,
+        DataProtectionConfig: _json,
         DefaultAction: _json,
         Description: __expectString,
         Id: __expectString,

package/dist-types/WAFV2.d.ts

@@ -382,7 +382,7 @@ export interface WAFV2 {
     updateWebACL(args: UpdateWebACLCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: UpdateWebACLCommandOutput) => void): void;
 }
 /**
- * <fullname>WAF</fullname>
+ * <fullname>WAF </fullname>
  *          <note>
  *             <p>This is the latest version of the <b>WAF</b> API,
  *             released in November, 2019. The names of the entities that you use to access this API,
@@ -395,8 +395,8 @@ export interface WAFV2 {
  *             see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
  *          </note>
  *          <p>WAF is a web application firewall that lets you monitor the HTTP and HTTPS
- *          requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync
- *       GraphQL API, Amazon Cognito user pool, App Runner service, or Amazon Web Services Verified Access instance. WAF also lets you control access to your content,
+ *          requests that are forwarded to a protected resource. Protected resource types include Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync
+ *       GraphQL API, Amazon Cognito user pool, App Runner service, and Amazon Web Services Verified Access instance. WAF also lets you control access to your content,
  *       to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that
  *          you specify, such as the IP addresses that requests originate from or the values of query
  *          strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code
@@ -408,11 +408,11 @@ export interface WAFV2 {
  *          <p>You can make calls using the endpoints listed in <a href="https://docs.aws.amazon.com/general/latest/gr/waf.html">WAF endpoints and quotas</a>. </p>
  *          <ul>
  *             <li>
- *                <p>For regional applications, you can use any of the endpoints in the list.
+ *                <p>For regional resources, you can use any of the endpoints in the list.
  *                A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance. </p>
  *             </li>
  *             <li>
- *                <p>For Amazon CloudFront applications, you must use the API endpoint listed for
+ *                <p>For Amazon CloudFront, you must use the API endpoint listed for
  *                US East (N. Virginia): us-east-1.</p>
  *             </li>
  *          </ul>

package/dist-types/WAFV2Client.d.ts

@@ -223,7 +223,7 @@ export type WAFV2ClientResolvedConfigType = __SmithyResolvedConfiguration<__Http
 export interface WAFV2ClientResolvedConfig extends WAFV2ClientResolvedConfigType {
 }
 /**
- * <fullname>WAF</fullname>
+ * <fullname>WAF </fullname>
  *          <note>
  *             <p>This is the latest version of the <b>WAF</b> API,
  *             released in November, 2019. The names of the entities that you use to access this API,
@@ -236,8 +236,8 @@ export interface WAFV2ClientResolvedConfig extends WAFV2ClientResolvedConfigType
  *             see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
  *          </note>
  *          <p>WAF is a web application firewall that lets you monitor the HTTP and HTTPS
- *          requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync
- *       GraphQL API, Amazon Cognito user pool, App Runner service, or Amazon Web Services Verified Access instance. WAF also lets you control access to your content,
+ *          requests that are forwarded to a protected resource. Protected resource types include Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync
+ *       GraphQL API, Amazon Cognito user pool, App Runner service, and Amazon Web Services Verified Access instance. WAF also lets you control access to your content,
  *       to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that
  *          you specify, such as the IP addresses that requests originate from or the values of query
  *          strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code
@@ -249,11 +249,11 @@ export interface WAFV2ClientResolvedConfig extends WAFV2ClientResolvedConfigType
  *          <p>You can make calls using the endpoints listed in <a href="https://docs.aws.amazon.com/general/latest/gr/waf.html">WAF endpoints and quotas</a>. </p>
  *          <ul>
  *             <li>
- *                <p>For regional applications, you can use any of the endpoints in the list.
+ *                <p>For regional resources, you can use any of the endpoints in the list.
  *                A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance. </p>
  *             </li>
  *             <li>
- *                <p>For Amazon CloudFront applications, you must use the API endpoint listed for
+ *                <p>For Amazon CloudFront, you must use the API endpoint listed for
  *                US East (N. Virginia): us-east-1.</p>
  *             </li>
  *          </ul>

package/dist-types/commands/AssociateWebACLCommand.d.ts

@@ -27,11 +27,8 @@ declare const AssociateWebACLCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Associates a web ACL with a regional application resource, to protect the resource.
- *          A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.  </p>
- *          <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To
- *          associate a web ACL, in the CloudFront call <code>UpdateDistribution</code>, set the web ACL ID
- *          to the Amazon Resource Name (ARN) of the web ACL. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a> in the <i>Amazon CloudFront Developer Guide</i>. </p>
+ * <p>Associates a web ACL with a resource, to protect the resource. </p>
+ *          <p>Use this for all resource types except for Amazon CloudFront distributions. For Amazon CloudFront, call <code>UpdateDistribution</code> for the distribution and provide the Amazon Resource Name (ARN) of the web ACL in the web ACL ID. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a> in the <i>Amazon CloudFront Developer Guide</i>. </p>
  *          <p>
  *             <b>Required permissions for customer-managed IAM policies</b>
  *          </p>
@@ -116,7 +113,7 @@ declare const AssociateWebACLCommand_base: {
  *  <p>WAF couldn’t retrieve a resource that you specified for this operation.
  *        If you've just created a resource that you're using in this operation, you might
  *        just need to wait a few minutes. It can take from a few seconds to a number of minutes
- *        for changes to propagate. Verify the resources that you are specifying in your request
+ *        for changes to propagate. Verify the resource specifications in your request
  *        parameters and then retry the operation.</p>
  *
  * @throws {@link WAFV2ServiceException}

package/dist-types/commands/CheckCapacityCommand.d.ts

@@ -1070,7 +1070,7 @@ declare const CheckCapacityCommand_base: {
  *  <p>WAF couldn’t retrieve a resource that you specified for this operation.
  *        If you've just created a resource that you're using in this operation, you might
  *        just need to wait a few minutes. It can take from a few seconds to a number of minutes
- *        for changes to propagate. Verify the resources that you are specifying in your request
+ *        for changes to propagate. Verify the resource specifications in your request
  *        parameters and then retry the operation.</p>
  *
  * @throws {@link WAFV2ServiceException}

package/dist-types/commands/CreateRuleGroupCommand.d.ts

@@ -1093,7 +1093,7 @@ declare const CreateRuleGroupCommand_base: {
  *  <p>WAF couldn’t retrieve a resource that you specified for this operation.
  *        If you've just created a resource that you're using in this operation, you might
  *        just need to wait a few minutes. It can take from a few seconds to a number of minutes
- *        for changes to propagate. Verify the resources that you are specifying in your request
+ *        for changes to propagate. Verify the resource specifications in your request
  *        parameters and then retry the operation.</p>
  *
  * @throws {@link WAFV2ServiceException}

package/dist-types/commands/CreateWebACLCommand.d.ts

@@ -28,7 +28,7 @@ declare const CreateWebACLCommand_base: {
 };
 /**
  * <p>Creates a <a>WebACL</a> per the specifications provided.</p>
- *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.  </p>
+ *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resource types include Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync GraphQL API, Amazon Cognito user pool, App Runner service, and Amazon Web Services Verified Access instance.  </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -983,6 +983,21 @@ declare const CreateWebACLCommand_base: {
  *     CloudWatchMetricsEnabled: true || false, // required
  *     MetricName: "STRING_VALUE", // required
  *   },
+ *   DataProtectionConfig: { // DataProtectionConfig
+ *     DataProtections: [ // DataProtections // required
+ *       { // DataProtection
+ *         Field: { // FieldToProtect
+ *           FieldType: "SINGLE_HEADER" || "SINGLE_COOKIE" || "SINGLE_QUERY_ARGUMENT" || "QUERY_STRING" || "BODY", // required
+ *           FieldKeys: [ // FieldToProtectKeys
+ *             "STRING_VALUE",
+ *           ],
+ *         },
+ *         Action: "SUBSTITUTION" || "HASH", // required
+ *         ExcludeRuleMatchDetails: true || false,
+ *         ExcludeRateBasedDetails: true || false,
+ *       },
+ *     ],
+ *   },
  *   Tags: [ // TagList
  *     { // Tag
  *       Key: "STRING_VALUE", // required
@@ -1122,7 +1137,7 @@ declare const CreateWebACLCommand_base: {
  *  <p>WAF couldn’t retrieve a resource that you specified for this operation.
  *        If you've just created a resource that you're using in this operation, you might
  *        just need to wait a few minutes. It can take from a few seconds to a number of minutes
- *        for changes to propagate. Verify the resources that you are specifying in your request
+ *        for changes to propagate. Verify the resource specifications in your request
  *        parameters and then retry the operation.</p>
  *
  * @throws {@link WAFV2ServiceException}

package/dist-types/commands/DeleteWebACLCommand.d.ts

@@ -37,26 +37,26 @@ declare const DeleteWebACLCommand_base: {
  *                   following calls:</p>
  *                   <ul>
  *                      <li>
- *                         <p>For regional resources, call <a>ListResourcesForWebACL</a>.</p>
- *                      </li>
- *                      <li>
  *                         <p>For Amazon CloudFront distributions, use the CloudFront call
  *                            <code>ListDistributionsByWebACLId</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributionsByWebACLId.html">ListDistributionsByWebACLId</a>
  *                                in the <i>Amazon CloudFront API Reference</i>. </p>
  *                      </li>
+ *                      <li>
+ *                         <p>For all other resources, call <a>ListResourcesForWebACL</a>.</p>
+ *                      </li>
  *                   </ul>
  *                </li>
  *                <li>
  *                   <p>To disassociate a resource from a web ACL, use the following calls:</p>
  *                   <ul>
  *                      <li>
- *                         <p>For regional resources, call <a>DisassociateWebACL</a>.</p>
- *                      </li>
- *                      <li>
  *                         <p>For Amazon CloudFront distributions, provide an empty web ACL ID in the CloudFront call
  *                            <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>
  *                                in the <i>Amazon CloudFront API Reference</i>. </p>
  *                      </li>
+ *                      <li>
+ *                         <p>For all other resources, call <a>DisassociateWebACL</a>.</p>
+ *                      </li>
  *                   </ul>
  *                </li>
  *             </ul>

package/dist-types/commands/DisassociateWebACLCommand.d.ts

@@ -27,11 +27,9 @@ declare const DisassociateWebACLCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Disassociates the specified regional application resource from any existing web ACL
- *          association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.  </p>
- *          <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To
- *          disassociate a web ACL, provide an empty web ACL ID in the CloudFront call
- *             <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a> in the <i>Amazon CloudFront API Reference</i>. </p>
+ * <p>Disassociates the specified resource from its web ACL
+ *          association, if it has one. </p>
+ *          <p>Use this for all resource types except for Amazon CloudFront distributions. For Amazon CloudFront, call <code>UpdateDistribution</code> for the distribution and provide an empty web ACL ID. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a> in the <i>Amazon CloudFront API Reference</i>. </p>
  *          <p>
  *             <b>Required permissions for customer-managed IAM policies</b>
  *          </p>

package/dist-types/commands/GetWebACLCommand.d.ts

@@ -991,6 +991,21 @@ declare const GetWebACLCommand_base: {
  * //       CloudWatchMetricsEnabled: true || false, // required
  * //       MetricName: "STRING_VALUE", // required
  * //     },
+ * //     DataProtectionConfig: { // DataProtectionConfig
+ * //       DataProtections: [ // DataProtections // required
+ * //         { // DataProtection
+ * //           Field: { // FieldToProtect
+ * //             FieldType: "SINGLE_HEADER" || "SINGLE_COOKIE" || "SINGLE_QUERY_ARGUMENT" || "QUERY_STRING" || "BODY", // required
+ * //             FieldKeys: [ // FieldToProtectKeys
+ * //               "STRING_VALUE",
+ * //             ],
+ * //           },
+ * //           Action: "SUBSTITUTION" || "HASH", // required
+ * //           ExcludeRuleMatchDetails: true || false,
+ * //           ExcludeRateBasedDetails: true || false,
+ * //         },
+ * //       ],
+ * //     },
  * //     Capacity: Number("long"),
  * //     PreProcessFirewallManagerRuleGroups: [ // FirewallManagerRuleGroups
  * //       { // FirewallManagerRuleGroup

package/dist-types/commands/GetWebACLForResourceCommand.d.ts

@@ -999,6 +999,21 @@ declare const GetWebACLForResourceCommand_base: {
  * //       CloudWatchMetricsEnabled: true || false, // required
  * //       MetricName: "STRING_VALUE", // required
  * //     },
+ * //     DataProtectionConfig: { // DataProtectionConfig
+ * //       DataProtections: [ // DataProtections // required
+ * //         { // DataProtection
+ * //           Field: { // FieldToProtect
+ * //             FieldType: "SINGLE_HEADER" || "SINGLE_COOKIE" || "SINGLE_QUERY_ARGUMENT" || "QUERY_STRING" || "BODY", // required
+ * //             FieldKeys: [ // FieldToProtectKeys
+ * //               "STRING_VALUE",
+ * //             ],
+ * //           },
+ * //           Action: "SUBSTITUTION" || "HASH", // required
+ * //           ExcludeRuleMatchDetails: true || false,
+ * //           ExcludeRateBasedDetails: true || false,
+ * //         },
+ * //       ],
+ * //     },
  * //     Capacity: Number("long"),
  * //     PreProcessFirewallManagerRuleGroups: [ // FirewallManagerRuleGroups
  * //       { // FirewallManagerRuleGroup
@@ -1274,7 +1289,7 @@ declare const GetWebACLForResourceCommand_base: {
  *  <p>WAF couldn’t retrieve a resource that you specified for this operation.
  *        If you've just created a resource that you're using in this operation, you might
  *        just need to wait a few minutes. It can take from a few seconds to a number of minutes
- *        for changes to propagate. Verify the resources that you are specifying in your request
+ *        for changes to propagate. Verify the resource specifications in your request
  *        parameters and then retry the operation.</p>
  *
  * @throws {@link WAFV2ServiceException}

package/dist-types/commands/ListResourcesForWebACLCommand.d.ts

@@ -27,7 +27,7 @@ declare const ListResourcesForWebACLCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Retrieves an array of the Amazon Resource Names (ARNs) for the regional resources that
+ * <p>Retrieves an array of the Amazon Resource Names (ARNs) for the resources that
  *       are associated with the specified web ACL. </p>
  *          <p>For Amazon CloudFront, don't use this call. Instead, use the CloudFront call
  *           <code>ListDistributionsByWebACLId</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributionsByWebACLId.html">ListDistributionsByWebACLId</a>

package/dist-types/commands/PutLoggingConfigurationCommand.d.ts

@@ -29,6 +29,7 @@ declare const PutLoggingConfigurationCommand_base: {
 /**
  * <p>Enables the specified <a>LoggingConfiguration</a>, to start logging from a
  *          web ACL, according to the configuration provided. </p>
+ *          <p>If you configure data protection for the web ACL, the protection applies to the data that WAF sends to the logs. </p>
  *          <note>
  *             <p>This operation completely replaces any mutable specifications that you already have for a logging configuration with the ones that you provide to this call. </p>
  *             <p>To modify an existing logging configuration, do the following: </p>

package/dist-types/commands/UpdateRuleGroupCommand.d.ts

@@ -1123,7 +1123,7 @@ declare const UpdateRuleGroupCommand_base: {
  *  <p>WAF couldn’t retrieve a resource that you specified for this operation.
  *        If you've just created a resource that you're using in this operation, you might
  *        just need to wait a few minutes. It can take from a few seconds to a number of minutes
- *        for changes to propagate. Verify the resources that you are specifying in your request
+ *        for changes to propagate. Verify the resource specifications in your request
  *        parameters and then retry the operation.</p>
  *
  * @throws {@link WAFV2ServiceException}

package/dist-types/commands/UpdateWebACLCommand.d.ts

@@ -45,7 +45,7 @@ declare const UpdateWebACLCommand_base: {
  *                </li>
  *             </ol>
  *          </note>
- *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.  </p>
+ *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resource types include Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync GraphQL API, Amazon Cognito user pool, App Runner service, and Amazon Web Services Verified Access instance.  </p>
  *          <p>
  *             <b>Temporary inconsistencies during updates</b>
  *          </p>
@@ -1020,6 +1020,21 @@ declare const UpdateWebACLCommand_base: {
  *     CloudWatchMetricsEnabled: true || false, // required
  *     MetricName: "STRING_VALUE", // required
  *   },
+ *   DataProtectionConfig: { // DataProtectionConfig
+ *     DataProtections: [ // DataProtections // required
+ *       { // DataProtection
+ *         Field: { // FieldToProtect
+ *           FieldType: "SINGLE_HEADER" || "SINGLE_COOKIE" || "SINGLE_QUERY_ARGUMENT" || "QUERY_STRING" || "BODY", // required
+ *           FieldKeys: [ // FieldToProtectKeys
+ *             "STRING_VALUE",
+ *           ],
+ *         },
+ *         Action: "SUBSTITUTION" || "HASH", // required
+ *         ExcludeRuleMatchDetails: true || false,
+ *         ExcludeRateBasedDetails: true || false,
+ *       },
+ *     ],
+ *   },
  *   LockToken: "STRING_VALUE", // required
  *   CustomResponseBodies: { // CustomResponseBodies
  *     "<keys>": { // CustomResponseBody
@@ -1141,7 +1156,7 @@ declare const UpdateWebACLCommand_base: {
  *  <p>WAF couldn’t retrieve a resource that you specified for this operation.
  *        If you've just created a resource that you're using in this operation, you might
  *        just need to wait a few minutes. It can take from a few seconds to a number of minutes
- *        for changes to propagate. Verify the resources that you are specifying in your request
+ *        for changes to propagate. Verify the resource specifications in your request
  *        parameters and then retry the operation.</p>
  *
  * @throws {@link WAFV2ServiceException}

package/dist-types/index.d.ts

@@ -1,5 +1,5 @@
 /**
- * <fullname>WAF</fullname>
+ * <fullname>WAF </fullname>
  *          <note>
  *             <p>This is the latest version of the <b>WAF</b> API,
  *             released in November, 2019. The names of the entities that you use to access this API,
@@ -12,8 +12,8 @@
  *             see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
  *          </note>
  *          <p>WAF is a web application firewall that lets you monitor the HTTP and HTTPS
- *          requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync
- *       GraphQL API, Amazon Cognito user pool, App Runner service, or Amazon Web Services Verified Access instance. WAF also lets you control access to your content,
+ *          requests that are forwarded to a protected resource. Protected resource types include Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync
+ *       GraphQL API, Amazon Cognito user pool, App Runner service, and Amazon Web Services Verified Access instance. WAF also lets you control access to your content,
  *       to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that
  *          you specify, such as the IP addresses that requests originate from or the values of query
  *          strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code
@@ -25,11 +25,11 @@
  *          <p>You can make calls using the endpoints listed in <a href="https://docs.aws.amazon.com/general/latest/gr/waf.html">WAF endpoints and quotas</a>. </p>
  *          <ul>
  *             <li>
- *                <p>For regional applications, you can use any of the endpoints in the list.
+ *                <p>For regional resources, you can use any of the endpoints in the list.
  *                A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance. </p>
  *             </li>
  *             <li>
- *                <p>For Amazon CloudFront applications, you must use the API endpoint listed for
+ *                <p>For Amazon CloudFront, you must use the API endpoint listed for
  *                US East (N. Virginia): us-east-1.</p>
  *             </li>
  *          </ul>