npm - @propulsionworks/cloudformation - Versions diffs - 0.1.0 → 0.1.2 - Mend

@propulsionworks/cloudformation 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1405) hide show

package/out/exports/resources.generated/aws-wafv2-webacl.d.ts CHANGED Viewed

@@ -1,4 +1,26 @@
 import type { ResourceDefinitionWithAttributes, Tag } from "../main.ts";
+/**
+ * > This is the latest version of *AWS WAF* , named AWS WAF V2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the [AWS WAF developer guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) .
+ *
+ * Use an `WebACL` to define a collection of rules to use to inspect and control web requests. Each rule in a web ACL has a statement that defines what to look for in web requests and an action that AWS WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that doesn't match any of the rules.
+ *
+ * The rules in a web ACL can be a combination of explicitly defined rules and rule groups that you reference from the web ACL. The rule groups can be rule groups that you manage or rule groups that are managed by others.
+ *
+ * You can associate a web ACL with one or more AWS resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer , an AWS AppSync GraphQL API , an Amazon Cognito user pool, an AWS App Runner service, an AWS Amplify application, or an AWS Verified Access instance.
+ *
+ * For more information, see [Web access control lists (web ACLs)](https://docs.aws.amazon.com/waf/latest/developerguide/web-acl.html) in the *AWS WAF developer guide* .
+ *
+ * *Web ACLs used in AWS Shield Advanced automatic application layer DDoS mitigation*
+ *
+ * If you use Shield Advanced automatic application layer DDoS mitigation, the web ACLs that you use with automatic mitigation have a rule group rule whose name starts with `ShieldMitigationRuleGroup` . This rule is used for automatic mitigations and it's managed for you in the web ACL by Shield Advanced and AWS WAF . You'll see the rule listed among the web ACL rules when you view the web ACL through the AWS WAF interfaces.
+ *
+ * When you manage the web ACL through AWS CloudFormation interfaces, you won't see the Shield Advanced rule. AWS CloudFormation doesn't include this type of rule in the stack drift status between the actual configuration of the web ACL and your web ACL template.
+ *
+ * Don't add the Shield Advanced rule group rule to your web ACL template. The rule shouldn't be in your template. When you update the web ACL template in a stack, the Shield Advanced rule is maintained for you by AWS WAF in the resulting web ACL.
+ *
+ * For more information, see [Shield Advanced automatic application layer DDoS mitigation](https://docs.aws.amazon.com/waf/latest/developerguide/ddos-automatic-app-layer-response.html) in the *AWS Shield Advanced developer guide* .
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html}
+ */
 export type WAFv2WebACL = ResourceDefinitionWithAttributes<"AWS::WAFv2::WebACL", WAFv2WebACLProps, WAFv2WebACLAttribs>;
 /**
  * > This is the latest version of *AWS WAF* , named AWS WAF V2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the [AWS WAF developer guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) .
@@ -20,6 +42,7 @@ export type WAFv2WebACL = ResourceDefinitionWithAttributes<"AWS::WAFv2::WebACL",
  * Don't add the Shield Advanced rule group rule to your web ACL template. The rule shouldn't be in your template. When you update the web ACL template in a stack, the Shield Advanced rule is maintained for you by AWS WAF in the resulting web ACL.
  *
  * For more information, see [Shield Advanced automatic application layer DDoS mitigation](https://docs.aws.amazon.com/waf/latest/developerguide/ddos-automatic-app-layer-response.html) in the *AWS Shield Advanced developer guide* .
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html}
  */
 export type WAFv2WebACLProps = {
     /**
@@ -30,14 +53,17 @@ export type WAFv2WebACLProps = {
      * > You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) .
      *
      * For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#cfn-wafv2-webacl-associationconfig}
      */
     AssociationConfig?: AssociationConfig | undefined;
     /**
      * Specifies how AWS WAF should handle `CAPTCHA` evaluations for rules that don't have their own `CaptchaConfig` settings. If you don't specify this, AWS WAF uses its default settings for `CaptchaConfig` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#cfn-wafv2-webacl-captchaconfig}
      */
     CaptchaConfig?: CaptchaConfig | undefined;
     /**
      * Specifies how AWS WAF should handle challenge evaluations for rules that don't have their own `ChallengeConfig` settings. If you don't specify this, AWS WAF uses its default settings for `ChallengeConfig` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#cfn-wafv2-webacl-challengeconfig}
      */
     ChallengeConfig?: ChallengeConfig | undefined;
     /**
@@ -46,28 +72,34 @@ export type WAFv2WebACLProps = {
      * For information about customizing web requests and responses, see [Customizing web requests and responses in AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html) in the *AWS WAF Developer Guide* .
      *
      * For information about the limits on count and size for custom request and response settings, see [AWS WAF quotas](https://docs.aws.amazon.com/waf/latest/developerguide/limits.html) in the *AWS WAF Developer Guide* .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#cfn-wafv2-webacl-customresponsebodies}
      */
     CustomResponseBodies?: Record<string, CustomResponseBody> | undefined;
     /**
      * Specifies data protection to apply to the web request data for the web ACL. This is a web ACL level data protection option.
      *
      * The data protection that you configure for the web ACL alters the data that's available for any other data collection activity, including your AWS WAF logging destinations, web ACL request sampling, and Amazon Security Lake data collection and management. Your other option for data protection is in the logging configuration, which only affects logging.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#cfn-wafv2-webacl-dataprotectionconfig}
      */
     DataProtectionConfig?: DataProtectionConfig | undefined;
     /**
      * The action to perform if none of the `Rules` contained in the `WebACL` match.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#cfn-wafv2-webacl-defaultaction}
      */
     DefaultAction: DefaultAction;
     /**
      * A description of the web ACL that helps with identification.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#cfn-wafv2-webacl-description}
      */
     Description?: string | undefined;
     /**
      * The name of the web ACL. You cannot change the name of a web ACL after you create it.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#cfn-wafv2-webacl-name}
      */
     Name?: string | undefined;
     /**
      * The rule statements used to identify the web requests that you want to manage. Each rule includes one top-level statement that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#cfn-wafv2-webacl-rules}
      */
     Rules?: Rule[] | undefined;
     /**
@@ -76,26 +108,34 @@ export type WAFv2WebACLProps = {
      * > For `CLOUDFRONT` , you must create your WAFv2 resources in the US East (N. Virginia) Region, `us-east-1` .
      *
      * For information about how to define the association of the web ACL with your resource, see `WebACLAssociation` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#cfn-wafv2-webacl-scope}
      */
     Scope: Scope;
     /**
      * Key:value pairs associated with an AWS resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each AWS resource.
      *
      * > To modify tags on existing resources, use the AWS WAF APIs or command line interface. With AWS CloudFormation , you can only add tags to AWS WAF resources during resource creation.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#cfn-wafv2-webacl-tags}
      */
     Tags?: Tag[] | undefined;
     /**
      * Specifies the domains that AWS WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When AWS WAF provides a token, it uses the domain of the AWS resource that the web ACL is protecting. If you don't specify a list of token domains, AWS WAF accepts tokens only for the domain of the protected resource. With a token domain list, AWS WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#cfn-wafv2-webacl-tokendomains}
      */
     TokenDomains?: string[] | undefined;
     /**
      * Defines and enables Amazon CloudWatch metrics and web request sample collection.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#cfn-wafv2-webacl-visibilityconfig}
      */
     VisibilityConfig: VisibilityConfig;
 };
+/**
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#aws-resource-wafv2-webacl-return-values}
+ */
 export type WAFv2WebACLAttribs = {
     /**
      * The Amazon Resource Name (ARN) of the web ACL.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#cfn-wafv2-webacl-arn}
      */
     Arn: string;
     /**
@@ -103,10 +143,12 @@ export type WAFv2WebACLAttribs = {
      *
      * AWS WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. AWS WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. The WCU limit for web ACLs is 1,500.
      * @min 0
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#cfn-wafv2-webacl-capacity}
      */
     Capacity: number;
     /**
      * The ID of the web ACL.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#cfn-wafv2-webacl-id}
      */
     Id: string;
     /**
@@ -115,21 +157,25 @@ export type WAFv2WebACLAttribs = {
      * The syntax for the label namespace prefix for a web ACL is the following: `awswaf:<account ID>:webacl:<web ACL name>:`
      *
      * When a rule with a label matches a web request, AWS WAF adds the fully qualified label to the request. A fully qualified label is made up of the label namespace from the rule group or web ACL where the rule is defined and the label from the rule, separated by a colon.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#cfn-wafv2-webacl-labelnamespace}
      */
     LabelNamespace: string;
 };
 /**
  * Details for your use of the account creation fraud prevention managed rule group, `AWSManagedRulesACFPRuleSet` . This configuration is used in `ManagedRuleGroupConfig` .
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesacfpruleset.html}
  */
 export type AWSManagedRulesACFPRuleSet = {
     /**
      * The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept `POST` requests.
      *
      * For example, for the URL `https://example.com/web/newaccount` , you would provide the path `/web/newaccount` . Account creation page paths that start with the path that you provide are considered a match. For example `/web/newaccount` matches the account creation paths `/web/newaccount` , `/web/newaccount/` , `/web/newaccountPage` , and `/web/newaccount/thisPage` , but doesn't match the path `/home/web/newaccount` or `/website/newaccount` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesacfpruleset.html#cfn-wafv2-webacl-awsmanagedrulesacfpruleset-creationpath}
      */
     CreationPath: string;
     /**
      * Allow the use of regular expressions in the registration page path and the account creation path.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesacfpruleset.html#cfn-wafv2-webacl-awsmanagedrulesacfpruleset-enableregexinpath}
      */
     EnableRegexInPath?: boolean | undefined;
     /**
@@ -138,10 +184,12 @@ export type AWSManagedRulesACFPRuleSet = {
      * > This page must accept `GET` text/html requests.
      *
      * For example, for the URL `https://example.com/web/registration` , you would provide the path `/web/registration` . Registration page paths that start with the path that you provide are considered a match. For example `/web/registration` matches the registration paths `/web/registration` , `/web/registration/` , `/web/registrationPage` , and `/web/registration/thisPage` , but doesn't match the path `/home/web/registration` or `/website/registration` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesacfpruleset.html#cfn-wafv2-webacl-awsmanagedrulesacfpruleset-registrationpagepath}
      */
     RegistrationPagePath: string;
     /**
      * The criteria for inspecting account creation requests, used by the ACFP rule group to validate and track account creation attempts.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesacfpruleset.html#cfn-wafv2-webacl-awsmanagedrulesacfpruleset-requestinspection}
      */
     RequestInspection: RequestInspectionACFP;
     /**
@@ -150,25 +198,30 @@ export type AWSManagedRulesACFPRuleSet = {
      * > Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
      *
      * The ACFP rule group evaluates the responses that your protected resources send back to client account creation attempts, keeping count of successful and failed attempts from each IP address and client session. Using this information, the rule group labels and mitigates requests from client sessions and IP addresses that have had too many successful account creation attempts in a short amount of time.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesacfpruleset.html#cfn-wafv2-webacl-awsmanagedrulesacfpruleset-responseinspection}
      */
     ResponseInspection?: ResponseInspection | undefined;
 };
 /**
  * Details for your use of the account takeover prevention managed rule group, `AWSManagedRulesATPRuleSet` . This configuration is used in `ManagedRuleGroupConfig` .
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesatpruleset.html}
  */
 export type AWSManagedRulesATPRuleSet = {
     /**
      * Allow the use of regular expressions in the login page path.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesatpruleset.html#cfn-wafv2-webacl-awsmanagedrulesatpruleset-enableregexinpath}
      */
     EnableRegexInPath?: boolean | undefined;
     /**
      * The path of the login endpoint for your application. For example, for the URL `https://example.com/web/login` , you would provide the path `/web/login` . Login paths that start with the path that you provide are considered a match. For example `/web/login` matches the login paths `/web/login` , `/web/login/` , `/web/loginPage` , and `/web/login/thisPage` , but doesn't match the login path `/home/web/login` or `/website/login` .
      *
      * The rule group inspects only HTTP `POST` requests to your specified login endpoint.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesatpruleset.html#cfn-wafv2-webacl-awsmanagedrulesatpruleset-loginpath}
      */
     LoginPath: string;
     /**
      * The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesatpruleset.html#cfn-wafv2-webacl-awsmanagedrulesatpruleset-requestinspection}
      */
     RequestInspection?: RequestInspection | undefined;
     /**
@@ -177,11 +230,13 @@ export type AWSManagedRulesATPRuleSet = {
      * > Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
      *
      * The ATP rule group evaluates the responses that your protected resources send back to client login attempts, keeping count of successful and failed attempts for each IP address and client session. Using this information, the rule group labels and mitigates requests from client sessions and IP addresses that have had too many failed login attempts in a short amount of time.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesatpruleset.html#cfn-wafv2-webacl-awsmanagedrulesatpruleset-responseinspection}
      */
     ResponseInspection?: ResponseInspection | undefined;
 };
 /**
  * Details for your use of the Bot Control managed rule group, `AWSManagedRulesBotControlRuleSet` . This configuration is used in `ManagedRuleGroupConfig` .
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesbotcontrolruleset.html}
  */
 export type AWSManagedRulesBotControlRuleSet = {
     /**
@@ -193,10 +248,12 @@ export type AWSManagedRulesBotControlRuleSet = {
      * For more information about this choice, see the listing for these rules in the table at [Bot Control rules listing](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html#aws-managed-rule-groups-bot-rules) in the *AWS WAF Developer Guide* .
      *
      * Default: `TRUE`
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesbotcontrolruleset.html#cfn-wafv2-webacl-awsmanagedrulesbotcontrolruleset-enablemachinelearning}
      */
     EnableMachineLearning?: boolean | undefined;
     /**
      * The inspection level to use for the Bot Control rule group. The common level is the least expensive. The targeted level includes all common level rules and adds rules with more advanced inspection criteria. For details, see [AWS WAF Bot Control rule group](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html) in the *AWS WAF Developer Guide* .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesbotcontrolruleset.html#cfn-wafv2-webacl-awsmanagedrulesbotcontrolruleset-inspectionlevel}
      */
     InspectionLevel: "COMMON" | "TARGETED";
 };
@@ -204,21 +261,25 @@ export type AWSManagedRulesBotControlRuleSet = {
  * Specifies that AWS WAF should allow the request and optionally defines additional custom handling for the request.
  *
  * This is used in the context of other settings, for example to specify values for a rule action or a web ACL default action.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-allowaction.html}
  */
 export type AllowAction = {
     /**
      * Defines custom handling for the web request.
      *
      * For information about customizing web requests and responses, see [Customizing web requests and responses in AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html) in the *AWS WAF Developer Guide* .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-allowaction.html#cfn-wafv2-webacl-allowaction-customrequesthandling}
      */
     CustomRequestHandling?: CustomRequestHandling | undefined;
 };
 /**
  * A logical rule statement used to combine other rule statements with AND logic. You provide more than one `Statement` within the `AndStatement` .
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-andstatement.html}
  */
 export type AndStatement = {
     /**
      * The statements to combine with AND logic. You can use any statements that can be nested.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-andstatement.html#cfn-wafv2-webacl-andstatement-statements}
      */
     Statements: Statement[];
 };
@@ -230,6 +291,7 @@ export type AndStatement = {
  * > You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) .
  *
  * For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-associationconfig.html}
  */
 export type AssociationConfig = {
     /**
@@ -240,6 +302,7 @@ export type AssociationConfig = {
      * Example JSON: `{ "API_GATEWAY": "KB_48", "APP_RUNNER_SERVICE": "KB_32" }`
      *
      * For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-associationconfig.html#cfn-wafv2-webacl-associationconfig-requestbody}
      */
     RequestBody?: Record<string, RequestBodyAssociatedResourceTypeConfig> | undefined;
 };
@@ -247,12 +310,14 @@ export type AssociationConfig = {
  * Specifies that AWS WAF should block the request and optionally defines additional custom handling for the response to the web request.
  *
  * This is used in the context of other settings, for example to specify values for a rule action or a web ACL default action.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-blockaction.html}
  */
 export type BlockAction = {
     /**
      * Defines a custom response for the web request.
      *
      * For information about customizing web requests and responses, see [Customizing web requests and responses in AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html) in the *AWS WAF Developer Guide* .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-blockaction.html#cfn-wafv2-webacl-blockaction-customresponse}
      */
     CustomResponse?: CustomResponse | undefined;
 };
@@ -260,6 +325,7 @@ export type BlockAction = {
  * Inspect the body of the web request. The body immediately follows the request headers.
  *
  * This is used to indicate the web request component to inspect, in the `FieldToMatch` specification.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-body.html}
  */
 export type Body = {
     /**
@@ -280,19 +346,23 @@ export type Body = {
      * You can combine the `MATCH` or `NO_MATCH` settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.
      *
      * Default: `CONTINUE`
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-body.html#cfn-wafv2-webacl-body-oversizehandling}
      */
     OversizeHandling?: OversizeHandling | undefined;
 };
 /**
  * The inspection behavior to fall back to if the JSON in the request body is invalid.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-bodyparsingfallbackbehavior.html}
  */
 export type BodyParsingFallbackBehavior = "MATCH" | "NO_MATCH" | "EVALUATE_AS_STRING";
 /**
  * A rule statement that defines a string match search for AWS WAF to apply to web requests. The byte match statement provides the bytes to search for, the location in requests that you want AWS WAF to search, and other settings. The bytes to search for are typically a string that corresponds with ASCII characters. In the AWS WAF console and the developer guide, this is called a string match statement.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-bytematchstatement.html}
  */
 export type ByteMatchStatement = {
     /**
      * The part of the web request that you want AWS WAF to inspect.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-bytematchstatement.html#cfn-wafv2-webacl-bytematchstatement-fieldtomatch}
      */
     FieldToMatch: FieldToMatch;
     /**
@@ -320,6 +390,7 @@ export type ByteMatchStatement = {
      * *ENDS_WITH*
      *
      * The value of `SearchString` must appear at the end of the specified part of the web request.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-bytematchstatement.html#cfn-wafv2-webacl-bytematchstatement-positionalconstraint}
      */
     PositionalConstraint: PositionalConstraint;
     /**
@@ -330,16 +401,19 @@ export type ByteMatchStatement = {
      * For example, suppose the value of `Type` is `HEADER` and the value of `Data` is `User-Agent` . If you want to search the `User-Agent` header for the value `BadBot` , you provide the string `BadBot` in the value of `SearchString` .
      *
      * You must specify either `SearchString` or `SearchStringBase64` in a `ByteMatchStatement` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-bytematchstatement.html#cfn-wafv2-webacl-bytematchstatement-searchstring}
      */
     SearchString?: string | undefined;
     /**
      * String to search for in a web request component, base64-encoded. If you don't want to encode the string, specify the unencoded value in `SearchString` instead.
      *
      * You must specify either `SearchString` or `SearchStringBase64` in a `ByteMatchStatement` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-bytematchstatement.html#cfn-wafv2-webacl-bytematchstatement-searchstringbase64}
      */
     SearchStringBase64?: string | undefined;
     /**
      * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. If you specify one or more transformations in a rule statement, AWS WAF performs all transformations on the content of the request component identified by `FieldToMatch` , starting from the lowest priority setting, before inspecting the content for a match.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-bytematchstatement.html#cfn-wafv2-webacl-bytematchstatement-texttransformations}
      */
     TextTransformations: TextTransformation[];
 };
@@ -358,21 +432,25 @@ export type ByteMatchStatement = {
  * You can configure the expiration time in the `CaptchaConfig` `ImmunityTimeProperty` setting at the rule and web ACL level. The rule setting overrides the web ACL setting.
  *
  * This action option is available for rules. It isn't available for web ACL default actions.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-captchaaction.html}
  */
 export type CaptchaAction = {
     /**
      * Defines custom handling for the web request, used when the `CAPTCHA` inspection determines that the request's token is valid and unexpired.
      *
      * For information about customizing web requests and responses, see [Customizing web requests and responses in AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html) in the *AWS WAF Developer Guide* .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-captchaaction.html#cfn-wafv2-webacl-captchaaction-customrequesthandling}
      */
     CustomRequestHandling?: CustomRequestHandling | undefined;
 };
 /**
  * Specifies how AWS WAF should handle `CAPTCHA` evaluations for rules that don't have their own `CaptchaConfig` settings. If you don't specify this, AWS WAF uses its default settings for `CaptchaConfig` .
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-captchaconfig.html}
  */
 export type CaptchaConfig = {
     /**
      * Determines how long a `CAPTCHA` timestamp in the token remains valid after the client successfully solves a `CAPTCHA` puzzle.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-captchaconfig.html#cfn-wafv2-webacl-captchaconfig-immunitytimeproperty}
      */
     ImmunityTimeProperty?: ImmunityTimeProperty | undefined;
 };
@@ -397,21 +475,25 @@ export type CaptchaConfig = {
  * You can configure the expiration time in the `ChallengeConfig` `ImmunityTimeProperty` setting at the rule and web ACL level. The rule setting overrides the web ACL setting.
  *
  * This action option is available for rules. It isn't available for web ACL default actions.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-challengeaction.html}
  */
 export type ChallengeAction = {
     /**
      * Defines custom handling for the web request, used when the challenge inspection determines that the request's token is valid and unexpired.
      *
      * For information about customizing web requests and responses, see [Customizing web requests and responses in AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html) in the [AWS WAF developer guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-challengeaction.html#cfn-wafv2-webacl-challengeaction-customrequesthandling}
      */
     CustomRequestHandling?: CustomRequestHandling | undefined;
 };
 /**
  * Specifies how AWS WAF should handle `Challenge` evaluations. This is available at the web ACL level and in each rule.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-challengeconfig.html}
  */
 export type ChallengeConfig = {
     /**
      * Determines how long a challenge timestamp in the token remains valid after the client successfully responds to a challenge.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-challengeconfig.html#cfn-wafv2-webacl-challengeconfig-immunitytimeproperty}
      */
     ImmunityTimeProperty?: ImmunityTimeProperty | undefined;
 };
@@ -421,18 +503,22 @@ export type ChallengeConfig = {
  * You must specify exactly one setting: either `All` , `IncludedCookies` , or `ExcludedCookies` .
  *
  * Example JSON: `"MatchPattern": { "IncludedCookies": [ "session-id-time", "session-id" ] }`
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-cookiematchpattern.html}
  */
 export type CookieMatchPattern = {
     /**
      * Inspect all cookies.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-cookiematchpattern.html#cfn-wafv2-webacl-cookiematchpattern-all}
      */
     All?: Record<string, unknown> | undefined;
     /**
      * Inspect only the cookies whose keys don't match any of the strings specified here.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-cookiematchpattern.html#cfn-wafv2-webacl-cookiematchpattern-excludedcookies}
      */
     ExcludedCookies?: string[] | undefined;
     /**
      * Inspect only the cookies that have a key that matches one of the strings specified here.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-cookiematchpattern.html#cfn-wafv2-webacl-cookiematchpattern-includedcookies}
      */
     IncludedCookies?: string[] | undefined;
 };
@@ -442,6 +528,7 @@ export type CookieMatchPattern = {
  * This is used to indicate the web request component to inspect, in the `FieldToMatch` specification.
  *
  * Example JSON: `"Cookies": { "MatchPattern": { "All": {} }, "MatchScope": "KEY", "OversizeHandling": "MATCH" }`
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-cookies.html}
  */
 export type Cookies = {
     /**
@@ -450,12 +537,14 @@ export type Cookies = {
      * You must specify exactly one setting: either `All` , `IncludedCookies` , or `ExcludedCookies` .
      *
      * Example JSON: `"MatchPattern": { "IncludedCookies": [ "session-id-time", "session-id" ] }`
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-cookies.html#cfn-wafv2-webacl-cookies-matchpattern}
      */
     MatchPattern: CookieMatchPattern;
     /**
      * The parts of the cookies to inspect with the rule inspection criteria. If you specify `ALL` , AWS WAF inspects both keys and values.
      *
      * `All` does not require a match to be found in the keys and a match to be found in the values. It requires a match to be found in the keys or the values or both. To require a match in the keys and in the values, use a logical `AND` statement to combine two match rules, one that inspects the keys and another that inspects the values.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-cookies.html#cfn-wafv2-webacl-cookies-matchscope}
      */
     MatchScope: MapMatchScope;
     /**
@@ -466,6 +555,7 @@ export type Cookies = {
      * - `CONTINUE` - Inspect the available cookies normally, according to the rule inspection criteria.
      * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
      * - `NO_MATCH` - Treat the web request as not matching the rule statement.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-cookies.html#cfn-wafv2-webacl-cookies-oversizehandling}
      */
     OversizeHandling: OversizeHandling;
 };
@@ -473,27 +563,32 @@ export type Cookies = {
  * Specifies that AWS WAF should count the request. Optionally defines additional custom handling for the request.
  *
  * This is used in the context of other settings, for example to specify values for a rule action or a web ACL default action.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-countaction.html}
  */
 export type CountAction = {
     /**
      * Defines custom handling for the web request.
      *
      * For information about customizing web requests and responses, see [Customizing web requests and responses in AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html) in the *AWS WAF Developer Guide* .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-countaction.html#cfn-wafv2-webacl-countaction-customrequesthandling}
      */
     CustomRequestHandling?: CustomRequestHandling | undefined;
 };
 /**
  * A custom header for custom request and response handling. This is used in `CustomResponse` and `CustomRequestHandling` .
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customhttpheader.html}
  */
 export type CustomHTTPHeader = {
     /**
      * The name of the custom header.
      *
      * For custom request header insertion, when AWS WAF inserts the header into the request, it prefixes this name `x-amzn-waf-` , to avoid confusion with the headers that are already in the request. For example, for the header name `sample` , AWS WAF inserts the header `x-amzn-waf-sample` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customhttpheader.html#cfn-wafv2-webacl-customhttpheader-name}
      */
     Name: string;
     /**
      * The value of the custom header.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customhttpheader.html#cfn-wafv2-webacl-customhttpheader-value}
      */
     Value: string;
 };
@@ -501,12 +596,14 @@ export type CustomHTTPHeader = {
  * Custom request handling behavior that inserts custom headers into a web request. You can add custom request handling for AWS WAF to use when the rule action doesn't block the request. For example, `CaptchaAction` for requests with valid t okens, and `AllowAction` .
  *
  * For information about customizing web requests and responses, see [Customizing web requests and responses in AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html) in the *AWS WAF Developer Guide* .
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customrequesthandling.html}
  */
 export type CustomRequestHandling = {
     /**
      * The HTTP headers to insert into the request. Duplicate header names are not allowed.
      *
      * For information about the limits on count and size for custom request and response settings, see [AWS WAF quotas](https://docs.aws.amazon.com/waf/latest/developerguide/limits.html) in the *AWS WAF Developer Guide* .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customrequesthandling.html#cfn-wafv2-webacl-customrequesthandling-insertheaders}
      */
     InsertHeaders: CustomHTTPHeader[];
 };
@@ -514,28 +611,33 @@ export type CustomRequestHandling = {
  * A custom response to send to the client. You can define a custom response for rule actions and default web ACL actions that are set to the block action.
  *
  * For information about customizing web requests and responses, see [Customizing web requests and responses in AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html) in the [AWS WAF developer guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) .
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customresponse.html}
  */
 export type CustomResponse = {
     /**
      * References the response body that you want AWS WAF to return to the web request client. You can define a custom response for a rule action or a default web ACL action that is set to block. To do this, you first define the response body key and value in the `CustomResponseBodies` setting for the `WebACL` or `RuleGroup` where you want to use it. Then, in the rule action or web ACL default action `BlockAction` setting, you reference the response body using this key.
      * @pattern ^[\w\-]+$
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customresponse.html#cfn-wafv2-webacl-customresponse-customresponsebodykey}
      */
     CustomResponseBodyKey?: string | undefined;
     /**
      * The HTTP status code to return to the client.
      *
      * For a list of status codes that you can use in your custom responses, see [Supported status codes for custom response](https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html) in the *AWS WAF Developer Guide* .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customresponse.html#cfn-wafv2-webacl-customresponse-responsecode}
      */
     ResponseCode: number;
     /**
      * The HTTP headers to use in the response. You can specify any header name except for `content-type` . Duplicate header names are not allowed.
      *
      * For information about the limits on count and size for custom request and response settings, see [AWS WAF quotas](https://docs.aws.amazon.com/waf/latest/developerguide/limits.html) in the *AWS WAF Developer Guide* .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customresponse.html#cfn-wafv2-webacl-customresponse-responseheaders}
      */
     ResponseHeaders?: CustomHTTPHeader[] | undefined;
 };
 /**
  * The response body to use in a custom response to a web request. This is referenced by key from `CustomResponse` `CustomResponseBodyKey` .
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customresponsebody.html}
  */
 export type CustomResponseBody = {
     /**
@@ -544,22 +646,40 @@ export type CustomResponseBody = {
      * You can use JSON escape strings in JSON content. To do this, you must specify JSON content in the `ContentType` setting.
      *
      * For information about the limits on count and size for custom request and response settings, see [AWS WAF quotas](https://docs.aws.amazon.com/waf/latest/developerguide/limits.html) in the *AWS WAF Developer Guide* .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customresponsebody.html#cfn-wafv2-webacl-customresponsebody-content}
      */
     Content: string;
     /**
      * The type of content in the payload that you are defining in the `Content` string.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customresponsebody.html#cfn-wafv2-webacl-customresponsebody-contenttype}
      */
     ContentType: ResponseContentType;
 };
+/**
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-dataprotect.html}
+ */
 export type DataProtect = {
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-dataprotect.html#cfn-wafv2-webacl-dataprotect-action}
+     */
     Action: DataProtectionAction;
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-dataprotect.html#cfn-wafv2-webacl-dataprotect-excluderatebaseddetails}
+     */
     ExcludeRateBasedDetails?: boolean | undefined;
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-dataprotect.html#cfn-wafv2-webacl-dataprotect-excluderulematchdetails}
+     */
     ExcludeRuleMatchDetails?: boolean | undefined;
     /**
      * Field in log to protect.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-dataprotect.html#cfn-wafv2-webacl-dataprotect-field}
      */
     Field: FieldToProtect;
 };
+/**
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-dataprotectionaction.html}
+ */
 export type DataProtectionAction = "SUBSTITUTION" | "HASH";
 /**
  * Specifies data protection to apply to the web request data for the web ACL. This is a web ACL level data protection option.
@@ -567,35 +687,45 @@ export type DataProtectionAction = "SUBSTITUTION" | "HASH";
  * The data protection that you configure for the web ACL alters the data that's available for any other data collection activity, including your AWS WAF logging destinations, web ACL request sampling, and Amazon Security Lake data collection and management. Your other option for data protection is in the logging configuration, which only affects logging.
  *
  * This is part of the data protection configuration for a web ACL.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-dataprotectionconfig.html}
  */
 export type DataProtectionConfig = {
     /**
      * An array of data protection configurations for specific web request field types. This is defined for each web ACL. AWS WAF applies the specified protection to all web requests that the web ACL inspects.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-dataprotectionconfig.html#cfn-wafv2-webacl-dataprotectionconfig-dataprotections}
      */
     DataProtections: DataProtect[];
 };
 /**
  * In a `WebACL` , this is the action that you want AWS WAF to perform when a web request doesn't match any of the rules in the `WebACL` . The default action must be a terminating action.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-defaultaction.html}
  */
 export type DefaultAction = {
     /**
      * Specifies that AWS WAF should allow requests by default.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-defaultaction.html#cfn-wafv2-webacl-defaultaction-allow}
      */
     Allow?: AllowAction | undefined;
     /**
      * Specifies that AWS WAF should block requests by default.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-defaultaction.html#cfn-wafv2-webacl-defaultaction-block}
      */
     Block?: BlockAction | undefined;
 };
+/**
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-evaluationwindowsec.html}
+ */
 export type EvaluationWindowSec = 60 | 120 | 300 | 600;
 /**
  * Specifies a single rule in a rule group whose action you want to override to `Count` .
  *
  * > Instead of this option, use `RuleActionOverrides` . It accepts any valid action setting, including `Count` .
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-excludedrule.html}
  */
 export type ExcludedRule = {
     /**
      * The name of the rule whose action you want to override to `Count` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-excludedrule.html#cfn-wafv2-webacl-excludedrule-name}
      */
     Name: string;
 };
@@ -603,6 +733,7 @@ export type ExcludedRule = {
  * The identifier of a field in the web request payload that contains customer data.
  *
  * This data type is used to specify fields in the `RequestInspection` and `RequestInspectionACFP` configurations, which are used in the managed rule group configurations `AWSManagedRulesATPRuleSet` and `AWSManagedRulesACFPRuleSet` , respectively.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldidentifier.html}
  */
 export type FieldIdentifier = {
     /**
@@ -616,6 +747,7 @@ export type FieldIdentifier = {
      * @minLength 1
      * @maxLength 512
      * @pattern .*\S.*
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldidentifier.html#cfn-wafv2-webacl-fieldidentifier-identifier}
      */
     Identifier: string;
 };
@@ -636,10 +768,12 @@ export type FieldIdentifier = {
  * - Even though all `FieldToMatch` settings are available, the only valid settings for field redaction are `UriPath` , `QueryString` , `SingleHeader` , and `Method` .
  * - In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, but for field redaction, you are specifying the component type to redact from the logs.
  * - If you have request sampling enabled, the redacted fields configuration for logging has no impact on sampling. You can only exclude fields from request sampling by disabling sampling in the web ACL visibility configuration or by configuring data protection for the web ACL.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html}
  */
 export type FieldToMatch = {
     /**
      * Inspect all query arguments.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-allqueryarguments}
      */
     AllQueryArguments?: Record<string, unknown> | undefined;
     /**
@@ -652,18 +786,21 @@ export type FieldToMatch = {
      * - For AWS Amplify , use the CloudFront limit.
      *
      * For information about how to handle oversized request bodies, see the `Body` object configuration.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-body}
      */
     Body?: Body | undefined;
     /**
      * Inspect the request cookies. You must configure scope and pattern matching filters in the `Cookies` object, to define the set of cookies and the parts of the cookies that AWS WAF inspects.
      *
      * Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize cookie content in the `Cookies` object. AWS WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-cookies}
      */
     Cookies?: Cookies | undefined;
     /**
      * Inspect the request headers. You must configure scope and pattern matching filters in the `Headers` object, to define the set of headers to and the parts of the headers that AWS WAF inspects.
      *
      * Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize header content in the `Headers` object. AWS WAF applies the pattern matching filters to the headers that it receives from the underlying host service.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-headers}
      */
     Headers?: Headers | undefined;
     /**
@@ -674,6 +811,7 @@ export type FieldToMatch = {
      * You can obtain the JA3 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see [Log fields](https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html) in the *AWS WAF Developer Guide* .
      *
      * Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-ja3fingerprint}
      */
     JA3Fingerprint?: JA3Fingerprint | undefined;
     /**
@@ -684,6 +822,7 @@ export type FieldToMatch = {
      * You can obtain the JA4 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see [Log fields](https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html) in the *AWS WAF Developer Guide* .
      *
      * Provide the JA4 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-ja4fingerprint}
      */
     JA4Fingerprint?: JA4Fingerprint | undefined;
     /**
@@ -696,14 +835,17 @@ export type FieldToMatch = {
      * - For AWS Amplify , use the CloudFront limit.
      *
      * For information about how to handle oversized request bodies, see the `JsonBody` object configuration.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-jsonbody}
      */
     JsonBody?: JsonBody | undefined;
     /**
      * Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-method}
      */
     Method?: Record<string, unknown> | undefined;
     /**
      * Inspect the query string. This is the part of a URL that appears after a `?` character, if any.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-querystring}
      */
     QueryString?: Record<string, unknown> | undefined;
     /**
@@ -712,6 +854,7 @@ export type FieldToMatch = {
      * Example JSON: `"SingleHeader": { "Name": "haystack" }`
      *
      * Alternately, you can filter and inspect all headers with the `Headers` `FieldToMatch` setting.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-singleheader}
      */
     SingleHeader?: {
         Name: string;
@@ -720,6 +863,7 @@ export type FieldToMatch = {
      * Inspect a single query argument. Provide the name of the query argument to inspect, such as *UserName* or *SalesRegion* . The name can be up to 30 characters long and isn't case sensitive.
      *
      * Example JSON: `"SingleQueryArgument": { "Name": "myArgument" }`
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-singlequeryargument}
      */
     SingleQueryArgument?: {
         Name: string;
@@ -728,23 +872,28 @@ export type FieldToMatch = {
      * Inspect fragments of the request URI. You must configure scope and pattern matching filters in the `UriFragment` object, to define the fragment of a URI that AWS WAF inspects.
      *
      * Only the first 8 KB (8192 bytes) of a request's URI fragments and only the first 200 URI fragments are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize URI fragment content in the `UriFragment` object. AWS WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-urifragment}
      */
     UriFragment?: UriFragment | undefined;
     /**
      * Inspect the request URI path. This is the part of the web request that identifies a resource, for example, `/images/daily-ad.jpg` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-uripath}
      */
     UriPath?: Record<string, unknown> | undefined;
 };
 /**
  * Specifies a field type and keys to protect in stored web request data. This is part of the data protection configuration for a web ACL.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtoprotect.html}
  */
 export type FieldToProtect = {
     /**
      * Specifies the keys to protect for the specified field type. If you don't specify any key, then all keys for the field type are protected.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtoprotect.html#cfn-wafv2-webacl-fieldtoprotect-fieldkeys}
      */
     FieldKeys?: string[] | undefined;
     /**
      * Specifies the web request component type to protect.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtoprotect.html#cfn-wafv2-webacl-fieldtoprotect-fieldtype}
      */
     FieldType: "SINGLE_HEADER" | "SINGLE_COOKIE" | "SINGLE_QUERY_ARGUMENT" | "QUERY_STRING" | "BODY";
 };
@@ -756,6 +905,7 @@ export type FieldToProtect = {
  * This configuration is used for `GeoMatchStatement` and `RateBasedStatement` . For `IPSetReferenceStatement` , use `IPSetForwardedIPConfig` instead.
  *
  * AWS WAF only evaluates the first IP address found in the specified HTTP header.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-forwardedipconfiguration.html}
  */
 export type ForwardedIPConfiguration = {
     /**
@@ -767,6 +917,7 @@ export type ForwardedIPConfiguration = {
      *
      * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
      * - `NO_MATCH` - Treat the web request as not matching the rule statement.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-forwardedipconfiguration.html#cfn-wafv2-webacl-forwardedipconfiguration-fallbackbehavior}
      */
     FallbackBehavior: "MATCH" | "NO_MATCH";
     /**
@@ -774,6 +925,7 @@ export type ForwardedIPConfiguration = {
      *
      * > If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at all.
      * @pattern ^[a-zA-Z0-9-]+{1,255}$
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-forwardedipconfiguration.html#cfn-wafv2-webacl-forwardedipconfiguration-headername}
      */
     HeaderName: string;
 };
@@ -790,18 +942,21 @@ export type ForwardedIPConfiguration = {
  * If you use a forwarded IP address, the label formats are `awswaf:forwardedip:geo:region:<ISO country code>-<ISO region code>` and `awswaf:forwardedip:geo:country:<ISO country code>` .
  *
  * For additional details, see [Geographic match rule statement](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-geo-match.html) in the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) .
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-geomatchstatement.html}
  */
 export type GeoMatchStatement = {
     /**
      * An array of two-character country codes that you want to match against, for example, `[ "US", "CN" ]` , from the alpha-2 country ISO codes of the ISO 3166 international standard.
      *
      * When you use a geo match statement just for the region and country labels that it adds to requests, you still have to supply a country code for the rule to evaluate. In this case, you configure the rule to only count matching requests, but it will still generate logging and count metrics for any matches. You can reduce the logging and metrics that the rule produces by specifying a country that's unlikely to be a source of traffic to your site.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-geomatchstatement.html#cfn-wafv2-webacl-geomatchstatement-countrycodes}
      */
     CountryCodes?: string[] | undefined;
     /**
      * The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.
      *
      * > If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at all.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-geomatchstatement.html#cfn-wafv2-webacl-geomatchstatement-forwardedipconfig}
      */
     ForwardedIPConfig?: ForwardedIPConfiguration | undefined;
 };
@@ -811,18 +966,22 @@ export type GeoMatchStatement = {
  * You must specify exactly one setting: either `All` , `IncludedHeaders` , or `ExcludedHeaders` .
  *
  * Example JSON: `"MatchPattern": { "ExcludedHeaders": [ "KeyToExclude1", "KeyToExclude2" ] }`
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-headermatchpattern.html}
  */
 export type HeaderMatchPattern = {
     /**
      * Inspect all headers.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-headermatchpattern.html#cfn-wafv2-webacl-headermatchpattern-all}
      */
     All?: Record<string, unknown> | undefined;
     /**
      * Inspect only the headers whose keys don't match any of the strings specified here.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-headermatchpattern.html#cfn-wafv2-webacl-headermatchpattern-excludedheaders}
      */
     ExcludedHeaders?: string[] | undefined;
     /**
      * Inspect only the headers that have a key that matches one of the strings specified here.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-headermatchpattern.html#cfn-wafv2-webacl-headermatchpattern-includedheaders}
      */
     IncludedHeaders?: string[] | undefined;
 };
@@ -834,6 +993,7 @@ export type HeaderMatchPattern = {
  * If you want to inspect just the value of a single header, use the `SingleHeader` `FieldToMatch` setting instead.
  *
  * Example JSON: `"Headers": { "MatchPattern": { "All": {} }, "MatchScope": "KEY", "OversizeHandling": "MATCH" }`
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-headers.html}
  */
 export type Headers = {
     /**
@@ -842,22 +1002,25 @@ export type Headers = {
      * You must specify exactly one setting: either `All` , `IncludedHeaders` , or `ExcludedHeaders` .
      *
      * Example JSON: `"MatchPattern": { "ExcludedHeaders": [ "KeyToExclude1", "KeyToExclude2" ] }`
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-headers.html#cfn-wafv2-webacl-headers-matchpattern}
      */
     MatchPattern: HeaderMatchPattern;
     /**
      * The parts of the headers to match with the rule inspection criteria. If you specify `ALL` , AWS WAF inspects both keys and values.
      *
      * `All` does not require a match to be found in the keys and a match to be found in the values. It requires a match to be found in the keys or the values or both. To require a match in the keys and in the values, use a logical `AND` statement to combine two match rules, one that inspects the keys and another that inspects the values.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-headers.html#cfn-wafv2-webacl-headers-matchscope}
      */
     MatchScope: MapMatchScope;
     /**
-     * What AWS WAF should do if the headers of the request are more numerous or larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request headers when they exceed 8 KB (8192 bytes) or 200 total headers. The underlying host service forwards a maximum of 200 headers and at most 8 KB of header contents to AWS WAF .
+     * What AWS WAF should do if the headers determined by your match scope are more numerous or larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of request headers when they exceed 8 KB (8192 bytes) or 200 total headers. The underlying host service forwards a maximum of 200 headers and at most 8 KB of header contents to AWS WAF .
      *
      * The options for oversize handling are the following:
      *
      * - `CONTINUE` - Inspect the available headers normally, according to the rule inspection criteria.
      * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
      * - `NO_MATCH` - Treat the web request as not matching the rule statement.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-headers.html#cfn-wafv2-webacl-headers-oversizehandling}
      */
     OversizeHandling: OversizeHandling;
 };
@@ -867,6 +1030,7 @@ export type Headers = {
  * > If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at all.
  *
  * This configuration is used only for `IPSetReferenceStatement` . For `GeoMatchStatement` and `RateBasedStatement` , use `ForwardedIPConfig` instead.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ipsetforwardedipconfiguration.html}
  */
 export type IPSetForwardedIPConfiguration = {
     /**
@@ -878,6 +1042,7 @@ export type IPSetForwardedIPConfiguration = {
      *
      * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
      * - `NO_MATCH` - Treat the web request as not matching the rule statement.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ipsetforwardedipconfiguration.html#cfn-wafv2-webacl-ipsetforwardedipconfiguration-fallbackbehavior}
      */
     FallbackBehavior: "MATCH" | "NO_MATCH";
     /**
@@ -885,6 +1050,7 @@ export type IPSetForwardedIPConfiguration = {
      *
      * > If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at all.
      * @pattern ^[a-zA-Z0-9-]+{1,255}$
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ipsetforwardedipconfiguration.html#cfn-wafv2-webacl-ipsetforwardedipconfiguration-headername}
      */
     HeaderName: string;
     /**
@@ -895,6 +1061,7 @@ export type IPSetForwardedIPConfiguration = {
      * - FIRST - Inspect the first IP address in the list of IP addresses in the header. This is usually the client's original IP.
      * - LAST - Inspect the last IP address in the list of IP addresses in the header.
      * - ANY - Inspect all IP addresses in the header for a match. If the header contains more than 10 IP addresses, AWS WAF inspects the last 10.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ipsetforwardedipconfiguration.html#cfn-wafv2-webacl-ipsetforwardedipconfiguration-position}
      */
     Position: "FIRST" | "LAST" | "ANY";
 };
@@ -902,21 +1069,25 @@ export type IPSetForwardedIPConfiguration = {
  * A rule statement used to detect web requests coming from particular IP addresses or address ranges. To use this, create an `IPSet` that specifies the addresses you want to detect, then use the ARN of that set in this statement.
  *
  * Each IP set rule statement references an IP set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, AWS WAF automatically updates all rules that reference it.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ipsetreferencestatement.html}
  */
 export type IPSetReferenceStatement = {
     /**
      * The Amazon Resource Name (ARN) of the `IPSet` that this statement references.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ipsetreferencestatement.html#cfn-wafv2-webacl-ipsetreferencestatement-arn}
      */
     Arn: string;
     /**
      * The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.
      *
      * > If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at all.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ipsetreferencestatement.html#cfn-wafv2-webacl-ipsetreferencestatement-ipsetforwardedipconfig}
      */
     IPSetForwardedIPConfig?: IPSetForwardedIPConfiguration | undefined;
 };
 /**
  * Used for CAPTCHA and challenge token settings. Determines how long a `CAPTCHA` or challenge timestamp remains valid after AWS WAF updates it for a successful `CAPTCHA` or challenge response.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-immunitytimeproperty.html}
  */
 export type ImmunityTimeProperty = {
     /**
@@ -925,6 +1096,7 @@ export type ImmunityTimeProperty = {
      * For the Challenge action, the minimum setting is 300.
      * @min 60
      * @max 259200
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-immunitytimeproperty.html#cfn-wafv2-webacl-immunitytimeproperty-immunitytime}
      */
     ImmunityTime: number;
 };
@@ -936,6 +1108,7 @@ export type ImmunityTimeProperty = {
  * You can obtain the JA3 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see [Log fields](https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html) in the *AWS WAF Developer Guide* .
  *
  * Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ja3fingerprint.html}
  */
 export type JA3Fingerprint = {
     /**
@@ -945,6 +1118,7 @@ export type JA3Fingerprint = {
      *
      * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
      * - `NO_MATCH` - Treat the web request as not matching the rule statement.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ja3fingerprint.html#cfn-wafv2-webacl-ja3fingerprint-fallbackbehavior}
      */
     FallbackBehavior: "MATCH" | "NO_MATCH";
 };
@@ -956,6 +1130,7 @@ export type JA3Fingerprint = {
  * You can obtain the JA4 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see [Log fields](https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html) in the *AWS WAF Developer Guide* .
  *
  * Provide the JA4 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ja4fingerprint.html}
  */
 export type JA4Fingerprint = {
     /**
@@ -965,6 +1140,7 @@ export type JA4Fingerprint = {
      *
      * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
      * - `NO_MATCH` - Treat the web request as not matching the rule statement.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ja4fingerprint.html#cfn-wafv2-webacl-ja4fingerprint-fallbackbehavior}
      */
     FallbackBehavior: "MATCH" | "NO_MATCH";
 };
@@ -978,6 +1154,7 @@ export type JA4Fingerprint = {
  * Example JSON: `"JsonBody": { "MatchPattern": { "All": {} }, "MatchScope": "ALL" }`
  *
  * For additional information about this request component option, see [JSON body](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body) in the *AWS WAF Developer Guide* .
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-jsonbody.html}
  */
 export type JsonBody = {
     /**
@@ -990,16 +1167,19 @@ export type JsonBody = {
      * If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters.
      *
      * > AWS WAF parsing doesn't fully validate the input JSON string, so parsing can succeed even for invalid JSON. When parsing succeeds, AWS WAF doesn't apply the fallback behavior. For more information, see [JSON body](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body) in the *AWS WAF Developer Guide* .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-jsonbody.html#cfn-wafv2-webacl-jsonbody-invalidfallbackbehavior}
      */
     InvalidFallbackBehavior?: BodyParsingFallbackBehavior | undefined;
     /**
      * The patterns to look for in the JSON body. AWS WAF inspects the results of these pattern matches against the rule inspection criteria.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-jsonbody.html#cfn-wafv2-webacl-jsonbody-matchpattern}
      */
     MatchPattern: JsonMatchPattern;
     /**
      * The parts of the JSON to match against using the `MatchPattern` . If you specify `ALL` , AWS WAF matches against keys and values.
      *
      * `All` does not require a match to be found in the keys and a match to be found in the values. It requires a match to be found in the keys or the values or both. To require a match in the keys and in the values, use a logical `AND` statement to combine two match rules, one that inspects the keys and another that inspects the values.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-jsonbody.html#cfn-wafv2-webacl-jsonbody-matchscope}
      */
     MatchScope: JsonMatchScope;
     /**
@@ -1020,17 +1200,20 @@ export type JsonBody = {
      * You can combine the `MATCH` or `NO_MATCH` settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.
      *
      * Default: `CONTINUE`
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-jsonbody.html#cfn-wafv2-webacl-jsonbody-oversizehandling}
      */
     OversizeHandling?: OversizeHandling | undefined;
 };
 /**
  * The patterns to look for in the JSON body. AWS WAF inspects the results of these pattern matches against the rule inspection criteria. This is used with the `FieldToMatch` option `JsonBody` .
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-jsonmatchpattern.html}
  */
 export type JsonMatchPattern = {
     /**
      * Match all of the elements. See also `MatchScope` in the `JsonBody` `FieldToMatch` specification.
      *
      * You must specify either this setting or the `IncludedPaths` setting, but not both.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-jsonmatchpattern.html#cfn-wafv2-webacl-jsonmatchpattern-all}
      */
     All?: Record<string, unknown> | undefined;
     /**
@@ -1041,27 +1224,35 @@ export type JsonMatchPattern = {
      * You must specify either this setting or the `All` setting, but not both.
      *
      * > Don't use this option to include all paths. Instead, use the `All` setting.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-jsonmatchpattern.html#cfn-wafv2-webacl-jsonmatchpattern-includedpaths}
      */
     IncludedPaths?: string[] | undefined;
 };
 /**
  * The parts of the JSON to match against using the MatchPattern.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-jsonmatchscope.html}
  */
 export type JsonMatchScope = "ALL" | "KEY" | "VALUE";
 /**
  * A single label container. This is used as an element of a label array in `RuleLabels` inside a rule.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-label.html}
  */
 export type Label = {
     /**
      * The label string.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-label.html#cfn-wafv2-webacl-label-name}
      */
     Name: string;
 };
+/**
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-labelmatchscope.html}
+ */
 export type LabelMatchScope = "LABEL" | "NAMESPACE";
 /**
  * A rule statement to match against labels that have been added to the web request by rules that have already run in the web ACL.
  *
  * The label match statement provides the label or namespace string to search for. The label string can represent a part or all of the fully qualified label name that had been added to the web request. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label. If you do not provide the fully qualified name in your label match string, AWS WAF performs the search for labels that were added in the same context as the label match statement.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-labelmatchstatement.html}
  */
 export type LabelMatchStatement = {
     /**
@@ -1071,10 +1262,12 @@ export type LabelMatchStatement = {
      * - If the `Scope` indicates `NAMESPACE` , then this specification can include any number of contiguous namespace strings, and can include the entire label namespace prefix from the rule group or web ACL where the label originates.
      *
      * Labels are case sensitive and components of a label must be separated by colon, for example `NS1:NS2:name` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-labelmatchstatement.html#cfn-wafv2-webacl-labelmatchstatement-key}
      */
     Key: string;
     /**
      * Specify whether you want to match using the label name or just the namespace.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-labelmatchstatement.html#cfn-wafv2-webacl-labelmatchstatement-scope}
      */
     Scope: LabelMatchScope;
 };
@@ -1086,12 +1279,14 @@ export type LabelMatchStatement = {
  * - Use the `AWSManagedRulesACFPRuleSet` configuration object to configure the account creation fraud prevention managed rule group. The configuration includes the registration and sign-up pages of your application and the locations in the account creation request payload of data, such as the user email and phone number fields.
  * - Use the `AWSManagedRulesATPRuleSet` configuration object to configure the account takeover prevention managed rule group. The configuration includes the sign-in page of your application and the locations in the login request payload of data such as the username and password.
  * - Use the `AWSManagedRulesBotControlRuleSet` configuration object to configure the protection level that you want the Bot Control rule group to use.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupconfig.html}
  */
 export type ManagedRuleGroupConfig = {
     /**
      * Additional configuration for using the account creation fraud prevention (ACFP) managed rule group, `AWSManagedRulesACFPRuleSet` . Use this to provide account creation request information to the rule group. For web ACLs that protect CloudFront distributions, use this to also provide the information about how your distribution responds to account creation requests.
      *
      * For information about using the ACFP managed rule group, see [AWS WAF Fraud Control account creation fraud prevention (ACFP) rule group](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-acfp.html) and [AWS WAF Fraud Control account creation fraud prevention (ACFP)](https://docs.aws.amazon.com/waf/latest/developerguide/waf-acfp.html) in the *AWS WAF Developer Guide* .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupconfig.html#cfn-wafv2-webacl-managedrulegroupconfig-awsmanagedrulesacfpruleset}
      */
     AWSManagedRulesACFPRuleSet?: AWSManagedRulesACFPRuleSet | undefined;
     /**
@@ -1100,10 +1295,12 @@ export type ManagedRuleGroupConfig = {
      * This configuration replaces the individual configuration fields in `ManagedRuleGroupConfig` and provides additional feature configuration.
      *
      * For information about using the ATP managed rule group, see [AWS WAF Fraud Control account takeover prevention (ATP) rule group](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-atp.html) and [AWS WAF Fraud Control account takeover prevention (ATP)](https://docs.aws.amazon.com/waf/latest/developerguide/waf-atp.html) in the *AWS WAF Developer Guide* .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupconfig.html#cfn-wafv2-webacl-managedrulegroupconfig-awsmanagedrulesatpruleset}
      */
     AWSManagedRulesATPRuleSet?: AWSManagedRulesATPRuleSet | undefined;
     /**
      * Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. For information about using the Bot Control managed rule group, see [AWS WAF Bot Control rule group](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html) and [AWS WAF Bot Control](https://docs.aws.amazon.com/waf/latest/developerguide/waf-bot-control.html) in the *AWS WAF Developer Guide* .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupconfig.html#cfn-wafv2-webacl-managedrulegroupconfig-awsmanagedrulesbotcontrolruleset}
      */
     AWSManagedRulesBotControlRuleSet?: AWSManagedRulesBotControlRuleSet | undefined;
     /**
@@ -1111,18 +1308,22 @@ export type ManagedRuleGroupConfig = {
      * @minLength 1
      * @maxLength 256
      * @pattern .*\S.*
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupconfig.html#cfn-wafv2-webacl-managedrulegroupconfig-loginpath}
      */
     LoginPath?: string | undefined;
     /**
      * > Instead of this setting, provide your configuration under the request inspection configuration for `AWSManagedRulesATPRuleSet` or `AWSManagedRulesACFPRuleSet` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupconfig.html#cfn-wafv2-webacl-managedrulegroupconfig-passwordfield}
      */
     PasswordField?: FieldIdentifier | undefined;
     /**
      * > Instead of this setting, provide your configuration under the request inspection configuration for `AWSManagedRulesATPRuleSet` or `AWSManagedRulesACFPRuleSet` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupconfig.html#cfn-wafv2-webacl-managedrulegroupconfig-payloadtype}
      */
     PayloadType?: "JSON" | "FORM_ENCODED" | undefined;
     /**
      * > Instead of this setting, provide your configuration under the request inspection configuration for `AWSManagedRulesATPRuleSet` or `AWSManagedRulesACFPRuleSet` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupconfig.html#cfn-wafv2-webacl-managedrulegroupconfig-usernamefield}
      */
     UsernameField?: FieldIdentifier | undefined;
 };
@@ -1132,12 +1333,14 @@ export type ManagedRuleGroupConfig = {
  * You cannot nest a `ManagedRuleGroupStatement` , for example for use inside a `NotStatement` or `OrStatement` . You cannot use a managed rule group statement inside another rule group. You can only use a managed rule group statement as a top-level statement in a rule that you define in a web ACL.
  *
  * > You are charged additional fees when you use the AWS WAF Bot Control managed rule group `AWSManagedRulesBotControlRuleSet` , the AWS WAF Fraud Control account takeover prevention (ATP) managed rule group `AWSManagedRulesATPRuleSet` , or the AWS WAF Fraud Control account creation fraud prevention (ACFP) managed rule group `AWSManagedRulesACFPRuleSet` . For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) .
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html}
  */
 export type ManagedRuleGroupStatement = {
     /**
      * Rules in the referenced rule group whose actions are set to `Count` .
      *
      * > Instead of this option, use `RuleActionOverrides` . It accepts any valid action setting, including `Count` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-excludedrules}
      */
     ExcludedRules?: ExcludedRule[] | undefined;
     /**
@@ -1148,10 +1351,12 @@ export type ManagedRuleGroupStatement = {
      * - Use the `AWSManagedRulesACFPRuleSet` configuration object to configure the account creation fraud prevention managed rule group. The configuration includes the registration and sign-up pages of your application and the locations in the account creation request payload of data, such as the user email and phone number fields.
      * - Use the `AWSManagedRulesATPRuleSet` configuration object to configure the account takeover prevention managed rule group. The configuration includes the sign-in page of your application and the locations in the login request payload of data such as the username and password.
      * - Use the `AWSManagedRulesBotControlRuleSet` configuration object to configure the protection level that you want the Bot Control rule group to use.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-managedrulegroupconfigs}
      */
     ManagedRuleGroupConfigs?: ManagedRuleGroupConfig[] | undefined;
     /**
      * The name of the managed rule group. You use this, along with the vendor name, to identify the rule group.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-name}
      */
     Name: string;
     /**
@@ -1160,14 +1365,17 @@ export type ManagedRuleGroupStatement = {
      * > Take care to verify the rule names in your overrides. If you provide a rule name that doesn't match the name of any rule in the rule group, AWS WAF doesn't return an error and doesn't apply the override setting.
      *
      * You can use overrides for testing, for example you can override all of rule actions to `Count` and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-ruleactionoverrides}
      */
     RuleActionOverrides?: RuleActionOverride[] | undefined;
     /**
      * An optional nested statement that narrows the scope of the web requests that are evaluated by the managed rule group. Requests are only evaluated by the rule group if they match the scope-down statement. You can use any nestable `Statement` in the scope-down statement, and you can nest statements at any level, the same as you can for a rule statement.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-scopedownstatement}
      */
     ScopeDownStatement?: Statement | undefined;
     /**
      * The name of the managed rule group vendor. You use this, along with the rule group name, to identify a rule group.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-vendorname}
      */
     VendorName: string;
     /**
@@ -1175,28 +1383,34 @@ export type ManagedRuleGroupStatement = {
      * @minLength 1
      * @maxLength 64
      * @pattern ^[\w#:\.\-/]+$
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-version}
      */
     Version?: string | undefined;
 };
 /**
  * The parts of the request to match against using the MatchPattern.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-mapmatchscope.html}
  */
 export type MapMatchScope = "ALL" | "KEY" | "VALUE";
 /**
  * A logical rule statement used to negate the results of another rule statement. You provide one `Statement` within the `NotStatement` .
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-notstatement.html}
  */
 export type NotStatement = {
     /**
      * The statement to negate. You can use any statement that can be nested.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-notstatement.html#cfn-wafv2-webacl-notstatement-statement}
      */
     Statement: Statement;
 };
 /**
  * A logical rule statement used to combine other rule statements with OR logic. You provide more than one `Statement` within the `OrStatement` .
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-orstatement.html}
  */
 export type OrStatement = {
     /**
      * The statements to combine with OR logic. You can use any statements that can be nested.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-orstatement.html#cfn-wafv2-webacl-orstatement-statements}
      */
     Statements: Statement[];
 };
@@ -1206,25 +1420,30 @@ export type OrStatement = {
  * You can only use this for rule statements that reference a rule group, like `RuleGroupReferenceStatement` and `ManagedRuleGroupStatement` .
  *
  * > This option is usually set to none. It does not affect how the rules in the rule group are evaluated. If you want the rules in the rule group to only count matches, do not use this and instead use the rule action override option, with `Count` action, in your rule group reference statement settings.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-overrideaction.html}
  */
 export type OverrideAction = {
     /**
      * Override the rule group evaluation result to count only.
      *
      * > This option is usually set to none. It does not affect how the rules in the rule group are evaluated. If you want the rules in the rule group to only count matches, do not use this and instead use the rule action override option, with `Count` action, in your rule group reference statement settings.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-overrideaction.html#cfn-wafv2-webacl-overrideaction-count}
      */
     Count?: Record<string, unknown> | undefined;
     /**
      * Don't override the rule group evaluation result. This is the most common setting.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-overrideaction.html#cfn-wafv2-webacl-overrideaction-none}
      */
     None?: Record<string, unknown> | undefined;
 };
 /**
  * Handling of requests containing oversize fields
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-oversizehandling.html}
  */
 export type OversizeHandling = "CONTINUE" | "MATCH" | "NO_MATCH";
 /**
  * Position of the evaluation in the FieldToMatch of request.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-positionalconstraint.html}
  */
 export type PositionalConstraint = "EXACTLY" | "STARTS_WITH" | "ENDS_WITH" | "CONTAINS" | "CONTAINS_WORD";
 /**
@@ -1270,6 +1489,7 @@ export type PositionalConstraint = "EXACTLY" | "STARTS_WITH" | "ENDS_WITH" | "CO
  * If you only aggregate on the individual IP address or forwarded IP address, you can retrieve the list of IP addresses that AWS WAF is currently rate limiting for a rule through the API call `GetRateBasedStatementManagedKeys` . This option is not available for other aggregation configurations.
  *
  * AWS WAF tracks and manages web requests separately for each instance of a rate-based rule that you use. For example, if you provide the same rate-based rule settings in two web ACLs, each of the two rule statements represents a separate instance of the rate-based rule and gets its own tracking and management by AWS WAF . If you define a rate-based rule inside a rule group, and then use that rule group in multiple places, each use creates a separate instance of the rate-based rule that gets its own tracking and management by AWS WAF .
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatement.html}
  */
 export type RateBasedStatement = {
     /**
@@ -1293,10 +1513,12 @@ export type RateBasedStatement = {
      * - `IP` - Aggregate the request counts on the IP address from the web request origin.
      *
      * To aggregate on a combination of the IP address with other aggregate keys, use `CUSTOM_KEYS` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatement.html#cfn-wafv2-webacl-ratebasedstatement-aggregatekeytype}
      */
     AggregateKeyType: "CONSTANT" | "IP" | "FORWARDED_IP" | "CUSTOM_KEYS";
     /**
      * Specifies the aggregate keys to use in a rate-base rule.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatement.html#cfn-wafv2-webacl-ratebasedstatement-customkeys}
      */
     CustomKeys?: RateBasedStatementCustomKey[] | undefined;
     /**
@@ -1305,6 +1527,7 @@ export type RateBasedStatement = {
      * This setting doesn't determine how often AWS WAF checks the rate, but how far back it looks each time it checks. AWS WAF checks the rate about every 10 seconds.
      *
      * Default: `300` (5 minutes)
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatement.html#cfn-wafv2-webacl-ratebasedstatement-evaluationwindowsec}
      */
     EvaluationWindowSec?: EvaluationWindowSec | undefined;
     /**
@@ -1313,6 +1536,7 @@ export type RateBasedStatement = {
      * > If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at all.
      *
      * This is required if you specify a forwarded IP in the rule's aggregate key settings.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatement.html#cfn-wafv2-webacl-ratebasedstatement-forwardedipconfig}
      */
     ForwardedIPConfig?: ForwardedIPConfiguration | undefined;
     /**
@@ -1322,10 +1546,12 @@ export type RateBasedStatement = {
      *
      * - If you aggregate on just the IP address, this is the limit on requests from any single IP address.
      * - If you aggregate on the HTTP method and the query argument name "city", then this is the limit on requests for any single method, city pair.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatement.html#cfn-wafv2-webacl-ratebasedstatement-limit}
      */
     Limit: number;
     /**
      * An optional nested statement that narrows the scope of the web requests that are evaluated and managed by the rate-based statement. When you use a scope-down statement, the rate-based rule only tracks and rate limits requests that match the scope-down statement. You can use any nestable `Statement` in the scope-down statement, and you can nest statements at any level, the same as you can for a rule statement.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatement.html#cfn-wafv2-webacl-ratebasedstatement-scopedownstatement}
      */
     ScopeDownStatement?: Statement | undefined;
 };
@@ -1333,10 +1559,12 @@ export type RateBasedStatement = {
  * Specifies a single custom aggregate key for a rate-base rule.
  *
  * > Web requests that are missing any of the components specified in the aggregation keys are omitted from the rate-based rule evaluation and handling.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatementcustomkey.html}
  */
 export type RateBasedStatementCustomKey = {
     /**
      * Use the value of a cookie in the request as an aggregate key. Each distinct value in the cookie contributes to the aggregation instance. If you use a single cookie as your custom key, then each value fully defines an aggregation instance.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatementcustomkey.html#cfn-wafv2-webacl-ratebasedstatementcustomkey-cookie}
      */
     Cookie?: RateLimitCookie | undefined;
     /**
@@ -1345,28 +1573,34 @@ export type RateBasedStatementCustomKey = {
      * When you specify an IP or forwarded IP in the custom key settings, you must also specify at least one other key to use. You can aggregate on only the forwarded IP address by specifying `FORWARDED_IP` in your rate-based statement's `AggregateKeyType` .
      *
      * With this option, you must specify the header to use in the rate-based rule's `ForwardedIPConfig` property.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatementcustomkey.html#cfn-wafv2-webacl-ratebasedstatementcustomkey-forwardedip}
      */
     ForwardedIP?: Record<string, unknown> | undefined;
     /**
      * Use the request's HTTP method as an aggregate key. Each distinct HTTP method contributes to the aggregation instance. If you use just the HTTP method as your custom key, then each method fully defines an aggregation instance.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatementcustomkey.html#cfn-wafv2-webacl-ratebasedstatementcustomkey-httpmethod}
      */
     HTTPMethod?: Record<string, unknown> | undefined;
     /**
      * Use the value of a header in the request as an aggregate key. Each distinct value in the header contributes to the aggregation instance. If you use a single header as your custom key, then each value fully defines an aggregation instance.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatementcustomkey.html#cfn-wafv2-webacl-ratebasedstatementcustomkey-header}
      */
     Header?: RateLimitHeader | undefined;
     /**
      * Use the request's originating IP address as an aggregate key. Each distinct IP address contributes to the aggregation instance.
      *
      * When you specify an IP or forwarded IP in the custom key settings, you must also specify at least one other key to use. You can aggregate on only the IP address by specifying `IP` in your rate-based statement's `AggregateKeyType` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatementcustomkey.html#cfn-wafv2-webacl-ratebasedstatementcustomkey-ip}
      */
     IP?: Record<string, unknown> | undefined;
     /**
      * Use the request's JA3 fingerprint as an aggregate key. If you use a single JA3 fingerprint as your custom key, then each value fully defines an aggregation instance.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatementcustomkey.html#cfn-wafv2-webacl-ratebasedstatementcustomkey-ja3fingerprint}
      */
     JA3Fingerprint?: RateLimitJA3Fingerprint | undefined;
     /**
      * Use the request's JA4 fingerprint as an aggregate key. If you use a single JA4 fingerprint as your custom key, then each value fully defines an aggregation instance.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatementcustomkey.html#cfn-wafv2-webacl-ratebasedstatementcustomkey-ja4fingerprint}
      */
     JA4Fingerprint?: RateLimitJA4Fingerprint | undefined;
     /**
@@ -1375,23 +1609,28 @@ export type RateBasedStatementCustomKey = {
      * This uses only labels that have been added to the request by rules that are evaluated before this rate-based rule in the web ACL.
      *
      * For information about label namespaces and names, see [Label syntax and naming requirements](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-label-requirements.html) in the *AWS WAF Developer Guide* .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatementcustomkey.html#cfn-wafv2-webacl-ratebasedstatementcustomkey-labelnamespace}
      */
     LabelNamespace?: RateLimitLabelNamespace | undefined;
     /**
      * Use the specified query argument as an aggregate key. Each distinct value for the named query argument contributes to the aggregation instance. If you use a single query argument as your custom key, then each value fully defines an aggregation instance.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatementcustomkey.html#cfn-wafv2-webacl-ratebasedstatementcustomkey-queryargument}
      */
     QueryArgument?: RateLimitQueryArgument | undefined;
     /**
      * Use the request's query string as an aggregate key. Each distinct string contributes to the aggregation instance. If you use just the query string as your custom key, then each string fully defines an aggregation instance.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatementcustomkey.html#cfn-wafv2-webacl-ratebasedstatementcustomkey-querystring}
      */
     QueryString?: RateLimitQueryString | undefined;
     /**
      * Use the request's URI path as an aggregate key. Each distinct URI path contributes to the aggregation instance. If you use just the URI path as your custom key, then each URI path fully defines an aggregation instance.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatementcustomkey.html#cfn-wafv2-webacl-ratebasedstatementcustomkey-uripath}
      */
     UriPath?: RateLimitUriPath | undefined;
 };
 /**
  * Specifies a cookie as an aggregate key for a rate-based rule. Each distinct value in the cookie contributes to the aggregation instance. If you use a single cookie as your custom key, then each value fully defines an aggregation instance.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitcookie.html}
  */
 export type RateLimitCookie = {
     /**
@@ -1399,15 +1638,18 @@ export type RateLimitCookie = {
      * @minLength 1
      * @maxLength 64
      * @pattern .*\S.*
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitcookie.html#cfn-wafv2-webacl-ratelimitcookie-name}
      */
     Name: string;
     /**
      * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the `FieldToMatch` request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, AWS WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitcookie.html#cfn-wafv2-webacl-ratelimitcookie-texttransformations}
      */
     TextTransformations: TextTransformation[];
 };
 /**
  * Specifies a header as an aggregate key for a rate-based rule. Each distinct value in the header contributes to the aggregation instance. If you use a single header as your custom key, then each value fully defines an aggregation instance.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitheader.html}
  */
 export type RateLimitHeader = {
     /**
@@ -1415,15 +1657,18 @@ export type RateLimitHeader = {
      * @minLength 1
      * @maxLength 64
      * @pattern .*\S.*
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitheader.html#cfn-wafv2-webacl-ratelimitheader-name}
      */
     Name: string;
     /**
      * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the `FieldToMatch` request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, AWS WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitheader.html#cfn-wafv2-webacl-ratelimitheader-texttransformations}
      */
     TextTransformations: TextTransformation[];
 };
 /**
  * Use the request's JA3 fingerprint derived from the TLS Client Hello of an incoming request as an aggregate key. If you use a single JA3 fingerprint as your custom key, then each value fully defines an aggregation instance.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitja3fingerprint.html}
  */
 export type RateLimitJA3Fingerprint = {
     /**
@@ -1433,11 +1678,13 @@ export type RateLimitJA3Fingerprint = {
      *
      * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
      * - `NO_MATCH` - Treat the web request as not matching the rule statement.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitja3fingerprint.html#cfn-wafv2-webacl-ratelimitja3fingerprint-fallbackbehavior}
      */
     FallbackBehavior: "MATCH" | "NO_MATCH";
 };
 /**
  * Use the request's JA4 fingerprint derived from the TLS Client Hello of an incoming request as an aggregate key. If you use a single JA4 fingerprint as your custom key, then each value fully defines an aggregation instance.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitja4fingerprint.html}
  */
 export type RateLimitJA4Fingerprint = {
     /**
@@ -1447,6 +1694,7 @@ export type RateLimitJA4Fingerprint = {
      *
      * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
      * - `NO_MATCH` - Treat the web request as not matching the rule statement.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitja4fingerprint.html#cfn-wafv2-webacl-ratelimitja4fingerprint-fallbackbehavior}
      */
     FallbackBehavior: "MATCH" | "NO_MATCH";
 };
@@ -1456,16 +1704,19 @@ export type RateLimitJA4Fingerprint = {
  * This uses only labels that have been added to the request by rules that are evaluated before this rate-based rule in the web ACL.
  *
  * For information about label namespaces and names, see [Label syntax and naming requirements](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-label-requirements.html) in the *AWS WAF Developer Guide* .
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitlabelnamespace.html}
  */
 export type RateLimitLabelNamespace = {
     /**
      * The namespace to use for aggregation.
      * @pattern ^[0-9A-Za-z_:-]{1,1024}$
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitlabelnamespace.html#cfn-wafv2-webacl-ratelimitlabelnamespace-namespace}
      */
     Namespace: string;
 };
 /**
  * Specifies a query argument in the request as an aggregate key for a rate-based rule. Each distinct value for the named query argument contributes to the aggregation instance. If you use a single query argument as your custom key, then each value fully defines an aggregation instance.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitqueryargument.html}
  */
 export type RateLimitQueryArgument = {
     /**
@@ -1473,47 +1724,57 @@ export type RateLimitQueryArgument = {
      * @minLength 1
      * @maxLength 64
      * @pattern .*\S.*
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitqueryargument.html#cfn-wafv2-webacl-ratelimitqueryargument-name}
      */
     Name: string;
     /**
      * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the `FieldToMatch` request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, AWS WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitqueryargument.html#cfn-wafv2-webacl-ratelimitqueryargument-texttransformations}
      */
     TextTransformations: TextTransformation[];
 };
 /**
  * Specifies the request's query string as an aggregate key for a rate-based rule. Each distinct string contributes to the aggregation instance. If you use just the query string as your custom key, then each string fully defines an aggregation instance.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitquerystring.html}
  */
 export type RateLimitQueryString = {
     /**
      * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the `FieldToMatch` request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, AWS WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitquerystring.html#cfn-wafv2-webacl-ratelimitquerystring-texttransformations}
      */
     TextTransformations: TextTransformation[];
 };
 /**
  * Specifies the request's URI path as an aggregate key for a rate-based rule. Each distinct URI path contributes to the aggregation instance. If you use just the URI path as your custom key, then each URI path fully defines an aggregation instance.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimituripath.html}
  */
 export type RateLimitUriPath = {
     /**
      * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the `FieldToMatch` request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, AWS WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimituripath.html#cfn-wafv2-webacl-ratelimituripath-texttransformations}
      */
     TextTransformations: TextTransformation[];
 };
 /**
  * A rule statement used to search web request components for a match against a single regular expression.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-regexmatchstatement.html}
  */
 export type RegexMatchStatement = {
     /**
      * The part of the web request that you want AWS WAF to inspect.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-regexmatchstatement.html#cfn-wafv2-webacl-regexmatchstatement-fieldtomatch}
      */
     FieldToMatch: FieldToMatch;
     /**
      * The string representing the regular expression.
      * @minLength 1
      * @maxLength 512
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-regexmatchstatement.html#cfn-wafv2-webacl-regexmatchstatement-regexstring}
      */
     RegexString: string;
     /**
      * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. If you specify one or more transformations in a rule statement, AWS WAF performs all transformations on the content of the request component identified by `FieldToMatch` , starting from the lowest priority setting, before inspecting the content for a match.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-regexmatchstatement.html#cfn-wafv2-webacl-regexmatchstatement-texttransformations}
      */
     TextTransformations: TextTransformation[];
 };
@@ -1521,18 +1782,22 @@ export type RegexMatchStatement = {
  * A rule statement used to search web request components for matches with regular expressions. To use this, create a `RegexPatternSet` that specifies the expressions that you want to detect, then use that set in this statement. A web request matches the pattern set rule statement if the request component matches any of the patterns in the set.
  *
  * Each regex pattern set rule statement references a regex pattern set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, AWS WAF automatically updates all rules that reference it.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-regexpatternsetreferencestatement.html}
  */
 export type RegexPatternSetReferenceStatement = {
     /**
      * The Amazon Resource Name (ARN) of the `RegexPatternSet` that this statement references.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-regexpatternsetreferencestatement.html#cfn-wafv2-webacl-regexpatternsetreferencestatement-arn}
      */
     Arn: string;
     /**
      * The part of the web request that you want AWS WAF to inspect.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-regexpatternsetreferencestatement.html#cfn-wafv2-webacl-regexpatternsetreferencestatement-fieldtomatch}
      */
     FieldToMatch: FieldToMatch;
     /**
      * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. If you specify one or more transformations in a rule statement, AWS WAF performs all transformations on the content of the request component identified by `FieldToMatch` , starting from the lowest priority setting, before inspecting the content for a match.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-regexpatternsetreferencestatement.html#cfn-wafv2-webacl-regexpatternsetreferencestatement-texttransformations}
      */
     TextTransformations: TextTransformation[];
 };
@@ -1546,12 +1811,14 @@ export type RegexPatternSetReferenceStatement = {
  * For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
  *
  * This is used in the `AssociationConfig` of the web ACL.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-requestbodyassociatedresourcetypeconfig.html}
  */
 export type RequestBodyAssociatedResourceTypeConfig = {
     /**
      * Specifies the maximum size of the web request body component that an associated CloudFront, API Gateway, Amazon Cognito, App Runner, or Verified Access resource should send to AWS WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body.
      *
      * Default: `16 KB (16,384 bytes)`
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-requestbodyassociatedresourcetypeconfig.html#cfn-wafv2-webacl-requestbodyassociatedresourcetypeconfig-defaultsizeinspectionlimit}
      */
     DefaultSizeInspectionLimit: SizeInspectionLimit;
 };
@@ -1561,6 +1828,7 @@ export type RequestBodyAssociatedResourceTypeConfig = {
  * This is part of the `AWSManagedRulesATPRuleSet` configuration in `ManagedRuleGroupConfig` .
  *
  * In these settings, you specify how your application accepts login attempts by providing the request payload type and the names of the fields within the request body where the username and password are provided.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-requestinspection.html}
  */
 export type RequestInspection = {
     /**
@@ -1574,10 +1842,12 @@ export type RequestInspection = {
      * - For form encoded payload types, use the HTML form names.
      *
      * For example, for an HTML form with the input element named `password1` , the password field specification is `password1` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-requestinspection.html#cfn-wafv2-webacl-requestinspection-passwordfield}
      */
     PasswordField: FieldIdentifier;
     /**
      * The payload type for your login endpoint, either JSON or form encoded.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-requestinspection.html#cfn-wafv2-webacl-requestinspection-payloadtype}
      */
     PayloadType: "JSON" | "FORM_ENCODED";
     /**
@@ -1591,6 +1861,7 @@ export type RequestInspection = {
      * - For form encoded payload types, use the HTML form names.
      *
      * For example, for an HTML form with the input element named `username1` , the username field specification is `username1`
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-requestinspection.html#cfn-wafv2-webacl-requestinspection-usernamefield}
      */
     UsernameField: FieldIdentifier;
 };
@@ -1600,6 +1871,7 @@ export type RequestInspection = {
  * This is part of the `AWSManagedRulesACFPRuleSet` configuration in `ManagedRuleGroupConfig` .
  *
  * In these settings, you specify how your application accepts account creation attempts by providing the request payload type and the names of the fields within the request body where the username, password, email, and primary address and phone number fields are provided.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-requestinspectionacfp.html}
  */
 export type RequestInspectionACFP = {
     /**
@@ -1615,6 +1887,7 @@ export type RequestInspectionACFP = {
      * - For form encoded payload types, use the HTML form names.
      *
      * For example, for an HTML form with input elements named `primaryaddressline1` , `primaryaddressline2` , and `primaryaddressline3` , the address fields identifiers are `primaryaddressline1` , `primaryaddressline2` , and `primaryaddressline3` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-requestinspectionacfp.html#cfn-wafv2-webacl-requestinspectionacfp-addressfields}
      */
     AddressFields?: FieldIdentifier[] | undefined;
     /**
@@ -1628,6 +1901,7 @@ export type RequestInspectionACFP = {
      * - For form encoded payload types, use the HTML form names.
      *
      * For example, for an HTML form with the input element named `email1` , the email field specification is `email1` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-requestinspectionacfp.html#cfn-wafv2-webacl-requestinspectionacfp-emailfield}
      */
     EmailField?: FieldIdentifier | undefined;
     /**
@@ -1641,10 +1915,12 @@ export type RequestInspectionACFP = {
      * - For form encoded payload types, use the HTML form names.
      *
      * For example, for an HTML form with the input element named `password1` , the password field specification is `password1` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-requestinspectionacfp.html#cfn-wafv2-webacl-requestinspectionacfp-passwordfield}
      */
     PasswordField?: FieldIdentifier | undefined;
     /**
      * The payload type for your account creation endpoint, either JSON or form encoded.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-requestinspectionacfp.html#cfn-wafv2-webacl-requestinspectionacfp-payloadtype}
      */
     PayloadType: "JSON" | "FORM_ENCODED";
     /**
@@ -1660,6 +1936,7 @@ export type RequestInspectionACFP = {
      * - For form encoded payload types, use the HTML form names.
      *
      * For example, for an HTML form with input elements named `primaryphoneline1` , `primaryphoneline2` , and `primaryphoneline3` , the phone number field identifiers are `primaryphoneline1` , `primaryphoneline2` , and `primaryphoneline3` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-requestinspectionacfp.html#cfn-wafv2-webacl-requestinspectionacfp-phonenumberfields}
      */
     PhoneNumberFields?: FieldIdentifier[] | undefined;
     /**
@@ -1673,11 +1950,13 @@ export type RequestInspectionACFP = {
      * - For form encoded payload types, use the HTML form names.
      *
      * For example, for an HTML form with the input element named `username1` , the username field specification is `username1`
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-requestinspectionacfp.html#cfn-wafv2-webacl-requestinspectionacfp-usernamefield}
      */
     UsernameField?: FieldIdentifier | undefined;
 };
 /**
  * Valid values are TEXT_PLAIN, TEXT_HTML, and APPLICATION_JSON.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-responsecontenttype.html}
  */
 export type ResponseContentType = "TEXT_PLAIN" | "TEXT_HTML" | "APPLICATION_JSON";
 /**
@@ -1690,22 +1969,27 @@ export type ResponseContentType = "TEXT_PLAIN" | "TEXT_HTML" | "APPLICATION_JSON
  * This is part of the `AWSManagedRulesATPRuleSet` and `AWSManagedRulesACFPRuleSet` configurations in `ManagedRuleGroupConfig` .
  *
  * Enable response inspection by configuring exactly one component of the response to inspect, for example, `Header` or `StatusCode` . You can't configure more than one component for inspection. If you don't configure any of the response inspection options, response inspection is disabled.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-responseinspection.html}
  */
 export type ResponseInspection = {
     /**
      * Configures inspection of the response body for success and failure indicators. AWS WAF can inspect the first 65,536 bytes (64 KB) of the response body.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-responseinspection.html#cfn-wafv2-webacl-responseinspection-bodycontains}
      */
     BodyContains?: ResponseInspectionBodyContains | undefined;
     /**
      * Configures inspection of the response header for success and failure indicators.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-responseinspection.html#cfn-wafv2-webacl-responseinspection-header}
      */
     Header?: ResponseInspectionHeader | undefined;
     /**
      * Configures inspection of the response JSON for success and failure indicators. AWS WAF can inspect the first 65,536 bytes (64 KB) of the response JSON.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-responseinspection.html#cfn-wafv2-webacl-responseinspection-json}
      */
     Json?: ResponseInspectionJson | undefined;
     /**
      * Configures inspection of the response status code for success and failure indicators.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-responseinspection.html#cfn-wafv2-webacl-responseinspection-statuscode}
      */
     StatusCode?: ResponseInspectionStatusCode | undefined;
 };
@@ -1713,18 +1997,21 @@ export type ResponseInspection = {
  * Configures inspection of the response body. AWS WAF can inspect the first 65,536 bytes (64 KB) of the response body. This is part of the `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet` and `AWSManagedRulesACFPRuleSet` .
  *
  * > Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-responseinspectionbodycontains.html}
  */
 export type ResponseInspectionBodyContains = {
     /**
      * Strings in the body of the response that indicate a failed login or account creation attempt. To be counted as a failure, the string can be anywhere in the body and must be an exact match, including case. Each string must be unique among the success and failure strings.
      *
      * JSON example: `"FailureStrings": [ "Request failed" ]`
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-responseinspectionbodycontains.html#cfn-wafv2-webacl-responseinspectionbodycontains-failurestrings}
      */
     FailureStrings: string[];
     /**
      * Strings in the body of the response that indicate a successful login or account creation attempt. To be counted as a success, the string can be anywhere in the body and must be an exact match, including case. Each string must be unique among the success and failure strings.
      *
      * JSON examples: `"SuccessStrings": [ "Login successful" ]` and `"SuccessStrings": [ "Account creation successful", "Welcome to our site!" ]`
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-responseinspectionbodycontains.html#cfn-wafv2-webacl-responseinspectionbodycontains-successstrings}
      */
     SuccessStrings: string[];
 };
@@ -1732,12 +2019,14 @@ export type ResponseInspectionBodyContains = {
  * Configures inspection of the response header. This is part of the `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet` and `AWSManagedRulesACFPRuleSet` .
  *
  * > Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-responseinspectionheader.html}
  */
 export type ResponseInspectionHeader = {
     /**
      * Values in the response header with the specified name that indicate a failed login or account creation attempt. To be counted as a failure, the value must be an exact match, including case. Each value must be unique among the success and failure values.
      *
      * JSON examples: `"FailureValues": [ "LoginFailed", "Failed login" ]` and `"FailureValues": [ "AccountCreationFailed" ]`
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-responseinspectionheader.html#cfn-wafv2-webacl-responseinspectionheader-failurevalues}
      */
     FailureValues: string[];
     /**
@@ -1747,12 +2036,14 @@ export type ResponseInspectionHeader = {
      * @minLength 1
      * @maxLength 200
      * @pattern .*\S.*
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-responseinspectionheader.html#cfn-wafv2-webacl-responseinspectionheader-name}
      */
     Name: string;
     /**
      * Values in the response header with the specified name that indicate a successful login or account creation attempt. To be counted as a success, the value must be an exact match, including case. Each value must be unique among the success and failure values.
      *
      * JSON examples: `"SuccessValues": [ "LoginPassed", "Successful login" ]` and `"SuccessValues": [ "AccountCreated", "Successful account creation" ]`
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-responseinspectionheader.html#cfn-wafv2-webacl-responseinspectionheader-successvalues}
      */
     SuccessValues: string[];
 };
@@ -1760,12 +2051,14 @@ export type ResponseInspectionHeader = {
  * Configures inspection of the response JSON. AWS WAF can inspect the first 65,536 bytes (64 KB) of the response JSON. This is part of the `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet` and `AWSManagedRulesACFPRuleSet` .
  *
  * > Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-responseinspectionjson.html}
  */
 export type ResponseInspectionJson = {
     /**
      * Values for the specified identifier in the response JSON that indicate a failed login or account creation attempt. To be counted as a failure, the value must be an exact match, including case. Each value must be unique among the success and failure values.
      *
      * JSON example: `"FailureValues": [ "False", "Failed" ]`
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-responseinspectionjson.html#cfn-wafv2-webacl-responseinspectionjson-failurevalues}
      */
     FailureValues: string[];
     /**
@@ -1775,12 +2068,14 @@ export type ResponseInspectionJson = {
      * @minLength 1
      * @maxLength 512
      * @pattern .*\S.*
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-responseinspectionjson.html#cfn-wafv2-webacl-responseinspectionjson-identifier}
      */
     Identifier: string;
     /**
      * Values for the specified identifier in the response JSON that indicate a successful login or account creation attempt. To be counted as a success, the value must be an exact match, including case. Each value must be unique among the success and failure values.
      *
      * JSON example: `"SuccessValues": [ "True", "Succeeded" ]`
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-responseinspectionjson.html#cfn-wafv2-webacl-responseinspectionjson-successvalues}
      */
     SuccessValues: string[];
 };
@@ -1788,23 +2083,27 @@ export type ResponseInspectionJson = {
  * Configures inspection of the response status code. This is part of the `ResponseInspection` configuration for `AWSManagedRulesATPRuleSet` and `AWSManagedRulesACFPRuleSet` .
  *
  * > Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-responseinspectionstatuscode.html}
  */
 export type ResponseInspectionStatusCode = {
     /**
      * Status codes in the response that indicate a failed login or account creation attempt. To be counted as a failure, the response status code must match one of these. Each code must be unique among the success and failure status codes.
      *
      * JSON example: `"FailureCodes": [ 400, 404 ]`
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-responseinspectionstatuscode.html#cfn-wafv2-webacl-responseinspectionstatuscode-failurecodes}
      */
     FailureCodes: number[];
     /**
      * Status codes in the response that indicate a successful login or account creation attempt. To be counted as a success, the response status code must match one of these. Each code must be unique among the success and failure status codes.
      *
      * JSON example: `"SuccessCodes": [ 200, 201 ]`
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-responseinspectionstatuscode.html#cfn-wafv2-webacl-responseinspectionstatuscode-successcodes}
      */
     SuccessCodes: number[];
 };
 /**
  * A single rule, which you can use in a `WebACL` or `RuleGroup` to identify web requests that you want to manage in some way. Each rule includes one top-level `Statement` that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-rule.html}
  */
 export type Rule = {
     /**
@@ -1816,20 +2115,24 @@ export type Rule = {
      *
      * - If the rule statement doesn't reference a rule group, you must set this rule action setting and you must not set the rule's override action setting.
      * - If the rule statement references a rule group, you must not set this action setting, because the actions are already set on the rules inside the rule group. You must set the rule's override action setting to indicate specifically whether to override the actions that are set on the rules in the rule group.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-rule.html#cfn-wafv2-webacl-rule-action}
      */
     Action?: RuleAction | undefined;
     /**
      * Specifies how AWS WAF should handle `CAPTCHA` evaluations. If you don't specify this, AWS WAF uses the `CAPTCHA` configuration that's defined for the web ACL.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-rule.html#cfn-wafv2-webacl-rule-captchaconfig}
      */
     CaptchaConfig?: CaptchaConfig | undefined;
     /**
      * Specifies how AWS WAF should handle `Challenge` evaluations. If you don't specify this, AWS WAF uses the challenge configuration that's defined for the web ACL.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-rule.html#cfn-wafv2-webacl-rule-challengeconfig}
      */
     ChallengeConfig?: ChallengeConfig | undefined;
     /**
      * The name of the rule.
      *
      * If you change the name of a `Rule` after you create it and you want the rule's metric name to reflect the change, update the metric name in the rule's `VisibilityConfig` settings. AWS WAF doesn't automatically update the metric name when you update the rule name.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-rule.html#cfn-wafv2-webacl-rule-name}
      */
     Name: string;
     /**
@@ -1841,10 +2144,12 @@ export type Rule = {
      *
      * - If the rule statement references a rule group, you must set this override action setting and you must not set the rule's action setting.
      * - If the rule statement doesn't reference a rule group, you must set the rule action setting and you must not set the rule's override action setting.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-rule.html#cfn-wafv2-webacl-rule-overrideaction}
      */
     OverrideAction?: OverrideAction | undefined;
     /**
      * If you define more than one `Rule` in a `WebACL` , AWS WAF evaluates each request against the `Rules` in order based on the value of `Priority` . AWS WAF processes rules with lower priority first. The priorities don't need to be consecutive, but they must all be different.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-rule.html#cfn-wafv2-webacl-rule-priority}
      */
     Priority: number;
     /**
@@ -1862,29 +2167,35 @@ export type Rule = {
      * - Don't use the following reserved words in your label specification: `aws` , `waf` , `managed` , `rulegroup` , `webacl` , `regexpatternset` , or `ipset` .
      *
      * For example, `myLabelName` or `nameSpace1:nameSpace2:myLabelName` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-rule.html#cfn-wafv2-webacl-rule-rulelabels}
      */
     RuleLabels?: Label[] | undefined;
     /**
      * The AWS WAF processing statement for the rule, for example `ByteMatchStatement` or `SizeConstraintStatement` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-rule.html#cfn-wafv2-webacl-rule-statement}
      */
     Statement: Statement;
     /**
      * Defines and enables Amazon CloudWatch metrics and web request sample collection.
      *
      * If you change the name of a `Rule` after you create it and you want the rule's metric name to reflect the change, update the metric name as well. AWS WAF doesn't automatically update the metric name.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-rule.html#cfn-wafv2-webacl-rule-visibilityconfig}
      */
     VisibilityConfig: VisibilityConfig;
 };
 /**
  * The action that AWS WAF should take on a web request when it matches a rule's statement. Settings at the web ACL level can override the rule action setting.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ruleaction.html}
  */
 export type RuleAction = {
     /**
      * Instructs AWS WAF to allow the web request.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ruleaction.html#cfn-wafv2-webacl-ruleaction-allow}
      */
     Allow?: AllowAction | undefined;
     /**
      * Instructs AWS WAF to block the web request.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ruleaction.html#cfn-wafv2-webacl-ruleaction-block}
      */
     Block?: BlockAction | undefined;
     /**
@@ -1902,14 +2213,17 @@ export type RuleAction = {
      * You can configure the expiration time in the `CaptchaConfig` `ImmunityTimeProperty` setting at the rule and web ACL level. The rule setting overrides the web ACL setting.
      *
      * This action option is available for rules. It isn't available for web ACL default actions.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ruleaction.html#cfn-wafv2-webacl-ruleaction-captcha}
      */
     Captcha?: CaptchaAction | undefined;
     /**
      * Instructs AWS WAF to run a `Challenge` check against the web request.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ruleaction.html#cfn-wafv2-webacl-ruleaction-challenge}
      */
     Challenge?: ChallengeAction | undefined;
     /**
      * Instructs AWS WAF to count the web request and then continue evaluating the request using the remaining rules in the web ACL.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ruleaction.html#cfn-wafv2-webacl-ruleaction-count}
      */
     Count?: CountAction | undefined;
 };
@@ -1917,14 +2231,17 @@ export type RuleAction = {
  * Action setting to use in the place of a rule action that is configured inside the rule group. You specify one override for each rule whose action you want to change.
  *
  * You can use overrides for testing, for example you can override all of rule actions to `Count` and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ruleactionoverride.html}
  */
 export type RuleActionOverride = {
     /**
      * The override action to use, in place of the configured action of the rule in the rule group.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ruleactionoverride.html#cfn-wafv2-webacl-ruleactionoverride-actiontouse}
      */
     ActionToUse: RuleAction;
     /**
      * The name of the rule to override.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ruleactionoverride.html#cfn-wafv2-webacl-ruleactionoverride-name}
      */
     Name: string;
 };
@@ -1932,16 +2249,19 @@ export type RuleActionOverride = {
  * A rule statement used to run the rules that are defined in a `RuleGroup` . To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.
  *
  * You cannot nest a `RuleGroupReferenceStatement` , for example for use inside a `NotStatement` or `OrStatement` . You cannot use a rule group reference statement inside another rule group. You can only reference a rule group as a top-level statement within a rule that you define in a web ACL.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-rulegroupreferencestatement.html}
  */
 export type RuleGroupReferenceStatement = {
     /**
      * The Amazon Resource Name (ARN) of the entity.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-rulegroupreferencestatement.html#cfn-wafv2-webacl-rulegroupreferencestatement-arn}
      */
     Arn: string;
     /**
      * Rules in the referenced rule group whose actions are set to `Count` .
      *
      * > Instead of this option, use `RuleActionOverrides` . It accepts any valid action setting, including `Count` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-rulegroupreferencestatement.html#cfn-wafv2-webacl-rulegroupreferencestatement-excludedrules}
      */
     ExcludedRules?: ExcludedRule[] | undefined;
     /**
@@ -1950,15 +2270,18 @@ export type RuleGroupReferenceStatement = {
      * > Take care to verify the rule names in your overrides. If you provide a rule name that doesn't match the name of any rule in the rule group, AWS WAF doesn't return an error and doesn't apply the override setting.
      *
      * You can use overrides for testing, for example you can override all of rule actions to `Count` and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-rulegroupreferencestatement.html#cfn-wafv2-webacl-rulegroupreferencestatement-ruleactionoverrides}
      */
     RuleActionOverrides?: RuleActionOverride[] | undefined;
 };
 /**
  * Use CLOUDFRONT for CloudFront WebACL, use REGIONAL for Application Load Balancer and API Gateway.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-scope.html}
  */
 export type Scope = "CLOUDFRONT" | "REGIONAL";
 /**
  * Sensitivity Level current only used for sqli match statements.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-sensitivitylevel.html}
  */
 export type SensitivityLevel = "LOW" | "HIGH";
 /**
@@ -1967,34 +2290,44 @@ export type SensitivityLevel = "LOW" | "HIGH";
  * If you configure AWS WAF to inspect the request body, AWS WAF inspects only the number of bytes in the body up to the limit for the web ACL and protected resource type. If you know that the request body for your web requests should never exceed the inspection limit, you can use a size constraint statement to block requests that have a larger request body size. For more information about the inspection limits, see `Body` and `JsonBody` settings for the `FieldToMatch` data type.
  *
  * If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI `/logo.jpg` is nine characters long.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-sizeconstraintstatement.html}
  */
 export type SizeConstraintStatement = {
     /**
      * The operator to use to compare the request part to the size setting.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-sizeconstraintstatement.html#cfn-wafv2-webacl-sizeconstraintstatement-comparisonoperator}
      */
     ComparisonOperator: "EQ" | "NE" | "LE" | "LT" | "GE" | "GT";
     /**
      * The part of the web request that you want AWS WAF to inspect.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-sizeconstraintstatement.html#cfn-wafv2-webacl-sizeconstraintstatement-fieldtomatch}
      */
     FieldToMatch: FieldToMatch;
     /**
      * The size, in byte, to compare to the request part, after any transformations.
      * @min 0
      * @max 21474836480
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-sizeconstraintstatement.html#cfn-wafv2-webacl-sizeconstraintstatement-size}
      */
     Size: number;
     /**
      * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. If you specify one or more transformations in a rule statement, AWS WAF performs all transformations on the content of the request component identified by `FieldToMatch` , starting from the lowest priority setting, before inspecting the content for a match.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-sizeconstraintstatement.html#cfn-wafv2-webacl-sizeconstraintstatement-texttransformations}
      */
     TextTransformations: TextTransformation[];
 };
+/**
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-sizeinspectionlimit.html}
+ */
 export type SizeInspectionLimit = "KB_16" | "KB_32" | "KB_48" | "KB_64";
 /**
  * A rule statement that inspects for malicious SQL code. Attackers insert malicious SQL code into web requests to do things like modify your database or extract data from it.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-sqlimatchstatement.html}
  */
 export type SqliMatchStatement = {
     /**
      * The part of the web request that you want AWS WAF to inspect.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-sqlimatchstatement.html#cfn-wafv2-webacl-sqlimatchstatement-fieldtomatch}
      */
     FieldToMatch: FieldToMatch;
     /**
@@ -2005,23 +2338,28 @@ export type SqliMatchStatement = {
      * `LOW` is generally a better choice for resources that already have other protections against SQL injection attacks or that have a low tolerance for false positives.
      *
      * Default: `LOW`
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-sqlimatchstatement.html#cfn-wafv2-webacl-sqlimatchstatement-sensitivitylevel}
      */
     SensitivityLevel?: SensitivityLevel | undefined;
     /**
      * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. If you specify one or more transformations in a rule statement, AWS WAF performs all transformations on the content of the request component identified by `FieldToMatch` , starting from the lowest priority setting, before inspecting the content for a match.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-sqlimatchstatement.html#cfn-wafv2-webacl-sqlimatchstatement-texttransformations}
      */
     TextTransformations: TextTransformation[];
 };
 /**
  * The processing guidance for a rule, used by AWS WAF to determine whether a web request matches the rule.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-statement.html}
  */
 export type Statement = {
     /**
      * A logical rule statement used to combine other rule statements with AND logic. You provide more than one `Statement` within the `AndStatement` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-statement.html#cfn-wafv2-webacl-statement-andstatement}
      */
     AndStatement?: AndStatement | undefined;
     /**
      * A rule statement that defines a string match search for AWS WAF to apply to web requests. The byte match statement provides the bytes to search for, the location in requests that you want AWS WAF to search, and other settings. The bytes to search for are typically a string that corresponds with ASCII characters. In the AWS WAF console and the developer guide, this is called a string match statement.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-statement.html#cfn-wafv2-webacl-statement-bytematchstatement}
      */
     ByteMatchStatement?: ByteMatchStatement | undefined;
     /**
@@ -2037,18 +2375,21 @@ export type Statement = {
      * If you use a forwarded IP address, the label formats are `awswaf:forwardedip:geo:region:<ISO country code>-<ISO region code>` and `awswaf:forwardedip:geo:country:<ISO country code>` .
      *
      * For additional details, see [Geographic match rule statement](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-geo-match.html) in the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-statement.html#cfn-wafv2-webacl-statement-geomatchstatement}
      */
     GeoMatchStatement?: GeoMatchStatement | undefined;
     /**
      * A rule statement used to detect web requests coming from particular IP addresses or address ranges. To use this, create an `IPSet` that specifies the addresses you want to detect, then use the ARN of that set in this statement.
      *
      * Each IP set rule statement references an IP set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, AWS WAF automatically updates all rules that reference it.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-statement.html#cfn-wafv2-webacl-statement-ipsetreferencestatement}
      */
     IPSetReferenceStatement?: IPSetReferenceStatement | undefined;
     /**
      * A rule statement to match against labels that have been added to the web request by rules that have already run in the web ACL.
      *
      * The label match statement provides the label or namespace string to search for. The label string can represent a part or all of the fully qualified label name that had been added to the web request. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label. If you do not provide the fully qualified name in your label match string, AWS WAF performs the search for labels that were added in the same context as the label match statement.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-statement.html#cfn-wafv2-webacl-statement-labelmatchstatement}
      */
     LabelMatchStatement?: LabelMatchStatement | undefined;
     /**
@@ -2057,14 +2398,17 @@ export type Statement = {
      * You cannot nest a `ManagedRuleGroupStatement` , for example for use inside a `NotStatement` or `OrStatement` . It can only be referenced as a top-level statement within a rule.
      *
      * > You are charged additional fees when you use the AWS WAF Bot Control managed rule group `AWSManagedRulesBotControlRuleSet` , the AWS WAF Fraud Control account takeover prevention (ATP) managed rule group `AWSManagedRulesATPRuleSet` , or the AWS WAF Fraud Control account creation fraud prevention (ACFP) managed rule group `AWSManagedRulesACFPRuleSet` . For more information, see [AWS WAF Pricing](https://docs.aws.amazon.com/waf/pricing/) .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-statement.html#cfn-wafv2-webacl-statement-managedrulegroupstatement}
      */
     ManagedRuleGroupStatement?: ManagedRuleGroupStatement | undefined;
     /**
      * A logical rule statement used to negate the results of another rule statement. You provide one `Statement` within the `NotStatement` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-statement.html#cfn-wafv2-webacl-statement-notstatement}
      */
     NotStatement?: NotStatement | undefined;
     /**
      * A logical rule statement used to combine other rule statements with OR logic. You provide more than one `Statement` within the `OrStatement` .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-statement.html#cfn-wafv2-webacl-statement-orstatement}
      */
     OrStatement?: OrStatement | undefined;
     /**
@@ -2110,22 +2454,26 @@ export type Statement = {
      * If you only aggregate on the individual IP address or forwarded IP address, you can retrieve the list of IP addresses that AWS WAF is currently rate limiting for a rule through the API call `GetRateBasedStatementManagedKeys` . This option is not available for other aggregation configurations.
      *
      * AWS WAF tracks and manages web requests separately for each instance of a rate-based rule that you use. For example, if you provide the same rate-based rule settings in two web ACLs, each of the two rule statements represents a separate instance of the rate-based rule and gets its own tracking and management by AWS WAF . If you define a rate-based rule inside a rule group, and then use that rule group in multiple places, each use creates a separate instance of the rate-based rule that gets its own tracking and management by AWS WAF .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-statement.html#cfn-wafv2-webacl-statement-ratebasedstatement}
      */
     RateBasedStatement?: RateBasedStatement | undefined;
     /**
      * A rule statement used to search web request components for a match against a single regular expression.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-statement.html#cfn-wafv2-webacl-statement-regexmatchstatement}
      */
     RegexMatchStatement?: RegexMatchStatement | undefined;
     /**
      * A rule statement used to search web request components for matches with regular expressions. To use this, create a `RegexPatternSet` that specifies the expressions that you want to detect, then use the ARN of that set in this statement. A web request matches the pattern set rule statement if the request component matches any of the patterns in the set.
      *
      * Each regex pattern set rule statement references a regex pattern set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, AWS WAF automatically updates all rules that reference it.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-statement.html#cfn-wafv2-webacl-statement-regexpatternsetreferencestatement}
      */
     RegexPatternSetReferenceStatement?: RegexPatternSetReferenceStatement | undefined;
     /**
      * A rule statement used to run the rules that are defined in a `RuleGroup` . To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.
      *
      * You cannot nest a `RuleGroupReferenceStatement` , for example for use inside a `NotStatement` or `OrStatement` . You cannot use a rule group reference statement inside another rule group. You can only reference a rule group as a top-level statement within a rule that you define in a web ACL.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-statement.html#cfn-wafv2-webacl-statement-rulegroupreferencestatement}
      */
     RuleGroupReferenceStatement?: RuleGroupReferenceStatement | undefined;
     /**
@@ -2134,32 +2482,39 @@ export type Statement = {
      * If you configure AWS WAF to inspect the request body, AWS WAF inspects only the number of bytes in the body up to the limit for the web ACL and protected resource type. If you know that the request body for your web requests should never exceed the inspection limit, you can use a size constraint statement to block requests that have a larger request body size. For more information about the inspection limits, see `Body` and `JsonBody` settings for the `FieldToMatch` data type.
      *
      * If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI `/logo.jpg` is nine characters long.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-statement.html#cfn-wafv2-webacl-statement-sizeconstraintstatement}
      */
     SizeConstraintStatement?: SizeConstraintStatement | undefined;
     /**
      * A rule statement that inspects for malicious SQL code. Attackers insert malicious SQL code into web requests to do things like modify your database or extract data from it.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-statement.html#cfn-wafv2-webacl-statement-sqlimatchstatement}
      */
     SqliMatchStatement?: SqliMatchStatement | undefined;
     /**
      * A rule statement that inspects for cross-site scripting (XSS) attacks. In XSS attacks, the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts into other legitimate web browsers.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-statement.html#cfn-wafv2-webacl-statement-xssmatchstatement}
      */
     XssMatchStatement?: XssMatchStatement | undefined;
 };
 /**
  * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-texttransformation.html}
  */
 export type TextTransformation = {
     /**
      * Sets the relative processing order for multiple transformations. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. The priorities don't need to be consecutive, but they must all be different.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-texttransformation.html#cfn-wafv2-webacl-texttransformation-priority}
      */
     Priority: number;
     /**
      * For detailed descriptions of each of the transformation types, see [Text transformations](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-transformation.html) in the *AWS WAF Developer Guide* .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-texttransformation.html#cfn-wafv2-webacl-texttransformation-type}
      */
     Type: TextTransformationType;
 };
 /**
  * Type of text transformation.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-texttransformationtype.html}
  */
 export type TextTransformationType = "NONE" | "COMPRESS_WHITE_SPACE" | "HTML_ENTITY_DECODE" | "LOWERCASE" | "CMD_LINE" | "URL_DECODE" | "BASE64_DECODE" | "HEX_DECODE" | "MD5" | "REPLACE_COMMENTS" | "ESCAPE_SEQ_DECODE" | "SQL_HEX_DECODE" | "CSS_DECODE" | "JS_DECODE" | "NORMALIZE_PATH" | "NORMALIZE_PATH_WIN" | "REMOVE_NULLS" | "REPLACE_NULLS" | "BASE64_DECODE_EXT" | "URL_DECODE_UNI" | "UTF8_TO_UNICODE";
 /**
@@ -2168,6 +2523,7 @@ export type TextTransformationType = "NONE" | "COMPRESS_WHITE_SPACE" | "HTML_ENT
  * This is used to indicate the web request component to inspect, in the `FieldToMatch` specification.
  *
  * Example JSON: `"UriFragment": { "MatchPattern": { "All": {} }, "MatchScope": "KEY", "OversizeHandling": "MATCH" }`
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-urifragment.html}
  */
 export type UriFragment = {
     /**
@@ -2182,11 +2538,13 @@ export type UriFragment = {
      * Example JSON: `{ "UriFragment": { "FallbackBehavior": "MATCH"} }`
      *
      * > AWS WAF parsing doesn't fully validate the input JSON string, so parsing can succeed even for invalid JSON. When parsing succeeds, AWS WAF doesn't apply the fallback behavior. For more information, see [JSON body](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body) in the *AWS WAF Developer Guide* .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-urifragment.html#cfn-wafv2-webacl-urifragment-fallbackbehavior}
      */
     FallbackBehavior?: "MATCH" | "NO_MATCH" | undefined;
 };
 /**
  * Defines and enables Amazon CloudWatch metrics and web request sample collection.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-visibilityconfig.html}
  */
 export type VisibilityConfig = {
     /**
@@ -2194,12 +2552,14 @@ export type VisibilityConfig = {
      *
      * For web ACLs, the metrics are for web requests that have the web ACL default action applied. AWS WAF applies the default action to web requests that pass the inspection of all rules in the web ACL without being either allowed or blocked. For more information,
      * see [The web ACL default action](https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-default-action.html) in the *AWS WAF Developer Guide* .
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-visibilityconfig.html#cfn-wafv2-webacl-visibilityconfig-cloudwatchmetricsenabled}
      */
     CloudWatchMetricsEnabled: boolean;
     /**
      * A name of the Amazon CloudWatch metric dimension. The name can contain only the characters: A-Z, a-z, 0-9, - (hyphen), and _ (underscore). The name can be from one to 128 characters long. It can't contain whitespace or metric names that are reserved for AWS WAF , for example `All` and `Default_Action` .
      * @minLength 1
      * @maxLength 128
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-visibilityconfig.html#cfn-wafv2-webacl-visibilityconfig-metricname}
      */
     MetricName: string;
     /**
@@ -2208,19 +2568,23 @@ export type VisibilityConfig = {
      * If you configure data protection for the web ACL, the protection applies to the web ACL's sampled web request data.
      *
      * > Request sampling doesn't provide a field redaction option, and any field redaction that you specify in your logging configuration doesn't affect sampling. You can only exclude fields from request sampling by disabling sampling in the web ACL visibility configuration or by configuring data protection for the web ACL.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-visibilityconfig.html#cfn-wafv2-webacl-visibilityconfig-sampledrequestsenabled}
      */
     SampledRequestsEnabled: boolean;
 };
 /**
  * A rule statement that inspects for cross-site scripting (XSS) attacks. In XSS attacks, the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts into other legitimate web browsers.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-xssmatchstatement.html}
  */
 export type XssMatchStatement = {
     /**
      * The part of the web request that you want AWS WAF to inspect.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-xssmatchstatement.html#cfn-wafv2-webacl-xssmatchstatement-fieldtomatch}
      */
     FieldToMatch: FieldToMatch;
     /**
      * Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. If you specify one or more transformations in a rule statement, AWS WAF performs all transformations on the content of the request component identified by `FieldToMatch` , starting from the lowest priority setting, before inspecting the content for a match.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-xssmatchstatement.html#cfn-wafv2-webacl-xssmatchstatement-texttransformations}
      */
     TextTransformations: TextTransformation[];
 };