@propulsionworks/cloudformation 0.1.11 → 0.1.12

package/out/exports/resources.generated/aws-wafv2-webacl.d.ts

@@ -98,9 +98,10 @@ export type WAFv2WebACLProps = {
      */
     Name?: string | undefined;
     /**
+     * Configures the level of DDoS protection that applies to web ACLs associated with Application Load Balancers.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#cfn-wafv2-webacl-onsourceddosprotectionconfig}
      */
-    OnSourceDDoSProtectionConfig?: unknown;
+    OnSourceDDoSProtectionConfig?: OnSourceDDoSProtectionConfig | undefined;
     /**
      * The rule statements used to identify the web requests that you want to manage. Each rule includes one top-level statement that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#cfn-wafv2-webacl-rules}
@@ -167,6 +168,8 @@ export type WAFv2WebACLAttribs = {
 };
 /**
  * Details for your use of the account creation fraud prevention managed rule group, `AWSManagedRulesACFPRuleSet` . This configuration is used in `ManagedRuleGroupConfig` .
+ *
+ * For additional information about this and the other intelligent threat mitigation rule groups, see [Intelligent threat mitigation in AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-protections) and [AWS Managed Rules rule groups list](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list) in the *AWS WAF Developer Guide* .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesacfpruleset.html}
  */
 export type AWSManagedRulesACFPRuleSet = {
@@ -208,6 +211,8 @@ export type AWSManagedRulesACFPRuleSet = {
 };
 /**
  * Details for your use of the account takeover prevention managed rule group, `AWSManagedRulesATPRuleSet` . This configuration is used in `ManagedRuleGroupConfig` .
+ *
+ * For additional information about this and the other intelligent threat mitigation rule groups, see [Intelligent threat mitigation in AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-protections) and [AWS Managed Rules rule groups list](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list) in the *AWS WAF Developer Guide* .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesatpruleset.html}
  */
 export type AWSManagedRulesATPRuleSet = {
@@ -238,8 +243,25 @@ export type AWSManagedRulesATPRuleSet = {
      */
     ResponseInspection?: ResponseInspection | undefined;
 };
+/**
+ * Configures how to use the AntiDDOS AWS managed rule group in the web ACL
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesantiddosruleset.html}
+ */
+export type AWSManagedRulesAntiDDoSRuleSet = {
+    /**
+     * Client side action config for AntiDDOS AMR.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesantiddosruleset.html#cfn-wafv2-webacl-awsmanagedrulesantiddosruleset-clientsideactionconfig}
+     */
+    ClientSideActionConfig: ClientSideActionConfig;
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesantiddosruleset.html#cfn-wafv2-webacl-awsmanagedrulesantiddosruleset-sensitivitytoblock}
+     */
+    SensitivityToBlock?: SensitivityToAct | undefined;
+};
 /**
  * Details for your use of the Bot Control managed rule group, `AWSManagedRulesBotControlRuleSet` . This configuration is used in `ManagedRuleGroupConfig` .
+ *
+ * For additional information about this and the other intelligent threat mitigation rule groups, see [Intelligent threat mitigation in AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-protections) and [AWS Managed Rules rule groups list](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list) in the *AWS WAF Developer Guide* .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesbotcontrolruleset.html}
  */
 export type AWSManagedRulesBotControlRuleSet = {
@@ -287,6 +309,19 @@ export type AndStatement = {
      */
     Statements: Statement[];
 };
+/**
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-asnmatchstatement.html}
+ */
+export type AsnMatchStatement = {
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-asnmatchstatement.html#cfn-wafv2-webacl-asnmatchstatement-asnlist}
+     */
+    AsnList?: number[] | undefined;
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-asnmatchstatement.html#cfn-wafv2-webacl-asnmatchstatement-forwardedipconfig}
+     */
+    ForwardedIPConfig?: ForwardedIPConfiguration | undefined;
+};
 /**
  * Specifies custom configurations for the associations between the web ACL and protected resources.
  *
@@ -501,6 +536,35 @@ export type ChallengeConfig = {
      */
     ImmunityTimeProperty?: ImmunityTimeProperty | undefined;
 };
+/**
+ * Client side action config for AntiDDOS AMR.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-clientsideaction.html}
+ */
+export type ClientSideAction = {
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-clientsideaction.html#cfn-wafv2-webacl-clientsideaction-exempturiregularexpressions}
+     */
+    ExemptUriRegularExpressions?: Regex[] | undefined;
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-clientsideaction.html#cfn-wafv2-webacl-clientsideaction-sensitivity}
+     */
+    Sensitivity?: SensitivityToAct | undefined;
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-clientsideaction.html#cfn-wafv2-webacl-clientsideaction-usageofaction}
+     */
+    UsageOfAction: UsageOfAction;
+};
+/**
+ * Client side action config for AntiDDOS AMR.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-clientsideactionconfig.html}
+ */
+export type ClientSideActionConfig = {
+    /**
+     * Client side action config for AntiDDOS AMR.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-clientsideactionconfig.html#cfn-wafv2-webacl-clientsideactionconfig-challenge}
+     */
+    Challenge: ClientSideAction;
+};
 /**
  * The filter to use to identify the subset of cookies to inspect in a web request.
  *
@@ -906,7 +970,7 @@ export type FieldToProtect = {
  *
  * > If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at all.
  *
- * This configuration is used for `GeoMatchStatement` and `RateBasedStatement` . For `IPSetReferenceStatement` , use `IPSetForwardedIPConfig` instead.
+ * This configuration is used for `GeoMatchStatement` , `AsnMatchStatement` , and `RateBasedStatement` . For `IPSetReferenceStatement` , use `IPSetForwardedIPConfig` instead.
  *
  * AWS WAF only evaluates the first IP address found in the specified HTTP header.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-forwardedipconfiguration.html}
@@ -1302,6 +1366,11 @@ export type ManagedRuleGroupConfig = {
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupconfig.html#cfn-wafv2-webacl-managedrulegroupconfig-awsmanagedrulesatpruleset}
      */
     AWSManagedRulesATPRuleSet?: AWSManagedRulesATPRuleSet | undefined;
+    /**
+     * Configures how to use the AntiDDOS AWS managed rule group in the web ACL
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupconfig.html#cfn-wafv2-webacl-managedrulegroupconfig-awsmanagedrulesantiddosruleset}
+     */
+    AWSManagedRulesAntiDDoSRuleSet?: AWSManagedRulesAntiDDoSRuleSet | undefined;
     /**
      * Additional configuration for using the Bot Control managed rule group. Use this to specify the inspection level that you want to use. For information about using the Bot Control managed rule group, see [AWS WAF Bot Control rule group](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html) and [AWS WAF Bot Control](https://docs.aws.amazon.com/waf/latest/developerguide/waf-bot-control.html) in the *AWS WAF Developer Guide* .
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupconfig.html#cfn-wafv2-webacl-managedrulegroupconfig-awsmanagedrulesbotcontrolruleset}
@@ -1353,6 +1422,7 @@ export type ManagedRuleGroupStatement = {
      * The rule groups used for intelligent threat mitigation require additional configuration:
      *
      * - Use the `AWSManagedRulesACFPRuleSet` configuration object to configure the account creation fraud prevention managed rule group. The configuration includes the registration and sign-up pages of your application and the locations in the account creation request payload of data, such as the user email and phone number fields.
+     * - Use the `AWSManagedRulesAntiDDoSRuleSet` configuration object to configure the anti-DDoS managed rule group. The configuration includes the sensitivity levels to use in the rules that typically block and challenge requests that might be participating in DDoS attacks and the specification to use to indicate whether a request can handle a silent browser challenge.
      * - Use the `AWSManagedRulesATPRuleSet` configuration object to configure the account takeover prevention managed rule group. The configuration includes the sign-in page of your application and the locations in the login request payload of data such as the username and password.
      * - Use the `AWSManagedRulesBotControlRuleSet` configuration object to configure the protection level that you want the Bot Control rule group to use.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-managedrulegroupconfigs}
@@ -1366,7 +1436,7 @@ export type ManagedRuleGroupStatement = {
     /**
      * Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change.
      *
-     * > Take care to verify the rule names in your overrides. If you provide a rule name that doesn't match the name of any rule in the rule group, AWS WAF doesn't return an error and doesn't apply the override setting.
+     * > Verify the rule names in your overrides carefully. With managed rule groups, AWS WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
      *
      * You can use overrides for testing, for example you can override all of rule actions to `Count` and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupstatement.html#cfn-wafv2-webacl-managedrulegroupstatement-ruleactionoverrides}
@@ -1407,6 +1477,16 @@ export type NotStatement = {
      */
     Statement: Statement;
 };
+/**
+ * Configures the options for on-source DDoS protection provided by supported resource type.
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-onsourceddosprotectionconfig.html}
+ */
+export type OnSourceDDoSProtectionConfig = {
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-onsourceddosprotectionconfig.html#cfn-wafv2-webacl-onsourceddosprotectionconfig-alblowreputationmode}
+     */
+    ALBLowReputationMode: "ACTIVE_UNDER_DDOS" | "ALWAYS_ON";
+};
 /**
  * A logical rule statement used to combine other rule statements with OR logic. You provide more than one `Statement` within the `OrStatement` .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-orstatement.html}
@@ -1566,6 +1646,11 @@ export type RateBasedStatement = {
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatementcustomkey.html}
  */
 export type RateBasedStatementCustomKey = {
+    /**
+     * Specifies the request's ASN as an aggregate key for a rate-based rule.
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatementcustomkey.html#cfn-wafv2-webacl-ratebasedstatementcustomkey-asn}
+     */
+    ASN?: Record<string, unknown> | undefined;
     /**
      * Use the value of a cookie in the request as an aggregate key. Each distinct value in the cookie contributes to the aggregation instance. If you use a single cookie as your custom key, then each value fully defines an aggregation instance.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatementcustomkey.html#cfn-wafv2-webacl-ratebasedstatementcustomkey-cookie}
@@ -1759,6 +1844,16 @@ export type RateLimitUriPath = {
      */
     TextTransformations: TextTransformation[];
 };
+/**
+ * Regex
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-regex.html}
+ */
+export type Regex = {
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-regex.html#cfn-wafv2-webacl-regex-regexstring}
+     */
+    RegexString?: string | undefined;
+};
 /**
  * A rule statement used to search web request components for a match against a single regular expression.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-regexmatchstatement.html}
@@ -2271,7 +2366,7 @@ export type RuleGroupReferenceStatement = {
     /**
      * Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change.
      *
-     * > Take care to verify the rule names in your overrides. If you provide a rule name that doesn't match the name of any rule in the rule group, AWS WAF doesn't return an error and doesn't apply the override setting.
+     * > Verify the rule names in your overrides carefully. With managed rule groups, AWS WAF silently ignores any override that uses an invalid rule name. With customer-owned rule groups, invalid rule names in your overrides will cause web ACL updates to fail. An invalid rule name is any name that doesn't exactly match the case-sensitive name of an existing rule in the rule group.
      *
      * You can use overrides for testing, for example you can override all of rule actions to `Count` and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-rulegroupreferencestatement.html#cfn-wafv2-webacl-rulegroupreferencestatement-ruleactionoverrides}
@@ -2288,6 +2383,10 @@ export type Scope = "CLOUDFRONT" | "REGIONAL";
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-sensitivitylevel.html}
  */
 export type SensitivityLevel = "LOW" | "HIGH";
+/**
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-sensitivitytoact.html}
+ */
+export type SensitivityToAct = "LOW" | "MEDIUM" | "HIGH";
 /**
  * A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.
  *
@@ -2361,6 +2460,10 @@ export type Statement = {
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-statement.html#cfn-wafv2-webacl-statement-andstatement}
      */
     AndStatement?: AndStatement | undefined;
+    /**
+     * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-statement.html#cfn-wafv2-webacl-statement-asnmatchstatement}
+     */
+    AsnMatchStatement?: AsnMatchStatement | undefined;
     /**
      * A rule statement that defines a string match search for AWS WAF to apply to web requests. The byte match statement provides the bytes to search for, the location in requests that you want AWS WAF to search, and other settings. The bytes to search for are typically a string that corresponds with ASCII characters. In the AWS WAF console and the developer guide, this is called a string match statement.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-statement.html#cfn-wafv2-webacl-statement-bytematchstatement}
@@ -2546,6 +2649,10 @@ export type UriFragment = {
      */
     FallbackBehavior?: "MATCH" | "NO_MATCH" | undefined;
 };
+/**
+ * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-usageofaction.html}
+ */
+export type UsageOfAction = "ENABLED" | "DISABLED";
 /**
  * Defines and enables Amazon CloudWatch metrics and web request sample collection.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-visibilityconfig.html}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@propulsionworks/cloudformation",
-  "version": "0.1.11",
+  "version": "0.1.12",
   "author": {
     "name": "Gordon Leigh"
   },