npm - @propulsionworks/cloudformation - Versions diffs - 0.1.12 → 0.1.13 - Mend

@propulsionworks/cloudformation 0.1.12 → 0.1.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

package/out/exports/resources.generated/aws-wafv2-webacl.d.ts CHANGED Viewed

@@ -244,16 +244,29 @@ export type AWSManagedRulesATPRuleSet = {
     ResponseInspection?: ResponseInspection | undefined;
 };
 /**
- * Configures how to use the AntiDDOS AWS managed rule group in the web ACL
+ * Configures the use of the anti-DDoS managed rule group, `AWSManagedRulesAntiDDoSRuleSet` . This configuration is used in `ManagedRuleGroupConfig` .
+ *
+ * The configuration that you provide here determines whether and how the rules in the rule group are used.
+ *
+ * For additional information about this and the other intelligent threat mitigation rule groups, see [Intelligent threat mitigation in AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-protections) and [AWS Managed Rules rule groups list](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list) in the *AWS WAF Developer Guide* .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesantiddosruleset.html}
  */
 export type AWSManagedRulesAntiDDoSRuleSet = {
     /**
-     * Client side action config for AntiDDOS AMR.
+     * Configures the request handling that's applied by the managed rule group rules `ChallengeAllDuringEvent` and `ChallengeDDoSRequests` during a distributed denial of service (DDoS) attack.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesantiddosruleset.html#cfn-wafv2-webacl-awsmanagedrulesantiddosruleset-clientsideactionconfig}
      */
     ClientSideActionConfig: ClientSideActionConfig;
     /**
+     * The sensitivity that the rule group rule `DDoSRequests` uses when matching against the DDoS suspicion labeling on a request. The managed rule group adds the labeling during DDoS events, before the `DDoSRequests` rule runs.
+     *
+     * The higher the sensitivity, the more levels of labeling that the rule matches:
+     *
+     * - Low sensitivity is less sensitive, causing the rule to match only on the most likely participants in an attack, which are the requests with the high suspicion label `awswaf:managed:aws:anti-ddos:high-suspicion-ddos-request` .
+     * - Medium sensitivity causes the rule to match on the medium and high suspicion labels.
+     * - High sensitivity causes the rule to match on all of the suspicion labels: low, medium, and high.
+     *
+     * Default: `LOW`
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-awsmanagedrulesantiddosruleset.html#cfn-wafv2-webacl-awsmanagedrulesantiddosruleset-sensitivitytoblock}
      */
     SensitivityToBlock?: SensitivityToAct | undefined;
@@ -310,14 +323,19 @@ export type AndStatement = {
     Statements: Statement[];
 };
 /**
+ * A rule statement that inspects web traffic based on the Autonomous System Number (ASN) associated with the request's IP address.
+ *
+ * For additional details, see [ASN match rule statement](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-asn-match.html) in the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-asnmatchstatement.html}
  */
 export type AsnMatchStatement = {
     /**
+     * Contains one or more Autonomous System Numbers (ASNs). ASNs are unique identifiers assigned to large internet networks managed by organizations such as internet service providers, enterprises, universities, or government agencies.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-asnmatchstatement.html#cfn-wafv2-webacl-asnmatchstatement-asnlist}
      */
     AsnList?: number[] | undefined;
     /**
+     * The configuration for inspecting IP addresses to match against an ASN in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-asnmatchstatement.html#cfn-wafv2-webacl-asnmatchstatement-forwardedipconfig}
      */
     ForwardedIPConfig?: ForwardedIPConfiguration | undefined;
@@ -537,30 +555,69 @@ export type ChallengeConfig = {
     ImmunityTimeProperty?: ImmunityTimeProperty | undefined;
 };
 /**
- * Client side action config for AntiDDOS AMR.
+ * This is part of the `AWSManagedRulesAntiDDoSRuleSet` `ClientSideActionConfig` configuration in `ManagedRuleGroupConfig` .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-clientsideaction.html}
  */
 export type ClientSideAction = {
     /**
+     * The regular expression to match against the web request URI, used to identify requests that can't handle a silent browser challenge. When the `ClientSideAction` setting `UsageOfAction` is enabled, the managed rule group uses this setting to determine which requests to label with `awswaf:managed:aws:anti-ddos:challengeable-request` . If `UsageOfAction` is disabled, this setting has no effect and the managed rule group doesn't add the label to any requests.
+     *
+     * The anti-DDoS managed rule group doesn't evaluate the rules `ChallengeDDoSRequests` or `ChallengeAllDuringEvent` for web requests whose URIs match this regex. This is true regardless of whether you override the rule action for either of the rules in your web ACL configuration.
+     *
+     * AWS recommends using a regular expression.
+     *
+     * This setting is required if `UsageOfAction` is set to `ENABLED` . If required, you can provide between 1 and 5 regex objects in the array of settings.
+     *
+     * AWS recommends starting with the following setting. Review and update it for your application's needs:
+     *
+     * `\/api\/|\.(acc|avi|css|gif|jpe?g|js|mp[34]|ogg|otf|pdf|png|tiff?|ttf|webm|webp|woff2?)$`
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-clientsideaction.html#cfn-wafv2-webacl-clientsideaction-exempturiregularexpressions}
      */
     ExemptUriRegularExpressions?: Regex[] | undefined;
     /**
+     * The sensitivity that the rule group rule `ChallengeDDoSRequests` uses when matching against the DDoS suspicion labeling on a request. The managed rule group adds the labeling during DDoS events, before the `ChallengeDDoSRequests` rule runs.
+     *
+     * The higher the sensitivity, the more levels of labeling that the rule matches:
+     *
+     * - Low sensitivity is less sensitive, causing the rule to match only on the most likely participants in an attack, which are the requests with the high suspicion label `awswaf:managed:aws:anti-ddos:high-suspicion-ddos-request` .
+     * - Medium sensitivity causes the rule to match on the medium and high suspicion labels.
+     * - High sensitivity causes the rule to match on all of the suspicion labels: low, medium, and high.
+     *
+     * Default: `HIGH`
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-clientsideaction.html#cfn-wafv2-webacl-clientsideaction-sensitivity}
      */
     Sensitivity?: SensitivityToAct | undefined;
     /**
+     * Determines whether to use the `AWSManagedRulesAntiDDoSRuleSet` rules `ChallengeAllDuringEvent` and `ChallengeDDoSRequests` in the rule group evaluation and the related label `awswaf:managed:aws:anti-ddos:challengeable-request` .
+     *
+     * - If usage is enabled:
+     *
+     * - The managed rule group adds the label `awswaf:managed:aws:anti-ddos:challengeable-request` to any web request whose URL does *NOT* match the regular expressions provided in the `ClientSideAction` setting `ExemptUriRegularExpressions` .
+     * - The two rules are evaluated against web requests for protected resources that are experiencing a DDoS attack. The two rules only apply their action to matching requests that have the label `awswaf:managed:aws:anti-ddos:challengeable-request` .
+     * - If usage is disabled:
+     *
+     * - The managed rule group doesn't add the label `awswaf:managed:aws:anti-ddos:challengeable-request` to any web requests.
+     * - The two rules are not evaluated.
+     * - None of the other `ClientSideAction` settings have any effect.
+     *
+     * > This setting only enables or disables the use of the two anti-DDOS rules `ChallengeAllDuringEvent` and `ChallengeDDoSRequests` in the anti-DDoS managed rule group.
+     * >
+     * > This setting doesn't alter the action setting in the two rules. To override the actions used by the rules `ChallengeAllDuringEvent` and `ChallengeDDoSRequests` , enable this setting, and then override the rule actions in the usual way, in your managed rule group configuration.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-clientsideaction.html#cfn-wafv2-webacl-clientsideaction-usageofaction}
      */
     UsageOfAction: UsageOfAction;
 };
 /**
- * Client side action config for AntiDDOS AMR.
+ * This is part of the configuration for the managed rules `AWSManagedRulesAntiDDoSRuleSet` in `ManagedRuleGroupConfig` .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-clientsideactionconfig.html}
  */
 export type ClientSideActionConfig = {
     /**
-     * Client side action config for AntiDDOS AMR.
+     * Configuration for the use of the `AWSManagedRulesAntiDDoSRuleSet` rules `ChallengeAllDuringEvent` and `ChallengeDDoSRequests` .
+     *
+     * > This setting isn't related to the configuration of the `Challenge` action itself. It only configures the use of the two anti-DDoS rules named here.
+     *
+     * You can enable or disable the use of these rules, and you can configure how to use them when they are enabled.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-clientsideactionconfig.html#cfn-wafv2-webacl-clientsideactionconfig-challenge}
      */
     Challenge: ClientSideAction;
@@ -1367,7 +1424,9 @@ export type ManagedRuleGroupConfig = {
      */
     AWSManagedRulesATPRuleSet?: AWSManagedRulesATPRuleSet | undefined;
     /**
-     * Configures how to use the AntiDDOS AWS managed rule group in the web ACL
+     * Additional configuration for using the anti-DDoS managed rule group, `AWSManagedRulesAntiDDoSRuleSet` . Use this to configure anti-DDoS behavior for the rule group.
+     *
+     * For information about using the anti-DDoS managed rule group, see [AWS WAF Anti-DDoS rule group](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-anti-ddos.html) and [Distributed Denial of Service (DDoS) prevention](https://docs.aws.amazon.com/waf/latest/developerguide/waf-anti-ddos.html) in the *AWS WAF Developer Guide* .
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-managedrulegroupconfig.html#cfn-wafv2-webacl-managedrulegroupconfig-awsmanagedrulesantiddosruleset}
      */
     AWSManagedRulesAntiDDoSRuleSet?: AWSManagedRulesAntiDDoSRuleSet | undefined;
@@ -1478,11 +1537,12 @@ export type NotStatement = {
     Statement: Statement;
 };
 /**
- * Configures the options for on-source DDoS protection provided by supported resource type.
+ * Configures the level of DDoS protection that applies to web ACLs associated with Application Load Balancers.
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-onsourceddosprotectionconfig.html}
  */
 export type OnSourceDDoSProtectionConfig = {
     /**
+     * The level of DDoS protection that applies to web ACLs associated with Application Load Balancers. `ACTIVE_UNDER_DDOS` protection is enabled by default whenever a web ACL is associated with an Application Load Balancer. In the event that an Application Load Balancer experiences high-load conditions or suspected DDoS attacks, the `ACTIVE_UNDER_DDOS` protection automatically rate limits traffic from known low reputation sources without disrupting Application Load Balancer availability. `ALWAYS_ON` protection provides constant, always-on monitoring of known low reputation sources for suspected DDoS attacks. While this provides a higher level of protection, there may be potential impacts on legitimate traffic.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-onsourceddosprotectionconfig.html#cfn-wafv2-webacl-onsourceddosprotectionconfig-alblowreputationmode}
      */
     ALBLowReputationMode: "ACTIVE_UNDER_DDOS" | "ALWAYS_ON";
@@ -1647,7 +1707,7 @@ export type RateBasedStatement = {
  */
 export type RateBasedStatementCustomKey = {
     /**
-     * Specifies the request's ASN as an aggregate key for a rate-based rule.
+     * Use an Autonomous System Number (ASN) derived from the request's originating or forwarded IP address as an aggregate key. Each distinct ASN contributes to the aggregation instance.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatementcustomkey.html#cfn-wafv2-webacl-ratebasedstatementcustomkey-asn}
      */
     ASN?: Record<string, unknown> | undefined;
@@ -1845,11 +1905,12 @@ export type RateLimitUriPath = {
     TextTransformations: TextTransformation[];
 };
 /**
- * Regex
+ * A single regular expression. This is used in a `RegexPatternSet` and also in the configuration for the AWS Managed Rules rule group `AWSManagedRulesAntiDDoSRuleSet` .
  * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-regex.html}
  */
 export type Regex = {
     /**
+     * The string representing the regular expression.
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-regex.html#cfn-wafv2-webacl-regex-regexstring}
      */
     RegexString?: string | undefined;
@@ -2461,6 +2522,9 @@ export type Statement = {
      */
     AndStatement?: AndStatement | undefined;
     /**
+     * A rule statement that inspects web traffic based on the Autonomous System Number (ASN) associated with the request's IP address.
+     *
+     * For additional details, see [ASN match rule statement](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-asn-match.html) in the [AWS WAF Developer Guide](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) .
      * @see {@link https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-statement.html#cfn-wafv2-webacl-statement-asnmatchstatement}
      */
     AsnMatchStatement?: AsnMatchStatement | undefined;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@propulsionworks/cloudformation",
-  "version": "0.1.12",
+  "version": "0.1.13",
   "author": {
     "name": "Gordon Leigh"
   },