cdk-comprehend-s3olap 2.0.122 → 2.0.123
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.jsii +3 -3
- package/lib/cdk-comprehend-s3olap.js +2 -2
- package/lib/comprehend-lambdas.js +2 -2
- package/lib/iam-roles.js +4 -4
- package/node_modules/aws-sdk/CHANGELOG.md +17 -1
- package/node_modules/aws-sdk/README.md +1 -1
- package/node_modules/aws-sdk/apis/ecr-public-2020-10-30.min.json +8 -8
- package/node_modules/aws-sdk/apis/emr-serverless-2021-07-13.min.json +3 -0
- package/node_modules/aws-sdk/apis/eventbridge-2015-10-07.min.json +18 -6
- package/node_modules/aws-sdk/apis/iot-data-2015-05-28.min.json +3 -0
- package/node_modules/aws-sdk/apis/wafv2-2019-07-29.min.json +55 -28
- package/node_modules/aws-sdk/clients/ecrpublic.d.ts +2 -2
- package/node_modules/aws-sdk/clients/emrserverless.d.ts +7 -3
- package/node_modules/aws-sdk/clients/eventbridge.d.ts +3 -1
- package/node_modules/aws-sdk/clients/iotdata.d.ts +5 -0
- package/node_modules/aws-sdk/clients/wafv2.d.ts +89 -62
- package/node_modules/aws-sdk/dist/aws-sdk-core-react-native.js +1 -1
- package/node_modules/aws-sdk/dist/aws-sdk-react-native.js +6 -6
- package/node_modules/aws-sdk/dist/aws-sdk.js +6 -3
- package/node_modules/aws-sdk/dist/aws-sdk.min.js +10 -10
- package/node_modules/aws-sdk/lib/core.js +1 -1
- package/node_modules/aws-sdk/package.json +1 -1
- package/package.json +2 -2
|
@@ -12,19 +12,19 @@ declare class WAFV2 extends Service {
|
|
|
12
12
|
constructor(options?: WAFV2.Types.ClientConfiguration)
|
|
13
13
|
config: Config & WAFV2.Types.ClientConfiguration;
|
|
14
14
|
/**
|
|
15
|
-
* Associates a web ACL with a regional application resource, to protect the resource. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
15
|
+
* Associates a web ACL with a regional application resource, to protect the resource. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To associate a web ACL, in the CloudFront call UpdateDistribution, set the web ACL ID to the Amazon Resource Name (ARN) of the web ACL. For information, see UpdateDistribution in the Amazon CloudFront Developer Guide. When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.
|
|
16
16
|
*/
|
|
17
17
|
associateWebACL(params: WAFV2.Types.AssociateWebACLRequest, callback?: (err: AWSError, data: WAFV2.Types.AssociateWebACLResponse) => void): Request<WAFV2.Types.AssociateWebACLResponse, AWSError>;
|
|
18
18
|
/**
|
|
19
|
-
* Associates a web ACL with a regional application resource, to protect the resource. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
19
|
+
* Associates a web ACL with a regional application resource, to protect the resource. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To associate a web ACL, in the CloudFront call UpdateDistribution, set the web ACL ID to the Amazon Resource Name (ARN) of the web ACL. For information, see UpdateDistribution in the Amazon CloudFront Developer Guide. When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.
|
|
20
20
|
*/
|
|
21
21
|
associateWebACL(callback?: (err: AWSError, data: WAFV2.Types.AssociateWebACLResponse) => void): Request<WAFV2.Types.AssociateWebACLResponse, AWSError>;
|
|
22
22
|
/**
|
|
23
|
-
* Returns the web ACL capacity unit (WCU) requirements for a specified scope and set of rules. You can use this to check the capacity requirements for the rules you want to use in a RuleGroup or WebACL. WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group.
|
|
23
|
+
* Returns the web ACL capacity unit (WCU) requirements for a specified scope and set of rules. You can use this to check the capacity requirements for the rules you want to use in a RuleGroup or WebACL. WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. For more information, see WAF web ACL capacity units (WCU) in the WAF Developer Guide.
|
|
24
24
|
*/
|
|
25
25
|
checkCapacity(params: WAFV2.Types.CheckCapacityRequest, callback?: (err: AWSError, data: WAFV2.Types.CheckCapacityResponse) => void): Request<WAFV2.Types.CheckCapacityResponse, AWSError>;
|
|
26
26
|
/**
|
|
27
|
-
* Returns the web ACL capacity unit (WCU) requirements for a specified scope and set of rules. You can use this to check the capacity requirements for the rules you want to use in a RuleGroup or WebACL. WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group.
|
|
27
|
+
* Returns the web ACL capacity unit (WCU) requirements for a specified scope and set of rules. You can use this to check the capacity requirements for the rules you want to use in a RuleGroup or WebACL. WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. For more information, see WAF web ACL capacity units (WCU) in the WAF Developer Guide.
|
|
28
28
|
*/
|
|
29
29
|
checkCapacity(callback?: (err: AWSError, data: WAFV2.Types.CheckCapacityResponse) => void): Request<WAFV2.Types.CheckCapacityResponse, AWSError>;
|
|
30
30
|
/**
|
|
@@ -52,11 +52,11 @@ declare class WAFV2 extends Service {
|
|
|
52
52
|
*/
|
|
53
53
|
createRuleGroup(callback?: (err: AWSError, data: WAFV2.Types.CreateRuleGroupResponse) => void): Request<WAFV2.Types.CreateRuleGroupResponse, AWSError>;
|
|
54
54
|
/**
|
|
55
|
-
* Creates a WebACL per the specifications provided. A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.
|
|
55
|
+
* Creates a WebACL per the specifications provided. A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.
|
|
56
56
|
*/
|
|
57
57
|
createWebACL(params: WAFV2.Types.CreateWebACLRequest, callback?: (err: AWSError, data: WAFV2.Types.CreateWebACLResponse) => void): Request<WAFV2.Types.CreateWebACLResponse, AWSError>;
|
|
58
58
|
/**
|
|
59
|
-
* Creates a WebACL per the specifications provided. A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.
|
|
59
|
+
* Creates a WebACL per the specifications provided. A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.
|
|
60
60
|
*/
|
|
61
61
|
createWebACL(callback?: (err: AWSError, data: WAFV2.Types.CreateWebACLResponse) => void): Request<WAFV2.Types.CreateWebACLResponse, AWSError>;
|
|
62
62
|
/**
|
|
@@ -108,11 +108,11 @@ declare class WAFV2 extends Service {
|
|
|
108
108
|
*/
|
|
109
109
|
deleteRuleGroup(callback?: (err: AWSError, data: WAFV2.Types.DeleteRuleGroupResponse) => void): Request<WAFV2.Types.DeleteRuleGroupResponse, AWSError>;
|
|
110
110
|
/**
|
|
111
|
-
* Deletes the specified WebACL. You can only use this if ManagedByFirewallManager is false in the specified WebACL. Before deleting any web ACL, first disassociate it from all resources. To retrieve a list of the resources that are associated with a web ACL, use the following calls: For regional resources, call ListResourcesForWebACL. For Amazon CloudFront distributions, use the CloudFront call ListDistributionsByWebACLId. For information, see ListDistributionsByWebACLId.
|
|
111
|
+
* Deletes the specified WebACL. You can only use this if ManagedByFirewallManager is false in the specified WebACL. Before deleting any web ACL, first disassociate it from all resources. To retrieve a list of the resources that are associated with a web ACL, use the following calls: For regional resources, call ListResourcesForWebACL. For Amazon CloudFront distributions, use the CloudFront call ListDistributionsByWebACLId. For information, see ListDistributionsByWebACLId in the Amazon CloudFront API Reference. To disassociate a resource from a web ACL, use the following calls: For regional resources, call DisassociateWebACL. For Amazon CloudFront distributions, provide an empty web ACL ID in the CloudFront call UpdateDistribution. For information, see UpdateDistribution in the Amazon CloudFront API Reference.
|
|
112
112
|
*/
|
|
113
113
|
deleteWebACL(params: WAFV2.Types.DeleteWebACLRequest, callback?: (err: AWSError, data: WAFV2.Types.DeleteWebACLResponse) => void): Request<WAFV2.Types.DeleteWebACLResponse, AWSError>;
|
|
114
114
|
/**
|
|
115
|
-
* Deletes the specified WebACL. You can only use this if ManagedByFirewallManager is false in the specified WebACL. Before deleting any web ACL, first disassociate it from all resources. To retrieve a list of the resources that are associated with a web ACL, use the following calls: For regional resources, call ListResourcesForWebACL. For Amazon CloudFront distributions, use the CloudFront call ListDistributionsByWebACLId. For information, see ListDistributionsByWebACLId.
|
|
115
|
+
* Deletes the specified WebACL. You can only use this if ManagedByFirewallManager is false in the specified WebACL. Before deleting any web ACL, first disassociate it from all resources. To retrieve a list of the resources that are associated with a web ACL, use the following calls: For regional resources, call ListResourcesForWebACL. For Amazon CloudFront distributions, use the CloudFront call ListDistributionsByWebACLId. For information, see ListDistributionsByWebACLId in the Amazon CloudFront API Reference. To disassociate a resource from a web ACL, use the following calls: For regional resources, call DisassociateWebACL. For Amazon CloudFront distributions, provide an empty web ACL ID in the CloudFront call UpdateDistribution. For information, see UpdateDistribution in the Amazon CloudFront API Reference.
|
|
116
116
|
*/
|
|
117
117
|
deleteWebACL(callback?: (err: AWSError, data: WAFV2.Types.DeleteWebACLResponse) => void): Request<WAFV2.Types.DeleteWebACLResponse, AWSError>;
|
|
118
118
|
/**
|
|
@@ -124,11 +124,11 @@ declare class WAFV2 extends Service {
|
|
|
124
124
|
*/
|
|
125
125
|
describeManagedRuleGroup(callback?: (err: AWSError, data: WAFV2.Types.DescribeManagedRuleGroupResponse) => void): Request<WAFV2.Types.DescribeManagedRuleGroupResponse, AWSError>;
|
|
126
126
|
/**
|
|
127
|
-
* Disassociates the specified regional application resource from any existing web ACL association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
127
|
+
* Disassociates the specified regional application resource from any existing web ACL association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To disassociate a web ACL, provide an empty web ACL ID in the CloudFront call UpdateDistribution. For information, see UpdateDistribution in the Amazon CloudFront API Reference.
|
|
128
128
|
*/
|
|
129
129
|
disassociateWebACL(params: WAFV2.Types.DisassociateWebACLRequest, callback?: (err: AWSError, data: WAFV2.Types.DisassociateWebACLResponse) => void): Request<WAFV2.Types.DisassociateWebACLResponse, AWSError>;
|
|
130
130
|
/**
|
|
131
|
-
* Disassociates the specified regional application resource from any existing web ACL association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
131
|
+
* Disassociates the specified regional application resource from any existing web ACL association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To disassociate a web ACL, provide an empty web ACL ID in the CloudFront call UpdateDistribution. For information, see UpdateDistribution in the Amazon CloudFront API Reference.
|
|
132
132
|
*/
|
|
133
133
|
disassociateWebACL(callback?: (err: AWSError, data: WAFV2.Types.DisassociateWebACLResponse) => void): Request<WAFV2.Types.DisassociateWebACLResponse, AWSError>;
|
|
134
134
|
/**
|
|
@@ -388,11 +388,11 @@ declare class WAFV2 extends Service {
|
|
|
388
388
|
*/
|
|
389
389
|
updateRuleGroup(callback?: (err: AWSError, data: WAFV2.Types.UpdateRuleGroupResponse) => void): Request<WAFV2.Types.UpdateRuleGroupResponse, AWSError>;
|
|
390
390
|
/**
|
|
391
|
-
* Updates the specified WebACL. While updating a web ACL, WAF provides continuous coverage to the resources that you have associated with the web ACL. This operation completely replaces the mutable specifications that you already have for the web ACL with the ones that you provide to this call. To modify a web ACL, do the following: Retrieve it by calling GetWebACL Update its settings as needed Provide the complete web ACL specification to this call When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds. A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.
|
|
391
|
+
* Updates the specified WebACL. While updating a web ACL, WAF provides continuous coverage to the resources that you have associated with the web ACL. This operation completely replaces the mutable specifications that you already have for the web ACL with the ones that you provide to this call. To modify a web ACL, do the following: Retrieve it by calling GetWebACL Update its settings as needed Provide the complete web ACL specification to this call When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds. A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.
|
|
392
392
|
*/
|
|
393
393
|
updateWebACL(params: WAFV2.Types.UpdateWebACLRequest, callback?: (err: AWSError, data: WAFV2.Types.UpdateWebACLResponse) => void): Request<WAFV2.Types.UpdateWebACLResponse, AWSError>;
|
|
394
394
|
/**
|
|
395
|
-
* Updates the specified WebACL. While updating a web ACL, WAF provides continuous coverage to the resources that you have associated with the web ACL. This operation completely replaces the mutable specifications that you already have for the web ACL with the ones that you provide to this call. To modify a web ACL, do the following: Retrieve it by calling GetWebACL Update its settings as needed Provide the complete web ACL specification to this call When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds. A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.
|
|
395
|
+
* Updates the specified WebACL. While updating a web ACL, WAF provides continuous coverage to the resources that you have associated with the web ACL. This operation completely replaces the mutable specifications that you already have for the web ACL with the ones that you provide to this call. To modify a web ACL, do the following: Retrieve it by calling GetWebACL Update its settings as needed Provide the complete web ACL specification to this call When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds. A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.
|
|
396
396
|
*/
|
|
397
397
|
updateWebACL(callback?: (err: AWSError, data: WAFV2.Types.UpdateWebACLResponse) => void): Request<WAFV2.Types.UpdateWebACLResponse, AWSError>;
|
|
398
398
|
}
|
|
@@ -413,7 +413,7 @@ declare namespace WAFV2 {
|
|
|
413
413
|
}
|
|
414
414
|
export interface AWSManagedRulesBotControlRuleSet {
|
|
415
415
|
/**
|
|
416
|
-
* The inspection level to use for the Bot Control rule group. The common level is the least expensive. The targeted level includes all common level rules and adds rules with more advanced inspection criteria. For details, see WAF Bot Control rule group.
|
|
416
|
+
* The inspection level to use for the Bot Control rule group. The common level is the least expensive. The targeted level includes all common level rules and adds rules with more advanced inspection criteria. For details, see WAF Bot Control rule group in the WAF Developer Guide.
|
|
417
417
|
*/
|
|
418
418
|
InspectionLevel: InspectionLevel;
|
|
419
419
|
}
|
|
@@ -447,12 +447,19 @@ declare namespace WAFV2 {
|
|
|
447
447
|
*/
|
|
448
448
|
WebACLArn: ResourceArn;
|
|
449
449
|
/**
|
|
450
|
-
* The Amazon Resource Name (ARN) of the resource to associate with the web ACL. The ARN must be in one of the following formats: For an Application Load Balancer: arn:
|
|
450
|
+
* The Amazon Resource Name (ARN) of the resource to associate with the web ACL. The ARN must be in one of the following formats: For an Application Load Balancer: arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id For an Amazon API Gateway REST API: arn:partition:apigateway:region::/restapis/api-id/stages/stage-name For an AppSync GraphQL API: arn:partition:appsync:region:account-id:apis/GraphQLApiId For an Amazon Cognito user pool: arn:partition:cognito-idp:region:account-id:userpool/user-pool-id For an App Runner service: arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
|
|
451
451
|
*/
|
|
452
452
|
ResourceArn: ResourceArn;
|
|
453
453
|
}
|
|
454
454
|
export interface AssociateWebACLResponse {
|
|
455
455
|
}
|
|
456
|
+
export type AssociatedResourceType = "CLOUDFRONT"|string;
|
|
457
|
+
export interface AssociationConfig {
|
|
458
|
+
/**
|
|
459
|
+
* Customizes the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default size is 16 KB (16,384 kilobytes). You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.
|
|
460
|
+
*/
|
|
461
|
+
RequestBody?: RequestBody;
|
|
462
|
+
}
|
|
456
463
|
export interface BlockAction {
|
|
457
464
|
/**
|
|
458
465
|
* Defines a custom response for the web request. For information about customizing web requests and responses, see Customizing web requests and responses in WAF in the WAF Developer Guide.
|
|
@@ -461,7 +468,7 @@ declare namespace WAFV2 {
|
|
|
461
468
|
}
|
|
462
469
|
export interface Body {
|
|
463
470
|
/**
|
|
464
|
-
* What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the
|
|
471
|
+
* What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service only forwards the contents that are below the limit to WAF for inspection. The default limit is 8 KB (8,192 kilobytes) for regional resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions, you can increase the limit in the web ACL AssociationConfig, for additional processing fees. The options for oversize handling are the following: CONTINUE - Inspect the body normally, according to the rule inspection criteria. MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request. NO_MATCH - Treat the web request as not matching the rule statement. You can combine the MATCH or NO_MATCH settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit. Default: CONTINUE
|
|
465
472
|
*/
|
|
466
473
|
OversizeHandling?: OversizeHandling;
|
|
467
474
|
}
|
|
@@ -540,7 +547,7 @@ declare namespace WAFV2 {
|
|
|
540
547
|
}
|
|
541
548
|
export interface CheckCapacityRequest {
|
|
542
549
|
/**
|
|
543
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
550
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
544
551
|
*/
|
|
545
552
|
Scope: Scope;
|
|
546
553
|
/**
|
|
@@ -611,7 +618,7 @@ declare namespace WAFV2 {
|
|
|
611
618
|
*/
|
|
612
619
|
Name: EntityName;
|
|
613
620
|
/**
|
|
614
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
621
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
615
622
|
*/
|
|
616
623
|
Scope: Scope;
|
|
617
624
|
/**
|
|
@@ -643,7 +650,7 @@ declare namespace WAFV2 {
|
|
|
643
650
|
*/
|
|
644
651
|
Name: EntityName;
|
|
645
652
|
/**
|
|
646
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
653
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
647
654
|
*/
|
|
648
655
|
Scope: Scope;
|
|
649
656
|
/**
|
|
@@ -671,11 +678,11 @@ declare namespace WAFV2 {
|
|
|
671
678
|
*/
|
|
672
679
|
Name: EntityName;
|
|
673
680
|
/**
|
|
674
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
681
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
675
682
|
*/
|
|
676
683
|
Scope: Scope;
|
|
677
684
|
/**
|
|
678
|
-
* The web ACL capacity units (WCUs) required for this rule group. When you create your own rule group, you define this, and you cannot change it after creation. When you add or modify the rules in a rule group, WAF enforces this limit. You can check the capacity for a set of rules using CheckCapacity. WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group.
|
|
685
|
+
* The web ACL capacity units (WCUs) required for this rule group. When you create your own rule group, you define this, and you cannot change it after creation. When you add or modify the rules in a rule group, WAF enforces this limit. You can check the capacity for a set of rules using CheckCapacity. WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. For more information, see WAF web ACL capacity units (WCU) in the WAF Developer Guide.
|
|
679
686
|
*/
|
|
680
687
|
Capacity: CapacityUnit;
|
|
681
688
|
/**
|
|
@@ -711,7 +718,7 @@ declare namespace WAFV2 {
|
|
|
711
718
|
*/
|
|
712
719
|
Name: EntityName;
|
|
713
720
|
/**
|
|
714
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
721
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
715
722
|
*/
|
|
716
723
|
Scope: Scope;
|
|
717
724
|
/**
|
|
@@ -750,6 +757,10 @@ declare namespace WAFV2 {
|
|
|
750
757
|
* Specifies the domains that WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When WAF provides a token, it uses the domain of the Amazon Web Services resource that the web ACL is protecting. If you don't specify a list of token domains, WAF accepts tokens only for the domain of the protected resource. With a token domain list, WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains. Example JSON: "TokenDomains": { "mywebsite.com", "myotherwebsite.com" } Public suffixes aren't allowed. For example, you can't use usa.gov or co.uk as token domains.
|
|
751
758
|
*/
|
|
752
759
|
TokenDomains?: TokenDomains;
|
|
760
|
+
/**
|
|
761
|
+
* Specifies custom configurations for the associations between the web ACL and protected resources. Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes). You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.
|
|
762
|
+
*/
|
|
763
|
+
AssociationConfig?: AssociationConfig;
|
|
753
764
|
}
|
|
754
765
|
export interface CreateWebACLResponse {
|
|
755
766
|
/**
|
|
@@ -833,7 +844,7 @@ declare namespace WAFV2 {
|
|
|
833
844
|
*/
|
|
834
845
|
Name: EntityName;
|
|
835
846
|
/**
|
|
836
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
847
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
837
848
|
*/
|
|
838
849
|
Scope: Scope;
|
|
839
850
|
/**
|
|
@@ -869,7 +880,7 @@ declare namespace WAFV2 {
|
|
|
869
880
|
*/
|
|
870
881
|
Name: EntityName;
|
|
871
882
|
/**
|
|
872
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
883
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
873
884
|
*/
|
|
874
885
|
Scope: Scope;
|
|
875
886
|
/**
|
|
@@ -889,7 +900,7 @@ declare namespace WAFV2 {
|
|
|
889
900
|
*/
|
|
890
901
|
Name: EntityName;
|
|
891
902
|
/**
|
|
892
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
903
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
893
904
|
*/
|
|
894
905
|
Scope: Scope;
|
|
895
906
|
/**
|
|
@@ -909,7 +920,7 @@ declare namespace WAFV2 {
|
|
|
909
920
|
*/
|
|
910
921
|
Name: EntityName;
|
|
911
922
|
/**
|
|
912
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
923
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
913
924
|
*/
|
|
914
925
|
Scope: Scope;
|
|
915
926
|
/**
|
|
@@ -933,7 +944,7 @@ declare namespace WAFV2 {
|
|
|
933
944
|
*/
|
|
934
945
|
Name: EntityName;
|
|
935
946
|
/**
|
|
936
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
947
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
937
948
|
*/
|
|
938
949
|
Scope: Scope;
|
|
939
950
|
/**
|
|
@@ -951,7 +962,7 @@ declare namespace WAFV2 {
|
|
|
951
962
|
*/
|
|
952
963
|
SnsTopicArn?: ResourceArn;
|
|
953
964
|
/**
|
|
954
|
-
* The web ACL capacity units (WCUs) required for this rule group. WAF uses
|
|
965
|
+
* The web ACL capacity units (WCUs) required for this rule group. WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. For more information, see WAF web ACL capacity units (WCU) in the WAF Developer Guide.
|
|
955
966
|
*/
|
|
956
967
|
Capacity?: CapacityUnit;
|
|
957
968
|
/**
|
|
@@ -973,7 +984,7 @@ declare namespace WAFV2 {
|
|
|
973
984
|
}
|
|
974
985
|
export interface DisassociateWebACLRequest {
|
|
975
986
|
/**
|
|
976
|
-
* The Amazon Resource Name (ARN) of the resource to disassociate from the web ACL. The ARN must be in one of the following formats: For an Application Load Balancer: arn:
|
|
987
|
+
* The Amazon Resource Name (ARN) of the resource to disassociate from the web ACL. The ARN must be in one of the following formats: For an Application Load Balancer: arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id For an Amazon API Gateway REST API: arn:partition:apigateway:region::/restapis/api-id/stages/stage-name For an AppSync GraphQL API: arn:partition:appsync:region:account-id:apis/GraphQLApiId For an Amazon Cognito user pool: arn:partition:cognito-idp:region:account-id:userpool/user-pool-id For an App Runner service: arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
|
|
977
988
|
*/
|
|
978
989
|
ResourceArn: ResourceArn;
|
|
979
990
|
}
|
|
@@ -1017,7 +1028,7 @@ declare namespace WAFV2 {
|
|
|
1017
1028
|
*/
|
|
1018
1029
|
QueryString?: QueryString;
|
|
1019
1030
|
/**
|
|
1020
|
-
* Inspect the request body as plain text. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
|
|
1031
|
+
* Inspect the request body as plain text. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. A limited amount of the request body is forwarded to WAF for inspection by the underlying host service. For regional resources, the limit is 8 KB (8,192 kilobytes) and for CloudFront distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront distributions, you can increase the limit in the web ACL's AssociationConfig, for additional processing fees. For information about how to handle oversized request bodies, see the Body object configuration.
|
|
1021
1032
|
*/
|
|
1022
1033
|
Body?: Body;
|
|
1023
1034
|
/**
|
|
@@ -1025,7 +1036,7 @@ declare namespace WAFV2 {
|
|
|
1025
1036
|
*/
|
|
1026
1037
|
Method?: Method;
|
|
1027
1038
|
/**
|
|
1028
|
-
* Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form.
|
|
1039
|
+
* Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. A limited amount of the request body is forwarded to WAF for inspection by the underlying host service. For regional resources, the limit is 8 KB (8,192 kilobytes) and for CloudFront distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront distributions, you can increase the limit in the web ACL's AssociationConfig, for additional processing fees. For information about how to handle oversized request bodies, see the JsonBody object configuration.
|
|
1029
1040
|
*/
|
|
1030
1041
|
JsonBody?: JsonBody;
|
|
1031
1042
|
/**
|
|
@@ -1080,11 +1091,11 @@ declare namespace WAFV2 {
|
|
|
1080
1091
|
export type FirewallManagerRuleGroups = FirewallManagerRuleGroup[];
|
|
1081
1092
|
export interface FirewallManagerStatement {
|
|
1082
1093
|
/**
|
|
1083
|
-
* A
|
|
1094
|
+
* A statement used by Firewall Manager to run the rules that are defined in a managed rule group. This is managed by Firewall Manager for an Firewall Manager WAF policy.
|
|
1084
1095
|
*/
|
|
1085
1096
|
ManagedRuleGroupStatement?: ManagedRuleGroupStatement;
|
|
1086
1097
|
/**
|
|
1087
|
-
* A
|
|
1098
|
+
* A statement used by Firewall Manager to run the rules that are defined in a rule group. This is managed by Firewall Manager for an Firewall Manager WAF policy.
|
|
1088
1099
|
*/
|
|
1089
1100
|
RuleGroupReferenceStatement?: RuleGroupReferenceStatement;
|
|
1090
1101
|
}
|
|
@@ -1132,7 +1143,7 @@ declare namespace WAFV2 {
|
|
|
1132
1143
|
*/
|
|
1133
1144
|
Name: EntityName;
|
|
1134
1145
|
/**
|
|
1135
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
1146
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
1136
1147
|
*/
|
|
1137
1148
|
Scope: Scope;
|
|
1138
1149
|
/**
|
|
@@ -1168,7 +1179,7 @@ declare namespace WAFV2 {
|
|
|
1168
1179
|
*/
|
|
1169
1180
|
Name: EntityName;
|
|
1170
1181
|
/**
|
|
1171
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
1182
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
1172
1183
|
*/
|
|
1173
1184
|
Scope: Scope;
|
|
1174
1185
|
/**
|
|
@@ -1216,7 +1227,7 @@ declare namespace WAFV2 {
|
|
|
1216
1227
|
}
|
|
1217
1228
|
export interface GetRateBasedStatementManagedKeysRequest {
|
|
1218
1229
|
/**
|
|
1219
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
1230
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
1220
1231
|
*/
|
|
1221
1232
|
Scope: Scope;
|
|
1222
1233
|
/**
|
|
@@ -1252,7 +1263,7 @@ declare namespace WAFV2 {
|
|
|
1252
1263
|
*/
|
|
1253
1264
|
Name: EntityName;
|
|
1254
1265
|
/**
|
|
1255
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
1266
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
1256
1267
|
*/
|
|
1257
1268
|
Scope: Scope;
|
|
1258
1269
|
/**
|
|
@@ -1276,7 +1287,7 @@ declare namespace WAFV2 {
|
|
|
1276
1287
|
*/
|
|
1277
1288
|
Name?: EntityName;
|
|
1278
1289
|
/**
|
|
1279
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
1290
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
1280
1291
|
*/
|
|
1281
1292
|
Scope?: Scope;
|
|
1282
1293
|
/**
|
|
@@ -1308,7 +1319,7 @@ declare namespace WAFV2 {
|
|
|
1308
1319
|
*/
|
|
1309
1320
|
RuleMetricName: MetricName;
|
|
1310
1321
|
/**
|
|
1311
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
1322
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
1312
1323
|
*/
|
|
1313
1324
|
Scope: Scope;
|
|
1314
1325
|
/**
|
|
@@ -1336,7 +1347,7 @@ declare namespace WAFV2 {
|
|
|
1336
1347
|
}
|
|
1337
1348
|
export interface GetWebACLForResourceRequest {
|
|
1338
1349
|
/**
|
|
1339
|
-
* The Amazon Resource Name (ARN) of the resource whose web ACL you want to retrieve. The ARN must be in one of the following formats: For an Application Load Balancer: arn:
|
|
1350
|
+
* The Amazon Resource Name (ARN) of the resource whose web ACL you want to retrieve. The ARN must be in one of the following formats: For an Application Load Balancer: arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id For an Amazon API Gateway REST API: arn:partition:apigateway:region::/restapis/api-id/stages/stage-name For an AppSync GraphQL API: arn:partition:appsync:region:account-id:apis/GraphQLApiId For an Amazon Cognito user pool: arn:partition:cognito-idp:region:account-id:userpool/user-pool-id For an App Runner service: arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
|
|
1340
1351
|
*/
|
|
1341
1352
|
ResourceArn: ResourceArn;
|
|
1342
1353
|
}
|
|
@@ -1352,7 +1363,7 @@ declare namespace WAFV2 {
|
|
|
1352
1363
|
*/
|
|
1353
1364
|
Name: EntityName;
|
|
1354
1365
|
/**
|
|
1355
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
1366
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
1356
1367
|
*/
|
|
1357
1368
|
Scope: Scope;
|
|
1358
1369
|
/**
|
|
@@ -1542,7 +1553,7 @@ declare namespace WAFV2 {
|
|
|
1542
1553
|
*/
|
|
1543
1554
|
InvalidFallbackBehavior?: BodyParsingFallbackBehavior;
|
|
1544
1555
|
/**
|
|
1545
|
-
* What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the
|
|
1556
|
+
* What WAF should do if the body is larger than WAF can inspect. WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service only forwards the contents that are below the limit to WAF for inspection. The default limit is 8 KB (8,192 kilobytes) for regional resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions, you can increase the limit in the web ACL AssociationConfig, for additional processing fees. The options for oversize handling are the following: CONTINUE - Inspect the body normally, according to the rule inspection criteria. MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request. NO_MATCH - Treat the web request as not matching the rule statement. You can combine the MATCH or NO_MATCH settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit. Default: CONTINUE
|
|
1546
1557
|
*/
|
|
1547
1558
|
OversizeHandling?: OversizeHandling;
|
|
1548
1559
|
}
|
|
@@ -1602,7 +1613,7 @@ declare namespace WAFV2 {
|
|
|
1602
1613
|
*/
|
|
1603
1614
|
Name: EntityName;
|
|
1604
1615
|
/**
|
|
1605
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
1616
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
1606
1617
|
*/
|
|
1607
1618
|
Scope: Scope;
|
|
1608
1619
|
/**
|
|
@@ -1630,7 +1641,7 @@ declare namespace WAFV2 {
|
|
|
1630
1641
|
}
|
|
1631
1642
|
export interface ListAvailableManagedRuleGroupsRequest {
|
|
1632
1643
|
/**
|
|
1633
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
1644
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
1634
1645
|
*/
|
|
1635
1646
|
Scope: Scope;
|
|
1636
1647
|
/**
|
|
@@ -1654,7 +1665,7 @@ declare namespace WAFV2 {
|
|
|
1654
1665
|
}
|
|
1655
1666
|
export interface ListIPSetsRequest {
|
|
1656
1667
|
/**
|
|
1657
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
1668
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
1658
1669
|
*/
|
|
1659
1670
|
Scope: Scope;
|
|
1660
1671
|
/**
|
|
@@ -1678,7 +1689,7 @@ declare namespace WAFV2 {
|
|
|
1678
1689
|
}
|
|
1679
1690
|
export interface ListLoggingConfigurationsRequest {
|
|
1680
1691
|
/**
|
|
1681
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
1692
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
1682
1693
|
*/
|
|
1683
1694
|
Scope: Scope;
|
|
1684
1695
|
/**
|
|
@@ -1702,7 +1713,7 @@ declare namespace WAFV2 {
|
|
|
1702
1713
|
}
|
|
1703
1714
|
export interface ListManagedRuleSetsRequest {
|
|
1704
1715
|
/**
|
|
1705
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
1716
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
1706
1717
|
*/
|
|
1707
1718
|
Scope: Scope;
|
|
1708
1719
|
/**
|
|
@@ -1751,7 +1762,7 @@ declare namespace WAFV2 {
|
|
|
1751
1762
|
}
|
|
1752
1763
|
export interface ListRegexPatternSetsRequest {
|
|
1753
1764
|
/**
|
|
1754
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
1765
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
1755
1766
|
*/
|
|
1756
1767
|
Scope: Scope;
|
|
1757
1768
|
/**
|
|
@@ -1779,7 +1790,7 @@ declare namespace WAFV2 {
|
|
|
1779
1790
|
*/
|
|
1780
1791
|
WebACLArn: ResourceArn;
|
|
1781
1792
|
/**
|
|
1782
|
-
* Used for web ACLs that are scoped for regional applications. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
1793
|
+
* Used for web ACLs that are scoped for regional applications. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. If you don't provide a resource type, the call uses the resource type APPLICATION_LOAD_BALANCER. Default: APPLICATION_LOAD_BALANCER
|
|
1783
1794
|
*/
|
|
1784
1795
|
ResourceType?: ResourceType;
|
|
1785
1796
|
}
|
|
@@ -1791,7 +1802,7 @@ declare namespace WAFV2 {
|
|
|
1791
1802
|
}
|
|
1792
1803
|
export interface ListRuleGroupsRequest {
|
|
1793
1804
|
/**
|
|
1794
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
1805
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
1795
1806
|
*/
|
|
1796
1807
|
Scope: Scope;
|
|
1797
1808
|
/**
|
|
@@ -1839,7 +1850,7 @@ declare namespace WAFV2 {
|
|
|
1839
1850
|
}
|
|
1840
1851
|
export interface ListWebACLsRequest {
|
|
1841
1852
|
/**
|
|
1842
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
1853
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
1843
1854
|
*/
|
|
1844
1855
|
Scope: Scope;
|
|
1845
1856
|
/**
|
|
@@ -2047,7 +2058,7 @@ declare namespace WAFV2 {
|
|
|
2047
2058
|
*/
|
|
2048
2059
|
AssociatedRuleGroupArn?: ResourceArn;
|
|
2049
2060
|
/**
|
|
2050
|
-
* The web ACL capacity units (WCUs) required for this rule group. WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group.
|
|
2061
|
+
* The web ACL capacity units (WCUs) required for this rule group. WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. For more information, see WAF web ACL capacity units (WCU) in the WAF Developer Guide.
|
|
2051
2062
|
*/
|
|
2052
2063
|
Capacity?: CapacityUnit;
|
|
2053
2064
|
/**
|
|
@@ -2147,7 +2158,7 @@ declare namespace WAFV2 {
|
|
|
2147
2158
|
*/
|
|
2148
2159
|
Name: EntityName;
|
|
2149
2160
|
/**
|
|
2150
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
2161
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
2151
2162
|
*/
|
|
2152
2163
|
Scope: Scope;
|
|
2153
2164
|
/**
|
|
@@ -2179,7 +2190,7 @@ declare namespace WAFV2 {
|
|
|
2179
2190
|
*/
|
|
2180
2191
|
ResourceArn: ResourceArn;
|
|
2181
2192
|
/**
|
|
2182
|
-
* The policy to attach to the specified rule group. The policy specifications must conform to the following: The policy must be composed using IAM Policy version 2012-10-17
|
|
2193
|
+
* The policy to attach to the specified rule group. The policy specifications must conform to the following: The policy must be composed using IAM Policy version 2012-10-17. The policy must include specifications for Effect, Action, and Principal. Effect must specify Allow. Action must specify wafv2:CreateWebACL, wafv2:UpdateWebACL, and wafv2:PutFirewallManagerRuleGroups and may optionally specify wafv2:GetRuleGroup. WAF rejects any extra actions or wildcard actions in the policy. The policy must not include a Resource parameter. For more information, see IAM Policies.
|
|
2183
2194
|
*/
|
|
2184
2195
|
Policy: PolicyString;
|
|
2185
2196
|
}
|
|
@@ -2311,6 +2322,13 @@ declare namespace WAFV2 {
|
|
|
2311
2322
|
*/
|
|
2312
2323
|
Timestamp?: Timestamp;
|
|
2313
2324
|
}
|
|
2325
|
+
export type RequestBody = {[key: string]: RequestBodyAssociatedResourceTypeConfig};
|
|
2326
|
+
export interface RequestBodyAssociatedResourceTypeConfig {
|
|
2327
|
+
/**
|
|
2328
|
+
* Specifies the maximum size of the web request body component that an associated CloudFront distribution should send to WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. Default: 16 KB (16,384 kilobytes)
|
|
2329
|
+
*/
|
|
2330
|
+
DefaultSizeInspectionLimit: SizeInspectionLimit;
|
|
2331
|
+
}
|
|
2314
2332
|
export interface RequestInspection {
|
|
2315
2333
|
/**
|
|
2316
2334
|
* The payload type for your login endpoint, either JSON or form encoded.
|
|
@@ -2488,7 +2506,7 @@ declare namespace WAFV2 {
|
|
|
2488
2506
|
*/
|
|
2489
2507
|
Id: EntityId;
|
|
2490
2508
|
/**
|
|
2491
|
-
* The web ACL capacity units (WCUs) required for this rule group. When you create your own rule group, you define this, and you cannot change it after creation. When you add or modify the rules in a rule group, WAF enforces this limit. You can check the capacity for a set of rules using CheckCapacity. WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group.
|
|
2509
|
+
* The web ACL capacity units (WCUs) required for this rule group. When you create your own rule group, you define this, and you cannot change it after creation. When you add or modify the rules in a rule group, WAF enforces this limit. You can check the capacity for a set of rules using CheckCapacity. WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. For more information, see WAF web ACL capacity units (WCU) in the WAF Developer Guide.
|
|
2492
2510
|
*/
|
|
2493
2511
|
Capacity: CapacityUnit;
|
|
2494
2512
|
/**
|
|
@@ -2657,6 +2675,7 @@ declare namespace WAFV2 {
|
|
|
2657
2675
|
*/
|
|
2658
2676
|
TextTransformations: TextTransformations;
|
|
2659
2677
|
}
|
|
2678
|
+
export type SizeInspectionLimit = "KB_16"|"KB_32"|"KB_48"|"KB_64"|string;
|
|
2660
2679
|
export type SolveTimestamp = number;
|
|
2661
2680
|
export interface SqliMatchStatement {
|
|
2662
2681
|
/**
|
|
@@ -2686,7 +2705,7 @@ declare namespace WAFV2 {
|
|
|
2686
2705
|
*/
|
|
2687
2706
|
XssMatchStatement?: XssMatchStatement;
|
|
2688
2707
|
/**
|
|
2689
|
-
* A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes. If you configure WAF to inspect the request body, WAF inspects only the
|
|
2708
|
+
* A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes. If you configure WAF to inspect the request body, WAF inspects only the number of bytes of the body up to the limit for the web ACL. By default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes) and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes). For CloudFront web ACLs, you can increase the limit in the web ACL AssociationConfig, for additional fees. If you know that the request body for your web requests should never exceed the inspection limit, you could use a size constraint statement to block requests that have a larger request body size. If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI /logo.jpg is nine characters long.
|
|
2690
2709
|
*/
|
|
2691
2710
|
SizeConstraintStatement?: SizeConstraintStatement;
|
|
2692
2711
|
/**
|
|
@@ -2821,7 +2840,7 @@ declare namespace WAFV2 {
|
|
|
2821
2840
|
*/
|
|
2822
2841
|
Name: EntityName;
|
|
2823
2842
|
/**
|
|
2824
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
2843
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
2825
2844
|
*/
|
|
2826
2845
|
Scope: Scope;
|
|
2827
2846
|
/**
|
|
@@ -2853,7 +2872,7 @@ declare namespace WAFV2 {
|
|
|
2853
2872
|
*/
|
|
2854
2873
|
Name: EntityName;
|
|
2855
2874
|
/**
|
|
2856
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
2875
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
2857
2876
|
*/
|
|
2858
2877
|
Scope: Scope;
|
|
2859
2878
|
/**
|
|
@@ -2893,7 +2912,7 @@ declare namespace WAFV2 {
|
|
|
2893
2912
|
*/
|
|
2894
2913
|
Name: EntityName;
|
|
2895
2914
|
/**
|
|
2896
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
2915
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
2897
2916
|
*/
|
|
2898
2917
|
Scope: Scope;
|
|
2899
2918
|
/**
|
|
@@ -2925,7 +2944,7 @@ declare namespace WAFV2 {
|
|
|
2925
2944
|
*/
|
|
2926
2945
|
Name: EntityName;
|
|
2927
2946
|
/**
|
|
2928
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
2947
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
2929
2948
|
*/
|
|
2930
2949
|
Scope: Scope;
|
|
2931
2950
|
/**
|
|
@@ -2965,7 +2984,7 @@ declare namespace WAFV2 {
|
|
|
2965
2984
|
*/
|
|
2966
2985
|
Name: EntityName;
|
|
2967
2986
|
/**
|
|
2968
|
-
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
|
|
2987
|
+
* Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1. API and SDKs - For all calls, use the Region endpoint us-east-1.
|
|
2969
2988
|
*/
|
|
2970
2989
|
Scope: Scope;
|
|
2971
2990
|
/**
|
|
@@ -3008,6 +3027,10 @@ declare namespace WAFV2 {
|
|
|
3008
3027
|
* Specifies the domains that WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When WAF provides a token, it uses the domain of the Amazon Web Services resource that the web ACL is protecting. If you don't specify a list of token domains, WAF accepts tokens only for the domain of the protected resource. With a token domain list, WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains. Example JSON: "TokenDomains": { "mywebsite.com", "myotherwebsite.com" } Public suffixes aren't allowed. For example, you can't use usa.gov or co.uk as token domains.
|
|
3009
3028
|
*/
|
|
3010
3029
|
TokenDomains?: TokenDomains;
|
|
3030
|
+
/**
|
|
3031
|
+
* Specifies custom configurations for the associations between the web ACL and protected resources. Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes). You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.
|
|
3032
|
+
*/
|
|
3033
|
+
AssociationConfig?: AssociationConfig;
|
|
3011
3034
|
}
|
|
3012
3035
|
export interface UpdateWebACLResponse {
|
|
3013
3036
|
/**
|
|
@@ -3042,7 +3065,7 @@ declare namespace WAFV2 {
|
|
|
3042
3065
|
*/
|
|
3043
3066
|
SampledRequestsEnabled: Boolean;
|
|
3044
3067
|
/**
|
|
3045
|
-
* A boolean indicating whether the associated resource sends metrics to Amazon CloudWatch. For the list of available metrics, see WAF Metrics.
|
|
3068
|
+
* A boolean indicating whether the associated resource sends metrics to Amazon CloudWatch. For the list of available metrics, see WAF Metrics in the WAF Developer Guide.
|
|
3046
3069
|
*/
|
|
3047
3070
|
CloudWatchMetricsEnabled: Boolean;
|
|
3048
3071
|
/**
|
|
@@ -3080,7 +3103,7 @@ declare namespace WAFV2 {
|
|
|
3080
3103
|
*/
|
|
3081
3104
|
VisibilityConfig: VisibilityConfig;
|
|
3082
3105
|
/**
|
|
3083
|
-
* The web ACL capacity units (WCUs) currently being used by this web ACL. WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group.
|
|
3106
|
+
* The web ACL capacity units (WCUs) currently being used by this web ACL. WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. For more information, see WAF web ACL capacity units (WCU) in the WAF Developer Guide.
|
|
3084
3107
|
*/
|
|
3085
3108
|
Capacity?: ConsumedCapacity;
|
|
3086
3109
|
/**
|
|
@@ -3115,6 +3138,10 @@ declare namespace WAFV2 {
|
|
|
3115
3138
|
* Specifies the domains that WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When WAF provides a token, it uses the domain of the Amazon Web Services resource that the web ACL is protecting. If you don't specify a list of token domains, WAF accepts tokens only for the domain of the protected resource. With a token domain list, WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.
|
|
3116
3139
|
*/
|
|
3117
3140
|
TokenDomains?: TokenDomains;
|
|
3141
|
+
/**
|
|
3142
|
+
* Specifies custom configurations for the associations between the web ACL and protected resources. Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes). You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.
|
|
3143
|
+
*/
|
|
3144
|
+
AssociationConfig?: AssociationConfig;
|
|
3118
3145
|
}
|
|
3119
3146
|
export type WebACLSummaries = WebACLSummary[];
|
|
3120
3147
|
export interface WebACLSummary {
|