aws-cdk-lib 2.182.0__py3-none-any.whl → 2.184.0__py3-none-any.whl

aws_cdk/aws_wafv2/__init__.py

@@ -4499,7 +4499,7 @@ class CfnRuleGroup(
             :param cookies: Inspect the request cookies. You must configure scope and pattern matching filters in the ``Cookies`` object, to define the set of cookies and the parts of the cookies that AWS WAF inspects. Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize cookie content in the ``Cookies`` object. AWS WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.
             :param headers: Inspect the request headers. You must configure scope and pattern matching filters in the ``Headers`` object, to define the set of headers to and the parts of the headers that AWS WAF inspects. Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize header content in the ``Headers`` object. AWS WAF applies the pattern matching filters to the headers that it receives from the underlying host service.
             :param ja3_fingerprint: Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information. .. epigraph:: You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` . You can obtain the JA3 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* . Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
-            :param ja4_fingerprint: Includes the JA4 fingerprint of a web request.
+            :param ja4_fingerprint: Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA4 fingerprint. The JA4 fingerprint is a 36-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information. .. epigraph:: You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` . You can obtain the JA4 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* . Provide the JA4 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
             :param json_body: Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. For information about how to handle oversized request bodies, see the ``JsonBody`` object configuration.
             :param method: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
             :param query_string: Inspect the query string. This is the part of a URL that appears after a ``?`` character, if any.
@@ -4694,7 +4694,16 @@ class CfnRuleGroup(
         def ja4_fingerprint(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.JA4FingerprintProperty"]]:
-            '''Includes the JA4 fingerprint of a web request.
+            '''Available for use with Amazon CloudFront distributions and Application Load Balancers.
+
+            Match against the request's JA4 fingerprint. The JA4 fingerprint is a 36-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
+            .. epigraph::
+
+               You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` .
+
+            You can obtain the JA4 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* .
+
+            Provide the JA4 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-fieldtomatch.html#cfn-wafv2-rulegroup-fieldtomatch-ja4fingerprint
             '''
@@ -5546,9 +5555,18 @@ class CfnRuleGroup(
     )
     class JA4FingerprintProperty:
         def __init__(self, *, fallback_behavior: builtins.str) -> None:
-            '''Includes the JA4 fingerprint of a web request.
+            '''Available for use with Amazon CloudFront distributions and Application Load Balancers.
+
+            Match against the request's JA4 fingerprint. The JA4 fingerprint is a 36-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
+            .. epigraph::
 
-            :param fallback_behavior: 
+               You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` .
+
+            You can obtain the JA4 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* .
+
+            Provide the JA4 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
+
+            :param fallback_behavior: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. You can specify the following fallback behaviors: - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ja4fingerprint.html
             :exampleMetadata: fixture=_generated
@@ -5572,7 +5590,13 @@ class CfnRuleGroup(
 
         @builtins.property
         def fallback_behavior(self) -> builtins.str:
-            '''
+            '''The match status to assign to the web request if the request doesn't have a JA4 fingerprint.
+
+            You can specify the following fallback behaviors:
+
+            - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
+            - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ja4fingerprint.html#cfn-wafv2-rulegroup-ja4fingerprint-fallbackbehavior
             '''
             result = self._values.get("fallback_behavior")
@@ -7027,8 +7051,8 @@ class CfnRuleGroup(
             :param header: Use the value of a header in the request as an aggregate key. Each distinct value in the header contributes to the aggregation instance. If you use a single header as your custom key, then each value fully defines an aggregation instance.
             :param http_method: Use the request's HTTP method as an aggregate key. Each distinct HTTP method contributes to the aggregation instance. If you use just the HTTP method as your custom key, then each method fully defines an aggregation instance.
             :param ip: Use the request's originating IP address as an aggregate key. Each distinct IP address contributes to the aggregation instance. When you specify an IP or forwarded IP in the custom key settings, you must also specify at least one other key to use. You can aggregate on only the IP address by specifying ``IP`` in your rate-based statement's ``AggregateKeyType`` .
-            :param ja3_fingerprint: Specifies the request's JA3 fingerprint as an aggregate key for a rate-based rule.
-            :param ja4_fingerprint: Specifies the request's JA4 fingerprint as an aggregate key for a rate-based rule.
+            :param ja3_fingerprint: Use the request's JA3 fingerprint as an aggregate key. If you use a single JA3 fingerprint as your custom key, then each value fully defines an aggregation instance.
+            :param ja4_fingerprint: Use the request's JA4 fingerprint as an aggregate key. If you use a single JA4 fingerprint as your custom key, then each value fully defines an aggregation instance.
             :param label_namespace: Use the specified label namespace as an aggregate key. Each distinct fully qualified label name that has the specified label namespace contributes to the aggregation instance. If you use just one label namespace as your custom key, then each label name fully defines an aggregation instance. This uses only labels that have been added to the request by rules that are evaluated before this rate-based rule in the web ACL. For information about label namespaces and names, see `Label syntax and naming requirements <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-label-requirements.html>`_ in the *AWS WAF Developer Guide* .
             :param query_argument: Use the specified query argument as an aggregate key. Each distinct value for the named query argument contributes to the aggregation instance. If you use a single query argument as your custom key, then each value fully defines an aggregation instance.
             :param query_string: Use the request's query string as an aggregate key. Each distinct string contributes to the aggregation instance. If you use just the query string as your custom key, then each string fully defines an aggregation instance.
@@ -7199,7 +7223,9 @@ class CfnRuleGroup(
         def ja3_fingerprint(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.RateLimitJA3FingerprintProperty"]]:
-            '''Specifies the request's JA3 fingerprint as an aggregate key for a rate-based rule.
+            '''Use the request's JA3 fingerprint as an aggregate key.
+
+            If you use a single JA3 fingerprint as your custom key, then each value fully defines an aggregation instance.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratebasedstatementcustomkey.html#cfn-wafv2-rulegroup-ratebasedstatementcustomkey-ja3fingerprint
             '''
@@ -7210,7 +7236,9 @@ class CfnRuleGroup(
         def ja4_fingerprint(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.RateLimitJA4FingerprintProperty"]]:
-            '''Specifies the request's JA4 fingerprint as an aggregate key for a rate-based rule.
+            '''Use the request's JA4 fingerprint as an aggregate key.
+
+            If you use a single JA4 fingerprint as your custom key, then each value fully defines an aggregation instance.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratebasedstatementcustomkey.html#cfn-wafv2-rulegroup-ratebasedstatementcustomkey-ja4fingerprint
             '''
@@ -8102,9 +8130,11 @@ class CfnRuleGroup(
     )
     class RateLimitJA3FingerprintProperty:
         def __init__(self, *, fallback_behavior: builtins.str) -> None:
-            '''Specifies the request's JA3 fingerprint as an aggregate key for a rate-based rule.
+            '''Use the request's JA3 fingerprint derived from the TLS Client Hello of an incoming request as an aggregate key.
 
-            :param fallback_behavior: 
+            If you use a single JA3 fingerprint as your custom key, then each value fully defines an aggregation instance.
+
+            :param fallback_behavior: The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. You can specify the following fallback behaviors: - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratelimitja3fingerprint.html
             :exampleMetadata: fixture=_generated
@@ -8128,7 +8158,13 @@ class CfnRuleGroup(
 
         @builtins.property
         def fallback_behavior(self) -> builtins.str:
-            '''
+            '''The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint.
+
+            You can specify the following fallback behaviors:
+
+            - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
+            - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratelimitja3fingerprint.html#cfn-wafv2-rulegroup-ratelimitja3fingerprint-fallbackbehavior
             '''
             result = self._values.get("fallback_behavior")
@@ -8153,9 +8189,11 @@ class CfnRuleGroup(
     )
     class RateLimitJA4FingerprintProperty:
         def __init__(self, *, fallback_behavior: builtins.str) -> None:
-            '''Specifies the request's JA4 fingerprint as an aggregate key for a rate-based rule.
+            '''Use the request's JA4 fingerprint derived from the TLS Client Hello of an incoming request as an aggregate key.
+
+            If you use a single JA4 fingerprint as your custom key, then each value fully defines an aggregation instance.
 
-            :param fallback_behavior: 
+            :param fallback_behavior: The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. You can specify the following fallback behaviors: - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratelimitja4fingerprint.html
             :exampleMetadata: fixture=_generated
@@ -8179,7 +8217,13 @@ class CfnRuleGroup(
 
         @builtins.property
         def fallback_behavior(self) -> builtins.str:
-            '''
+            '''The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint.
+
+            You can specify the following fallback behaviors:
+
+            - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
+            - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-ratelimitja4fingerprint.html#cfn-wafv2-rulegroup-ratelimitja4fingerprint-fallbackbehavior
             '''
             result = self._values.get("fallback_behavior")
@@ -14356,7 +14400,7 @@ class CfnWebACL(
             :param cookies: Inspect the request cookies. You must configure scope and pattern matching filters in the ``Cookies`` object, to define the set of cookies and the parts of the cookies that AWS WAF inspects. Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize cookie content in the ``Cookies`` object. AWS WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.
             :param headers: Inspect the request headers. You must configure scope and pattern matching filters in the ``Headers`` object, to define the set of headers to and the parts of the headers that AWS WAF inspects. Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize header content in the ``Headers`` object. AWS WAF applies the pattern matching filters to the headers that it receives from the underlying host service.
             :param ja3_fingerprint: Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information. .. epigraph:: You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` . You can obtain the JA3 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* . Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
-            :param ja4_fingerprint: Includes the JA4 fingerprint of a web request.
+            :param ja4_fingerprint: Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA4 fingerprint. The JA4 fingerprint is a 36-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information. .. epigraph:: You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` . You can obtain the JA4 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* . Provide the JA4 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
             :param json_body: Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. For information about how to handle oversized request bodies, see the ``JsonBody`` object configuration.
             :param method: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
             :param query_string: Inspect the query string. This is the part of a URL that appears after a ``?`` character, if any.
@@ -14551,7 +14595,16 @@ class CfnWebACL(
         def ja4_fingerprint(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWebACL.JA4FingerprintProperty"]]:
-            '''Includes the JA4 fingerprint of a web request.
+            '''Available for use with Amazon CloudFront distributions and Application Load Balancers.
+
+            Match against the request's JA4 fingerprint. The JA4 fingerprint is a 36-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
+            .. epigraph::
+
+               You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` .
+
+            You can obtain the JA4 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* .
+
+            Provide the JA4 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-ja4fingerprint
             '''
@@ -15403,9 +15456,18 @@ class CfnWebACL(
     )
     class JA4FingerprintProperty:
         def __init__(self, *, fallback_behavior: builtins.str) -> None:
-            '''Includes the JA4 fingerprint of a web request.
+            '''Available for use with Amazon CloudFront distributions and Application Load Balancers.
+
+            Match against the request's JA4 fingerprint. The JA4 fingerprint is a 36-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information.
+            .. epigraph::
 
-            :param fallback_behavior: 
+               You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` .
+
+            You can obtain the JA4 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* .
+
+            Provide the JA4 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
+
+            :param fallback_behavior: The match status to assign to the web request if the request doesn't have a JA4 fingerprint. You can specify the following fallback behaviors: - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ja4fingerprint.html
             :exampleMetadata: fixture=_generated
@@ -15429,7 +15491,13 @@ class CfnWebACL(
 
         @builtins.property
         def fallback_behavior(self) -> builtins.str:
-            '''
+            '''The match status to assign to the web request if the request doesn't have a JA4 fingerprint.
+
+            You can specify the following fallback behaviors:
+
+            - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
+            - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ja4fingerprint.html#cfn-wafv2-webacl-ja4fingerprint-fallbackbehavior
             '''
             result = self._values.get("fallback_behavior")
@@ -16512,8 +16580,8 @@ class CfnWebACL(
             :param header: Use the value of a header in the request as an aggregate key. Each distinct value in the header contributes to the aggregation instance. If you use a single header as your custom key, then each value fully defines an aggregation instance.
             :param http_method: Use the request's HTTP method as an aggregate key. Each distinct HTTP method contributes to the aggregation instance. If you use just the HTTP method as your custom key, then each method fully defines an aggregation instance.
             :param ip: Use the request's originating IP address as an aggregate key. Each distinct IP address contributes to the aggregation instance. When you specify an IP or forwarded IP in the custom key settings, you must also specify at least one other key to use. You can aggregate on only the IP address by specifying ``IP`` in your rate-based statement's ``AggregateKeyType`` .
-            :param ja3_fingerprint: Specifies the request's JA3 fingerprint as an aggregate key for a rate-based rule.
-            :param ja4_fingerprint: Specifies the request's JA4 fingerprint as an aggregate key for a rate-based rule.
+            :param ja3_fingerprint: Use the request's JA3 fingerprint as an aggregate key. If you use a single JA3 fingerprint as your custom key, then each value fully defines an aggregation instance.
+            :param ja4_fingerprint: Use the request's JA4 fingerprint as an aggregate key. If you use a single JA4 fingerprint as your custom key, then each value fully defines an aggregation instance.
             :param label_namespace: Use the specified label namespace as an aggregate key. Each distinct fully qualified label name that has the specified label namespace contributes to the aggregation instance. If you use just one label namespace as your custom key, then each label name fully defines an aggregation instance. This uses only labels that have been added to the request by rules that are evaluated before this rate-based rule in the web ACL. For information about label namespaces and names, see `Label syntax and naming requirements <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-label-requirements.html>`_ in the *AWS WAF Developer Guide* .
             :param query_argument: Use the specified query argument as an aggregate key. Each distinct value for the named query argument contributes to the aggregation instance. If you use a single query argument as your custom key, then each value fully defines an aggregation instance.
             :param query_string: Use the request's query string as an aggregate key. Each distinct string contributes to the aggregation instance. If you use just the query string as your custom key, then each string fully defines an aggregation instance.
@@ -16684,7 +16752,9 @@ class CfnWebACL(
         def ja3_fingerprint(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWebACL.RateLimitJA3FingerprintProperty"]]:
-            '''Specifies the request's JA3 fingerprint as an aggregate key for a rate-based rule.
+            '''Use the request's JA3 fingerprint as an aggregate key.
+
+            If you use a single JA3 fingerprint as your custom key, then each value fully defines an aggregation instance.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatementcustomkey.html#cfn-wafv2-webacl-ratebasedstatementcustomkey-ja3fingerprint
             '''
@@ -16695,7 +16765,9 @@ class CfnWebACL(
         def ja4_fingerprint(
             self,
         ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWebACL.RateLimitJA4FingerprintProperty"]]:
-            '''Specifies the request's JA4 fingerprint as an aggregate key for a rate-based rule.
+            '''Use the request's JA4 fingerprint as an aggregate key.
+
+            If you use a single JA4 fingerprint as your custom key, then each value fully defines an aggregation instance.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratebasedstatementcustomkey.html#cfn-wafv2-webacl-ratebasedstatementcustomkey-ja4fingerprint
             '''
@@ -17156,9 +17228,11 @@ class CfnWebACL(
     )
     class RateLimitJA3FingerprintProperty:
         def __init__(self, *, fallback_behavior: builtins.str) -> None:
-            '''Specifies the request's JA3 fingerprint as an aggregate key for a rate-based rule.
+            '''Use the request's JA3 fingerprint derived from the TLS Client Hello of an incoming request as an aggregate key.
 
-            :param fallback_behavior: 
+            If you use a single JA3 fingerprint as your custom key, then each value fully defines an aggregation instance.
+
+            :param fallback_behavior: The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. You can specify the following fallback behaviors: - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitja3fingerprint.html
             :exampleMetadata: fixture=_generated
@@ -17182,7 +17256,13 @@ class CfnWebACL(
 
         @builtins.property
         def fallback_behavior(self) -> builtins.str:
-            '''
+            '''The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint.
+
+            You can specify the following fallback behaviors:
+
+            - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
+            - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitja3fingerprint.html#cfn-wafv2-webacl-ratelimitja3fingerprint-fallbackbehavior
             '''
             result = self._values.get("fallback_behavior")
@@ -17207,9 +17287,11 @@ class CfnWebACL(
     )
     class RateLimitJA4FingerprintProperty:
         def __init__(self, *, fallback_behavior: builtins.str) -> None:
-            '''Specifies the request's JA4 fingerprint as an aggregate key for a rate-based rule.
+            '''Use the request's JA4 fingerprint derived from the TLS Client Hello of an incoming request as an aggregate key.
+
+            If you use a single JA4 fingerprint as your custom key, then each value fully defines an aggregation instance.
 
-            :param fallback_behavior: 
+            :param fallback_behavior: The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. You can specify the following fallback behaviors: - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
 
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitja4fingerprint.html
             :exampleMetadata: fixture=_generated
@@ -17233,7 +17315,13 @@ class CfnWebACL(
 
         @builtins.property
         def fallback_behavior(self) -> builtins.str:
-            '''
+            '''The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint.
+
+            You can specify the following fallback behaviors:
+
+            - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
+            - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
+
             :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-ratelimitja4fingerprint.html#cfn-wafv2-webacl-ratelimitja4fingerprint-fallbackbehavior
             '''
             result = self._values.get("fallback_behavior")

aws_cdk/aws_xray/__init__.py

@@ -1765,6 +1765,165 @@ class CfnSamplingRuleProps:
         )
 
 
+@jsii.implements(_IInspectable_c2943556)
+class CfnTransactionSearchConfig(
+    _CfnResource_9df397a6,
+    metaclass=jsii.JSIIMeta,
+    jsii_type="aws-cdk-lib.aws_xray.CfnTransactionSearchConfig",
+):
+    '''This schema provides construct and validation rules for AWS-XRay TransactionSearchConfig resource parameters.
+
+    :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-xray-transactionsearchconfig.html
+    :cloudformationResource: AWS::XRay::TransactionSearchConfig
+    :exampleMetadata: fixture=_generated
+
+    Example::
+
+        # The code below shows an example of how to instantiate this type.
+        # The values are placeholders you should change.
+        from aws_cdk import aws_xray as xray
+        
+        cfn_transaction_search_config = xray.CfnTransactionSearchConfig(self, "MyCfnTransactionSearchConfig",
+            indexing_percentage=123
+        )
+    '''
+
+    def __init__(
+        self,
+        scope: _constructs_77d1e7e8.Construct,
+        id: builtins.str,
+        *,
+        indexing_percentage: typing.Optional[jsii.Number] = None,
+    ) -> None:
+        '''
+        :param scope: Scope in which this resource is defined.
+        :param id: Construct identifier for this resource (unique in its scope).
+        :param indexing_percentage: Determines the percentage of traces indexed from CloudWatch Logs to X-Ray.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__f4e1a30e946dc148e1f6ca9dc5dce1a4c01ae226f9b2a99f68a6bfd8caeabe51)
+            check_type(argname="argument scope", value=scope, expected_type=type_hints["scope"])
+            check_type(argname="argument id", value=id, expected_type=type_hints["id"])
+        props = CfnTransactionSearchConfigProps(
+            indexing_percentage=indexing_percentage
+        )
+
+        jsii.create(self.__class__, self, [scope, id, props])
+
+    @jsii.member(jsii_name="inspect")
+    def inspect(self, inspector: _TreeInspector_488e0dd5) -> None:
+        '''Examines the CloudFormation resource and discloses attributes.
+
+        :param inspector: tree inspector to collect and process attributes.
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__394cc58a2d528bf2d5be35ac0c8c35c1fb008b91fb4981e2a17b7c6ffdba2f6b)
+            check_type(argname="argument inspector", value=inspector, expected_type=type_hints["inspector"])
+        return typing.cast(None, jsii.invoke(self, "inspect", [inspector]))
+
+    @jsii.member(jsii_name="renderProperties")
+    def _render_properties(
+        self,
+        props: typing.Mapping[builtins.str, typing.Any],
+    ) -> typing.Mapping[builtins.str, typing.Any]:
+        '''
+        :param props: -
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__60d903fbe1bf5e78e1363dfa2d6b437d90640f9c35b6768d40e1327382ee8fcb)
+            check_type(argname="argument props", value=props, expected_type=type_hints["props"])
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.invoke(self, "renderProperties", [props]))
+
+    @jsii.python.classproperty
+    @jsii.member(jsii_name="CFN_RESOURCE_TYPE_NAME")
+    def CFN_RESOURCE_TYPE_NAME(cls) -> builtins.str:
+        '''The CloudFormation resource type name for this resource class.'''
+        return typing.cast(builtins.str, jsii.sget(cls, "CFN_RESOURCE_TYPE_NAME"))
+
+    @builtins.property
+    @jsii.member(jsii_name="attrAccountId")
+    def attr_account_id(self) -> builtins.str:
+        '''User account id, used as the primary identifier for the resource.
+
+        :cloudformationAttribute: AccountId
+        '''
+        return typing.cast(builtins.str, jsii.get(self, "attrAccountId"))
+
+    @builtins.property
+    @jsii.member(jsii_name="cfnProperties")
+    def _cfn_properties(self) -> typing.Mapping[builtins.str, typing.Any]:
+        return typing.cast(typing.Mapping[builtins.str, typing.Any], jsii.get(self, "cfnProperties"))
+
+    @builtins.property
+    @jsii.member(jsii_name="indexingPercentage")
+    def indexing_percentage(self) -> typing.Optional[jsii.Number]:
+        '''Determines the percentage of traces indexed from CloudWatch Logs to X-Ray.'''
+        return typing.cast(typing.Optional[jsii.Number], jsii.get(self, "indexingPercentage"))
+
+    @indexing_percentage.setter
+    def indexing_percentage(self, value: typing.Optional[jsii.Number]) -> None:
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__667a8dfa445e5a7771cc889a458d31a28e3722f0192c79d0a77ca783777108dc)
+            check_type(argname="argument value", value=value, expected_type=type_hints["value"])
+        jsii.set(self, "indexingPercentage", value) # pyright: ignore[reportArgumentType]
+
+
+@jsii.data_type(
+    jsii_type="aws-cdk-lib.aws_xray.CfnTransactionSearchConfigProps",
+    jsii_struct_bases=[],
+    name_mapping={"indexing_percentage": "indexingPercentage"},
+)
+class CfnTransactionSearchConfigProps:
+    def __init__(
+        self,
+        *,
+        indexing_percentage: typing.Optional[jsii.Number] = None,
+    ) -> None:
+        '''Properties for defining a ``CfnTransactionSearchConfig``.
+
+        :param indexing_percentage: Determines the percentage of traces indexed from CloudWatch Logs to X-Ray.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-xray-transactionsearchconfig.html
+        :exampleMetadata: fixture=_generated
+
+        Example::
+
+            # The code below shows an example of how to instantiate this type.
+            # The values are placeholders you should change.
+            from aws_cdk import aws_xray as xray
+            
+            cfn_transaction_search_config_props = xray.CfnTransactionSearchConfigProps(
+                indexing_percentage=123
+            )
+        '''
+        if __debug__:
+            type_hints = typing.get_type_hints(_typecheckingstub__b2b1f6ec191fd59be2f27330c4455e3dafefecd89a9d126ea095d2128052987b)
+            check_type(argname="argument indexing_percentage", value=indexing_percentage, expected_type=type_hints["indexing_percentage"])
+        self._values: typing.Dict[builtins.str, typing.Any] = {}
+        if indexing_percentage is not None:
+            self._values["indexing_percentage"] = indexing_percentage
+
+    @builtins.property
+    def indexing_percentage(self) -> typing.Optional[jsii.Number]:
+        '''Determines the percentage of traces indexed from CloudWatch Logs to X-Ray.
+
+        :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-xray-transactionsearchconfig.html#cfn-xray-transactionsearchconfig-indexingpercentage
+        '''
+        result = self._values.get("indexing_percentage")
+        return typing.cast(typing.Optional[jsii.Number], result)
+
+    def __eq__(self, rhs: typing.Any) -> builtins.bool:
+        return isinstance(rhs, self.__class__) and rhs._values == self._values
+
+    def __ne__(self, rhs: typing.Any) -> builtins.bool:
+        return not (rhs == self)
+
+    def __repr__(self) -> str:
+        return "CfnTransactionSearchConfigProps(%s)" % ", ".join(
+            k + "=" + repr(v) for k, v in self._values.items()
+        )
+
+
 __all__ = [
     "CfnGroup",
     "CfnGroupProps",
@@ -1772,6 +1931,8 @@ __all__ = [
     "CfnResourcePolicyProps",
     "CfnSamplingRule",
     "CfnSamplingRuleProps",
+    "CfnTransactionSearchConfig",
+    "CfnTransactionSearchConfigProps",
 ]
 
 publication.publish()
@@ -2003,3 +2164,37 @@ def _typecheckingstub__6728191ed28a57c9130311eb26a506218d6fceeade2816c46cf035cf4
 ) -> None:
     """Type checking stubs"""
     pass
+
+def _typecheckingstub__f4e1a30e946dc148e1f6ca9dc5dce1a4c01ae226f9b2a99f68a6bfd8caeabe51(
+    scope: _constructs_77d1e7e8.Construct,
+    id: builtins.str,
+    *,
+    indexing_percentage: typing.Optional[jsii.Number] = None,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__394cc58a2d528bf2d5be35ac0c8c35c1fb008b91fb4981e2a17b7c6ffdba2f6b(
+    inspector: _TreeInspector_488e0dd5,
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__60d903fbe1bf5e78e1363dfa2d6b437d90640f9c35b6768d40e1327382ee8fcb(
+    props: typing.Mapping[builtins.str, typing.Any],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__667a8dfa445e5a7771cc889a458d31a28e3722f0192c79d0a77ca783777108dc(
+    value: typing.Optional[jsii.Number],
+) -> None:
+    """Type checking stubs"""
+    pass
+
+def _typecheckingstub__b2b1f6ec191fd59be2f27330c4455e3dafefecd89a9d126ea095d2128052987b(
+    *,
+    indexing_percentage: typing.Optional[jsii.Number] = None,
+) -> None:
+    """Type checking stubs"""
+    pass

aws_cdk/cloud_assembly_schema/__init__.py

@@ -2912,7 +2912,7 @@ class DeployOptions(DefaultCdkOptions):
         :param notification_arns: ARNs of SNS topics that CloudFormation will notify with stack related events. Default: - no notifications
         :param outputs_file: Path to file where stack outputs will be written after a successful deploy as JSON. Default: - Outputs are not written to any file
         :param parameters: Additional parameters for CloudFormation at deploy time. Default: {}
-        :param require_approval: What kind of security changes require approval. Default: RequireApproval.Never
+        :param require_approval: What kind of security changes require approval. Default: RequireApproval.NEVER
         :param reuse_assets: Reuse the assets with the given asset IDs. Default: - do not reuse assets
         :param rollback: Rollback failed deployments. Default: true
         :param toolkit_stack_name: Name of the toolkit stack to use/deploy. Default: CDKToolkit
@@ -3391,7 +3391,7 @@ class DeployOptions(DefaultCdkOptions):
     def require_approval(self) -> typing.Optional["RequireApproval"]:
         '''What kind of security changes require approval.
 
-        :default: RequireApproval.Never
+        :default: RequireApproval.NEVER
         '''
         result = self._values.get("require_approval")
         return typing.cast(typing.Optional["RequireApproval"], result)