aws-cdk-lib 2.185.0__py3-none-any.whl → 2.187.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of aws-cdk-lib might be problematic. Click here for more details.

Files changed (87) hide show
  1. aws_cdk/__init__.py +383 -145
  2. aws_cdk/_jsii/__init__.py +1 -1
  3. aws_cdk/_jsii/{aws-cdk-lib@2.185.0.jsii.tgz → aws-cdk-lib@2.187.0.jsii.tgz} +0 -0
  4. aws_cdk/aws_amazonmq/__init__.py +3 -2
  5. aws_cdk/aws_amplify/__init__.py +124 -0
  6. aws_cdk/aws_apigateway/__init__.py +48 -2
  7. aws_cdk/aws_apigatewayv2/__init__.py +9 -0
  8. aws_cdk/aws_appconfig/__init__.py +3 -3
  9. aws_cdk/aws_applicationsignals/__init__.py +363 -3
  10. aws_cdk/aws_appsync/__init__.py +74 -3
  11. aws_cdk/aws_bedrock/__init__.py +395 -14
  12. aws_cdk/aws_cassandra/__init__.py +2 -2
  13. aws_cdk/aws_cleanrooms/__init__.py +21 -9
  14. aws_cdk/aws_cloudformation/__init__.py +1 -5
  15. aws_cdk/aws_cloudfront/__init__.py +15 -1
  16. aws_cdk/aws_cloudfront_origins/__init__.py +4 -2
  17. aws_cdk/aws_cloudtrail/__init__.py +4 -18
  18. aws_cdk/aws_cloudwatch/__init__.py +50 -50
  19. aws_cdk/aws_codeartifact/__init__.py +20 -33
  20. aws_cdk/aws_codebuild/__init__.py +9 -0
  21. aws_cdk/aws_codepipeline/__init__.py +1328 -120
  22. aws_cdk/aws_cognito/__init__.py +1 -1
  23. aws_cdk/aws_cognito_identitypool/__init__.py +2303 -0
  24. aws_cdk/aws_config/__init__.py +2 -5
  25. aws_cdk/aws_connect/__init__.py +3 -7
  26. aws_cdk/aws_controltower/__init__.py +18 -26
  27. aws_cdk/aws_datazone/__init__.py +3540 -10
  28. aws_cdk/aws_detective/__init__.py +3 -3
  29. aws_cdk/aws_dynamodb/__init__.py +37 -0
  30. aws_cdk/aws_ec2/__init__.py +714 -37
  31. aws_cdk/aws_ecr/__init__.py +143 -0
  32. aws_cdk/aws_ecr_assets/__init__.py +115 -4
  33. aws_cdk/aws_ecs/__init__.py +66 -20
  34. aws_cdk/aws_eks/__init__.py +114 -0
  35. aws_cdk/aws_events/__init__.py +26 -6
  36. aws_cdk/aws_forecast/__init__.py +1 -1
  37. aws_cdk/aws_fsx/__init__.py +2 -2
  38. aws_cdk/aws_gamelift/__init__.py +11 -11
  39. aws_cdk/aws_iam/__init__.py +264 -0
  40. aws_cdk/aws_identitystore/__init__.py +16 -16
  41. aws_cdk/aws_imagebuilder/__init__.py +3 -27
  42. aws_cdk/aws_iotsitewise/__init__.py +623 -0
  43. aws_cdk/aws_kinesisfirehose/__init__.py +2 -3
  44. aws_cdk/aws_kms/__init__.py +10 -11
  45. aws_cdk/aws_lakeformation/__init__.py +3 -3
  46. aws_cdk/aws_lambda/__init__.py +112 -5
  47. aws_cdk/aws_lambda_event_sources/__init__.py +65 -3
  48. aws_cdk/aws_lambda_nodejs/__init__.py +5 -24
  49. aws_cdk/aws_lex/__init__.py +981 -5
  50. aws_cdk/aws_location/__init__.py +24 -7
  51. aws_cdk/aws_mediaconnect/__init__.py +714 -290
  52. aws_cdk/aws_msk/__init__.py +8 -2
  53. aws_cdk/aws_mwaa/__init__.py +9 -9
  54. aws_cdk/aws_networkfirewall/__init__.py +60 -12
  55. aws_cdk/aws_oam/__init__.py +8 -37
  56. aws_cdk/aws_omics/__init__.py +216 -0
  57. aws_cdk/aws_quicksight/__init__.py +250 -108
  58. aws_cdk/aws_rds/__init__.py +102 -10
  59. aws_cdk/aws_redshiftserverless/__init__.py +192 -15
  60. aws_cdk/aws_route53/__init__.py +2 -2
  61. aws_cdk/aws_route53recoverycontrol/__init__.py +43 -2
  62. aws_cdk/aws_rum/__init__.py +315 -52
  63. aws_cdk/aws_s3_assets/__init__.py +70 -1
  64. aws_cdk/aws_s3_deployment/__init__.py +4 -0
  65. aws_cdk/aws_sagemaker/__init__.py +6 -4
  66. aws_cdk/aws_scheduler/__init__.py +3944 -121
  67. aws_cdk/aws_scheduler_targets/__init__.py +4460 -0
  68. aws_cdk/aws_securitylake/__init__.py +2 -2
  69. aws_cdk/aws_servicecatalog/__init__.py +4 -0
  70. aws_cdk/aws_sns/__init__.py +1 -1
  71. aws_cdk/aws_ssmquicksetup/__init__.py +5 -3
  72. aws_cdk/aws_stepfunctions/__init__.py +8 -0
  73. aws_cdk/aws_stepfunctions_tasks/__init__.py +4 -0
  74. aws_cdk/aws_synthetics/__init__.py +9 -0
  75. aws_cdk/aws_systemsmanagersap/__init__.py +150 -0
  76. aws_cdk/aws_timestream/__init__.py +4 -4
  77. aws_cdk/aws_wafv2/__init__.py +1117 -1446
  78. aws_cdk/aws_workspacesthinclient/__init__.py +4 -4
  79. aws_cdk/cloud_assembly_schema/__init__.py +60 -10
  80. aws_cdk/cx_api/__init__.py +38 -0
  81. aws_cdk/pipelines/__init__.py +20 -2
  82. {aws_cdk_lib-2.185.0.dist-info → aws_cdk_lib-2.187.0.dist-info}/METADATA +4 -4
  83. {aws_cdk_lib-2.185.0.dist-info → aws_cdk_lib-2.187.0.dist-info}/RECORD +87 -85
  84. {aws_cdk_lib-2.185.0.dist-info → aws_cdk_lib-2.187.0.dist-info}/WHEEL +1 -1
  85. {aws_cdk_lib-2.185.0.dist-info → aws_cdk_lib-2.187.0.dist-info}/LICENSE +0 -0
  86. {aws_cdk_lib-2.185.0.dist-info → aws_cdk_lib-2.187.0.dist-info}/NOTICE +0 -0
  87. {aws_cdk_lib-2.185.0.dist-info → aws_cdk_lib-2.187.0.dist-info}/top_level.txt +0 -0
aws_cdk/aws_wafv2/__init__.py CHANGED
@@ -1908,502 +1908,7 @@ class CfnRuleGroup(
1908
1908
 
1909
1909
  Example::
1910
1910
 
1911
- # The code below shows an example of how to instantiate this type.
1912
- # The values are placeholders you should change.
1913
- from aws_cdk import aws_wafv2 as wafv2
1914
-
1915
- # all: Any
1916
- # allow: Any
1917
- # all_query_arguments: Any
1918
- # block: Any
1919
- # captcha: Any
1920
- # challenge: Any
1921
- # count: Any
1922
- # forwarded_ip: Any
1923
- # http_method: Any
1924
- # ip: Any
1925
- # method: Any
1926
- # query_string: Any
1927
- # single_header: Any
1928
- # single_query_argument: Any
1929
- # statement_property_: wafv2.CfnRuleGroup.StatementProperty
1930
- # uri_path: Any
1931
-
1932
- cfn_rule_group = wafv2.CfnRuleGroup(self, "MyCfnRuleGroup",
1933
- capacity=123,
1934
- scope="scope",
1935
- visibility_config=wafv2.CfnRuleGroup.VisibilityConfigProperty(
1936
- cloud_watch_metrics_enabled=False,
1937
- metric_name="metricName",
1938
- sampled_requests_enabled=False
1939
- ),
1940
-
1941
- # the properties below are optional
1942
- available_labels=[wafv2.CfnRuleGroup.LabelSummaryProperty(
1943
- name="name"
1944
- )],
1945
- consumed_labels=[wafv2.CfnRuleGroup.LabelSummaryProperty(
1946
- name="name"
1947
- )],
1948
- custom_response_bodies={
1949
- "custom_response_bodies_key": wafv2.CfnRuleGroup.CustomResponseBodyProperty(
1950
- content="content",
1951
- content_type="contentType"
1952
- )
1953
- },
1954
- description="description",
1955
- name="name",
1956
- rules=[wafv2.CfnRuleGroup.RuleProperty(
1957
- name="name",
1958
- priority=123,
1959
- statement=wafv2.CfnRuleGroup.StatementProperty(
1960
- and_statement=wafv2.CfnRuleGroup.AndStatementProperty(
1961
- statements=[statement_property_]
1962
- ),
1963
- byte_match_statement=wafv2.CfnRuleGroup.ByteMatchStatementProperty(
1964
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
1965
- all_query_arguments=all_query_arguments,
1966
- body=wafv2.CfnRuleGroup.BodyProperty(
1967
- oversize_handling="oversizeHandling"
1968
- ),
1969
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
1970
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
1971
- all=all,
1972
- excluded_cookies=["excludedCookies"],
1973
- included_cookies=["includedCookies"]
1974
- ),
1975
- match_scope="matchScope",
1976
- oversize_handling="oversizeHandling"
1977
- ),
1978
- headers=wafv2.CfnRuleGroup.HeadersProperty(
1979
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
1980
- all=all,
1981
- excluded_headers=["excludedHeaders"],
1982
- included_headers=["includedHeaders"]
1983
- ),
1984
- match_scope="matchScope",
1985
- oversize_handling="oversizeHandling"
1986
- ),
1987
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
1988
- fallback_behavior="fallbackBehavior"
1989
- ),
1990
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
1991
- fallback_behavior="fallbackBehavior"
1992
- ),
1993
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
1994
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
1995
- all=all,
1996
- included_paths=["includedPaths"]
1997
- ),
1998
- match_scope="matchScope",
1999
-
2000
- # the properties below are optional
2001
- invalid_fallback_behavior="invalidFallbackBehavior",
2002
- oversize_handling="oversizeHandling"
2003
- ),
2004
- method=method,
2005
- query_string=query_string,
2006
- single_header=single_header,
2007
- single_query_argument=single_query_argument,
2008
- uri_path=uri_path
2009
- ),
2010
- positional_constraint="positionalConstraint",
2011
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
2012
- priority=123,
2013
- type="type"
2014
- )],
2015
-
2016
- # the properties below are optional
2017
- search_string="searchString",
2018
- search_string_base64="searchStringBase64"
2019
- ),
2020
- geo_match_statement=wafv2.CfnRuleGroup.GeoMatchStatementProperty(
2021
- country_codes=["countryCodes"],
2022
- forwarded_ip_config=wafv2.CfnRuleGroup.ForwardedIPConfigurationProperty(
2023
- fallback_behavior="fallbackBehavior",
2024
- header_name="headerName"
2025
- )
2026
- ),
2027
- ip_set_reference_statement={
2028
- "arn": "arn",
2029
-
2030
- # the properties below are optional
2031
- "ip_set_forwarded_ip_config": {
2032
- "fallback_behavior": "fallbackBehavior",
2033
- "header_name": "headerName",
2034
- "position": "position"
2035
- }
2036
- },
2037
- label_match_statement=wafv2.CfnRuleGroup.LabelMatchStatementProperty(
2038
- key="key",
2039
- scope="scope"
2040
- ),
2041
- not_statement=wafv2.CfnRuleGroup.NotStatementProperty(
2042
- statement=statement_property_
2043
- ),
2044
- or_statement=wafv2.CfnRuleGroup.OrStatementProperty(
2045
- statements=[statement_property_]
2046
- ),
2047
- rate_based_statement=wafv2.CfnRuleGroup.RateBasedStatementProperty(
2048
- aggregate_key_type="aggregateKeyType",
2049
- limit=123,
2050
-
2051
- # the properties below are optional
2052
- custom_keys=[wafv2.CfnRuleGroup.RateBasedStatementCustomKeyProperty(
2053
- cookie=wafv2.CfnRuleGroup.RateLimitCookieProperty(
2054
- name="name",
2055
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
2056
- priority=123,
2057
- type="type"
2058
- )]
2059
- ),
2060
- forwarded_ip=forwarded_ip,
2061
- header=wafv2.CfnRuleGroup.RateLimitHeaderProperty(
2062
- name="name",
2063
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
2064
- priority=123,
2065
- type="type"
2066
- )]
2067
- ),
2068
- http_method=http_method,
2069
- ip=ip,
2070
- ja3_fingerprint=wafv2.CfnRuleGroup.RateLimitJA3FingerprintProperty(
2071
- fallback_behavior="fallbackBehavior"
2072
- ),
2073
- ja4_fingerprint=wafv2.CfnRuleGroup.RateLimitJA4FingerprintProperty(
2074
- fallback_behavior="fallbackBehavior"
2075
- ),
2076
- label_namespace=wafv2.CfnRuleGroup.RateLimitLabelNamespaceProperty(
2077
- namespace="namespace"
2078
- ),
2079
- query_argument=wafv2.CfnRuleGroup.RateLimitQueryArgumentProperty(
2080
- name="name",
2081
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
2082
- priority=123,
2083
- type="type"
2084
- )]
2085
- ),
2086
- query_string=wafv2.CfnRuleGroup.RateLimitQueryStringProperty(
2087
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
2088
- priority=123,
2089
- type="type"
2090
- )]
2091
- ),
2092
- uri_path=wafv2.CfnRuleGroup.RateLimitUriPathProperty(
2093
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
2094
- priority=123,
2095
- type="type"
2096
- )]
2097
- )
2098
- )],
2099
- evaluation_window_sec=123,
2100
- forwarded_ip_config=wafv2.CfnRuleGroup.ForwardedIPConfigurationProperty(
2101
- fallback_behavior="fallbackBehavior",
2102
- header_name="headerName"
2103
- ),
2104
- scope_down_statement=statement_property_
2105
- ),
2106
- regex_match_statement=wafv2.CfnRuleGroup.RegexMatchStatementProperty(
2107
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
2108
- all_query_arguments=all_query_arguments,
2109
- body=wafv2.CfnRuleGroup.BodyProperty(
2110
- oversize_handling="oversizeHandling"
2111
- ),
2112
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
2113
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
2114
- all=all,
2115
- excluded_cookies=["excludedCookies"],
2116
- included_cookies=["includedCookies"]
2117
- ),
2118
- match_scope="matchScope",
2119
- oversize_handling="oversizeHandling"
2120
- ),
2121
- headers=wafv2.CfnRuleGroup.HeadersProperty(
2122
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
2123
- all=all,
2124
- excluded_headers=["excludedHeaders"],
2125
- included_headers=["includedHeaders"]
2126
- ),
2127
- match_scope="matchScope",
2128
- oversize_handling="oversizeHandling"
2129
- ),
2130
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
2131
- fallback_behavior="fallbackBehavior"
2132
- ),
2133
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
2134
- fallback_behavior="fallbackBehavior"
2135
- ),
2136
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
2137
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
2138
- all=all,
2139
- included_paths=["includedPaths"]
2140
- ),
2141
- match_scope="matchScope",
2142
-
2143
- # the properties below are optional
2144
- invalid_fallback_behavior="invalidFallbackBehavior",
2145
- oversize_handling="oversizeHandling"
2146
- ),
2147
- method=method,
2148
- query_string=query_string,
2149
- single_header=single_header,
2150
- single_query_argument=single_query_argument,
2151
- uri_path=uri_path
2152
- ),
2153
- regex_string="regexString",
2154
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
2155
- priority=123,
2156
- type="type"
2157
- )]
2158
- ),
2159
- regex_pattern_set_reference_statement=wafv2.CfnRuleGroup.RegexPatternSetReferenceStatementProperty(
2160
- arn="arn",
2161
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
2162
- all_query_arguments=all_query_arguments,
2163
- body=wafv2.CfnRuleGroup.BodyProperty(
2164
- oversize_handling="oversizeHandling"
2165
- ),
2166
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
2167
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
2168
- all=all,
2169
- excluded_cookies=["excludedCookies"],
2170
- included_cookies=["includedCookies"]
2171
- ),
2172
- match_scope="matchScope",
2173
- oversize_handling="oversizeHandling"
2174
- ),
2175
- headers=wafv2.CfnRuleGroup.HeadersProperty(
2176
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
2177
- all=all,
2178
- excluded_headers=["excludedHeaders"],
2179
- included_headers=["includedHeaders"]
2180
- ),
2181
- match_scope="matchScope",
2182
- oversize_handling="oversizeHandling"
2183
- ),
2184
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
2185
- fallback_behavior="fallbackBehavior"
2186
- ),
2187
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
2188
- fallback_behavior="fallbackBehavior"
2189
- ),
2190
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
2191
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
2192
- all=all,
2193
- included_paths=["includedPaths"]
2194
- ),
2195
- match_scope="matchScope",
2196
-
2197
- # the properties below are optional
2198
- invalid_fallback_behavior="invalidFallbackBehavior",
2199
- oversize_handling="oversizeHandling"
2200
- ),
2201
- method=method,
2202
- query_string=query_string,
2203
- single_header=single_header,
2204
- single_query_argument=single_query_argument,
2205
- uri_path=uri_path
2206
- ),
2207
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
2208
- priority=123,
2209
- type="type"
2210
- )]
2211
- ),
2212
- size_constraint_statement=wafv2.CfnRuleGroup.SizeConstraintStatementProperty(
2213
- comparison_operator="comparisonOperator",
2214
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
2215
- all_query_arguments=all_query_arguments,
2216
- body=wafv2.CfnRuleGroup.BodyProperty(
2217
- oversize_handling="oversizeHandling"
2218
- ),
2219
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
2220
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
2221
- all=all,
2222
- excluded_cookies=["excludedCookies"],
2223
- included_cookies=["includedCookies"]
2224
- ),
2225
- match_scope="matchScope",
2226
- oversize_handling="oversizeHandling"
2227
- ),
2228
- headers=wafv2.CfnRuleGroup.HeadersProperty(
2229
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
2230
- all=all,
2231
- excluded_headers=["excludedHeaders"],
2232
- included_headers=["includedHeaders"]
2233
- ),
2234
- match_scope="matchScope",
2235
- oversize_handling="oversizeHandling"
2236
- ),
2237
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
2238
- fallback_behavior="fallbackBehavior"
2239
- ),
2240
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
2241
- fallback_behavior="fallbackBehavior"
2242
- ),
2243
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
2244
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
2245
- all=all,
2246
- included_paths=["includedPaths"]
2247
- ),
2248
- match_scope="matchScope",
2249
-
2250
- # the properties below are optional
2251
- invalid_fallback_behavior="invalidFallbackBehavior",
2252
- oversize_handling="oversizeHandling"
2253
- ),
2254
- method=method,
2255
- query_string=query_string,
2256
- single_header=single_header,
2257
- single_query_argument=single_query_argument,
2258
- uri_path=uri_path
2259
- ),
2260
- size=123,
2261
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
2262
- priority=123,
2263
- type="type"
2264
- )]
2265
- ),
2266
- sqli_match_statement=wafv2.CfnRuleGroup.SqliMatchStatementProperty(
2267
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
2268
- all_query_arguments=all_query_arguments,
2269
- body=wafv2.CfnRuleGroup.BodyProperty(
2270
- oversize_handling="oversizeHandling"
2271
- ),
2272
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
2273
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
2274
- all=all,
2275
- excluded_cookies=["excludedCookies"],
2276
- included_cookies=["includedCookies"]
2277
- ),
2278
- match_scope="matchScope",
2279
- oversize_handling="oversizeHandling"
2280
- ),
2281
- headers=wafv2.CfnRuleGroup.HeadersProperty(
2282
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
2283
- all=all,
2284
- excluded_headers=["excludedHeaders"],
2285
- included_headers=["includedHeaders"]
2286
- ),
2287
- match_scope="matchScope",
2288
- oversize_handling="oversizeHandling"
2289
- ),
2290
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
2291
- fallback_behavior="fallbackBehavior"
2292
- ),
2293
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
2294
- fallback_behavior="fallbackBehavior"
2295
- ),
2296
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
2297
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
2298
- all=all,
2299
- included_paths=["includedPaths"]
2300
- ),
2301
- match_scope="matchScope",
2302
-
2303
- # the properties below are optional
2304
- invalid_fallback_behavior="invalidFallbackBehavior",
2305
- oversize_handling="oversizeHandling"
2306
- ),
2307
- method=method,
2308
- query_string=query_string,
2309
- single_header=single_header,
2310
- single_query_argument=single_query_argument,
2311
- uri_path=uri_path
2312
- ),
2313
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
2314
- priority=123,
2315
- type="type"
2316
- )],
2317
-
2318
- # the properties below are optional
2319
- sensitivity_level="sensitivityLevel"
2320
- ),
2321
- xss_match_statement=wafv2.CfnRuleGroup.XssMatchStatementProperty(
2322
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
2323
- all_query_arguments=all_query_arguments,
2324
- body=wafv2.CfnRuleGroup.BodyProperty(
2325
- oversize_handling="oversizeHandling"
2326
- ),
2327
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
2328
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
2329
- all=all,
2330
- excluded_cookies=["excludedCookies"],
2331
- included_cookies=["includedCookies"]
2332
- ),
2333
- match_scope="matchScope",
2334
- oversize_handling="oversizeHandling"
2335
- ),
2336
- headers=wafv2.CfnRuleGroup.HeadersProperty(
2337
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
2338
- all=all,
2339
- excluded_headers=["excludedHeaders"],
2340
- included_headers=["includedHeaders"]
2341
- ),
2342
- match_scope="matchScope",
2343
- oversize_handling="oversizeHandling"
2344
- ),
2345
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
2346
- fallback_behavior="fallbackBehavior"
2347
- ),
2348
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
2349
- fallback_behavior="fallbackBehavior"
2350
- ),
2351
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
2352
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
2353
- all=all,
2354
- included_paths=["includedPaths"]
2355
- ),
2356
- match_scope="matchScope",
2357
-
2358
- # the properties below are optional
2359
- invalid_fallback_behavior="invalidFallbackBehavior",
2360
- oversize_handling="oversizeHandling"
2361
- ),
2362
- method=method,
2363
- query_string=query_string,
2364
- single_header=single_header,
2365
- single_query_argument=single_query_argument,
2366
- uri_path=uri_path
2367
- ),
2368
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
2369
- priority=123,
2370
- type="type"
2371
- )]
2372
- )
2373
- ),
2374
- visibility_config=wafv2.CfnRuleGroup.VisibilityConfigProperty(
2375
- cloud_watch_metrics_enabled=False,
2376
- metric_name="metricName",
2377
- sampled_requests_enabled=False
2378
- ),
2379
-
2380
- # the properties below are optional
2381
- action=wafv2.CfnRuleGroup.RuleActionProperty(
2382
- allow=allow,
2383
- block=block,
2384
- captcha=captcha,
2385
- challenge=challenge,
2386
- count=count
2387
- ),
2388
- captcha_config=wafv2.CfnRuleGroup.CaptchaConfigProperty(
2389
- immunity_time_property=wafv2.CfnRuleGroup.ImmunityTimePropertyProperty(
2390
- immunity_time=123
2391
- )
2392
- ),
2393
- challenge_config=wafv2.CfnRuleGroup.ChallengeConfigProperty(
2394
- immunity_time_property=wafv2.CfnRuleGroup.ImmunityTimePropertyProperty(
2395
- immunity_time=123
2396
- )
2397
- ),
2398
- rule_labels=[wafv2.CfnRuleGroup.LabelProperty(
2399
- name="name"
2400
- )]
2401
- )],
2402
- tags=[CfnTag(
2403
- key="key",
2404
- value="value"
2405
- )]
2406
- )
1911
+
2407
1912
  '''
2408
1913
 
2409
1914
  def __init__(
@@ -2833,6 +2338,9 @@ class CfnRuleGroup(
2833
2338
  query_string=query_string,
2834
2339
  single_header=single_header,
2835
2340
  single_query_argument=single_query_argument,
2341
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
2342
+ fallback_behavior="fallbackBehavior"
2343
+ ),
2836
2344
  uri_path=uri_path
2837
2345
  ),
2838
2346
  positional_constraint="positionalConstraint",
@@ -2976,6 +2484,9 @@ class CfnRuleGroup(
2976
2484
  query_string=query_string,
2977
2485
  single_header=single_header,
2978
2486
  single_query_argument=single_query_argument,
2487
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
2488
+ fallback_behavior="fallbackBehavior"
2489
+ ),
2979
2490
  uri_path=uri_path
2980
2491
  ),
2981
2492
  regex_string="regexString",
@@ -3030,6 +2541,9 @@ class CfnRuleGroup(
3030
2541
  query_string=query_string,
3031
2542
  single_header=single_header,
3032
2543
  single_query_argument=single_query_argument,
2544
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
2545
+ fallback_behavior="fallbackBehavior"
2546
+ ),
3033
2547
  uri_path=uri_path
3034
2548
  ),
3035
2549
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -3083,6 +2597,9 @@ class CfnRuleGroup(
3083
2597
  query_string=query_string,
3084
2598
  single_header=single_header,
3085
2599
  single_query_argument=single_query_argument,
2600
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
2601
+ fallback_behavior="fallbackBehavior"
2602
+ ),
3086
2603
  uri_path=uri_path
3087
2604
  ),
3088
2605
  size=123,
@@ -3136,6 +2653,9 @@ class CfnRuleGroup(
3136
2653
  query_string=query_string,
3137
2654
  single_header=single_header,
3138
2655
  single_query_argument=single_query_argument,
2656
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
2657
+ fallback_behavior="fallbackBehavior"
2658
+ ),
3139
2659
  uri_path=uri_path
3140
2660
  ),
3141
2661
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -3191,6 +2711,9 @@ class CfnRuleGroup(
3191
2711
  query_string=query_string,
3192
2712
  single_header=single_header,
3193
2713
  single_query_argument=single_query_argument,
2714
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
2715
+ fallback_behavior="fallbackBehavior"
2716
+ ),
3194
2717
  uri_path=uri_path
3195
2718
  ),
3196
2719
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -3464,6 +2987,9 @@ class CfnRuleGroup(
3464
2987
  query_string=query_string,
3465
2988
  single_header=single_header,
3466
2989
  single_query_argument=single_query_argument,
2990
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
2991
+ fallback_behavior="fallbackBehavior"
2992
+ ),
3467
2993
  uri_path=uri_path
3468
2994
  ),
3469
2995
  positional_constraint="positionalConstraint",
@@ -4457,6 +3983,7 @@ class CfnRuleGroup(
4457
3983
  "query_string": "queryString",
4458
3984
  "single_header": "singleHeader",
4459
3985
  "single_query_argument": "singleQueryArgument",
3986
+ "uri_fragment": "uriFragment",
4460
3987
  "uri_path": "uriPath",
4461
3988
  },
4462
3989
  )
@@ -4475,6 +4002,7 @@ class CfnRuleGroup(
4475
4002
  query_string: typing.Any = None,
4476
4003
  single_header: typing.Any = None,
4477
4004
  single_query_argument: typing.Any = None,
4005
+ uri_fragment: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnRuleGroup.UriFragmentProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
4478
4006
  uri_path: typing.Any = None,
4479
4007
  ) -> None:
4480
4008
  '''Specifies a web request component to be used in a rule match statement or in a logging configuration.
@@ -4505,6 +4033,7 @@ class CfnRuleGroup(
4505
4033
  :param query_string: Inspect the query string. This is the part of a URL that appears after a ``?`` character, if any.
4506
4034
  :param single_header: Inspect a single header. Provide the name of the header to inspect, for example, ``User-Agent`` or ``Referer`` . This setting isn't case sensitive. Example JSON: ``"SingleHeader": { "Name": "haystack" }`` Alternately, you can filter and inspect all headers with the ``Headers`` ``FieldToMatch`` setting.
4507
4035
  :param single_query_argument: Inspect a single query argument. Provide the name of the query argument to inspect, such as *UserName* or *SalesRegion* . The name can be up to 30 characters long and isn't case sensitive. Example JSON: ``"SingleQueryArgument": { "Name": "myArgument" }``
4036
+ :param uri_fragment: The path component of the URI Fragment. This is the part of a web request that identifies a fragment uri, for example, /abcd#introduction
4508
4037
  :param uri_path: Inspect the request URI path. This is the part of the web request that identifies a resource, for example, ``/images/daily-ad.jpg`` .
4509
4038
 
4510
4039
  :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-fieldtomatch.html
@@ -4568,6 +4097,9 @@ class CfnRuleGroup(
4568
4097
  query_string=query_string,
4569
4098
  single_header=single_header,
4570
4099
  single_query_argument=single_query_argument,
4100
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
4101
+ fallback_behavior="fallbackBehavior"
4102
+ ),
4571
4103
  uri_path=uri_path
4572
4104
  )
4573
4105
  '''
@@ -4584,6 +4116,7 @@ class CfnRuleGroup(
4584
4116
  check_type(argname="argument query_string", value=query_string, expected_type=type_hints["query_string"])
4585
4117
  check_type(argname="argument single_header", value=single_header, expected_type=type_hints["single_header"])
4586
4118
  check_type(argname="argument single_query_argument", value=single_query_argument, expected_type=type_hints["single_query_argument"])
4119
+ check_type(argname="argument uri_fragment", value=uri_fragment, expected_type=type_hints["uri_fragment"])
4587
4120
  check_type(argname="argument uri_path", value=uri_path, expected_type=type_hints["uri_path"])
4588
4121
  self._values: typing.Dict[builtins.str, typing.Any] = {}
4589
4122
  if all_query_arguments is not None:
@@ -4608,6 +4141,8 @@ class CfnRuleGroup(
4608
4141
  self._values["single_header"] = single_header
4609
4142
  if single_query_argument is not None:
4610
4143
  self._values["single_query_argument"] = single_query_argument
4144
+ if uri_fragment is not None:
4145
+ self._values["uri_fragment"] = uri_fragment
4611
4146
  if uri_path is not None:
4612
4147
  self._values["uri_path"] = uri_path
4613
4148
 
@@ -4780,6 +4315,19 @@ class CfnRuleGroup(
4780
4315
  result = self._values.get("single_query_argument")
4781
4316
  return typing.cast(typing.Any, result)
4782
4317
 
4318
+ @builtins.property
4319
+ def uri_fragment(
4320
+ self,
4321
+ ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.UriFragmentProperty"]]:
4322
+ '''The path component of the URI Fragment.
4323
+
4324
+ This is the part of a web request that identifies a fragment uri, for example, /abcd#introduction
4325
+
4326
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-fieldtomatch.html#cfn-wafv2-rulegroup-fieldtomatch-urifragment
4327
+ '''
4328
+ result = self._values.get("uri_fragment")
4329
+ return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.UriFragmentProperty"]], result)
4330
+
4783
4331
  @builtins.property
4784
4332
  def uri_path(self) -> typing.Any:
4785
4333
  '''Inspect the request URI path.
@@ -6122,6 +5670,9 @@ class CfnRuleGroup(
6122
5670
  query_string=query_string,
6123
5671
  single_header=single_header,
6124
5672
  single_query_argument=single_query_argument,
5673
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
5674
+ fallback_behavior="fallbackBehavior"
5675
+ ),
6125
5676
  uri_path=uri_path
6126
5677
  ),
6127
5678
  positional_constraint="positionalConstraint",
@@ -6263,6 +5814,9 @@ class CfnRuleGroup(
6263
5814
  query_string=query_string,
6264
5815
  single_header=single_header,
6265
5816
  single_query_argument=single_query_argument,
5817
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
5818
+ fallback_behavior="fallbackBehavior"
5819
+ ),
6266
5820
  uri_path=uri_path
6267
5821
  ),
6268
5822
  regex_string="regexString",
@@ -6317,6 +5871,9 @@ class CfnRuleGroup(
6317
5871
  query_string=query_string,
6318
5872
  single_header=single_header,
6319
5873
  single_query_argument=single_query_argument,
5874
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
5875
+ fallback_behavior="fallbackBehavior"
5876
+ ),
6320
5877
  uri_path=uri_path
6321
5878
  ),
6322
5879
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -6370,6 +5927,9 @@ class CfnRuleGroup(
6370
5927
  query_string=query_string,
6371
5928
  single_header=single_header,
6372
5929
  single_query_argument=single_query_argument,
5930
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
5931
+ fallback_behavior="fallbackBehavior"
5932
+ ),
6373
5933
  uri_path=uri_path
6374
5934
  ),
6375
5935
  size=123,
@@ -6423,6 +5983,9 @@ class CfnRuleGroup(
6423
5983
  query_string=query_string,
6424
5984
  single_header=single_header,
6425
5985
  single_query_argument=single_query_argument,
5986
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
5987
+ fallback_behavior="fallbackBehavior"
5988
+ ),
6426
5989
  uri_path=uri_path
6427
5990
  ),
6428
5991
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -6478,6 +6041,9 @@ class CfnRuleGroup(
6478
6041
  query_string=query_string,
6479
6042
  single_header=single_header,
6480
6043
  single_query_argument=single_query_argument,
6044
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
6045
+ fallback_behavior="fallbackBehavior"
6046
+ ),
6481
6047
  uri_path=uri_path
6482
6048
  ),
6483
6049
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -6609,6 +6175,9 @@ class CfnRuleGroup(
6609
6175
  query_string=query_string,
6610
6176
  single_header=single_header,
6611
6177
  single_query_argument=single_query_argument,
6178
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
6179
+ fallback_behavior="fallbackBehavior"
6180
+ ),
6612
6181
  uri_path=uri_path
6613
6182
  ),
6614
6183
  positional_constraint="positionalConstraint",
@@ -6750,6 +6319,9 @@ class CfnRuleGroup(
6750
6319
  query_string=query_string,
6751
6320
  single_header=single_header,
6752
6321
  single_query_argument=single_query_argument,
6322
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
6323
+ fallback_behavior="fallbackBehavior"
6324
+ ),
6753
6325
  uri_path=uri_path
6754
6326
  ),
6755
6327
  regex_string="regexString",
@@ -6804,6 +6376,9 @@ class CfnRuleGroup(
6804
6376
  query_string=query_string,
6805
6377
  single_header=single_header,
6806
6378
  single_query_argument=single_query_argument,
6379
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
6380
+ fallback_behavior="fallbackBehavior"
6381
+ ),
6807
6382
  uri_path=uri_path
6808
6383
  ),
6809
6384
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -6857,6 +6432,9 @@ class CfnRuleGroup(
6857
6432
  query_string=query_string,
6858
6433
  single_header=single_header,
6859
6434
  single_query_argument=single_query_argument,
6435
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
6436
+ fallback_behavior="fallbackBehavior"
6437
+ ),
6860
6438
  uri_path=uri_path
6861
6439
  ),
6862
6440
  size=123,
@@ -6910,6 +6488,9 @@ class CfnRuleGroup(
6910
6488
  query_string=query_string,
6911
6489
  single_header=single_header,
6912
6490
  single_query_argument=single_query_argument,
6491
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
6492
+ fallback_behavior="fallbackBehavior"
6493
+ ),
6913
6494
  uri_path=uri_path
6914
6495
  ),
6915
6496
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -6965,6 +6546,9 @@ class CfnRuleGroup(
6965
6546
  query_string=query_string,
6966
6547
  single_header=single_header,
6967
6548
  single_query_argument=single_query_argument,
6549
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
6550
+ fallback_behavior="fallbackBehavior"
6551
+ ),
6968
6552
  uri_path=uri_path
6969
6553
  ),
6970
6554
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -7513,6 +7097,9 @@ class CfnRuleGroup(
7513
7097
  query_string=query_string,
7514
7098
  single_header=single_header,
7515
7099
  single_query_argument=single_query_argument,
7100
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
7101
+ fallback_behavior="fallbackBehavior"
7102
+ ),
7516
7103
  uri_path=uri_path
7517
7104
  ),
7518
7105
  positional_constraint="positionalConstraint",
@@ -7598,6 +7185,9 @@ class CfnRuleGroup(
7598
7185
  query_string=query_string,
7599
7186
  single_header=single_header,
7600
7187
  single_query_argument=single_query_argument,
7188
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
7189
+ fallback_behavior="fallbackBehavior"
7190
+ ),
7601
7191
  uri_path=uri_path
7602
7192
  ),
7603
7193
  regex_string="regexString",
@@ -7652,6 +7242,9 @@ class CfnRuleGroup(
7652
7242
  query_string=query_string,
7653
7243
  single_header=single_header,
7654
7244
  single_query_argument=single_query_argument,
7245
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
7246
+ fallback_behavior="fallbackBehavior"
7247
+ ),
7655
7248
  uri_path=uri_path
7656
7249
  ),
7657
7250
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -7705,6 +7298,9 @@ class CfnRuleGroup(
7705
7298
  query_string=query_string,
7706
7299
  single_header=single_header,
7707
7300
  single_query_argument=single_query_argument,
7301
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
7302
+ fallback_behavior="fallbackBehavior"
7303
+ ),
7708
7304
  uri_path=uri_path
7709
7305
  ),
7710
7306
  size=123,
@@ -7758,6 +7354,9 @@ class CfnRuleGroup(
7758
7354
  query_string=query_string,
7759
7355
  single_header=single_header,
7760
7356
  single_query_argument=single_query_argument,
7357
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
7358
+ fallback_behavior="fallbackBehavior"
7359
+ ),
7761
7360
  uri_path=uri_path
7762
7361
  ),
7763
7362
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -7813,6 +7412,9 @@ class CfnRuleGroup(
7813
7412
  query_string=query_string,
7814
7413
  single_header=single_header,
7815
7414
  single_query_argument=single_query_argument,
7415
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
7416
+ fallback_behavior="fallbackBehavior"
7417
+ ),
7816
7418
  uri_path=uri_path
7817
7419
  ),
7818
7420
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -8594,6 +8196,9 @@ class CfnRuleGroup(
8594
8196
  query_string=query_string,
8595
8197
  single_header=single_header,
8596
8198
  single_query_argument=single_query_argument,
8199
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
8200
+ fallback_behavior="fallbackBehavior"
8201
+ ),
8597
8202
  uri_path=uri_path
8598
8203
  ),
8599
8204
  regex_string="regexString",
@@ -8751,6 +8356,9 @@ class CfnRuleGroup(
8751
8356
  query_string=query_string,
8752
8357
  single_header=single_header,
8753
8358
  single_query_argument=single_query_argument,
8359
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
8360
+ fallback_behavior="fallbackBehavior"
8361
+ ),
8754
8362
  uri_path=uri_path
8755
8363
  ),
8756
8364
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -9077,6 +8685,9 @@ class CfnRuleGroup(
9077
8685
  query_string=query_string,
9078
8686
  single_header=single_header,
9079
8687
  single_query_argument=single_query_argument,
8688
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
8689
+ fallback_behavior="fallbackBehavior"
8690
+ ),
9080
8691
  uri_path=uri_path
9081
8692
  ),
9082
8693
  positional_constraint="positionalConstraint",
@@ -9220,6 +8831,9 @@ class CfnRuleGroup(
9220
8831
  query_string=query_string,
9221
8832
  single_header=single_header,
9222
8833
  single_query_argument=single_query_argument,
8834
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
8835
+ fallback_behavior="fallbackBehavior"
8836
+ ),
9223
8837
  uri_path=uri_path
9224
8838
  ),
9225
8839
  regex_string="regexString",
@@ -9274,6 +8888,9 @@ class CfnRuleGroup(
9274
8888
  query_string=query_string,
9275
8889
  single_header=single_header,
9276
8890
  single_query_argument=single_query_argument,
8891
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
8892
+ fallback_behavior="fallbackBehavior"
8893
+ ),
9277
8894
  uri_path=uri_path
9278
8895
  ),
9279
8896
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -9327,6 +8944,9 @@ class CfnRuleGroup(
9327
8944
  query_string=query_string,
9328
8945
  single_header=single_header,
9329
8946
  single_query_argument=single_query_argument,
8947
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
8948
+ fallback_behavior="fallbackBehavior"
8949
+ ),
9330
8950
  uri_path=uri_path
9331
8951
  ),
9332
8952
  size=123,
@@ -9380,6 +9000,9 @@ class CfnRuleGroup(
9380
9000
  query_string=query_string,
9381
9001
  single_header=single_header,
9382
9002
  single_query_argument=single_query_argument,
9003
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
9004
+ fallback_behavior="fallbackBehavior"
9005
+ ),
9383
9006
  uri_path=uri_path
9384
9007
  ),
9385
9008
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -9435,6 +9058,9 @@ class CfnRuleGroup(
9435
9058
  query_string=query_string,
9436
9059
  single_header=single_header,
9437
9060
  single_query_argument=single_query_argument,
9061
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
9062
+ fallback_behavior="fallbackBehavior"
9063
+ ),
9438
9064
  uri_path=uri_path
9439
9065
  ),
9440
9066
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -9837,6 +9463,9 @@ class CfnRuleGroup(
9837
9463
  query_string=query_string,
9838
9464
  single_header=single_header,
9839
9465
  single_query_argument=single_query_argument,
9466
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
9467
+ fallback_behavior="fallbackBehavior"
9468
+ ),
9840
9469
  uri_path=uri_path
9841
9470
  ),
9842
9471
  size=123,
@@ -10003,6 +9632,9 @@ class CfnRuleGroup(
10003
9632
  query_string=query_string,
10004
9633
  single_header=single_header,
10005
9634
  single_query_argument=single_query_argument,
9635
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
9636
+ fallback_behavior="fallbackBehavior"
9637
+ ),
10006
9638
  uri_path=uri_path
10007
9639
  ),
10008
9640
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -10201,6 +9833,9 @@ class CfnRuleGroup(
10201
9833
  query_string=query_string,
10202
9834
  single_header=single_header,
10203
9835
  single_query_argument=single_query_argument,
9836
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
9837
+ fallback_behavior="fallbackBehavior"
9838
+ ),
10204
9839
  uri_path=uri_path
10205
9840
  ),
10206
9841
  positional_constraint="positionalConstraint",
@@ -10344,6 +9979,9 @@ class CfnRuleGroup(
10344
9979
  query_string=query_string,
10345
9980
  single_header=single_header,
10346
9981
  single_query_argument=single_query_argument,
9982
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
9983
+ fallback_behavior="fallbackBehavior"
9984
+ ),
10347
9985
  uri_path=uri_path
10348
9986
  ),
10349
9987
  regex_string="regexString",
@@ -10398,6 +10036,9 @@ class CfnRuleGroup(
10398
10036
  query_string=query_string,
10399
10037
  single_header=single_header,
10400
10038
  single_query_argument=single_query_argument,
10039
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
10040
+ fallback_behavior="fallbackBehavior"
10041
+ ),
10401
10042
  uri_path=uri_path
10402
10043
  ),
10403
10044
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -10451,6 +10092,9 @@ class CfnRuleGroup(
10451
10092
  query_string=query_string,
10452
10093
  single_header=single_header,
10453
10094
  single_query_argument=single_query_argument,
10095
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
10096
+ fallback_behavior="fallbackBehavior"
10097
+ ),
10454
10098
  uri_path=uri_path
10455
10099
  ),
10456
10100
  size=123,
@@ -10504,6 +10148,9 @@ class CfnRuleGroup(
10504
10148
  query_string=query_string,
10505
10149
  single_header=single_header,
10506
10150
  single_query_argument=single_query_argument,
10151
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
10152
+ fallback_behavior="fallbackBehavior"
10153
+ ),
10507
10154
  uri_path=uri_path
10508
10155
  ),
10509
10156
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -10559,6 +10206,9 @@ class CfnRuleGroup(
10559
10206
  query_string=query_string,
10560
10207
  single_header=single_header,
10561
10208
  single_query_argument=single_query_argument,
10209
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
10210
+ fallback_behavior="fallbackBehavior"
10211
+ ),
10562
10212
  uri_path=uri_path
10563
10213
  ),
10564
10214
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -10779,238 +10429,62 @@ class CfnRuleGroup(
10779
10429
  return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.RegexMatchStatementProperty"]], result)
10780
10430
 
10781
10431
  @builtins.property
10782
- def regex_pattern_set_reference_statement(
10783
- self,
10784
- ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.RegexPatternSetReferenceStatementProperty"]]:
10785
- '''A rule statement used to search web request components for matches with regular expressions.
10786
-
10787
- To use this, create a ``RegexPatternSet`` that specifies the expressions that you want to detect, then use the ARN of that set in this statement. A web request matches the pattern set rule statement if the request component matches any of the patterns in the set.
10788
-
10789
- Each regex pattern set rule statement references a regex pattern set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, AWS WAF automatically updates all rules that reference it.
10790
-
10791
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-statement.html#cfn-wafv2-rulegroup-statement-regexpatternsetreferencestatement
10792
- '''
10793
- result = self._values.get("regex_pattern_set_reference_statement")
10794
- return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.RegexPatternSetReferenceStatementProperty"]], result)
10795
-
10796
- @builtins.property
10797
- def size_constraint_statement(
10798
- self,
10799
- ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.SizeConstraintStatementProperty"]]:
10800
- '''A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<).
10801
-
10802
- For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.
10803
-
10804
- If you configure AWS WAF to inspect the request body, AWS WAF inspects only the number of bytes in the body up to the limit for the web ACL and protected resource type. If you know that the request body for your web requests should never exceed the inspection limit, you can use a size constraint statement to block requests that have a larger request body size. For more information about the inspection limits, see ``Body`` and ``JsonBody`` settings for the ``FieldToMatch`` data type.
10805
-
10806
- If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI ``/logo.jpg`` is nine characters long.
10807
-
10808
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-statement.html#cfn-wafv2-rulegroup-statement-sizeconstraintstatement
10809
- '''
10810
- result = self._values.get("size_constraint_statement")
10811
- return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.SizeConstraintStatementProperty"]], result)
10812
-
10813
- @builtins.property
10814
- def sqli_match_statement(
10815
- self,
10816
- ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.SqliMatchStatementProperty"]]:
10817
- '''A rule statement that inspects for malicious SQL code.
10818
-
10819
- Attackers insert malicious SQL code into web requests to do things like modify your database or extract data from it.
10820
-
10821
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-statement.html#cfn-wafv2-rulegroup-statement-sqlimatchstatement
10822
- '''
10823
- result = self._values.get("sqli_match_statement")
10824
- return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.SqliMatchStatementProperty"]], result)
10825
-
10826
- @builtins.property
10827
- def xss_match_statement(
10828
- self,
10829
- ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.XssMatchStatementProperty"]]:
10830
- '''A rule statement that inspects for cross-site scripting (XSS) attacks.
10831
-
10832
- In XSS attacks, the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts into other legitimate web browsers.
10833
-
10834
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-statement.html#cfn-wafv2-rulegroup-statement-xssmatchstatement
10835
- '''
10836
- result = self._values.get("xss_match_statement")
10837
- return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.XssMatchStatementProperty"]], result)
10838
-
10839
- def __eq__(self, rhs: typing.Any) -> builtins.bool:
10840
- return isinstance(rhs, self.__class__) and rhs._values == self._values
10841
-
10842
- def __ne__(self, rhs: typing.Any) -> builtins.bool:
10843
- return not (rhs == self)
10844
-
10845
- def __repr__(self) -> str:
10846
- return "StatementProperty(%s)" % ", ".join(
10847
- k + "=" + repr(v) for k, v in self._values.items()
10848
- )
10849
-
10850
- @jsii.data_type(
10851
- jsii_type="aws-cdk-lib.aws_wafv2.CfnRuleGroup.TextTransformationProperty",
10852
- jsii_struct_bases=[],
10853
- name_mapping={"priority": "priority", "type": "type"},
10854
- )
10855
- class TextTransformationProperty:
10856
- def __init__(self, *, priority: jsii.Number, type: builtins.str) -> None:
10857
- '''Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.
10858
-
10859
- :param priority: Sets the relative processing order for multiple transformations. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. The priorities don't need to be consecutive, but they must all be different.
10860
- :param type: For detailed descriptions of each of the transformation types, see `Text transformations <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-transformation.html>`_ in the *AWS WAF Developer Guide* .
10861
-
10862
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-texttransformation.html
10863
- :exampleMetadata: fixture=_generated
10864
-
10865
- Example::
10866
-
10867
- # The code below shows an example of how to instantiate this type.
10868
- # The values are placeholders you should change.
10869
- from aws_cdk import aws_wafv2 as wafv2
10870
-
10871
- text_transformation_property = wafv2.CfnRuleGroup.TextTransformationProperty(
10872
- priority=123,
10873
- type="type"
10874
- )
10875
- '''
10876
- if __debug__:
10877
- type_hints = typing.get_type_hints(_typecheckingstub__cbdf04ef9e923368f792f61fdb73e804a219fcd9c66ffb20e85214a5a0861eae)
10878
- check_type(argname="argument priority", value=priority, expected_type=type_hints["priority"])
10879
- check_type(argname="argument type", value=type, expected_type=type_hints["type"])
10880
- self._values: typing.Dict[builtins.str, typing.Any] = {
10881
- "priority": priority,
10882
- "type": type,
10883
- }
10884
-
10885
- @builtins.property
10886
- def priority(self) -> jsii.Number:
10887
- '''Sets the relative processing order for multiple transformations.
10888
-
10889
- AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. The priorities don't need to be consecutive, but they must all be different.
10890
-
10891
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-texttransformation.html#cfn-wafv2-rulegroup-texttransformation-priority
10892
- '''
10893
- result = self._values.get("priority")
10894
- assert result is not None, "Required property 'priority' is missing"
10895
- return typing.cast(jsii.Number, result)
10896
-
10897
- @builtins.property
10898
- def type(self) -> builtins.str:
10899
- '''For detailed descriptions of each of the transformation types, see `Text transformations <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-transformation.html>`_ in the *AWS WAF Developer Guide* .
10900
-
10901
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-texttransformation.html#cfn-wafv2-rulegroup-texttransformation-type
10902
- '''
10903
- result = self._values.get("type")
10904
- assert result is not None, "Required property 'type' is missing"
10905
- return typing.cast(builtins.str, result)
10906
-
10907
- def __eq__(self, rhs: typing.Any) -> builtins.bool:
10908
- return isinstance(rhs, self.__class__) and rhs._values == self._values
10909
-
10910
- def __ne__(self, rhs: typing.Any) -> builtins.bool:
10911
- return not (rhs == self)
10912
-
10913
- def __repr__(self) -> str:
10914
- return "TextTransformationProperty(%s)" % ", ".join(
10915
- k + "=" + repr(v) for k, v in self._values.items()
10916
- )
10917
-
10918
- @jsii.data_type(
10919
- jsii_type="aws-cdk-lib.aws_wafv2.CfnRuleGroup.VisibilityConfigProperty",
10920
- jsii_struct_bases=[],
10921
- name_mapping={
10922
- "cloud_watch_metrics_enabled": "cloudWatchMetricsEnabled",
10923
- "metric_name": "metricName",
10924
- "sampled_requests_enabled": "sampledRequestsEnabled",
10925
- },
10926
- )
10927
- class VisibilityConfigProperty:
10928
- def __init__(
10929
- self,
10930
- *,
10931
- cloud_watch_metrics_enabled: typing.Union[builtins.bool, _IResolvable_da3f097b],
10932
- metric_name: builtins.str,
10933
- sampled_requests_enabled: typing.Union[builtins.bool, _IResolvable_da3f097b],
10934
- ) -> None:
10935
- '''Defines and enables Amazon CloudWatch metrics and web request sample collection.
10936
-
10937
- :param cloud_watch_metrics_enabled: Indicates whether the associated resource sends metrics to Amazon CloudWatch. For the list of available metrics, see `AWS WAF Metrics <https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics>`_ in the *AWS WAF Developer Guide* . For web ACLs, the metrics are for web requests that have the web ACL default action applied. AWS WAF applies the default action to web requests that pass the inspection of all rules in the web ACL without being either allowed or blocked. For more information, see `The web ACL default action <https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-default-action.html>`_ in the *AWS WAF Developer Guide* .
10938
- :param metric_name: A name of the Amazon CloudWatch metric dimension. The name can contain only the characters: A-Z, a-z, 0-9, - (hyphen), and _ (underscore). The name can be from one to 128 characters long. It can't contain whitespace or metric names that are reserved for AWS WAF , for example ``All`` and ``Default_Action`` .
10939
- :param sampled_requests_enabled: Indicates whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console. If you configure data protection for the web ACL, the protection applies to the web ACL's sampled web request data. .. epigraph:: Request sampling doesn't provide a field redaction option, and any field redaction that you specify in your logging configuration doesn't affect sampling. You can only exclude fields from request sampling by disabling sampling in the web ACL visibility configuration or by configuring data protection for the web ACL.
10432
+ def regex_pattern_set_reference_statement(
10433
+ self,
10434
+ ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.RegexPatternSetReferenceStatementProperty"]]:
10435
+ '''A rule statement used to search web request components for matches with regular expressions.
10940
10436
 
10941
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-visibilityconfig.html
10942
- :exampleMetadata: fixture=_generated
10437
+ To use this, create a ``RegexPatternSet`` that specifies the expressions that you want to detect, then use the ARN of that set in this statement. A web request matches the pattern set rule statement if the request component matches any of the patterns in the set.
10943
10438
 
10944
- Example::
10439
+ Each regex pattern set rule statement references a regex pattern set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, AWS WAF automatically updates all rules that reference it.
10945
10440
 
10946
- # The code below shows an example of how to instantiate this type.
10947
- # The values are placeholders you should change.
10948
- from aws_cdk import aws_wafv2 as wafv2
10949
-
10950
- visibility_config_property = wafv2.CfnRuleGroup.VisibilityConfigProperty(
10951
- cloud_watch_metrics_enabled=False,
10952
- metric_name="metricName",
10953
- sampled_requests_enabled=False
10954
- )
10441
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-statement.html#cfn-wafv2-rulegroup-statement-regexpatternsetreferencestatement
10955
10442
  '''
10956
- if __debug__:
10957
- type_hints = typing.get_type_hints(_typecheckingstub__ffc3de9fa9cd77d11c4487ad80fc48948664b917c8642b35ca709762ce71fddf)
10958
- check_type(argname="argument cloud_watch_metrics_enabled", value=cloud_watch_metrics_enabled, expected_type=type_hints["cloud_watch_metrics_enabled"])
10959
- check_type(argname="argument metric_name", value=metric_name, expected_type=type_hints["metric_name"])
10960
- check_type(argname="argument sampled_requests_enabled", value=sampled_requests_enabled, expected_type=type_hints["sampled_requests_enabled"])
10961
- self._values: typing.Dict[builtins.str, typing.Any] = {
10962
- "cloud_watch_metrics_enabled": cloud_watch_metrics_enabled,
10963
- "metric_name": metric_name,
10964
- "sampled_requests_enabled": sampled_requests_enabled,
10965
- }
10443
+ result = self._values.get("regex_pattern_set_reference_statement")
10444
+ return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.RegexPatternSetReferenceStatementProperty"]], result)
10966
10445
 
10967
10446
  @builtins.property
10968
- def cloud_watch_metrics_enabled(
10447
+ def size_constraint_statement(
10969
10448
  self,
10970
- ) -> typing.Union[builtins.bool, _IResolvable_da3f097b]:
10971
- '''Indicates whether the associated resource sends metrics to Amazon CloudWatch.
10449
+ ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.SizeConstraintStatementProperty"]]:
10450
+ '''A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<).
10972
10451
 
10973
- For the list of available metrics, see `AWS WAF Metrics <https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics>`_ in the *AWS WAF Developer Guide* .
10452
+ For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.
10974
10453
 
10975
- For web ACLs, the metrics are for web requests that have the web ACL default action applied. AWS WAF applies the default action to web requests that pass the inspection of all rules in the web ACL without being either allowed or blocked. For more information,
10976
- see `The web ACL default action <https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-default-action.html>`_ in the *AWS WAF Developer Guide* .
10454
+ If you configure AWS WAF to inspect the request body, AWS WAF inspects only the number of bytes in the body up to the limit for the web ACL and protected resource type. If you know that the request body for your web requests should never exceed the inspection limit, you can use a size constraint statement to block requests that have a larger request body size. For more information about the inspection limits, see ``Body`` and ``JsonBody`` settings for the ``FieldToMatch`` data type.
10977
10455
 
10978
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-visibilityconfig.html#cfn-wafv2-rulegroup-visibilityconfig-cloudwatchmetricsenabled
10456
+ If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI ``/logo.jpg`` is nine characters long.
10457
+
10458
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-statement.html#cfn-wafv2-rulegroup-statement-sizeconstraintstatement
10979
10459
  '''
10980
- result = self._values.get("cloud_watch_metrics_enabled")
10981
- assert result is not None, "Required property 'cloud_watch_metrics_enabled' is missing"
10982
- return typing.cast(typing.Union[builtins.bool, _IResolvable_da3f097b], result)
10460
+ result = self._values.get("size_constraint_statement")
10461
+ return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.SizeConstraintStatementProperty"]], result)
10983
10462
 
10984
10463
  @builtins.property
10985
- def metric_name(self) -> builtins.str:
10986
- '''A name of the Amazon CloudWatch metric dimension.
10464
+ def sqli_match_statement(
10465
+ self,
10466
+ ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.SqliMatchStatementProperty"]]:
10467
+ '''A rule statement that inspects for malicious SQL code.
10987
10468
 
10988
- The name can contain only the characters: A-Z, a-z, 0-9, - (hyphen), and _ (underscore). The name can be from one to 128 characters long. It can't contain whitespace or metric names that are reserved for AWS WAF , for example ``All`` and ``Default_Action`` .
10469
+ Attackers insert malicious SQL code into web requests to do things like modify your database or extract data from it.
10989
10470
 
10990
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-visibilityconfig.html#cfn-wafv2-rulegroup-visibilityconfig-metricname
10471
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-statement.html#cfn-wafv2-rulegroup-statement-sqlimatchstatement
10991
10472
  '''
10992
- result = self._values.get("metric_name")
10993
- assert result is not None, "Required property 'metric_name' is missing"
10994
- return typing.cast(builtins.str, result)
10473
+ result = self._values.get("sqli_match_statement")
10474
+ return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.SqliMatchStatementProperty"]], result)
10995
10475
 
10996
10476
  @builtins.property
10997
- def sampled_requests_enabled(
10477
+ def xss_match_statement(
10998
10478
  self,
10999
- ) -> typing.Union[builtins.bool, _IResolvable_da3f097b]:
11000
- '''Indicates whether AWS WAF should store a sampling of the web requests that match the rules.
11001
-
11002
- You can view the sampled requests through the AWS WAF console.
11003
-
11004
- If you configure data protection for the web ACL, the protection applies to the web ACL's sampled web request data.
11005
- .. epigraph::
10479
+ ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.XssMatchStatementProperty"]]:
10480
+ '''A rule statement that inspects for cross-site scripting (XSS) attacks.
11006
10481
 
11007
- Request sampling doesn't provide a field redaction option, and any field redaction that you specify in your logging configuration doesn't affect sampling. You can only exclude fields from request sampling by disabling sampling in the web ACL visibility configuration or by configuring data protection for the web ACL.
10482
+ In XSS attacks, the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts into other legitimate web browsers.
11008
10483
 
11009
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-visibilityconfig.html#cfn-wafv2-rulegroup-visibilityconfig-sampledrequestsenabled
10484
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-statement.html#cfn-wafv2-rulegroup-statement-xssmatchstatement
11010
10485
  '''
11011
- result = self._values.get("sampled_requests_enabled")
11012
- assert result is not None, "Required property 'sampled_requests_enabled' is missing"
11013
- return typing.cast(typing.Union[builtins.bool, _IResolvable_da3f097b], result)
10486
+ result = self._values.get("xss_match_statement")
10487
+ return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.XssMatchStatementProperty"]], result)
11014
10488
 
11015
10489
  def __eq__(self, rhs: typing.Any) -> builtins.bool:
11016
10490
  return isinstance(rhs, self.__class__) and rhs._values == self._values
@@ -11019,33 +10493,23 @@ class CfnRuleGroup(
11019
10493
  return not (rhs == self)
11020
10494
 
11021
10495
  def __repr__(self) -> str:
11022
- return "VisibilityConfigProperty(%s)" % ", ".join(
10496
+ return "StatementProperty(%s)" % ", ".join(
11023
10497
  k + "=" + repr(v) for k, v in self._values.items()
11024
10498
  )
11025
10499
 
11026
10500
  @jsii.data_type(
11027
- jsii_type="aws-cdk-lib.aws_wafv2.CfnRuleGroup.XssMatchStatementProperty",
10501
+ jsii_type="aws-cdk-lib.aws_wafv2.CfnRuleGroup.TextTransformationProperty",
11028
10502
  jsii_struct_bases=[],
11029
- name_mapping={
11030
- "field_to_match": "fieldToMatch",
11031
- "text_transformations": "textTransformations",
11032
- },
10503
+ name_mapping={"priority": "priority", "type": "type"},
11033
10504
  )
11034
- class XssMatchStatementProperty:
11035
- def __init__(
11036
- self,
11037
- *,
11038
- field_to_match: typing.Union[_IResolvable_da3f097b, typing.Union["CfnRuleGroup.FieldToMatchProperty", typing.Dict[builtins.str, typing.Any]]],
11039
- text_transformations: typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnRuleGroup.TextTransformationProperty", typing.Dict[builtins.str, typing.Any]]]]],
11040
- ) -> None:
11041
- '''A rule statement that inspects for cross-site scripting (XSS) attacks.
11042
-
11043
- In XSS attacks, the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts into other legitimate web browsers.
10505
+ class TextTransformationProperty:
10506
+ def __init__(self, *, priority: jsii.Number, type: builtins.str) -> None:
10507
+ '''Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.
11044
10508
 
11045
- :param field_to_match: The part of the web request that you want AWS WAF to inspect.
11046
- :param text_transformations: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. If you specify one or more transformations in a rule statement, AWS WAF performs all transformations on the content of the request component identified by ``FieldToMatch`` , starting from the lowest priority setting, before inspecting the content for a match.
10509
+ :param priority: Sets the relative processing order for multiple transformations. AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. The priorities don't need to be consecutive, but they must all be different.
10510
+ :param type: For detailed descriptions of each of the transformation types, see `Text transformations <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-transformation.html>`_ in the *AWS WAF Developer Guide* .
11047
10511
 
11048
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-xssmatchstatement.html
10512
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-texttransformation.html
11049
10513
  :exampleMetadata: fixture=_generated
11050
10514
 
11051
10515
  Example::
@@ -11054,659 +10518,409 @@ class CfnRuleGroup(
11054
10518
  # The values are placeholders you should change.
11055
10519
  from aws_cdk import aws_wafv2 as wafv2
11056
10520
 
11057
- # all: Any
11058
- # all_query_arguments: Any
11059
- # method: Any
11060
- # query_string: Any
11061
- # single_header: Any
11062
- # single_query_argument: Any
11063
- # uri_path: Any
11064
-
11065
- xss_match_statement_property = wafv2.CfnRuleGroup.XssMatchStatementProperty(
11066
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
11067
- all_query_arguments=all_query_arguments,
11068
- body=wafv2.CfnRuleGroup.BodyProperty(
11069
- oversize_handling="oversizeHandling"
11070
- ),
11071
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
11072
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
11073
- all=all,
11074
- excluded_cookies=["excludedCookies"],
11075
- included_cookies=["includedCookies"]
11076
- ),
11077
- match_scope="matchScope",
11078
- oversize_handling="oversizeHandling"
11079
- ),
11080
- headers=wafv2.CfnRuleGroup.HeadersProperty(
11081
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
11082
- all=all,
11083
- excluded_headers=["excludedHeaders"],
11084
- included_headers=["includedHeaders"]
11085
- ),
11086
- match_scope="matchScope",
11087
- oversize_handling="oversizeHandling"
11088
- ),
11089
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
11090
- fallback_behavior="fallbackBehavior"
11091
- ),
11092
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
11093
- fallback_behavior="fallbackBehavior"
11094
- ),
11095
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
11096
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
11097
- all=all,
11098
- included_paths=["includedPaths"]
11099
- ),
11100
- match_scope="matchScope",
11101
-
11102
- # the properties below are optional
11103
- invalid_fallback_behavior="invalidFallbackBehavior",
11104
- oversize_handling="oversizeHandling"
11105
- ),
11106
- method=method,
11107
- query_string=query_string,
11108
- single_header=single_header,
11109
- single_query_argument=single_query_argument,
11110
- uri_path=uri_path
11111
- ),
11112
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11113
- priority=123,
11114
- type="type"
11115
- )]
10521
+ text_transformation_property = wafv2.CfnRuleGroup.TextTransformationProperty(
10522
+ priority=123,
10523
+ type="type"
11116
10524
  )
11117
10525
  '''
11118
10526
  if __debug__:
11119
- type_hints = typing.get_type_hints(_typecheckingstub__e502ec1c8bc4096eb797b55f6c0a1f9c506e23db360770a855cc273d36ce4b4a)
11120
- check_type(argname="argument field_to_match", value=field_to_match, expected_type=type_hints["field_to_match"])
11121
- check_type(argname="argument text_transformations", value=text_transformations, expected_type=type_hints["text_transformations"])
10527
+ type_hints = typing.get_type_hints(_typecheckingstub__cbdf04ef9e923368f792f61fdb73e804a219fcd9c66ffb20e85214a5a0861eae)
10528
+ check_type(argname="argument priority", value=priority, expected_type=type_hints["priority"])
10529
+ check_type(argname="argument type", value=type, expected_type=type_hints["type"])
11122
10530
  self._values: typing.Dict[builtins.str, typing.Any] = {
11123
- "field_to_match": field_to_match,
11124
- "text_transformations": text_transformations,
11125
- }
11126
-
11127
- @builtins.property
11128
- def field_to_match(
11129
- self,
11130
- ) -> typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.FieldToMatchProperty"]:
11131
- '''The part of the web request that you want AWS WAF to inspect.
11132
-
11133
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-xssmatchstatement.html#cfn-wafv2-rulegroup-xssmatchstatement-fieldtomatch
11134
- '''
11135
- result = self._values.get("field_to_match")
11136
- assert result is not None, "Required property 'field_to_match' is missing"
11137
- return typing.cast(typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.FieldToMatchProperty"], result)
11138
-
11139
- @builtins.property
11140
- def text_transformations(
11141
- self,
11142
- ) -> typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.TextTransformationProperty"]]]:
11143
- '''Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.
11144
-
11145
- If you specify one or more transformations in a rule statement, AWS WAF performs all transformations on the content of the request component identified by ``FieldToMatch`` , starting from the lowest priority setting, before inspecting the content for a match.
11146
-
11147
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-xssmatchstatement.html#cfn-wafv2-rulegroup-xssmatchstatement-texttransformations
11148
- '''
11149
- result = self._values.get("text_transformations")
11150
- assert result is not None, "Required property 'text_transformations' is missing"
11151
- return typing.cast(typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.TextTransformationProperty"]]], result)
11152
-
11153
- def __eq__(self, rhs: typing.Any) -> builtins.bool:
11154
- return isinstance(rhs, self.__class__) and rhs._values == self._values
11155
-
11156
- def __ne__(self, rhs: typing.Any) -> builtins.bool:
11157
- return not (rhs == self)
11158
-
11159
- def __repr__(self) -> str:
11160
- return "XssMatchStatementProperty(%s)" % ", ".join(
11161
- k + "=" + repr(v) for k, v in self._values.items()
11162
- )
11163
-
11164
-
11165
- @jsii.data_type(
11166
- jsii_type="aws-cdk-lib.aws_wafv2.CfnRuleGroupProps",
11167
- jsii_struct_bases=[],
11168
- name_mapping={
11169
- "capacity": "capacity",
11170
- "scope": "scope",
11171
- "visibility_config": "visibilityConfig",
11172
- "available_labels": "availableLabels",
11173
- "consumed_labels": "consumedLabels",
11174
- "custom_response_bodies": "customResponseBodies",
11175
- "description": "description",
11176
- "name": "name",
11177
- "rules": "rules",
11178
- "tags": "tags",
11179
- },
11180
- )
11181
- class CfnRuleGroupProps:
11182
- def __init__(
11183
- self,
11184
- *,
11185
- capacity: jsii.Number,
11186
- scope: builtins.str,
11187
- visibility_config: typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.VisibilityConfigProperty, typing.Dict[builtins.str, typing.Any]]],
11188
- available_labels: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.LabelSummaryProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
11189
- consumed_labels: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.LabelSummaryProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
11190
- custom_response_bodies: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.CustomResponseBodyProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
11191
- description: typing.Optional[builtins.str] = None,
11192
- name: typing.Optional[builtins.str] = None,
11193
- rules: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.RuleProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
11194
- tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
11195
- ) -> None:
11196
- '''Properties for defining a ``CfnRuleGroup``.
10531
+ "priority": priority,
10532
+ "type": type,
10533
+ }
11197
10534
 
11198
- :param capacity: The web ACL capacity units (WCUs) required for this rule group. When you create your own rule group, you define this, and you cannot change it after creation. When you add or modify the rules in a rule group, AWS WAF enforces this limit. AWS WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. AWS WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. The WCU limit for web ACLs is 1,500.
11199
- :param scope: Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance. Valid Values are ``CLOUDFRONT`` and ``REGIONAL`` . .. epigraph:: For ``CLOUDFRONT`` , you must create your WAFv2 resources in the US East (N. Virginia) Region, ``us-east-1`` .
11200
- :param visibility_config: Defines and enables Amazon CloudWatch metrics and web request sample collection.
11201
- :param available_labels: The labels that one or more rules in this rule group add to matching web requests. These labels are defined in the ``RuleLabels`` for a ``Rule`` .
11202
- :param consumed_labels: The labels that one or more rules in this rule group match against in label match statements. These labels are defined in a ``LabelMatchStatement`` specification, in the ``Statement`` definition of a rule.
11203
- :param custom_response_bodies: A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the rule group, and then use them in the rules that you define in the rule group. For information about customizing web requests and responses, see `Customizing web requests and responses in AWS WAF <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html>`_ in the *AWS WAF Developer Guide* . For information about the limits on count and size for custom request and response settings, see `AWS WAF quotas <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html>`_ in the *AWS WAF Developer Guide* .
11204
- :param description: A description of the rule group that helps with identification.
11205
- :param name: The name of the rule group. You cannot change the name of a rule group after you create it.
11206
- :param rules: The rule statements used to identify the web requests that you want to allow, block, or count. Each rule includes one top-level statement that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.
11207
- :param tags: Key:value pairs associated with an AWS resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each AWS resource. .. epigraph:: To modify tags on existing resources, use the AWS WAF APIs or command line interface. With AWS CloudFormation , you can only add tags to AWS WAF resources during resource creation.
10535
+ @builtins.property
10536
+ def priority(self) -> jsii.Number:
10537
+ '''Sets the relative processing order for multiple transformations.
11208
10538
 
11209
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-rulegroup.html
11210
- :exampleMetadata: fixture=_generated
10539
+ AWS WAF processes all transformations, from lowest priority to highest, before inspecting the transformed content. The priorities don't need to be consecutive, but they must all be different.
11211
10540
 
11212
- Example::
10541
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-texttransformation.html#cfn-wafv2-rulegroup-texttransformation-priority
10542
+ '''
10543
+ result = self._values.get("priority")
10544
+ assert result is not None, "Required property 'priority' is missing"
10545
+ return typing.cast(jsii.Number, result)
11213
10546
 
11214
- # The code below shows an example of how to instantiate this type.
11215
- # The values are placeholders you should change.
11216
- from aws_cdk import aws_wafv2 as wafv2
11217
-
11218
- # all: Any
11219
- # allow: Any
11220
- # all_query_arguments: Any
11221
- # block: Any
11222
- # captcha: Any
11223
- # challenge: Any
11224
- # count: Any
11225
- # forwarded_ip: Any
11226
- # http_method: Any
11227
- # ip: Any
11228
- # method: Any
11229
- # query_string: Any
11230
- # single_header: Any
11231
- # single_query_argument: Any
11232
- # statement_property_: wafv2.CfnRuleGroup.StatementProperty
11233
- # uri_path: Any
11234
-
11235
- cfn_rule_group_props = wafv2.CfnRuleGroupProps(
11236
- capacity=123,
11237
- scope="scope",
11238
- visibility_config=wafv2.CfnRuleGroup.VisibilityConfigProperty(
11239
- cloud_watch_metrics_enabled=False,
11240
- metric_name="metricName",
11241
- sampled_requests_enabled=False
11242
- ),
11243
-
11244
- # the properties below are optional
11245
- available_labels=[wafv2.CfnRuleGroup.LabelSummaryProperty(
11246
- name="name"
11247
- )],
11248
- consumed_labels=[wafv2.CfnRuleGroup.LabelSummaryProperty(
11249
- name="name"
11250
- )],
11251
- custom_response_bodies={
11252
- "custom_response_bodies_key": wafv2.CfnRuleGroup.CustomResponseBodyProperty(
11253
- content="content",
11254
- content_type="contentType"
11255
- )
11256
- },
11257
- description="description",
11258
- name="name",
11259
- rules=[wafv2.CfnRuleGroup.RuleProperty(
11260
- name="name",
11261
- priority=123,
11262
- statement=wafv2.CfnRuleGroup.StatementProperty(
11263
- and_statement=wafv2.CfnRuleGroup.AndStatementProperty(
11264
- statements=[statement_property_]
11265
- ),
11266
- byte_match_statement=wafv2.CfnRuleGroup.ByteMatchStatementProperty(
11267
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
11268
- all_query_arguments=all_query_arguments,
11269
- body=wafv2.CfnRuleGroup.BodyProperty(
11270
- oversize_handling="oversizeHandling"
11271
- ),
11272
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
11273
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
11274
- all=all,
11275
- excluded_cookies=["excludedCookies"],
11276
- included_cookies=["includedCookies"]
11277
- ),
11278
- match_scope="matchScope",
11279
- oversize_handling="oversizeHandling"
11280
- ),
11281
- headers=wafv2.CfnRuleGroup.HeadersProperty(
11282
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
11283
- all=all,
11284
- excluded_headers=["excludedHeaders"],
11285
- included_headers=["includedHeaders"]
11286
- ),
11287
- match_scope="matchScope",
11288
- oversize_handling="oversizeHandling"
11289
- ),
11290
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
11291
- fallback_behavior="fallbackBehavior"
11292
- ),
11293
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
11294
- fallback_behavior="fallbackBehavior"
11295
- ),
11296
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
11297
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
11298
- all=all,
11299
- included_paths=["includedPaths"]
11300
- ),
11301
- match_scope="matchScope",
11302
-
11303
- # the properties below are optional
11304
- invalid_fallback_behavior="invalidFallbackBehavior",
11305
- oversize_handling="oversizeHandling"
11306
- ),
11307
- method=method,
11308
- query_string=query_string,
11309
- single_header=single_header,
11310
- single_query_argument=single_query_argument,
11311
- uri_path=uri_path
11312
- ),
11313
- positional_constraint="positionalConstraint",
11314
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11315
- priority=123,
11316
- type="type"
11317
- )],
11318
-
11319
- # the properties below are optional
11320
- search_string="searchString",
11321
- search_string_base64="searchStringBase64"
11322
- ),
11323
- geo_match_statement=wafv2.CfnRuleGroup.GeoMatchStatementProperty(
11324
- country_codes=["countryCodes"],
11325
- forwarded_ip_config=wafv2.CfnRuleGroup.ForwardedIPConfigurationProperty(
11326
- fallback_behavior="fallbackBehavior",
11327
- header_name="headerName"
11328
- )
11329
- ),
11330
- ip_set_reference_statement={
11331
- "arn": "arn",
11332
-
11333
- # the properties below are optional
11334
- "ip_set_forwarded_ip_config": {
11335
- "fallback_behavior": "fallbackBehavior",
11336
- "header_name": "headerName",
11337
- "position": "position"
11338
- }
11339
- },
11340
- label_match_statement=wafv2.CfnRuleGroup.LabelMatchStatementProperty(
11341
- key="key",
11342
- scope="scope"
11343
- ),
11344
- not_statement=wafv2.CfnRuleGroup.NotStatementProperty(
11345
- statement=statement_property_
11346
- ),
11347
- or_statement=wafv2.CfnRuleGroup.OrStatementProperty(
11348
- statements=[statement_property_]
11349
- ),
11350
- rate_based_statement=wafv2.CfnRuleGroup.RateBasedStatementProperty(
11351
- aggregate_key_type="aggregateKeyType",
11352
- limit=123,
11353
-
11354
- # the properties below are optional
11355
- custom_keys=[wafv2.CfnRuleGroup.RateBasedStatementCustomKeyProperty(
11356
- cookie=wafv2.CfnRuleGroup.RateLimitCookieProperty(
11357
- name="name",
11358
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11359
- priority=123,
11360
- type="type"
11361
- )]
11362
- ),
11363
- forwarded_ip=forwarded_ip,
11364
- header=wafv2.CfnRuleGroup.RateLimitHeaderProperty(
11365
- name="name",
11366
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11367
- priority=123,
11368
- type="type"
11369
- )]
11370
- ),
11371
- http_method=http_method,
11372
- ip=ip,
11373
- ja3_fingerprint=wafv2.CfnRuleGroup.RateLimitJA3FingerprintProperty(
11374
- fallback_behavior="fallbackBehavior"
11375
- ),
11376
- ja4_fingerprint=wafv2.CfnRuleGroup.RateLimitJA4FingerprintProperty(
11377
- fallback_behavior="fallbackBehavior"
11378
- ),
11379
- label_namespace=wafv2.CfnRuleGroup.RateLimitLabelNamespaceProperty(
11380
- namespace="namespace"
11381
- ),
11382
- query_argument=wafv2.CfnRuleGroup.RateLimitQueryArgumentProperty(
11383
- name="name",
11384
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11385
- priority=123,
11386
- type="type"
11387
- )]
11388
- ),
11389
- query_string=wafv2.CfnRuleGroup.RateLimitQueryStringProperty(
11390
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11391
- priority=123,
11392
- type="type"
11393
- )]
11394
- ),
11395
- uri_path=wafv2.CfnRuleGroup.RateLimitUriPathProperty(
11396
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11397
- priority=123,
11398
- type="type"
11399
- )]
11400
- )
11401
- )],
11402
- evaluation_window_sec=123,
11403
- forwarded_ip_config=wafv2.CfnRuleGroup.ForwardedIPConfigurationProperty(
11404
- fallback_behavior="fallbackBehavior",
11405
- header_name="headerName"
11406
- ),
11407
- scope_down_statement=statement_property_
11408
- ),
11409
- regex_match_statement=wafv2.CfnRuleGroup.RegexMatchStatementProperty(
11410
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
11411
- all_query_arguments=all_query_arguments,
11412
- body=wafv2.CfnRuleGroup.BodyProperty(
11413
- oversize_handling="oversizeHandling"
11414
- ),
11415
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
11416
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
11417
- all=all,
11418
- excluded_cookies=["excludedCookies"],
11419
- included_cookies=["includedCookies"]
11420
- ),
11421
- match_scope="matchScope",
11422
- oversize_handling="oversizeHandling"
11423
- ),
11424
- headers=wafv2.CfnRuleGroup.HeadersProperty(
11425
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
11426
- all=all,
11427
- excluded_headers=["excludedHeaders"],
11428
- included_headers=["includedHeaders"]
11429
- ),
11430
- match_scope="matchScope",
11431
- oversize_handling="oversizeHandling"
11432
- ),
11433
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
11434
- fallback_behavior="fallbackBehavior"
11435
- ),
11436
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
11437
- fallback_behavior="fallbackBehavior"
11438
- ),
11439
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
11440
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
11441
- all=all,
11442
- included_paths=["includedPaths"]
11443
- ),
11444
- match_scope="matchScope",
11445
-
11446
- # the properties below are optional
11447
- invalid_fallback_behavior="invalidFallbackBehavior",
11448
- oversize_handling="oversizeHandling"
11449
- ),
11450
- method=method,
11451
- query_string=query_string,
11452
- single_header=single_header,
11453
- single_query_argument=single_query_argument,
11454
- uri_path=uri_path
11455
- ),
11456
- regex_string="regexString",
11457
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11458
- priority=123,
11459
- type="type"
11460
- )]
10547
+ @builtins.property
10548
+ def type(self) -> builtins.str:
10549
+ '''For detailed descriptions of each of the transformation types, see `Text transformations <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-transformation.html>`_ in the *AWS WAF Developer Guide* .
10550
+
10551
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-texttransformation.html#cfn-wafv2-rulegroup-texttransformation-type
10552
+ '''
10553
+ result = self._values.get("type")
10554
+ assert result is not None, "Required property 'type' is missing"
10555
+ return typing.cast(builtins.str, result)
10556
+
10557
+ def __eq__(self, rhs: typing.Any) -> builtins.bool:
10558
+ return isinstance(rhs, self.__class__) and rhs._values == self._values
10559
+
10560
+ def __ne__(self, rhs: typing.Any) -> builtins.bool:
10561
+ return not (rhs == self)
10562
+
10563
+ def __repr__(self) -> str:
10564
+ return "TextTransformationProperty(%s)" % ", ".join(
10565
+ k + "=" + repr(v) for k, v in self._values.items()
10566
+ )
10567
+
10568
+ @jsii.data_type(
10569
+ jsii_type="aws-cdk-lib.aws_wafv2.CfnRuleGroup.UriFragmentProperty",
10570
+ jsii_struct_bases=[],
10571
+ name_mapping={"fallback_behavior": "fallbackBehavior"},
10572
+ )
10573
+ class UriFragmentProperty:
10574
+ def __init__(
10575
+ self,
10576
+ *,
10577
+ fallback_behavior: typing.Optional[builtins.str] = None,
10578
+ ) -> None:
10579
+ '''The path component of the URI Fragment.
10580
+
10581
+ This is the part of a web request that identifies a fragment uri, for example, /abcd#introduction
10582
+
10583
+ :param fallback_behavior:
10584
+
10585
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-urifragment.html
10586
+ :exampleMetadata: fixture=_generated
10587
+
10588
+ Example::
10589
+
10590
+ # The code below shows an example of how to instantiate this type.
10591
+ # The values are placeholders you should change.
10592
+ from aws_cdk import aws_wafv2 as wafv2
10593
+
10594
+ uri_fragment_property = wafv2.CfnRuleGroup.UriFragmentProperty(
10595
+ fallback_behavior="fallbackBehavior"
10596
+ )
10597
+ '''
10598
+ if __debug__:
10599
+ type_hints = typing.get_type_hints(_typecheckingstub__fe1c476d259659923a1664b8e966720fc48cf48f725562b81ef2c02997f8998a)
10600
+ check_type(argname="argument fallback_behavior", value=fallback_behavior, expected_type=type_hints["fallback_behavior"])
10601
+ self._values: typing.Dict[builtins.str, typing.Any] = {}
10602
+ if fallback_behavior is not None:
10603
+ self._values["fallback_behavior"] = fallback_behavior
10604
+
10605
+ @builtins.property
10606
+ def fallback_behavior(self) -> typing.Optional[builtins.str]:
10607
+ '''
10608
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-urifragment.html#cfn-wafv2-rulegroup-urifragment-fallbackbehavior
10609
+ '''
10610
+ result = self._values.get("fallback_behavior")
10611
+ return typing.cast(typing.Optional[builtins.str], result)
10612
+
10613
+ def __eq__(self, rhs: typing.Any) -> builtins.bool:
10614
+ return isinstance(rhs, self.__class__) and rhs._values == self._values
10615
+
10616
+ def __ne__(self, rhs: typing.Any) -> builtins.bool:
10617
+ return not (rhs == self)
10618
+
10619
+ def __repr__(self) -> str:
10620
+ return "UriFragmentProperty(%s)" % ", ".join(
10621
+ k + "=" + repr(v) for k, v in self._values.items()
10622
+ )
10623
+
10624
+ @jsii.data_type(
10625
+ jsii_type="aws-cdk-lib.aws_wafv2.CfnRuleGroup.VisibilityConfigProperty",
10626
+ jsii_struct_bases=[],
10627
+ name_mapping={
10628
+ "cloud_watch_metrics_enabled": "cloudWatchMetricsEnabled",
10629
+ "metric_name": "metricName",
10630
+ "sampled_requests_enabled": "sampledRequestsEnabled",
10631
+ },
10632
+ )
10633
+ class VisibilityConfigProperty:
10634
+ def __init__(
10635
+ self,
10636
+ *,
10637
+ cloud_watch_metrics_enabled: typing.Union[builtins.bool, _IResolvable_da3f097b],
10638
+ metric_name: builtins.str,
10639
+ sampled_requests_enabled: typing.Union[builtins.bool, _IResolvable_da3f097b],
10640
+ ) -> None:
10641
+ '''Defines and enables Amazon CloudWatch metrics and web request sample collection.
10642
+
10643
+ :param cloud_watch_metrics_enabled: Indicates whether the associated resource sends metrics to Amazon CloudWatch. For the list of available metrics, see `AWS WAF Metrics <https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics>`_ in the *AWS WAF Developer Guide* . For web ACLs, the metrics are for web requests that have the web ACL default action applied. AWS WAF applies the default action to web requests that pass the inspection of all rules in the web ACL without being either allowed or blocked. For more information, see `The web ACL default action <https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-default-action.html>`_ in the *AWS WAF Developer Guide* .
10644
+ :param metric_name: A name of the Amazon CloudWatch metric dimension. The name can contain only the characters: A-Z, a-z, 0-9, - (hyphen), and _ (underscore). The name can be from one to 128 characters long. It can't contain whitespace or metric names that are reserved for AWS WAF , for example ``All`` and ``Default_Action`` .
10645
+ :param sampled_requests_enabled: Indicates whether AWS WAF should store a sampling of the web requests that match the rules. You can view the sampled requests through the AWS WAF console. If you configure data protection for the web ACL, the protection applies to the web ACL's sampled web request data. .. epigraph:: Request sampling doesn't provide a field redaction option, and any field redaction that you specify in your logging configuration doesn't affect sampling. You can only exclude fields from request sampling by disabling sampling in the web ACL visibility configuration or by configuring data protection for the web ACL.
10646
+
10647
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-visibilityconfig.html
10648
+ :exampleMetadata: fixture=_generated
10649
+
10650
+ Example::
10651
+
10652
+ # The code below shows an example of how to instantiate this type.
10653
+ # The values are placeholders you should change.
10654
+ from aws_cdk import aws_wafv2 as wafv2
10655
+
10656
+ visibility_config_property = wafv2.CfnRuleGroup.VisibilityConfigProperty(
10657
+ cloud_watch_metrics_enabled=False,
10658
+ metric_name="metricName",
10659
+ sampled_requests_enabled=False
10660
+ )
10661
+ '''
10662
+ if __debug__:
10663
+ type_hints = typing.get_type_hints(_typecheckingstub__ffc3de9fa9cd77d11c4487ad80fc48948664b917c8642b35ca709762ce71fddf)
10664
+ check_type(argname="argument cloud_watch_metrics_enabled", value=cloud_watch_metrics_enabled, expected_type=type_hints["cloud_watch_metrics_enabled"])
10665
+ check_type(argname="argument metric_name", value=metric_name, expected_type=type_hints["metric_name"])
10666
+ check_type(argname="argument sampled_requests_enabled", value=sampled_requests_enabled, expected_type=type_hints["sampled_requests_enabled"])
10667
+ self._values: typing.Dict[builtins.str, typing.Any] = {
10668
+ "cloud_watch_metrics_enabled": cloud_watch_metrics_enabled,
10669
+ "metric_name": metric_name,
10670
+ "sampled_requests_enabled": sampled_requests_enabled,
10671
+ }
10672
+
10673
+ @builtins.property
10674
+ def cloud_watch_metrics_enabled(
10675
+ self,
10676
+ ) -> typing.Union[builtins.bool, _IResolvable_da3f097b]:
10677
+ '''Indicates whether the associated resource sends metrics to Amazon CloudWatch.
10678
+
10679
+ For the list of available metrics, see `AWS WAF Metrics <https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics>`_ in the *AWS WAF Developer Guide* .
10680
+
10681
+ For web ACLs, the metrics are for web requests that have the web ACL default action applied. AWS WAF applies the default action to web requests that pass the inspection of all rules in the web ACL without being either allowed or blocked. For more information,
10682
+ see `The web ACL default action <https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-default-action.html>`_ in the *AWS WAF Developer Guide* .
10683
+
10684
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-visibilityconfig.html#cfn-wafv2-rulegroup-visibilityconfig-cloudwatchmetricsenabled
10685
+ '''
10686
+ result = self._values.get("cloud_watch_metrics_enabled")
10687
+ assert result is not None, "Required property 'cloud_watch_metrics_enabled' is missing"
10688
+ return typing.cast(typing.Union[builtins.bool, _IResolvable_da3f097b], result)
10689
+
10690
+ @builtins.property
10691
+ def metric_name(self) -> builtins.str:
10692
+ '''A name of the Amazon CloudWatch metric dimension.
10693
+
10694
+ The name can contain only the characters: A-Z, a-z, 0-9, - (hyphen), and _ (underscore). The name can be from one to 128 characters long. It can't contain whitespace or metric names that are reserved for AWS WAF , for example ``All`` and ``Default_Action`` .
10695
+
10696
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-visibilityconfig.html#cfn-wafv2-rulegroup-visibilityconfig-metricname
10697
+ '''
10698
+ result = self._values.get("metric_name")
10699
+ assert result is not None, "Required property 'metric_name' is missing"
10700
+ return typing.cast(builtins.str, result)
10701
+
10702
+ @builtins.property
10703
+ def sampled_requests_enabled(
10704
+ self,
10705
+ ) -> typing.Union[builtins.bool, _IResolvable_da3f097b]:
10706
+ '''Indicates whether AWS WAF should store a sampling of the web requests that match the rules.
10707
+
10708
+ You can view the sampled requests through the AWS WAF console.
10709
+
10710
+ If you configure data protection for the web ACL, the protection applies to the web ACL's sampled web request data.
10711
+ .. epigraph::
10712
+
10713
+ Request sampling doesn't provide a field redaction option, and any field redaction that you specify in your logging configuration doesn't affect sampling. You can only exclude fields from request sampling by disabling sampling in the web ACL visibility configuration or by configuring data protection for the web ACL.
10714
+
10715
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-visibilityconfig.html#cfn-wafv2-rulegroup-visibilityconfig-sampledrequestsenabled
10716
+ '''
10717
+ result = self._values.get("sampled_requests_enabled")
10718
+ assert result is not None, "Required property 'sampled_requests_enabled' is missing"
10719
+ return typing.cast(typing.Union[builtins.bool, _IResolvable_da3f097b], result)
10720
+
10721
+ def __eq__(self, rhs: typing.Any) -> builtins.bool:
10722
+ return isinstance(rhs, self.__class__) and rhs._values == self._values
10723
+
10724
+ def __ne__(self, rhs: typing.Any) -> builtins.bool:
10725
+ return not (rhs == self)
10726
+
10727
+ def __repr__(self) -> str:
10728
+ return "VisibilityConfigProperty(%s)" % ", ".join(
10729
+ k + "=" + repr(v) for k, v in self._values.items()
10730
+ )
10731
+
10732
+ @jsii.data_type(
10733
+ jsii_type="aws-cdk-lib.aws_wafv2.CfnRuleGroup.XssMatchStatementProperty",
10734
+ jsii_struct_bases=[],
10735
+ name_mapping={
10736
+ "field_to_match": "fieldToMatch",
10737
+ "text_transformations": "textTransformations",
10738
+ },
10739
+ )
10740
+ class XssMatchStatementProperty:
10741
+ def __init__(
10742
+ self,
10743
+ *,
10744
+ field_to_match: typing.Union[_IResolvable_da3f097b, typing.Union["CfnRuleGroup.FieldToMatchProperty", typing.Dict[builtins.str, typing.Any]]],
10745
+ text_transformations: typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnRuleGroup.TextTransformationProperty", typing.Dict[builtins.str, typing.Any]]]]],
10746
+ ) -> None:
10747
+ '''A rule statement that inspects for cross-site scripting (XSS) attacks.
10748
+
10749
+ In XSS attacks, the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts into other legitimate web browsers.
10750
+
10751
+ :param field_to_match: The part of the web request that you want AWS WAF to inspect.
10752
+ :param text_transformations: Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. If you specify one or more transformations in a rule statement, AWS WAF performs all transformations on the content of the request component identified by ``FieldToMatch`` , starting from the lowest priority setting, before inspecting the content for a match.
10753
+
10754
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-xssmatchstatement.html
10755
+ :exampleMetadata: fixture=_generated
10756
+
10757
+ Example::
10758
+
10759
+ # The code below shows an example of how to instantiate this type.
10760
+ # The values are placeholders you should change.
10761
+ from aws_cdk import aws_wafv2 as wafv2
10762
+
10763
+ # all: Any
10764
+ # all_query_arguments: Any
10765
+ # method: Any
10766
+ # query_string: Any
10767
+ # single_header: Any
10768
+ # single_query_argument: Any
10769
+ # uri_path: Any
10770
+
10771
+ xss_match_statement_property = wafv2.CfnRuleGroup.XssMatchStatementProperty(
10772
+ field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
10773
+ all_query_arguments=all_query_arguments,
10774
+ body=wafv2.CfnRuleGroup.BodyProperty(
10775
+ oversize_handling="oversizeHandling"
11461
10776
  ),
11462
- regex_pattern_set_reference_statement=wafv2.CfnRuleGroup.RegexPatternSetReferenceStatementProperty(
11463
- arn="arn",
11464
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
11465
- all_query_arguments=all_query_arguments,
11466
- body=wafv2.CfnRuleGroup.BodyProperty(
11467
- oversize_handling="oversizeHandling"
11468
- ),
11469
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
11470
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
11471
- all=all,
11472
- excluded_cookies=["excludedCookies"],
11473
- included_cookies=["includedCookies"]
11474
- ),
11475
- match_scope="matchScope",
11476
- oversize_handling="oversizeHandling"
11477
- ),
11478
- headers=wafv2.CfnRuleGroup.HeadersProperty(
11479
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
11480
- all=all,
11481
- excluded_headers=["excludedHeaders"],
11482
- included_headers=["includedHeaders"]
11483
- ),
11484
- match_scope="matchScope",
11485
- oversize_handling="oversizeHandling"
11486
- ),
11487
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
11488
- fallback_behavior="fallbackBehavior"
11489
- ),
11490
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
11491
- fallback_behavior="fallbackBehavior"
11492
- ),
11493
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
11494
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
11495
- all=all,
11496
- included_paths=["includedPaths"]
11497
- ),
11498
- match_scope="matchScope",
11499
-
11500
- # the properties below are optional
11501
- invalid_fallback_behavior="invalidFallbackBehavior",
11502
- oversize_handling="oversizeHandling"
11503
- ),
11504
- method=method,
11505
- query_string=query_string,
11506
- single_header=single_header,
11507
- single_query_argument=single_query_argument,
11508
- uri_path=uri_path
10777
+ cookies=wafv2.CfnRuleGroup.CookiesProperty(
10778
+ match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
10779
+ all=all,
10780
+ excluded_cookies=["excludedCookies"],
10781
+ included_cookies=["includedCookies"]
11509
10782
  ),
11510
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11511
- priority=123,
11512
- type="type"
11513
- )]
10783
+ match_scope="matchScope",
10784
+ oversize_handling="oversizeHandling"
11514
10785
  ),
11515
- size_constraint_statement=wafv2.CfnRuleGroup.SizeConstraintStatementProperty(
11516
- comparison_operator="comparisonOperator",
11517
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
11518
- all_query_arguments=all_query_arguments,
11519
- body=wafv2.CfnRuleGroup.BodyProperty(
11520
- oversize_handling="oversizeHandling"
11521
- ),
11522
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
11523
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
11524
- all=all,
11525
- excluded_cookies=["excludedCookies"],
11526
- included_cookies=["includedCookies"]
11527
- ),
11528
- match_scope="matchScope",
11529
- oversize_handling="oversizeHandling"
11530
- ),
11531
- headers=wafv2.CfnRuleGroup.HeadersProperty(
11532
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
11533
- all=all,
11534
- excluded_headers=["excludedHeaders"],
11535
- included_headers=["includedHeaders"]
11536
- ),
11537
- match_scope="matchScope",
11538
- oversize_handling="oversizeHandling"
11539
- ),
11540
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
11541
- fallback_behavior="fallbackBehavior"
11542
- ),
11543
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
11544
- fallback_behavior="fallbackBehavior"
11545
- ),
11546
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
11547
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
11548
- all=all,
11549
- included_paths=["includedPaths"]
11550
- ),
11551
- match_scope="matchScope",
11552
-
11553
- # the properties below are optional
11554
- invalid_fallback_behavior="invalidFallbackBehavior",
11555
- oversize_handling="oversizeHandling"
11556
- ),
11557
- method=method,
11558
- query_string=query_string,
11559
- single_header=single_header,
11560
- single_query_argument=single_query_argument,
11561
- uri_path=uri_path
10786
+ headers=wafv2.CfnRuleGroup.HeadersProperty(
10787
+ match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
10788
+ all=all,
10789
+ excluded_headers=["excludedHeaders"],
10790
+ included_headers=["includedHeaders"]
11562
10791
  ),
11563
- size=123,
11564
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11565
- priority=123,
11566
- type="type"
11567
- )]
10792
+ match_scope="matchScope",
10793
+ oversize_handling="oversizeHandling"
11568
10794
  ),
11569
- sqli_match_statement=wafv2.CfnRuleGroup.SqliMatchStatementProperty(
11570
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
11571
- all_query_arguments=all_query_arguments,
11572
- body=wafv2.CfnRuleGroup.BodyProperty(
11573
- oversize_handling="oversizeHandling"
11574
- ),
11575
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
11576
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
11577
- all=all,
11578
- excluded_cookies=["excludedCookies"],
11579
- included_cookies=["includedCookies"]
11580
- ),
11581
- match_scope="matchScope",
11582
- oversize_handling="oversizeHandling"
11583
- ),
11584
- headers=wafv2.CfnRuleGroup.HeadersProperty(
11585
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
11586
- all=all,
11587
- excluded_headers=["excludedHeaders"],
11588
- included_headers=["includedHeaders"]
11589
- ),
11590
- match_scope="matchScope",
11591
- oversize_handling="oversizeHandling"
11592
- ),
11593
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
11594
- fallback_behavior="fallbackBehavior"
11595
- ),
11596
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
11597
- fallback_behavior="fallbackBehavior"
11598
- ),
11599
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
11600
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
11601
- all=all,
11602
- included_paths=["includedPaths"]
11603
- ),
11604
- match_scope="matchScope",
11605
-
11606
- # the properties below are optional
11607
- invalid_fallback_behavior="invalidFallbackBehavior",
11608
- oversize_handling="oversizeHandling"
11609
- ),
11610
- method=method,
11611
- query_string=query_string,
11612
- single_header=single_header,
11613
- single_query_argument=single_query_argument,
11614
- uri_path=uri_path
10795
+ ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
10796
+ fallback_behavior="fallbackBehavior"
10797
+ ),
10798
+ ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
10799
+ fallback_behavior="fallbackBehavior"
10800
+ ),
10801
+ json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
10802
+ match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
10803
+ all=all,
10804
+ included_paths=["includedPaths"]
11615
10805
  ),
11616
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11617
- priority=123,
11618
- type="type"
11619
- )],
11620
-
10806
+ match_scope="matchScope",
10807
+
11621
10808
  # the properties below are optional
11622
- sensitivity_level="sensitivityLevel"
10809
+ invalid_fallback_behavior="invalidFallbackBehavior",
10810
+ oversize_handling="oversizeHandling"
11623
10811
  ),
11624
- xss_match_statement=wafv2.CfnRuleGroup.XssMatchStatementProperty(
11625
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
11626
- all_query_arguments=all_query_arguments,
11627
- body=wafv2.CfnRuleGroup.BodyProperty(
11628
- oversize_handling="oversizeHandling"
11629
- ),
11630
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
11631
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
11632
- all=all,
11633
- excluded_cookies=["excludedCookies"],
11634
- included_cookies=["includedCookies"]
11635
- ),
11636
- match_scope="matchScope",
11637
- oversize_handling="oversizeHandling"
11638
- ),
11639
- headers=wafv2.CfnRuleGroup.HeadersProperty(
11640
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
11641
- all=all,
11642
- excluded_headers=["excludedHeaders"],
11643
- included_headers=["includedHeaders"]
11644
- ),
11645
- match_scope="matchScope",
11646
- oversize_handling="oversizeHandling"
11647
- ),
11648
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
11649
- fallback_behavior="fallbackBehavior"
11650
- ),
11651
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
11652
- fallback_behavior="fallbackBehavior"
11653
- ),
11654
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
11655
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
11656
- all=all,
11657
- included_paths=["includedPaths"]
11658
- ),
11659
- match_scope="matchScope",
11660
-
11661
- # the properties below are optional
11662
- invalid_fallback_behavior="invalidFallbackBehavior",
11663
- oversize_handling="oversizeHandling"
11664
- ),
11665
- method=method,
11666
- query_string=query_string,
11667
- single_header=single_header,
11668
- single_query_argument=single_query_argument,
11669
- uri_path=uri_path
11670
- ),
11671
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11672
- priority=123,
11673
- type="type"
11674
- )]
11675
- )
11676
- ),
11677
- visibility_config=wafv2.CfnRuleGroup.VisibilityConfigProperty(
11678
- cloud_watch_metrics_enabled=False,
11679
- metric_name="metricName",
11680
- sampled_requests_enabled=False
11681
- ),
11682
-
11683
- # the properties below are optional
11684
- action=wafv2.CfnRuleGroup.RuleActionProperty(
11685
- allow=allow,
11686
- block=block,
11687
- captcha=captcha,
11688
- challenge=challenge,
11689
- count=count
11690
- ),
11691
- captcha_config=wafv2.CfnRuleGroup.CaptchaConfigProperty(
11692
- immunity_time_property=wafv2.CfnRuleGroup.ImmunityTimePropertyProperty(
11693
- immunity_time=123
11694
- )
11695
- ),
11696
- challenge_config=wafv2.CfnRuleGroup.ChallengeConfigProperty(
11697
- immunity_time_property=wafv2.CfnRuleGroup.ImmunityTimePropertyProperty(
11698
- immunity_time=123
11699
- )
10812
+ method=method,
10813
+ query_string=query_string,
10814
+ single_header=single_header,
10815
+ single_query_argument=single_query_argument,
10816
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
10817
+ fallback_behavior="fallbackBehavior"
10818
+ ),
10819
+ uri_path=uri_path
11700
10820
  ),
11701
- rule_labels=[wafv2.CfnRuleGroup.LabelProperty(
11702
- name="name"
10821
+ text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
10822
+ priority=123,
10823
+ type="type"
11703
10824
  )]
11704
- )],
11705
- tags=[CfnTag(
11706
- key="key",
11707
- value="value"
11708
- )]
10825
+ )
10826
+ '''
10827
+ if __debug__:
10828
+ type_hints = typing.get_type_hints(_typecheckingstub__e502ec1c8bc4096eb797b55f6c0a1f9c506e23db360770a855cc273d36ce4b4a)
10829
+ check_type(argname="argument field_to_match", value=field_to_match, expected_type=type_hints["field_to_match"])
10830
+ check_type(argname="argument text_transformations", value=text_transformations, expected_type=type_hints["text_transformations"])
10831
+ self._values: typing.Dict[builtins.str, typing.Any] = {
10832
+ "field_to_match": field_to_match,
10833
+ "text_transformations": text_transformations,
10834
+ }
10835
+
10836
+ @builtins.property
10837
+ def field_to_match(
10838
+ self,
10839
+ ) -> typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.FieldToMatchProperty"]:
10840
+ '''The part of the web request that you want AWS WAF to inspect.
10841
+
10842
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-xssmatchstatement.html#cfn-wafv2-rulegroup-xssmatchstatement-fieldtomatch
10843
+ '''
10844
+ result = self._values.get("field_to_match")
10845
+ assert result is not None, "Required property 'field_to_match' is missing"
10846
+ return typing.cast(typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.FieldToMatchProperty"], result)
10847
+
10848
+ @builtins.property
10849
+ def text_transformations(
10850
+ self,
10851
+ ) -> typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.TextTransformationProperty"]]]:
10852
+ '''Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.
10853
+
10854
+ If you specify one or more transformations in a rule statement, AWS WAF performs all transformations on the content of the request component identified by ``FieldToMatch`` , starting from the lowest priority setting, before inspecting the content for a match.
10855
+
10856
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-xssmatchstatement.html#cfn-wafv2-rulegroup-xssmatchstatement-texttransformations
10857
+ '''
10858
+ result = self._values.get("text_transformations")
10859
+ assert result is not None, "Required property 'text_transformations' is missing"
10860
+ return typing.cast(typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.TextTransformationProperty"]]], result)
10861
+
10862
+ def __eq__(self, rhs: typing.Any) -> builtins.bool:
10863
+ return isinstance(rhs, self.__class__) and rhs._values == self._values
10864
+
10865
+ def __ne__(self, rhs: typing.Any) -> builtins.bool:
10866
+ return not (rhs == self)
10867
+
10868
+ def __repr__(self) -> str:
10869
+ return "XssMatchStatementProperty(%s)" % ", ".join(
10870
+ k + "=" + repr(v) for k, v in self._values.items()
11709
10871
  )
10872
+
10873
+
10874
+ @jsii.data_type(
10875
+ jsii_type="aws-cdk-lib.aws_wafv2.CfnRuleGroupProps",
10876
+ jsii_struct_bases=[],
10877
+ name_mapping={
10878
+ "capacity": "capacity",
10879
+ "scope": "scope",
10880
+ "visibility_config": "visibilityConfig",
10881
+ "available_labels": "availableLabels",
10882
+ "consumed_labels": "consumedLabels",
10883
+ "custom_response_bodies": "customResponseBodies",
10884
+ "description": "description",
10885
+ "name": "name",
10886
+ "rules": "rules",
10887
+ "tags": "tags",
10888
+ },
10889
+ )
10890
+ class CfnRuleGroupProps:
10891
+ def __init__(
10892
+ self,
10893
+ *,
10894
+ capacity: jsii.Number,
10895
+ scope: builtins.str,
10896
+ visibility_config: typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.VisibilityConfigProperty, typing.Dict[builtins.str, typing.Any]]],
10897
+ available_labels: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.LabelSummaryProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
10898
+ consumed_labels: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.LabelSummaryProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
10899
+ custom_response_bodies: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.CustomResponseBodyProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
10900
+ description: typing.Optional[builtins.str] = None,
10901
+ name: typing.Optional[builtins.str] = None,
10902
+ rules: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.RuleProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
10903
+ tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
10904
+ ) -> None:
10905
+ '''Properties for defining a ``CfnRuleGroup``.
10906
+
10907
+ :param capacity: The web ACL capacity units (WCUs) required for this rule group. When you create your own rule group, you define this, and you cannot change it after creation. When you add or modify the rules in a rule group, AWS WAF enforces this limit. AWS WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. AWS WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. The WCU limit for web ACLs is 1,500.
10908
+ :param scope: Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance. Valid Values are ``CLOUDFRONT`` and ``REGIONAL`` . .. epigraph:: For ``CLOUDFRONT`` , you must create your WAFv2 resources in the US East (N. Virginia) Region, ``us-east-1`` .
10909
+ :param visibility_config: Defines and enables Amazon CloudWatch metrics and web request sample collection.
10910
+ :param available_labels: The labels that one or more rules in this rule group add to matching web requests. These labels are defined in the ``RuleLabels`` for a ``Rule`` .
10911
+ :param consumed_labels: The labels that one or more rules in this rule group match against in label match statements. These labels are defined in a ``LabelMatchStatement`` specification, in the ``Statement`` definition of a rule.
10912
+ :param custom_response_bodies: A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the rule group, and then use them in the rules that you define in the rule group. For information about customizing web requests and responses, see `Customizing web requests and responses in AWS WAF <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html>`_ in the *AWS WAF Developer Guide* . For information about the limits on count and size for custom request and response settings, see `AWS WAF quotas <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html>`_ in the *AWS WAF Developer Guide* .
10913
+ :param description: A description of the rule group that helps with identification.
10914
+ :param name: The name of the rule group. You cannot change the name of a rule group after you create it.
10915
+ :param rules: The rule statements used to identify the web requests that you want to allow, block, or count. Each rule includes one top-level statement that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.
10916
+ :param tags: Key:value pairs associated with an AWS resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each AWS resource. .. epigraph:: To modify tags on existing resources, use the AWS WAF APIs or command line interface. With AWS CloudFormation , you can only add tags to AWS WAF resources during resource creation.
10917
+
10918
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-rulegroup.html
10919
+ :exampleMetadata: fixture=_generated
10920
+
10921
+ Example::
10922
+
10923
+
11710
10924
  '''
11711
10925
  if __debug__:
11712
10926
  type_hints = typing.get_type_hints(_typecheckingstub__c8dfa44d9c30297c12ad00bd34bbd4b85ea5438f4127e7e97226c16565c6ef5b)
@@ -11934,6 +11148,7 @@ class CfnWebACL(
11934
11148
  captcha_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.CaptchaConfigProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
11935
11149
  challenge_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.ChallengeConfigProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
11936
11150
  custom_response_bodies: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.CustomResponseBodyProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
11151
+ data_protection_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.DataProtectionConfigProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
11937
11152
  description: typing.Optional[builtins.str] = None,
11938
11153
  name: typing.Optional[builtins.str] = None,
11939
11154
  rules: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.RuleProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
@@ -11950,6 +11165,7 @@ class CfnWebACL(
11950
11165
  :param captcha_config: Specifies how AWS WAF should handle ``CAPTCHA`` evaluations for rules that don't have their own ``CaptchaConfig`` settings. If you don't specify this, AWS WAF uses its default settings for ``CaptchaConfig`` .
11951
11166
  :param challenge_config: Specifies how AWS WAF should handle challenge evaluations for rules that don't have their own ``ChallengeConfig`` settings. If you don't specify this, AWS WAF uses its default settings for ``ChallengeConfig`` .
11952
11167
  :param custom_response_bodies: A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL. For information about customizing web requests and responses, see `Customizing web requests and responses in AWS WAF <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html>`_ in the *AWS WAF Developer Guide* . For information about the limits on count and size for custom request and response settings, see `AWS WAF quotas <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html>`_ in the *AWS WAF Developer Guide* .
11168
+ :param data_protection_config: Specifies data protection to apply to the web request data for the web ACL. This is a web ACL level data protection option. The data protection that you configure for the web ACL alters the data that's available for any other data collection activity, including your AWS WAF logging destinations, web ACL request sampling, and Amazon Security Lake data collection and management. Your other option for data protection is in the logging configuration, which only affects logging.
11953
11169
  :param description: A description of the web ACL that helps with identification.
11954
11170
  :param name: The name of the web ACL. You cannot change the name of a web ACL after you create it.
11955
11171
  :param rules: The rule statements used to identify the web requests that you want to manage. Each rule includes one top-level statement that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.
@@ -11968,6 +11184,7 @@ class CfnWebACL(
11968
11184
  captcha_config=captcha_config,
11969
11185
  challenge_config=challenge_config,
11970
11186
  custom_response_bodies=custom_response_bodies,
11187
+ data_protection_config=data_protection_config,
11971
11188
  description=description,
11972
11189
  name=name,
11973
11190
  rules=rules,
@@ -12183,6 +11400,24 @@ class CfnWebACL(
12183
11400
  check_type(argname="argument value", value=value, expected_type=type_hints["value"])
12184
11401
  jsii.set(self, "customResponseBodies", value) # pyright: ignore[reportArgumentType]
12185
11402
 
11403
+ @builtins.property
11404
+ @jsii.member(jsii_name="dataProtectionConfig")
11405
+ def data_protection_config(
11406
+ self,
11407
+ ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWebACL.DataProtectionConfigProperty"]]:
11408
+ '''Specifies data protection to apply to the web request data for the web ACL.'''
11409
+ return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWebACL.DataProtectionConfigProperty"]], jsii.get(self, "dataProtectionConfig"))
11410
+
11411
+ @data_protection_config.setter
11412
+ def data_protection_config(
11413
+ self,
11414
+ value: typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWebACL.DataProtectionConfigProperty"]],
11415
+ ) -> None:
11416
+ if __debug__:
11417
+ type_hints = typing.get_type_hints(_typecheckingstub__c8fdb8c606175920c3facb5c8db0632e7cdc7bedffcd3c6c787bab31ba6f6474)
11418
+ check_type(argname="argument value", value=value, expected_type=type_hints["value"])
11419
+ jsii.set(self, "dataProtectionConfig", value) # pyright: ignore[reportArgumentType]
11420
+
12186
11421
  @builtins.property
12187
11422
  @jsii.member(jsii_name="description")
12188
11423
  def description(self) -> typing.Optional[builtins.str]:
@@ -13116,6 +12351,9 @@ class CfnWebACL(
13116
12351
  query_string=query_string,
13117
12352
  single_header=single_header,
13118
12353
  single_query_argument=single_query_argument,
12354
+ uri_fragment=wafv2.CfnWebACL.UriFragmentProperty(
12355
+ fallback_behavior="fallbackBehavior"
12356
+ ),
13119
12357
  uri_path=uri_path
13120
12358
  ),
13121
12359
  positional_constraint="positionalConstraint",
@@ -13981,37 +13219,261 @@ class CfnWebACL(
13981
13219
  )
13982
13220
  '''
13983
13221
  if __debug__:
13984
- type_hints = typing.get_type_hints(_typecheckingstub__281879092afa665915e6fd969d0e9a5b5b4898fe8ef498c2dea6a4bf1109aafa)
13985
- check_type(argname="argument content", value=content, expected_type=type_hints["content"])
13986
- check_type(argname="argument content_type", value=content_type, expected_type=type_hints["content_type"])
13222
+ type_hints = typing.get_type_hints(_typecheckingstub__281879092afa665915e6fd969d0e9a5b5b4898fe8ef498c2dea6a4bf1109aafa)
13223
+ check_type(argname="argument content", value=content, expected_type=type_hints["content"])
13224
+ check_type(argname="argument content_type", value=content_type, expected_type=type_hints["content_type"])
13225
+ self._values: typing.Dict[builtins.str, typing.Any] = {
13226
+ "content": content,
13227
+ "content_type": content_type,
13228
+ }
13229
+
13230
+ @builtins.property
13231
+ def content(self) -> builtins.str:
13232
+ '''The payload of the custom response.
13233
+
13234
+ You can use JSON escape strings in JSON content. To do this, you must specify JSON content in the ``ContentType`` setting.
13235
+
13236
+ For information about the limits on count and size for custom request and response settings, see `AWS WAF quotas <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html>`_ in the *AWS WAF Developer Guide* .
13237
+
13238
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customresponsebody.html#cfn-wafv2-webacl-customresponsebody-content
13239
+ '''
13240
+ result = self._values.get("content")
13241
+ assert result is not None, "Required property 'content' is missing"
13242
+ return typing.cast(builtins.str, result)
13243
+
13244
+ @builtins.property
13245
+ def content_type(self) -> builtins.str:
13246
+ '''The type of content in the payload that you are defining in the ``Content`` string.
13247
+
13248
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customresponsebody.html#cfn-wafv2-webacl-customresponsebody-contenttype
13249
+ '''
13250
+ result = self._values.get("content_type")
13251
+ assert result is not None, "Required property 'content_type' is missing"
13252
+ return typing.cast(builtins.str, result)
13253
+
13254
+ def __eq__(self, rhs: typing.Any) -> builtins.bool:
13255
+ return isinstance(rhs, self.__class__) and rhs._values == self._values
13256
+
13257
+ def __ne__(self, rhs: typing.Any) -> builtins.bool:
13258
+ return not (rhs == self)
13259
+
13260
+ def __repr__(self) -> str:
13261
+ return "CustomResponseBodyProperty(%s)" % ", ".join(
13262
+ k + "=" + repr(v) for k, v in self._values.items()
13263
+ )
13264
+
13265
+ @jsii.data_type(
13266
+ jsii_type="aws-cdk-lib.aws_wafv2.CfnWebACL.CustomResponseProperty",
13267
+ jsii_struct_bases=[],
13268
+ name_mapping={
13269
+ "response_code": "responseCode",
13270
+ "custom_response_body_key": "customResponseBodyKey",
13271
+ "response_headers": "responseHeaders",
13272
+ },
13273
+ )
13274
+ class CustomResponseProperty:
13275
+ def __init__(
13276
+ self,
13277
+ *,
13278
+ response_code: jsii.Number,
13279
+ custom_response_body_key: typing.Optional[builtins.str] = None,
13280
+ response_headers: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.CustomHTTPHeaderProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
13281
+ ) -> None:
13282
+ '''A custom response to send to the client.
13283
+
13284
+ You can define a custom response for rule actions and default web ACL actions that are set to the block action.
13285
+
13286
+ For information about customizing web requests and responses, see `Customizing web requests and responses in AWS WAF <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html>`_ in the `AWS WAF developer guide <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html>`_ .
13287
+
13288
+ :param response_code: The HTTP status code to return to the client. For a list of status codes that you can use in your custom responses, see `Supported status codes for custom response <https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html>`_ in the *AWS WAF Developer Guide* .
13289
+ :param custom_response_body_key: References the response body that you want AWS WAF to return to the web request client. You can define a custom response for a rule action or a default web ACL action that is set to block. To do this, you first define the response body key and value in the ``CustomResponseBodies`` setting for the ``WebACL`` or ``RuleGroup`` where you want to use it. Then, in the rule action or web ACL default action ``BlockAction`` setting, you reference the response body using this key.
13290
+ :param response_headers: The HTTP headers to use in the response. You can specify any header name except for ``content-type`` . Duplicate header names are not allowed. For information about the limits on count and size for custom request and response settings, see `AWS WAF quotas <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html>`_ in the *AWS WAF Developer Guide* .
13291
+
13292
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customresponse.html
13293
+ :exampleMetadata: fixture=_generated
13294
+
13295
+ Example::
13296
+
13297
+ # The code below shows an example of how to instantiate this type.
13298
+ # The values are placeholders you should change.
13299
+ from aws_cdk import aws_wafv2 as wafv2
13300
+
13301
+ custom_response_property = wafv2.CfnWebACL.CustomResponseProperty(
13302
+ response_code=123,
13303
+
13304
+ # the properties below are optional
13305
+ custom_response_body_key="customResponseBodyKey",
13306
+ response_headers=[wafv2.CfnWebACL.CustomHTTPHeaderProperty(
13307
+ name="name",
13308
+ value="value"
13309
+ )]
13310
+ )
13311
+ '''
13312
+ if __debug__:
13313
+ type_hints = typing.get_type_hints(_typecheckingstub__6dbc9439dfbaeae9e0932894939e1048a58a2d028d4ee3fbdcead25e1600ad91)
13314
+ check_type(argname="argument response_code", value=response_code, expected_type=type_hints["response_code"])
13315
+ check_type(argname="argument custom_response_body_key", value=custom_response_body_key, expected_type=type_hints["custom_response_body_key"])
13316
+ check_type(argname="argument response_headers", value=response_headers, expected_type=type_hints["response_headers"])
13317
+ self._values: typing.Dict[builtins.str, typing.Any] = {
13318
+ "response_code": response_code,
13319
+ }
13320
+ if custom_response_body_key is not None:
13321
+ self._values["custom_response_body_key"] = custom_response_body_key
13322
+ if response_headers is not None:
13323
+ self._values["response_headers"] = response_headers
13324
+
13325
+ @builtins.property
13326
+ def response_code(self) -> jsii.Number:
13327
+ '''The HTTP status code to return to the client.
13328
+
13329
+ For a list of status codes that you can use in your custom responses, see `Supported status codes for custom response <https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html>`_ in the *AWS WAF Developer Guide* .
13330
+
13331
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customresponse.html#cfn-wafv2-webacl-customresponse-responsecode
13332
+ '''
13333
+ result = self._values.get("response_code")
13334
+ assert result is not None, "Required property 'response_code' is missing"
13335
+ return typing.cast(jsii.Number, result)
13336
+
13337
+ @builtins.property
13338
+ def custom_response_body_key(self) -> typing.Optional[builtins.str]:
13339
+ '''References the response body that you want AWS WAF to return to the web request client.
13340
+
13341
+ You can define a custom response for a rule action or a default web ACL action that is set to block. To do this, you first define the response body key and value in the ``CustomResponseBodies`` setting for the ``WebACL`` or ``RuleGroup`` where you want to use it. Then, in the rule action or web ACL default action ``BlockAction`` setting, you reference the response body using this key.
13342
+
13343
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customresponse.html#cfn-wafv2-webacl-customresponse-customresponsebodykey
13344
+ '''
13345
+ result = self._values.get("custom_response_body_key")
13346
+ return typing.cast(typing.Optional[builtins.str], result)
13347
+
13348
+ @builtins.property
13349
+ def response_headers(
13350
+ self,
13351
+ ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnWebACL.CustomHTTPHeaderProperty"]]]]:
13352
+ '''The HTTP headers to use in the response.
13353
+
13354
+ You can specify any header name except for ``content-type`` . Duplicate header names are not allowed.
13355
+
13356
+ For information about the limits on count and size for custom request and response settings, see `AWS WAF quotas <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html>`_ in the *AWS WAF Developer Guide* .
13357
+
13358
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customresponse.html#cfn-wafv2-webacl-customresponse-responseheaders
13359
+ '''
13360
+ result = self._values.get("response_headers")
13361
+ return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnWebACL.CustomHTTPHeaderProperty"]]]], result)
13362
+
13363
+ def __eq__(self, rhs: typing.Any) -> builtins.bool:
13364
+ return isinstance(rhs, self.__class__) and rhs._values == self._values
13365
+
13366
+ def __ne__(self, rhs: typing.Any) -> builtins.bool:
13367
+ return not (rhs == self)
13368
+
13369
+ def __repr__(self) -> str:
13370
+ return "CustomResponseProperty(%s)" % ", ".join(
13371
+ k + "=" + repr(v) for k, v in self._values.items()
13372
+ )
13373
+
13374
+ @jsii.data_type(
13375
+ jsii_type="aws-cdk-lib.aws_wafv2.CfnWebACL.DataProtectProperty",
13376
+ jsii_struct_bases=[],
13377
+ name_mapping={
13378
+ "action": "action",
13379
+ "field": "field",
13380
+ "exclude_rate_based_details": "excludeRateBasedDetails",
13381
+ "exclude_rule_match_details": "excludeRuleMatchDetails",
13382
+ },
13383
+ )
13384
+ class DataProtectProperty:
13385
+ def __init__(
13386
+ self,
13387
+ *,
13388
+ action: builtins.str,
13389
+ field: typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.FieldToProtectProperty", typing.Dict[builtins.str, typing.Any]]],
13390
+ exclude_rate_based_details: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
13391
+ exclude_rule_match_details: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
13392
+ ) -> None:
13393
+ '''
13394
+ :param action:
13395
+ :param field: Field in log to protect.
13396
+ :param exclude_rate_based_details:
13397
+ :param exclude_rule_match_details:
13398
+
13399
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-dataprotect.html
13400
+ :exampleMetadata: fixture=_generated
13401
+
13402
+ Example::
13403
+
13404
+ # The code below shows an example of how to instantiate this type.
13405
+ # The values are placeholders you should change.
13406
+ from aws_cdk import aws_wafv2 as wafv2
13407
+
13408
+ data_protect_property = wafv2.CfnWebACL.DataProtectProperty(
13409
+ action="action",
13410
+ field=wafv2.CfnWebACL.FieldToProtectProperty(
13411
+ field_type="fieldType",
13412
+
13413
+ # the properties below are optional
13414
+ field_keys=["fieldKeys"]
13415
+ ),
13416
+
13417
+ # the properties below are optional
13418
+ exclude_rate_based_details=False,
13419
+ exclude_rule_match_details=False
13420
+ )
13421
+ '''
13422
+ if __debug__:
13423
+ type_hints = typing.get_type_hints(_typecheckingstub__426b9eaa484bd1569796d5a87210701ae64a082cfa2a2f0342a5b25283344e18)
13424
+ check_type(argname="argument action", value=action, expected_type=type_hints["action"])
13425
+ check_type(argname="argument field", value=field, expected_type=type_hints["field"])
13426
+ check_type(argname="argument exclude_rate_based_details", value=exclude_rate_based_details, expected_type=type_hints["exclude_rate_based_details"])
13427
+ check_type(argname="argument exclude_rule_match_details", value=exclude_rule_match_details, expected_type=type_hints["exclude_rule_match_details"])
13987
13428
  self._values: typing.Dict[builtins.str, typing.Any] = {
13988
- "content": content,
13989
- "content_type": content_type,
13429
+ "action": action,
13430
+ "field": field,
13990
13431
  }
13432
+ if exclude_rate_based_details is not None:
13433
+ self._values["exclude_rate_based_details"] = exclude_rate_based_details
13434
+ if exclude_rule_match_details is not None:
13435
+ self._values["exclude_rule_match_details"] = exclude_rule_match_details
13991
13436
 
13992
13437
  @builtins.property
13993
- def content(self) -> builtins.str:
13994
- '''The payload of the custom response.
13995
-
13996
- You can use JSON escape strings in JSON content. To do this, you must specify JSON content in the ``ContentType`` setting.
13438
+ def action(self) -> builtins.str:
13439
+ '''
13440
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-dataprotect.html#cfn-wafv2-webacl-dataprotect-action
13441
+ '''
13442
+ result = self._values.get("action")
13443
+ assert result is not None, "Required property 'action' is missing"
13444
+ return typing.cast(builtins.str, result)
13997
13445
 
13998
- For information about the limits on count and size for custom request and response settings, see `AWS WAF quotas <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html>`_ in the *AWS WAF Developer Guide* .
13446
+ @builtins.property
13447
+ def field(
13448
+ self,
13449
+ ) -> typing.Union[_IResolvable_da3f097b, "CfnWebACL.FieldToProtectProperty"]:
13450
+ '''Field in log to protect.
13999
13451
 
14000
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customresponsebody.html#cfn-wafv2-webacl-customresponsebody-content
13452
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-dataprotect.html#cfn-wafv2-webacl-dataprotect-field
14001
13453
  '''
14002
- result = self._values.get("content")
14003
- assert result is not None, "Required property 'content' is missing"
14004
- return typing.cast(builtins.str, result)
13454
+ result = self._values.get("field")
13455
+ assert result is not None, "Required property 'field' is missing"
13456
+ return typing.cast(typing.Union[_IResolvable_da3f097b, "CfnWebACL.FieldToProtectProperty"], result)
14005
13457
 
14006
13458
  @builtins.property
14007
- def content_type(self) -> builtins.str:
14008
- '''The type of content in the payload that you are defining in the ``Content`` string.
13459
+ def exclude_rate_based_details(
13460
+ self,
13461
+ ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
13462
+ '''
13463
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-dataprotect.html#cfn-wafv2-webacl-dataprotect-excluderatebaseddetails
13464
+ '''
13465
+ result = self._values.get("exclude_rate_based_details")
13466
+ return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
14009
13467
 
14010
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customresponsebody.html#cfn-wafv2-webacl-customresponsebody-contenttype
13468
+ @builtins.property
13469
+ def exclude_rule_match_details(
13470
+ self,
13471
+ ) -> typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]]:
14011
13472
  '''
14012
- result = self._values.get("content_type")
14013
- assert result is not None, "Required property 'content_type' is missing"
14014
- return typing.cast(builtins.str, result)
13473
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-dataprotect.html#cfn-wafv2-webacl-dataprotect-excluderulematchdetails
13474
+ '''
13475
+ result = self._values.get("exclude_rule_match_details")
13476
+ return typing.cast(typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]], result)
14015
13477
 
14016
13478
  def __eq__(self, rhs: typing.Any) -> builtins.bool:
14017
13479
  return isinstance(rhs, self.__class__) and rhs._values == self._values
@@ -14020,38 +13482,32 @@ class CfnWebACL(
14020
13482
  return not (rhs == self)
14021
13483
 
14022
13484
  def __repr__(self) -> str:
14023
- return "CustomResponseBodyProperty(%s)" % ", ".join(
13485
+ return "DataProtectProperty(%s)" % ", ".join(
14024
13486
  k + "=" + repr(v) for k, v in self._values.items()
14025
13487
  )
14026
13488
 
14027
13489
  @jsii.data_type(
14028
- jsii_type="aws-cdk-lib.aws_wafv2.CfnWebACL.CustomResponseProperty",
13490
+ jsii_type="aws-cdk-lib.aws_wafv2.CfnWebACL.DataProtectionConfigProperty",
14029
13491
  jsii_struct_bases=[],
14030
- name_mapping={
14031
- "response_code": "responseCode",
14032
- "custom_response_body_key": "customResponseBodyKey",
14033
- "response_headers": "responseHeaders",
14034
- },
13492
+ name_mapping={"data_protections": "dataProtections"},
14035
13493
  )
14036
- class CustomResponseProperty:
13494
+ class DataProtectionConfigProperty:
14037
13495
  def __init__(
14038
13496
  self,
14039
13497
  *,
14040
- response_code: jsii.Number,
14041
- custom_response_body_key: typing.Optional[builtins.str] = None,
14042
- response_headers: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.CustomHTTPHeaderProperty", typing.Dict[builtins.str, typing.Any]]]]]] = None,
13498
+ data_protections: typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.DataProtectProperty", typing.Dict[builtins.str, typing.Any]]]]],
14043
13499
  ) -> None:
14044
- '''A custom response to send to the client.
13500
+ '''Specifies data protection to apply to the web request data for the web ACL.
14045
13501
 
14046
- You can define a custom response for rule actions and default web ACL actions that are set to the block action.
13502
+ This is a web ACL level data protection option.
14047
13503
 
14048
- For information about customizing web requests and responses, see `Customizing web requests and responses in AWS WAF <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html>`_ in the `AWS WAF developer guide <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html>`_ .
13504
+ The data protection that you configure for the web ACL alters the data that's available for any other data collection activity, including your AWS WAF logging destinations, web ACL request sampling, and Amazon Security Lake data collection and management. Your other option for data protection is in the logging configuration, which only affects logging.
14049
13505
 
14050
- :param response_code: The HTTP status code to return to the client. For a list of status codes that you can use in your custom responses, see `Supported status codes for custom response <https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html>`_ in the *AWS WAF Developer Guide* .
14051
- :param custom_response_body_key: References the response body that you want AWS WAF to return to the web request client. You can define a custom response for a rule action or a default web ACL action that is set to block. To do this, you first define the response body key and value in the ``CustomResponseBodies`` setting for the ``WebACL`` or ``RuleGroup`` where you want to use it. Then, in the rule action or web ACL default action ``BlockAction`` setting, you reference the response body using this key.
14052
- :param response_headers: The HTTP headers to use in the response. You can specify any header name except for ``content-type`` . Duplicate header names are not allowed. For information about the limits on count and size for custom request and response settings, see `AWS WAF quotas <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html>`_ in the *AWS WAF Developer Guide* .
13506
+ This is part of the data protection configuration for a web ACL.
14053
13507
 
14054
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customresponse.html
13508
+ :param data_protections: An array of data protection configurations for specific web request field types. This is defined for each web ACL. AWS WAF applies the specified protection to all web requests that the web ACL inspects.
13509
+
13510
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-dataprotectionconfig.html
14055
13511
  :exampleMetadata: fixture=_generated
14056
13512
 
14057
13513
  Example::
@@ -14060,67 +13516,42 @@ class CfnWebACL(
14060
13516
  # The values are placeholders you should change.
14061
13517
  from aws_cdk import aws_wafv2 as wafv2
14062
13518
 
14063
- custom_response_property = wafv2.CfnWebACL.CustomResponseProperty(
14064
- response_code=123,
13519
+ data_protection_config_property = wafv2.CfnWebACL.DataProtectionConfigProperty(
13520
+ data_protections=[wafv2.CfnWebACL.DataProtectProperty(
13521
+ action="action",
13522
+ field=wafv2.CfnWebACL.FieldToProtectProperty(
13523
+ field_type="fieldType",
14065
13524
 
14066
- # the properties below are optional
14067
- custom_response_body_key="customResponseBodyKey",
14068
- response_headers=[wafv2.CfnWebACL.CustomHTTPHeaderProperty(
14069
- name="name",
14070
- value="value"
13525
+ # the properties below are optional
13526
+ field_keys=["fieldKeys"]
13527
+ ),
13528
+
13529
+ # the properties below are optional
13530
+ exclude_rate_based_details=False,
13531
+ exclude_rule_match_details=False
14071
13532
  )]
14072
13533
  )
14073
13534
  '''
14074
13535
  if __debug__:
14075
- type_hints = typing.get_type_hints(_typecheckingstub__6dbc9439dfbaeae9e0932894939e1048a58a2d028d4ee3fbdcead25e1600ad91)
14076
- check_type(argname="argument response_code", value=response_code, expected_type=type_hints["response_code"])
14077
- check_type(argname="argument custom_response_body_key", value=custom_response_body_key, expected_type=type_hints["custom_response_body_key"])
14078
- check_type(argname="argument response_headers", value=response_headers, expected_type=type_hints["response_headers"])
13536
+ type_hints = typing.get_type_hints(_typecheckingstub__00facdbed1fde99291b1bde086b472ce66ee6dd143e53d5639cc3ea8b02e5eac)
13537
+ check_type(argname="argument data_protections", value=data_protections, expected_type=type_hints["data_protections"])
14079
13538
  self._values: typing.Dict[builtins.str, typing.Any] = {
14080
- "response_code": response_code,
13539
+ "data_protections": data_protections,
14081
13540
  }
14082
- if custom_response_body_key is not None:
14083
- self._values["custom_response_body_key"] = custom_response_body_key
14084
- if response_headers is not None:
14085
- self._values["response_headers"] = response_headers
14086
-
14087
- @builtins.property
14088
- def response_code(self) -> jsii.Number:
14089
- '''The HTTP status code to return to the client.
14090
-
14091
- For a list of status codes that you can use in your custom responses, see `Supported status codes for custom response <https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html>`_ in the *AWS WAF Developer Guide* .
14092
-
14093
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customresponse.html#cfn-wafv2-webacl-customresponse-responsecode
14094
- '''
14095
- result = self._values.get("response_code")
14096
- assert result is not None, "Required property 'response_code' is missing"
14097
- return typing.cast(jsii.Number, result)
14098
-
14099
- @builtins.property
14100
- def custom_response_body_key(self) -> typing.Optional[builtins.str]:
14101
- '''References the response body that you want AWS WAF to return to the web request client.
14102
-
14103
- You can define a custom response for a rule action or a default web ACL action that is set to block. To do this, you first define the response body key and value in the ``CustomResponseBodies`` setting for the ``WebACL`` or ``RuleGroup`` where you want to use it. Then, in the rule action or web ACL default action ``BlockAction`` setting, you reference the response body using this key.
14104
-
14105
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customresponse.html#cfn-wafv2-webacl-customresponse-customresponsebodykey
14106
- '''
14107
- result = self._values.get("custom_response_body_key")
14108
- return typing.cast(typing.Optional[builtins.str], result)
14109
13541
 
14110
13542
  @builtins.property
14111
- def response_headers(
13543
+ def data_protections(
14112
13544
  self,
14113
- ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnWebACL.CustomHTTPHeaderProperty"]]]]:
14114
- '''The HTTP headers to use in the response.
14115
-
14116
- You can specify any header name except for ``content-type`` . Duplicate header names are not allowed.
13545
+ ) -> typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnWebACL.DataProtectProperty"]]]:
13546
+ '''An array of data protection configurations for specific web request field types.
14117
13547
 
14118
- For information about the limits on count and size for custom request and response settings, see `AWS WAF quotas <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html>`_ in the *AWS WAF Developer Guide* .
13548
+ This is defined for each web ACL. AWS WAF applies the specified protection to all web requests that the web ACL inspects.
14119
13549
 
14120
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customresponse.html#cfn-wafv2-webacl-customresponse-responseheaders
13550
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-dataprotectionconfig.html#cfn-wafv2-webacl-dataprotectionconfig-dataprotections
14121
13551
  '''
14122
- result = self._values.get("response_headers")
14123
- return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnWebACL.CustomHTTPHeaderProperty"]]]], result)
13552
+ result = self._values.get("data_protections")
13553
+ assert result is not None, "Required property 'data_protections' is missing"
13554
+ return typing.cast(typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnWebACL.DataProtectProperty"]]], result)
14124
13555
 
14125
13556
  def __eq__(self, rhs: typing.Any) -> builtins.bool:
14126
13557
  return isinstance(rhs, self.__class__) and rhs._values == self._values
@@ -14129,7 +13560,7 @@ class CfnWebACL(
14129
13560
  return not (rhs == self)
14130
13561
 
14131
13562
  def __repr__(self) -> str:
14132
- return "CustomResponseProperty(%s)" % ", ".join(
13563
+ return "DataProtectionConfigProperty(%s)" % ", ".join(
14133
13564
  k + "=" + repr(v) for k, v in self._values.items()
14134
13565
  )
14135
13566
 
@@ -14358,6 +13789,7 @@ class CfnWebACL(
14358
13789
  "query_string": "queryString",
14359
13790
  "single_header": "singleHeader",
14360
13791
  "single_query_argument": "singleQueryArgument",
13792
+ "uri_fragment": "uriFragment",
14361
13793
  "uri_path": "uriPath",
14362
13794
  },
14363
13795
  )
@@ -14376,6 +13808,7 @@ class CfnWebACL(
14376
13808
  query_string: typing.Any = None,
14377
13809
  single_header: typing.Any = None,
14378
13810
  single_query_argument: typing.Any = None,
13811
+ uri_fragment: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.UriFragmentProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
14379
13812
  uri_path: typing.Any = None,
14380
13813
  ) -> None:
14381
13814
  '''Specifies a web request component to be used in a rule match statement or in a logging configuration.
@@ -14406,6 +13839,7 @@ class CfnWebACL(
14406
13839
  :param query_string: Inspect the query string. This is the part of a URL that appears after a ``?`` character, if any.
14407
13840
  :param single_header: Inspect a single header. Provide the name of the header to inspect, for example, ``User-Agent`` or ``Referer`` . This setting isn't case sensitive. Example JSON: ``"SingleHeader": { "Name": "haystack" }`` Alternately, you can filter and inspect all headers with the ``Headers`` ``FieldToMatch`` setting.
14408
13841
  :param single_query_argument: Inspect a single query argument. Provide the name of the query argument to inspect, such as *UserName* or *SalesRegion* . The name can be up to 30 characters long and isn't case sensitive. Example JSON: ``"SingleQueryArgument": { "Name": "myArgument" }``
13842
+ :param uri_fragment: The path component of the URI Fragment. This is the part of a web request that identifies a fragment uri, for example, /abcd#introduction
14409
13843
  :param uri_path: Inspect the request URI path. This is the part of the web request that identifies a resource, for example, ``/images/daily-ad.jpg`` .
14410
13844
 
14411
13845
  :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html
@@ -14469,6 +13903,9 @@ class CfnWebACL(
14469
13903
  query_string=query_string,
14470
13904
  single_header=single_header,
14471
13905
  single_query_argument=single_query_argument,
13906
+ uri_fragment=wafv2.CfnWebACL.UriFragmentProperty(
13907
+ fallback_behavior="fallbackBehavior"
13908
+ ),
14472
13909
  uri_path=uri_path
14473
13910
  )
14474
13911
  '''
@@ -14485,6 +13922,7 @@ class CfnWebACL(
14485
13922
  check_type(argname="argument query_string", value=query_string, expected_type=type_hints["query_string"])
14486
13923
  check_type(argname="argument single_header", value=single_header, expected_type=type_hints["single_header"])
14487
13924
  check_type(argname="argument single_query_argument", value=single_query_argument, expected_type=type_hints["single_query_argument"])
13925
+ check_type(argname="argument uri_fragment", value=uri_fragment, expected_type=type_hints["uri_fragment"])
14488
13926
  check_type(argname="argument uri_path", value=uri_path, expected_type=type_hints["uri_path"])
14489
13927
  self._values: typing.Dict[builtins.str, typing.Any] = {}
14490
13928
  if all_query_arguments is not None:
@@ -14509,6 +13947,8 @@ class CfnWebACL(
14509
13947
  self._values["single_header"] = single_header
14510
13948
  if single_query_argument is not None:
14511
13949
  self._values["single_query_argument"] = single_query_argument
13950
+ if uri_fragment is not None:
13951
+ self._values["uri_fragment"] = uri_fragment
14512
13952
  if uri_path is not None:
14513
13953
  self._values["uri_path"] = uri_path
14514
13954
 
@@ -14681,6 +14121,19 @@ class CfnWebACL(
14681
14121
  result = self._values.get("single_query_argument")
14682
14122
  return typing.cast(typing.Any, result)
14683
14123
 
14124
+ @builtins.property
14125
+ def uri_fragment(
14126
+ self,
14127
+ ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWebACL.UriFragmentProperty"]]:
14128
+ '''The path component of the URI Fragment.
14129
+
14130
+ This is the part of a web request that identifies a fragment uri, for example, /abcd#introduction
14131
+
14132
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-urifragment
14133
+ '''
14134
+ result = self._values.get("uri_fragment")
14135
+ return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWebACL.UriFragmentProperty"]], result)
14136
+
14684
14137
  @builtins.property
14685
14138
  def uri_path(self) -> typing.Any:
14686
14139
  '''Inspect the request URI path.
@@ -14703,6 +14156,83 @@ class CfnWebACL(
14703
14156
  k + "=" + repr(v) for k, v in self._values.items()
14704
14157
  )
14705
14158
 
14159
+ @jsii.data_type(
14160
+ jsii_type="aws-cdk-lib.aws_wafv2.CfnWebACL.FieldToProtectProperty",
14161
+ jsii_struct_bases=[],
14162
+ name_mapping={"field_type": "fieldType", "field_keys": "fieldKeys"},
14163
+ )
14164
+ class FieldToProtectProperty:
14165
+ def __init__(
14166
+ self,
14167
+ *,
14168
+ field_type: builtins.str,
14169
+ field_keys: typing.Optional[typing.Sequence[builtins.str]] = None,
14170
+ ) -> None:
14171
+ '''Specifies a field type and keys to protect in stored web request data.
14172
+
14173
+ This is part of the data protection configuration for a web ACL.
14174
+
14175
+ :param field_type: Specifies the web request component type to protect.
14176
+ :param field_keys: Specifies the keys to protect for the specified field type. If you don't specify any key, then all keys for the field type are protected.
14177
+
14178
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtoprotect.html
14179
+ :exampleMetadata: fixture=_generated
14180
+
14181
+ Example::
14182
+
14183
+ # The code below shows an example of how to instantiate this type.
14184
+ # The values are placeholders you should change.
14185
+ from aws_cdk import aws_wafv2 as wafv2
14186
+
14187
+ field_to_protect_property = wafv2.CfnWebACL.FieldToProtectProperty(
14188
+ field_type="fieldType",
14189
+
14190
+ # the properties below are optional
14191
+ field_keys=["fieldKeys"]
14192
+ )
14193
+ '''
14194
+ if __debug__:
14195
+ type_hints = typing.get_type_hints(_typecheckingstub__b289950ea26daa0c8967a6c0a3a4de1a0fa062f7bc5f28fcf70ab8e7fa4989f0)
14196
+ check_type(argname="argument field_type", value=field_type, expected_type=type_hints["field_type"])
14197
+ check_type(argname="argument field_keys", value=field_keys, expected_type=type_hints["field_keys"])
14198
+ self._values: typing.Dict[builtins.str, typing.Any] = {
14199
+ "field_type": field_type,
14200
+ }
14201
+ if field_keys is not None:
14202
+ self._values["field_keys"] = field_keys
14203
+
14204
+ @builtins.property
14205
+ def field_type(self) -> builtins.str:
14206
+ '''Specifies the web request component type to protect.
14207
+
14208
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtoprotect.html#cfn-wafv2-webacl-fieldtoprotect-fieldtype
14209
+ '''
14210
+ result = self._values.get("field_type")
14211
+ assert result is not None, "Required property 'field_type' is missing"
14212
+ return typing.cast(builtins.str, result)
14213
+
14214
+ @builtins.property
14215
+ def field_keys(self) -> typing.Optional[typing.List[builtins.str]]:
14216
+ '''Specifies the keys to protect for the specified field type.
14217
+
14218
+ If you don't specify any key, then all keys for the field type are protected.
14219
+
14220
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtoprotect.html#cfn-wafv2-webacl-fieldtoprotect-fieldkeys
14221
+ '''
14222
+ result = self._values.get("field_keys")
14223
+ return typing.cast(typing.Optional[typing.List[builtins.str]], result)
14224
+
14225
+ def __eq__(self, rhs: typing.Any) -> builtins.bool:
14226
+ return isinstance(rhs, self.__class__) and rhs._values == self._values
14227
+
14228
+ def __ne__(self, rhs: typing.Any) -> builtins.bool:
14229
+ return not (rhs == self)
14230
+
14231
+ def __repr__(self) -> str:
14232
+ return "FieldToProtectProperty(%s)" % ", ".join(
14233
+ k + "=" + repr(v) for k, v in self._values.items()
14234
+ )
14235
+
14706
14236
  @jsii.data_type(
14707
14237
  jsii_type="aws-cdk-lib.aws_wafv2.CfnWebACL.ForwardedIPConfigurationProperty",
14708
14238
  jsii_struct_bases=[],
@@ -17692,6 +17222,9 @@ class CfnWebACL(
17692
17222
  query_string=query_string,
17693
17223
  single_header=single_header,
17694
17224
  single_query_argument=single_query_argument,
17225
+ uri_fragment=wafv2.CfnWebACL.UriFragmentProperty(
17226
+ fallback_behavior="fallbackBehavior"
17227
+ ),
17695
17228
  uri_path=uri_path
17696
17229
  ),
17697
17230
  regex_string="regexString",
@@ -17849,6 +17382,9 @@ class CfnWebACL(
17849
17382
  query_string=query_string,
17850
17383
  single_header=single_header,
17851
17384
  single_query_argument=single_query_argument,
17385
+ uri_fragment=wafv2.CfnWebACL.UriFragmentProperty(
17386
+ fallback_behavior="fallbackBehavior"
17387
+ ),
17852
17388
  uri_path=uri_path
17853
17389
  ),
17854
17390
  text_transformations=[wafv2.CfnWebACL.TextTransformationProperty(
@@ -19764,6 +19300,9 @@ class CfnWebACL(
19764
19300
  query_string=query_string,
19765
19301
  single_header=single_header,
19766
19302
  single_query_argument=single_query_argument,
19303
+ uri_fragment=wafv2.CfnWebACL.UriFragmentProperty(
19304
+ fallback_behavior="fallbackBehavior"
19305
+ ),
19767
19306
  uri_path=uri_path
19768
19307
  ),
19769
19308
  size=123,
@@ -19930,6 +19469,9 @@ class CfnWebACL(
19930
19469
  query_string=query_string,
19931
19470
  single_header=single_header,
19932
19471
  single_query_argument=single_query_argument,
19472
+ uri_fragment=wafv2.CfnWebACL.UriFragmentProperty(
19473
+ fallback_behavior="fallbackBehavior"
19474
+ ),
19933
19475
  uri_path=uri_path
19934
19476
  ),
19935
19477
  text_transformations=[wafv2.CfnWebACL.TextTransformationProperty(
@@ -20457,6 +19999,62 @@ class CfnWebACL(
20457
19999
  k + "=" + repr(v) for k, v in self._values.items()
20458
20000
  )
20459
20001
 
20002
+ @jsii.data_type(
20003
+ jsii_type="aws-cdk-lib.aws_wafv2.CfnWebACL.UriFragmentProperty",
20004
+ jsii_struct_bases=[],
20005
+ name_mapping={"fallback_behavior": "fallbackBehavior"},
20006
+ )
20007
+ class UriFragmentProperty:
20008
+ def __init__(
20009
+ self,
20010
+ *,
20011
+ fallback_behavior: typing.Optional[builtins.str] = None,
20012
+ ) -> None:
20013
+ '''The path component of the URI Fragment.
20014
+
20015
+ This is the part of a web request that identifies a fragment uri, for example, /abcd#introduction
20016
+
20017
+ :param fallback_behavior:
20018
+
20019
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-urifragment.html
20020
+ :exampleMetadata: fixture=_generated
20021
+
20022
+ Example::
20023
+
20024
+ # The code below shows an example of how to instantiate this type.
20025
+ # The values are placeholders you should change.
20026
+ from aws_cdk import aws_wafv2 as wafv2
20027
+
20028
+ uri_fragment_property = wafv2.CfnWebACL.UriFragmentProperty(
20029
+ fallback_behavior="fallbackBehavior"
20030
+ )
20031
+ '''
20032
+ if __debug__:
20033
+ type_hints = typing.get_type_hints(_typecheckingstub__ff710cae8471ff92b17239c2eddf3d9fc58fc160b82b4603e07b06b6dc3a6dd1)
20034
+ check_type(argname="argument fallback_behavior", value=fallback_behavior, expected_type=type_hints["fallback_behavior"])
20035
+ self._values: typing.Dict[builtins.str, typing.Any] = {}
20036
+ if fallback_behavior is not None:
20037
+ self._values["fallback_behavior"] = fallback_behavior
20038
+
20039
+ @builtins.property
20040
+ def fallback_behavior(self) -> typing.Optional[builtins.str]:
20041
+ '''
20042
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-urifragment.html#cfn-wafv2-webacl-urifragment-fallbackbehavior
20043
+ '''
20044
+ result = self._values.get("fallback_behavior")
20045
+ return typing.cast(typing.Optional[builtins.str], result)
20046
+
20047
+ def __eq__(self, rhs: typing.Any) -> builtins.bool:
20048
+ return isinstance(rhs, self.__class__) and rhs._values == self._values
20049
+
20050
+ def __ne__(self, rhs: typing.Any) -> builtins.bool:
20051
+ return not (rhs == self)
20052
+
20053
+ def __repr__(self) -> str:
20054
+ return "UriFragmentProperty(%s)" % ", ".join(
20055
+ k + "=" + repr(v) for k, v in self._values.items()
20056
+ )
20057
+
20460
20058
  @jsii.data_type(
20461
20059
  jsii_type="aws-cdk-lib.aws_wafv2.CfnWebACL.VisibilityConfigProperty",
20462
20060
  jsii_struct_bases=[],
@@ -20649,6 +20247,9 @@ class CfnWebACL(
20649
20247
  query_string=query_string,
20650
20248
  single_header=single_header,
20651
20249
  single_query_argument=single_query_argument,
20250
+ uri_fragment=wafv2.CfnWebACL.UriFragmentProperty(
20251
+ fallback_behavior="fallbackBehavior"
20252
+ ),
20652
20253
  uri_path=uri_path
20653
20254
  ),
20654
20255
  text_transformations=[wafv2.CfnWebACL.TextTransformationProperty(
@@ -20931,6 +20532,7 @@ class CfnWebACLAssociationProps:
20931
20532
  "captcha_config": "captchaConfig",
20932
20533
  "challenge_config": "challengeConfig",
20933
20534
  "custom_response_bodies": "customResponseBodies",
20535
+ "data_protection_config": "dataProtectionConfig",
20934
20536
  "description": "description",
20935
20537
  "name": "name",
20936
20538
  "rules": "rules",
@@ -20949,6 +20551,7 @@ class CfnWebACLProps:
20949
20551
  captcha_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.CaptchaConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
20950
20552
  challenge_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.ChallengeConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
20951
20553
  custom_response_bodies: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.CustomResponseBodyProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
20554
+ data_protection_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.DataProtectionConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
20952
20555
  description: typing.Optional[builtins.str] = None,
20953
20556
  name: typing.Optional[builtins.str] = None,
20954
20557
  rules: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.RuleProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
@@ -20964,6 +20567,7 @@ class CfnWebACLProps:
20964
20567
  :param captcha_config: Specifies how AWS WAF should handle ``CAPTCHA`` evaluations for rules that don't have their own ``CaptchaConfig`` settings. If you don't specify this, AWS WAF uses its default settings for ``CaptchaConfig`` .
20965
20568
  :param challenge_config: Specifies how AWS WAF should handle challenge evaluations for rules that don't have their own ``ChallengeConfig`` settings. If you don't specify this, AWS WAF uses its default settings for ``ChallengeConfig`` .
20966
20569
  :param custom_response_bodies: A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL. For information about customizing web requests and responses, see `Customizing web requests and responses in AWS WAF <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html>`_ in the *AWS WAF Developer Guide* . For information about the limits on count and size for custom request and response settings, see `AWS WAF quotas <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html>`_ in the *AWS WAF Developer Guide* .
20570
+ :param data_protection_config: Specifies data protection to apply to the web request data for the web ACL. This is a web ACL level data protection option. The data protection that you configure for the web ACL alters the data that's available for any other data collection activity, including your AWS WAF logging destinations, web ACL request sampling, and Amazon Security Lake data collection and management. Your other option for data protection is in the logging configuration, which only affects logging.
20967
20571
  :param description: A description of the web ACL that helps with identification.
20968
20572
  :param name: The name of the web ACL. You cannot change the name of a web ACL after you create it.
20969
20573
  :param rules: The rule statements used to identify the web requests that you want to manage. Each rule includes one top-level statement that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.
@@ -20986,6 +20590,7 @@ class CfnWebACLProps:
20986
20590
  check_type(argname="argument captcha_config", value=captcha_config, expected_type=type_hints["captcha_config"])
20987
20591
  check_type(argname="argument challenge_config", value=challenge_config, expected_type=type_hints["challenge_config"])
20988
20592
  check_type(argname="argument custom_response_bodies", value=custom_response_bodies, expected_type=type_hints["custom_response_bodies"])
20593
+ check_type(argname="argument data_protection_config", value=data_protection_config, expected_type=type_hints["data_protection_config"])
20989
20594
  check_type(argname="argument description", value=description, expected_type=type_hints["description"])
20990
20595
  check_type(argname="argument name", value=name, expected_type=type_hints["name"])
20991
20596
  check_type(argname="argument rules", value=rules, expected_type=type_hints["rules"])
@@ -21004,6 +20609,8 @@ class CfnWebACLProps:
21004
20609
  self._values["challenge_config"] = challenge_config
21005
20610
  if custom_response_bodies is not None:
21006
20611
  self._values["custom_response_bodies"] = custom_response_bodies
20612
+ if data_protection_config is not None:
20613
+ self._values["data_protection_config"] = data_protection_config
21007
20614
  if description is not None:
21008
20615
  self._values["description"] = description
21009
20616
  if name is not None:
@@ -21117,6 +20724,21 @@ class CfnWebACLProps:
21117
20724
  result = self._values.get("custom_response_bodies")
21118
20725
  return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, typing.Union[_IResolvable_da3f097b, CfnWebACL.CustomResponseBodyProperty]]]], result)
21119
20726
 
20727
+ @builtins.property
20728
+ def data_protection_config(
20729
+ self,
20730
+ ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, CfnWebACL.DataProtectionConfigProperty]]:
20731
+ '''Specifies data protection to apply to the web request data for the web ACL.
20732
+
20733
+ This is a web ACL level data protection option.
20734
+
20735
+ The data protection that you configure for the web ACL alters the data that's available for any other data collection activity, including your AWS WAF logging destinations, web ACL request sampling, and Amazon Security Lake data collection and management. Your other option for data protection is in the logging configuration, which only affects logging.
20736
+
20737
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webacl.html#cfn-wafv2-webacl-dataprotectionconfig
20738
+ '''
20739
+ result = self._values.get("data_protection_config")
20740
+ return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, CfnWebACL.DataProtectionConfigProperty]], result)
20741
+
21120
20742
  @builtins.property
21121
20743
  def description(self) -> typing.Optional[builtins.str]:
21122
20744
  '''A description of the web ACL that helps with identification.
@@ -21703,6 +21325,7 @@ def _typecheckingstub__dcb790c3130e52c64e6b7cf00db86b37d1b54427689c46b6c9e6a7122
21703
21325
  query_string: typing.Any = None,
21704
21326
  single_header: typing.Any = None,
21705
21327
  single_query_argument: typing.Any = None,
21328
+ uri_fragment: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.UriFragmentProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
21706
21329
  uri_path: typing.Any = None,
21707
21330
  ) -> None:
21708
21331
  """Type checking stubs"""
@@ -22025,6 +21648,13 @@ def _typecheckingstub__cbdf04ef9e923368f792f61fdb73e804a219fcd9c66ffb20e85214a5a
22025
21648
  """Type checking stubs"""
22026
21649
  pass
22027
21650
 
21651
+ def _typecheckingstub__fe1c476d259659923a1664b8e966720fc48cf48f725562b81ef2c02997f8998a(
21652
+ *,
21653
+ fallback_behavior: typing.Optional[builtins.str] = None,
21654
+ ) -> None:
21655
+ """Type checking stubs"""
21656
+ pass
21657
+
22028
21658
  def _typecheckingstub__ffc3de9fa9cd77d11c4487ad80fc48948664b917c8642b35ca709762ce71fddf(
22029
21659
  *,
22030
21660
  cloud_watch_metrics_enabled: typing.Union[builtins.bool, _IResolvable_da3f097b],
@@ -22069,6 +21699,7 @@ def _typecheckingstub__03030a65c492e95a1d1ae5ddafd6acbb9efdfa7e18b6367ac7e03eb8f
22069
21699
  captcha_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.CaptchaConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
22070
21700
  challenge_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.ChallengeConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
22071
21701
  custom_response_bodies: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.CustomResponseBodyProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
21702
+ data_protection_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.DataProtectionConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
22072
21703
  description: typing.Optional[builtins.str] = None,
22073
21704
  name: typing.Optional[builtins.str] = None,
22074
21705
  rules: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.RuleProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
@@ -22132,6 +21763,12 @@ def _typecheckingstub__5782b9cc65df721fabb81b38101a49b0dce480579e9b262edcfe915ec
22132
21763
  """Type checking stubs"""
22133
21764
  pass
22134
21765
 
21766
+ def _typecheckingstub__c8fdb8c606175920c3facb5c8db0632e7cdc7bedffcd3c6c787bab31ba6f6474(
21767
+ value: typing.Optional[typing.Union[_IResolvable_da3f097b, CfnWebACL.DataProtectionConfigProperty]],
21768
+ ) -> None:
21769
+ """Type checking stubs"""
21770
+ pass
21771
+
22135
21772
  def _typecheckingstub__b7cfda3db6502d36377ec778a8c90e7487c0f54a00cb343261a4d256ace27df9(
22136
21773
  value: typing.Optional[builtins.str],
22137
21774
  ) -> None:
@@ -22322,6 +21959,23 @@ def _typecheckingstub__6dbc9439dfbaeae9e0932894939e1048a58a2d028d4ee3fbdcead25e1
22322
21959
  """Type checking stubs"""
22323
21960
  pass
22324
21961
 
21962
+ def _typecheckingstub__426b9eaa484bd1569796d5a87210701ae64a082cfa2a2f0342a5b25283344e18(
21963
+ *,
21964
+ action: builtins.str,
21965
+ field: typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.FieldToProtectProperty, typing.Dict[builtins.str, typing.Any]]],
21966
+ exclude_rate_based_details: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
21967
+ exclude_rule_match_details: typing.Optional[typing.Union[builtins.bool, _IResolvable_da3f097b]] = None,
21968
+ ) -> None:
21969
+ """Type checking stubs"""
21970
+ pass
21971
+
21972
+ def _typecheckingstub__00facdbed1fde99291b1bde086b472ce66ee6dd143e53d5639cc3ea8b02e5eac(
21973
+ *,
21974
+ data_protections: typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.DataProtectProperty, typing.Dict[builtins.str, typing.Any]]]]],
21975
+ ) -> None:
21976
+ """Type checking stubs"""
21977
+ pass
21978
+
22325
21979
  def _typecheckingstub__4f9b2681c5a7f99be956a44a9c1d132bd2244e6fdc65ac82690f66a9402698b5(
22326
21980
  *,
22327
21981
  allow: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.AllowActionProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
@@ -22357,11 +22011,20 @@ def _typecheckingstub__25d147c856e9a8fd64f4cc05856e4813e584f37ef787792ad3c4e0790
22357
22011
  query_string: typing.Any = None,
22358
22012
  single_header: typing.Any = None,
22359
22013
  single_query_argument: typing.Any = None,
22014
+ uri_fragment: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.UriFragmentProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
22360
22015
  uri_path: typing.Any = None,
22361
22016
  ) -> None:
22362
22017
  """Type checking stubs"""
22363
22018
  pass
22364
22019
 
22020
+ def _typecheckingstub__b289950ea26daa0c8967a6c0a3a4de1a0fa062f7bc5f28fcf70ab8e7fa4989f0(
22021
+ *,
22022
+ field_type: builtins.str,
22023
+ field_keys: typing.Optional[typing.Sequence[builtins.str]] = None,
22024
+ ) -> None:
22025
+ """Type checking stubs"""
22026
+ pass
22027
+
22365
22028
  def _typecheckingstub__db1f5e352c4a5fdd9a13196892955f19f25065d63109402ea882298152866a75(
22366
22029
  *,
22367
22030
  fallback_behavior: builtins.str,
@@ -22798,6 +22461,13 @@ def _typecheckingstub__a7a1f13087f44f2554ec3d9d35f967247b32fc5b6c94bf2eacd3379ce
22798
22461
  """Type checking stubs"""
22799
22462
  pass
22800
22463
 
22464
+ def _typecheckingstub__ff710cae8471ff92b17239c2eddf3d9fc58fc160b82b4603e07b06b6dc3a6dd1(
22465
+ *,
22466
+ fallback_behavior: typing.Optional[builtins.str] = None,
22467
+ ) -> None:
22468
+ """Type checking stubs"""
22469
+ pass
22470
+
22801
22471
  def _typecheckingstub__f805e71e3de782928ad1bdb95c4cddf9f28e9dbda49ae45324c0dc8316955eaa(
22802
22472
  *,
22803
22473
  cloud_watch_metrics_enabled: typing.Union[builtins.bool, _IResolvable_da3f097b],
@@ -22866,6 +22536,7 @@ def _typecheckingstub__6e738df983d65d43590c0a02c03e6e0daa3a2097ae335371d22711838
22866
22536
  captcha_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.CaptchaConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
22867
22537
  challenge_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.ChallengeConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
22868
22538
  custom_response_bodies: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.CustomResponseBodyProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
22539
+ data_protection_config: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.DataProtectionConfigProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
22869
22540
  description: typing.Optional[builtins.str] = None,
22870
22541
  name: typing.Optional[builtins.str] = None,
22871
22542
  rules: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.RuleProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,