aws-cdk-lib 2.186.0__py3-none-any.whl → 2.188.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of aws-cdk-lib might be problematic. Click here for more details.

Files changed (85) hide show
  1. aws_cdk/__init__.py +303 -119
  2. aws_cdk/_jsii/__init__.py +1 -1
  3. aws_cdk/_jsii/{aws-cdk-lib@2.186.0.jsii.tgz → aws-cdk-lib@2.188.0.jsii.tgz} +0 -0
  4. aws_cdk/aws_amplify/__init__.py +136 -0
  5. aws_cdk/aws_apigateway/__init__.py +69 -17
  6. aws_cdk/aws_apigatewayv2/__init__.py +88 -0
  7. aws_cdk/aws_appconfig/__init__.py +30 -14
  8. aws_cdk/aws_appsync/__init__.py +14 -5
  9. aws_cdk/aws_arczonalshift/__init__.py +4 -4
  10. aws_cdk/aws_bedrock/__init__.py +637 -32
  11. aws_cdk/aws_budgets/__init__.py +8 -8
  12. aws_cdk/aws_cassandra/__init__.py +4 -2
  13. aws_cdk/aws_ce/__init__.py +2 -2
  14. aws_cdk/aws_cloudformation/__init__.py +3 -3
  15. aws_cdk/aws_cloudfront/__init__.py +11 -0
  16. aws_cdk/aws_cloudtrail/__init__.py +4 -18
  17. aws_cdk/aws_cloudwatch/__init__.py +50 -50
  18. aws_cdk/aws_codebuild/__init__.py +32 -1
  19. aws_cdk/aws_codepipeline/__init__.py +47 -32
  20. aws_cdk/aws_codepipeline_actions/__init__.py +2786 -1042
  21. aws_cdk/aws_codestarnotifications/__init__.py +16 -16
  22. aws_cdk/aws_cognito/__init__.py +8 -2
  23. aws_cdk/aws_config/__init__.py +2 -5
  24. aws_cdk/aws_datazone/__init__.py +287 -226
  25. aws_cdk/aws_detective/__init__.py +3 -3
  26. aws_cdk/aws_dynamodb/__init__.py +37 -0
  27. aws_cdk/aws_ec2/__init__.py +2448 -442
  28. aws_cdk/aws_ecr/__init__.py +143 -0
  29. aws_cdk/aws_ecr_assets/__init__.py +115 -4
  30. aws_cdk/aws_ecs/__init__.py +51 -0
  31. aws_cdk/aws_eks/__init__.py +222 -6
  32. aws_cdk/aws_events/__init__.py +8 -11
  33. aws_cdk/aws_events_targets/__init__.py +136 -0
  34. aws_cdk/aws_forecast/__init__.py +1 -1
  35. aws_cdk/aws_fsx/__init__.py +2 -2
  36. aws_cdk/aws_gamelift/__init__.py +11 -11
  37. aws_cdk/aws_iam/__init__.py +6 -4
  38. aws_cdk/aws_identitystore/__init__.py +6 -4
  39. aws_cdk/aws_iotsitewise/__init__.py +623 -0
  40. aws_cdk/aws_kinesisfirehose/__init__.py +38 -0
  41. aws_cdk/aws_kms/__init__.py +10 -11
  42. aws_cdk/aws_lakeformation/__init__.py +3 -3
  43. aws_cdk/aws_lambda/__init__.py +105 -4
  44. aws_cdk/aws_lambda_event_sources/__init__.py +87 -25
  45. aws_cdk/aws_lambda_nodejs/__init__.py +5 -24
  46. aws_cdk/aws_lex/__init__.py +985 -5
  47. aws_cdk/aws_logs/__init__.py +18 -0
  48. aws_cdk/aws_logs_destinations/__init__.py +146 -0
  49. aws_cdk/aws_mediaconnect/__init__.py +714 -290
  50. aws_cdk/aws_mwaa/__init__.py +9 -9
  51. aws_cdk/aws_networkfirewall/__init__.py +44 -0
  52. aws_cdk/aws_notifications/__init__.py +4 -4
  53. aws_cdk/aws_omics/__init__.py +225 -1
  54. aws_cdk/aws_opensearchserverless/__init__.py +31 -23
  55. aws_cdk/aws_organizations/__init__.py +1 -1
  56. aws_cdk/aws_pcaconnectorad/__init__.py +3 -2
  57. aws_cdk/aws_quicksight/__init__.py +268 -50
  58. aws_cdk/aws_rds/__init__.py +186 -10
  59. aws_cdk/aws_route53/__init__.py +5 -5
  60. aws_cdk/aws_route53recoverycontrol/__init__.py +41 -2
  61. aws_cdk/aws_rum/__init__.py +13 -10
  62. aws_cdk/aws_s3/__init__.py +3 -6
  63. aws_cdk/aws_s3_assets/__init__.py +70 -1
  64. aws_cdk/aws_s3_deployment/__init__.py +4 -0
  65. aws_cdk/aws_sagemaker/__init__.py +47 -4
  66. aws_cdk/aws_scheduler_targets/__init__.py +4 -16
  67. aws_cdk/aws_securitylake/__init__.py +2 -2
  68. aws_cdk/aws_servicecatalog/__init__.py +4 -0
  69. aws_cdk/aws_sns/__init__.py +1 -1
  70. aws_cdk/aws_ssmincidents/__init__.py +10 -10
  71. aws_cdk/aws_stepfunctions/__init__.py +23 -17
  72. aws_cdk/aws_stepfunctions_tasks/__init__.py +4 -0
  73. aws_cdk/aws_synthetics/__init__.py +9 -0
  74. aws_cdk/aws_systemsmanagersap/__init__.py +160 -0
  75. aws_cdk/aws_transfer/__init__.py +19 -10
  76. aws_cdk/aws_wafv2/__init__.py +512 -1141
  77. aws_cdk/cloud_assembly_schema/__init__.py +60 -10
  78. aws_cdk/cx_api/__init__.py +38 -2
  79. aws_cdk/pipelines/__init__.py +52 -2
  80. {aws_cdk_lib-2.186.0.dist-info → aws_cdk_lib-2.188.0.dist-info}/METADATA +4 -4
  81. {aws_cdk_lib-2.186.0.dist-info → aws_cdk_lib-2.188.0.dist-info}/RECORD +85 -85
  82. {aws_cdk_lib-2.186.0.dist-info → aws_cdk_lib-2.188.0.dist-info}/WHEEL +1 -1
  83. {aws_cdk_lib-2.186.0.dist-info → aws_cdk_lib-2.188.0.dist-info}/LICENSE +0 -0
  84. {aws_cdk_lib-2.186.0.dist-info → aws_cdk_lib-2.188.0.dist-info}/NOTICE +0 -0
  85. {aws_cdk_lib-2.186.0.dist-info → aws_cdk_lib-2.188.0.dist-info}/top_level.txt +0 -0
aws_cdk/aws_wafv2/__init__.py CHANGED
@@ -1602,7 +1602,7 @@ class CfnRegexPatternSet(
1602
1602
  :param scope_: Scope in which this resource is defined.
1603
1603
  :param id: Construct identifier for this resource (unique in its scope).
1604
1604
  :param regular_expression_list: The regular expression patterns in the set.
1605
- :param scope: Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance. Valid Values are ``CLOUDFRONT`` and ``REGIONAL`` . .. epigraph:: For ``CLOUDFRONT`` , you must create your WAFv2 resources in the US East (N. Virginia) Region, ``us-east-1`` .
1605
+ :param scope: Specifies whether this is for an Amazon CloudFront distribution or for a regional application. For an AWS Amplify application, use ``CLOUDFRONT`` . A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance. Valid Values are ``CLOUDFRONT`` and ``REGIONAL`` . .. epigraph:: For ``CLOUDFRONT`` , you must create your WAFv2 resources in the US East (N. Virginia) Region, ``us-east-1`` .
1606
1606
  :param description: A description of the set that helps with identification.
1607
1607
  :param name: The name of the set. You cannot change the name after you create the set.
1608
1608
  :param tags: Key:value pairs associated with an AWS resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each AWS resource. .. epigraph:: To modify tags on existing resources, use the AWS WAF APIs or command line interface. With AWS CloudFormation , you can only add tags to AWS WAF resources during resource creation.
@@ -1770,7 +1770,7 @@ class CfnRegexPatternSetProps:
1770
1770
  '''Properties for defining a ``CfnRegexPatternSet``.
1771
1771
 
1772
1772
  :param regular_expression_list: The regular expression patterns in the set.
1773
- :param scope: Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance. Valid Values are ``CLOUDFRONT`` and ``REGIONAL`` . .. epigraph:: For ``CLOUDFRONT`` , you must create your WAFv2 resources in the US East (N. Virginia) Region, ``us-east-1`` .
1773
+ :param scope: Specifies whether this is for an Amazon CloudFront distribution or for a regional application. For an AWS Amplify application, use ``CLOUDFRONT`` . A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance. Valid Values are ``CLOUDFRONT`` and ``REGIONAL`` . .. epigraph:: For ``CLOUDFRONT`` , you must create your WAFv2 resources in the US East (N. Virginia) Region, ``us-east-1`` .
1774
1774
  :param description: A description of the set that helps with identification.
1775
1775
  :param name: The name of the set. You cannot change the name after you create the set.
1776
1776
  :param tags: Key:value pairs associated with an AWS resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each AWS resource. .. epigraph:: To modify tags on existing resources, use the AWS WAF APIs or command line interface. With AWS CloudFormation , you can only add tags to AWS WAF resources during resource creation.
@@ -1829,7 +1829,7 @@ class CfnRegexPatternSetProps:
1829
1829
  def scope(self) -> builtins.str:
1830
1830
  '''Specifies whether this is for an Amazon CloudFront distribution or for a regional application.
1831
1831
 
1832
- A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance. Valid Values are ``CLOUDFRONT`` and ``REGIONAL`` .
1832
+ For an AWS Amplify application, use ``CLOUDFRONT`` . A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance. Valid Values are ``CLOUDFRONT`` and ``REGIONAL`` .
1833
1833
  .. epigraph::
1834
1834
 
1835
1835
  For ``CLOUDFRONT`` , you must create your WAFv2 resources in the US East (N. Virginia) Region, ``us-east-1`` .
@@ -1908,502 +1908,7 @@ class CfnRuleGroup(
1908
1908
 
1909
1909
  Example::
1910
1910
 
1911
- # The code below shows an example of how to instantiate this type.
1912
- # The values are placeholders you should change.
1913
- from aws_cdk import aws_wafv2 as wafv2
1914
-
1915
- # all: Any
1916
- # allow: Any
1917
- # all_query_arguments: Any
1918
- # block: Any
1919
- # captcha: Any
1920
- # challenge: Any
1921
- # count: Any
1922
- # forwarded_ip: Any
1923
- # http_method: Any
1924
- # ip: Any
1925
- # method: Any
1926
- # query_string: Any
1927
- # single_header: Any
1928
- # single_query_argument: Any
1929
- # statement_property_: wafv2.CfnRuleGroup.StatementProperty
1930
- # uri_path: Any
1931
-
1932
- cfn_rule_group = wafv2.CfnRuleGroup(self, "MyCfnRuleGroup",
1933
- capacity=123,
1934
- scope="scope",
1935
- visibility_config=wafv2.CfnRuleGroup.VisibilityConfigProperty(
1936
- cloud_watch_metrics_enabled=False,
1937
- metric_name="metricName",
1938
- sampled_requests_enabled=False
1939
- ),
1940
-
1941
- # the properties below are optional
1942
- available_labels=[wafv2.CfnRuleGroup.LabelSummaryProperty(
1943
- name="name"
1944
- )],
1945
- consumed_labels=[wafv2.CfnRuleGroup.LabelSummaryProperty(
1946
- name="name"
1947
- )],
1948
- custom_response_bodies={
1949
- "custom_response_bodies_key": wafv2.CfnRuleGroup.CustomResponseBodyProperty(
1950
- content="content",
1951
- content_type="contentType"
1952
- )
1953
- },
1954
- description="description",
1955
- name="name",
1956
- rules=[wafv2.CfnRuleGroup.RuleProperty(
1957
- name="name",
1958
- priority=123,
1959
- statement=wafv2.CfnRuleGroup.StatementProperty(
1960
- and_statement=wafv2.CfnRuleGroup.AndStatementProperty(
1961
- statements=[statement_property_]
1962
- ),
1963
- byte_match_statement=wafv2.CfnRuleGroup.ByteMatchStatementProperty(
1964
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
1965
- all_query_arguments=all_query_arguments,
1966
- body=wafv2.CfnRuleGroup.BodyProperty(
1967
- oversize_handling="oversizeHandling"
1968
- ),
1969
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
1970
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
1971
- all=all,
1972
- excluded_cookies=["excludedCookies"],
1973
- included_cookies=["includedCookies"]
1974
- ),
1975
- match_scope="matchScope",
1976
- oversize_handling="oversizeHandling"
1977
- ),
1978
- headers=wafv2.CfnRuleGroup.HeadersProperty(
1979
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
1980
- all=all,
1981
- excluded_headers=["excludedHeaders"],
1982
- included_headers=["includedHeaders"]
1983
- ),
1984
- match_scope="matchScope",
1985
- oversize_handling="oversizeHandling"
1986
- ),
1987
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
1988
- fallback_behavior="fallbackBehavior"
1989
- ),
1990
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
1991
- fallback_behavior="fallbackBehavior"
1992
- ),
1993
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
1994
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
1995
- all=all,
1996
- included_paths=["includedPaths"]
1997
- ),
1998
- match_scope="matchScope",
1999
-
2000
- # the properties below are optional
2001
- invalid_fallback_behavior="invalidFallbackBehavior",
2002
- oversize_handling="oversizeHandling"
2003
- ),
2004
- method=method,
2005
- query_string=query_string,
2006
- single_header=single_header,
2007
- single_query_argument=single_query_argument,
2008
- uri_path=uri_path
2009
- ),
2010
- positional_constraint="positionalConstraint",
2011
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
2012
- priority=123,
2013
- type="type"
2014
- )],
2015
-
2016
- # the properties below are optional
2017
- search_string="searchString",
2018
- search_string_base64="searchStringBase64"
2019
- ),
2020
- geo_match_statement=wafv2.CfnRuleGroup.GeoMatchStatementProperty(
2021
- country_codes=["countryCodes"],
2022
- forwarded_ip_config=wafv2.CfnRuleGroup.ForwardedIPConfigurationProperty(
2023
- fallback_behavior="fallbackBehavior",
2024
- header_name="headerName"
2025
- )
2026
- ),
2027
- ip_set_reference_statement={
2028
- "arn": "arn",
2029
-
2030
- # the properties below are optional
2031
- "ip_set_forwarded_ip_config": {
2032
- "fallback_behavior": "fallbackBehavior",
2033
- "header_name": "headerName",
2034
- "position": "position"
2035
- }
2036
- },
2037
- label_match_statement=wafv2.CfnRuleGroup.LabelMatchStatementProperty(
2038
- key="key",
2039
- scope="scope"
2040
- ),
2041
- not_statement=wafv2.CfnRuleGroup.NotStatementProperty(
2042
- statement=statement_property_
2043
- ),
2044
- or_statement=wafv2.CfnRuleGroup.OrStatementProperty(
2045
- statements=[statement_property_]
2046
- ),
2047
- rate_based_statement=wafv2.CfnRuleGroup.RateBasedStatementProperty(
2048
- aggregate_key_type="aggregateKeyType",
2049
- limit=123,
2050
-
2051
- # the properties below are optional
2052
- custom_keys=[wafv2.CfnRuleGroup.RateBasedStatementCustomKeyProperty(
2053
- cookie=wafv2.CfnRuleGroup.RateLimitCookieProperty(
2054
- name="name",
2055
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
2056
- priority=123,
2057
- type="type"
2058
- )]
2059
- ),
2060
- forwarded_ip=forwarded_ip,
2061
- header=wafv2.CfnRuleGroup.RateLimitHeaderProperty(
2062
- name="name",
2063
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
2064
- priority=123,
2065
- type="type"
2066
- )]
2067
- ),
2068
- http_method=http_method,
2069
- ip=ip,
2070
- ja3_fingerprint=wafv2.CfnRuleGroup.RateLimitJA3FingerprintProperty(
2071
- fallback_behavior="fallbackBehavior"
2072
- ),
2073
- ja4_fingerprint=wafv2.CfnRuleGroup.RateLimitJA4FingerprintProperty(
2074
- fallback_behavior="fallbackBehavior"
2075
- ),
2076
- label_namespace=wafv2.CfnRuleGroup.RateLimitLabelNamespaceProperty(
2077
- namespace="namespace"
2078
- ),
2079
- query_argument=wafv2.CfnRuleGroup.RateLimitQueryArgumentProperty(
2080
- name="name",
2081
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
2082
- priority=123,
2083
- type="type"
2084
- )]
2085
- ),
2086
- query_string=wafv2.CfnRuleGroup.RateLimitQueryStringProperty(
2087
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
2088
- priority=123,
2089
- type="type"
2090
- )]
2091
- ),
2092
- uri_path=wafv2.CfnRuleGroup.RateLimitUriPathProperty(
2093
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
2094
- priority=123,
2095
- type="type"
2096
- )]
2097
- )
2098
- )],
2099
- evaluation_window_sec=123,
2100
- forwarded_ip_config=wafv2.CfnRuleGroup.ForwardedIPConfigurationProperty(
2101
- fallback_behavior="fallbackBehavior",
2102
- header_name="headerName"
2103
- ),
2104
- scope_down_statement=statement_property_
2105
- ),
2106
- regex_match_statement=wafv2.CfnRuleGroup.RegexMatchStatementProperty(
2107
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
2108
- all_query_arguments=all_query_arguments,
2109
- body=wafv2.CfnRuleGroup.BodyProperty(
2110
- oversize_handling="oversizeHandling"
2111
- ),
2112
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
2113
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
2114
- all=all,
2115
- excluded_cookies=["excludedCookies"],
2116
- included_cookies=["includedCookies"]
2117
- ),
2118
- match_scope="matchScope",
2119
- oversize_handling="oversizeHandling"
2120
- ),
2121
- headers=wafv2.CfnRuleGroup.HeadersProperty(
2122
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
2123
- all=all,
2124
- excluded_headers=["excludedHeaders"],
2125
- included_headers=["includedHeaders"]
2126
- ),
2127
- match_scope="matchScope",
2128
- oversize_handling="oversizeHandling"
2129
- ),
2130
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
2131
- fallback_behavior="fallbackBehavior"
2132
- ),
2133
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
2134
- fallback_behavior="fallbackBehavior"
2135
- ),
2136
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
2137
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
2138
- all=all,
2139
- included_paths=["includedPaths"]
2140
- ),
2141
- match_scope="matchScope",
2142
1911
 
2143
- # the properties below are optional
2144
- invalid_fallback_behavior="invalidFallbackBehavior",
2145
- oversize_handling="oversizeHandling"
2146
- ),
2147
- method=method,
2148
- query_string=query_string,
2149
- single_header=single_header,
2150
- single_query_argument=single_query_argument,
2151
- uri_path=uri_path
2152
- ),
2153
- regex_string="regexString",
2154
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
2155
- priority=123,
2156
- type="type"
2157
- )]
2158
- ),
2159
- regex_pattern_set_reference_statement=wafv2.CfnRuleGroup.RegexPatternSetReferenceStatementProperty(
2160
- arn="arn",
2161
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
2162
- all_query_arguments=all_query_arguments,
2163
- body=wafv2.CfnRuleGroup.BodyProperty(
2164
- oversize_handling="oversizeHandling"
2165
- ),
2166
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
2167
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
2168
- all=all,
2169
- excluded_cookies=["excludedCookies"],
2170
- included_cookies=["includedCookies"]
2171
- ),
2172
- match_scope="matchScope",
2173
- oversize_handling="oversizeHandling"
2174
- ),
2175
- headers=wafv2.CfnRuleGroup.HeadersProperty(
2176
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
2177
- all=all,
2178
- excluded_headers=["excludedHeaders"],
2179
- included_headers=["includedHeaders"]
2180
- ),
2181
- match_scope="matchScope",
2182
- oversize_handling="oversizeHandling"
2183
- ),
2184
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
2185
- fallback_behavior="fallbackBehavior"
2186
- ),
2187
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
2188
- fallback_behavior="fallbackBehavior"
2189
- ),
2190
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
2191
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
2192
- all=all,
2193
- included_paths=["includedPaths"]
2194
- ),
2195
- match_scope="matchScope",
2196
-
2197
- # the properties below are optional
2198
- invalid_fallback_behavior="invalidFallbackBehavior",
2199
- oversize_handling="oversizeHandling"
2200
- ),
2201
- method=method,
2202
- query_string=query_string,
2203
- single_header=single_header,
2204
- single_query_argument=single_query_argument,
2205
- uri_path=uri_path
2206
- ),
2207
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
2208
- priority=123,
2209
- type="type"
2210
- )]
2211
- ),
2212
- size_constraint_statement=wafv2.CfnRuleGroup.SizeConstraintStatementProperty(
2213
- comparison_operator="comparisonOperator",
2214
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
2215
- all_query_arguments=all_query_arguments,
2216
- body=wafv2.CfnRuleGroup.BodyProperty(
2217
- oversize_handling="oversizeHandling"
2218
- ),
2219
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
2220
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
2221
- all=all,
2222
- excluded_cookies=["excludedCookies"],
2223
- included_cookies=["includedCookies"]
2224
- ),
2225
- match_scope="matchScope",
2226
- oversize_handling="oversizeHandling"
2227
- ),
2228
- headers=wafv2.CfnRuleGroup.HeadersProperty(
2229
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
2230
- all=all,
2231
- excluded_headers=["excludedHeaders"],
2232
- included_headers=["includedHeaders"]
2233
- ),
2234
- match_scope="matchScope",
2235
- oversize_handling="oversizeHandling"
2236
- ),
2237
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
2238
- fallback_behavior="fallbackBehavior"
2239
- ),
2240
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
2241
- fallback_behavior="fallbackBehavior"
2242
- ),
2243
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
2244
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
2245
- all=all,
2246
- included_paths=["includedPaths"]
2247
- ),
2248
- match_scope="matchScope",
2249
-
2250
- # the properties below are optional
2251
- invalid_fallback_behavior="invalidFallbackBehavior",
2252
- oversize_handling="oversizeHandling"
2253
- ),
2254
- method=method,
2255
- query_string=query_string,
2256
- single_header=single_header,
2257
- single_query_argument=single_query_argument,
2258
- uri_path=uri_path
2259
- ),
2260
- size=123,
2261
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
2262
- priority=123,
2263
- type="type"
2264
- )]
2265
- ),
2266
- sqli_match_statement=wafv2.CfnRuleGroup.SqliMatchStatementProperty(
2267
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
2268
- all_query_arguments=all_query_arguments,
2269
- body=wafv2.CfnRuleGroup.BodyProperty(
2270
- oversize_handling="oversizeHandling"
2271
- ),
2272
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
2273
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
2274
- all=all,
2275
- excluded_cookies=["excludedCookies"],
2276
- included_cookies=["includedCookies"]
2277
- ),
2278
- match_scope="matchScope",
2279
- oversize_handling="oversizeHandling"
2280
- ),
2281
- headers=wafv2.CfnRuleGroup.HeadersProperty(
2282
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
2283
- all=all,
2284
- excluded_headers=["excludedHeaders"],
2285
- included_headers=["includedHeaders"]
2286
- ),
2287
- match_scope="matchScope",
2288
- oversize_handling="oversizeHandling"
2289
- ),
2290
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
2291
- fallback_behavior="fallbackBehavior"
2292
- ),
2293
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
2294
- fallback_behavior="fallbackBehavior"
2295
- ),
2296
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
2297
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
2298
- all=all,
2299
- included_paths=["includedPaths"]
2300
- ),
2301
- match_scope="matchScope",
2302
-
2303
- # the properties below are optional
2304
- invalid_fallback_behavior="invalidFallbackBehavior",
2305
- oversize_handling="oversizeHandling"
2306
- ),
2307
- method=method,
2308
- query_string=query_string,
2309
- single_header=single_header,
2310
- single_query_argument=single_query_argument,
2311
- uri_path=uri_path
2312
- ),
2313
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
2314
- priority=123,
2315
- type="type"
2316
- )],
2317
-
2318
- # the properties below are optional
2319
- sensitivity_level="sensitivityLevel"
2320
- ),
2321
- xss_match_statement=wafv2.CfnRuleGroup.XssMatchStatementProperty(
2322
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
2323
- all_query_arguments=all_query_arguments,
2324
- body=wafv2.CfnRuleGroup.BodyProperty(
2325
- oversize_handling="oversizeHandling"
2326
- ),
2327
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
2328
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
2329
- all=all,
2330
- excluded_cookies=["excludedCookies"],
2331
- included_cookies=["includedCookies"]
2332
- ),
2333
- match_scope="matchScope",
2334
- oversize_handling="oversizeHandling"
2335
- ),
2336
- headers=wafv2.CfnRuleGroup.HeadersProperty(
2337
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
2338
- all=all,
2339
- excluded_headers=["excludedHeaders"],
2340
- included_headers=["includedHeaders"]
2341
- ),
2342
- match_scope="matchScope",
2343
- oversize_handling="oversizeHandling"
2344
- ),
2345
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
2346
- fallback_behavior="fallbackBehavior"
2347
- ),
2348
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
2349
- fallback_behavior="fallbackBehavior"
2350
- ),
2351
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
2352
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
2353
- all=all,
2354
- included_paths=["includedPaths"]
2355
- ),
2356
- match_scope="matchScope",
2357
-
2358
- # the properties below are optional
2359
- invalid_fallback_behavior="invalidFallbackBehavior",
2360
- oversize_handling="oversizeHandling"
2361
- ),
2362
- method=method,
2363
- query_string=query_string,
2364
- single_header=single_header,
2365
- single_query_argument=single_query_argument,
2366
- uri_path=uri_path
2367
- ),
2368
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
2369
- priority=123,
2370
- type="type"
2371
- )]
2372
- )
2373
- ),
2374
- visibility_config=wafv2.CfnRuleGroup.VisibilityConfigProperty(
2375
- cloud_watch_metrics_enabled=False,
2376
- metric_name="metricName",
2377
- sampled_requests_enabled=False
2378
- ),
2379
-
2380
- # the properties below are optional
2381
- action=wafv2.CfnRuleGroup.RuleActionProperty(
2382
- allow=allow,
2383
- block=block,
2384
- captcha=captcha,
2385
- challenge=challenge,
2386
- count=count
2387
- ),
2388
- captcha_config=wafv2.CfnRuleGroup.CaptchaConfigProperty(
2389
- immunity_time_property=wafv2.CfnRuleGroup.ImmunityTimePropertyProperty(
2390
- immunity_time=123
2391
- )
2392
- ),
2393
- challenge_config=wafv2.CfnRuleGroup.ChallengeConfigProperty(
2394
- immunity_time_property=wafv2.CfnRuleGroup.ImmunityTimePropertyProperty(
2395
- immunity_time=123
2396
- )
2397
- ),
2398
- rule_labels=[wafv2.CfnRuleGroup.LabelProperty(
2399
- name="name"
2400
- )]
2401
- )],
2402
- tags=[CfnTag(
2403
- key="key",
2404
- value="value"
2405
- )]
2406
- )
2407
1912
  '''
2408
1913
 
2409
1914
  def __init__(
@@ -2426,7 +1931,7 @@ class CfnRuleGroup(
2426
1931
  :param scope_: Scope in which this resource is defined.
2427
1932
  :param id: Construct identifier for this resource (unique in its scope).
2428
1933
  :param capacity: The web ACL capacity units (WCUs) required for this rule group. When you create your own rule group, you define this, and you cannot change it after creation. When you add or modify the rules in a rule group, AWS WAF enforces this limit. AWS WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. AWS WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. The WCU limit for web ACLs is 1,500.
2429
- :param scope: Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance. Valid Values are ``CLOUDFRONT`` and ``REGIONAL`` . .. epigraph:: For ``CLOUDFRONT`` , you must create your WAFv2 resources in the US East (N. Virginia) Region, ``us-east-1`` .
1934
+ :param scope: Specifies whether this is for an Amazon CloudFront distribution or for a regional application. For an AWS Amplify application, use ``CLOUDFRONT`` . A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance. Valid Values are ``CLOUDFRONT`` and ``REGIONAL`` . .. epigraph:: For ``CLOUDFRONT`` , you must create your WAFv2 resources in the US East (N. Virginia) Region, ``us-east-1`` .
2430
1935
  :param visibility_config: Defines and enables Amazon CloudWatch metrics and web request sample collection.
2431
1936
  :param available_labels: The labels that one or more rules in this rule group add to matching web requests. These labels are defined in the ``RuleLabels`` for a ``Rule`` .
2432
1937
  :param consumed_labels: The labels that one or more rules in this rule group match against in label match statements. These labels are defined in a ``LabelMatchStatement`` specification, in the ``Statement`` definition of a rule.
@@ -2833,6 +2338,9 @@ class CfnRuleGroup(
2833
2338
  query_string=query_string,
2834
2339
  single_header=single_header,
2835
2340
  single_query_argument=single_query_argument,
2341
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
2342
+ fallback_behavior="fallbackBehavior"
2343
+ ),
2836
2344
  uri_path=uri_path
2837
2345
  ),
2838
2346
  positional_constraint="positionalConstraint",
@@ -2976,6 +2484,9 @@ class CfnRuleGroup(
2976
2484
  query_string=query_string,
2977
2485
  single_header=single_header,
2978
2486
  single_query_argument=single_query_argument,
2487
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
2488
+ fallback_behavior="fallbackBehavior"
2489
+ ),
2979
2490
  uri_path=uri_path
2980
2491
  ),
2981
2492
  regex_string="regexString",
@@ -3030,6 +2541,9 @@ class CfnRuleGroup(
3030
2541
  query_string=query_string,
3031
2542
  single_header=single_header,
3032
2543
  single_query_argument=single_query_argument,
2544
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
2545
+ fallback_behavior="fallbackBehavior"
2546
+ ),
3033
2547
  uri_path=uri_path
3034
2548
  ),
3035
2549
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -3083,6 +2597,9 @@ class CfnRuleGroup(
3083
2597
  query_string=query_string,
3084
2598
  single_header=single_header,
3085
2599
  single_query_argument=single_query_argument,
2600
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
2601
+ fallback_behavior="fallbackBehavior"
2602
+ ),
3086
2603
  uri_path=uri_path
3087
2604
  ),
3088
2605
  size=123,
@@ -3136,6 +2653,9 @@ class CfnRuleGroup(
3136
2653
  query_string=query_string,
3137
2654
  single_header=single_header,
3138
2655
  single_query_argument=single_query_argument,
2656
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
2657
+ fallback_behavior="fallbackBehavior"
2658
+ ),
3139
2659
  uri_path=uri_path
3140
2660
  ),
3141
2661
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -3191,6 +2711,9 @@ class CfnRuleGroup(
3191
2711
  query_string=query_string,
3192
2712
  single_header=single_header,
3193
2713
  single_query_argument=single_query_argument,
2714
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
2715
+ fallback_behavior="fallbackBehavior"
2716
+ ),
3194
2717
  uri_path=uri_path
3195
2718
  ),
3196
2719
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -3314,7 +2837,7 @@ class CfnRuleGroup(
3314
2837
 
3315
2838
  This is used to indicate the web request component to inspect, in the ``FieldToMatch`` specification.
3316
2839
 
3317
- :param oversize_handling: What AWS WAF should do if the body is larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. The options for oversize handling are the following: - ``CONTINUE`` - Inspect the available body contents normally, according to the rule inspection criteria. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. You can combine the ``MATCH`` or ``NO_MATCH`` settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit. Default: ``CONTINUE``
2840
+ :param oversize_handling: What AWS WAF should do if the body is larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. - For AWS Amplify , use the CloudFront limit. The options for oversize handling are the following: - ``CONTINUE`` - Inspect the available body contents normally, according to the rule inspection criteria. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. You can combine the ``MATCH`` or ``NO_MATCH`` settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit. Default: ``CONTINUE``
3318
2841
 
3319
2842
  :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-body.html
3320
2843
  :exampleMetadata: fixture=_generated
@@ -3344,6 +2867,7 @@ class CfnRuleGroup(
3344
2867
 
3345
2868
  - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
3346
2869
  - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees.
2870
+ - For AWS Amplify , use the CloudFront limit.
3347
2871
 
3348
2872
  The options for oversize handling are the following:
3349
2873
 
@@ -3464,6 +2988,9 @@ class CfnRuleGroup(
3464
2988
  query_string=query_string,
3465
2989
  single_header=single_header,
3466
2990
  single_query_argument=single_query_argument,
2991
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
2992
+ fallback_behavior="fallbackBehavior"
2993
+ ),
3467
2994
  uri_path=uri_path
3468
2995
  ),
3469
2996
  positional_constraint="positionalConstraint",
@@ -4457,6 +3984,7 @@ class CfnRuleGroup(
4457
3984
  "query_string": "queryString",
4458
3985
  "single_header": "singleHeader",
4459
3986
  "single_query_argument": "singleQueryArgument",
3987
+ "uri_fragment": "uriFragment",
4460
3988
  "uri_path": "uriPath",
4461
3989
  },
4462
3990
  )
@@ -4475,6 +4003,7 @@ class CfnRuleGroup(
4475
4003
  query_string: typing.Any = None,
4476
4004
  single_header: typing.Any = None,
4477
4005
  single_query_argument: typing.Any = None,
4006
+ uri_fragment: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnRuleGroup.UriFragmentProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
4478
4007
  uri_path: typing.Any = None,
4479
4008
  ) -> None:
4480
4009
  '''Specifies a web request component to be used in a rule match statement or in a logging configuration.
@@ -4495,16 +4024,17 @@ class CfnRuleGroup(
4495
4024
  - If you have request sampling enabled, the redacted fields configuration for logging has no impact on sampling. You can only exclude fields from request sampling by disabling sampling in the web ACL visibility configuration or by configuring data protection for the web ACL.
4496
4025
 
4497
4026
  :param all_query_arguments: Inspect all query arguments.
4498
- :param body: Inspect the request body as plain text. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. For information about how to handle oversized request bodies, see the ``Body`` object configuration.
4027
+ :param body: Inspect the request body as plain text. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. - For AWS Amplify , use the CloudFront limit. For information about how to handle oversized request bodies, see the ``Body`` object configuration.
4499
4028
  :param cookies: Inspect the request cookies. You must configure scope and pattern matching filters in the ``Cookies`` object, to define the set of cookies and the parts of the cookies that AWS WAF inspects. Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize cookie content in the ``Cookies`` object. AWS WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.
4500
4029
  :param headers: Inspect the request headers. You must configure scope and pattern matching filters in the ``Headers`` object, to define the set of headers to and the parts of the headers that AWS WAF inspects. Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize header content in the ``Headers`` object. AWS WAF applies the pattern matching filters to the headers that it receives from the underlying host service.
4501
4030
  :param ja3_fingerprint: Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information. .. epigraph:: You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` . You can obtain the JA3 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* . Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
4502
4031
  :param ja4_fingerprint: Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA4 fingerprint. The JA4 fingerprint is a 36-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information. .. epigraph:: You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` . You can obtain the JA4 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* . Provide the JA4 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
4503
- :param json_body: Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. For information about how to handle oversized request bodies, see the ``JsonBody`` object configuration.
4032
+ :param json_body: Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. - For AWS Amplify , use the CloudFront limit. For information about how to handle oversized request bodies, see the ``JsonBody`` object configuration.
4504
4033
  :param method: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
4505
4034
  :param query_string: Inspect the query string. This is the part of a URL that appears after a ``?`` character, if any.
4506
4035
  :param single_header: Inspect a single header. Provide the name of the header to inspect, for example, ``User-Agent`` or ``Referer`` . This setting isn't case sensitive. Example JSON: ``"SingleHeader": { "Name": "haystack" }`` Alternately, you can filter and inspect all headers with the ``Headers`` ``FieldToMatch`` setting.
4507
4036
  :param single_query_argument: Inspect a single query argument. Provide the name of the query argument to inspect, such as *UserName* or *SalesRegion* . The name can be up to 30 characters long and isn't case sensitive. Example JSON: ``"SingleQueryArgument": { "Name": "myArgument" }``
4037
+ :param uri_fragment: Inspect fragments of the request URI. You must configure scope and pattern matching filters in the ``UriFragment`` object, to define the fragment of a URI that AWS WAF inspects. Only the first 8 KB (8192 bytes) of a request's URI fragments and only the first 200 URI fragments are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize URI fragment content in the ``UriFragment`` object. AWS WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.
4508
4038
  :param uri_path: Inspect the request URI path. This is the part of the web request that identifies a resource, for example, ``/images/daily-ad.jpg`` .
4509
4039
 
4510
4040
  :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-fieldtomatch.html
@@ -4568,6 +4098,9 @@ class CfnRuleGroup(
4568
4098
  query_string=query_string,
4569
4099
  single_header=single_header,
4570
4100
  single_query_argument=single_query_argument,
4101
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
4102
+ fallback_behavior="fallbackBehavior"
4103
+ ),
4571
4104
  uri_path=uri_path
4572
4105
  )
4573
4106
  '''
@@ -4584,6 +4117,7 @@ class CfnRuleGroup(
4584
4117
  check_type(argname="argument query_string", value=query_string, expected_type=type_hints["query_string"])
4585
4118
  check_type(argname="argument single_header", value=single_header, expected_type=type_hints["single_header"])
4586
4119
  check_type(argname="argument single_query_argument", value=single_query_argument, expected_type=type_hints["single_query_argument"])
4120
+ check_type(argname="argument uri_fragment", value=uri_fragment, expected_type=type_hints["uri_fragment"])
4587
4121
  check_type(argname="argument uri_path", value=uri_path, expected_type=type_hints["uri_path"])
4588
4122
  self._values: typing.Dict[builtins.str, typing.Any] = {}
4589
4123
  if all_query_arguments is not None:
@@ -4608,6 +4142,8 @@ class CfnRuleGroup(
4608
4142
  self._values["single_header"] = single_header
4609
4143
  if single_query_argument is not None:
4610
4144
  self._values["single_query_argument"] = single_query_argument
4145
+ if uri_fragment is not None:
4146
+ self._values["uri_fragment"] = uri_fragment
4611
4147
  if uri_path is not None:
4612
4148
  self._values["uri_path"] = uri_path
4613
4149
 
@@ -4632,6 +4168,7 @@ class CfnRuleGroup(
4632
4168
 
4633
4169
  - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
4634
4170
  - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees.
4171
+ - For AWS Amplify , use the CloudFront limit.
4635
4172
 
4636
4173
  For information about how to handle oversized request bodies, see the ``Body`` object configuration.
4637
4174
 
@@ -4722,6 +4259,7 @@ class CfnRuleGroup(
4722
4259
 
4723
4260
  - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
4724
4261
  - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees.
4262
+ - For AWS Amplify , use the CloudFront limit.
4725
4263
 
4726
4264
  For information about how to handle oversized request bodies, see the ``JsonBody`` object configuration.
4727
4265
 
@@ -4780,6 +4318,21 @@ class CfnRuleGroup(
4780
4318
  result = self._values.get("single_query_argument")
4781
4319
  return typing.cast(typing.Any, result)
4782
4320
 
4321
+ @builtins.property
4322
+ def uri_fragment(
4323
+ self,
4324
+ ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.UriFragmentProperty"]]:
4325
+ '''Inspect fragments of the request URI.
4326
+
4327
+ You must configure scope and pattern matching filters in the ``UriFragment`` object, to define the fragment of a URI that AWS WAF inspects.
4328
+
4329
+ Only the first 8 KB (8192 bytes) of a request's URI fragments and only the first 200 URI fragments are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize URI fragment content in the ``UriFragment`` object. AWS WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.
4330
+
4331
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-fieldtomatch.html#cfn-wafv2-rulegroup-fieldtomatch-urifragment
4332
+ '''
4333
+ result = self._values.get("uri_fragment")
4334
+ return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.UriFragmentProperty"]], result)
4335
+
4783
4336
  @builtins.property
4784
4337
  def uri_path(self) -> typing.Any:
4785
4338
  '''Inspect the request URI path.
@@ -5646,7 +5199,7 @@ class CfnRuleGroup(
5646
5199
  :param match_pattern: The patterns to look for in the JSON body. AWS WAF inspects the results of these pattern matches against the rule inspection criteria.
5647
5200
  :param match_scope: The parts of the JSON to match against using the ``MatchPattern`` . If you specify ``ALL`` , AWS WAF matches against keys and values. ``All`` does not require a match to be found in the keys and a match to be found in the values. It requires a match to be found in the keys or the values or both. To require a match in the keys and in the values, use a logical ``AND`` statement to combine two match rules, one that inspects the keys and another that inspects the values.
5648
5201
  :param invalid_fallback_behavior: What AWS WAF should do if it fails to completely parse the JSON body. The options are the following:. - ``EVALUATE_AS_STRING`` - Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters. .. epigraph:: AWS WAF parsing doesn't fully validate the input JSON string, so parsing can succeed even for invalid JSON. When parsing succeeds, AWS WAF doesn't apply the fallback behavior. For more information, see `JSON body <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body>`_ in the *AWS WAF Developer Guide* .
5649
- :param oversize_handling: What AWS WAF should do if the body is larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. The options for oversize handling are the following: - ``CONTINUE`` - Inspect the available body contents normally, according to the rule inspection criteria. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. You can combine the ``MATCH`` or ``NO_MATCH`` settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit. Default: ``CONTINUE``
5202
+ :param oversize_handling: What AWS WAF should do if the body is larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. - For AWS Amplify , use the CloudFront limit. The options for oversize handling are the following: - ``CONTINUE`` - Inspect the available body contents normally, according to the rule inspection criteria. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. You can combine the ``MATCH`` or ``NO_MATCH`` settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit. Default: ``CONTINUE``
5650
5203
 
5651
5204
  :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-jsonbody.html
5652
5205
  :exampleMetadata: fixture=_generated
@@ -5740,6 +5293,7 @@ class CfnRuleGroup(
5740
5293
 
5741
5294
  - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
5742
5295
  - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees.
5296
+ - For AWS Amplify , use the CloudFront limit.
5743
5297
 
5744
5298
  The options for oversize handling are the following:
5745
5299
 
@@ -6122,6 +5676,9 @@ class CfnRuleGroup(
6122
5676
  query_string=query_string,
6123
5677
  single_header=single_header,
6124
5678
  single_query_argument=single_query_argument,
5679
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
5680
+ fallback_behavior="fallbackBehavior"
5681
+ ),
6125
5682
  uri_path=uri_path
6126
5683
  ),
6127
5684
  positional_constraint="positionalConstraint",
@@ -6263,6 +5820,9 @@ class CfnRuleGroup(
6263
5820
  query_string=query_string,
6264
5821
  single_header=single_header,
6265
5822
  single_query_argument=single_query_argument,
5823
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
5824
+ fallback_behavior="fallbackBehavior"
5825
+ ),
6266
5826
  uri_path=uri_path
6267
5827
  ),
6268
5828
  regex_string="regexString",
@@ -6317,6 +5877,9 @@ class CfnRuleGroup(
6317
5877
  query_string=query_string,
6318
5878
  single_header=single_header,
6319
5879
  single_query_argument=single_query_argument,
5880
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
5881
+ fallback_behavior="fallbackBehavior"
5882
+ ),
6320
5883
  uri_path=uri_path
6321
5884
  ),
6322
5885
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -6370,6 +5933,9 @@ class CfnRuleGroup(
6370
5933
  query_string=query_string,
6371
5934
  single_header=single_header,
6372
5935
  single_query_argument=single_query_argument,
5936
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
5937
+ fallback_behavior="fallbackBehavior"
5938
+ ),
6373
5939
  uri_path=uri_path
6374
5940
  ),
6375
5941
  size=123,
@@ -6423,6 +5989,9 @@ class CfnRuleGroup(
6423
5989
  query_string=query_string,
6424
5990
  single_header=single_header,
6425
5991
  single_query_argument=single_query_argument,
5992
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
5993
+ fallback_behavior="fallbackBehavior"
5994
+ ),
6426
5995
  uri_path=uri_path
6427
5996
  ),
6428
5997
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -6478,6 +6047,9 @@ class CfnRuleGroup(
6478
6047
  query_string=query_string,
6479
6048
  single_header=single_header,
6480
6049
  single_query_argument=single_query_argument,
6050
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
6051
+ fallback_behavior="fallbackBehavior"
6052
+ ),
6481
6053
  uri_path=uri_path
6482
6054
  ),
6483
6055
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -6609,6 +6181,9 @@ class CfnRuleGroup(
6609
6181
  query_string=query_string,
6610
6182
  single_header=single_header,
6611
6183
  single_query_argument=single_query_argument,
6184
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
6185
+ fallback_behavior="fallbackBehavior"
6186
+ ),
6612
6187
  uri_path=uri_path
6613
6188
  ),
6614
6189
  positional_constraint="positionalConstraint",
@@ -6750,6 +6325,9 @@ class CfnRuleGroup(
6750
6325
  query_string=query_string,
6751
6326
  single_header=single_header,
6752
6327
  single_query_argument=single_query_argument,
6328
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
6329
+ fallback_behavior="fallbackBehavior"
6330
+ ),
6753
6331
  uri_path=uri_path
6754
6332
  ),
6755
6333
  regex_string="regexString",
@@ -6804,6 +6382,9 @@ class CfnRuleGroup(
6804
6382
  query_string=query_string,
6805
6383
  single_header=single_header,
6806
6384
  single_query_argument=single_query_argument,
6385
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
6386
+ fallback_behavior="fallbackBehavior"
6387
+ ),
6807
6388
  uri_path=uri_path
6808
6389
  ),
6809
6390
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -6857,6 +6438,9 @@ class CfnRuleGroup(
6857
6438
  query_string=query_string,
6858
6439
  single_header=single_header,
6859
6440
  single_query_argument=single_query_argument,
6441
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
6442
+ fallback_behavior="fallbackBehavior"
6443
+ ),
6860
6444
  uri_path=uri_path
6861
6445
  ),
6862
6446
  size=123,
@@ -6910,6 +6494,9 @@ class CfnRuleGroup(
6910
6494
  query_string=query_string,
6911
6495
  single_header=single_header,
6912
6496
  single_query_argument=single_query_argument,
6497
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
6498
+ fallback_behavior="fallbackBehavior"
6499
+ ),
6913
6500
  uri_path=uri_path
6914
6501
  ),
6915
6502
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -6965,6 +6552,9 @@ class CfnRuleGroup(
6965
6552
  query_string=query_string,
6966
6553
  single_header=single_header,
6967
6554
  single_query_argument=single_query_argument,
6555
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
6556
+ fallback_behavior="fallbackBehavior"
6557
+ ),
6968
6558
  uri_path=uri_path
6969
6559
  ),
6970
6560
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -7513,6 +7103,9 @@ class CfnRuleGroup(
7513
7103
  query_string=query_string,
7514
7104
  single_header=single_header,
7515
7105
  single_query_argument=single_query_argument,
7106
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
7107
+ fallback_behavior="fallbackBehavior"
7108
+ ),
7516
7109
  uri_path=uri_path
7517
7110
  ),
7518
7111
  positional_constraint="positionalConstraint",
@@ -7598,6 +7191,9 @@ class CfnRuleGroup(
7598
7191
  query_string=query_string,
7599
7192
  single_header=single_header,
7600
7193
  single_query_argument=single_query_argument,
7194
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
7195
+ fallback_behavior="fallbackBehavior"
7196
+ ),
7601
7197
  uri_path=uri_path
7602
7198
  ),
7603
7199
  regex_string="regexString",
@@ -7652,6 +7248,9 @@ class CfnRuleGroup(
7652
7248
  query_string=query_string,
7653
7249
  single_header=single_header,
7654
7250
  single_query_argument=single_query_argument,
7251
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
7252
+ fallback_behavior="fallbackBehavior"
7253
+ ),
7655
7254
  uri_path=uri_path
7656
7255
  ),
7657
7256
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -7705,6 +7304,9 @@ class CfnRuleGroup(
7705
7304
  query_string=query_string,
7706
7305
  single_header=single_header,
7707
7306
  single_query_argument=single_query_argument,
7307
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
7308
+ fallback_behavior="fallbackBehavior"
7309
+ ),
7708
7310
  uri_path=uri_path
7709
7311
  ),
7710
7312
  size=123,
@@ -7758,6 +7360,9 @@ class CfnRuleGroup(
7758
7360
  query_string=query_string,
7759
7361
  single_header=single_header,
7760
7362
  single_query_argument=single_query_argument,
7363
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
7364
+ fallback_behavior="fallbackBehavior"
7365
+ ),
7761
7366
  uri_path=uri_path
7762
7367
  ),
7763
7368
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -7813,6 +7418,9 @@ class CfnRuleGroup(
7813
7418
  query_string=query_string,
7814
7419
  single_header=single_header,
7815
7420
  single_query_argument=single_query_argument,
7421
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
7422
+ fallback_behavior="fallbackBehavior"
7423
+ ),
7816
7424
  uri_path=uri_path
7817
7425
  ),
7818
7426
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -8594,6 +8202,9 @@ class CfnRuleGroup(
8594
8202
  query_string=query_string,
8595
8203
  single_header=single_header,
8596
8204
  single_query_argument=single_query_argument,
8205
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
8206
+ fallback_behavior="fallbackBehavior"
8207
+ ),
8597
8208
  uri_path=uri_path
8598
8209
  ),
8599
8210
  regex_string="regexString",
@@ -8751,6 +8362,9 @@ class CfnRuleGroup(
8751
8362
  query_string=query_string,
8752
8363
  single_header=single_header,
8753
8364
  single_query_argument=single_query_argument,
8365
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
8366
+ fallback_behavior="fallbackBehavior"
8367
+ ),
8754
8368
  uri_path=uri_path
8755
8369
  ),
8756
8370
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -9077,6 +8691,9 @@ class CfnRuleGroup(
9077
8691
  query_string=query_string,
9078
8692
  single_header=single_header,
9079
8693
  single_query_argument=single_query_argument,
8694
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
8695
+ fallback_behavior="fallbackBehavior"
8696
+ ),
9080
8697
  uri_path=uri_path
9081
8698
  ),
9082
8699
  positional_constraint="positionalConstraint",
@@ -9220,6 +8837,9 @@ class CfnRuleGroup(
9220
8837
  query_string=query_string,
9221
8838
  single_header=single_header,
9222
8839
  single_query_argument=single_query_argument,
8840
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
8841
+ fallback_behavior="fallbackBehavior"
8842
+ ),
9223
8843
  uri_path=uri_path
9224
8844
  ),
9225
8845
  regex_string="regexString",
@@ -9274,6 +8894,9 @@ class CfnRuleGroup(
9274
8894
  query_string=query_string,
9275
8895
  single_header=single_header,
9276
8896
  single_query_argument=single_query_argument,
8897
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
8898
+ fallback_behavior="fallbackBehavior"
8899
+ ),
9277
8900
  uri_path=uri_path
9278
8901
  ),
9279
8902
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -9327,6 +8950,9 @@ class CfnRuleGroup(
9327
8950
  query_string=query_string,
9328
8951
  single_header=single_header,
9329
8952
  single_query_argument=single_query_argument,
8953
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
8954
+ fallback_behavior="fallbackBehavior"
8955
+ ),
9330
8956
  uri_path=uri_path
9331
8957
  ),
9332
8958
  size=123,
@@ -9380,6 +9006,9 @@ class CfnRuleGroup(
9380
9006
  query_string=query_string,
9381
9007
  single_header=single_header,
9382
9008
  single_query_argument=single_query_argument,
9009
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
9010
+ fallback_behavior="fallbackBehavior"
9011
+ ),
9383
9012
  uri_path=uri_path
9384
9013
  ),
9385
9014
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -9435,6 +9064,9 @@ class CfnRuleGroup(
9435
9064
  query_string=query_string,
9436
9065
  single_header=single_header,
9437
9066
  single_query_argument=single_query_argument,
9067
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
9068
+ fallback_behavior="fallbackBehavior"
9069
+ ),
9438
9070
  uri_path=uri_path
9439
9071
  ),
9440
9072
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -9837,6 +9469,9 @@ class CfnRuleGroup(
9837
9469
  query_string=query_string,
9838
9470
  single_header=single_header,
9839
9471
  single_query_argument=single_query_argument,
9472
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
9473
+ fallback_behavior="fallbackBehavior"
9474
+ ),
9840
9475
  uri_path=uri_path
9841
9476
  ),
9842
9477
  size=123,
@@ -10003,6 +9638,9 @@ class CfnRuleGroup(
10003
9638
  query_string=query_string,
10004
9639
  single_header=single_header,
10005
9640
  single_query_argument=single_query_argument,
9641
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
9642
+ fallback_behavior="fallbackBehavior"
9643
+ ),
10006
9644
  uri_path=uri_path
10007
9645
  ),
10008
9646
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -10201,6 +9839,9 @@ class CfnRuleGroup(
10201
9839
  query_string=query_string,
10202
9840
  single_header=single_header,
10203
9841
  single_query_argument=single_query_argument,
9842
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
9843
+ fallback_behavior="fallbackBehavior"
9844
+ ),
10204
9845
  uri_path=uri_path
10205
9846
  ),
10206
9847
  positional_constraint="positionalConstraint",
@@ -10344,6 +9985,9 @@ class CfnRuleGroup(
10344
9985
  query_string=query_string,
10345
9986
  single_header=single_header,
10346
9987
  single_query_argument=single_query_argument,
9988
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
9989
+ fallback_behavior="fallbackBehavior"
9990
+ ),
10347
9991
  uri_path=uri_path
10348
9992
  ),
10349
9993
  regex_string="regexString",
@@ -10398,6 +10042,9 @@ class CfnRuleGroup(
10398
10042
  query_string=query_string,
10399
10043
  single_header=single_header,
10400
10044
  single_query_argument=single_query_argument,
10045
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
10046
+ fallback_behavior="fallbackBehavior"
10047
+ ),
10401
10048
  uri_path=uri_path
10402
10049
  ),
10403
10050
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -10451,6 +10098,9 @@ class CfnRuleGroup(
10451
10098
  query_string=query_string,
10452
10099
  single_header=single_header,
10453
10100
  single_query_argument=single_query_argument,
10101
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
10102
+ fallback_behavior="fallbackBehavior"
10103
+ ),
10454
10104
  uri_path=uri_path
10455
10105
  ),
10456
10106
  size=123,
@@ -10504,6 +10154,9 @@ class CfnRuleGroup(
10504
10154
  query_string=query_string,
10505
10155
  single_header=single_header,
10506
10156
  single_query_argument=single_query_argument,
10157
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
10158
+ fallback_behavior="fallbackBehavior"
10159
+ ),
10507
10160
  uri_path=uri_path
10508
10161
  ),
10509
10162
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -10559,6 +10212,9 @@ class CfnRuleGroup(
10559
10212
  query_string=query_string,
10560
10213
  single_header=single_header,
10561
10214
  single_query_argument=single_query_argument,
10215
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
10216
+ fallback_behavior="fallbackBehavior"
10217
+ ),
10562
10218
  uri_path=uri_path
10563
10219
  ),
10564
10220
  text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
@@ -10915,6 +10571,78 @@ class CfnRuleGroup(
10915
10571
  k + "=" + repr(v) for k, v in self._values.items()
10916
10572
  )
10917
10573
 
10574
+ @jsii.data_type(
10575
+ jsii_type="aws-cdk-lib.aws_wafv2.CfnRuleGroup.UriFragmentProperty",
10576
+ jsii_struct_bases=[],
10577
+ name_mapping={"fallback_behavior": "fallbackBehavior"},
10578
+ )
10579
+ class UriFragmentProperty:
10580
+ def __init__(
10581
+ self,
10582
+ *,
10583
+ fallback_behavior: typing.Optional[builtins.str] = None,
10584
+ ) -> None:
10585
+ '''Inspect fragments of the request URI.
10586
+
10587
+ You can specify the parts of the URI fragment to inspect and you can narrow the set of URI fragments to inspect by including or excluding specific keys.
10588
+
10589
+ This is used to indicate the web request component to inspect, in the ``FieldToMatch`` specification.
10590
+
10591
+ Example JSON: ``"UriFragment": { "MatchPattern": { "All": {} }, "MatchScope": "KEY", "OversizeHandling": "MATCH" }``
10592
+
10593
+ :param fallback_behavior: What AWS WAF should do if it fails to completely parse the JSON body. The options are the following:. - ``EVALUATE_AS_STRING`` - Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters. Example JSON: ``{ "UriFragment": { "FallbackBehavior": "MATCH"} }`` .. epigraph:: AWS WAF parsing doesn't fully validate the input JSON string, so parsing can succeed even for invalid JSON. When parsing succeeds, AWS WAF doesn't apply the fallback behavior. For more information, see `JSON body <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body>`_ in the *AWS WAF Developer Guide* .
10594
+
10595
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-urifragment.html
10596
+ :exampleMetadata: fixture=_generated
10597
+
10598
+ Example::
10599
+
10600
+ # The code below shows an example of how to instantiate this type.
10601
+ # The values are placeholders you should change.
10602
+ from aws_cdk import aws_wafv2 as wafv2
10603
+
10604
+ uri_fragment_property = wafv2.CfnRuleGroup.UriFragmentProperty(
10605
+ fallback_behavior="fallbackBehavior"
10606
+ )
10607
+ '''
10608
+ if __debug__:
10609
+ type_hints = typing.get_type_hints(_typecheckingstub__fe1c476d259659923a1664b8e966720fc48cf48f725562b81ef2c02997f8998a)
10610
+ check_type(argname="argument fallback_behavior", value=fallback_behavior, expected_type=type_hints["fallback_behavior"])
10611
+ self._values: typing.Dict[builtins.str, typing.Any] = {}
10612
+ if fallback_behavior is not None:
10613
+ self._values["fallback_behavior"] = fallback_behavior
10614
+
10615
+ @builtins.property
10616
+ def fallback_behavior(self) -> typing.Optional[builtins.str]:
10617
+ '''What AWS WAF should do if it fails to completely parse the JSON body. The options are the following:.
10618
+
10619
+ - ``EVALUATE_AS_STRING`` - Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string.
10620
+ - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
10621
+ - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
10622
+
10623
+ If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters.
10624
+
10625
+ Example JSON: ``{ "UriFragment": { "FallbackBehavior": "MATCH"} }``
10626
+ .. epigraph::
10627
+
10628
+ AWS WAF parsing doesn't fully validate the input JSON string, so parsing can succeed even for invalid JSON. When parsing succeeds, AWS WAF doesn't apply the fallback behavior. For more information, see `JSON body <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body>`_ in the *AWS WAF Developer Guide* .
10629
+
10630
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-urifragment.html#cfn-wafv2-rulegroup-urifragment-fallbackbehavior
10631
+ '''
10632
+ result = self._values.get("fallback_behavior")
10633
+ return typing.cast(typing.Optional[builtins.str], result)
10634
+
10635
+ def __eq__(self, rhs: typing.Any) -> builtins.bool:
10636
+ return isinstance(rhs, self.__class__) and rhs._values == self._values
10637
+
10638
+ def __ne__(self, rhs: typing.Any) -> builtins.bool:
10639
+ return not (rhs == self)
10640
+
10641
+ def __repr__(self) -> str:
10642
+ return "UriFragmentProperty(%s)" % ", ".join(
10643
+ k + "=" + repr(v) for k, v in self._values.items()
10644
+ )
10645
+
10918
10646
  @jsii.data_type(
10919
10647
  jsii_type="aws-cdk-lib.aws_wafv2.CfnRuleGroup.VisibilityConfigProperty",
10920
10648
  jsii_struct_bases=[],
@@ -11077,636 +10805,144 @@ class CfnRuleGroup(
11077
10805
  match_scope="matchScope",
11078
10806
  oversize_handling="oversizeHandling"
11079
10807
  ),
11080
- headers=wafv2.CfnRuleGroup.HeadersProperty(
11081
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
11082
- all=all,
11083
- excluded_headers=["excludedHeaders"],
11084
- included_headers=["includedHeaders"]
11085
- ),
11086
- match_scope="matchScope",
11087
- oversize_handling="oversizeHandling"
11088
- ),
11089
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
11090
- fallback_behavior="fallbackBehavior"
11091
- ),
11092
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
11093
- fallback_behavior="fallbackBehavior"
11094
- ),
11095
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
11096
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
11097
- all=all,
11098
- included_paths=["includedPaths"]
11099
- ),
11100
- match_scope="matchScope",
11101
-
11102
- # the properties below are optional
11103
- invalid_fallback_behavior="invalidFallbackBehavior",
11104
- oversize_handling="oversizeHandling"
11105
- ),
11106
- method=method,
11107
- query_string=query_string,
11108
- single_header=single_header,
11109
- single_query_argument=single_query_argument,
11110
- uri_path=uri_path
11111
- ),
11112
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11113
- priority=123,
11114
- type="type"
11115
- )]
11116
- )
11117
- '''
11118
- if __debug__:
11119
- type_hints = typing.get_type_hints(_typecheckingstub__e502ec1c8bc4096eb797b55f6c0a1f9c506e23db360770a855cc273d36ce4b4a)
11120
- check_type(argname="argument field_to_match", value=field_to_match, expected_type=type_hints["field_to_match"])
11121
- check_type(argname="argument text_transformations", value=text_transformations, expected_type=type_hints["text_transformations"])
11122
- self._values: typing.Dict[builtins.str, typing.Any] = {
11123
- "field_to_match": field_to_match,
11124
- "text_transformations": text_transformations,
11125
- }
11126
-
11127
- @builtins.property
11128
- def field_to_match(
11129
- self,
11130
- ) -> typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.FieldToMatchProperty"]:
11131
- '''The part of the web request that you want AWS WAF to inspect.
11132
-
11133
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-xssmatchstatement.html#cfn-wafv2-rulegroup-xssmatchstatement-fieldtomatch
11134
- '''
11135
- result = self._values.get("field_to_match")
11136
- assert result is not None, "Required property 'field_to_match' is missing"
11137
- return typing.cast(typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.FieldToMatchProperty"], result)
11138
-
11139
- @builtins.property
11140
- def text_transformations(
11141
- self,
11142
- ) -> typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.TextTransformationProperty"]]]:
11143
- '''Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.
11144
-
11145
- If you specify one or more transformations in a rule statement, AWS WAF performs all transformations on the content of the request component identified by ``FieldToMatch`` , starting from the lowest priority setting, before inspecting the content for a match.
11146
-
11147
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-xssmatchstatement.html#cfn-wafv2-rulegroup-xssmatchstatement-texttransformations
11148
- '''
11149
- result = self._values.get("text_transformations")
11150
- assert result is not None, "Required property 'text_transformations' is missing"
11151
- return typing.cast(typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.TextTransformationProperty"]]], result)
11152
-
11153
- def __eq__(self, rhs: typing.Any) -> builtins.bool:
11154
- return isinstance(rhs, self.__class__) and rhs._values == self._values
11155
-
11156
- def __ne__(self, rhs: typing.Any) -> builtins.bool:
11157
- return not (rhs == self)
11158
-
11159
- def __repr__(self) -> str:
11160
- return "XssMatchStatementProperty(%s)" % ", ".join(
11161
- k + "=" + repr(v) for k, v in self._values.items()
11162
- )
11163
-
11164
-
11165
- @jsii.data_type(
11166
- jsii_type="aws-cdk-lib.aws_wafv2.CfnRuleGroupProps",
11167
- jsii_struct_bases=[],
11168
- name_mapping={
11169
- "capacity": "capacity",
11170
- "scope": "scope",
11171
- "visibility_config": "visibilityConfig",
11172
- "available_labels": "availableLabels",
11173
- "consumed_labels": "consumedLabels",
11174
- "custom_response_bodies": "customResponseBodies",
11175
- "description": "description",
11176
- "name": "name",
11177
- "rules": "rules",
11178
- "tags": "tags",
11179
- },
11180
- )
11181
- class CfnRuleGroupProps:
11182
- def __init__(
11183
- self,
11184
- *,
11185
- capacity: jsii.Number,
11186
- scope: builtins.str,
11187
- visibility_config: typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.VisibilityConfigProperty, typing.Dict[builtins.str, typing.Any]]],
11188
- available_labels: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.LabelSummaryProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
11189
- consumed_labels: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.LabelSummaryProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
11190
- custom_response_bodies: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.CustomResponseBodyProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
11191
- description: typing.Optional[builtins.str] = None,
11192
- name: typing.Optional[builtins.str] = None,
11193
- rules: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.RuleProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
11194
- tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
11195
- ) -> None:
11196
- '''Properties for defining a ``CfnRuleGroup``.
11197
-
11198
- :param capacity: The web ACL capacity units (WCUs) required for this rule group. When you create your own rule group, you define this, and you cannot change it after creation. When you add or modify the rules in a rule group, AWS WAF enforces this limit. AWS WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. AWS WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. The WCU limit for web ACLs is 1,500.
11199
- :param scope: Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance. Valid Values are ``CLOUDFRONT`` and ``REGIONAL`` . .. epigraph:: For ``CLOUDFRONT`` , you must create your WAFv2 resources in the US East (N. Virginia) Region, ``us-east-1`` .
11200
- :param visibility_config: Defines and enables Amazon CloudWatch metrics and web request sample collection.
11201
- :param available_labels: The labels that one or more rules in this rule group add to matching web requests. These labels are defined in the ``RuleLabels`` for a ``Rule`` .
11202
- :param consumed_labels: The labels that one or more rules in this rule group match against in label match statements. These labels are defined in a ``LabelMatchStatement`` specification, in the ``Statement`` definition of a rule.
11203
- :param custom_response_bodies: A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the rule group, and then use them in the rules that you define in the rule group. For information about customizing web requests and responses, see `Customizing web requests and responses in AWS WAF <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html>`_ in the *AWS WAF Developer Guide* . For information about the limits on count and size for custom request and response settings, see `AWS WAF quotas <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html>`_ in the *AWS WAF Developer Guide* .
11204
- :param description: A description of the rule group that helps with identification.
11205
- :param name: The name of the rule group. You cannot change the name of a rule group after you create it.
11206
- :param rules: The rule statements used to identify the web requests that you want to allow, block, or count. Each rule includes one top-level statement that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.
11207
- :param tags: Key:value pairs associated with an AWS resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each AWS resource. .. epigraph:: To modify tags on existing resources, use the AWS WAF APIs or command line interface. With AWS CloudFormation , you can only add tags to AWS WAF resources during resource creation.
11208
-
11209
- :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-rulegroup.html
11210
- :exampleMetadata: fixture=_generated
11211
-
11212
- Example::
11213
-
11214
- # The code below shows an example of how to instantiate this type.
11215
- # The values are placeholders you should change.
11216
- from aws_cdk import aws_wafv2 as wafv2
11217
-
11218
- # all: Any
11219
- # allow: Any
11220
- # all_query_arguments: Any
11221
- # block: Any
11222
- # captcha: Any
11223
- # challenge: Any
11224
- # count: Any
11225
- # forwarded_ip: Any
11226
- # http_method: Any
11227
- # ip: Any
11228
- # method: Any
11229
- # query_string: Any
11230
- # single_header: Any
11231
- # single_query_argument: Any
11232
- # statement_property_: wafv2.CfnRuleGroup.StatementProperty
11233
- # uri_path: Any
11234
-
11235
- cfn_rule_group_props = wafv2.CfnRuleGroupProps(
11236
- capacity=123,
11237
- scope="scope",
11238
- visibility_config=wafv2.CfnRuleGroup.VisibilityConfigProperty(
11239
- cloud_watch_metrics_enabled=False,
11240
- metric_name="metricName",
11241
- sampled_requests_enabled=False
11242
- ),
11243
-
11244
- # the properties below are optional
11245
- available_labels=[wafv2.CfnRuleGroup.LabelSummaryProperty(
11246
- name="name"
11247
- )],
11248
- consumed_labels=[wafv2.CfnRuleGroup.LabelSummaryProperty(
11249
- name="name"
11250
- )],
11251
- custom_response_bodies={
11252
- "custom_response_bodies_key": wafv2.CfnRuleGroup.CustomResponseBodyProperty(
11253
- content="content",
11254
- content_type="contentType"
11255
- )
11256
- },
11257
- description="description",
11258
- name="name",
11259
- rules=[wafv2.CfnRuleGroup.RuleProperty(
11260
- name="name",
11261
- priority=123,
11262
- statement=wafv2.CfnRuleGroup.StatementProperty(
11263
- and_statement=wafv2.CfnRuleGroup.AndStatementProperty(
11264
- statements=[statement_property_]
11265
- ),
11266
- byte_match_statement=wafv2.CfnRuleGroup.ByteMatchStatementProperty(
11267
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
11268
- all_query_arguments=all_query_arguments,
11269
- body=wafv2.CfnRuleGroup.BodyProperty(
11270
- oversize_handling="oversizeHandling"
11271
- ),
11272
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
11273
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
11274
- all=all,
11275
- excluded_cookies=["excludedCookies"],
11276
- included_cookies=["includedCookies"]
11277
- ),
11278
- match_scope="matchScope",
11279
- oversize_handling="oversizeHandling"
11280
- ),
11281
- headers=wafv2.CfnRuleGroup.HeadersProperty(
11282
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
11283
- all=all,
11284
- excluded_headers=["excludedHeaders"],
11285
- included_headers=["includedHeaders"]
11286
- ),
11287
- match_scope="matchScope",
11288
- oversize_handling="oversizeHandling"
11289
- ),
11290
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
11291
- fallback_behavior="fallbackBehavior"
11292
- ),
11293
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
11294
- fallback_behavior="fallbackBehavior"
11295
- ),
11296
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
11297
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
11298
- all=all,
11299
- included_paths=["includedPaths"]
11300
- ),
11301
- match_scope="matchScope",
11302
-
11303
- # the properties below are optional
11304
- invalid_fallback_behavior="invalidFallbackBehavior",
11305
- oversize_handling="oversizeHandling"
11306
- ),
11307
- method=method,
11308
- query_string=query_string,
11309
- single_header=single_header,
11310
- single_query_argument=single_query_argument,
11311
- uri_path=uri_path
11312
- ),
11313
- positional_constraint="positionalConstraint",
11314
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11315
- priority=123,
11316
- type="type"
11317
- )],
11318
-
11319
- # the properties below are optional
11320
- search_string="searchString",
11321
- search_string_base64="searchStringBase64"
11322
- ),
11323
- geo_match_statement=wafv2.CfnRuleGroup.GeoMatchStatementProperty(
11324
- country_codes=["countryCodes"],
11325
- forwarded_ip_config=wafv2.CfnRuleGroup.ForwardedIPConfigurationProperty(
11326
- fallback_behavior="fallbackBehavior",
11327
- header_name="headerName"
11328
- )
11329
- ),
11330
- ip_set_reference_statement={
11331
- "arn": "arn",
11332
-
11333
- # the properties below are optional
11334
- "ip_set_forwarded_ip_config": {
11335
- "fallback_behavior": "fallbackBehavior",
11336
- "header_name": "headerName",
11337
- "position": "position"
11338
- }
11339
- },
11340
- label_match_statement=wafv2.CfnRuleGroup.LabelMatchStatementProperty(
11341
- key="key",
11342
- scope="scope"
11343
- ),
11344
- not_statement=wafv2.CfnRuleGroup.NotStatementProperty(
11345
- statement=statement_property_
11346
- ),
11347
- or_statement=wafv2.CfnRuleGroup.OrStatementProperty(
11348
- statements=[statement_property_]
11349
- ),
11350
- rate_based_statement=wafv2.CfnRuleGroup.RateBasedStatementProperty(
11351
- aggregate_key_type="aggregateKeyType",
11352
- limit=123,
11353
-
11354
- # the properties below are optional
11355
- custom_keys=[wafv2.CfnRuleGroup.RateBasedStatementCustomKeyProperty(
11356
- cookie=wafv2.CfnRuleGroup.RateLimitCookieProperty(
11357
- name="name",
11358
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11359
- priority=123,
11360
- type="type"
11361
- )]
11362
- ),
11363
- forwarded_ip=forwarded_ip,
11364
- header=wafv2.CfnRuleGroup.RateLimitHeaderProperty(
11365
- name="name",
11366
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11367
- priority=123,
11368
- type="type"
11369
- )]
11370
- ),
11371
- http_method=http_method,
11372
- ip=ip,
11373
- ja3_fingerprint=wafv2.CfnRuleGroup.RateLimitJA3FingerprintProperty(
11374
- fallback_behavior="fallbackBehavior"
11375
- ),
11376
- ja4_fingerprint=wafv2.CfnRuleGroup.RateLimitJA4FingerprintProperty(
11377
- fallback_behavior="fallbackBehavior"
11378
- ),
11379
- label_namespace=wafv2.CfnRuleGroup.RateLimitLabelNamespaceProperty(
11380
- namespace="namespace"
11381
- ),
11382
- query_argument=wafv2.CfnRuleGroup.RateLimitQueryArgumentProperty(
11383
- name="name",
11384
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11385
- priority=123,
11386
- type="type"
11387
- )]
11388
- ),
11389
- query_string=wafv2.CfnRuleGroup.RateLimitQueryStringProperty(
11390
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11391
- priority=123,
11392
- type="type"
11393
- )]
11394
- ),
11395
- uri_path=wafv2.CfnRuleGroup.RateLimitUriPathProperty(
11396
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11397
- priority=123,
11398
- type="type"
11399
- )]
11400
- )
11401
- )],
11402
- evaluation_window_sec=123,
11403
- forwarded_ip_config=wafv2.CfnRuleGroup.ForwardedIPConfigurationProperty(
11404
- fallback_behavior="fallbackBehavior",
11405
- header_name="headerName"
11406
- ),
11407
- scope_down_statement=statement_property_
11408
- ),
11409
- regex_match_statement=wafv2.CfnRuleGroup.RegexMatchStatementProperty(
11410
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
11411
- all_query_arguments=all_query_arguments,
11412
- body=wafv2.CfnRuleGroup.BodyProperty(
11413
- oversize_handling="oversizeHandling"
11414
- ),
11415
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
11416
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
11417
- all=all,
11418
- excluded_cookies=["excludedCookies"],
11419
- included_cookies=["includedCookies"]
11420
- ),
11421
- match_scope="matchScope",
11422
- oversize_handling="oversizeHandling"
11423
- ),
11424
- headers=wafv2.CfnRuleGroup.HeadersProperty(
11425
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
11426
- all=all,
11427
- excluded_headers=["excludedHeaders"],
11428
- included_headers=["includedHeaders"]
11429
- ),
11430
- match_scope="matchScope",
11431
- oversize_handling="oversizeHandling"
11432
- ),
11433
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
11434
- fallback_behavior="fallbackBehavior"
11435
- ),
11436
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
11437
- fallback_behavior="fallbackBehavior"
11438
- ),
11439
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
11440
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
11441
- all=all,
11442
- included_paths=["includedPaths"]
11443
- ),
11444
- match_scope="matchScope",
11445
-
11446
- # the properties below are optional
11447
- invalid_fallback_behavior="invalidFallbackBehavior",
11448
- oversize_handling="oversizeHandling"
11449
- ),
11450
- method=method,
11451
- query_string=query_string,
11452
- single_header=single_header,
11453
- single_query_argument=single_query_argument,
11454
- uri_path=uri_path
11455
- ),
11456
- regex_string="regexString",
11457
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11458
- priority=123,
11459
- type="type"
11460
- )]
11461
- ),
11462
- regex_pattern_set_reference_statement=wafv2.CfnRuleGroup.RegexPatternSetReferenceStatementProperty(
11463
- arn="arn",
11464
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
11465
- all_query_arguments=all_query_arguments,
11466
- body=wafv2.CfnRuleGroup.BodyProperty(
11467
- oversize_handling="oversizeHandling"
11468
- ),
11469
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
11470
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
11471
- all=all,
11472
- excluded_cookies=["excludedCookies"],
11473
- included_cookies=["includedCookies"]
11474
- ),
11475
- match_scope="matchScope",
11476
- oversize_handling="oversizeHandling"
11477
- ),
11478
- headers=wafv2.CfnRuleGroup.HeadersProperty(
11479
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
11480
- all=all,
11481
- excluded_headers=["excludedHeaders"],
11482
- included_headers=["includedHeaders"]
11483
- ),
11484
- match_scope="matchScope",
11485
- oversize_handling="oversizeHandling"
11486
- ),
11487
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
11488
- fallback_behavior="fallbackBehavior"
11489
- ),
11490
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
11491
- fallback_behavior="fallbackBehavior"
11492
- ),
11493
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
11494
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
11495
- all=all,
11496
- included_paths=["includedPaths"]
11497
- ),
11498
- match_scope="matchScope",
11499
-
11500
- # the properties below are optional
11501
- invalid_fallback_behavior="invalidFallbackBehavior",
11502
- oversize_handling="oversizeHandling"
11503
- ),
11504
- method=method,
11505
- query_string=query_string,
11506
- single_header=single_header,
11507
- single_query_argument=single_query_argument,
11508
- uri_path=uri_path
11509
- ),
11510
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11511
- priority=123,
11512
- type="type"
11513
- )]
11514
- ),
11515
- size_constraint_statement=wafv2.CfnRuleGroup.SizeConstraintStatementProperty(
11516
- comparison_operator="comparisonOperator",
11517
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
11518
- all_query_arguments=all_query_arguments,
11519
- body=wafv2.CfnRuleGroup.BodyProperty(
11520
- oversize_handling="oversizeHandling"
11521
- ),
11522
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
11523
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
11524
- all=all,
11525
- excluded_cookies=["excludedCookies"],
11526
- included_cookies=["includedCookies"]
11527
- ),
11528
- match_scope="matchScope",
11529
- oversize_handling="oversizeHandling"
11530
- ),
11531
- headers=wafv2.CfnRuleGroup.HeadersProperty(
11532
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
11533
- all=all,
11534
- excluded_headers=["excludedHeaders"],
11535
- included_headers=["includedHeaders"]
11536
- ),
11537
- match_scope="matchScope",
11538
- oversize_handling="oversizeHandling"
11539
- ),
11540
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
11541
- fallback_behavior="fallbackBehavior"
11542
- ),
11543
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
11544
- fallback_behavior="fallbackBehavior"
11545
- ),
11546
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
11547
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
11548
- all=all,
11549
- included_paths=["includedPaths"]
11550
- ),
11551
- match_scope="matchScope",
11552
-
11553
- # the properties below are optional
11554
- invalid_fallback_behavior="invalidFallbackBehavior",
11555
- oversize_handling="oversizeHandling"
11556
- ),
11557
- method=method,
11558
- query_string=query_string,
11559
- single_header=single_header,
11560
- single_query_argument=single_query_argument,
11561
- uri_path=uri_path
11562
- ),
11563
- size=123,
11564
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11565
- priority=123,
11566
- type="type"
11567
- )]
11568
- ),
11569
- sqli_match_statement=wafv2.CfnRuleGroup.SqliMatchStatementProperty(
11570
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
11571
- all_query_arguments=all_query_arguments,
11572
- body=wafv2.CfnRuleGroup.BodyProperty(
11573
- oversize_handling="oversizeHandling"
11574
- ),
11575
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
11576
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
11577
- all=all,
11578
- excluded_cookies=["excludedCookies"],
11579
- included_cookies=["includedCookies"]
11580
- ),
11581
- match_scope="matchScope",
11582
- oversize_handling="oversizeHandling"
11583
- ),
11584
- headers=wafv2.CfnRuleGroup.HeadersProperty(
11585
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
11586
- all=all,
11587
- excluded_headers=["excludedHeaders"],
11588
- included_headers=["includedHeaders"]
11589
- ),
11590
- match_scope="matchScope",
11591
- oversize_handling="oversizeHandling"
11592
- ),
11593
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
11594
- fallback_behavior="fallbackBehavior"
11595
- ),
11596
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
11597
- fallback_behavior="fallbackBehavior"
11598
- ),
11599
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
11600
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
11601
- all=all,
11602
- included_paths=["includedPaths"]
11603
- ),
11604
- match_scope="matchScope",
11605
-
11606
- # the properties below are optional
11607
- invalid_fallback_behavior="invalidFallbackBehavior",
11608
- oversize_handling="oversizeHandling"
11609
- ),
11610
- method=method,
11611
- query_string=query_string,
11612
- single_header=single_header,
11613
- single_query_argument=single_query_argument,
11614
- uri_path=uri_path
11615
- ),
11616
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11617
- priority=123,
11618
- type="type"
11619
- )],
11620
-
11621
- # the properties below are optional
11622
- sensitivity_level="sensitivityLevel"
11623
- ),
11624
- xss_match_statement=wafv2.CfnRuleGroup.XssMatchStatementProperty(
11625
- field_to_match=wafv2.CfnRuleGroup.FieldToMatchProperty(
11626
- all_query_arguments=all_query_arguments,
11627
- body=wafv2.CfnRuleGroup.BodyProperty(
11628
- oversize_handling="oversizeHandling"
11629
- ),
11630
- cookies=wafv2.CfnRuleGroup.CookiesProperty(
11631
- match_pattern=wafv2.CfnRuleGroup.CookieMatchPatternProperty(
11632
- all=all,
11633
- excluded_cookies=["excludedCookies"],
11634
- included_cookies=["includedCookies"]
11635
- ),
11636
- match_scope="matchScope",
11637
- oversize_handling="oversizeHandling"
11638
- ),
11639
- headers=wafv2.CfnRuleGroup.HeadersProperty(
11640
- match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
11641
- all=all,
11642
- excluded_headers=["excludedHeaders"],
11643
- included_headers=["includedHeaders"]
11644
- ),
11645
- match_scope="matchScope",
11646
- oversize_handling="oversizeHandling"
11647
- ),
11648
- ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
11649
- fallback_behavior="fallbackBehavior"
11650
- ),
11651
- ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
11652
- fallback_behavior="fallbackBehavior"
11653
- ),
11654
- json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
11655
- match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
11656
- all=all,
11657
- included_paths=["includedPaths"]
11658
- ),
11659
- match_scope="matchScope",
11660
-
11661
- # the properties below are optional
11662
- invalid_fallback_behavior="invalidFallbackBehavior",
11663
- oversize_handling="oversizeHandling"
11664
- ),
11665
- method=method,
11666
- query_string=query_string,
11667
- single_header=single_header,
11668
- single_query_argument=single_query_argument,
11669
- uri_path=uri_path
10808
+ headers=wafv2.CfnRuleGroup.HeadersProperty(
10809
+ match_pattern=wafv2.CfnRuleGroup.HeaderMatchPatternProperty(
10810
+ all=all,
10811
+ excluded_headers=["excludedHeaders"],
10812
+ included_headers=["includedHeaders"]
11670
10813
  ),
11671
- text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
11672
- priority=123,
11673
- type="type"
11674
- )]
11675
- )
11676
- ),
11677
- visibility_config=wafv2.CfnRuleGroup.VisibilityConfigProperty(
11678
- cloud_watch_metrics_enabled=False,
11679
- metric_name="metricName",
11680
- sampled_requests_enabled=False
11681
- ),
11682
-
11683
- # the properties below are optional
11684
- action=wafv2.CfnRuleGroup.RuleActionProperty(
11685
- allow=allow,
11686
- block=block,
11687
- captcha=captcha,
11688
- challenge=challenge,
11689
- count=count
11690
- ),
11691
- captcha_config=wafv2.CfnRuleGroup.CaptchaConfigProperty(
11692
- immunity_time_property=wafv2.CfnRuleGroup.ImmunityTimePropertyProperty(
11693
- immunity_time=123
11694
- )
11695
- ),
11696
- challenge_config=wafv2.CfnRuleGroup.ChallengeConfigProperty(
11697
- immunity_time_property=wafv2.CfnRuleGroup.ImmunityTimePropertyProperty(
11698
- immunity_time=123
11699
- )
10814
+ match_scope="matchScope",
10815
+ oversize_handling="oversizeHandling"
10816
+ ),
10817
+ ja3_fingerprint=wafv2.CfnRuleGroup.JA3FingerprintProperty(
10818
+ fallback_behavior="fallbackBehavior"
10819
+ ),
10820
+ ja4_fingerprint=wafv2.CfnRuleGroup.JA4FingerprintProperty(
10821
+ fallback_behavior="fallbackBehavior"
10822
+ ),
10823
+ json_body=wafv2.CfnRuleGroup.JsonBodyProperty(
10824
+ match_pattern=wafv2.CfnRuleGroup.JsonMatchPatternProperty(
10825
+ all=all,
10826
+ included_paths=["includedPaths"]
10827
+ ),
10828
+ match_scope="matchScope",
10829
+
10830
+ # the properties below are optional
10831
+ invalid_fallback_behavior="invalidFallbackBehavior",
10832
+ oversize_handling="oversizeHandling"
10833
+ ),
10834
+ method=method,
10835
+ query_string=query_string,
10836
+ single_header=single_header,
10837
+ single_query_argument=single_query_argument,
10838
+ uri_fragment=wafv2.CfnRuleGroup.UriFragmentProperty(
10839
+ fallback_behavior="fallbackBehavior"
10840
+ ),
10841
+ uri_path=uri_path
11700
10842
  ),
11701
- rule_labels=[wafv2.CfnRuleGroup.LabelProperty(
11702
- name="name"
10843
+ text_transformations=[wafv2.CfnRuleGroup.TextTransformationProperty(
10844
+ priority=123,
10845
+ type="type"
11703
10846
  )]
11704
- )],
11705
- tags=[CfnTag(
11706
- key="key",
11707
- value="value"
11708
- )]
10847
+ )
10848
+ '''
10849
+ if __debug__:
10850
+ type_hints = typing.get_type_hints(_typecheckingstub__e502ec1c8bc4096eb797b55f6c0a1f9c506e23db360770a855cc273d36ce4b4a)
10851
+ check_type(argname="argument field_to_match", value=field_to_match, expected_type=type_hints["field_to_match"])
10852
+ check_type(argname="argument text_transformations", value=text_transformations, expected_type=type_hints["text_transformations"])
10853
+ self._values: typing.Dict[builtins.str, typing.Any] = {
10854
+ "field_to_match": field_to_match,
10855
+ "text_transformations": text_transformations,
10856
+ }
10857
+
10858
+ @builtins.property
10859
+ def field_to_match(
10860
+ self,
10861
+ ) -> typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.FieldToMatchProperty"]:
10862
+ '''The part of the web request that you want AWS WAF to inspect.
10863
+
10864
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-xssmatchstatement.html#cfn-wafv2-rulegroup-xssmatchstatement-fieldtomatch
10865
+ '''
10866
+ result = self._values.get("field_to_match")
10867
+ assert result is not None, "Required property 'field_to_match' is missing"
10868
+ return typing.cast(typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.FieldToMatchProperty"], result)
10869
+
10870
+ @builtins.property
10871
+ def text_transformations(
10872
+ self,
10873
+ ) -> typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.TextTransformationProperty"]]]:
10874
+ '''Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.
10875
+
10876
+ If you specify one or more transformations in a rule statement, AWS WAF performs all transformations on the content of the request component identified by ``FieldToMatch`` , starting from the lowest priority setting, before inspecting the content for a match.
10877
+
10878
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-rulegroup-xssmatchstatement.html#cfn-wafv2-rulegroup-xssmatchstatement-texttransformations
10879
+ '''
10880
+ result = self._values.get("text_transformations")
10881
+ assert result is not None, "Required property 'text_transformations' is missing"
10882
+ return typing.cast(typing.Union[_IResolvable_da3f097b, typing.List[typing.Union[_IResolvable_da3f097b, "CfnRuleGroup.TextTransformationProperty"]]], result)
10883
+
10884
+ def __eq__(self, rhs: typing.Any) -> builtins.bool:
10885
+ return isinstance(rhs, self.__class__) and rhs._values == self._values
10886
+
10887
+ def __ne__(self, rhs: typing.Any) -> builtins.bool:
10888
+ return not (rhs == self)
10889
+
10890
+ def __repr__(self) -> str:
10891
+ return "XssMatchStatementProperty(%s)" % ", ".join(
10892
+ k + "=" + repr(v) for k, v in self._values.items()
11709
10893
  )
10894
+
10895
+
10896
+ @jsii.data_type(
10897
+ jsii_type="aws-cdk-lib.aws_wafv2.CfnRuleGroupProps",
10898
+ jsii_struct_bases=[],
10899
+ name_mapping={
10900
+ "capacity": "capacity",
10901
+ "scope": "scope",
10902
+ "visibility_config": "visibilityConfig",
10903
+ "available_labels": "availableLabels",
10904
+ "consumed_labels": "consumedLabels",
10905
+ "custom_response_bodies": "customResponseBodies",
10906
+ "description": "description",
10907
+ "name": "name",
10908
+ "rules": "rules",
10909
+ "tags": "tags",
10910
+ },
10911
+ )
10912
+ class CfnRuleGroupProps:
10913
+ def __init__(
10914
+ self,
10915
+ *,
10916
+ capacity: jsii.Number,
10917
+ scope: builtins.str,
10918
+ visibility_config: typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.VisibilityConfigProperty, typing.Dict[builtins.str, typing.Any]]],
10919
+ available_labels: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.LabelSummaryProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
10920
+ consumed_labels: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.LabelSummaryProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
10921
+ custom_response_bodies: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Mapping[builtins.str, typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.CustomResponseBodyProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
10922
+ description: typing.Optional[builtins.str] = None,
10923
+ name: typing.Optional[builtins.str] = None,
10924
+ rules: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Sequence[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.RuleProperty, typing.Dict[builtins.str, typing.Any]]]]]] = None,
10925
+ tags: typing.Optional[typing.Sequence[typing.Union[_CfnTag_f6864754, typing.Dict[builtins.str, typing.Any]]]] = None,
10926
+ ) -> None:
10927
+ '''Properties for defining a ``CfnRuleGroup``.
10928
+
10929
+ :param capacity: The web ACL capacity units (WCUs) required for this rule group. When you create your own rule group, you define this, and you cannot change it after creation. When you add or modify the rules in a rule group, AWS WAF enforces this limit. AWS WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. AWS WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. The WCU limit for web ACLs is 1,500.
10930
+ :param scope: Specifies whether this is for an Amazon CloudFront distribution or for a regional application. For an AWS Amplify application, use ``CLOUDFRONT`` . A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance. Valid Values are ``CLOUDFRONT`` and ``REGIONAL`` . .. epigraph:: For ``CLOUDFRONT`` , you must create your WAFv2 resources in the US East (N. Virginia) Region, ``us-east-1`` .
10931
+ :param visibility_config: Defines and enables Amazon CloudWatch metrics and web request sample collection.
10932
+ :param available_labels: The labels that one or more rules in this rule group add to matching web requests. These labels are defined in the ``RuleLabels`` for a ``Rule`` .
10933
+ :param consumed_labels: The labels that one or more rules in this rule group match against in label match statements. These labels are defined in a ``LabelMatchStatement`` specification, in the ``Statement`` definition of a rule.
10934
+ :param custom_response_bodies: A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the rule group, and then use them in the rules that you define in the rule group. For information about customizing web requests and responses, see `Customizing web requests and responses in AWS WAF <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html>`_ in the *AWS WAF Developer Guide* . For information about the limits on count and size for custom request and response settings, see `AWS WAF quotas <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html>`_ in the *AWS WAF Developer Guide* .
10935
+ :param description: A description of the rule group that helps with identification.
10936
+ :param name: The name of the rule group. You cannot change the name of a rule group after you create it.
10937
+ :param rules: The rule statements used to identify the web requests that you want to allow, block, or count. Each rule includes one top-level statement that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.
10938
+ :param tags: Key:value pairs associated with an AWS resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as "environment") and the tag value represents a specific value within that category (such as "test," "development," or "production"). You can add up to 50 tags to each AWS resource. .. epigraph:: To modify tags on existing resources, use the AWS WAF APIs or command line interface. With AWS CloudFormation , you can only add tags to AWS WAF resources during resource creation.
10939
+
10940
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-rulegroup.html
10941
+ :exampleMetadata: fixture=_generated
10942
+
10943
+ Example::
10944
+
10945
+
11710
10946
  '''
11711
10947
  if __debug__:
11712
10948
  type_hints = typing.get_type_hints(_typecheckingstub__c8dfa44d9c30297c12ad00bd34bbd4b85ea5438f4127e7e97226c16565c6ef5b)
@@ -11758,7 +10994,7 @@ class CfnRuleGroupProps:
11758
10994
  def scope(self) -> builtins.str:
11759
10995
  '''Specifies whether this is for an Amazon CloudFront distribution or for a regional application.
11760
10996
 
11761
- A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance. Valid Values are ``CLOUDFRONT`` and ``REGIONAL`` .
10997
+ For an AWS Amplify application, use ``CLOUDFRONT`` . A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance. Valid Values are ``CLOUDFRONT`` and ``REGIONAL`` .
11762
10998
  .. epigraph::
11763
10999
 
11764
11000
  For ``CLOUDFRONT`` , you must create your WAFv2 resources in the US East (N. Virginia) Region, ``us-east-1`` .
@@ -11899,7 +11135,7 @@ class CfnWebACL(
11899
11135
 
11900
11136
  The rules in a web ACL can be a combination of explicitly defined rules and rule groups that you reference from the web ACL. The rule groups can be rule groups that you manage or rule groups that are managed by others.
11901
11137
 
11902
- You can associate a web ACL with one or more AWS resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer , an AWS AppSync GraphQL API , an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance.
11138
+ You can associate a web ACL with one or more AWS resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer , an AWS AppSync GraphQL API , an Amazon Cognito user pool, an AWS App Runner service, an AWS Amplify application, or an AWS Verified Access instance.
11903
11139
 
11904
11140
  For more information, see `Web access control lists (web ACLs) <https://docs.aws.amazon.com/waf/latest/developerguide/web-acl.html>`_ in the *AWS WAF developer guide* .
11905
11141
 
@@ -11945,7 +11181,7 @@ class CfnWebACL(
11945
11181
  :param scope_: Scope in which this resource is defined.
11946
11182
  :param id: Construct identifier for this resource (unique in its scope).
11947
11183
  :param default_action: The action to perform if none of the ``Rules`` contained in the ``WebACL`` match.
11948
- :param scope: Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance. Valid Values are ``CLOUDFRONT`` and ``REGIONAL`` . .. epigraph:: For ``CLOUDFRONT`` , you must create your WAFv2 resources in the US East (N. Virginia) Region, ``us-east-1`` . For information about how to define the association of the web ACL with your resource, see ``WebACLAssociation`` .
11184
+ :param scope: Specifies whether this is for an Amazon CloudFront distribution or for a regional application. For an AWS Amplify application, use ``CLOUDFRONT`` . A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance. Valid Values are ``CLOUDFRONT`` and ``REGIONAL`` . .. epigraph:: For ``CLOUDFRONT`` , you must create your WAFv2 resources in the US East (N. Virginia) Region, ``us-east-1`` . For information about how to define the association of the web ACL with your resource, see ``WebACLAssociation`` .
11949
11185
  :param visibility_config: Defines and enables Amazon CloudWatch metrics and web request sample collection.
11950
11186
  :param association_config: Specifies custom configurations for the associations between the web ACL and protected resources. Use this to customize the maximum size of the request body that your protected resources forward to AWS WAF for inspection. You can customize this setting for CloudFront, API Gateway, Amazon Cognito, App Runner, or Verified Access resources. The default setting is 16 KB (16,384 bytes). .. epigraph:: You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see `AWS WAF Pricing <https://docs.aws.amazon.com/waf/pricing/>`_ . For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
11951
11187
  :param captcha_config: Specifies how AWS WAF should handle ``CAPTCHA`` evaluations for rules that don't have their own ``CaptchaConfig`` settings. If you don't specify this, AWS WAF uses its default settings for ``CaptchaConfig`` .
@@ -12987,7 +12223,7 @@ class CfnWebACL(
12987
12223
 
12988
12224
  This is used to indicate the web request component to inspect, in the ``FieldToMatch`` specification.
12989
12225
 
12990
- :param oversize_handling: What AWS WAF should do if the body is larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. The options for oversize handling are the following: - ``CONTINUE`` - Inspect the available body contents normally, according to the rule inspection criteria. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. You can combine the ``MATCH`` or ``NO_MATCH`` settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit. Default: ``CONTINUE``
12226
+ :param oversize_handling: What AWS WAF should do if the body is larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. - For AWS Amplify , use the CloudFront limit. The options for oversize handling are the following: - ``CONTINUE`` - Inspect the available body contents normally, according to the rule inspection criteria. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. You can combine the ``MATCH`` or ``NO_MATCH`` settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit. Default: ``CONTINUE``
12991
12227
 
12992
12228
  :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-body.html
12993
12229
  :exampleMetadata: fixture=_generated
@@ -13017,6 +12253,7 @@ class CfnWebACL(
13017
12253
 
13018
12254
  - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
13019
12255
  - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees.
12256
+ - For AWS Amplify , use the CloudFront limit.
13020
12257
 
13021
12258
  The options for oversize handling are the following:
13022
12259
 
@@ -13137,6 +12374,9 @@ class CfnWebACL(
13137
12374
  query_string=query_string,
13138
12375
  single_header=single_header,
13139
12376
  single_query_argument=single_query_argument,
12377
+ uri_fragment=wafv2.CfnWebACL.UriFragmentProperty(
12378
+ fallback_behavior="fallbackBehavior"
12379
+ ),
13140
12380
  uri_path=uri_path
13141
12381
  ),
13142
12382
  positional_constraint="positionalConstraint",
@@ -14572,6 +13812,7 @@ class CfnWebACL(
14572
13812
  "query_string": "queryString",
14573
13813
  "single_header": "singleHeader",
14574
13814
  "single_query_argument": "singleQueryArgument",
13815
+ "uri_fragment": "uriFragment",
14575
13816
  "uri_path": "uriPath",
14576
13817
  },
14577
13818
  )
@@ -14590,6 +13831,7 @@ class CfnWebACL(
14590
13831
  query_string: typing.Any = None,
14591
13832
  single_header: typing.Any = None,
14592
13833
  single_query_argument: typing.Any = None,
13834
+ uri_fragment: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union["CfnWebACL.UriFragmentProperty", typing.Dict[builtins.str, typing.Any]]]] = None,
14593
13835
  uri_path: typing.Any = None,
14594
13836
  ) -> None:
14595
13837
  '''Specifies a web request component to be used in a rule match statement or in a logging configuration.
@@ -14610,16 +13852,17 @@ class CfnWebACL(
14610
13852
  - If you have request sampling enabled, the redacted fields configuration for logging has no impact on sampling. You can only exclude fields from request sampling by disabling sampling in the web ACL visibility configuration or by configuring data protection for the web ACL.
14611
13853
 
14612
13854
  :param all_query_arguments: Inspect all query arguments.
14613
- :param body: Inspect the request body as plain text. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. For information about how to handle oversized request bodies, see the ``Body`` object configuration.
13855
+ :param body: Inspect the request body as plain text. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. - For AWS Amplify , use the CloudFront limit. For information about how to handle oversized request bodies, see the ``Body`` object configuration.
14614
13856
  :param cookies: Inspect the request cookies. You must configure scope and pattern matching filters in the ``Cookies`` object, to define the set of cookies and the parts of the cookies that AWS WAF inspects. Only the first 8 KB (8192 bytes) of a request's cookies and only the first 200 cookies are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize cookie content in the ``Cookies`` object. AWS WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.
14615
13857
  :param headers: Inspect the request headers. You must configure scope and pattern matching filters in the ``Headers`` object, to define the set of headers to and the parts of the headers that AWS WAF inspects. Only the first 8 KB (8192 bytes) of a request's headers and only the first 200 headers are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize header content in the ``Headers`` object. AWS WAF applies the pattern matching filters to the headers that it receives from the underlying host service.
14616
13858
  :param ja3_fingerprint: Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information. .. epigraph:: You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` . You can obtain the JA3 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* . Provide the JA3 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
14617
13859
  :param ja4_fingerprint: Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA4 fingerprint. The JA4 fingerprint is a 36-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. AWS WAF calculates and logs this fingerprint for each request that has enough TLS Client Hello information for the calculation. Almost all web requests include this information. .. epigraph:: You can use this choice only with a string match ``ByteMatchStatement`` with the ``PositionalConstraint`` set to ``EXACTLY`` . You can obtain the JA4 fingerprint for client requests from the web ACL logs. If AWS WAF is able to calculate the fingerprint, it includes it in the logs. For information about the logging fields, see `Log fields <https://docs.aws.amazon.com/waf/latest/developerguide/logging-fields.html>`_ in the *AWS WAF Developer Guide* . Provide the JA4 fingerprint string from the logs in your string match statement specification, to match with any future requests that have the same TLS configuration.
14618
- :param json_body: Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. For information about how to handle oversized request bodies, see the ``JsonBody`` object configuration.
13860
+ :param json_body: Inspect the request body as JSON. The request body immediately follows the request headers. This is the part of a request that contains any additional data that you want to send to your web server as the HTTP request body, such as data from a form. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. - For AWS Amplify , use the CloudFront limit. For information about how to handle oversized request bodies, see the ``JsonBody`` object configuration.
14619
13861
  :param method: Inspect the HTTP method. The method indicates the type of operation that the request is asking the origin to perform.
14620
13862
  :param query_string: Inspect the query string. This is the part of a URL that appears after a ``?`` character, if any.
14621
13863
  :param single_header: Inspect a single header. Provide the name of the header to inspect, for example, ``User-Agent`` or ``Referer`` . This setting isn't case sensitive. Example JSON: ``"SingleHeader": { "Name": "haystack" }`` Alternately, you can filter and inspect all headers with the ``Headers`` ``FieldToMatch`` setting.
14622
13864
  :param single_query_argument: Inspect a single query argument. Provide the name of the query argument to inspect, such as *UserName* or *SalesRegion* . The name can be up to 30 characters long and isn't case sensitive. Example JSON: ``"SingleQueryArgument": { "Name": "myArgument" }``
13865
+ :param uri_fragment: Inspect fragments of the request URI. You must configure scope and pattern matching filters in the ``UriFragment`` object, to define the fragment of a URI that AWS WAF inspects. Only the first 8 KB (8192 bytes) of a request's URI fragments and only the first 200 URI fragments are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize URI fragment content in the ``UriFragment`` object. AWS WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.
14623
13866
  :param uri_path: Inspect the request URI path. This is the part of the web request that identifies a resource, for example, ``/images/daily-ad.jpg`` .
14624
13867
 
14625
13868
  :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html
@@ -14683,6 +13926,9 @@ class CfnWebACL(
14683
13926
  query_string=query_string,
14684
13927
  single_header=single_header,
14685
13928
  single_query_argument=single_query_argument,
13929
+ uri_fragment=wafv2.CfnWebACL.UriFragmentProperty(
13930
+ fallback_behavior="fallbackBehavior"
13931
+ ),
14686
13932
  uri_path=uri_path
14687
13933
  )
14688
13934
  '''
@@ -14699,6 +13945,7 @@ class CfnWebACL(
14699
13945
  check_type(argname="argument query_string", value=query_string, expected_type=type_hints["query_string"])
14700
13946
  check_type(argname="argument single_header", value=single_header, expected_type=type_hints["single_header"])
14701
13947
  check_type(argname="argument single_query_argument", value=single_query_argument, expected_type=type_hints["single_query_argument"])
13948
+ check_type(argname="argument uri_fragment", value=uri_fragment, expected_type=type_hints["uri_fragment"])
14702
13949
  check_type(argname="argument uri_path", value=uri_path, expected_type=type_hints["uri_path"])
14703
13950
  self._values: typing.Dict[builtins.str, typing.Any] = {}
14704
13951
  if all_query_arguments is not None:
@@ -14723,6 +13970,8 @@ class CfnWebACL(
14723
13970
  self._values["single_header"] = single_header
14724
13971
  if single_query_argument is not None:
14725
13972
  self._values["single_query_argument"] = single_query_argument
13973
+ if uri_fragment is not None:
13974
+ self._values["uri_fragment"] = uri_fragment
14726
13975
  if uri_path is not None:
14727
13976
  self._values["uri_path"] = uri_path
14728
13977
 
@@ -14747,6 +13996,7 @@ class CfnWebACL(
14747
13996
 
14748
13997
  - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
14749
13998
  - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees.
13999
+ - For AWS Amplify , use the CloudFront limit.
14750
14000
 
14751
14001
  For information about how to handle oversized request bodies, see the ``Body`` object configuration.
14752
14002
 
@@ -14837,6 +14087,7 @@ class CfnWebACL(
14837
14087
 
14838
14088
  - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
14839
14089
  - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees.
14090
+ - For AWS Amplify , use the CloudFront limit.
14840
14091
 
14841
14092
  For information about how to handle oversized request bodies, see the ``JsonBody`` object configuration.
14842
14093
 
@@ -14895,6 +14146,21 @@ class CfnWebACL(
14895
14146
  result = self._values.get("single_query_argument")
14896
14147
  return typing.cast(typing.Any, result)
14897
14148
 
14149
+ @builtins.property
14150
+ def uri_fragment(
14151
+ self,
14152
+ ) -> typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWebACL.UriFragmentProperty"]]:
14153
+ '''Inspect fragments of the request URI.
14154
+
14155
+ You must configure scope and pattern matching filters in the ``UriFragment`` object, to define the fragment of a URI that AWS WAF inspects.
14156
+
14157
+ Only the first 8 KB (8192 bytes) of a request's URI fragments and only the first 200 URI fragments are forwarded to AWS WAF for inspection by the underlying host service. You must configure how to handle any oversize URI fragment content in the ``UriFragment`` object. AWS WAF applies the pattern matching filters to the cookies that it receives from the underlying host service.
14158
+
14159
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-fieldtomatch.html#cfn-wafv2-webacl-fieldtomatch-urifragment
14160
+ '''
14161
+ result = self._values.get("uri_fragment")
14162
+ return typing.cast(typing.Optional[typing.Union[_IResolvable_da3f097b, "CfnWebACL.UriFragmentProperty"]], result)
14163
+
14898
14164
  @builtins.property
14899
14165
  def uri_path(self) -> typing.Any:
14900
14166
  '''Inspect the request URI path.
@@ -15838,7 +15104,7 @@ class CfnWebACL(
15838
15104
  :param match_pattern: The patterns to look for in the JSON body. AWS WAF inspects the results of these pattern matches against the rule inspection criteria.
15839
15105
  :param match_scope: The parts of the JSON to match against using the ``MatchPattern`` . If you specify ``ALL`` , AWS WAF matches against keys and values. ``All`` does not require a match to be found in the keys and a match to be found in the values. It requires a match to be found in the keys or the values or both. To require a match in the keys and in the values, use a logical ``AND`` statement to combine two match rules, one that inspects the keys and another that inspects the values.
15840
15106
  :param invalid_fallback_behavior: What AWS WAF should do if it fails to completely parse the JSON body. The options are the following:. - ``EVALUATE_AS_STRING`` - Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters. .. epigraph:: AWS WAF parsing doesn't fully validate the input JSON string, so parsing can succeed even for invalid JSON. When parsing succeeds, AWS WAF doesn't apply the fallback behavior. For more information, see `JSON body <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body>`_ in the *AWS WAF Developer Guide* .
15841
- :param oversize_handling: What AWS WAF should do if the body is larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. The options for oversize handling are the following: - ``CONTINUE`` - Inspect the available body contents normally, according to the rule inspection criteria. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. You can combine the ``MATCH`` or ``NO_MATCH`` settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit. Default: ``CONTINUE``
15107
+ :param oversize_handling: What AWS WAF should do if the body is larger than AWS WAF can inspect. AWS WAF does not support inspecting the entire contents of the web request body if the body exceeds the limit for the resource type. When a web request body is larger than the limit, the underlying host service only forwards the contents that are within the limit to AWS WAF for inspection. - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes). - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees. - For AWS Amplify , use the CloudFront limit. The options for oversize handling are the following: - ``CONTINUE`` - Inspect the available body contents normally, according to the rule inspection criteria. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. You can combine the ``MATCH`` or ``NO_MATCH`` settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit. Default: ``CONTINUE``
15842
15108
 
15843
15109
  :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-jsonbody.html
15844
15110
  :exampleMetadata: fixture=_generated
@@ -15932,6 +15198,7 @@ class CfnWebACL(
15932
15198
 
15933
15199
  - For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
15934
15200
  - For CloudFront, API Gateway, Amazon Cognito, App Runner, and Verified Access, the default limit is 16 KB (16,384 bytes), and you can increase the limit for each resource type in the web ACL ``AssociationConfig`` , for additional processing fees.
15201
+ - For AWS Amplify , use the CloudFront limit.
15935
15202
 
15936
15203
  The options for oversize handling are the following:
15937
15204
 
@@ -17983,6 +17250,9 @@ class CfnWebACL(
17983
17250
  query_string=query_string,
17984
17251
  single_header=single_header,
17985
17252
  single_query_argument=single_query_argument,
17253
+ uri_fragment=wafv2.CfnWebACL.UriFragmentProperty(
17254
+ fallback_behavior="fallbackBehavior"
17255
+ ),
17986
17256
  uri_path=uri_path
17987
17257
  ),
17988
17258
  regex_string="regexString",
@@ -18140,6 +17410,9 @@ class CfnWebACL(
18140
17410
  query_string=query_string,
18141
17411
  single_header=single_header,
18142
17412
  single_query_argument=single_query_argument,
17413
+ uri_fragment=wafv2.CfnWebACL.UriFragmentProperty(
17414
+ fallback_behavior="fallbackBehavior"
17415
+ ),
18143
17416
  uri_path=uri_path
18144
17417
  ),
18145
17418
  text_transformations=[wafv2.CfnWebACL.TextTransformationProperty(
@@ -20055,6 +19328,9 @@ class CfnWebACL(
20055
19328
  query_string=query_string,
20056
19329
  single_header=single_header,
20057
19330
  single_query_argument=single_query_argument,
19331
+ uri_fragment=wafv2.CfnWebACL.UriFragmentProperty(
19332
+ fallback_behavior="fallbackBehavior"
19333
+ ),
20058
19334
  uri_path=uri_path
20059
19335
  ),
20060
19336
  size=123,
@@ -20221,6 +19497,9 @@ class CfnWebACL(
20221
19497
  query_string=query_string,
20222
19498
  single_header=single_header,
20223
19499
  single_query_argument=single_query_argument,
19500
+ uri_fragment=wafv2.CfnWebACL.UriFragmentProperty(
19501
+ fallback_behavior="fallbackBehavior"
19502
+ ),
20224
19503
  uri_path=uri_path
20225
19504
  ),
20226
19505
  text_transformations=[wafv2.CfnWebACL.TextTransformationProperty(
@@ -20748,6 +20027,78 @@ class CfnWebACL(
20748
20027
  k + "=" + repr(v) for k, v in self._values.items()
20749
20028
  )
20750
20029
 
20030
+ @jsii.data_type(
20031
+ jsii_type="aws-cdk-lib.aws_wafv2.CfnWebACL.UriFragmentProperty",
20032
+ jsii_struct_bases=[],
20033
+ name_mapping={"fallback_behavior": "fallbackBehavior"},
20034
+ )
20035
+ class UriFragmentProperty:
20036
+ def __init__(
20037
+ self,
20038
+ *,
20039
+ fallback_behavior: typing.Optional[builtins.str] = None,
20040
+ ) -> None:
20041
+ '''Inspect fragments of the request URI.
20042
+
20043
+ You can specify the parts of the URI fragment to inspect and you can narrow the set of URI fragments to inspect by including or excluding specific keys.
20044
+
20045
+ This is used to indicate the web request component to inspect, in the ``FieldToMatch`` specification.
20046
+
20047
+ Example JSON: ``"UriFragment": { "MatchPattern": { "All": {} }, "MatchScope": "KEY", "OversizeHandling": "MATCH" }``
20048
+
20049
+ :param fallback_behavior: What AWS WAF should do if it fails to completely parse the JSON body. The options are the following:. - ``EVALUATE_AS_STRING`` - Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string. - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. - ``NO_MATCH`` - Treat the web request as not matching the rule statement. If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters. Example JSON: ``{ "UriFragment": { "FallbackBehavior": "MATCH"} }`` .. epigraph:: AWS WAF parsing doesn't fully validate the input JSON string, so parsing can succeed even for invalid JSON. When parsing succeeds, AWS WAF doesn't apply the fallback behavior. For more information, see `JSON body <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body>`_ in the *AWS WAF Developer Guide* .
20050
+
20051
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-urifragment.html
20052
+ :exampleMetadata: fixture=_generated
20053
+
20054
+ Example::
20055
+
20056
+ # The code below shows an example of how to instantiate this type.
20057
+ # The values are placeholders you should change.
20058
+ from aws_cdk import aws_wafv2 as wafv2
20059
+
20060
+ uri_fragment_property = wafv2.CfnWebACL.UriFragmentProperty(
20061
+ fallback_behavior="fallbackBehavior"
20062
+ )
20063
+ '''
20064
+ if __debug__:
20065
+ type_hints = typing.get_type_hints(_typecheckingstub__ff710cae8471ff92b17239c2eddf3d9fc58fc160b82b4603e07b06b6dc3a6dd1)
20066
+ check_type(argname="argument fallback_behavior", value=fallback_behavior, expected_type=type_hints["fallback_behavior"])
20067
+ self._values: typing.Dict[builtins.str, typing.Any] = {}
20068
+ if fallback_behavior is not None:
20069
+ self._values["fallback_behavior"] = fallback_behavior
20070
+
20071
+ @builtins.property
20072
+ def fallback_behavior(self) -> typing.Optional[builtins.str]:
20073
+ '''What AWS WAF should do if it fails to completely parse the JSON body. The options are the following:.
20074
+
20075
+ - ``EVALUATE_AS_STRING`` - Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string.
20076
+ - ``MATCH`` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request.
20077
+ - ``NO_MATCH`` - Treat the web request as not matching the rule statement.
20078
+
20079
+ If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters.
20080
+
20081
+ Example JSON: ``{ "UriFragment": { "FallbackBehavior": "MATCH"} }``
20082
+ .. epigraph::
20083
+
20084
+ AWS WAF parsing doesn't fully validate the input JSON string, so parsing can succeed even for invalid JSON. When parsing succeeds, AWS WAF doesn't apply the fallback behavior. For more information, see `JSON body <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body>`_ in the *AWS WAF Developer Guide* .
20085
+
20086
+ :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-urifragment.html#cfn-wafv2-webacl-urifragment-fallbackbehavior
20087
+ '''
20088
+ result = self._values.get("fallback_behavior")
20089
+ return typing.cast(typing.Optional[builtins.str], result)
20090
+
20091
+ def __eq__(self, rhs: typing.Any) -> builtins.bool:
20092
+ return isinstance(rhs, self.__class__) and rhs._values == self._values
20093
+
20094
+ def __ne__(self, rhs: typing.Any) -> builtins.bool:
20095
+ return not (rhs == self)
20096
+
20097
+ def __repr__(self) -> str:
20098
+ return "UriFragmentProperty(%s)" % ", ".join(
20099
+ k + "=" + repr(v) for k, v in self._values.items()
20100
+ )
20101
+
20751
20102
  @jsii.data_type(
20752
20103
  jsii_type="aws-cdk-lib.aws_wafv2.CfnWebACL.VisibilityConfigProperty",
20753
20104
  jsii_struct_bases=[],
@@ -20940,6 +20291,9 @@ class CfnWebACL(
20940
20291
  query_string=query_string,
20941
20292
  single_header=single_header,
20942
20293
  single_query_argument=single_query_argument,
20294
+ uri_fragment=wafv2.CfnWebACL.UriFragmentProperty(
20295
+ fallback_behavior="fallbackBehavior"
20296
+ ),
20943
20297
  uri_path=uri_path
20944
20298
  ),
20945
20299
  text_transformations=[wafv2.CfnWebACL.TextTransformationProperty(
@@ -21007,7 +20361,7 @@ class CfnWebACLAssociation(
21007
20361
 
21008
20362
  For information, including how to migrate your AWS WAF resources from the prior release, see the `AWS WAF developer guide <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html>`_ .
21009
20363
 
21010
- Use a web ACL association to define an association between a web ACL and a regional application resource, to protect the resource. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance.
20364
+ Use a web ACL association to define an association between a web ACL and a regional application resource, to protect the resource. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, an AWS Amplify application, or an AWS Verified Access instance.
21011
20365
 
21012
20366
  For Amazon CloudFront , don't use this resource. Instead, use your CloudFront distribution configuration. To associate a web ACL with a distribution, provide the Amazon Resource Name (ARN) of the ``WebACL`` to your CloudFront distribution configuration. To disassociate a web ACL, provide an empty ARN. For information, see `AWS::CloudFront::Distribution <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudfront-distribution.html>`_ .
21013
20367
 
@@ -21054,7 +20408,7 @@ class CfnWebACLAssociation(
21054
20408
  '''
21055
20409
  :param scope: Scope in which this resource is defined.
21056
20410
  :param id: Construct identifier for this resource (unique in its scope).
21057
- :param resource_arn: The Amazon Resource Name (ARN) of the resource to associate with the web ACL. The ARN must be in one of the following formats: - For an Application Load Balancer: ``arn: *partition* :elasticloadbalancing: *region* : *account-id* :loadbalancer/app/ *load-balancer-name* / *load-balancer-id*`` - For an Amazon API Gateway REST API: ``arn: *partition* :apigateway: *region* ::/restapis/ *api-id* /stages/ *stage-name*`` - For an AWS AppSync GraphQL API: ``arn: *partition* :appsync: *region* : *account-id* :apis/ *GraphQLApiId*`` - For an Amazon Cognito user pool: ``arn: *partition* :cognito-idp: *region* : *account-id* :userpool/ *user-pool-id*`` - For an AWS App Runner service: ``arn: *partition* :apprunner: *region* : *account-id* :service/ *apprunner-service-name* / *apprunner-service-id*`` - For an AWS Verified Access instance: ``arn: *partition* :ec2: *region* : *account-id* :verified-access-instance/ *instance-id*``
20411
+ :param resource_arn: The Amazon Resource Name (ARN) of the resource to associate with the web ACL. The ARN must be in one of the following formats: - For an Application Load Balancer: ``arn: *partition* :elasticloadbalancing: *region* : *account-id* :loadbalancer/app/ *load-balancer-name* / *load-balancer-id*`` - For an Amazon API Gateway REST API: ``arn: *partition* :apigateway: *region* ::/restapis/ *api-id* /stages/ *stage-name*`` - For an AWS AppSync GraphQL API: ``arn: *partition* :appsync: *region* : *account-id* :apis/ *GraphQLApiId*`` - For an Amazon Cognito user pool: ``arn: *partition* :cognito-idp: *region* : *account-id* :userpool/ *user-pool-id*`` - For an AWS App Runner service: ``arn: *partition* :apprunner: *region* : *account-id* :service/ *apprunner-service-name* / *apprunner-service-id*`` - For an AWS Verified Access instance: ``arn: *partition* :ec2: *region* : *account-id* :verified-access-instance/ *instance-id*`` - For an AWS Amplify instance: ``arn: *partition* :amplify: *region* : *account-id* :apps/ *app-id*``
21058
20412
  :param web_acl_arn: The Amazon Resource Name (ARN) of the web ACL that you want to associate with the resource.
21059
20413
  '''
21060
20414
  if __debug__:
@@ -21143,7 +20497,7 @@ class CfnWebACLAssociationProps:
21143
20497
  ) -> None:
21144
20498
  '''Properties for defining a ``CfnWebACLAssociation``.
21145
20499
 
21146
- :param resource_arn: The Amazon Resource Name (ARN) of the resource to associate with the web ACL. The ARN must be in one of the following formats: - For an Application Load Balancer: ``arn: *partition* :elasticloadbalancing: *region* : *account-id* :loadbalancer/app/ *load-balancer-name* / *load-balancer-id*`` - For an Amazon API Gateway REST API: ``arn: *partition* :apigateway: *region* ::/restapis/ *api-id* /stages/ *stage-name*`` - For an AWS AppSync GraphQL API: ``arn: *partition* :appsync: *region* : *account-id* :apis/ *GraphQLApiId*`` - For an Amazon Cognito user pool: ``arn: *partition* :cognito-idp: *region* : *account-id* :userpool/ *user-pool-id*`` - For an AWS App Runner service: ``arn: *partition* :apprunner: *region* : *account-id* :service/ *apprunner-service-name* / *apprunner-service-id*`` - For an AWS Verified Access instance: ``arn: *partition* :ec2: *region* : *account-id* :verified-access-instance/ *instance-id*``
20500
+ :param resource_arn: The Amazon Resource Name (ARN) of the resource to associate with the web ACL. The ARN must be in one of the following formats: - For an Application Load Balancer: ``arn: *partition* :elasticloadbalancing: *region* : *account-id* :loadbalancer/app/ *load-balancer-name* / *load-balancer-id*`` - For an Amazon API Gateway REST API: ``arn: *partition* :apigateway: *region* ::/restapis/ *api-id* /stages/ *stage-name*`` - For an AWS AppSync GraphQL API: ``arn: *partition* :appsync: *region* : *account-id* :apis/ *GraphQLApiId*`` - For an Amazon Cognito user pool: ``arn: *partition* :cognito-idp: *region* : *account-id* :userpool/ *user-pool-id*`` - For an AWS App Runner service: ``arn: *partition* :apprunner: *region* : *account-id* :service/ *apprunner-service-name* / *apprunner-service-id*`` - For an AWS Verified Access instance: ``arn: *partition* :ec2: *region* : *account-id* :verified-access-instance/ *instance-id*`` - For an AWS Amplify instance: ``arn: *partition* :amplify: *region* : *account-id* :apps/ *app-id*``
21147
20501
  :param web_acl_arn: The Amazon Resource Name (ARN) of the web ACL that you want to associate with the resource.
21148
20502
 
21149
20503
  :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webaclassociation.html
@@ -21182,6 +20536,7 @@ class CfnWebACLAssociationProps:
21182
20536
  - For an Amazon Cognito user pool: ``arn: *partition* :cognito-idp: *region* : *account-id* :userpool/ *user-pool-id*``
21183
20537
  - For an AWS App Runner service: ``arn: *partition* :apprunner: *region* : *account-id* :service/ *apprunner-service-name* / *apprunner-service-id*``
21184
20538
  - For an AWS Verified Access instance: ``arn: *partition* :ec2: *region* : *account-id* :verified-access-instance/ *instance-id*``
20539
+ - For an AWS Amplify instance: ``arn: *partition* :amplify: *region* : *account-id* :apps/ *app-id*``
21185
20540
 
21186
20541
  :see: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-wafv2-webaclassociation.html#cfn-wafv2-webaclassociation-resourcearn
21187
20542
  '''
@@ -21251,7 +20606,7 @@ class CfnWebACLProps:
21251
20606
  '''Properties for defining a ``CfnWebACL``.
21252
20607
 
21253
20608
  :param default_action: The action to perform if none of the ``Rules`` contained in the ``WebACL`` match.
21254
- :param scope: Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance. Valid Values are ``CLOUDFRONT`` and ``REGIONAL`` . .. epigraph:: For ``CLOUDFRONT`` , you must create your WAFv2 resources in the US East (N. Virginia) Region, ``us-east-1`` . For information about how to define the association of the web ACL with your resource, see ``WebACLAssociation`` .
20609
+ :param scope: Specifies whether this is for an Amazon CloudFront distribution or for a regional application. For an AWS Amplify application, use ``CLOUDFRONT`` . A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance. Valid Values are ``CLOUDFRONT`` and ``REGIONAL`` . .. epigraph:: For ``CLOUDFRONT`` , you must create your WAFv2 resources in the US East (N. Virginia) Region, ``us-east-1`` . For information about how to define the association of the web ACL with your resource, see ``WebACLAssociation`` .
21255
20610
  :param visibility_config: Defines and enables Amazon CloudWatch metrics and web request sample collection.
21256
20611
  :param association_config: Specifies custom configurations for the associations between the web ACL and protected resources. Use this to customize the maximum size of the request body that your protected resources forward to AWS WAF for inspection. You can customize this setting for CloudFront, API Gateway, Amazon Cognito, App Runner, or Verified Access resources. The default setting is 16 KB (16,384 bytes). .. epigraph:: You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see `AWS WAF Pricing <https://docs.aws.amazon.com/waf/pricing/>`_ . For Application Load Balancer and AWS AppSync , the limit is fixed at 8 KB (8,192 bytes).
21257
20612
  :param captcha_config: Specifies how AWS WAF should handle ``CAPTCHA`` evaluations for rules that don't have their own ``CaptchaConfig`` settings. If you don't specify this, AWS WAF uses its default settings for ``CaptchaConfig`` .
@@ -21328,7 +20683,7 @@ class CfnWebACLProps:
21328
20683
  def scope(self) -> builtins.str:
21329
20684
  '''Specifies whether this is for an Amazon CloudFront distribution or for a regional application.
21330
20685
 
21331
- A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance. Valid Values are ``CLOUDFRONT`` and ``REGIONAL`` .
20686
+ For an AWS Amplify application, use ``CLOUDFRONT`` . A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AWS AppSync GraphQL API, an Amazon Cognito user pool, an AWS App Runner service, or an AWS Verified Access instance. Valid Values are ``CLOUDFRONT`` and ``REGIONAL`` .
21332
20687
  .. epigraph::
21333
20688
 
21334
20689
  For ``CLOUDFRONT`` , you must create your WAFv2 resources in the US East (N. Virginia) Region, ``us-east-1`` .
@@ -22015,6 +21370,7 @@ def _typecheckingstub__dcb790c3130e52c64e6b7cf00db86b37d1b54427689c46b6c9e6a7122
22015
21370
  query_string: typing.Any = None,
22016
21371
  single_header: typing.Any = None,
22017
21372
  single_query_argument: typing.Any = None,
21373
+ uri_fragment: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnRuleGroup.UriFragmentProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
22018
21374
  uri_path: typing.Any = None,
22019
21375
  ) -> None:
22020
21376
  """Type checking stubs"""
@@ -22337,6 +21693,13 @@ def _typecheckingstub__cbdf04ef9e923368f792f61fdb73e804a219fcd9c66ffb20e85214a5a
22337
21693
  """Type checking stubs"""
22338
21694
  pass
22339
21695
 
21696
+ def _typecheckingstub__fe1c476d259659923a1664b8e966720fc48cf48f725562b81ef2c02997f8998a(
21697
+ *,
21698
+ fallback_behavior: typing.Optional[builtins.str] = None,
21699
+ ) -> None:
21700
+ """Type checking stubs"""
21701
+ pass
21702
+
22340
21703
  def _typecheckingstub__ffc3de9fa9cd77d11c4487ad80fc48948664b917c8642b35ca709762ce71fddf(
22341
21704
  *,
22342
21705
  cloud_watch_metrics_enabled: typing.Union[builtins.bool, _IResolvable_da3f097b],
@@ -22693,6 +22056,7 @@ def _typecheckingstub__25d147c856e9a8fd64f4cc05856e4813e584f37ef787792ad3c4e0790
22693
22056
  query_string: typing.Any = None,
22694
22057
  single_header: typing.Any = None,
22695
22058
  single_query_argument: typing.Any = None,
22059
+ uri_fragment: typing.Optional[typing.Union[_IResolvable_da3f097b, typing.Union[CfnWebACL.UriFragmentProperty, typing.Dict[builtins.str, typing.Any]]]] = None,
22696
22060
  uri_path: typing.Any = None,
22697
22061
  ) -> None:
22698
22062
  """Type checking stubs"""
@@ -23142,6 +22506,13 @@ def _typecheckingstub__a7a1f13087f44f2554ec3d9d35f967247b32fc5b6c94bf2eacd3379ce
23142
22506
  """Type checking stubs"""
23143
22507
  pass
23144
22508
 
22509
+ def _typecheckingstub__ff710cae8471ff92b17239c2eddf3d9fc58fc160b82b4603e07b06b6dc3a6dd1(
22510
+ *,
22511
+ fallback_behavior: typing.Optional[builtins.str] = None,
22512
+ ) -> None:
22513
+ """Type checking stubs"""
22514
+ pass
22515
+
23145
22516
  def _typecheckingstub__f805e71e3de782928ad1bdb95c4cddf9f28e9dbda49ae45324c0dc8316955eaa(
23146
22517
  *,
23147
22518
  cloud_watch_metrics_enabled: typing.Union[builtins.bool, _IResolvable_da3f097b],