From 3e035e353ed95fbe1bc9b369cbeeaf5b20e6ffb0 Mon Sep 17 00:00:00 2001 From: awstools Date: Wed, 6 Sep 2023 18:16:36 +0000 Subject: [PATCH] feat(client-wafv2): The targeted protection level of the Bot Control managed rule group now provides optional, machine-learning analysis of traffic statistics to detect some bot-related activity. You can enable or disable the machine learning functionality through the API. --- .../src/commands/CheckCapacityCommand.ts | 2 + .../src/commands/CreateRuleGroupCommand.ts | 2 + .../src/commands/CreateWebACLCommand.ts | 2 + .../src/commands/GetRuleGroupCommand.ts | 2 + .../src/commands/GetWebACLCommand.ts | 4 + .../commands/GetWebACLForResourceCommand.ts | 4 + .../src/commands/UpdateRuleGroupCommand.ts | 2 + .../src/commands/UpdateWebACLCommand.ts | 2 + clients/client-wafv2/src/endpoint/ruleset.ts | 2 +- clients/client-wafv2/src/models/models_0.ts | 48 ++- codegen/sdk-codegen/aws-models/wafv2.json | 381 ++++++++---------- 11 files changed, 230 insertions(+), 221 deletions(-) diff --git a/clients/client-wafv2/src/commands/CheckCapacityCommand.ts b/clients/client-wafv2/src/commands/CheckCapacityCommand.ts index 2c8c01038cb3..75d2e3ed17b6 100644 --- a/clients/client-wafv2/src/commands/CheckCapacityCommand.ts +++ b/clients/client-wafv2/src/commands/CheckCapacityCommand.ts @@ -601,6 +601,7 @@ export interface CheckCapacityCommandOutput extends CheckCapacityResponse, __Met * }, * AWSManagedRulesBotControlRuleSet: { // AWSManagedRulesBotControlRuleSet * InspectionLevel: "COMMON" || "TARGETED", // required + * EnableMachineLearning: true || false, * }, * AWSManagedRulesATPRuleSet: { // AWSManagedRulesATPRuleSet * LoginPath: "STRING_VALUE", // required @@ -817,6 +818,7 @@ export interface CheckCapacityCommandOutput extends CheckCapacityResponse, __Met * PasswordField: "", * AWSManagedRulesBotControlRuleSet: { * InspectionLevel: "COMMON" || "TARGETED", // required + * EnableMachineLearning: true || false, * }, * AWSManagedRulesATPRuleSet: { * LoginPath: "STRING_VALUE", // required diff --git a/clients/client-wafv2/src/commands/CreateRuleGroupCommand.ts b/clients/client-wafv2/src/commands/CreateRuleGroupCommand.ts index dae74ee463a8..1da1811e3b17 100644 --- a/clients/client-wafv2/src/commands/CreateRuleGroupCommand.ts +++ b/clients/client-wafv2/src/commands/CreateRuleGroupCommand.ts @@ -594,6 +594,7 @@ export interface CreateRuleGroupCommandOutput extends CreateRuleGroupResponse, _ * }, * AWSManagedRulesBotControlRuleSet: { // AWSManagedRulesBotControlRuleSet * InspectionLevel: "COMMON" || "TARGETED", // required + * EnableMachineLearning: true || false, * }, * AWSManagedRulesATPRuleSet: { // AWSManagedRulesATPRuleSet * LoginPath: "STRING_VALUE", // required @@ -810,6 +811,7 @@ export interface CreateRuleGroupCommandOutput extends CreateRuleGroupResponse, _ * PasswordField: "", * AWSManagedRulesBotControlRuleSet: { * InspectionLevel: "COMMON" || "TARGETED", // required + * EnableMachineLearning: true || false, * }, * AWSManagedRulesATPRuleSet: { * LoginPath: "STRING_VALUE", // required diff --git a/clients/client-wafv2/src/commands/CreateWebACLCommand.ts b/clients/client-wafv2/src/commands/CreateWebACLCommand.ts index f81371dc11e5..50954f6725bb 100644 --- a/clients/client-wafv2/src/commands/CreateWebACLCommand.ts +++ b/clients/client-wafv2/src/commands/CreateWebACLCommand.ts @@ -597,6 +597,7 @@ export interface CreateWebACLCommandOutput extends CreateWebACLResponse, __Metad * }, * AWSManagedRulesBotControlRuleSet: { // AWSManagedRulesBotControlRuleSet * InspectionLevel: "COMMON" || "TARGETED", // required + * EnableMachineLearning: true || false, * }, * AWSManagedRulesATPRuleSet: { // AWSManagedRulesATPRuleSet * LoginPath: "STRING_VALUE", // required @@ -805,6 +806,7 @@ export interface CreateWebACLCommandOutput extends CreateWebACLResponse, __Metad * PasswordField: "", * AWSManagedRulesBotControlRuleSet: { * InspectionLevel: "COMMON" || "TARGETED", // required + * EnableMachineLearning: true || false, * }, * AWSManagedRulesATPRuleSet: { * LoginPath: "STRING_VALUE", // required diff --git a/clients/client-wafv2/src/commands/GetRuleGroupCommand.ts b/clients/client-wafv2/src/commands/GetRuleGroupCommand.ts index d07aa570afb9..e435afe1c576 100644 --- a/clients/client-wafv2/src/commands/GetRuleGroupCommand.ts +++ b/clients/client-wafv2/src/commands/GetRuleGroupCommand.ts @@ -603,6 +603,7 @@ export interface GetRuleGroupCommandOutput extends GetRuleGroupResponse, __Metad * // }, * // AWSManagedRulesBotControlRuleSet: { // AWSManagedRulesBotControlRuleSet * // InspectionLevel: "COMMON" || "TARGETED", // required + * // EnableMachineLearning: true || false, * // }, * // AWSManagedRulesATPRuleSet: { // AWSManagedRulesATPRuleSet * // LoginPath: "STRING_VALUE", // required @@ -819,6 +820,7 @@ export interface GetRuleGroupCommandOutput extends GetRuleGroupResponse, __Metad * // PasswordField: "", * // AWSManagedRulesBotControlRuleSet: { * // InspectionLevel: "COMMON" || "TARGETED", // required + * // EnableMachineLearning: true || false, * // }, * // AWSManagedRulesATPRuleSet: { * // LoginPath: "STRING_VALUE", // required diff --git a/clients/client-wafv2/src/commands/GetWebACLCommand.ts b/clients/client-wafv2/src/commands/GetWebACLCommand.ts index 6c05bd6db6ab..a75a648cd59f 100644 --- a/clients/client-wafv2/src/commands/GetWebACLCommand.ts +++ b/clients/client-wafv2/src/commands/GetWebACLCommand.ts @@ -605,6 +605,7 @@ export interface GetWebACLCommandOutput extends GetWebACLResponse, __MetadataBea * // }, * // AWSManagedRulesBotControlRuleSet: { // AWSManagedRulesBotControlRuleSet * // InspectionLevel: "COMMON" || "TARGETED", // required + * // EnableMachineLearning: true || false, * // }, * // AWSManagedRulesATPRuleSet: { // AWSManagedRulesATPRuleSet * // LoginPath: "STRING_VALUE", // required @@ -813,6 +814,7 @@ export interface GetWebACLCommandOutput extends GetWebACLResponse, __MetadataBea * // PasswordField: "", * // AWSManagedRulesBotControlRuleSet: { * // InspectionLevel: "COMMON" || "TARGETED", // required + * // EnableMachineLearning: true || false, * // }, * // AWSManagedRulesATPRuleSet: { * // LoginPath: "STRING_VALUE", // required @@ -1005,6 +1007,7 @@ export interface GetWebACLCommandOutput extends GetWebACLResponse, __MetadataBea * // PasswordField: "", * // AWSManagedRulesBotControlRuleSet: { * // InspectionLevel: "COMMON" || "TARGETED", // required + * // EnableMachineLearning: true || false, * // }, * // AWSManagedRulesATPRuleSet: { * // LoginPath: "STRING_VALUE", // required @@ -1120,6 +1123,7 @@ export interface GetWebACLCommandOutput extends GetWebACLResponse, __MetadataBea * // PasswordField: "", * // AWSManagedRulesBotControlRuleSet: { * // InspectionLevel: "COMMON" || "TARGETED", // required + * // EnableMachineLearning: true || false, * // }, * // AWSManagedRulesATPRuleSet: { * // LoginPath: "STRING_VALUE", // required diff --git a/clients/client-wafv2/src/commands/GetWebACLForResourceCommand.ts b/clients/client-wafv2/src/commands/GetWebACLForResourceCommand.ts index b101cc2b5a41..09e7780e7188 100644 --- a/clients/client-wafv2/src/commands/GetWebACLForResourceCommand.ts +++ b/clients/client-wafv2/src/commands/GetWebACLForResourceCommand.ts @@ -603,6 +603,7 @@ export interface GetWebACLForResourceCommandOutput extends GetWebACLForResourceR * // }, * // AWSManagedRulesBotControlRuleSet: { // AWSManagedRulesBotControlRuleSet * // InspectionLevel: "COMMON" || "TARGETED", // required + * // EnableMachineLearning: true || false, * // }, * // AWSManagedRulesATPRuleSet: { // AWSManagedRulesATPRuleSet * // LoginPath: "STRING_VALUE", // required @@ -811,6 +812,7 @@ export interface GetWebACLForResourceCommandOutput extends GetWebACLForResourceR * // PasswordField: "", * // AWSManagedRulesBotControlRuleSet: { * // InspectionLevel: "COMMON" || "TARGETED", // required + * // EnableMachineLearning: true || false, * // }, * // AWSManagedRulesATPRuleSet: { * // LoginPath: "STRING_VALUE", // required @@ -1003,6 +1005,7 @@ export interface GetWebACLForResourceCommandOutput extends GetWebACLForResourceR * // PasswordField: "", * // AWSManagedRulesBotControlRuleSet: { * // InspectionLevel: "COMMON" || "TARGETED", // required + * // EnableMachineLearning: true || false, * // }, * // AWSManagedRulesATPRuleSet: { * // LoginPath: "STRING_VALUE", // required @@ -1118,6 +1121,7 @@ export interface GetWebACLForResourceCommandOutput extends GetWebACLForResourceR * // PasswordField: "", * // AWSManagedRulesBotControlRuleSet: { * // InspectionLevel: "COMMON" || "TARGETED", // required + * // EnableMachineLearning: true || false, * // }, * // AWSManagedRulesATPRuleSet: { * // LoginPath: "STRING_VALUE", // required diff --git a/clients/client-wafv2/src/commands/UpdateRuleGroupCommand.ts b/clients/client-wafv2/src/commands/UpdateRuleGroupCommand.ts index 7f036e4c1065..1abe739d7b84 100644 --- a/clients/client-wafv2/src/commands/UpdateRuleGroupCommand.ts +++ b/clients/client-wafv2/src/commands/UpdateRuleGroupCommand.ts @@ -611,6 +611,7 @@ export interface UpdateRuleGroupCommandOutput extends UpdateRuleGroupResponse, _ * }, * AWSManagedRulesBotControlRuleSet: { // AWSManagedRulesBotControlRuleSet * InspectionLevel: "COMMON" || "TARGETED", // required + * EnableMachineLearning: true || false, * }, * AWSManagedRulesATPRuleSet: { // AWSManagedRulesATPRuleSet * LoginPath: "STRING_VALUE", // required @@ -827,6 +828,7 @@ export interface UpdateRuleGroupCommandOutput extends UpdateRuleGroupResponse, _ * PasswordField: "", * AWSManagedRulesBotControlRuleSet: { * InspectionLevel: "COMMON" || "TARGETED", // required + * EnableMachineLearning: true || false, * }, * AWSManagedRulesATPRuleSet: { * LoginPath: "STRING_VALUE", // required diff --git a/clients/client-wafv2/src/commands/UpdateWebACLCommand.ts b/clients/client-wafv2/src/commands/UpdateWebACLCommand.ts index 14e4826a61d2..7674ef9ba667 100644 --- a/clients/client-wafv2/src/commands/UpdateWebACLCommand.ts +++ b/clients/client-wafv2/src/commands/UpdateWebACLCommand.ts @@ -616,6 +616,7 @@ export interface UpdateWebACLCommandOutput extends UpdateWebACLResponse, __Metad * }, * AWSManagedRulesBotControlRuleSet: { // AWSManagedRulesBotControlRuleSet * InspectionLevel: "COMMON" || "TARGETED", // required + * EnableMachineLearning: true || false, * }, * AWSManagedRulesATPRuleSet: { // AWSManagedRulesATPRuleSet * LoginPath: "STRING_VALUE", // required @@ -824,6 +825,7 @@ export interface UpdateWebACLCommandOutput extends UpdateWebACLResponse, __Metad * PasswordField: "", * AWSManagedRulesBotControlRuleSet: { * InspectionLevel: "COMMON" || "TARGETED", // required + * EnableMachineLearning: true || false, * }, * AWSManagedRulesATPRuleSet: { * LoginPath: "STRING_VALUE", // required diff --git a/clients/client-wafv2/src/endpoint/ruleset.ts b/clients/client-wafv2/src/endpoint/ruleset.ts index 8b211cc42c64..3819ef8104bb 100644 --- a/clients/client-wafv2/src/endpoint/ruleset.ts +++ b/clients/client-wafv2/src/endpoint/ruleset.ts @@ -26,5 +26,5 @@ m={[r]:"booleanEquals",[s]:[true,{[r]:"getAttr",[s]:[{[t]:e},"supportsDualStack" n=[i], o=[j], p=[{[t]:"Region"}]; -const _data={version:"1.0",parameters:{Region:f,UseDualStack:g,UseFIPS:g,Endpoint:f},rules:[{conditions:[{[r]:a,[s]:[h]}],type:b,rules:[{conditions:n,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:c},{type:b,rules:[{conditions:o,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:c},{endpoint:{url:h,properties:k,headers:k},type:d}]}]},{type:b,rules:[{conditions:[{[r]:a,[s]:p}],type:b,rules:[{conditions:[{[r]:"aws.partition",[s]:p,assign:e}],type:b,rules:[{conditions:[i,j],type:b,rules:[{conditions:[l,m],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://wafv2-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:k,headers:k},type:d}]}]},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:c}]},{conditions:n,type:b,rules:[{conditions:[l],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://wafv2-fips.{Region}.{PartitionResult#dnsSuffix}",properties:k,headers:k},type:d}]}]},{error:"FIPS is enabled but this partition does not support FIPS",type:c}]},{conditions:o,type:b,rules:[{conditions:[m],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://wafv2.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:k,headers:k},type:d}]}]},{error:"DualStack is enabled but this partition does not support DualStack",type:c}]},{type:b,rules:[{endpoint:{url:"https://wafv2.{Region}.{PartitionResult#dnsSuffix}",properties:k,headers:k},type:d}]}]}]},{error:"Invalid Configuration: Missing Region",type:c}]}]}; +const _data={version:"1.0",parameters:{Region:f,UseDualStack:g,UseFIPS:g,Endpoint:f},rules:[{conditions:[{[r]:a,[s]:[h]}],type:b,rules:[{conditions:n,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:c},{conditions:o,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:c},{endpoint:{url:h,properties:k,headers:k},type:d}]},{conditions:[{[r]:a,[s]:p}],type:b,rules:[{conditions:[{[r]:"aws.partition",[s]:p,assign:e}],type:b,rules:[{conditions:[i,j],type:b,rules:[{conditions:[l,m],type:b,rules:[{endpoint:{url:"https://wafv2-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:k,headers:k},type:d}]},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:c}]},{conditions:n,type:b,rules:[{conditions:[l],type:b,rules:[{endpoint:{url:"https://wafv2-fips.{Region}.{PartitionResult#dnsSuffix}",properties:k,headers:k},type:d}]},{error:"FIPS is enabled but this partition does not support FIPS",type:c}]},{conditions:o,type:b,rules:[{conditions:[m],type:b,rules:[{endpoint:{url:"https://wafv2.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:k,headers:k},type:d}]},{error:"DualStack is enabled but this partition does not support DualStack",type:c}]},{endpoint:{url:"https://wafv2.{Region}.{PartitionResult#dnsSuffix}",properties:k,headers:k},type:d}]}]},{error:"Invalid Configuration: Missing Region",type:c}]}; export const ruleSet: RuleSetObject = _data; diff --git a/clients/client-wafv2/src/models/models_0.ts b/clients/client-wafv2/src/models/models_0.ts index 503a9059cf83..6b4f9126b90f 100644 --- a/clients/client-wafv2/src/models/models_0.ts +++ b/clients/client-wafv2/src/models/models_0.ts @@ -171,7 +171,7 @@ export interface Body { * WAF does not support inspecting the entire contents of the web request body if the body * exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service * only forwards the contents that are below the limit to WAF for inspection.

- *

The default limit is 8 KB (8,192 kilobytes) for regional resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions, + *

The default limit is 8 KB (8,192 bytes) for regional resources and 16 KB (16,384 bytes) for CloudFront distributions. For CloudFront distributions, * you can increase the limit in the web ACL AssociationConfig, for additional processing fees.

*

The options for oversize handling are the following:

*
    @@ -562,7 +562,7 @@ export interface JsonBody { * WAF does not support inspecting the entire contents of the web request body if the body * exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service * only forwards the contents that are below the limit to WAF for inspection.

    - *

    The default limit is 8 KB (8,192 kilobytes) for regional resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions, + *

    The default limit is 8 KB (8,192 bytes) for regional resources and 16 KB (16,384 bytes) for CloudFront distributions. For CloudFront distributions, * you can increase the limit in the web ACL AssociationConfig, for additional processing fees.

    *

    The options for oversize handling are the following:

    *
      @@ -720,7 +720,7 @@ export interface FieldToMatch { * headers. This is the part of a request that contains any additional data that you want to * send to your web server as the HTTP request body, such as data from a form.

      *

      A limited amount of the request body is forwarded to WAF for - * inspection by the underlying host service. For regional resources, the limit is 8 KB (8,192 kilobytes) and for CloudFront distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront distributions, + * inspection by the underlying host service. For regional resources, the limit is 8 KB (8,192 bytes) and for CloudFront distributions, the limit is 16 KB (16,384 bytes). For CloudFront distributions, * you can increase the limit in the web ACL's AssociationConfig, for additional processing fees.

      *

      For information about how to handle oversized * request bodies, see the Body object configuration.

      @@ -740,7 +740,7 @@ export interface FieldToMatch { * headers. This is the part of a request that contains any additional data that you want to * send to your web server as the HTTP request body, such as data from a form.

      *

      A limited amount of the request body is forwarded to WAF for - * inspection by the underlying host service. For regional resources, the limit is 8 KB (8,192 kilobytes) and for CloudFront distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront distributions, + * inspection by the underlying host service. For regional resources, the limit is 8 KB (8,192 bytes) and for CloudFront distributions, the limit is 16 KB (16,384 bytes). For CloudFront distributions, * you can increase the limit in the web ACL's AssociationConfig, for additional processing fees.

      *

      For information about how to handle oversized * request bodies, see the JsonBody object configuration.

      @@ -2243,6 +2243,19 @@ export interface AWSManagedRulesBotControlRuleSet { * in the WAF Developer Guide.

      */ InspectionLevel: InspectionLevel | string | undefined; + + /** + * @public + *

      Applies only to the targeted inspection level.

      + *

      Determines whether to use machine learning (ML) to + * analyze your web traffic for bot-related activity. Machine learning is required for the Bot Control rules TGT_ML_CoordinatedActivityLow and TGT_ML_CoordinatedActivityMedium, which + * inspect for anomalous behavior that might indicate distributed, coordinated bot activity.

      + *

      For more information about this choice, see the listing for these rules in the table at Bot Control rules listing in the + * WAF Developer Guide.

      + *

      Default: TRUE + *

      + */ + EnableMachineLearning?: boolean; } /** @@ -2882,7 +2895,7 @@ export type ComparisonOperator = (typeof ComparisonOperator)[keyof typeof Compar /** * @public *

      A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.

      - *

      If you configure WAF to inspect the request body, WAF inspects only the number of bytes of the body up to the limit for the web ACL. By default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes) and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes). For CloudFront web ACLs, you can increase the limit in the web ACL AssociationConfig, for additional fees. If you know that the request body for your web requests should never exceed the inspection limit, you could use a size constraint statement to block requests that have a larger request body size.

      + *

      If you configure WAF to inspect the request body, WAF inspects only the number of bytes of the body up to the limit for the web ACL. By default, for regional web ACLs, this limit is 8 KB (8,192 bytes) and for CloudFront web ACLs, this limit is 16 KB (16,384 bytes). For CloudFront web ACLs, you can increase the limit in the web ACL AssociationConfig, for additional fees. If you know that the request body for your web requests should never exceed the inspection limit, you could use a size constraint statement to block requests that have a larger request body size.

      *

      If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI /logo.jpg is nine characters long.

      */ export interface SizeConstraintStatement { @@ -3336,7 +3349,7 @@ export type SizeInspectionLimit = (typeof SizeInspectionLimit)[keyof typeof Size /** * @public - *

      Customizes the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default size is 16 KB (16,384 kilobytes).

      + *

      Customizes the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default size is 16 KB (16,384 bytes).

      * *

      You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.

      *       @@ -3346,7 +3359,7 @@ export interface RequestBodyAssociatedResourceTypeConfig { /** * @public *

      Specifies the maximum size of the web request body component that an associated CloudFront distribution should send to WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body.

      - *

      Default: 16 KB (16,384 kilobytes) + *

      Default: 16 KB (16,384 bytes) *

      */ DefaultSizeInspectionLimit: SizeInspectionLimit | string | undefined; @@ -3355,7 +3368,7 @@ export interface RequestBodyAssociatedResourceTypeConfig { /** * @public *

      Specifies custom configurations for the associations between the web ACL and protected resources.

      - *

      Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes).

      + *

      Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 bytes).

      * *

      You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.

      *       @@ -3363,7 +3376,7 @@ export interface RequestBodyAssociatedResourceTypeConfig { export interface AssociationConfig { /** * @public - *

      Customizes the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default size is 16 KB (16,384 kilobytes).

      + *

      Customizes the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default size is 16 KB (16,384 bytes).

      * *

      You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.

      *       @@ -7573,7 +7586,7 @@ export interface Statement { /** * @public *

      A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.

      - *

      If you configure WAF to inspect the request body, WAF inspects only the number of bytes of the body up to the limit for the web ACL. By default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes) and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes). For CloudFront web ACLs, you can increase the limit in the web ACL AssociationConfig, for additional fees. If you know that the request body for your web requests should never exceed the inspection limit, you could use a size constraint statement to block requests that have a larger request body size.

      + *

      If you configure WAF to inspect the request body, WAF inspects only the number of bytes of the body up to the limit for the web ACL. By default, for regional web ACLs, this limit is 8 KB (8,192 bytes) and for CloudFront web ACLs, this limit is 16 KB (16,384 bytes). For CloudFront web ACLs, you can increase the limit in the web ACL AssociationConfig, for additional fees. If you know that the request body for your web requests should never exceed the inspection limit, you could use a size constraint statement to block requests that have a larger request body size.

      *

      If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI /logo.jpg is nine characters long.

      */ SizeConstraintStatement?: SizeConstraintStatement; @@ -7982,8 +7995,10 @@ export interface RateBasedStatement { export interface Rule { /** * @public - *

      The name of the rule. You can't change the name of a Rule after you create - * it.

      + *

      The name of the rule.

      + *

      If you change the name of a Rule after you create + * it and you want the rule's metric name to reflect the change, update the metric name in the rule's VisibilityConfig settings. WAF + * doesn't automatically update the metric name when you update the rule name.

      */ Name: string | undefined; @@ -8063,6 +8078,9 @@ export interface Rule { /** * @public *

      Defines and enables Amazon CloudWatch metrics and web request sample collection.

      + *

      If you change the name of a Rule after you create + * it and you want the rule's metric name to reflect the change, update the metric name as well. WAF + * doesn't automatically update the metric name.

      */ VisibilityConfig: VisibilityConfig | undefined; @@ -8369,7 +8387,7 @@ export interface CreateWebACLRequest { /** * @public *

      Specifies custom configurations for the associations between the web ACL and protected resources.

      - *

      Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes).

      + *

      Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 bytes).

      * *

      You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.

      *       @@ -8652,7 +8670,7 @@ export interface UpdateWebACLRequest { /** * @public *

      Specifies custom configurations for the associations between the web ACL and protected resources.

      - *

      Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes).

      + *

      Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 bytes).

      * *

      You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.

      *       @@ -8828,7 +8846,7 @@ export interface WebACL { /** * @public *

      Specifies custom configurations for the associations between the web ACL and protected resources.

      - *

      Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes).

      + *

      Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 bytes).

      * *

      You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.

      *       diff --git a/codegen/sdk-codegen/aws-models/wafv2.json b/codegen/sdk-codegen/aws-models/wafv2.json index 3a2e0c440ca2..8146fd589a69 100644 --- a/codegen/sdk-codegen/aws-models/wafv2.json +++ b/codegen/sdk-codegen/aws-models/wafv2.json @@ -183,6 +183,13 @@ "smithy.api#documentation": "

      The inspection level to use for the Bot Control rule group. The common level is the least expensive. The \n targeted level includes all common level rules and adds rules with more advanced inspection criteria. For \n details, see WAF Bot Control rule group\n in the WAF Developer Guide.

      ", "smithy.api#required": {} } + }, + "EnableMachineLearning": { + "target": "com.amazonaws.wafv2#Boolean", + "traits": { + "smithy.api#default": false, + "smithy.api#documentation": "

      Applies only to the targeted inspection level.

      \n

      Determines whether to use machine learning (ML) to\n analyze your web traffic for bot-related activity. Machine learning is required for the Bot Control rules TGT_ML_CoordinatedActivityLow and TGT_ML_CoordinatedActivityMedium, which\ninspect for anomalous behavior that might indicate distributed, coordinated bot activity.

      \n

      For more information about this choice, see the listing for these rules in the table at Bot Control rules listing in the\n WAF Developer Guide.

      \n

      Default: TRUE\n

      " + } } }, "traits": { @@ -430,52 +437,56 @@ "type": "error" }, { - "conditions": [], - "type": "tree", - "rules": [ + "conditions": [ { - "conditions": [ + "fn": "booleanEquals", + "argv": [ { - "fn": "booleanEquals", - "argv": [ - { - "ref": "UseDualStack" - }, - true - ] - } - ], - "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", - "type": "error" - }, - { - "conditions": [], - "endpoint": { - "url": { - "ref": "Endpoint" + "ref": "UseDualStack" }, - "properties": {}, - "headers": {} - }, - "type": "endpoint" + true + ] } - ] + ], + "error": "Invalid Configuration: Dualstack and custom endpoint are not supported", + "type": "error" + }, + { + "conditions": [], + "endpoint": { + "url": { + "ref": "Endpoint" + }, + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] }, { - "conditions": [], + "conditions": [ + { + "fn": "isSet", + "argv": [ + { + "ref": "Region" + } + ] + } + ], "type": "tree", "rules": [ { "conditions": [ { - "fn": "isSet", + "fn": "aws.partition", "argv": [ { "ref": "Region" } - ] + ], + "assign": "PartitionResult" } ], "type": "tree", @@ -483,13 +494,22 @@ { "conditions": [ { - "fn": "aws.partition", + "fn": "booleanEquals", "argv": [ { - "ref": "Region" - } - ], - "assign": "PartitionResult" + "ref": "UseFIPS" + }, + true + ] + }, + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] } ], "type": "tree", @@ -499,224 +519,175 @@ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseFIPS" - }, - true + "fn": "getAttr", + "argv": [ + { + "ref": "PartitionResult" + }, + "supportsFIPS" + ] + } ] }, { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", - "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - }, - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ { - "conditions": [], - "endpoint": { - "url": "https://wafv2-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsDualStack" ] } ] - }, + } + ], + "type": "tree", + "rules": [ { "conditions": [], - "error": "FIPS and DualStack are enabled, but this partition does not support one or both", - "type": "error" + "endpoint": { + "url": "https://wafv2-fips.{Region}.{PartitionResult#dualStackDnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] }, + { + "conditions": [], + "error": "FIPS and DualStack are enabled, but this partition does not support one or both", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseFIPS" + }, + true + ] + } + ], + "type": "tree", + "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseFIPS" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsFIPS" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ - { - "conditions": [], - "endpoint": { - "url": "https://wafv2-fips.{Region}.{PartitionResult#dnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsFIPS" ] } ] - }, + } + ], + "type": "tree", + "rules": [ { "conditions": [], - "error": "FIPS is enabled but this partition does not support FIPS", - "type": "error" + "endpoint": { + "url": "https://wafv2-fips.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] }, + { + "conditions": [], + "error": "FIPS is enabled but this partition does not support FIPS", + "type": "error" + } + ] + }, + { + "conditions": [ + { + "fn": "booleanEquals", + "argv": [ + { + "ref": "UseDualStack" + }, + true + ] + } + ], + "type": "tree", + "rules": [ { "conditions": [ { "fn": "booleanEquals", "argv": [ + true, { - "ref": "UseDualStack" - }, - true - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [ - { - "fn": "booleanEquals", + "fn": "getAttr", "argv": [ - true, - { - "fn": "getAttr", - "argv": [ - { - "ref": "PartitionResult" - }, - "supportsDualStack" - ] - } - ] - } - ], - "type": "tree", - "rules": [ - { - "conditions": [], - "type": "tree", - "rules": [ { - "conditions": [], - "endpoint": { - "url": "https://wafv2.{Region}.{PartitionResult#dualStackDnsSuffix}", - "properties": {}, - "headers": {} - }, - "type": "endpoint" - } + "ref": "PartitionResult" + }, + "supportsDualStack" ] } ] - }, - { - "conditions": [], - "error": "DualStack is enabled but this partition does not support DualStack", - "type": "error" } - ] - }, - { - "conditions": [], + ], "type": "tree", "rules": [ { "conditions": [], "endpoint": { - "url": "https://wafv2.{Region}.{PartitionResult#dnsSuffix}", + "url": "https://wafv2.{Region}.{PartitionResult#dualStackDnsSuffix}", "properties": {}, "headers": {} }, "type": "endpoint" } ] + }, + { + "conditions": [], + "error": "DualStack is enabled but this partition does not support DualStack", + "type": "error" } ] + }, + { + "conditions": [], + "endpoint": { + "url": "https://wafv2.{Region}.{PartitionResult#dnsSuffix}", + "properties": {}, + "headers": {} + }, + "type": "endpoint" } ] - }, - { - "conditions": [], - "error": "Invalid Configuration: Missing Region", - "type": "error" } ] + }, + { + "conditions": [], + "error": "Invalid Configuration: Missing Region", + "type": "error" } ] }, @@ -1832,12 +1803,12 @@ "RequestBody": { "target": "com.amazonaws.wafv2#RequestBody", "traits": { - "smithy.api#documentation": "

      Customizes the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default size is 16 KB (16,384 kilobytes).

      \n \n

      You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.

      \n       " + "smithy.api#documentation": "

      Customizes the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default size is 16 KB (16,384 bytes).

      \n \n

      You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.

      \n       " } } }, "traits": { - "smithy.api#documentation": "

      Specifies custom configurations for the associations between the web ACL and protected resources.

      \n

      Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes).

      \n \n

      You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.

      \n       " + "smithy.api#documentation": "

      Specifies custom configurations for the associations between the web ACL and protected resources.

      \n

      Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 bytes).

      \n \n

      You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.

      \n       " } }, "com.amazonaws.wafv2#BlockAction": { @@ -1860,7 +1831,7 @@ "OversizeHandling": { "target": "com.amazonaws.wafv2#OversizeHandling", "traits": { - "smithy.api#documentation": "

      What WAF should do if the body is larger than WAF can inspect. \n WAF does not support inspecting the entire contents of the web request body if the body \n exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service \n only forwards the contents that are below the limit to WAF for inspection.

      \n

      The default limit is 8 KB (8,192 kilobytes) for regional resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions, \n you can increase the limit in the web ACL AssociationConfig, for additional processing fees.

      \n

      The options for oversize handling are the following:

      \n
        \n
      • \n

        \n CONTINUE - Inspect the available body contents normally, according to the rule inspection criteria.

        \n
        • \n
      • \n

        \n MATCH - Treat the web request as matching the rule statement. WAF\n applies the rule action to the request.

        \n
        • \n
      • \n

        \n NO_MATCH - Treat the web request as not matching the rule\n statement.

        \n
        • \n
      \n

      You can combine the MATCH or NO_MATCH\n settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.

      \n

      Default: CONTINUE\n

      " + "smithy.api#documentation": "

      What WAF should do if the body is larger than WAF can inspect. \n WAF does not support inspecting the entire contents of the web request body if the body \n exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service \n only forwards the contents that are below the limit to WAF for inspection.

      \n

      The default limit is 8 KB (8,192 bytes) for regional resources and 16 KB (16,384 bytes) for CloudFront distributions. For CloudFront distributions, \n you can increase the limit in the web ACL AssociationConfig, for additional processing fees.

      \n

      The options for oversize handling are the following:

      \n
        \n
      • \n

        \n CONTINUE - Inspect the available body contents normally, according to the rule inspection criteria.

        \n
        • \n
      • \n

        \n MATCH - Treat the web request as matching the rule statement. WAF\n applies the rule action to the request.

        \n
        • \n
      • \n

        \n NO_MATCH - Treat the web request as not matching the rule\n statement.

        \n
        • \n
      \n

      You can combine the MATCH or NO_MATCH\n settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.

      \n

      Default: CONTINUE\n

      " } } }, @@ -4318,7 +4289,7 @@ "AssociationConfig": { "target": "com.amazonaws.wafv2#AssociationConfig", "traits": { - "smithy.api#documentation": "

      Specifies custom configurations for the associations between the web ACL and protected resources.

      \n

      Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes).

      \n \n

      You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.

      \n       " + "smithy.api#documentation": "

      Specifies custom configurations for the associations between the web ACL and protected resources.

      \n

      Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 bytes).

      \n \n

      You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.

      \n       " } } }, @@ -5453,7 +5424,7 @@ "Body": { "target": "com.amazonaws.wafv2#Body", "traits": { - "smithy.api#documentation": "

      Inspect the request body as plain text. The request body immediately follows the request\n headers. This is the part of a request that contains any additional data that you want to\n send to your web server as the HTTP request body, such as data from a form.

      \n

      A limited amount of the request body is forwarded to WAF for\n inspection by the underlying host service. For regional resources, the limit is 8 KB (8,192 kilobytes) and for CloudFront distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront distributions,\n you can increase the limit in the web ACL's AssociationConfig, for additional processing fees.

      \n

      For information about how to handle oversized\n request bodies, see the Body object configuration.

      " + "smithy.api#documentation": "

      Inspect the request body as plain text. The request body immediately follows the request\n headers. This is the part of a request that contains any additional data that you want to\n send to your web server as the HTTP request body, such as data from a form.

      \n

      A limited amount of the request body is forwarded to WAF for\n inspection by the underlying host service. For regional resources, the limit is 8 KB (8,192 bytes) and for CloudFront distributions, the limit is 16 KB (16,384 bytes). For CloudFront distributions,\n you can increase the limit in the web ACL's AssociationConfig, for additional processing fees.

      \n

      For information about how to handle oversized\n request bodies, see the Body object configuration.

      " } }, "Method": { @@ -5465,7 +5436,7 @@ "JsonBody": { "target": "com.amazonaws.wafv2#JsonBody", "traits": { - "smithy.api#documentation": "

      Inspect the request body as JSON. The request body immediately follows the request\n headers. This is the part of a request that contains any additional data that you want to\n send to your web server as the HTTP request body, such as data from a form.

      \n

      A limited amount of the request body is forwarded to WAF for\n inspection by the underlying host service. For regional resources, the limit is 8 KB (8,192 kilobytes) and for CloudFront distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront distributions,\n you can increase the limit in the web ACL's AssociationConfig, for additional processing fees.

      \n

      For information about how to handle oversized\n request bodies, see the JsonBody object configuration.

      " + "smithy.api#documentation": "

      Inspect the request body as JSON. The request body immediately follows the request\n headers. This is the part of a request that contains any additional data that you want to\n send to your web server as the HTTP request body, such as data from a form.

      \n

      A limited amount of the request body is forwarded to WAF for\n inspection by the underlying host service. For regional resources, the limit is 8 KB (8,192 bytes) and for CloudFront distributions, the limit is 16 KB (16,384 bytes). For CloudFront distributions,\n you can increase the limit in the web ACL's AssociationConfig, for additional processing fees.

      \n

      For information about how to handle oversized\n request bodies, see the JsonBody object configuration.

      " } }, "Headers": { @@ -7047,7 +7018,7 @@ "OversizeHandling": { "target": "com.amazonaws.wafv2#OversizeHandling", "traits": { - "smithy.api#documentation": "

      What WAF should do if the body is larger than WAF can inspect. \n WAF does not support inspecting the entire contents of the web request body if the body \n exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service \n only forwards the contents that are below the limit to WAF for inspection.

      \n

      The default limit is 8 KB (8,192 kilobytes) for regional resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions, \n you can increase the limit in the web ACL AssociationConfig, for additional processing fees.

      \n

      The options for oversize handling are the following:

      \n
        \n
      • \n

        \n CONTINUE - Inspect the available body contents normally, according to the rule inspection criteria.

        \n
        • \n
      • \n

        \n MATCH - Treat the web request as matching the rule statement. WAF\n applies the rule action to the request.

        \n
        • \n
      • \n

        \n NO_MATCH - Treat the web request as not matching the rule\n statement.

        \n
        • \n
      \n

      You can combine the MATCH or NO_MATCH\n settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.

      \n

      Default: CONTINUE\n

      " + "smithy.api#documentation": "

      What WAF should do if the body is larger than WAF can inspect. \n WAF does not support inspecting the entire contents of the web request body if the body \n exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service \n only forwards the contents that are below the limit to WAF for inspection.

      \n

      The default limit is 8 KB (8,192 bytes) for regional resources and 16 KB (16,384 bytes) for CloudFront distributions. For CloudFront distributions, \n you can increase the limit in the web ACL AssociationConfig, for additional processing fees.

      \n

      The options for oversize handling are the following:

      \n
        \n
      • \n

        \n CONTINUE - Inspect the available body contents normally, according to the rule inspection criteria.

        \n
        • \n
      • \n

        \n MATCH - Treat the web request as matching the rule statement. WAF\n applies the rule action to the request.

        \n
        • \n
      • \n

        \n NO_MATCH - Treat the web request as not matching the rule\n statement.

        \n
        • \n
      \n

      You can combine the MATCH or NO_MATCH\n settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit.

      \n

      Default: CONTINUE\n

      " } } }, @@ -10167,13 +10138,13 @@ "DefaultSizeInspectionLimit": { "target": "com.amazonaws.wafv2#SizeInspectionLimit", "traits": { - "smithy.api#documentation": "

      Specifies the maximum size of the web request body component that an associated CloudFront distribution should send to WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body.

      \n

      Default: 16 KB (16,384 kilobytes)\n

      ", + "smithy.api#documentation": "

      Specifies the maximum size of the web request body component that an associated CloudFront distribution should send to WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body.

      \n

      Default: 16 KB (16,384 bytes)\n

      ", "smithy.api#required": {} } } }, "traits": { - "smithy.api#documentation": "

      Customizes the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default size is 16 KB (16,384 kilobytes).

      \n \n

      You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.

      \n       \n

      This is used in the AssociationConfig of the web ACL.

      " + "smithy.api#documentation": "

      Customizes the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default size is 16 KB (16,384 bytes).

      \n \n

      You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.

      \n       \n

      This is used in the AssociationConfig of the web ACL.

      " } }, "com.amazonaws.wafv2#RequestInspection": { @@ -10598,7 +10569,7 @@ "Name": { "target": "com.amazonaws.wafv2#EntityName", "traits": { - "smithy.api#documentation": "

      The name of the rule. You can't change the name of a Rule after you create\n it.

      ", + "smithy.api#documentation": "

      The name of the rule.

      \n

      If you change the name of a Rule after you create\n it and you want the rule's metric name to reflect the change, update the metric name in the rule's VisibilityConfig settings. WAF \n doesn't automatically update the metric name when you update the rule name.

      ", "smithy.api#required": {} } }, @@ -10638,7 +10609,7 @@ "VisibilityConfig": { "target": "com.amazonaws.wafv2#VisibilityConfig", "traits": { - "smithy.api#documentation": "

      Defines and enables Amazon CloudWatch metrics and web request sample collection.

      ", + "smithy.api#documentation": "

      Defines and enables Amazon CloudWatch metrics and web request sample collection.

      \n

      If you change the name of a Rule after you create\n it and you want the rule's metric name to reflect the change, update the metric name as well. WAF \n doesn't automatically update the metric name.

      ", "smithy.api#required": {} } }, @@ -11136,7 +11107,7 @@ } }, "traits": { - "smithy.api#documentation": "

      A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.

      \n

      If you configure WAF to inspect the request body, WAF inspects only the number of bytes of the body up to the limit for the web ACL. By default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes) and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes). For CloudFront web ACLs, you can increase the limit in the web ACL AssociationConfig, for additional fees. If you know that the request body for your web requests should never exceed the inspection limit, you could use a size constraint statement to block requests that have a larger request body size.

      \n

      If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI /logo.jpg is nine characters long.

      " + "smithy.api#documentation": "

      A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.

      \n

      If you configure WAF to inspect the request body, WAF inspects only the number of bytes of the body up to the limit for the web ACL. By default, for regional web ACLs, this limit is 8 KB (8,192 bytes) and for CloudFront web ACLs, this limit is 16 KB (16,384 bytes). For CloudFront web ACLs, you can increase the limit in the web ACL AssociationConfig, for additional fees. If you know that the request body for your web requests should never exceed the inspection limit, you could use a size constraint statement to block requests that have a larger request body size.

      \n

      If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI /logo.jpg is nine characters long.

      " } }, "com.amazonaws.wafv2#SizeInspectionLimit": { @@ -11223,7 +11194,7 @@ "SizeConstraintStatement": { "target": "com.amazonaws.wafv2#SizeConstraintStatement", "traits": { - "smithy.api#documentation": "

      A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.

      \n

      If you configure WAF to inspect the request body, WAF inspects only the number of bytes of the body up to the limit for the web ACL. By default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes) and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes). For CloudFront web ACLs, you can increase the limit in the web ACL AssociationConfig, for additional fees. If you know that the request body for your web requests should never exceed the inspection limit, you could use a size constraint statement to block requests that have a larger request body size.

      \n

      If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI /logo.jpg is nine characters long.

      " + "smithy.api#documentation": "

      A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.

      \n

      If you configure WAF to inspect the request body, WAF inspects only the number of bytes of the body up to the limit for the web ACL. By default, for regional web ACLs, this limit is 8 KB (8,192 bytes) and for CloudFront web ACLs, this limit is 16 KB (16,384 bytes). For CloudFront web ACLs, you can increase the limit in the web ACL AssociationConfig, for additional fees. If you know that the request body for your web requests should never exceed the inspection limit, you could use a size constraint statement to block requests that have a larger request body size.

      \n

      If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI /logo.jpg is nine characters long.

      " } }, "GeoMatchStatement": { @@ -12324,7 +12295,7 @@ "AssociationConfig": { "target": "com.amazonaws.wafv2#AssociationConfig", "traits": { - "smithy.api#documentation": "

      Specifies custom configurations for the associations between the web ACL and protected resources.

      \n

      Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes).

      \n \n

      You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.

      \n       " + "smithy.api#documentation": "

      Specifies custom configurations for the associations between the web ACL and protected resources.

      \n

      Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 bytes).

      \n \n

      You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.

      \n       " } } }, @@ -12803,7 +12774,7 @@ "AssociationConfig": { "target": "com.amazonaws.wafv2#AssociationConfig", "traits": { - "smithy.api#documentation": "

      Specifies custom configurations for the associations between the web ACL and protected resources.

      \n

      Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes).

      \n \n

      You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.

      \n       " + "smithy.api#documentation": "

      Specifies custom configurations for the associations between the web ACL and protected resources.

      \n

      Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 bytes).

      \n \n

      You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.

      \n       " } } },