feat(client-wafv2): The WAFv2 API now supports configuring data protection in webACLs.

Author: awstools

clients/client-wafv2/README.md

@@ -6,7 +6,7 @@
 
 AWS SDK for JavaScript WAFV2 Client for Node.js, Browser and React Native.
 
-<fullname>WAF</fullname>
+<fullname>WAF </fullname>
 <note>
 
 <p>This is the latest version of the <b>WAF</b> API,
@@ -20,8 +20,8 @@ WAF resources that you created before. WAF Classic support will end on September
 see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
 </note>
 <p>WAF is a web application firewall that lets you monitor the HTTP and HTTPS
-requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync
-GraphQL API, Amazon Cognito user pool, App Runner service, or Amazon Web Services Verified Access instance. WAF also lets you control access to your content,
+requests that are forwarded to a protected resource. Protected resource types include Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync
+GraphQL API, Amazon Cognito user pool, App Runner service, and Amazon Web Services Verified Access instance. WAF also lets you control access to your content,
 to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that
 you specify, such as the IP addresses that requests originate from or the values of query
 strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code
@@ -33,11 +33,11 @@ Guide</a>.</p>
 <p>You can make calls using the endpoints listed in <a href="https://docs.aws.amazon.com/general/latest/gr/waf.html">WAF endpoints and quotas</a>. </p>
 <ul>
 <li>
-<p>For regional applications, you can use any of the endpoints in the list.
+<p>For regional resources, you can use any of the endpoints in the list.
 A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance. </p>
 </li>
 <li>
-<p>For Amazon CloudFront applications, you must use the API endpoint listed for
+<p>For Amazon CloudFront, you must use the API endpoint listed for
 US East (N. Virginia): us-east-1.</p>
 </li>
 </ul>

clients/client-wafv2/src/WAFV2.ts

@@ -1100,7 +1100,7 @@ export interface WAFV2 {
 }
 
 /**
- * <fullname>WAF</fullname>
+ * <fullname>WAF </fullname>
  *          <note>
  *             <p>This is the latest version of the <b>WAF</b> API,
  *             released in November, 2019. The names of the entities that you use to access this API,
@@ -1113,8 +1113,8 @@ export interface WAFV2 {
  *             see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
  *          </note>
  *          <p>WAF is a web application firewall that lets you monitor the HTTP and HTTPS
- *          requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync
- *       GraphQL API, Amazon Cognito user pool, App Runner service, or Amazon Web Services Verified Access instance. WAF also lets you control access to your content,
+ *          requests that are forwarded to a protected resource. Protected resource types include Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync
+ *       GraphQL API, Amazon Cognito user pool, App Runner service, and Amazon Web Services Verified Access instance. WAF also lets you control access to your content,
  *       to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that
  *          you specify, such as the IP addresses that requests originate from or the values of query
  *          strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code
@@ -1126,11 +1126,11 @@ export interface WAFV2 {
  *          <p>You can make calls using the endpoints listed in <a href="https://docs.aws.amazon.com/general/latest/gr/waf.html">WAF endpoints and quotas</a>. </p>
  *          <ul>
  *             <li>
- *                <p>For regional applications, you can use any of the endpoints in the list.
+ *                <p>For regional resources, you can use any of the endpoints in the list.
  *                A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance. </p>
  *             </li>
  *             <li>
- *                <p>For Amazon CloudFront applications, you must use the API endpoint listed for
+ *                <p>For Amazon CloudFront, you must use the API endpoint listed for
  *                US East (N. Virginia): us-east-1.</p>
  *             </li>
  *          </ul>

clients/client-wafv2/src/WAFV2Client.ts

@@ -508,7 +508,7 @@ export type WAFV2ClientResolvedConfigType = __SmithyResolvedConfiguration<__Http
 export interface WAFV2ClientResolvedConfig extends WAFV2ClientResolvedConfigType {}
 
 /**
- * <fullname>WAF</fullname>
+ * <fullname>WAF </fullname>
  *          <note>
  *             <p>This is the latest version of the <b>WAF</b> API,
  *             released in November, 2019. The names of the entities that you use to access this API,
@@ -521,8 +521,8 @@ export interface WAFV2ClientResolvedConfig extends WAFV2ClientResolvedConfigType
  *             see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
  *          </note>
  *          <p>WAF is a web application firewall that lets you monitor the HTTP and HTTPS
- *          requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync
- *       GraphQL API, Amazon Cognito user pool, App Runner service, or Amazon Web Services Verified Access instance. WAF also lets you control access to your content,
+ *          requests that are forwarded to a protected resource. Protected resource types include Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync
+ *       GraphQL API, Amazon Cognito user pool, App Runner service, and Amazon Web Services Verified Access instance. WAF also lets you control access to your content,
  *       to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that
  *          you specify, such as the IP addresses that requests originate from or the values of query
  *          strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code
@@ -534,11 +534,11 @@ export interface WAFV2ClientResolvedConfig extends WAFV2ClientResolvedConfigType
  *          <p>You can make calls using the endpoints listed in <a href="https://docs.aws.amazon.com/general/latest/gr/waf.html">WAF endpoints and quotas</a>. </p>
  *          <ul>
  *             <li>
- *                <p>For regional applications, you can use any of the endpoints in the list.
+ *                <p>For regional resources, you can use any of the endpoints in the list.
  *                A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance. </p>
  *             </li>
  *             <li>
- *                <p>For Amazon CloudFront applications, you must use the API endpoint listed for
+ *                <p>For Amazon CloudFront, you must use the API endpoint listed for
  *                US East (N. Virginia): us-east-1.</p>
  *             </li>
  *          </ul>

clients/client-wafv2/src/commands/AssociateWebACLCommand.ts

@@ -28,11 +28,8 @@ export interface AssociateWebACLCommandInput extends AssociateWebACLRequest {}
 export interface AssociateWebACLCommandOutput extends AssociateWebACLResponse, __MetadataBearer {}
 
 /**
- * <p>Associates a web ACL with a regional application resource, to protect the resource.
- *          A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.  </p>
- *          <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To
- *          associate a web ACL, in the CloudFront call <code>UpdateDistribution</code>, set the web ACL ID
- *          to the Amazon Resource Name (ARN) of the web ACL. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a> in the <i>Amazon CloudFront Developer Guide</i>. </p>
+ * <p>Associates a web ACL with a resource, to protect the resource. </p>
+ *          <p>Use this for all resource types except for Amazon CloudFront distributions. For Amazon CloudFront, call <code>UpdateDistribution</code> for the distribution and provide the Amazon Resource Name (ARN) of the web ACL in the web ACL ID. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a> in the <i>Amazon CloudFront Developer Guide</i>. </p>
  *          <p>
  *             <b>Required permissions for customer-managed IAM policies</b>
  *          </p>
@@ -117,7 +114,7 @@ export interface AssociateWebACLCommandOutput extends AssociateWebACLResponse, _
  *  <p>WAF couldn’t retrieve a resource that you specified for this operation.
  *        If you've just created a resource that you're using in this operation, you might
  *        just need to wait a few minutes. It can take from a few seconds to a number of minutes
- *        for changes to propagate. Verify the resources that you are specifying in your request
+ *        for changes to propagate. Verify the resource specifications in your request
  *        parameters and then retry the operation.</p>
  *
  * @throws {@link WAFV2ServiceException}

clients/client-wafv2/src/commands/CheckCapacityCommand.ts

@@ -1071,7 +1071,7 @@ export interface CheckCapacityCommandOutput extends CheckCapacityResponse, __Met
  *  <p>WAF couldn’t retrieve a resource that you specified for this operation.
  *        If you've just created a resource that you're using in this operation, you might
  *        just need to wait a few minutes. It can take from a few seconds to a number of minutes
- *        for changes to propagate. Verify the resources that you are specifying in your request
+ *        for changes to propagate. Verify the resource specifications in your request
  *        parameters and then retry the operation.</p>
  *
  * @throws {@link WAFV2ServiceException}

clients/client-wafv2/src/commands/CreateRuleGroupCommand.ts

@@ -1094,7 +1094,7 @@ export interface CreateRuleGroupCommandOutput extends CreateRuleGroupResponse, _
  *  <p>WAF couldn’t retrieve a resource that you specified for this operation.
  *        If you've just created a resource that you're using in this operation, you might
  *        just need to wait a few minutes. It can take from a few seconds to a number of minutes
- *        for changes to propagate. Verify the resources that you are specifying in your request
+ *        for changes to propagate. Verify the resource specifications in your request
  *        parameters and then retry the operation.</p>
  *
  * @throws {@link WAFV2ServiceException}

clients/client-wafv2/src/commands/CreateWebACLCommand.ts

@@ -29,7 +29,7 @@ export interface CreateWebACLCommandOutput extends CreateWebACLResponse, __Metad
 
 /**
  * <p>Creates a <a>WebACL</a> per the specifications provided.</p>
- *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.  </p>
+ *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resource types include Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync GraphQL API, Amazon Cognito user pool, App Runner service, and Amazon Web Services Verified Access instance.  </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -984,6 +984,21 @@ export interface CreateWebACLCommandOutput extends CreateWebACLResponse, __Metad
  *     CloudWatchMetricsEnabled: true || false, // required
  *     MetricName: "STRING_VALUE", // required
  *   },
+ *   DataProtectionConfig: { // DataProtectionConfig
+ *     DataProtections: [ // DataProtections // required
+ *       { // DataProtection
+ *         Field: { // FieldToProtect
+ *           FieldType: "SINGLE_HEADER" || "SINGLE_COOKIE" || "SINGLE_QUERY_ARGUMENT" || "QUERY_STRING" || "BODY", // required
+ *           FieldKeys: [ // FieldToProtectKeys
+ *             "STRING_VALUE",
+ *           ],
+ *         },
+ *         Action: "SUBSTITUTION" || "HASH", // required
+ *         ExcludeRuleMatchDetails: true || false,
+ *         ExcludeRateBasedDetails: true || false,
+ *       },
+ *     ],
+ *   },
  *   Tags: [ // TagList
  *     { // Tag
  *       Key: "STRING_VALUE", // required
@@ -1123,7 +1138,7 @@ export interface CreateWebACLCommandOutput extends CreateWebACLResponse, __Metad
  *  <p>WAF couldn’t retrieve a resource that you specified for this operation.
  *        If you've just created a resource that you're using in this operation, you might
  *        just need to wait a few minutes. It can take from a few seconds to a number of minutes
- *        for changes to propagate. Verify the resources that you are specifying in your request
+ *        for changes to propagate. Verify the resource specifications in your request
  *        parameters and then retry the operation.</p>
  *
  * @throws {@link WAFV2ServiceException}

clients/client-wafv2/src/commands/DeleteWebACLCommand.ts

@@ -38,26 +38,26 @@ export interface DeleteWebACLCommandOutput extends DeleteWebACLResponse, __Metad
  *                   following calls:</p>
  *                   <ul>
  *                      <li>
- *                         <p>For regional resources, call <a>ListResourcesForWebACL</a>.</p>
- *                      </li>
- *                      <li>
  *                         <p>For Amazon CloudFront distributions, use the CloudFront call
  *                            <code>ListDistributionsByWebACLId</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributionsByWebACLId.html">ListDistributionsByWebACLId</a>
  *                                in the <i>Amazon CloudFront API Reference</i>. </p>
  *                      </li>
+ *                      <li>
+ *                         <p>For all other resources, call <a>ListResourcesForWebACL</a>.</p>
+ *                      </li>
  *                   </ul>
  *                </li>
  *                <li>
  *                   <p>To disassociate a resource from a web ACL, use the following calls:</p>
  *                   <ul>
  *                      <li>
- *                         <p>For regional resources, call <a>DisassociateWebACL</a>.</p>
- *                      </li>
- *                      <li>
  *                         <p>For Amazon CloudFront distributions, provide an empty web ACL ID in the CloudFront call
  *                            <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>
  *                                in the <i>Amazon CloudFront API Reference</i>. </p>
  *                      </li>
+ *                      <li>
+ *                         <p>For all other resources, call <a>DisassociateWebACL</a>.</p>
+ *                      </li>
  *                   </ul>
  *                </li>
  *             </ul>

clients/client-wafv2/src/commands/DisassociateWebACLCommand.ts

@@ -28,11 +28,9 @@ export interface DisassociateWebACLCommandInput extends DisassociateWebACLReques
 export interface DisassociateWebACLCommandOutput extends DisassociateWebACLResponse, __MetadataBearer {}
 
 /**
- * <p>Disassociates the specified regional application resource from any existing web ACL
- *          association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.  </p>
- *          <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To
- *          disassociate a web ACL, provide an empty web ACL ID in the CloudFront call
- *             <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a> in the <i>Amazon CloudFront API Reference</i>. </p>
+ * <p>Disassociates the specified resource from its web ACL
+ *          association, if it has one. </p>
+ *          <p>Use this for all resource types except for Amazon CloudFront distributions. For Amazon CloudFront, call <code>UpdateDistribution</code> for the distribution and provide an empty web ACL ID. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a> in the <i>Amazon CloudFront API Reference</i>. </p>
  *          <p>
  *             <b>Required permissions for customer-managed IAM policies</b>
  *          </p>

clients/client-wafv2/src/commands/GetWebACLCommand.ts

@@ -992,6 +992,21 @@ export interface GetWebACLCommandOutput extends GetWebACLResponse, __MetadataBea
  * //       CloudWatchMetricsEnabled: true || false, // required
  * //       MetricName: "STRING_VALUE", // required
  * //     },
+ * //     DataProtectionConfig: { // DataProtectionConfig
+ * //       DataProtections: [ // DataProtections // required
+ * //         { // DataProtection
+ * //           Field: { // FieldToProtect
+ * //             FieldType: "SINGLE_HEADER" || "SINGLE_COOKIE" || "SINGLE_QUERY_ARGUMENT" || "QUERY_STRING" || "BODY", // required
+ * //             FieldKeys: [ // FieldToProtectKeys
+ * //               "STRING_VALUE",
+ * //             ],
+ * //           },
+ * //           Action: "SUBSTITUTION" || "HASH", // required
+ * //           ExcludeRuleMatchDetails: true || false,
+ * //           ExcludeRateBasedDetails: true || false,
+ * //         },
+ * //       ],
+ * //     },
  * //     Capacity: Number("long"),
  * //     PreProcessFirewallManagerRuleGroups: [ // FirewallManagerRuleGroups
  * //       { // FirewallManagerRuleGroup