func ActionValue_Values() []string
ActionValue_Values returns all elements of the ActionValue enum
func AssociatedResourceType_Values() []string
AssociatedResourceType_Values returns all elements of the AssociatedResourceType enum
func BodyParsingFallbackBehavior_Values() []string
BodyParsingFallbackBehavior_Values returns all elements of the BodyParsingFallbackBehavior enum
func ComparisonOperator_Values() []string
ComparisonOperator_Values returns all elements of the ComparisonOperator enum
func CountryCode_Values() []string
CountryCode_Values returns all elements of the CountryCode enum
func FailureReason_Values() []string
FailureReason_Values returns all elements of the FailureReason enum
func FallbackBehavior_Values() []string
FallbackBehavior_Values returns all elements of the FallbackBehavior enum
func FilterBehavior_Values() []string
FilterBehavior_Values returns all elements of the FilterBehavior enum
func FilterRequirement_Values() []string
FilterRequirement_Values returns all elements of the FilterRequirement enum
func ForwardedIPPosition_Values() []string
ForwardedIPPosition_Values returns all elements of the ForwardedIPPosition enum
func IPAddressVersion_Values() []string
IPAddressVersion_Values returns all elements of the IPAddressVersion enum
func InspectionLevel_Values() []string
InspectionLevel_Values returns all elements of the InspectionLevel enum
func JsonMatchScope_Values() []string
JsonMatchScope_Values returns all elements of the JsonMatchScope enum
func LabelMatchScope_Values() []string
LabelMatchScope_Values returns all elements of the LabelMatchScope enum
func MapMatchScope_Values() []string
MapMatchScope_Values returns all elements of the MapMatchScope enum
func OversizeHandling_Values() []string
OversizeHandling_Values returns all elements of the OversizeHandling enum
func ParameterExceptionField_Values() []string
ParameterExceptionField_Values returns all elements of the ParameterExceptionField enum
func PayloadType_Values() []string
PayloadType_Values returns all elements of the PayloadType enum
func Platform_Values() []string
Platform_Values returns all elements of the Platform enum
func PositionalConstraint_Values() []string
PositionalConstraint_Values returns all elements of the PositionalConstraint enum
func RateBasedStatementAggregateKeyType_Values() []string
RateBasedStatementAggregateKeyType_Values returns all elements of the RateBasedStatementAggregateKeyType enum
func ResourceType_Values() []string
ResourceType_Values returns all elements of the ResourceType enum
func ResponseContentType_Values() []string
ResponseContentType_Values returns all elements of the ResponseContentType enum
func Scope_Values() []string
Scope_Values returns all elements of the Scope enum
func SensitivityLevel_Values() []string
SensitivityLevel_Values returns all elements of the SensitivityLevel enum
func SizeInspectionLimit_Values() []string
SizeInspectionLimit_Values returns all elements of the SizeInspectionLimit enum
func TextTransformationType_Values() []string
TextTransformationType_Values returns all elements of the TextTransformationType enum
type APIKeySummary struct {
// The generated, encrypted API key. You can copy this for use in your JavaScript
// CAPTCHA integration.
APIKey *string `min:"1" type:"string"`
// The date and time that the key was created.
CreationTimestamp *time.Time `type:"timestamp"`
// The token domains that are defined in this API key.
TokenDomains []*string `type:"list"`
// Internal value used by WAF to manage the key.
Version *int64 `type:"integer"`
// contains filtered or unexported fields
}
Information for a single API key.
API keys are required for the integration of the CAPTCHA API in your JavaScript client applications. The API lets you customize the placement and characteristics of the CAPTCHA puzzle for your end users. For more information about the CAPTCHA JavaScript integration, see WAF client application integration (https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html) in the WAF Developer Guide.
func (s APIKeySummary) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *APIKeySummary) SetAPIKey(v string) *APIKeySummary
SetAPIKey sets the APIKey field's value.
func (s *APIKeySummary) SetCreationTimestamp(v time.Time) *APIKeySummary
SetCreationTimestamp sets the CreationTimestamp field's value.
func (s *APIKeySummary) SetTokenDomains(v []*string) *APIKeySummary
SetTokenDomains sets the TokenDomains field's value.
func (s *APIKeySummary) SetVersion(v int64) *APIKeySummary
SetVersion sets the Version field's value.
func (s APIKeySummary) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type AWSManagedRulesATPRuleSet struct {
// The path of the login endpoint for your application. For example, for the
// URL https://example.com/web/login, you would provide the path /web/login.
//
// The rule group inspects only HTTP POST requests to your specified login endpoint.
//
// LoginPath is a required field
LoginPath *string `type:"string" required:"true"`
// The criteria for inspecting login requests, used by the ATP rule group to
// validate credentials usage.
RequestInspection *RequestInspection `type:"structure"`
// The criteria for inspecting responses to login requests, used by the ATP
// rule group to track login failure rates.
//
// The ATP rule group evaluates the responses that your protected resources
// send back to client login attempts, keeping count of successful and failed
// attempts from each IP address and client session. Using this information,
// the rule group labels and mitigates requests from client sessions and IP
// addresses that submit too many failed login attempts in a short amount of
// time.
//
// Response inspection is available only in web ACLs that protect Amazon CloudFront
// distributions.
ResponseInspection *ResponseInspection `type:"structure"`
// contains filtered or unexported fields
}
Details for your use of the account takeover prevention managed rule group, AWSManagedRulesATPRuleSet. This configuration is used in ManagedRuleGroupConfig.
func (s AWSManagedRulesATPRuleSet) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AWSManagedRulesATPRuleSet) SetLoginPath(v string) *AWSManagedRulesATPRuleSet
SetLoginPath sets the LoginPath field's value.
func (s *AWSManagedRulesATPRuleSet) SetRequestInspection(v *RequestInspection) *AWSManagedRulesATPRuleSet
SetRequestInspection sets the RequestInspection field's value.
func (s *AWSManagedRulesATPRuleSet) SetResponseInspection(v *ResponseInspection) *AWSManagedRulesATPRuleSet
SetResponseInspection sets the ResponseInspection field's value.
func (s AWSManagedRulesATPRuleSet) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AWSManagedRulesATPRuleSet) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type AWSManagedRulesBotControlRuleSet struct {
// The inspection level to use for the Bot Control rule group. The common level
// is the least expensive. The targeted level includes all common level rules
// and adds rules with more advanced inspection criteria. For details, see WAF
// Bot Control rule group (https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html)
// in the WAF Developer Guide.
//
// InspectionLevel is a required field
InspectionLevel *string `type:"string" required:"true" enum:"InspectionLevel"`
// contains filtered or unexported fields
}
Details for your use of the Bot Control managed rule group, AWSManagedRulesBotControlRuleSet. This configuration is used in ManagedRuleGroupConfig.
func (s AWSManagedRulesBotControlRuleSet) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AWSManagedRulesBotControlRuleSet) SetInspectionLevel(v string) *AWSManagedRulesBotControlRuleSet
SetInspectionLevel sets the InspectionLevel field's value.
func (s AWSManagedRulesBotControlRuleSet) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AWSManagedRulesBotControlRuleSet) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ActionCondition struct {
// The action setting that a log record must contain in order to meet the condition.
// This is the action that WAF applied to the web request.
//
// For rule groups, this is either the configured rule action setting, or if
// you've applied a rule action override to the rule, it's the override action.
// The value EXCLUDED_AS_COUNT matches on excluded rules and also on rules that
// have a rule action override of Count.
//
// Action is a required field
Action *string `type:"string" required:"true" enum:"ActionValue"`
// contains filtered or unexported fields
}
A single action condition for a Condition in a logging filter.
func (s ActionCondition) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ActionCondition) SetAction(v string) *ActionCondition
SetAction sets the Action field's value.
func (s ActionCondition) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ActionCondition) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type All struct {
// contains filtered or unexported fields
}
Inspect all of the elements that WAF has parsed and extracted from the web request component that you've identified in your FieldToMatch specifications.
This is used in the FieldToMatch specification for some web request component types.
JSON specification: "All": {}
func (s All) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s All) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type AllQueryArguments struct {
// contains filtered or unexported fields
}
Inspect all query arguments of the web request.
This is used in the FieldToMatch specification for some web request component types.
JSON specification: "AllQueryArguments": {}
func (s AllQueryArguments) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s AllQueryArguments) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type AllowAction struct {
// Defines custom handling for the web request.
//
// For information about customizing web requests and responses, see Customizing
// web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
// in the WAF Developer Guide.
CustomRequestHandling *CustomRequestHandling `type:"structure"`
// contains filtered or unexported fields
}
Specifies that WAF should allow the request and optionally defines additional custom handling for the request.
This is used in the context of other settings, for example to specify values for RuleAction and web ACL DefaultAction.
func (s AllowAction) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AllowAction) SetCustomRequestHandling(v *CustomRequestHandling) *AllowAction
SetCustomRequestHandling sets the CustomRequestHandling field's value.
func (s AllowAction) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AllowAction) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type AndStatement struct {
// The statements to combine with AND logic. You can use any statements that
// can be nested.
//
// Statements is a required field
Statements []*Statement `type:"list" required:"true"`
// contains filtered or unexported fields
}
A logical rule statement used to combine other rule statements with AND logic. You provide more than one Statement within the AndStatement.
func (s AndStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AndStatement) SetStatements(v []*Statement) *AndStatement
SetStatements sets the Statements field's value.
func (s AndStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AndStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type AssociateWebACLInput struct {
// The Amazon Resource Name (ARN) of the resource to associate with the web
// ACL.
//
// The ARN must be in one of the following formats:
//
// * For an Application Load Balancer: arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
//
// * For an Amazon API Gateway REST API: arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
//
// * For an AppSync GraphQL API: arn:partition:appsync:region:account-id:apis/GraphQLApiId
//
// * For an Amazon Cognito user pool: arn:partition:cognito-idp:region:account-id:userpool/user-pool-id
//
// * For an App Runner service: arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
//
// * For an Amazon Web Services Verified Access instance: arn:partition:ec2:region:account-id:verified-access-instance/instance-id
//
// ResourceArn is a required field
ResourceArn *string `min:"20" type:"string" required:"true"`
// The Amazon Resource Name (ARN) of the web ACL that you want to associate
// with the resource.
//
// WebACLArn is a required field
WebACLArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s AssociateWebACLInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AssociateWebACLInput) SetResourceArn(v string) *AssociateWebACLInput
SetResourceArn sets the ResourceArn field's value.
func (s *AssociateWebACLInput) SetWebACLArn(v string) *AssociateWebACLInput
SetWebACLArn sets the WebACLArn field's value.
func (s AssociateWebACLInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AssociateWebACLInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type AssociateWebACLOutput struct {
// contains filtered or unexported fields
}
func (s AssociateWebACLOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s AssociateWebACLOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type AssociationConfig struct {
// Customizes the maximum size of the request body that your protected CloudFront
// distributions forward to WAF for inspection. The default size is 16 KB (16,384
// kilobytes).
//
// You are charged additional fees when your protected resources forward body
// sizes that are larger than the default. For more information, see WAF Pricing
// (http://aws.amazon.com/waf/pricing/).
RequestBody map[string]*RequestBodyAssociatedResourceTypeConfig `type:"map"`
// contains filtered or unexported fields
}
Specifies custom configurations for the associations between the web ACL and protected resources.
Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes).
You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing (http://aws.amazon.com/waf/pricing/).
func (s AssociationConfig) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AssociationConfig) SetRequestBody(v map[string]*RequestBodyAssociatedResourceTypeConfig) *AssociationConfig
SetRequestBody sets the RequestBody field's value.
func (s AssociationConfig) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AssociationConfig) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type BlockAction struct {
// Defines a custom response for the web request.
//
// For information about customizing web requests and responses, see Customizing
// web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
// in the WAF Developer Guide.
CustomResponse *CustomResponse `type:"structure"`
// contains filtered or unexported fields
}
Specifies that WAF should block the request and optionally defines additional custom handling for the response to the web request.
This is used in the context of other settings, for example to specify values for RuleAction and web ACL DefaultAction.
func (s BlockAction) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *BlockAction) SetCustomResponse(v *CustomResponse) *BlockAction
SetCustomResponse sets the CustomResponse field's value.
func (s BlockAction) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *BlockAction) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type Body struct {
// What WAF should do if the body is larger than WAF can inspect. WAF does not
// support inspecting the entire contents of the web request body if the body
// exceeds the limit for the resource type. If the body is larger than the limit,
// the underlying host service only forwards the contents that are below the
// limit to WAF for inspection.
//
// The default limit is 8 KB (8,192 kilobytes) for regional resources and 16
// KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions,
// you can increase the limit in the web ACL AssociationConfig, for additional
// processing fees.
//
// The options for oversize handling are the following:
//
// * CONTINUE - Inspect the available body contents normally, according to
// the rule inspection criteria.
//
// * MATCH - Treat the web request as matching the rule statement. WAF applies
// the rule action to the request.
//
// * NO_MATCH - Treat the web request as not matching the rule statement.
//
// You can combine the MATCH or NO_MATCH settings for oversize handling with
// your rule and web ACL action settings, so that you block any request whose
// body is over the limit.
//
// Default: CONTINUE
OversizeHandling *string `type:"string" enum:"OversizeHandling"`
// contains filtered or unexported fields
}
Inspect the body of the web request. The body immediately follows the request headers.
This is used to indicate the web request component to inspect, in the FieldToMatch specification.
func (s Body) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Body) SetOversizeHandling(v string) *Body
SetOversizeHandling sets the OversizeHandling field's value.
func (s Body) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ByteMatchStatement struct {
// The part of the web request that you want WAF to inspect.
//
// FieldToMatch is a required field
FieldToMatch *FieldToMatch `type:"structure" required:"true"`
// The area within the portion of the web request that you want WAF to search
// for SearchString. Valid values include the following:
//
// CONTAINS
//
// The specified part of the web request must include the value of SearchString,
// but the location doesn't matter.
//
// CONTAINS_WORD
//
// The specified part of the web request must include the value of SearchString,
// and SearchString must contain only alphanumeric characters or underscore
// (A-Z, a-z, 0-9, or _). In addition, SearchString must be a word, which means
// that both of the following are true:
//
// * SearchString is at the beginning of the specified part of the web request
// or is preceded by a character other than an alphanumeric character or
// underscore (_). Examples include the value of a header and ;BadBot.
//
// * SearchString is at the end of the specified part of the web request
// or is followed by a character other than an alphanumeric character or
// underscore (_), for example, BadBot; and -BadBot;.
//
// EXACTLY
//
// The value of the specified part of the web request must exactly match the
// value of SearchString.
//
// STARTS_WITH
//
// The value of SearchString must appear at the beginning of the specified part
// of the web request.
//
// ENDS_WITH
//
// The value of SearchString must appear at the end of the specified part of
// the web request.
//
// PositionalConstraint is a required field
PositionalConstraint *string `type:"string" required:"true" enum:"PositionalConstraint"`
// A string value that you want WAF to search for. WAF searches only in the
// part of web requests that you designate for inspection in FieldToMatch. The
// maximum length of the value is 200 bytes.
//
// Valid values depend on the component that you specify for inspection in FieldToMatch:
//
// * Method: The HTTP method that you want WAF to search for. This indicates
// the type of operation specified in the request.
//
// * UriPath: The value that you want WAF to search for in the URI path,
// for example, /images/daily-ad.jpg.
//
// * HeaderOrder: The comma-separated list of header names to match for.
// WAF creates a string that contains the ordered list of header names, from
// the headers in the web request, and then matches against that string.
//
// If SearchString includes alphabetic characters A-Z and a-z, note that the
// value is case sensitive.
//
// If you're using the WAF API
//
// Specify a base64-encoded version of the value. The maximum length of the
// value before you base64-encode it is 200 bytes.
//
// For example, suppose the value of Type is HEADER and the value of Data is
// User-Agent. If you want to search the User-Agent header for the value BadBot,
// you base64-encode BadBot using MIME base64-encoding and include the resulting
// value, QmFkQm90, in the value of SearchString.
//
// If you're using the CLI or one of the Amazon Web Services SDKs
//
// The value that you want WAF to search for. The SDK automatically base64 encodes
// the value.
// SearchString is automatically base64 encoded/decoded by the SDK.
//
// SearchString is a required field
SearchString []byte `type:"blob" required:"true"`
// Text transformations eliminate some of the unusual formatting that attackers
// use in web requests in an effort to bypass detection. Text transformations
// are used in rule match statements, to transform the FieldToMatch request
// component before inspecting it, and they're used in rate-based rule statements,
// to transform request components before using them as custom aggregation keys.
// If you specify one or more transformations to apply, WAF performs all transformations
// on the specified content, starting from the lowest priority setting, and
// then uses the component contents.
//
// TextTransformations is a required field
TextTransformations []*TextTransformation `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
A rule statement that defines a string match search for WAF to apply to web requests. The byte match statement provides the bytes to search for, the location in requests that you want WAF to search, and other settings. The bytes to search for are typically a string that corresponds with ASCII characters. In the WAF console and the developer guide, this is called a string match statement.
func (s ByteMatchStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ByteMatchStatement) SetFieldToMatch(v *FieldToMatch) *ByteMatchStatement
SetFieldToMatch sets the FieldToMatch field's value.
func (s *ByteMatchStatement) SetPositionalConstraint(v string) *ByteMatchStatement
SetPositionalConstraint sets the PositionalConstraint field's value.
func (s *ByteMatchStatement) SetSearchString(v []byte) *ByteMatchStatement
SetSearchString sets the SearchString field's value.
func (s *ByteMatchStatement) SetTextTransformations(v []*TextTransformation) *ByteMatchStatement
SetTextTransformations sets the TextTransformations field's value.
func (s ByteMatchStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ByteMatchStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CaptchaAction struct {
// Defines custom handling for the web request, used when the CAPTCHA inspection
// determines that the request's token is valid and unexpired.
//
// For information about customizing web requests and responses, see Customizing
// web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
// in the WAF Developer Guide.
CustomRequestHandling *CustomRequestHandling `type:"structure"`
// contains filtered or unexported fields
}
Specifies that WAF should run a CAPTCHA check against the request:
If the request includes a valid, unexpired CAPTCHA token, WAF applies any custom request handling and labels that you've configured and then allows the web request inspection to proceed to the next rule, similar to a CountAction.
If the request doesn't include a valid, unexpired token, WAF discontinues the web ACL evaluation of the request and blocks it from going to its intended destination. WAF generates a response that it sends back to the client, which includes the following: The header x-amzn-waf-action with a value of captcha. The HTTP status code 405 Method Not Allowed. If the request contains an Accept header with a value of text/html, the response includes a CAPTCHA JavaScript page interstitial.
You can configure the expiration time in the CaptchaConfig ImmunityTimeProperty setting at the rule and web ACL level. The rule setting overrides the web ACL setting.
This action option is available for rules. It isn't available for web ACL default actions.
func (s CaptchaAction) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CaptchaAction) SetCustomRequestHandling(v *CustomRequestHandling) *CaptchaAction
SetCustomRequestHandling sets the CustomRequestHandling field's value.
func (s CaptchaAction) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CaptchaAction) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CaptchaConfig struct {
// Determines how long a CAPTCHA timestamp in the token remains valid after
// the client successfully solves a CAPTCHA puzzle.
ImmunityTimeProperty *ImmunityTimeProperty `type:"structure"`
// contains filtered or unexported fields
}
Specifies how WAF should handle CAPTCHA evaluations. This is available at the web ACL level and in each rule.
func (s CaptchaConfig) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CaptchaConfig) SetImmunityTimeProperty(v *ImmunityTimeProperty) *CaptchaConfig
SetImmunityTimeProperty sets the ImmunityTimeProperty field's value.
func (s CaptchaConfig) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CaptchaConfig) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CaptchaResponse struct {
// The reason for failure, populated when the evaluation of the token fails.
FailureReason *string `type:"string" enum:"FailureReason"`
// The HTTP response code indicating the status of the CAPTCHA token in the
// web request. If the token is missing, invalid, or expired, this code is 405
// Method Not Allowed.
ResponseCode *int64 `type:"integer"`
// The time that the CAPTCHA was last solved for the supplied token.
SolveTimestamp *int64 `type:"long"`
// contains filtered or unexported fields
}
The result from the inspection of the web request for a valid CAPTCHA token.
func (s CaptchaResponse) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CaptchaResponse) SetFailureReason(v string) *CaptchaResponse
SetFailureReason sets the FailureReason field's value.
func (s *CaptchaResponse) SetResponseCode(v int64) *CaptchaResponse
SetResponseCode sets the ResponseCode field's value.
func (s *CaptchaResponse) SetSolveTimestamp(v int64) *CaptchaResponse
SetSolveTimestamp sets the SolveTimestamp field's value.
func (s CaptchaResponse) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ChallengeAction struct {
// Defines custom handling for the web request, used when the challenge inspection
// determines that the request's token is valid and unexpired.
//
// For information about customizing web requests and responses, see Customizing
// web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
// in the WAF Developer Guide.
CustomRequestHandling *CustomRequestHandling `type:"structure"`
// contains filtered or unexported fields
}
Specifies that WAF should run a Challenge check against the request to verify that the request is coming from a legitimate client session:
If the request includes a valid, unexpired challenge token, WAF applies any custom request handling and labels that you've configured and then allows the web request inspection to proceed to the next rule, similar to a CountAction.
If the request doesn't include a valid, unexpired challenge token, WAF discontinues the web ACL evaluation of the request and blocks it from going to its intended destination. WAF then generates a challenge response that it sends back to the client, which includes the following: The header x-amzn-waf-action with a value of challenge. The HTTP status code 202 Request Accepted. If the request contains an Accept header with a value of text/html, the response includes a JavaScript page interstitial with a challenge script. Challenges run silent browser interrogations in the background, and don't generally affect the end user experience. A challenge enforces token acquisition using an interstitial JavaScript challenge that inspects the client session for legitimate behavior. The challenge blocks bots or at least increases the cost of operating sophisticated bots. After the client session successfully responds to the challenge, it receives a new token from WAF, which the challenge script uses to resubmit the original request.
You can configure the expiration time in the ChallengeConfig ImmunityTimeProperty setting at the rule and web ACL level. The rule setting overrides the web ACL setting.
This action option is available for rules. It isn't available for web ACL default actions.
func (s ChallengeAction) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ChallengeAction) SetCustomRequestHandling(v *CustomRequestHandling) *ChallengeAction
SetCustomRequestHandling sets the CustomRequestHandling field's value.
func (s ChallengeAction) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ChallengeAction) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ChallengeConfig struct {
// Determines how long a challenge timestamp in the token remains valid after
// the client successfully responds to a challenge.
ImmunityTimeProperty *ImmunityTimeProperty `type:"structure"`
// contains filtered or unexported fields
}
Specifies how WAF should handle Challenge evaluations. This is available at the web ACL level and in each rule.
func (s ChallengeConfig) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ChallengeConfig) SetImmunityTimeProperty(v *ImmunityTimeProperty) *ChallengeConfig
SetImmunityTimeProperty sets the ImmunityTimeProperty field's value.
func (s ChallengeConfig) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ChallengeConfig) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ChallengeResponse struct {
// The reason for failure, populated when the evaluation of the token fails.
FailureReason *string `type:"string" enum:"FailureReason"`
// The HTTP response code indicating the status of the challenge token in the
// web request. If the token is missing, invalid, or expired, this code is 202
// Request Accepted.
ResponseCode *int64 `type:"integer"`
// The time that the challenge was last solved for the supplied token.
SolveTimestamp *int64 `type:"long"`
// contains filtered or unexported fields
}
The result from the inspection of the web request for a valid challenge token.
func (s ChallengeResponse) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ChallengeResponse) SetFailureReason(v string) *ChallengeResponse
SetFailureReason sets the FailureReason field's value.
func (s *ChallengeResponse) SetResponseCode(v int64) *ChallengeResponse
SetResponseCode sets the ResponseCode field's value.
func (s *ChallengeResponse) SetSolveTimestamp(v int64) *ChallengeResponse
SetSolveTimestamp sets the SolveTimestamp field's value.
func (s ChallengeResponse) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type CheckCapacityInput struct {
// An array of Rule that you're configuring to use in a rule group or web ACL.
//
// Rules is a required field
Rules []*Rule `type:"list" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s CheckCapacityInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CheckCapacityInput) SetRules(v []*Rule) *CheckCapacityInput
SetRules sets the Rules field's value.
func (s *CheckCapacityInput) SetScope(v string) *CheckCapacityInput
SetScope sets the Scope field's value.
func (s CheckCapacityInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CheckCapacityInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CheckCapacityOutput struct {
// The capacity required by the rules and scope.
Capacity *int64 `type:"long"`
// contains filtered or unexported fields
}
func (s CheckCapacityOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CheckCapacityOutput) SetCapacity(v int64) *CheckCapacityOutput
SetCapacity sets the Capacity field's value.
func (s CheckCapacityOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type Condition struct {
// A single action condition. This is the action setting that a log record must
// contain in order to meet the condition.
ActionCondition *ActionCondition `type:"structure"`
// A single label name condition. This is the fully qualified label name that
// a log record must contain in order to meet the condition. Fully qualified
// labels have a prefix, optional namespaces, and label name. The prefix identifies
// the rule group or web ACL context of the rule that added the label.
LabelNameCondition *LabelNameCondition `type:"structure"`
// contains filtered or unexported fields
}
A single match condition for a Filter.
func (s Condition) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Condition) SetActionCondition(v *ActionCondition) *Condition
SetActionCondition sets the ActionCondition field's value.
func (s *Condition) SetLabelNameCondition(v *LabelNameCondition) *Condition
SetLabelNameCondition sets the LabelNameCondition field's value.
func (s Condition) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Condition) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CookieMatchPattern struct {
// Inspect all cookies.
All *All `type:"structure"`
// Inspect only the cookies whose keys don't match any of the strings specified
// here.
ExcludedCookies []*string `min:"1" type:"list"`
// Inspect only the cookies that have a key that matches one of the strings
// specified here.
IncludedCookies []*string `min:"1" type:"list"`
// contains filtered or unexported fields
}
The filter to use to identify the subset of cookies to inspect in a web request.
You must specify exactly one setting: either All, IncludedCookies, or ExcludedCookies.
Example JSON: "MatchPattern": { "IncludedCookies": {"KeyToInclude1", "KeyToInclude2", "KeyToInclude3"} }
func (s CookieMatchPattern) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CookieMatchPattern) SetAll(v *All) *CookieMatchPattern
SetAll sets the All field's value.
func (s *CookieMatchPattern) SetExcludedCookies(v []*string) *CookieMatchPattern
SetExcludedCookies sets the ExcludedCookies field's value.
func (s *CookieMatchPattern) SetIncludedCookies(v []*string) *CookieMatchPattern
SetIncludedCookies sets the IncludedCookies field's value.
func (s CookieMatchPattern) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CookieMatchPattern) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type Cookies struct {
// The filter to use to identify the subset of cookies to inspect in a web request.
//
// You must specify exactly one setting: either All, IncludedCookies, or ExcludedCookies.
//
// Example JSON: "MatchPattern": { "IncludedCookies": {"KeyToInclude1", "KeyToInclude2",
// "KeyToInclude3"} }
//
// MatchPattern is a required field
MatchPattern *CookieMatchPattern `type:"structure" required:"true"`
// The parts of the cookies to inspect with the rule inspection criteria. If
// you specify All, WAF inspects both keys and values.
//
// MatchScope is a required field
MatchScope *string `type:"string" required:"true" enum:"MapMatchScope"`
// What WAF should do if the cookies of the request are more numerous or larger
// than WAF can inspect. WAF does not support inspecting the entire contents
// of request cookies when they exceed 8 KB (8192 bytes) or 200 total cookies.
// The underlying host service forwards a maximum of 200 cookies and at most
// 8 KB of cookie contents to WAF.
//
// The options for oversize handling are the following:
//
// * CONTINUE - Inspect the available cookies normally, according to the
// rule inspection criteria.
//
// * MATCH - Treat the web request as matching the rule statement. WAF applies
// the rule action to the request.
//
// * NO_MATCH - Treat the web request as not matching the rule statement.
//
// OversizeHandling is a required field
OversizeHandling *string `type:"string" required:"true" enum:"OversizeHandling"`
// contains filtered or unexported fields
}
Inspect the cookies in the web request. You can specify the parts of the cookies to inspect and you can narrow the set of cookies to inspect by including or excluding specific keys.
This is used to indicate the web request component to inspect, in the FieldToMatch specification.
Example JSON: "Cookies": { "MatchPattern": { "All": {} }, "MatchScope": "KEY", "OversizeHandling": "MATCH" }
func (s Cookies) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Cookies) SetMatchPattern(v *CookieMatchPattern) *Cookies
SetMatchPattern sets the MatchPattern field's value.
func (s *Cookies) SetMatchScope(v string) *Cookies
SetMatchScope sets the MatchScope field's value.
func (s *Cookies) SetOversizeHandling(v string) *Cookies
SetOversizeHandling sets the OversizeHandling field's value.
func (s Cookies) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Cookies) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CountAction struct {
// Defines custom handling for the web request.
//
// For information about customizing web requests and responses, see Customizing
// web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
// in the WAF Developer Guide.
CustomRequestHandling *CustomRequestHandling `type:"structure"`
// contains filtered or unexported fields
}
Specifies that WAF should count the request. Optionally defines additional custom handling for the request.
This is used in the context of other settings, for example to specify values for RuleAction and web ACL DefaultAction.
func (s CountAction) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CountAction) SetCustomRequestHandling(v *CustomRequestHandling) *CountAction
SetCustomRequestHandling sets the CustomRequestHandling field's value.
func (s CountAction) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CountAction) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CreateAPIKeyInput struct {
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// The client application domains that you want to use this API key for.
//
// Example JSON: "TokenDomains": ["abc.com", "store.abc.com"]
//
// Public suffixes aren't allowed. For example, you can't use usa.gov or co.uk
// as token domains.
//
// TokenDomains is a required field
TokenDomains []*string `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
func (s CreateAPIKeyInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateAPIKeyInput) SetScope(v string) *CreateAPIKeyInput
SetScope sets the Scope field's value.
func (s *CreateAPIKeyInput) SetTokenDomains(v []*string) *CreateAPIKeyInput
SetTokenDomains sets the TokenDomains field's value.
func (s CreateAPIKeyInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateAPIKeyInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CreateAPIKeyOutput struct {
// The generated, encrypted API key. You can copy this for use in your JavaScript
// CAPTCHA integration.
APIKey *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
func (s CreateAPIKeyOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateAPIKeyOutput) SetAPIKey(v string) *CreateAPIKeyOutput
SetAPIKey sets the APIKey field's value.
func (s CreateAPIKeyOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type CreateIPSetInput struct {
// Contains an array of strings that specifies zero or more IP addresses or
// blocks of IP addresses. All addresses must be specified using Classless Inter-Domain
// Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges except
// for /0.
//
// Example address strings:
//
// * To configure WAF to allow, block, or count requests that originated
// from the IP address 192.0.2.44, specify 192.0.2.44/32.
//
// * To configure WAF to allow, block, or count requests that originated
// from IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24.
//
// * To configure WAF to allow, block, or count requests that originated
// from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128.
//
// * To configure WAF to allow, block, or count requests that originated
// from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff,
// specify 1111:0000:0000:0000:0000:0000:0000:0000/64.
//
// For more information about CIDR notation, see the Wikipedia entry Classless
// Inter-Domain Routing (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).
//
// Example JSON Addresses specifications:
//
// * Empty array: "Addresses": []
//
// * Array with one address: "Addresses": ["192.0.2.44/32"]
//
// * Array with three addresses: "Addresses": ["192.0.2.44/32", "192.0.2.0/24",
// "192.0.0.0/16"]
//
// * INVALID specification: "Addresses": [""] INVALID
//
// Addresses is a required field
Addresses []*string `type:"list" required:"true"`
// A description of the IP set that helps with identification.
Description *string `min:"1" type:"string"`
// The version of the IP addresses, either IPV4 or IPV6.
//
// IPAddressVersion is a required field
IPAddressVersion *string `type:"string" required:"true" enum:"IPAddressVersion"`
// The name of the IP set. You cannot change the name of an IPSet after you
// create it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// An array of key:value pairs to associate with the resource.
Tags []*Tag `min:"1" type:"list"`
// contains filtered or unexported fields
}
func (s CreateIPSetInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateIPSetInput) SetAddresses(v []*string) *CreateIPSetInput
SetAddresses sets the Addresses field's value.
func (s *CreateIPSetInput) SetDescription(v string) *CreateIPSetInput
SetDescription sets the Description field's value.
func (s *CreateIPSetInput) SetIPAddressVersion(v string) *CreateIPSetInput
SetIPAddressVersion sets the IPAddressVersion field's value.
func (s *CreateIPSetInput) SetName(v string) *CreateIPSetInput
SetName sets the Name field's value.
func (s *CreateIPSetInput) SetScope(v string) *CreateIPSetInput
SetScope sets the Scope field's value.
func (s *CreateIPSetInput) SetTags(v []*Tag) *CreateIPSetInput
SetTags sets the Tags field's value.
func (s CreateIPSetInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateIPSetInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CreateIPSetOutput struct {
// High-level information about an IPSet, returned by operations like create
// and list. This provides information like the ID, that you can use to retrieve
// and manage an IPSet, and the ARN, that you provide to the IPSetReferenceStatement
// to use the address set in a Rule.
Summary *IPSetSummary `type:"structure"`
// contains filtered or unexported fields
}
func (s CreateIPSetOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateIPSetOutput) SetSummary(v *IPSetSummary) *CreateIPSetOutput
SetSummary sets the Summary field's value.
func (s CreateIPSetOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type CreateRegexPatternSetInput struct {
// A description of the set that helps with identification.
Description *string `min:"1" type:"string"`
// The name of the set. You cannot change the name after you create the set.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Array of regular expression strings.
//
// RegularExpressionList is a required field
RegularExpressionList []*Regex `type:"list" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// An array of key:value pairs to associate with the resource.
Tags []*Tag `min:"1" type:"list"`
// contains filtered or unexported fields
}
func (s CreateRegexPatternSetInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateRegexPatternSetInput) SetDescription(v string) *CreateRegexPatternSetInput
SetDescription sets the Description field's value.
func (s *CreateRegexPatternSetInput) SetName(v string) *CreateRegexPatternSetInput
SetName sets the Name field's value.
func (s *CreateRegexPatternSetInput) SetRegularExpressionList(v []*Regex) *CreateRegexPatternSetInput
SetRegularExpressionList sets the RegularExpressionList field's value.
func (s *CreateRegexPatternSetInput) SetScope(v string) *CreateRegexPatternSetInput
SetScope sets the Scope field's value.
func (s *CreateRegexPatternSetInput) SetTags(v []*Tag) *CreateRegexPatternSetInput
SetTags sets the Tags field's value.
func (s CreateRegexPatternSetInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateRegexPatternSetInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CreateRegexPatternSetOutput struct {
// High-level information about a RegexPatternSet, returned by operations like
// create and list. This provides information like the ID, that you can use
// to retrieve and manage a RegexPatternSet, and the ARN, that you provide to
// the RegexPatternSetReferenceStatement to use the pattern set in a Rule.
Summary *RegexPatternSetSummary `type:"structure"`
// contains filtered or unexported fields
}
func (s CreateRegexPatternSetOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateRegexPatternSetOutput) SetSummary(v *RegexPatternSetSummary) *CreateRegexPatternSetOutput
SetSummary sets the Summary field's value.
func (s CreateRegexPatternSetOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type CreateRuleGroupInput struct {
// The web ACL capacity units (WCUs) required for this rule group.
//
// When you create your own rule group, you define this, and you cannot change
// it after creation. When you add or modify the rules in a rule group, WAF
// enforces this limit. You can check the capacity for a set of rules using
// CheckCapacity.
//
// WAF uses WCUs to calculate and control the operating resources that are used
// to run your rules, rule groups, and web ACLs. WAF calculates capacity differently
// for each rule type, to reflect the relative cost of each rule. Simple rules
// that cost little to run use fewer WCUs than more complex rules that use more
// processing power. Rule group capacity is fixed at creation, which helps users
// plan their web ACL WCU usage when they use a rule group. For more information,
// see WAF web ACL capacity units (WCU) (https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html)
// in the WAF Developer Guide.
//
// Capacity is a required field
Capacity *int64 `min:"1" type:"long" required:"true"`
// A map of custom response keys and content bodies. When you create a rule
// with a block action, you can send a custom response to the web request. You
// define these for the rule group, and then use them in the rules that you
// define in the rule group.
//
// For information about customizing web requests and responses, see Customizing
// web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
// in the WAF Developer Guide.
//
// For information about the limits on count and size for custom request and
// response settings, see WAF quotas (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html)
// in the WAF Developer Guide.
CustomResponseBodies map[string]*CustomResponseBody `min:"1" type:"map"`
// A description of the rule group that helps with identification.
Description *string `min:"1" type:"string"`
// The name of the rule group. You cannot change the name of a rule group after
// you create it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// The Rule statements used to identify the web requests that you want to allow,
// block, or count. Each rule includes one top-level statement that WAF uses
// to identify matching web requests, and parameters that govern how WAF handles
// them.
Rules []*Rule `type:"list"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// An array of key:value pairs to associate with the resource.
Tags []*Tag `min:"1" type:"list"`
// Defines and enables Amazon CloudWatch metrics and web request sample collection.
//
// VisibilityConfig is a required field
VisibilityConfig *VisibilityConfig `type:"structure" required:"true"`
// contains filtered or unexported fields
}
func (s CreateRuleGroupInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateRuleGroupInput) SetCapacity(v int64) *CreateRuleGroupInput
SetCapacity sets the Capacity field's value.
func (s *CreateRuleGroupInput) SetCustomResponseBodies(v map[string]*CustomResponseBody) *CreateRuleGroupInput
SetCustomResponseBodies sets the CustomResponseBodies field's value.
func (s *CreateRuleGroupInput) SetDescription(v string) *CreateRuleGroupInput
SetDescription sets the Description field's value.
func (s *CreateRuleGroupInput) SetName(v string) *CreateRuleGroupInput
SetName sets the Name field's value.
func (s *CreateRuleGroupInput) SetRules(v []*Rule) *CreateRuleGroupInput
SetRules sets the Rules field's value.
func (s *CreateRuleGroupInput) SetScope(v string) *CreateRuleGroupInput
SetScope sets the Scope field's value.
func (s *CreateRuleGroupInput) SetTags(v []*Tag) *CreateRuleGroupInput
SetTags sets the Tags field's value.
func (s *CreateRuleGroupInput) SetVisibilityConfig(v *VisibilityConfig) *CreateRuleGroupInput
SetVisibilityConfig sets the VisibilityConfig field's value.
func (s CreateRuleGroupInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateRuleGroupInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CreateRuleGroupOutput struct {
// High-level information about a RuleGroup, returned by operations like create
// and list. This provides information like the ID, that you can use to retrieve
// and manage a RuleGroup, and the ARN, that you provide to the RuleGroupReferenceStatement
// to use the rule group in a Rule.
Summary *RuleGroupSummary `type:"structure"`
// contains filtered or unexported fields
}
func (s CreateRuleGroupOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateRuleGroupOutput) SetSummary(v *RuleGroupSummary) *CreateRuleGroupOutput
SetSummary sets the Summary field's value.
func (s CreateRuleGroupOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type CreateWebACLInput struct {
// Specifies custom configurations for the associations between the web ACL
// and protected resources.
//
// Use this to customize the maximum size of the request body that your protected
// CloudFront distributions forward to WAF for inspection. The default is 16
// KB (16,384 kilobytes).
//
// You are charged additional fees when your protected resources forward body
// sizes that are larger than the default. For more information, see WAF Pricing
// (http://aws.amazon.com/waf/pricing/).
AssociationConfig *AssociationConfig `type:"structure"`
// Specifies how WAF should handle CAPTCHA evaluations for rules that don't
// have their own CaptchaConfig settings. If you don't specify this, WAF uses
// its default settings for CaptchaConfig.
CaptchaConfig *CaptchaConfig `type:"structure"`
// Specifies how WAF should handle challenge evaluations for rules that don't
// have their own ChallengeConfig settings. If you don't specify this, WAF uses
// its default settings for ChallengeConfig.
ChallengeConfig *ChallengeConfig `type:"structure"`
// A map of custom response keys and content bodies. When you create a rule
// with a block action, you can send a custom response to the web request. You
// define these for the web ACL, and then use them in the rules and default
// actions that you define in the web ACL.
//
// For information about customizing web requests and responses, see Customizing
// web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
// in the WAF Developer Guide.
//
// For information about the limits on count and size for custom request and
// response settings, see WAF quotas (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html)
// in the WAF Developer Guide.
CustomResponseBodies map[string]*CustomResponseBody `min:"1" type:"map"`
// The action to perform if none of the Rules contained in the WebACL match.
//
// DefaultAction is a required field
DefaultAction *DefaultAction `type:"structure" required:"true"`
// A description of the web ACL that helps with identification.
Description *string `min:"1" type:"string"`
// The name of the web ACL. You cannot change the name of a web ACL after you
// create it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// The Rule statements used to identify the web requests that you want to allow,
// block, or count. Each rule includes one top-level statement that WAF uses
// to identify matching web requests, and parameters that govern how WAF handles
// them.
Rules []*Rule `type:"list"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// An array of key:value pairs to associate with the resource.
Tags []*Tag `min:"1" type:"list"`
// Specifies the domains that WAF should accept in a web request token. This
// enables the use of tokens across multiple protected websites. When WAF provides
// a token, it uses the domain of the Amazon Web Services resource that the
// web ACL is protecting. If you don't specify a list of token domains, WAF
// accepts tokens only for the domain of the protected resource. With a token
// domain list, WAF accepts the resource's host domain plus all domains in the
// token domain list, including their prefixed subdomains.
//
// Example JSON: "TokenDomains": { "mywebsite.com", "myotherwebsite.com" }
//
// Public suffixes aren't allowed. For example, you can't use usa.gov or co.uk
// as token domains.
TokenDomains []*string `type:"list"`
// Defines and enables Amazon CloudWatch metrics and web request sample collection.
//
// VisibilityConfig is a required field
VisibilityConfig *VisibilityConfig `type:"structure" required:"true"`
// contains filtered or unexported fields
}
func (s CreateWebACLInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateWebACLInput) SetAssociationConfig(v *AssociationConfig) *CreateWebACLInput
SetAssociationConfig sets the AssociationConfig field's value.
func (s *CreateWebACLInput) SetCaptchaConfig(v *CaptchaConfig) *CreateWebACLInput
SetCaptchaConfig sets the CaptchaConfig field's value.
func (s *CreateWebACLInput) SetChallengeConfig(v *ChallengeConfig) *CreateWebACLInput
SetChallengeConfig sets the ChallengeConfig field's value.
func (s *CreateWebACLInput) SetCustomResponseBodies(v map[string]*CustomResponseBody) *CreateWebACLInput
SetCustomResponseBodies sets the CustomResponseBodies field's value.
func (s *CreateWebACLInput) SetDefaultAction(v *DefaultAction) *CreateWebACLInput
SetDefaultAction sets the DefaultAction field's value.
func (s *CreateWebACLInput) SetDescription(v string) *CreateWebACLInput
SetDescription sets the Description field's value.
func (s *CreateWebACLInput) SetName(v string) *CreateWebACLInput
SetName sets the Name field's value.
func (s *CreateWebACLInput) SetRules(v []*Rule) *CreateWebACLInput
SetRules sets the Rules field's value.
func (s *CreateWebACLInput) SetScope(v string) *CreateWebACLInput
SetScope sets the Scope field's value.
func (s *CreateWebACLInput) SetTags(v []*Tag) *CreateWebACLInput
SetTags sets the Tags field's value.
func (s *CreateWebACLInput) SetTokenDomains(v []*string) *CreateWebACLInput
SetTokenDomains sets the TokenDomains field's value.
func (s *CreateWebACLInput) SetVisibilityConfig(v *VisibilityConfig) *CreateWebACLInput
SetVisibilityConfig sets the VisibilityConfig field's value.
func (s CreateWebACLInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateWebACLInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CreateWebACLOutput struct {
// High-level information about a WebACL, returned by operations like create
// and list. This provides information like the ID, that you can use to retrieve
// and manage a WebACL, and the ARN, that you provide to operations like AssociateWebACL.
Summary *WebACLSummary `type:"structure"`
// contains filtered or unexported fields
}
func (s CreateWebACLOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateWebACLOutput) SetSummary(v *WebACLSummary) *CreateWebACLOutput
SetSummary sets the Summary field's value.
func (s CreateWebACLOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type CustomHTTPHeader struct {
// The name of the custom header.
//
// For custom request header insertion, when WAF inserts the header into the
// request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers
// that are already in the request. For example, for the header name sample,
// WAF inserts the header x-amzn-waf-sample.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// The value of the custom header.
//
// Value is a required field
Value *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
A custom header for custom request and response handling. This is used in CustomResponse and CustomRequestHandling.
func (s CustomHTTPHeader) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CustomHTTPHeader) SetName(v string) *CustomHTTPHeader
SetName sets the Name field's value.
func (s *CustomHTTPHeader) SetValue(v string) *CustomHTTPHeader
SetValue sets the Value field's value.
func (s CustomHTTPHeader) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CustomHTTPHeader) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CustomRequestHandling struct {
// The HTTP headers to insert into the request. Duplicate header names are not
// allowed.
//
// For information about the limits on count and size for custom request and
// response settings, see WAF quotas (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html)
// in the WAF Developer Guide.
//
// InsertHeaders is a required field
InsertHeaders []*CustomHTTPHeader `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
Custom request handling behavior that inserts custom headers into a web request. You can add custom request handling for WAF to use when the rule action doesn't block the request. For example, CaptchaAction for requests with valid t okens, and AllowAction.
For information about customizing web requests and responses, see Customizing web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html) in the WAF Developer Guide.
func (s CustomRequestHandling) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CustomRequestHandling) SetInsertHeaders(v []*CustomHTTPHeader) *CustomRequestHandling
SetInsertHeaders sets the InsertHeaders field's value.
func (s CustomRequestHandling) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CustomRequestHandling) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CustomResponse struct {
// References the response body that you want WAF to return to the web request
// client. You can define a custom response for a rule action or a default web
// ACL action that is set to block. To do this, you first define the response
// body key and value in the CustomResponseBodies setting for the WebACL or
// RuleGroup where you want to use it. Then, in the rule action or web ACL default
// action BlockAction setting, you reference the response body using this key.
CustomResponseBodyKey *string `min:"1" type:"string"`
// The HTTP status code to return to the client.
//
// For a list of status codes that you can use in your custom responses, see
// Supported status codes for custom response (https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html)
// in the WAF Developer Guide.
//
// ResponseCode is a required field
ResponseCode *int64 `min:"200" type:"integer" required:"true"`
// The HTTP headers to use in the response. Duplicate header names are not allowed.
//
// For information about the limits on count and size for custom request and
// response settings, see WAF quotas (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html)
// in the WAF Developer Guide.
ResponseHeaders []*CustomHTTPHeader `min:"1" type:"list"`
// contains filtered or unexported fields
}
A custom response to send to the client. You can define a custom response for rule actions and default web ACL actions that are set to BlockAction.
For information about customizing web requests and responses, see Customizing web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html) in the WAF Developer Guide.
func (s CustomResponse) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CustomResponse) SetCustomResponseBodyKey(v string) *CustomResponse
SetCustomResponseBodyKey sets the CustomResponseBodyKey field's value.
func (s *CustomResponse) SetResponseCode(v int64) *CustomResponse
SetResponseCode sets the ResponseCode field's value.
func (s *CustomResponse) SetResponseHeaders(v []*CustomHTTPHeader) *CustomResponse
SetResponseHeaders sets the ResponseHeaders field's value.
func (s CustomResponse) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CustomResponse) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CustomResponseBody struct {
// The payload of the custom response.
//
// You can use JSON escape strings in JSON content. To do this, you must specify
// JSON content in the ContentType setting.
//
// For information about the limits on count and size for custom request and
// response settings, see WAF quotas (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html)
// in the WAF Developer Guide.
//
// Content is a required field
Content *string `min:"1" type:"string" required:"true"`
// The type of content in the payload that you are defining in the Content string.
//
// ContentType is a required field
ContentType *string `type:"string" required:"true" enum:"ResponseContentType"`
// contains filtered or unexported fields
}
The response body to use in a custom response to a web request. This is referenced by key from CustomResponse CustomResponseBodyKey.
func (s CustomResponseBody) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CustomResponseBody) SetContent(v string) *CustomResponseBody
SetContent sets the Content field's value.
func (s *CustomResponseBody) SetContentType(v string) *CustomResponseBody
SetContentType sets the ContentType field's value.
func (s CustomResponseBody) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CustomResponseBody) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DefaultAction struct {
// Specifies that WAF should allow requests by default.
Allow *AllowAction `type:"structure"`
// Specifies that WAF should block requests by default.
Block *BlockAction `type:"structure"`
// contains filtered or unexported fields
}
In a WebACL, this is the action that you want WAF to perform when a web request doesn't match any of the rules in the WebACL. The default action must be a terminating action.
func (s DefaultAction) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DefaultAction) SetAllow(v *AllowAction) *DefaultAction
SetAllow sets the Allow field's value.
func (s *DefaultAction) SetBlock(v *BlockAction) *DefaultAction
SetBlock sets the Block field's value.
func (s DefaultAction) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DefaultAction) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DeleteFirewallManagerRuleGroupsInput struct {
// The Amazon Resource Name (ARN) of the web ACL.
//
// WebACLArn is a required field
WebACLArn *string `min:"20" type:"string" required:"true"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
//
// WebACLLockToken is a required field
WebACLLockToken *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s DeleteFirewallManagerRuleGroupsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteFirewallManagerRuleGroupsInput) SetWebACLArn(v string) *DeleteFirewallManagerRuleGroupsInput
SetWebACLArn sets the WebACLArn field's value.
func (s *DeleteFirewallManagerRuleGroupsInput) SetWebACLLockToken(v string) *DeleteFirewallManagerRuleGroupsInput
SetWebACLLockToken sets the WebACLLockToken field's value.
func (s DeleteFirewallManagerRuleGroupsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteFirewallManagerRuleGroupsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DeleteFirewallManagerRuleGroupsOutput struct {
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
NextWebACLLockToken *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
func (s DeleteFirewallManagerRuleGroupsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteFirewallManagerRuleGroupsOutput) SetNextWebACLLockToken(v string) *DeleteFirewallManagerRuleGroupsOutput
SetNextWebACLLockToken sets the NextWebACLLockToken field's value.
func (s DeleteFirewallManagerRuleGroupsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DeleteIPSetInput struct {
// A unique identifier for the set. This ID is returned in the responses to
// create and list commands. You provide it to operations like update and delete.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
//
// LockToken is a required field
LockToken *string `min:"1" type:"string" required:"true"`
// The name of the IP set. You cannot change the name of an IPSet after you
// create it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s DeleteIPSetInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteIPSetInput) SetId(v string) *DeleteIPSetInput
SetId sets the Id field's value.
func (s *DeleteIPSetInput) SetLockToken(v string) *DeleteIPSetInput
SetLockToken sets the LockToken field's value.
func (s *DeleteIPSetInput) SetName(v string) *DeleteIPSetInput
SetName sets the Name field's value.
func (s *DeleteIPSetInput) SetScope(v string) *DeleteIPSetInput
SetScope sets the Scope field's value.
func (s DeleteIPSetInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteIPSetInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DeleteIPSetOutput struct {
// contains filtered or unexported fields
}
func (s DeleteIPSetOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s DeleteIPSetOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DeleteLoggingConfigurationInput struct {
// The Amazon Resource Name (ARN) of the web ACL from which you want to delete
// the LoggingConfiguration.
//
// ResourceArn is a required field
ResourceArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s DeleteLoggingConfigurationInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteLoggingConfigurationInput) SetResourceArn(v string) *DeleteLoggingConfigurationInput
SetResourceArn sets the ResourceArn field's value.
func (s DeleteLoggingConfigurationInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteLoggingConfigurationInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DeleteLoggingConfigurationOutput struct {
// contains filtered or unexported fields
}
func (s DeleteLoggingConfigurationOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s DeleteLoggingConfigurationOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DeletePermissionPolicyInput struct {
// The Amazon Resource Name (ARN) of the rule group from which you want to delete
// the policy.
//
// You must be the owner of the rule group to perform this operation.
//
// ResourceArn is a required field
ResourceArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s DeletePermissionPolicyInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeletePermissionPolicyInput) SetResourceArn(v string) *DeletePermissionPolicyInput
SetResourceArn sets the ResourceArn field's value.
func (s DeletePermissionPolicyInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeletePermissionPolicyInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DeletePermissionPolicyOutput struct {
// contains filtered or unexported fields
}
func (s DeletePermissionPolicyOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s DeletePermissionPolicyOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DeleteRegexPatternSetInput struct {
// A unique identifier for the set. This ID is returned in the responses to
// create and list commands. You provide it to operations like update and delete.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
//
// LockToken is a required field
LockToken *string `min:"1" type:"string" required:"true"`
// The name of the set. You cannot change the name after you create the set.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s DeleteRegexPatternSetInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteRegexPatternSetInput) SetId(v string) *DeleteRegexPatternSetInput
SetId sets the Id field's value.
func (s *DeleteRegexPatternSetInput) SetLockToken(v string) *DeleteRegexPatternSetInput
SetLockToken sets the LockToken field's value.
func (s *DeleteRegexPatternSetInput) SetName(v string) *DeleteRegexPatternSetInput
SetName sets the Name field's value.
func (s *DeleteRegexPatternSetInput) SetScope(v string) *DeleteRegexPatternSetInput
SetScope sets the Scope field's value.
func (s DeleteRegexPatternSetInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteRegexPatternSetInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DeleteRegexPatternSetOutput struct {
// contains filtered or unexported fields
}
func (s DeleteRegexPatternSetOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s DeleteRegexPatternSetOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DeleteRuleGroupInput struct {
// A unique identifier for the rule group. This ID is returned in the responses
// to create and list commands. You provide it to operations like update and
// delete.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
//
// LockToken is a required field
LockToken *string `min:"1" type:"string" required:"true"`
// The name of the rule group. You cannot change the name of a rule group after
// you create it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s DeleteRuleGroupInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteRuleGroupInput) SetId(v string) *DeleteRuleGroupInput
SetId sets the Id field's value.
func (s *DeleteRuleGroupInput) SetLockToken(v string) *DeleteRuleGroupInput
SetLockToken sets the LockToken field's value.
func (s *DeleteRuleGroupInput) SetName(v string) *DeleteRuleGroupInput
SetName sets the Name field's value.
func (s *DeleteRuleGroupInput) SetScope(v string) *DeleteRuleGroupInput
SetScope sets the Scope field's value.
func (s DeleteRuleGroupInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteRuleGroupInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DeleteRuleGroupOutput struct {
// contains filtered or unexported fields
}
func (s DeleteRuleGroupOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s DeleteRuleGroupOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DeleteWebACLInput struct {
// The unique identifier for the web ACL. This ID is returned in the responses
// to create and list commands. You provide it to operations like update and
// delete.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
//
// LockToken is a required field
LockToken *string `min:"1" type:"string" required:"true"`
// The name of the web ACL. You cannot change the name of a web ACL after you
// create it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s DeleteWebACLInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteWebACLInput) SetId(v string) *DeleteWebACLInput
SetId sets the Id field's value.
func (s *DeleteWebACLInput) SetLockToken(v string) *DeleteWebACLInput
SetLockToken sets the LockToken field's value.
func (s *DeleteWebACLInput) SetName(v string) *DeleteWebACLInput
SetName sets the Name field's value.
func (s *DeleteWebACLInput) SetScope(v string) *DeleteWebACLInput
SetScope sets the Scope field's value.
func (s DeleteWebACLInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteWebACLInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DeleteWebACLOutput struct {
// contains filtered or unexported fields
}
func (s DeleteWebACLOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s DeleteWebACLOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DescribeAllManagedProductsInput struct {
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s DescribeAllManagedProductsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DescribeAllManagedProductsInput) SetScope(v string) *DescribeAllManagedProductsInput
SetScope sets the Scope field's value.
func (s DescribeAllManagedProductsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DescribeAllManagedProductsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DescribeAllManagedProductsOutput struct {
// High-level information for the Amazon Web Services Managed Rules rule groups
// and Amazon Web Services Marketplace managed rule groups.
ManagedProducts []*ManagedProductDescriptor `type:"list"`
// contains filtered or unexported fields
}
func (s DescribeAllManagedProductsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DescribeAllManagedProductsOutput) SetManagedProducts(v []*ManagedProductDescriptor) *DescribeAllManagedProductsOutput
SetManagedProducts sets the ManagedProducts field's value.
func (s DescribeAllManagedProductsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DescribeManagedProductsByVendorInput struct {
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// The name of the managed rule group vendor. You use this, along with the rule
// group name, to identify a rule group.
//
// VendorName is a required field
VendorName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s DescribeManagedProductsByVendorInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DescribeManagedProductsByVendorInput) SetScope(v string) *DescribeManagedProductsByVendorInput
SetScope sets the Scope field's value.
func (s *DescribeManagedProductsByVendorInput) SetVendorName(v string) *DescribeManagedProductsByVendorInput
SetVendorName sets the VendorName field's value.
func (s DescribeManagedProductsByVendorInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DescribeManagedProductsByVendorInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DescribeManagedProductsByVendorOutput struct {
// High-level information for the managed rule groups owned by the specified
// vendor.
ManagedProducts []*ManagedProductDescriptor `type:"list"`
// contains filtered or unexported fields
}
func (s DescribeManagedProductsByVendorOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DescribeManagedProductsByVendorOutput) SetManagedProducts(v []*ManagedProductDescriptor) *DescribeManagedProductsByVendorOutput
SetManagedProducts sets the ManagedProducts field's value.
func (s DescribeManagedProductsByVendorOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DescribeManagedRuleGroupInput struct {
// The name of the managed rule group. You use this, along with the vendor name,
// to identify the rule group.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// The name of the managed rule group vendor. You use this, along with the rule
// group name, to identify a rule group.
//
// VendorName is a required field
VendorName *string `min:"1" type:"string" required:"true"`
// The version of the rule group. You can only use a version that is not scheduled
// for expiration. If you don't provide this, WAF uses the vendor's default
// version.
VersionName *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
func (s DescribeManagedRuleGroupInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DescribeManagedRuleGroupInput) SetName(v string) *DescribeManagedRuleGroupInput
SetName sets the Name field's value.
func (s *DescribeManagedRuleGroupInput) SetScope(v string) *DescribeManagedRuleGroupInput
SetScope sets the Scope field's value.
func (s *DescribeManagedRuleGroupInput) SetVendorName(v string) *DescribeManagedRuleGroupInput
SetVendorName sets the VendorName field's value.
func (s *DescribeManagedRuleGroupInput) SetVersionName(v string) *DescribeManagedRuleGroupInput
SetVersionName sets the VersionName field's value.
func (s DescribeManagedRuleGroupInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DescribeManagedRuleGroupInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DescribeManagedRuleGroupOutput struct {
// The labels that one or more rules in this rule group add to matching web
// requests. These labels are defined in the RuleLabels for a Rule.
AvailableLabels []*LabelSummary `type:"list"`
// The web ACL capacity units (WCUs) required for this rule group.
//
// WAF uses WCUs to calculate and control the operating resources that are used
// to run your rules, rule groups, and web ACLs. WAF calculates capacity differently
// for each rule type, to reflect the relative cost of each rule. Simple rules
// that cost little to run use fewer WCUs than more complex rules that use more
// processing power. Rule group capacity is fixed at creation, which helps users
// plan their web ACL WCU usage when they use a rule group. For more information,
// see WAF web ACL capacity units (WCU) (https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html)
// in the WAF Developer Guide.
Capacity *int64 `min:"1" type:"long"`
// The labels that one or more rules in this rule group match against in label
// match statements. These labels are defined in a LabelMatchStatement specification,
// in the Statement definition of a rule.
ConsumedLabels []*LabelSummary `type:"list"`
// The label namespace prefix for this rule group. All labels added by rules
// in this rule group have this prefix.
//
// * The syntax for the label namespace prefix for a managed rule group is
// the following: awswaf:managed:<vendor>:<rule group name>:
//
// * When a rule with a label matches a web request, WAF adds the fully qualified
// label to the request. A fully qualified label is made up of the label
// namespace from the rule group or web ACL where the rule is defined and
// the label from the rule, separated by a colon: <label namespace>:<label
// from rule>
LabelNamespace *string `min:"1" type:"string"`
Rules []*RuleSummary `type:"list"`
// The Amazon resource name (ARN) of the Amazon Simple Notification Service
// SNS topic that's used to provide notification of changes to the managed rule
// group. You can subscribe to the SNS topic to receive notifications when the
// managed rule group is modified, such as for new versions and for version
// expiration. For more information, see the Amazon Simple Notification Service
// Developer Guide (https://docs.aws.amazon.com/sns/latest/dg/welcome.html).
SnsTopicArn *string `min:"20" type:"string"`
// The managed rule group's version.
VersionName *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
func (s DescribeManagedRuleGroupOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DescribeManagedRuleGroupOutput) SetAvailableLabels(v []*LabelSummary) *DescribeManagedRuleGroupOutput
SetAvailableLabels sets the AvailableLabels field's value.
func (s *DescribeManagedRuleGroupOutput) SetCapacity(v int64) *DescribeManagedRuleGroupOutput
SetCapacity sets the Capacity field's value.
func (s *DescribeManagedRuleGroupOutput) SetConsumedLabels(v []*LabelSummary) *DescribeManagedRuleGroupOutput
SetConsumedLabels sets the ConsumedLabels field's value.
func (s *DescribeManagedRuleGroupOutput) SetLabelNamespace(v string) *DescribeManagedRuleGroupOutput
SetLabelNamespace sets the LabelNamespace field's value.
func (s *DescribeManagedRuleGroupOutput) SetRules(v []*RuleSummary) *DescribeManagedRuleGroupOutput
SetRules sets the Rules field's value.
func (s *DescribeManagedRuleGroupOutput) SetSnsTopicArn(v string) *DescribeManagedRuleGroupOutput
SetSnsTopicArn sets the SnsTopicArn field's value.
func (s *DescribeManagedRuleGroupOutput) SetVersionName(v string) *DescribeManagedRuleGroupOutput
SetVersionName sets the VersionName field's value.
func (s DescribeManagedRuleGroupOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DisassociateWebACLInput struct {
// The Amazon Resource Name (ARN) of the resource to disassociate from the web
// ACL.
//
// The ARN must be in one of the following formats:
//
// * For an Application Load Balancer: arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
//
// * For an Amazon API Gateway REST API: arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
//
// * For an AppSync GraphQL API: arn:partition:appsync:region:account-id:apis/GraphQLApiId
//
// * For an Amazon Cognito user pool: arn:partition:cognito-idp:region:account-id:userpool/user-pool-id
//
// * For an App Runner service: arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
//
// * For an Amazon Web Services Verified Access instance: arn:partition:ec2:region:account-id:verified-access-instance/instance-id
//
// ResourceArn is a required field
ResourceArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s DisassociateWebACLInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DisassociateWebACLInput) SetResourceArn(v string) *DisassociateWebACLInput
SetResourceArn sets the ResourceArn field's value.
func (s DisassociateWebACLInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DisassociateWebACLInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DisassociateWebACLOutput struct {
// contains filtered or unexported fields
}
func (s DisassociateWebACLOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s DisassociateWebACLOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ExcludedRule struct {
// The name of the rule whose action you want to override to Count.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
Specifies a single rule in a rule group whose action you want to override to Count.
Instead of this option, use RuleActionOverrides. It accepts any valid action setting, including Count.
func (s ExcludedRule) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ExcludedRule) SetName(v string) *ExcludedRule
SetName sets the Name field's value.
func (s ExcludedRule) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ExcludedRule) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type FieldToMatch struct {
// Inspect all query arguments.
AllQueryArguments *AllQueryArguments `type:"structure"`
// Inspect the request body as plain text. The request body immediately follows
// the request headers. This is the part of a request that contains any additional
// data that you want to send to your web server as the HTTP request body, such
// as data from a form.
//
// A limited amount of the request body is forwarded to WAF for inspection by
// the underlying host service. For regional resources, the limit is 8 KB (8,192
// kilobytes) and for CloudFront distributions, the limit is 16 KB (16,384 kilobytes).
// For CloudFront distributions, you can increase the limit in the web ACL's
// AssociationConfig, for additional processing fees.
//
// For information about how to handle oversized request bodies, see the Body
// object configuration.
Body *Body `type:"structure"`
// Inspect the request cookies. You must configure scope and pattern matching
// filters in the Cookies object, to define the set of cookies and the parts
// of the cookies that WAF inspects.
//
// Only the first 8 KB (8192 bytes) of a request's cookies and only the first
// 200 cookies are forwarded to WAF for inspection by the underlying host service.
// You must configure how to handle any oversize cookie content in the Cookies
// object. WAF applies the pattern matching filters to the cookies that it receives
// from the underlying host service.
Cookies *Cookies `type:"structure"`
// Inspect a string containing the list of the request's header names, ordered
// as they appear in the web request that WAF receives for inspection. WAF generates
// the string and then uses that as the field to match component in its inspection.
// WAF separates the header names in the string using commas and no added spaces.
//
// Matches against the header order string are case insensitive.
HeaderOrder *HeaderOrder `type:"structure"`
// Inspect the request headers. You must configure scope and pattern matching
// filters in the Headers object, to define the set of headers to and the parts
// of the headers that WAF inspects.
//
// Only the first 8 KB (8192 bytes) of a request's headers and only the first
// 200 headers are forwarded to WAF for inspection by the underlying host service.
// You must configure how to handle any oversize header content in the Headers
// object. WAF applies the pattern matching filters to the headers that it receives
// from the underlying host service.
Headers *Headers `type:"structure"`
// Inspect the request body as JSON. The request body immediately follows the
// request headers. This is the part of a request that contains any additional
// data that you want to send to your web server as the HTTP request body, such
// as data from a form.
//
// A limited amount of the request body is forwarded to WAF for inspection by
// the underlying host service. For regional resources, the limit is 8 KB (8,192
// kilobytes) and for CloudFront distributions, the limit is 16 KB (16,384 kilobytes).
// For CloudFront distributions, you can increase the limit in the web ACL's
// AssociationConfig, for additional processing fees.
//
// For information about how to handle oversized request bodies, see the JsonBody
// object configuration.
JsonBody *JsonBody `type:"structure"`
// Inspect the HTTP method. The method indicates the type of operation that
// the request is asking the origin to perform.
Method *Method `type:"structure"`
// Inspect the query string. This is the part of a URL that appears after a
// ? character, if any.
QueryString *QueryString `type:"structure"`
// Inspect a single header. Provide the name of the header to inspect, for example,
// User-Agent or Referer. This setting isn't case sensitive.
//
// Example JSON: "SingleHeader": { "Name": "haystack" }
//
// Alternately, you can filter and inspect all headers with the Headers FieldToMatch
// setting.
SingleHeader *SingleHeader `type:"structure"`
// Inspect a single query argument. Provide the name of the query argument to
// inspect, such as UserName or SalesRegion. The name can be up to 30 characters
// long and isn't case sensitive.
//
// Example JSON: "SingleQueryArgument": { "Name": "myArgument" }
SingleQueryArgument *SingleQueryArgument `type:"structure"`
// Inspect the request URI path. This is the part of the web request that identifies
// a resource, for example, /images/daily-ad.jpg.
UriPath *UriPath `type:"structure"`
// contains filtered or unexported fields
}
The part of the web request that you want WAF to inspect. Include the single FieldToMatch type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in FieldToMatch for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component.
Example JSON for a QueryString field to match:
"FieldToMatch": { "QueryString": {} }
Example JSON for a Method field to match specification:
"FieldToMatch": { "Method": { "Name": "DELETE" } }
func (s FieldToMatch) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *FieldToMatch) SetAllQueryArguments(v *AllQueryArguments) *FieldToMatch
SetAllQueryArguments sets the AllQueryArguments field's value.
func (s *FieldToMatch) SetBody(v *Body) *FieldToMatch
SetBody sets the Body field's value.
func (s *FieldToMatch) SetCookies(v *Cookies) *FieldToMatch
SetCookies sets the Cookies field's value.
func (s *FieldToMatch) SetHeaderOrder(v *HeaderOrder) *FieldToMatch
SetHeaderOrder sets the HeaderOrder field's value.
func (s *FieldToMatch) SetHeaders(v *Headers) *FieldToMatch
SetHeaders sets the Headers field's value.
func (s *FieldToMatch) SetJsonBody(v *JsonBody) *FieldToMatch
SetJsonBody sets the JsonBody field's value.
func (s *FieldToMatch) SetMethod(v *Method) *FieldToMatch
SetMethod sets the Method field's value.
func (s *FieldToMatch) SetQueryString(v *QueryString) *FieldToMatch
SetQueryString sets the QueryString field's value.
func (s *FieldToMatch) SetSingleHeader(v *SingleHeader) *FieldToMatch
SetSingleHeader sets the SingleHeader field's value.
func (s *FieldToMatch) SetSingleQueryArgument(v *SingleQueryArgument) *FieldToMatch
SetSingleQueryArgument sets the SingleQueryArgument field's value.
func (s *FieldToMatch) SetUriPath(v *UriPath) *FieldToMatch
SetUriPath sets the UriPath field's value.
func (s FieldToMatch) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *FieldToMatch) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type Filter struct {
// How to handle logs that satisfy the filter's conditions and requirement.
//
// Behavior is a required field
Behavior *string `type:"string" required:"true" enum:"FilterBehavior"`
// Match conditions for the filter.
//
// Conditions is a required field
Conditions []*Condition `min:"1" type:"list" required:"true"`
// Logic to apply to the filtering conditions. You can specify that, in order
// to satisfy the filter, a log must match all conditions or must match at least
// one condition.
//
// Requirement is a required field
Requirement *string `type:"string" required:"true" enum:"FilterRequirement"`
// contains filtered or unexported fields
}
A single logging filter, used in LoggingFilter.
func (s Filter) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Filter) SetBehavior(v string) *Filter
SetBehavior sets the Behavior field's value.
func (s *Filter) SetConditions(v []*Condition) *Filter
SetConditions sets the Conditions field's value.
func (s *Filter) SetRequirement(v string) *Filter
SetRequirement sets the Requirement field's value.
func (s Filter) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Filter) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type FirewallManagerRuleGroup struct {
// The processing guidance for an Firewall Manager rule. This is like a regular
// rule Statement, but it can only contain a rule group reference.
//
// FirewallManagerStatement is a required field
FirewallManagerStatement *FirewallManagerStatement `type:"structure" required:"true"`
// The name of the rule group. You cannot change the name of a rule group after
// you create it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// The action to use in the place of the action that results from the rule group
// evaluation. Set the override action to none to leave the result of the rule
// group alone. Set it to count to override the result to count only.
//
// You can only use this for rule statements that reference a rule group, like
// RuleGroupReferenceStatement and ManagedRuleGroupStatement.
//
// This option is usually set to none. It does not affect how the rules in the
// rule group are evaluated. If you want the rules in the rule group to only
// count matches, do not use this and instead use the rule action override option,
// with Count action, in your rule group reference statement settings.
//
// OverrideAction is a required field
OverrideAction *OverrideAction `type:"structure" required:"true"`
// If you define more than one rule group in the first or last Firewall Manager
// rule groups, WAF evaluates each request against the rule groups in order,
// starting from the lowest priority setting. The priorities don't need to be
// consecutive, but they must all be different.
//
// Priority is a required field
Priority *int64 `type:"integer" required:"true"`
// Defines and enables Amazon CloudWatch metrics and web request sample collection.
//
// VisibilityConfig is a required field
VisibilityConfig *VisibilityConfig `type:"structure" required:"true"`
// contains filtered or unexported fields
}
A rule group that's defined for an Firewall Manager WAF policy.
func (s FirewallManagerRuleGroup) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *FirewallManagerRuleGroup) SetFirewallManagerStatement(v *FirewallManagerStatement) *FirewallManagerRuleGroup
SetFirewallManagerStatement sets the FirewallManagerStatement field's value.
func (s *FirewallManagerRuleGroup) SetName(v string) *FirewallManagerRuleGroup
SetName sets the Name field's value.
func (s *FirewallManagerRuleGroup) SetOverrideAction(v *OverrideAction) *FirewallManagerRuleGroup
SetOverrideAction sets the OverrideAction field's value.
func (s *FirewallManagerRuleGroup) SetPriority(v int64) *FirewallManagerRuleGroup
SetPriority sets the Priority field's value.
func (s *FirewallManagerRuleGroup) SetVisibilityConfig(v *VisibilityConfig) *FirewallManagerRuleGroup
SetVisibilityConfig sets the VisibilityConfig field's value.
func (s FirewallManagerRuleGroup) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type FirewallManagerStatement struct {
// A statement used by Firewall Manager to run the rules that are defined in
// a managed rule group. This is managed by Firewall Manager for an Firewall
// Manager WAF policy.
ManagedRuleGroupStatement *ManagedRuleGroupStatement `type:"structure"`
// A statement used by Firewall Manager to run the rules that are defined in
// a rule group. This is managed by Firewall Manager for an Firewall Manager
// WAF policy.
RuleGroupReferenceStatement *RuleGroupReferenceStatement `type:"structure"`
// contains filtered or unexported fields
}
The processing guidance for an Firewall Manager rule. This is like a regular rule Statement, but it can only contain a single rule group reference.
func (s FirewallManagerStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *FirewallManagerStatement) SetManagedRuleGroupStatement(v *ManagedRuleGroupStatement) *FirewallManagerStatement
SetManagedRuleGroupStatement sets the ManagedRuleGroupStatement field's value.
func (s *FirewallManagerStatement) SetRuleGroupReferenceStatement(v *RuleGroupReferenceStatement) *FirewallManagerStatement
SetRuleGroupReferenceStatement sets the RuleGroupReferenceStatement field's value.
func (s FirewallManagerStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ForwardedIPConfig struct {
// The match status to assign to the web request if the request doesn't have
// a valid IP address in the specified position.
//
// If the specified header isn't present in the request, WAF doesn't apply the
// rule to the web request at all.
//
// You can specify the following fallback behaviors:
//
// * MATCH - Treat the web request as matching the rule statement. WAF applies
// the rule action to the request.
//
// * NO_MATCH - Treat the web request as not matching the rule statement.
//
// FallbackBehavior is a required field
FallbackBehavior *string `type:"string" required:"true" enum:"FallbackBehavior"`
// The name of the HTTP header to use for the IP address. For example, to use
// the X-Forwarded-For (XFF) header, set this to X-Forwarded-For.
//
// If the specified header isn't present in the request, WAF doesn't apply the
// rule to the web request at all.
//
// HeaderName is a required field
HeaderName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.
If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.
This configuration is used for GeoMatchStatement and RateBasedStatement. For IPSetReferenceStatement, use IPSetForwardedIPConfig instead.
WAF only evaluates the first IP address found in the specified HTTP header.
func (s ForwardedIPConfig) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ForwardedIPConfig) SetFallbackBehavior(v string) *ForwardedIPConfig
SetFallbackBehavior sets the FallbackBehavior field's value.
func (s *ForwardedIPConfig) SetHeaderName(v string) *ForwardedIPConfig
SetHeaderName sets the HeaderName field's value.
func (s ForwardedIPConfig) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ForwardedIPConfig) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GenerateMobileSdkReleaseUrlInput struct {
// The device platform.
//
// Platform is a required field
Platform *string `type:"string" required:"true" enum:"Platform"`
// The release version. For the latest available version, specify LATEST.
//
// ReleaseVersion is a required field
ReleaseVersion *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s GenerateMobileSdkReleaseUrlInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GenerateMobileSdkReleaseUrlInput) SetPlatform(v string) *GenerateMobileSdkReleaseUrlInput
SetPlatform sets the Platform field's value.
func (s *GenerateMobileSdkReleaseUrlInput) SetReleaseVersion(v string) *GenerateMobileSdkReleaseUrlInput
SetReleaseVersion sets the ReleaseVersion field's value.
func (s GenerateMobileSdkReleaseUrlInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GenerateMobileSdkReleaseUrlInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GenerateMobileSdkReleaseUrlOutput struct {
// The presigned download URL for the specified SDK release.
Url *string `type:"string"`
// contains filtered or unexported fields
}
func (s GenerateMobileSdkReleaseUrlOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GenerateMobileSdkReleaseUrlOutput) SetUrl(v string) *GenerateMobileSdkReleaseUrlOutput
SetUrl sets the Url field's value.
func (s GenerateMobileSdkReleaseUrlOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GeoMatchStatement struct {
// An array of two-character country codes that you want to match against, for
// example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166
// international standard.
//
// When you use a geo match statement just for the region and country labels
// that it adds to requests, you still have to supply a country code for the
// rule to evaluate. In this case, you configure the rule to only count matching
// requests, but it will still generate logging and count metrics for any matches.
// You can reduce the logging and metrics that the rule produces by specifying
// a country that's unlikely to be a source of traffic to your site.
CountryCodes []*string `min:"1" type:"list" enum:"CountryCode"`
// The configuration for inspecting IP addresses in an HTTP header that you
// specify, instead of using the IP address that's reported by the web request
// origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify
// any header name.
//
// If the specified header isn't present in the request, WAF doesn't apply the
// rule to the web request at all.
ForwardedIPConfig *ForwardedIPConfig `type:"structure"`
// contains filtered or unexported fields
}
A rule statement that labels web requests by country and region and that matches against web requests based on country code. A geo match rule labels every request that it inspects regardless of whether it finds a match.
To manage requests only by country, you can use this statement by itself and specify the countries that you want to match against in the CountryCodes array.
Otherwise, configure your geo match rule with Count action so that it only labels requests. Then, add one or more label match rules to run after the geo match rule and configure them to match against the geographic labels and handle the requests as needed.
WAF labels requests using the alpha-2 country and region codes from the International Organization for Standardization (ISO) 3166 standard. WAF determines the codes using either the IP address in the web request origin or, if you specify it, the address in the geo match ForwardedIPConfig.
If you use the web request origin, the label formats are awswaf:clientip:geo:region:<ISO country code>-<ISO region code> and awswaf:clientip:geo:country:<ISO country code>.
If you use a forwarded IP address, the label formats are awswaf:forwardedip:geo:region:<ISO country code>-<ISO region code> and awswaf:forwardedip:geo:country:<ISO country code>.
For additional details, see Geographic match rule statement (https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-geo-match.html) in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
func (s GeoMatchStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GeoMatchStatement) SetCountryCodes(v []*string) *GeoMatchStatement
SetCountryCodes sets the CountryCodes field's value.
func (s *GeoMatchStatement) SetForwardedIPConfig(v *ForwardedIPConfig) *GeoMatchStatement
SetForwardedIPConfig sets the ForwardedIPConfig field's value.
func (s GeoMatchStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GeoMatchStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetDecryptedAPIKeyInput struct {
// The encrypted API key.
//
// APIKey is a required field
APIKey *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s GetDecryptedAPIKeyInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetDecryptedAPIKeyInput) SetAPIKey(v string) *GetDecryptedAPIKeyInput
SetAPIKey sets the APIKey field's value.
func (s *GetDecryptedAPIKeyInput) SetScope(v string) *GetDecryptedAPIKeyInput
SetScope sets the Scope field's value.
func (s GetDecryptedAPIKeyInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetDecryptedAPIKeyInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetDecryptedAPIKeyOutput struct {
// The date and time that the key was created.
CreationTimestamp *time.Time `type:"timestamp"`
// The token domains that are defined in this API key.
TokenDomains []*string `type:"list"`
// contains filtered or unexported fields
}
func (s GetDecryptedAPIKeyOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetDecryptedAPIKeyOutput) SetCreationTimestamp(v time.Time) *GetDecryptedAPIKeyOutput
SetCreationTimestamp sets the CreationTimestamp field's value.
func (s *GetDecryptedAPIKeyOutput) SetTokenDomains(v []*string) *GetDecryptedAPIKeyOutput
SetTokenDomains sets the TokenDomains field's value.
func (s GetDecryptedAPIKeyOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetIPSetInput struct {
// A unique identifier for the set. This ID is returned in the responses to
// create and list commands. You provide it to operations like update and delete.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// The name of the IP set. You cannot change the name of an IPSet after you
// create it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s GetIPSetInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetIPSetInput) SetId(v string) *GetIPSetInput
SetId sets the Id field's value.
func (s *GetIPSetInput) SetName(v string) *GetIPSetInput
SetName sets the Name field's value.
func (s *GetIPSetInput) SetScope(v string) *GetIPSetInput
SetScope sets the Scope field's value.
func (s GetIPSetInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetIPSetInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetIPSetOutput struct {
// Contains zero or more IP addresses or blocks of IP addresses specified in
// Classless Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and
// IPv6 CIDR ranges except for /0. For information about CIDR notation, see
// the Wikipedia entry Classless Inter-Domain Routing (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).
//
// WAF assigns an ARN to each IPSet that you create. To use an IP set in a rule,
// you provide the ARN to the Rule statement IPSetReferenceStatement.
IPSet *IPSet `type:"structure"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
LockToken *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
func (s GetIPSetOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetIPSetOutput) SetIPSet(v *IPSet) *GetIPSetOutput
SetIPSet sets the IPSet field's value.
func (s *GetIPSetOutput) SetLockToken(v string) *GetIPSetOutput
SetLockToken sets the LockToken field's value.
func (s GetIPSetOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetLoggingConfigurationInput struct {
// The Amazon Resource Name (ARN) of the web ACL for which you want to get the
// LoggingConfiguration.
//
// ResourceArn is a required field
ResourceArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s GetLoggingConfigurationInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetLoggingConfigurationInput) SetResourceArn(v string) *GetLoggingConfigurationInput
SetResourceArn sets the ResourceArn field's value.
func (s GetLoggingConfigurationInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetLoggingConfigurationInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetLoggingConfigurationOutput struct {
// The LoggingConfiguration for the specified web ACL.
LoggingConfiguration *LoggingConfiguration `type:"structure"`
// contains filtered or unexported fields
}
func (s GetLoggingConfigurationOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetLoggingConfigurationOutput) SetLoggingConfiguration(v *LoggingConfiguration) *GetLoggingConfigurationOutput
SetLoggingConfiguration sets the LoggingConfiguration field's value.
func (s GetLoggingConfigurationOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetManagedRuleSetInput struct {
// A unique identifier for the managed rule set. The ID is returned in the responses
// to commands like list. You provide it to operations like get and update.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// The name of the managed rule set. You use this, along with the rule set ID,
// to identify the rule set.
//
// This name is assigned to the corresponding managed rule group, which your
// customers can access and use.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s GetManagedRuleSetInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetManagedRuleSetInput) SetId(v string) *GetManagedRuleSetInput
SetId sets the Id field's value.
func (s *GetManagedRuleSetInput) SetName(v string) *GetManagedRuleSetInput
SetName sets the Name field's value.
func (s *GetManagedRuleSetInput) SetScope(v string) *GetManagedRuleSetInput
SetScope sets the Scope field's value.
func (s GetManagedRuleSetInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetManagedRuleSetInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetManagedRuleSetOutput struct {
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
LockToken *string `min:"1" type:"string"`
// The managed rule set that you requested.
ManagedRuleSet *ManagedRuleSet `type:"structure"`
// contains filtered or unexported fields
}
func (s GetManagedRuleSetOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetManagedRuleSetOutput) SetLockToken(v string) *GetManagedRuleSetOutput
SetLockToken sets the LockToken field's value.
func (s *GetManagedRuleSetOutput) SetManagedRuleSet(v *ManagedRuleSet) *GetManagedRuleSetOutput
SetManagedRuleSet sets the ManagedRuleSet field's value.
func (s GetManagedRuleSetOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetMobileSdkReleaseInput struct {
// The device platform.
//
// Platform is a required field
Platform *string `type:"string" required:"true" enum:"Platform"`
// The release version. For the latest available version, specify LATEST.
//
// ReleaseVersion is a required field
ReleaseVersion *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s GetMobileSdkReleaseInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetMobileSdkReleaseInput) SetPlatform(v string) *GetMobileSdkReleaseInput
SetPlatform sets the Platform field's value.
func (s *GetMobileSdkReleaseInput) SetReleaseVersion(v string) *GetMobileSdkReleaseInput
SetReleaseVersion sets the ReleaseVersion field's value.
func (s GetMobileSdkReleaseInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetMobileSdkReleaseInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetMobileSdkReleaseOutput struct {
// Information for a specified SDK release, including release notes and tags.
MobileSdkRelease *MobileSdkRelease `type:"structure"`
// contains filtered or unexported fields
}
func (s GetMobileSdkReleaseOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetMobileSdkReleaseOutput) SetMobileSdkRelease(v *MobileSdkRelease) *GetMobileSdkReleaseOutput
SetMobileSdkRelease sets the MobileSdkRelease field's value.
func (s GetMobileSdkReleaseOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetPermissionPolicyInput struct {
// The Amazon Resource Name (ARN) of the rule group for which you want to get
// the policy.
//
// ResourceArn is a required field
ResourceArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s GetPermissionPolicyInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetPermissionPolicyInput) SetResourceArn(v string) *GetPermissionPolicyInput
SetResourceArn sets the ResourceArn field's value.
func (s GetPermissionPolicyInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetPermissionPolicyInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetPermissionPolicyOutput struct {
// The IAM policy that is attached to the specified rule group.
Policy *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
func (s GetPermissionPolicyOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetPermissionPolicyOutput) SetPolicy(v string) *GetPermissionPolicyOutput
SetPolicy sets the Policy field's value.
func (s GetPermissionPolicyOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetRateBasedStatementManagedKeysInput struct {
// The name of the rule group reference statement in your web ACL. This is required
// only when you have the rate-based rule nested inside a rule group.
RuleGroupRuleName *string `min:"1" type:"string"`
// The name of the rate-based rule to get the keys for. If you have the rule
// defined inside a rule group that you're using in your web ACL, also provide
// the name of the rule group reference statement in the request parameter RuleGroupRuleName.
//
// RuleName is a required field
RuleName *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// The unique identifier for the web ACL. This ID is returned in the responses
// to create and list commands. You provide it to operations like update and
// delete.
//
// WebACLId is a required field
WebACLId *string `min:"1" type:"string" required:"true"`
// The name of the web ACL. You cannot change the name of a web ACL after you
// create it.
//
// WebACLName is a required field
WebACLName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s GetRateBasedStatementManagedKeysInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetRateBasedStatementManagedKeysInput) SetRuleGroupRuleName(v string) *GetRateBasedStatementManagedKeysInput
SetRuleGroupRuleName sets the RuleGroupRuleName field's value.
func (s *GetRateBasedStatementManagedKeysInput) SetRuleName(v string) *GetRateBasedStatementManagedKeysInput
SetRuleName sets the RuleName field's value.
func (s *GetRateBasedStatementManagedKeysInput) SetScope(v string) *GetRateBasedStatementManagedKeysInput
SetScope sets the Scope field's value.
func (s *GetRateBasedStatementManagedKeysInput) SetWebACLId(v string) *GetRateBasedStatementManagedKeysInput
SetWebACLId sets the WebACLId field's value.
func (s *GetRateBasedStatementManagedKeysInput) SetWebACLName(v string) *GetRateBasedStatementManagedKeysInput
SetWebACLName sets the WebACLName field's value.
func (s GetRateBasedStatementManagedKeysInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetRateBasedStatementManagedKeysInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetRateBasedStatementManagedKeysOutput struct {
// The keys that are of Internet Protocol version 4 (IPv4).
ManagedKeysIPV4 *RateBasedStatementManagedKeysIPSet `type:"structure"`
// The keys that are of Internet Protocol version 6 (IPv6).
ManagedKeysIPV6 *RateBasedStatementManagedKeysIPSet `type:"structure"`
// contains filtered or unexported fields
}
func (s GetRateBasedStatementManagedKeysOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetRateBasedStatementManagedKeysOutput) SetManagedKeysIPV4(v *RateBasedStatementManagedKeysIPSet) *GetRateBasedStatementManagedKeysOutput
SetManagedKeysIPV4 sets the ManagedKeysIPV4 field's value.
func (s *GetRateBasedStatementManagedKeysOutput) SetManagedKeysIPV6(v *RateBasedStatementManagedKeysIPSet) *GetRateBasedStatementManagedKeysOutput
SetManagedKeysIPV6 sets the ManagedKeysIPV6 field's value.
func (s GetRateBasedStatementManagedKeysOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetRegexPatternSetInput struct {
// A unique identifier for the set. This ID is returned in the responses to
// create and list commands. You provide it to operations like update and delete.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// The name of the set. You cannot change the name after you create the set.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s GetRegexPatternSetInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetRegexPatternSetInput) SetId(v string) *GetRegexPatternSetInput
SetId sets the Id field's value.
func (s *GetRegexPatternSetInput) SetName(v string) *GetRegexPatternSetInput
SetName sets the Name field's value.
func (s *GetRegexPatternSetInput) SetScope(v string) *GetRegexPatternSetInput
SetScope sets the Scope field's value.
func (s GetRegexPatternSetInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetRegexPatternSetInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetRegexPatternSetOutput struct {
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
LockToken *string `min:"1" type:"string"`
// Contains one or more regular expressions.
//
// WAF assigns an ARN to each RegexPatternSet that you create. To use a set
// in a rule, you provide the ARN to the Rule statement RegexPatternSetReferenceStatement.
RegexPatternSet *RegexPatternSet `type:"structure"`
// contains filtered or unexported fields
}
func (s GetRegexPatternSetOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetRegexPatternSetOutput) SetLockToken(v string) *GetRegexPatternSetOutput
SetLockToken sets the LockToken field's value.
func (s *GetRegexPatternSetOutput) SetRegexPatternSet(v *RegexPatternSet) *GetRegexPatternSetOutput
SetRegexPatternSet sets the RegexPatternSet field's value.
func (s GetRegexPatternSetOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetRuleGroupInput struct {
// The Amazon Resource Name (ARN) of the entity.
ARN *string `min:"20" type:"string"`
// A unique identifier for the rule group. This ID is returned in the responses
// to create and list commands. You provide it to operations like update and
// delete.
Id *string `min:"1" type:"string"`
// The name of the rule group. You cannot change the name of a rule group after
// you create it.
Name *string `min:"1" type:"string"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
Scope *string `type:"string" enum:"Scope"`
// contains filtered or unexported fields
}
func (s GetRuleGroupInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetRuleGroupInput) SetARN(v string) *GetRuleGroupInput
SetARN sets the ARN field's value.
func (s *GetRuleGroupInput) SetId(v string) *GetRuleGroupInput
SetId sets the Id field's value.
func (s *GetRuleGroupInput) SetName(v string) *GetRuleGroupInput
SetName sets the Name field's value.
func (s *GetRuleGroupInput) SetScope(v string) *GetRuleGroupInput
SetScope sets the Scope field's value.
func (s GetRuleGroupInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetRuleGroupInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetRuleGroupOutput struct {
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
LockToken *string `min:"1" type:"string"`
// A rule group defines a collection of rules to inspect and control web requests
// that you can use in a WebACL. When you create a rule group, you define an
// immutable capacity limit. If you update a rule group, you must stay within
// the capacity. This allows others to reuse the rule group with confidence
// in its capacity requirements.
RuleGroup *RuleGroup `type:"structure"`
// contains filtered or unexported fields
}
func (s GetRuleGroupOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetRuleGroupOutput) SetLockToken(v string) *GetRuleGroupOutput
SetLockToken sets the LockToken field's value.
func (s *GetRuleGroupOutput) SetRuleGroup(v *RuleGroup) *GetRuleGroupOutput
SetRuleGroup sets the RuleGroup field's value.
func (s GetRuleGroupOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetSampledRequestsInput struct {
// The number of requests that you want WAF to return from among the first 5,000
// requests that your Amazon Web Services resource received during the time
// range. If your resource received fewer requests than the value of MaxItems,
// GetSampledRequests returns information about all of them.
//
// MaxItems is a required field
MaxItems *int64 `min:"1" type:"long" required:"true"`
// The metric name assigned to the Rule or RuleGroup dimension for which you
// want a sample of requests.
//
// RuleMetricName is a required field
RuleMetricName *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// The start date and time and the end date and time of the range for which
// you want GetSampledRequests to return a sample of requests. You must specify
// the times in Coordinated Universal Time (UTC) format. UTC format includes
// the special designator, Z. For example, "2016-09-27T14:50Z". You can specify
// any time range in the previous three hours. If you specify a start time that's
// earlier than three hours ago, WAF sets it to three hours ago.
//
// TimeWindow is a required field
TimeWindow *TimeWindow `type:"structure" required:"true"`
// The Amazon resource name (ARN) of the WebACL for which you want a sample
// of requests.
//
// WebAclArn is a required field
WebAclArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s GetSampledRequestsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetSampledRequestsInput) SetMaxItems(v int64) *GetSampledRequestsInput
SetMaxItems sets the MaxItems field's value.
func (s *GetSampledRequestsInput) SetRuleMetricName(v string) *GetSampledRequestsInput
SetRuleMetricName sets the RuleMetricName field's value.
func (s *GetSampledRequestsInput) SetScope(v string) *GetSampledRequestsInput
SetScope sets the Scope field's value.
func (s *GetSampledRequestsInput) SetTimeWindow(v *TimeWindow) *GetSampledRequestsInput
SetTimeWindow sets the TimeWindow field's value.
func (s *GetSampledRequestsInput) SetWebAclArn(v string) *GetSampledRequestsInput
SetWebAclArn sets the WebAclArn field's value.
func (s GetSampledRequestsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetSampledRequestsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetSampledRequestsOutput struct {
// The total number of requests from which GetSampledRequests got a sample of
// MaxItems requests. If PopulationSize is less than MaxItems, the sample includes
// every request that your Amazon Web Services resource received during the
// specified time range.
PopulationSize *int64 `type:"long"`
// A complex type that contains detailed information about each of the requests
// in the sample.
SampledRequests []*SampledHTTPRequest `type:"list"`
// Usually, TimeWindow is the time range that you specified in the GetSampledRequests
// request. However, if your Amazon Web Services resource received more than
// 5,000 requests during the time range that you specified in the request, GetSampledRequests
// returns the time range for the first 5,000 requests. Times are in Coordinated
// Universal Time (UTC) format.
TimeWindow *TimeWindow `type:"structure"`
// contains filtered or unexported fields
}
func (s GetSampledRequestsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetSampledRequestsOutput) SetPopulationSize(v int64) *GetSampledRequestsOutput
SetPopulationSize sets the PopulationSize field's value.
func (s *GetSampledRequestsOutput) SetSampledRequests(v []*SampledHTTPRequest) *GetSampledRequestsOutput
SetSampledRequests sets the SampledRequests field's value.
func (s *GetSampledRequestsOutput) SetTimeWindow(v *TimeWindow) *GetSampledRequestsOutput
SetTimeWindow sets the TimeWindow field's value.
func (s GetSampledRequestsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetWebACLForResourceInput struct {
// The Amazon Resource Name (ARN) of the resource whose web ACL you want to
// retrieve.
//
// The ARN must be in one of the following formats:
//
// * For an Application Load Balancer: arn:partition:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
//
// * For an Amazon API Gateway REST API: arn:partition:apigateway:region::/restapis/api-id/stages/stage-name
//
// * For an AppSync GraphQL API: arn:partition:appsync:region:account-id:apis/GraphQLApiId
//
// * For an Amazon Cognito user pool: arn:partition:cognito-idp:region:account-id:userpool/user-pool-id
//
// * For an App Runner service: arn:partition:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
//
// * For an Amazon Web Services Verified Access instance: arn:partition:ec2:region:account-id:verified-access-instance/instance-id
//
// ResourceArn is a required field
ResourceArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s GetWebACLForResourceInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetWebACLForResourceInput) SetResourceArn(v string) *GetWebACLForResourceInput
SetResourceArn sets the ResourceArn field's value.
func (s GetWebACLForResourceInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetWebACLForResourceInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetWebACLForResourceOutput struct {
// The web ACL that is associated with the resource. If there is no associated
// resource, WAF returns a null web ACL.
WebACL *WebACL `type:"structure"`
// contains filtered or unexported fields
}
func (s GetWebACLForResourceOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetWebACLForResourceOutput) SetWebACL(v *WebACL) *GetWebACLForResourceOutput
SetWebACL sets the WebACL field's value.
func (s GetWebACLForResourceOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetWebACLInput struct {
// The unique identifier for the web ACL. This ID is returned in the responses
// to create and list commands. You provide it to operations like update and
// delete.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// The name of the web ACL. You cannot change the name of a web ACL after you
// create it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s GetWebACLInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetWebACLInput) SetId(v string) *GetWebACLInput
SetId sets the Id field's value.
func (s *GetWebACLInput) SetName(v string) *GetWebACLInput
SetName sets the Name field's value.
func (s *GetWebACLInput) SetScope(v string) *GetWebACLInput
SetScope sets the Scope field's value.
func (s GetWebACLInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetWebACLInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetWebACLOutput struct {
// The URL to use in SDK integrations with Amazon Web Services managed rule
// groups. For example, you can use the integration SDKs with the account takeover
// prevention managed rule group AWSManagedRulesATPRuleSet. This is only populated
// if you are using a rule group in your web ACL that integrates with your applications
// in this way. For more information, see WAF client application integration
// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html)
// in the WAF Developer Guide.
ApplicationIntegrationURL *string `type:"string"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
LockToken *string `min:"1" type:"string"`
// The web ACL specification. You can modify the settings in this web ACL and
// use it to update this web ACL or create a new one.
WebACL *WebACL `type:"structure"`
// contains filtered or unexported fields
}
func (s GetWebACLOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetWebACLOutput) SetApplicationIntegrationURL(v string) *GetWebACLOutput
SetApplicationIntegrationURL sets the ApplicationIntegrationURL field's value.
func (s *GetWebACLOutput) SetLockToken(v string) *GetWebACLOutput
SetLockToken sets the LockToken field's value.
func (s *GetWebACLOutput) SetWebACL(v *WebACL) *GetWebACLOutput
SetWebACL sets the WebACL field's value.
func (s GetWebACLOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type HTTPHeader struct {
// The name of the HTTP header.
Name *string `type:"string"`
// The value of the HTTP header.
Value *string `type:"string"`
// contains filtered or unexported fields
}
Part of the response from GetSampledRequests. This is a complex type that appears as Headers in the response syntax. HTTPHeader contains the names and values of all of the headers that appear in one of the web requests.
func (s HTTPHeader) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *HTTPHeader) SetName(v string) *HTTPHeader
SetName sets the Name field's value.
func (s *HTTPHeader) SetValue(v string) *HTTPHeader
SetValue sets the Value field's value.
func (s HTTPHeader) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type HTTPRequest struct {
// The IP address that the request originated from. If the web ACL is associated
// with a CloudFront distribution, this is the value of one of the following
// fields in CloudFront access logs:
//
// * c-ip, if the viewer did not use an HTTP proxy or a load balancer to
// send the request
//
// * x-forwarded-for, if the viewer did use an HTTP proxy or a load balancer
// to send the request
ClientIP *string `type:"string"`
// The two-letter country code for the country that the request originated from.
// For a current list of country codes, see the Wikipedia entry ISO 3166-1 alpha-2
// (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2).
Country *string `type:"string"`
// The HTTP version specified in the sampled web request, for example, HTTP/1.1.
HTTPVersion *string `type:"string"`
// A complex type that contains the name and value for each header in the sampled
// web request.
Headers []*HTTPHeader `type:"list"`
// The HTTP method specified in the sampled web request.
Method *string `type:"string"`
// The URI path of the request, which identifies the resource, for example,
// /images/daily-ad.jpg.
URI *string `type:"string"`
// contains filtered or unexported fields
}
Part of the response from GetSampledRequests. This is a complex type that appears as Request in the response syntax. HTTPRequest contains information about one of the web requests.
func (s HTTPRequest) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *HTTPRequest) SetClientIP(v string) *HTTPRequest
SetClientIP sets the ClientIP field's value.
func (s *HTTPRequest) SetCountry(v string) *HTTPRequest
SetCountry sets the Country field's value.
func (s *HTTPRequest) SetHTTPVersion(v string) *HTTPRequest
SetHTTPVersion sets the HTTPVersion field's value.
func (s *HTTPRequest) SetHeaders(v []*HTTPHeader) *HTTPRequest
SetHeaders sets the Headers field's value.
func (s *HTTPRequest) SetMethod(v string) *HTTPRequest
SetMethod sets the Method field's value.
func (s *HTTPRequest) SetURI(v string) *HTTPRequest
SetURI sets the URI field's value.
func (s HTTPRequest) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type HeaderMatchPattern struct {
// Inspect all headers.
All *All `type:"structure"`
// Inspect only the headers whose keys don't match any of the strings specified
// here.
ExcludedHeaders []*string `min:"1" type:"list"`
// Inspect only the headers that have a key that matches one of the strings
// specified here.
IncludedHeaders []*string `min:"1" type:"list"`
// contains filtered or unexported fields
}
The filter to use to identify the subset of headers to inspect in a web request.
You must specify exactly one setting: either All, IncludedHeaders, or ExcludedHeaders.
Example JSON: "MatchPattern": { "ExcludedHeaders": {"KeyToExclude1", "KeyToExclude2"} }
func (s HeaderMatchPattern) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *HeaderMatchPattern) SetAll(v *All) *HeaderMatchPattern
SetAll sets the All field's value.
func (s *HeaderMatchPattern) SetExcludedHeaders(v []*string) *HeaderMatchPattern
SetExcludedHeaders sets the ExcludedHeaders field's value.
func (s *HeaderMatchPattern) SetIncludedHeaders(v []*string) *HeaderMatchPattern
SetIncludedHeaders sets the IncludedHeaders field's value.
func (s HeaderMatchPattern) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *HeaderMatchPattern) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type HeaderOrder struct {
// What WAF should do if the headers of the request are more numerous or larger
// than WAF can inspect. WAF does not support inspecting the entire contents
// of request headers when they exceed 8 KB (8192 bytes) or 200 total headers.
// The underlying host service forwards a maximum of 200 headers and at most
// 8 KB of header contents to WAF.
//
// The options for oversize handling are the following:
//
// * CONTINUE - Inspect the available headers normally, according to the
// rule inspection criteria.
//
// * MATCH - Treat the web request as matching the rule statement. WAF applies
// the rule action to the request.
//
// * NO_MATCH - Treat the web request as not matching the rule statement.
//
// OversizeHandling is a required field
OversizeHandling *string `type:"string" required:"true" enum:"OversizeHandling"`
// contains filtered or unexported fields
}
Inspect a string containing the list of the request's header names, ordered as they appear in the web request that WAF receives for inspection. WAF generates the string and then uses that as the field to match component in its inspection. WAF separates the header names in the string using commas and no added spaces.
Matches against the header order string are case insensitive.
func (s HeaderOrder) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *HeaderOrder) SetOversizeHandling(v string) *HeaderOrder
SetOversizeHandling sets the OversizeHandling field's value.
func (s HeaderOrder) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *HeaderOrder) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type Headers struct {
// The filter to use to identify the subset of headers to inspect in a web request.
//
// You must specify exactly one setting: either All, IncludedHeaders, or ExcludedHeaders.
//
// Example JSON: "MatchPattern": { "ExcludedHeaders": {"KeyToExclude1", "KeyToExclude2"}
// }
//
// MatchPattern is a required field
MatchPattern *HeaderMatchPattern `type:"structure" required:"true"`
// The parts of the headers to match with the rule inspection criteria. If you
// specify All, WAF inspects both keys and values.
//
// MatchScope is a required field
MatchScope *string `type:"string" required:"true" enum:"MapMatchScope"`
// What WAF should do if the headers of the request are more numerous or larger
// than WAF can inspect. WAF does not support inspecting the entire contents
// of request headers when they exceed 8 KB (8192 bytes) or 200 total headers.
// The underlying host service forwards a maximum of 200 headers and at most
// 8 KB of header contents to WAF.
//
// The options for oversize handling are the following:
//
// * CONTINUE - Inspect the available headers normally, according to the
// rule inspection criteria.
//
// * MATCH - Treat the web request as matching the rule statement. WAF applies
// the rule action to the request.
//
// * NO_MATCH - Treat the web request as not matching the rule statement.
//
// OversizeHandling is a required field
OversizeHandling *string `type:"string" required:"true" enum:"OversizeHandling"`
// contains filtered or unexported fields
}
Inspect all headers in the web request. You can specify the parts of the headers to inspect and you can narrow the set of headers to inspect by including or excluding specific keys.
This is used to indicate the web request component to inspect, in the FieldToMatch specification.
If you want to inspect just the value of a single header, use the SingleHeader FieldToMatch setting instead.
Example JSON: "Headers": { "MatchPattern": { "All": {} }, "MatchScope": "KEY", "OversizeHandling": "MATCH" }
func (s Headers) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Headers) SetMatchPattern(v *HeaderMatchPattern) *Headers
SetMatchPattern sets the MatchPattern field's value.
func (s *Headers) SetMatchScope(v string) *Headers
SetMatchScope sets the MatchScope field's value.
func (s *Headers) SetOversizeHandling(v string) *Headers
SetOversizeHandling sets the OversizeHandling field's value.
func (s Headers) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Headers) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type IPSet struct {
// The Amazon Resource Name (ARN) of the entity.
//
// ARN is a required field
ARN *string `min:"20" type:"string" required:"true"`
// Contains an array of strings that specifies zero or more IP addresses or
// blocks of IP addresses. All addresses must be specified using Classless Inter-Domain
// Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges except
// for /0.
//
// Example address strings:
//
// * To configure WAF to allow, block, or count requests that originated
// from the IP address 192.0.2.44, specify 192.0.2.44/32.
//
// * To configure WAF to allow, block, or count requests that originated
// from IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24.
//
// * To configure WAF to allow, block, or count requests that originated
// from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128.
//
// * To configure WAF to allow, block, or count requests that originated
// from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff,
// specify 1111:0000:0000:0000:0000:0000:0000:0000/64.
//
// For more information about CIDR notation, see the Wikipedia entry Classless
// Inter-Domain Routing (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).
//
// Example JSON Addresses specifications:
//
// * Empty array: "Addresses": []
//
// * Array with one address: "Addresses": ["192.0.2.44/32"]
//
// * Array with three addresses: "Addresses": ["192.0.2.44/32", "192.0.2.0/24",
// "192.0.0.0/16"]
//
// * INVALID specification: "Addresses": [""] INVALID
//
// Addresses is a required field
Addresses []*string `type:"list" required:"true"`
// A description of the IP set that helps with identification.
Description *string `min:"1" type:"string"`
// The version of the IP addresses, either IPV4 or IPV6.
//
// IPAddressVersion is a required field
IPAddressVersion *string `type:"string" required:"true" enum:"IPAddressVersion"`
// A unique identifier for the set. This ID is returned in the responses to
// create and list commands. You provide it to operations like update and delete.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// The name of the IP set. You cannot change the name of an IPSet after you
// create it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
Contains zero or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges except for /0. For information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).
WAF assigns an ARN to each IPSet that you create. To use an IP set in a rule, you provide the ARN to the Rule statement IPSetReferenceStatement.
func (s IPSet) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IPSet) SetARN(v string) *IPSet
SetARN sets the ARN field's value.
func (s *IPSet) SetAddresses(v []*string) *IPSet
SetAddresses sets the Addresses field's value.
func (s *IPSet) SetDescription(v string) *IPSet
SetDescription sets the Description field's value.
func (s *IPSet) SetIPAddressVersion(v string) *IPSet
SetIPAddressVersion sets the IPAddressVersion field's value.
func (s *IPSet) SetId(v string) *IPSet
SetId sets the Id field's value.
func (s *IPSet) SetName(v string) *IPSet
SetName sets the Name field's value.
func (s IPSet) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type IPSetForwardedIPConfig struct {
// The match status to assign to the web request if the request doesn't have
// a valid IP address in the specified position.
//
// If the specified header isn't present in the request, WAF doesn't apply the
// rule to the web request at all.
//
// You can specify the following fallback behaviors:
//
// * MATCH - Treat the web request as matching the rule statement. WAF applies
// the rule action to the request.
//
// * NO_MATCH - Treat the web request as not matching the rule statement.
//
// FallbackBehavior is a required field
FallbackBehavior *string `type:"string" required:"true" enum:"FallbackBehavior"`
// The name of the HTTP header to use for the IP address. For example, to use
// the X-Forwarded-For (XFF) header, set this to X-Forwarded-For.
//
// If the specified header isn't present in the request, WAF doesn't apply the
// rule to the web request at all.
//
// HeaderName is a required field
HeaderName *string `min:"1" type:"string" required:"true"`
// The position in the header to search for the IP address. The header can contain
// IP addresses of the original client and also of proxies. For example, the
// header value could be 10.1.1.1, 127.0.0.0, 10.10.10.10 where the first IP
// address identifies the original client and the rest identify proxies that
// the request went through.
//
// The options for this setting are the following:
//
// * FIRST - Inspect the first IP address in the list of IP addresses in
// the header. This is usually the client's original IP.
//
// * LAST - Inspect the last IP address in the list of IP addresses in the
// header.
//
// * ANY - Inspect all IP addresses in the header for a match. If the header
// contains more than 10 IP addresses, WAF inspects the last 10.
//
// Position is a required field
Position *string `type:"string" required:"true" enum:"ForwardedIPPosition"`
// contains filtered or unexported fields
}
The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.
If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.
This configuration is used only for IPSetReferenceStatement. For GeoMatchStatement and RateBasedStatement, use ForwardedIPConfig instead.
func (s IPSetForwardedIPConfig) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IPSetForwardedIPConfig) SetFallbackBehavior(v string) *IPSetForwardedIPConfig
SetFallbackBehavior sets the FallbackBehavior field's value.
func (s *IPSetForwardedIPConfig) SetHeaderName(v string) *IPSetForwardedIPConfig
SetHeaderName sets the HeaderName field's value.
func (s *IPSetForwardedIPConfig) SetPosition(v string) *IPSetForwardedIPConfig
SetPosition sets the Position field's value.
func (s IPSetForwardedIPConfig) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IPSetForwardedIPConfig) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type IPSetReferenceStatement struct {
// The Amazon Resource Name (ARN) of the IPSet that this statement references.
//
// ARN is a required field
ARN *string `min:"20" type:"string" required:"true"`
// The configuration for inspecting IP addresses in an HTTP header that you
// specify, instead of using the IP address that's reported by the web request
// origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify
// any header name.
//
// If the specified header isn't present in the request, WAF doesn't apply the
// rule to the web request at all.
IPSetForwardedIPConfig *IPSetForwardedIPConfig `type:"structure"`
// contains filtered or unexported fields
}
A rule statement used to detect web requests coming from particular IP addresses or address ranges. To use this, create an IPSet that specifies the addresses you want to detect, then use the ARN of that set in this statement. To create an IP set, see CreateIPSet.
Each IP set rule statement references an IP set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, WAF automatically updates all rules that reference it.
func (s IPSetReferenceStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IPSetReferenceStatement) SetARN(v string) *IPSetReferenceStatement
SetARN sets the ARN field's value.
func (s *IPSetReferenceStatement) SetIPSetForwardedIPConfig(v *IPSetForwardedIPConfig) *IPSetReferenceStatement
SetIPSetForwardedIPConfig sets the IPSetForwardedIPConfig field's value.
func (s IPSetReferenceStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IPSetReferenceStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type IPSetSummary struct {
// The Amazon Resource Name (ARN) of the entity.
ARN *string `min:"20" type:"string"`
// A description of the IP set that helps with identification.
Description *string `min:"1" type:"string"`
// A unique identifier for the set. This ID is returned in the responses to
// create and list commands. You provide it to operations like update and delete.
Id *string `min:"1" type:"string"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
LockToken *string `min:"1" type:"string"`
// The name of the IP set. You cannot change the name of an IPSet after you
// create it.
Name *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
High-level information about an IPSet, returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage an IPSet, and the ARN, that you provide to the IPSetReferenceStatement to use the address set in a Rule.
func (s IPSetSummary) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IPSetSummary) SetARN(v string) *IPSetSummary
SetARN sets the ARN field's value.
func (s *IPSetSummary) SetDescription(v string) *IPSetSummary
SetDescription sets the Description field's value.
func (s *IPSetSummary) SetId(v string) *IPSetSummary
SetId sets the Id field's value.
func (s *IPSetSummary) SetLockToken(v string) *IPSetSummary
SetLockToken sets the LockToken field's value.
func (s *IPSetSummary) SetName(v string) *IPSetSummary
SetName sets the Name field's value.
func (s IPSetSummary) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ImmunityTimeProperty struct {
// The amount of time, in seconds, that a CAPTCHA or challenge timestamp is
// considered valid by WAF. The default setting is 300.
//
// For the Challenge action, the minimum setting is 300.
//
// ImmunityTime is a required field
ImmunityTime *int64 `min:"60" type:"long" required:"true"`
// contains filtered or unexported fields
}
Used for CAPTCHA and challenge token settings. Determines how long a CAPTCHA or challenge timestamp remains valid after WAF updates it for a successful CAPTCHA or challenge response.
func (s ImmunityTimeProperty) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ImmunityTimeProperty) SetImmunityTime(v int64) *ImmunityTimeProperty
SetImmunityTime sets the ImmunityTime field's value.
func (s ImmunityTimeProperty) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ImmunityTimeProperty) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type JsonBody struct {
// What WAF should do if it fails to completely parse the JSON body. The options
// are the following:
//
// * EVALUATE_AS_STRING - Inspect the body as plain text. WAF applies the
// text transformations and inspection criteria that you defined for the
// JSON inspection to the body text string.
//
// * MATCH - Treat the web request as matching the rule statement. WAF applies
// the rule action to the request.
//
// * NO_MATCH - Treat the web request as not matching the rule statement.
//
// If you don't provide this setting, WAF parses and evaluates the content only
// up to the first parsing failure that it encounters.
//
// WAF does its best to parse the entire JSON body, but might be forced to stop
// for reasons such as invalid characters, duplicate keys, truncation, and any
// content whose root node isn't an object or an array.
//
// WAF parses the JSON in the following examples as two valid key, value pairs:
//
// * Missing comma: {"key1":"value1""key2":"value2"}
//
// * Missing colon: {"key1":"value1","key2""value2"}
//
// * Extra colons: {"key1"::"value1","key2""value2"}
InvalidFallbackBehavior *string `type:"string" enum:"BodyParsingFallbackBehavior"`
// The patterns to look for in the JSON body. WAF inspects the results of these
// pattern matches against the rule inspection criteria.
//
// MatchPattern is a required field
MatchPattern *JsonMatchPattern `type:"structure" required:"true"`
// The parts of the JSON to match against using the MatchPattern. If you specify
// All, WAF matches against keys and values.
//
// MatchScope is a required field
MatchScope *string `type:"string" required:"true" enum:"JsonMatchScope"`
// What WAF should do if the body is larger than WAF can inspect. WAF does not
// support inspecting the entire contents of the web request body if the body
// exceeds the limit for the resource type. If the body is larger than the limit,
// the underlying host service only forwards the contents that are below the
// limit to WAF for inspection.
//
// The default limit is 8 KB (8,192 kilobytes) for regional resources and 16
// KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions,
// you can increase the limit in the web ACL AssociationConfig, for additional
// processing fees.
//
// The options for oversize handling are the following:
//
// * CONTINUE - Inspect the available body contents normally, according to
// the rule inspection criteria.
//
// * MATCH - Treat the web request as matching the rule statement. WAF applies
// the rule action to the request.
//
// * NO_MATCH - Treat the web request as not matching the rule statement.
//
// You can combine the MATCH or NO_MATCH settings for oversize handling with
// your rule and web ACL action settings, so that you block any request whose
// body is over the limit.
//
// Default: CONTINUE
OversizeHandling *string `type:"string" enum:"OversizeHandling"`
// contains filtered or unexported fields
}
Inspect the body of the web request as JSON. The body immediately follows the request headers.
This is used to indicate the web request component to inspect, in the FieldToMatch specification.
Use the specifications in this object to indicate which parts of the JSON body to inspect using the rule's inspection criteria. WAF inspects only the parts of the JSON that result from the matches that you indicate.
Example JSON: "JsonBody": { "MatchPattern": { "All": {} }, "MatchScope": "ALL" }
func (s JsonBody) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *JsonBody) SetInvalidFallbackBehavior(v string) *JsonBody
SetInvalidFallbackBehavior sets the InvalidFallbackBehavior field's value.
func (s *JsonBody) SetMatchPattern(v *JsonMatchPattern) *JsonBody
SetMatchPattern sets the MatchPattern field's value.
func (s *JsonBody) SetMatchScope(v string) *JsonBody
SetMatchScope sets the MatchScope field's value.
func (s *JsonBody) SetOversizeHandling(v string) *JsonBody
SetOversizeHandling sets the OversizeHandling field's value.
func (s JsonBody) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *JsonBody) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type JsonMatchPattern struct {
// Match all of the elements. See also MatchScope in JsonBody.
//
// You must specify either this setting or the IncludedPaths setting, but not
// both.
All *All `type:"structure"`
// Match only the specified include paths. See also MatchScope in JsonBody.
//
// Provide the include paths using JSON Pointer syntax. For example, "IncludedPaths":
// ["/dogs/0/name", "/dogs/1/name"]. For information about this syntax, see
// the Internet Engineering Task Force (IETF) documentation JavaScript Object
// Notation (JSON) Pointer (https://tools.ietf.org/html/rfc6901).
//
// You must specify either this setting or the All setting, but not both.
//
// Don't use this option to include all paths. Instead, use the All setting.
IncludedPaths []*string `min:"1" type:"list"`
// contains filtered or unexported fields
}
The patterns to look for in the JSON body. WAF inspects the results of these pattern matches against the rule inspection criteria. This is used with the FieldToMatch option JsonBody.
func (s JsonMatchPattern) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *JsonMatchPattern) SetAll(v *All) *JsonMatchPattern
SetAll sets the All field's value.
func (s *JsonMatchPattern) SetIncludedPaths(v []*string) *JsonMatchPattern
SetIncludedPaths sets the IncludedPaths field's value.
func (s JsonMatchPattern) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *JsonMatchPattern) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type Label struct {
// The label string.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
A single label container. This is used as an element of a label array in multiple contexts, for example, in RuleLabels inside a Rule and in Labels inside a SampledHTTPRequest.
func (s Label) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Label) SetName(v string) *Label
SetName sets the Name field's value.
func (s Label) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Label) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type LabelMatchStatement struct {
// The string to match against. The setting you provide for this depends on
// the match statement's Scope setting:
//
// * If the Scope indicates LABEL, then this specification must include the
// name and can include any number of preceding namespace specifications
// and prefix up to providing the fully qualified label name.
//
// * If the Scope indicates NAMESPACE, then this specification can include
// any number of contiguous namespace strings, and can include the entire
// label namespace prefix from the rule group or web ACL where the label
// originates.
//
// Labels are case sensitive and components of a label must be separated by
// colon, for example NS1:NS2:name.
//
// Key is a required field
Key *string `min:"1" type:"string" required:"true"`
// Specify whether you want to match using the label name or just the namespace.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"LabelMatchScope"`
// contains filtered or unexported fields
}
A rule statement to match against labels that have been added to the web request by rules that have already run in the web ACL.
The label match statement provides the label or namespace string to search for. The label string can represent a part or all of the fully qualified label name that had been added to the web request. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label. If you do not provide the fully qualified name in your label match string, WAF performs the search for labels that were added in the same context as the label match statement.
func (s LabelMatchStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *LabelMatchStatement) SetKey(v string) *LabelMatchStatement
SetKey sets the Key field's value.
func (s *LabelMatchStatement) SetScope(v string) *LabelMatchStatement
SetScope sets the Scope field's value.
func (s LabelMatchStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *LabelMatchStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type LabelNameCondition struct {
// The label name that a log record must contain in order to meet the condition.
// This must be a fully qualified label name. Fully qualified labels have a
// prefix, optional namespaces, and label name. The prefix identifies the rule
// group or web ACL context of the rule that added the label.
//
// LabelName is a required field
LabelName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
A single label name condition for a Condition in a logging filter.
func (s LabelNameCondition) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *LabelNameCondition) SetLabelName(v string) *LabelNameCondition
SetLabelName sets the LabelName field's value.
func (s LabelNameCondition) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *LabelNameCondition) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type LabelSummary struct {
// An individual label specification.
Name *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
List of labels used by one or more of the rules of a RuleGroup. This summary object is used for the following rule group lists:
AvailableLabels - Labels that rules add to matching requests. These labels are defined in the RuleLabels for a Rule.
ConsumedLabels - Labels that rules match against. These labels are defined in a LabelMatchStatement specification, in the Statement definition of a rule.
func (s LabelSummary) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *LabelSummary) SetName(v string) *LabelSummary
SetName sets the Name field's value.
func (s LabelSummary) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListAPIKeysInput struct {
// The maximum number of objects that you want WAF to return for this request.
// If more objects are available, in the response, WAF provides a NextMarker
// value that you can use in a subsequent call to get the next batch of objects.
Limit *int64 `min:"1" type:"integer"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s ListAPIKeysInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListAPIKeysInput) SetLimit(v int64) *ListAPIKeysInput
SetLimit sets the Limit field's value.
func (s *ListAPIKeysInput) SetNextMarker(v string) *ListAPIKeysInput
SetNextMarker sets the NextMarker field's value.
func (s *ListAPIKeysInput) SetScope(v string) *ListAPIKeysInput
SetScope sets the Scope field's value.
func (s ListAPIKeysInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListAPIKeysInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListAPIKeysOutput struct {
// The array of key summaries. If you specified a Limit in your request, this
// might not be the full list.
APIKeySummaries []*APIKeySummary `type:"list"`
// The CAPTCHA application integration URL, for use in your JavaScript implementation.
ApplicationIntegrationURL *string `type:"string"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
func (s ListAPIKeysOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListAPIKeysOutput) SetAPIKeySummaries(v []*APIKeySummary) *ListAPIKeysOutput
SetAPIKeySummaries sets the APIKeySummaries field's value.
func (s *ListAPIKeysOutput) SetApplicationIntegrationURL(v string) *ListAPIKeysOutput
SetApplicationIntegrationURL sets the ApplicationIntegrationURL field's value.
func (s *ListAPIKeysOutput) SetNextMarker(v string) *ListAPIKeysOutput
SetNextMarker sets the NextMarker field's value.
func (s ListAPIKeysOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListAvailableManagedRuleGroupVersionsInput struct {
// The maximum number of objects that you want WAF to return for this request.
// If more objects are available, in the response, WAF provides a NextMarker
// value that you can use in a subsequent call to get the next batch of objects.
Limit *int64 `min:"1" type:"integer"`
// The name of the managed rule group. You use this, along with the vendor name,
// to identify the rule group.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// The name of the managed rule group vendor. You use this, along with the rule
// group name, to identify a rule group.
//
// VendorName is a required field
VendorName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s ListAvailableManagedRuleGroupVersionsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListAvailableManagedRuleGroupVersionsInput) SetLimit(v int64) *ListAvailableManagedRuleGroupVersionsInput
SetLimit sets the Limit field's value.
func (s *ListAvailableManagedRuleGroupVersionsInput) SetName(v string) *ListAvailableManagedRuleGroupVersionsInput
SetName sets the Name field's value.
func (s *ListAvailableManagedRuleGroupVersionsInput) SetNextMarker(v string) *ListAvailableManagedRuleGroupVersionsInput
SetNextMarker sets the NextMarker field's value.
func (s *ListAvailableManagedRuleGroupVersionsInput) SetScope(v string) *ListAvailableManagedRuleGroupVersionsInput
SetScope sets the Scope field's value.
func (s *ListAvailableManagedRuleGroupVersionsInput) SetVendorName(v string) *ListAvailableManagedRuleGroupVersionsInput
SetVendorName sets the VendorName field's value.
func (s ListAvailableManagedRuleGroupVersionsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListAvailableManagedRuleGroupVersionsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListAvailableManagedRuleGroupVersionsOutput struct {
// The name of the version that's currently set as the default.
CurrentDefaultVersion *string `min:"1" type:"string"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// The versions that are currently available for the specified managed rule
// group. If you specified a Limit in your request, this might not be the full
// list.
Versions []*ManagedRuleGroupVersion `type:"list"`
// contains filtered or unexported fields
}
func (s ListAvailableManagedRuleGroupVersionsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListAvailableManagedRuleGroupVersionsOutput) SetCurrentDefaultVersion(v string) *ListAvailableManagedRuleGroupVersionsOutput
SetCurrentDefaultVersion sets the CurrentDefaultVersion field's value.
func (s *ListAvailableManagedRuleGroupVersionsOutput) SetNextMarker(v string) *ListAvailableManagedRuleGroupVersionsOutput
SetNextMarker sets the NextMarker field's value.
func (s *ListAvailableManagedRuleGroupVersionsOutput) SetVersions(v []*ManagedRuleGroupVersion) *ListAvailableManagedRuleGroupVersionsOutput
SetVersions sets the Versions field's value.
func (s ListAvailableManagedRuleGroupVersionsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListAvailableManagedRuleGroupsInput struct {
// The maximum number of objects that you want WAF to return for this request.
// If more objects are available, in the response, WAF provides a NextMarker
// value that you can use in a subsequent call to get the next batch of objects.
Limit *int64 `min:"1" type:"integer"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s ListAvailableManagedRuleGroupsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListAvailableManagedRuleGroupsInput) SetLimit(v int64) *ListAvailableManagedRuleGroupsInput
SetLimit sets the Limit field's value.
func (s *ListAvailableManagedRuleGroupsInput) SetNextMarker(v string) *ListAvailableManagedRuleGroupsInput
SetNextMarker sets the NextMarker field's value.
func (s *ListAvailableManagedRuleGroupsInput) SetScope(v string) *ListAvailableManagedRuleGroupsInput
SetScope sets the Scope field's value.
func (s ListAvailableManagedRuleGroupsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListAvailableManagedRuleGroupsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListAvailableManagedRuleGroupsOutput struct {
// Array of managed rule groups that you can use. If you specified a Limit in
// your request, this might not be the full list.
ManagedRuleGroups []*ManagedRuleGroupSummary `type:"list"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
func (s ListAvailableManagedRuleGroupsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListAvailableManagedRuleGroupsOutput) SetManagedRuleGroups(v []*ManagedRuleGroupSummary) *ListAvailableManagedRuleGroupsOutput
SetManagedRuleGroups sets the ManagedRuleGroups field's value.
func (s *ListAvailableManagedRuleGroupsOutput) SetNextMarker(v string) *ListAvailableManagedRuleGroupsOutput
SetNextMarker sets the NextMarker field's value.
func (s ListAvailableManagedRuleGroupsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListIPSetsInput struct {
// The maximum number of objects that you want WAF to return for this request.
// If more objects are available, in the response, WAF provides a NextMarker
// value that you can use in a subsequent call to get the next batch of objects.
Limit *int64 `min:"1" type:"integer"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s ListIPSetsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListIPSetsInput) SetLimit(v int64) *ListIPSetsInput
SetLimit sets the Limit field's value.
func (s *ListIPSetsInput) SetNextMarker(v string) *ListIPSetsInput
SetNextMarker sets the NextMarker field's value.
func (s *ListIPSetsInput) SetScope(v string) *ListIPSetsInput
SetScope sets the Scope field's value.
func (s ListIPSetsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListIPSetsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListIPSetsOutput struct {
// Array of IPSets. If you specified a Limit in your request, this might not
// be the full list.
IPSets []*IPSetSummary `type:"list"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
func (s ListIPSetsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListIPSetsOutput) SetIPSets(v []*IPSetSummary) *ListIPSetsOutput
SetIPSets sets the IPSets field's value.
func (s *ListIPSetsOutput) SetNextMarker(v string) *ListIPSetsOutput
SetNextMarker sets the NextMarker field's value.
func (s ListIPSetsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListLoggingConfigurationsInput struct {
// The maximum number of objects that you want WAF to return for this request.
// If more objects are available, in the response, WAF provides a NextMarker
// value that you can use in a subsequent call to get the next batch of objects.
Limit *int64 `min:"1" type:"integer"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s ListLoggingConfigurationsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListLoggingConfigurationsInput) SetLimit(v int64) *ListLoggingConfigurationsInput
SetLimit sets the Limit field's value.
func (s *ListLoggingConfigurationsInput) SetNextMarker(v string) *ListLoggingConfigurationsInput
SetNextMarker sets the NextMarker field's value.
func (s *ListLoggingConfigurationsInput) SetScope(v string) *ListLoggingConfigurationsInput
SetScope sets the Scope field's value.
func (s ListLoggingConfigurationsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListLoggingConfigurationsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListLoggingConfigurationsOutput struct {
// Array of logging configurations. If you specified a Limit in your request,
// this might not be the full list.
LoggingConfigurations []*LoggingConfiguration `type:"list"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
func (s ListLoggingConfigurationsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListLoggingConfigurationsOutput) SetLoggingConfigurations(v []*LoggingConfiguration) *ListLoggingConfigurationsOutput
SetLoggingConfigurations sets the LoggingConfigurations field's value.
func (s *ListLoggingConfigurationsOutput) SetNextMarker(v string) *ListLoggingConfigurationsOutput
SetNextMarker sets the NextMarker field's value.
func (s ListLoggingConfigurationsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListManagedRuleSetsInput struct {
// The maximum number of objects that you want WAF to return for this request.
// If more objects are available, in the response, WAF provides a NextMarker
// value that you can use in a subsequent call to get the next batch of objects.
Limit *int64 `min:"1" type:"integer"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s ListManagedRuleSetsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListManagedRuleSetsInput) SetLimit(v int64) *ListManagedRuleSetsInput
SetLimit sets the Limit field's value.
func (s *ListManagedRuleSetsInput) SetNextMarker(v string) *ListManagedRuleSetsInput
SetNextMarker sets the NextMarker field's value.
func (s *ListManagedRuleSetsInput) SetScope(v string) *ListManagedRuleSetsInput
SetScope sets the Scope field's value.
func (s ListManagedRuleSetsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListManagedRuleSetsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListManagedRuleSetsOutput struct {
// Your managed rule sets. If you specified a Limit in your request, this might
// not be the full list.
ManagedRuleSets []*ManagedRuleSetSummary `type:"list"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
func (s ListManagedRuleSetsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListManagedRuleSetsOutput) SetManagedRuleSets(v []*ManagedRuleSetSummary) *ListManagedRuleSetsOutput
SetManagedRuleSets sets the ManagedRuleSets field's value.
func (s *ListManagedRuleSetsOutput) SetNextMarker(v string) *ListManagedRuleSetsOutput
SetNextMarker sets the NextMarker field's value.
func (s ListManagedRuleSetsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListMobileSdkReleasesInput struct {
// The maximum number of objects that you want WAF to return for this request.
// If more objects are available, in the response, WAF provides a NextMarker
// value that you can use in a subsequent call to get the next batch of objects.
Limit *int64 `min:"1" type:"integer"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// The device platform to retrieve the list for.
//
// Platform is a required field
Platform *string `type:"string" required:"true" enum:"Platform"`
// contains filtered or unexported fields
}
func (s ListMobileSdkReleasesInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListMobileSdkReleasesInput) SetLimit(v int64) *ListMobileSdkReleasesInput
SetLimit sets the Limit field's value.
func (s *ListMobileSdkReleasesInput) SetNextMarker(v string) *ListMobileSdkReleasesInput
SetNextMarker sets the NextMarker field's value.
func (s *ListMobileSdkReleasesInput) SetPlatform(v string) *ListMobileSdkReleasesInput
SetPlatform sets the Platform field's value.
func (s ListMobileSdkReleasesInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListMobileSdkReleasesInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListMobileSdkReleasesOutput struct {
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// The high level information for the available SDK releases. If you specified
// a Limit in your request, this might not be the full list.
ReleaseSummaries []*ReleaseSummary `type:"list"`
// contains filtered or unexported fields
}
func (s ListMobileSdkReleasesOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListMobileSdkReleasesOutput) SetNextMarker(v string) *ListMobileSdkReleasesOutput
SetNextMarker sets the NextMarker field's value.
func (s *ListMobileSdkReleasesOutput) SetReleaseSummaries(v []*ReleaseSummary) *ListMobileSdkReleasesOutput
SetReleaseSummaries sets the ReleaseSummaries field's value.
func (s ListMobileSdkReleasesOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListRegexPatternSetsInput struct {
// The maximum number of objects that you want WAF to return for this request.
// If more objects are available, in the response, WAF provides a NextMarker
// value that you can use in a subsequent call to get the next batch of objects.
Limit *int64 `min:"1" type:"integer"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s ListRegexPatternSetsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListRegexPatternSetsInput) SetLimit(v int64) *ListRegexPatternSetsInput
SetLimit sets the Limit field's value.
func (s *ListRegexPatternSetsInput) SetNextMarker(v string) *ListRegexPatternSetsInput
SetNextMarker sets the NextMarker field's value.
func (s *ListRegexPatternSetsInput) SetScope(v string) *ListRegexPatternSetsInput
SetScope sets the Scope field's value.
func (s ListRegexPatternSetsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListRegexPatternSetsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListRegexPatternSetsOutput struct {
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// Array of regex pattern sets. If you specified a Limit in your request, this
// might not be the full list.
RegexPatternSets []*RegexPatternSetSummary `type:"list"`
// contains filtered or unexported fields
}
func (s ListRegexPatternSetsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListRegexPatternSetsOutput) SetNextMarker(v string) *ListRegexPatternSetsOutput
SetNextMarker sets the NextMarker field's value.
func (s *ListRegexPatternSetsOutput) SetRegexPatternSets(v []*RegexPatternSetSummary) *ListRegexPatternSetsOutput
SetRegexPatternSets sets the RegexPatternSets field's value.
func (s ListRegexPatternSetsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListResourcesForWebACLInput struct {
// Used for web ACLs that are scoped for regional applications. A regional application
// can be an Application Load Balancer (ALB), an Amazon API Gateway REST API,
// an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service,
// or an Amazon Web Services Verified Access instance.
//
// If you don't provide a resource type, the call uses the resource type APPLICATION_LOAD_BALANCER.
//
// Default: APPLICATION_LOAD_BALANCER
ResourceType *string `type:"string" enum:"ResourceType"`
// The Amazon Resource Name (ARN) of the web ACL.
//
// WebACLArn is a required field
WebACLArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s ListResourcesForWebACLInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListResourcesForWebACLInput) SetResourceType(v string) *ListResourcesForWebACLInput
SetResourceType sets the ResourceType field's value.
func (s *ListResourcesForWebACLInput) SetWebACLArn(v string) *ListResourcesForWebACLInput
SetWebACLArn sets the WebACLArn field's value.
func (s ListResourcesForWebACLInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListResourcesForWebACLInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListResourcesForWebACLOutput struct {
// The array of Amazon Resource Names (ARNs) of the associated resources.
ResourceArns []*string `type:"list"`
// contains filtered or unexported fields
}
func (s ListResourcesForWebACLOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListResourcesForWebACLOutput) SetResourceArns(v []*string) *ListResourcesForWebACLOutput
SetResourceArns sets the ResourceArns field's value.
func (s ListResourcesForWebACLOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListRuleGroupsInput struct {
// The maximum number of objects that you want WAF to return for this request.
// If more objects are available, in the response, WAF provides a NextMarker
// value that you can use in a subsequent call to get the next batch of objects.
Limit *int64 `min:"1" type:"integer"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s ListRuleGroupsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListRuleGroupsInput) SetLimit(v int64) *ListRuleGroupsInput
SetLimit sets the Limit field's value.
func (s *ListRuleGroupsInput) SetNextMarker(v string) *ListRuleGroupsInput
SetNextMarker sets the NextMarker field's value.
func (s *ListRuleGroupsInput) SetScope(v string) *ListRuleGroupsInput
SetScope sets the Scope field's value.
func (s ListRuleGroupsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListRuleGroupsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListRuleGroupsOutput struct {
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// Array of rule groups. If you specified a Limit in your request, this might
// not be the full list.
RuleGroups []*RuleGroupSummary `type:"list"`
// contains filtered or unexported fields
}
func (s ListRuleGroupsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListRuleGroupsOutput) SetNextMarker(v string) *ListRuleGroupsOutput
SetNextMarker sets the NextMarker field's value.
func (s *ListRuleGroupsOutput) SetRuleGroups(v []*RuleGroupSummary) *ListRuleGroupsOutput
SetRuleGroups sets the RuleGroups field's value.
func (s ListRuleGroupsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListTagsForResourceInput struct {
// The maximum number of objects that you want WAF to return for this request.
// If more objects are available, in the response, WAF provides a NextMarker
// value that you can use in a subsequent call to get the next batch of objects.
Limit *int64 `min:"1" type:"integer"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// The Amazon Resource Name (ARN) of the resource.
//
// ResourceARN is a required field
ResourceARN *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s ListTagsForResourceInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListTagsForResourceInput) SetLimit(v int64) *ListTagsForResourceInput
SetLimit sets the Limit field's value.
func (s *ListTagsForResourceInput) SetNextMarker(v string) *ListTagsForResourceInput
SetNextMarker sets the NextMarker field's value.
func (s *ListTagsForResourceInput) SetResourceARN(v string) *ListTagsForResourceInput
SetResourceARN sets the ResourceARN field's value.
func (s ListTagsForResourceInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListTagsForResourceInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListTagsForResourceOutput struct {
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// The collection of tagging definitions for the resource. If you specified
// a Limit in your request, this might not be the full list.
TagInfoForResource *TagInfoForResource `type:"structure"`
// contains filtered or unexported fields
}
func (s ListTagsForResourceOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListTagsForResourceOutput) SetNextMarker(v string) *ListTagsForResourceOutput
SetNextMarker sets the NextMarker field's value.
func (s *ListTagsForResourceOutput) SetTagInfoForResource(v *TagInfoForResource) *ListTagsForResourceOutput
SetTagInfoForResource sets the TagInfoForResource field's value.
func (s ListTagsForResourceOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListWebACLsInput struct {
// The maximum number of objects that you want WAF to return for this request.
// If more objects are available, in the response, WAF provides a NextMarker
// value that you can use in a subsequent call to get the next batch of objects.
Limit *int64 `min:"1" type:"integer"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s ListWebACLsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListWebACLsInput) SetLimit(v int64) *ListWebACLsInput
SetLimit sets the Limit field's value.
func (s *ListWebACLsInput) SetNextMarker(v string) *ListWebACLsInput
SetNextMarker sets the NextMarker field's value.
func (s *ListWebACLsInput) SetScope(v string) *ListWebACLsInput
SetScope sets the Scope field's value.
func (s ListWebACLsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListWebACLsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListWebACLsOutput struct {
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// Array of web ACLs. If you specified a Limit in your request, this might not
// be the full list.
WebACLs []*WebACLSummary `type:"list"`
// contains filtered or unexported fields
}
func (s ListWebACLsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListWebACLsOutput) SetNextMarker(v string) *ListWebACLsOutput
SetNextMarker sets the NextMarker field's value.
func (s *ListWebACLsOutput) SetWebACLs(v []*WebACLSummary) *ListWebACLsOutput
SetWebACLs sets the WebACLs field's value.
func (s ListWebACLsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type LoggingConfiguration struct {
// The logging destination configuration that you want to associate with the
// web ACL.
//
// You can associate one logging destination to a web ACL.
//
// LogDestinationConfigs is a required field
LogDestinationConfigs []*string `min:"1" type:"list" required:"true"`
// Filtering that specifies which web requests are kept in the logs and which
// are dropped. You can filter on the rule action and on the web request labels
// that were applied by matching rules during web ACL evaluation.
LoggingFilter *LoggingFilter `type:"structure"`
// Indicates whether the logging configuration was created by Firewall Manager,
// as part of an WAF policy configuration. If true, only Firewall Manager can
// modify or delete the configuration.
ManagedByFirewallManager *bool `type:"boolean"`
// The parts of the request that you want to keep out of the logs. For example,
// if you redact the SingleHeader field, the HEADER field in the logs will be
// REDACTED.
//
// You can specify only the following fields for redaction: UriPath, QueryString,
// SingleHeader, Method, and JsonBody.
RedactedFields []*FieldToMatch `type:"list"`
// The Amazon Resource Name (ARN) of the web ACL that you want to associate
// with LogDestinationConfigs.
//
// ResourceArn is a required field
ResourceArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
Defines an association between logging destinations and a web ACL resource, for logging from WAF. As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.
You can define one logging destination per web ACL.
You can access information about the traffic that WAF inspects using the following steps:
Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose.
The name that you give the destination must start with aws-waf-logs-. Depending on the type of destination, you might need to configure additional settings or permissions.
For configuration requirements and pricing information for each destination type, see Logging web ACL traffic (https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) in the WAF Developer Guide.
Associate your logging destination to your web ACL using a PutLoggingConfiguration request.
When you successfully enable logging using a PutLoggingConfiguration request, WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, WAF creates a resource policy on the log group. For an Amazon S3 bucket, WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, WAF creates a service-linked role.
For additional information about web ACL logging, see Logging web ACL traffic information (https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) in the WAF Developer Guide.
func (s LoggingConfiguration) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *LoggingConfiguration) SetLogDestinationConfigs(v []*string) *LoggingConfiguration
SetLogDestinationConfigs sets the LogDestinationConfigs field's value.
func (s *LoggingConfiguration) SetLoggingFilter(v *LoggingFilter) *LoggingConfiguration
SetLoggingFilter sets the LoggingFilter field's value.
func (s *LoggingConfiguration) SetManagedByFirewallManager(v bool) *LoggingConfiguration
SetManagedByFirewallManager sets the ManagedByFirewallManager field's value.
func (s *LoggingConfiguration) SetRedactedFields(v []*FieldToMatch) *LoggingConfiguration
SetRedactedFields sets the RedactedFields field's value.
func (s *LoggingConfiguration) SetResourceArn(v string) *LoggingConfiguration
SetResourceArn sets the ResourceArn field's value.
func (s LoggingConfiguration) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *LoggingConfiguration) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type LoggingFilter struct {
// Default handling for logs that don't match any of the specified filtering
// conditions.
//
// DefaultBehavior is a required field
DefaultBehavior *string `type:"string" required:"true" enum:"FilterBehavior"`
// The filters that you want to apply to the logs.
//
// Filters is a required field
Filters []*Filter `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
Filtering that specifies which web requests are kept in the logs and which are dropped, defined for a web ACL's LoggingConfiguration.
You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.
func (s LoggingFilter) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *LoggingFilter) SetDefaultBehavior(v string) *LoggingFilter
SetDefaultBehavior sets the DefaultBehavior field's value.
func (s *LoggingFilter) SetFilters(v []*Filter) *LoggingFilter
SetFilters sets the Filters field's value.
func (s LoggingFilter) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *LoggingFilter) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ManagedProductDescriptor struct {
// Indicates whether the rule group provides an advanced set of protections,
// such as the the Amazon Web Services Managed Rules rule groups that are used
// for WAF intelligent threat mitigation.
IsAdvancedManagedRuleSet *bool `type:"boolean"`
// Indicates whether the rule group is versioned.
IsVersioningSupported *bool `type:"boolean"`
// The name of the managed rule group. For example, AWSManagedRulesAnonymousIpList
// or AWSManagedRulesATPRuleSet.
ManagedRuleSetName *string `min:"1" type:"string"`
// A short description of the managed rule group.
ProductDescription *string `min:"1" type:"string"`
// A unique identifier for the rule group. This ID is returned in the responses
// to create and list commands. You provide it to operations like update and
// delete.
ProductId *string `min:"1" type:"string"`
// For Amazon Web Services Marketplace managed rule groups only, the link to
// the rule group product page.
ProductLink *string `min:"1" type:"string"`
// The display name for the managed rule group. For example, Anonymous IP list
// or Account takeover prevention.
ProductTitle *string `min:"1" type:"string"`
// The Amazon resource name (ARN) of the Amazon Simple Notification Service
// SNS topic that's used to provide notification of changes to the managed rule
// group. You can subscribe to the SNS topic to receive notifications when the
// managed rule group is modified, such as for new versions and for version
// expiration. For more information, see the Amazon Simple Notification Service
// Developer Guide (https://docs.aws.amazon.com/sns/latest/dg/welcome.html).
SnsTopicArn *string `min:"20" type:"string"`
// The name of the managed rule group vendor. You use this, along with the rule
// group name, to identify a rule group.
VendorName *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
The properties of a managed product, such as an Amazon Web Services Managed Rules rule group or an Amazon Web Services Marketplace managed rule group.
func (s ManagedProductDescriptor) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ManagedProductDescriptor) SetIsAdvancedManagedRuleSet(v bool) *ManagedProductDescriptor
SetIsAdvancedManagedRuleSet sets the IsAdvancedManagedRuleSet field's value.
func (s *ManagedProductDescriptor) SetIsVersioningSupported(v bool) *ManagedProductDescriptor
SetIsVersioningSupported sets the IsVersioningSupported field's value.
func (s *ManagedProductDescriptor) SetManagedRuleSetName(v string) *ManagedProductDescriptor
SetManagedRuleSetName sets the ManagedRuleSetName field's value.
func (s *ManagedProductDescriptor) SetProductDescription(v string) *ManagedProductDescriptor
SetProductDescription sets the ProductDescription field's value.
func (s *ManagedProductDescriptor) SetProductId(v string) *ManagedProductDescriptor
SetProductId sets the ProductId field's value.
func (s *ManagedProductDescriptor) SetProductLink(v string) *ManagedProductDescriptor
SetProductLink sets the ProductLink field's value.
func (s *ManagedProductDescriptor) SetProductTitle(v string) *ManagedProductDescriptor
SetProductTitle sets the ProductTitle field's value.
func (s *ManagedProductDescriptor) SetSnsTopicArn(v string) *ManagedProductDescriptor
SetSnsTopicArn sets the SnsTopicArn field's value.
func (s *ManagedProductDescriptor) SetVendorName(v string) *ManagedProductDescriptor
SetVendorName sets the VendorName field's value.
func (s ManagedProductDescriptor) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ManagedRuleGroupConfig struct {
// Additional configuration for using the account takeover prevention (ATP)
// managed rule group, AWSManagedRulesATPRuleSet. Use this to provide login
// request information to the rule group. For web ACLs that protect CloudFront
// distributions, use this to also provide the information about how your distribution
// responds to login requests.
//
// This configuration replaces the individual configuration fields in ManagedRuleGroupConfig
// and provides additional feature configuration.
//
// For information about using the ATP managed rule group, see WAF Fraud Control
// account takeover prevention (ATP) rule group (https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-atp.html)
// and WAF Fraud Control account takeover prevention (ATP) (https://docs.aws.amazon.com/waf/latest/developerguide/waf-atp.html)
// in the WAF Developer Guide.
AWSManagedRulesATPRuleSet *AWSManagedRulesATPRuleSet `type:"structure"`
// Additional configuration for using the Bot Control managed rule group. Use
// this to specify the inspection level that you want to use. For information
// about using the Bot Control managed rule group, see WAF Bot Control rule
// group (https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html)
// and WAF Bot Control (https://docs.aws.amazon.com/waf/latest/developerguide/waf-bot-control.html)
// in the WAF Developer Guide.
AWSManagedRulesBotControlRuleSet *AWSManagedRulesBotControlRuleSet `type:"structure"`
//
// Instead of this setting, provide your configuration under AWSManagedRulesATPRuleSet.
//
// Deprecated: Deprecated. Use AWSManagedRulesATPRuleSet LoginPath
LoginPath *string `min:"1" deprecated:"true" type:"string"`
//
// Instead of this setting, provide your configuration under AWSManagedRulesATPRuleSet
// RequestInspection.
//
// Deprecated: Deprecated. Use AWSManagedRulesATPRuleSet RequestInspection PasswordField
PasswordField *PasswordField `deprecated:"true" type:"structure"`
//
// Instead of this setting, provide your configuration under AWSManagedRulesATPRuleSet
// RequestInspection.
//
// Deprecated: Deprecated. Use AWSManagedRulesATPRuleSet RequestInspection PayloadType
PayloadType *string `deprecated:"true" type:"string" enum:"PayloadType"`
//
// Instead of this setting, provide your configuration under AWSManagedRulesATPRuleSet
// RequestInspection.
//
// Deprecated: Deprecated. Use AWSManagedRulesATPRuleSet RequestInspection UsernameField
UsernameField *UsernameField `deprecated:"true" type:"structure"`
// contains filtered or unexported fields
}
Additional information that's used by a managed rule group. Many managed rule groups don't require this.
Use the AWSManagedRulesATPRuleSet configuration object for the account takeover prevention managed rule group, to provide information such as the sign-in page of your application and the type of content to accept or reject from the client.
Use the AWSManagedRulesBotControlRuleSet configuration object to configure the protection level that you want the Bot Control rule group to use.
For example specifications, see the examples section of CreateWebACL.
func (s ManagedRuleGroupConfig) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ManagedRuleGroupConfig) SetAWSManagedRulesATPRuleSet(v *AWSManagedRulesATPRuleSet) *ManagedRuleGroupConfig
SetAWSManagedRulesATPRuleSet sets the AWSManagedRulesATPRuleSet field's value.
func (s *ManagedRuleGroupConfig) SetAWSManagedRulesBotControlRuleSet(v *AWSManagedRulesBotControlRuleSet) *ManagedRuleGroupConfig
SetAWSManagedRulesBotControlRuleSet sets the AWSManagedRulesBotControlRuleSet field's value.
func (s *ManagedRuleGroupConfig) SetLoginPath(v string) *ManagedRuleGroupConfig
SetLoginPath sets the LoginPath field's value.
func (s *ManagedRuleGroupConfig) SetPasswordField(v *PasswordField) *ManagedRuleGroupConfig
SetPasswordField sets the PasswordField field's value.
func (s *ManagedRuleGroupConfig) SetPayloadType(v string) *ManagedRuleGroupConfig
SetPayloadType sets the PayloadType field's value.
func (s *ManagedRuleGroupConfig) SetUsernameField(v *UsernameField) *ManagedRuleGroupConfig
SetUsernameField sets the UsernameField field's value.
func (s ManagedRuleGroupConfig) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ManagedRuleGroupConfig) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ManagedRuleGroupStatement struct {
// Rules in the referenced rule group whose actions are set to Count.
//
// Instead of this option, use RuleActionOverrides. It accepts any valid action
// setting, including Count.
ExcludedRules []*ExcludedRule `type:"list"`
// Additional information that's used by a managed rule group. Many managed
// rule groups don't require this.
//
// Use the AWSManagedRulesATPRuleSet configuration object for the account takeover
// prevention managed rule group, to provide information such as the sign-in
// page of your application and the type of content to accept or reject from
// the client.
//
// Use the AWSManagedRulesBotControlRuleSet configuration object to configure
// the protection level that you want the Bot Control rule group to use.
ManagedRuleGroupConfigs []*ManagedRuleGroupConfig `type:"list"`
// The name of the managed rule group. You use this, along with the vendor name,
// to identify the rule group.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Action settings to use in the place of the rule actions that are configured
// inside the rule group. You specify one override for each rule whose action
// you want to change.
//
// You can use overrides for testing, for example you can override all of rule
// actions to Count and then monitor the resulting count metrics to understand
// how the rule group would handle your web traffic. You can also permanently
// override some or all actions, to modify how the rule group manages your web
// traffic.
RuleActionOverrides []*RuleActionOverride `min:"1" type:"list"`
// An optional nested statement that narrows the scope of the web requests that
// are evaluated by the managed rule group. Requests are only evaluated by the
// rule group if they match the scope-down statement. You can use any nestable
// Statement in the scope-down statement, and you can nest statements at any
// level, the same as you can for a rule statement.
ScopeDownStatement *Statement `type:"structure"`
// The name of the managed rule group vendor. You use this, along with the rule
// group name, to identify a rule group.
//
// VendorName is a required field
VendorName *string `min:"1" type:"string" required:"true"`
// The version of the managed rule group to use. If you specify this, the version
// setting is fixed until you change it. If you don't specify this, WAF uses
// the vendor's default version, and then keeps the version at the vendor's
// default when the vendor updates the managed rule group settings.
Version *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.
You cannot nest a ManagedRuleGroupStatement, for example for use inside a NotStatement or OrStatement. It can only be referenced as a top-level statement within a rule.
You are charged additional fees when you use the WAF Bot Control managed rule group AWSManagedRulesBotControlRuleSet or the WAF Fraud Control account takeover prevention (ATP) managed rule group AWSManagedRulesATPRuleSet. For more information, see WAF Pricing (http://aws.amazon.com/waf/pricing/).
func (s ManagedRuleGroupStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ManagedRuleGroupStatement) SetExcludedRules(v []*ExcludedRule) *ManagedRuleGroupStatement
SetExcludedRules sets the ExcludedRules field's value.
func (s *ManagedRuleGroupStatement) SetManagedRuleGroupConfigs(v []*ManagedRuleGroupConfig) *ManagedRuleGroupStatement
SetManagedRuleGroupConfigs sets the ManagedRuleGroupConfigs field's value.
func (s *ManagedRuleGroupStatement) SetName(v string) *ManagedRuleGroupStatement
SetName sets the Name field's value.
func (s *ManagedRuleGroupStatement) SetRuleActionOverrides(v []*RuleActionOverride) *ManagedRuleGroupStatement
SetRuleActionOverrides sets the RuleActionOverrides field's value.
func (s *ManagedRuleGroupStatement) SetScopeDownStatement(v *Statement) *ManagedRuleGroupStatement
SetScopeDownStatement sets the ScopeDownStatement field's value.
func (s *ManagedRuleGroupStatement) SetVendorName(v string) *ManagedRuleGroupStatement
SetVendorName sets the VendorName field's value.
func (s *ManagedRuleGroupStatement) SetVersion(v string) *ManagedRuleGroupStatement
SetVersion sets the Version field's value.
func (s ManagedRuleGroupStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ManagedRuleGroupStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ManagedRuleGroupSummary struct {
// The description of the managed rule group, provided by Amazon Web Services
// Managed Rules or the Amazon Web Services Marketplace seller who manages it.
Description *string `min:"1" type:"string"`
// The name of the managed rule group. You use this, along with the vendor name,
// to identify the rule group.
Name *string `min:"1" type:"string"`
// The name of the managed rule group vendor. You use this, along with the rule
// group name, to identify a rule group.
VendorName *string `min:"1" type:"string"`
// Indicates whether the managed rule group is versioned. If it is, you can
// retrieve the versions list by calling ListAvailableManagedRuleGroupVersions.
VersioningSupported *bool `type:"boolean"`
// contains filtered or unexported fields
}
High-level information about a managed rule group, returned by ListAvailableManagedRuleGroups. This provides information like the name and vendor name, that you provide when you add a ManagedRuleGroupStatement to a web ACL. Managed rule groups include Amazon Web Services Managed Rules rule groups and Amazon Web Services Marketplace managed rule groups. To use any Amazon Web Services Marketplace managed rule group, first subscribe to the rule group through Amazon Web Services Marketplace.
func (s ManagedRuleGroupSummary) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ManagedRuleGroupSummary) SetDescription(v string) *ManagedRuleGroupSummary
SetDescription sets the Description field's value.
func (s *ManagedRuleGroupSummary) SetName(v string) *ManagedRuleGroupSummary
SetName sets the Name field's value.
func (s *ManagedRuleGroupSummary) SetVendorName(v string) *ManagedRuleGroupSummary
SetVendorName sets the VendorName field's value.
func (s *ManagedRuleGroupSummary) SetVersioningSupported(v bool) *ManagedRuleGroupSummary
SetVersioningSupported sets the VersioningSupported field's value.
func (s ManagedRuleGroupSummary) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ManagedRuleGroupVersion struct {
// The date and time that the managed rule group owner updated the rule group
// version information.
LastUpdateTimestamp *time.Time `type:"timestamp"`
// The version name.
Name *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
Describes a single version of a managed rule group.
func (s ManagedRuleGroupVersion) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ManagedRuleGroupVersion) SetLastUpdateTimestamp(v time.Time) *ManagedRuleGroupVersion
SetLastUpdateTimestamp sets the LastUpdateTimestamp field's value.
func (s *ManagedRuleGroupVersion) SetName(v string) *ManagedRuleGroupVersion
SetName sets the Name field's value.
func (s ManagedRuleGroupVersion) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ManagedRuleSet struct {
// The Amazon Resource Name (ARN) of the entity.
//
// ARN is a required field
ARN *string `min:"20" type:"string" required:"true"`
// A description of the set that helps with identification.
Description *string `min:"1" type:"string"`
// A unique identifier for the managed rule set. The ID is returned in the responses
// to commands like list. You provide it to operations like get and update.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// The label namespace prefix for the managed rule groups that are offered to
// customers from this managed rule set. All labels that are added by rules
// in the managed rule group have this prefix.
//
// * The syntax for the label namespace prefix for a managed rule group is
// the following: awswaf:managed:<vendor>:<rule group name>:
//
// * When a rule with a label matches a web request, WAF adds the fully qualified
// label to the request. A fully qualified label is made up of the label
// namespace from the rule group or web ACL where the rule is defined and
// the label from the rule, separated by a colon: <label namespace>:<label
// from rule>
LabelNamespace *string `min:"1" type:"string"`
// The name of the managed rule set. You use this, along with the rule set ID,
// to identify the rule set.
//
// This name is assigned to the corresponding managed rule group, which your
// customers can access and use.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// The versions of this managed rule set that are available for use by customers.
PublishedVersions map[string]*ManagedRuleSetVersion `type:"map"`
// The version that you would like your customers to use.
RecommendedVersion *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
A set of rules that is managed by Amazon Web Services and Amazon Web Services Marketplace sellers to provide versioned managed rule groups for customers of WAF.
This is intended for use only by vendors of managed rule sets. Vendors are Amazon Web Services and Amazon Web Services Marketplace sellers.
Vendors, you can use the managed rule set APIs to provide controlled rollout of your versioned managed rule group offerings for your customers. The APIs are ListManagedRuleSets, GetManagedRuleSet, PutManagedRuleSetVersions, and UpdateManagedRuleSetVersionExpiryDate.
func (s ManagedRuleSet) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ManagedRuleSet) SetARN(v string) *ManagedRuleSet
SetARN sets the ARN field's value.
func (s *ManagedRuleSet) SetDescription(v string) *ManagedRuleSet
SetDescription sets the Description field's value.
func (s *ManagedRuleSet) SetId(v string) *ManagedRuleSet
SetId sets the Id field's value.
func (s *ManagedRuleSet) SetLabelNamespace(v string) *ManagedRuleSet
SetLabelNamespace sets the LabelNamespace field's value.
func (s *ManagedRuleSet) SetName(v string) *ManagedRuleSet
SetName sets the Name field's value.
func (s *ManagedRuleSet) SetPublishedVersions(v map[string]*ManagedRuleSetVersion) *ManagedRuleSet
SetPublishedVersions sets the PublishedVersions field's value.
func (s *ManagedRuleSet) SetRecommendedVersion(v string) *ManagedRuleSet
SetRecommendedVersion sets the RecommendedVersion field's value.
func (s ManagedRuleSet) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ManagedRuleSetSummary struct {
// The Amazon Resource Name (ARN) of the entity.
ARN *string `min:"20" type:"string"`
// A description of the set that helps with identification.
Description *string `min:"1" type:"string"`
// A unique identifier for the managed rule set. The ID is returned in the responses
// to commands like list. You provide it to operations like get and update.
Id *string `min:"1" type:"string"`
// The label namespace prefix for the managed rule groups that are offered to
// customers from this managed rule set. All labels that are added by rules
// in the managed rule group have this prefix.
//
// * The syntax for the label namespace prefix for a managed rule group is
// the following: awswaf:managed:<vendor>:<rule group name>:
//
// * When a rule with a label matches a web request, WAF adds the fully qualified
// label to the request. A fully qualified label is made up of the label
// namespace from the rule group or web ACL where the rule is defined and
// the label from the rule, separated by a colon: <label namespace>:<label
// from rule>
LabelNamespace *string `min:"1" type:"string"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
LockToken *string `min:"1" type:"string"`
// The name of the managed rule set. You use this, along with the rule set ID,
// to identify the rule set.
//
// This name is assigned to the corresponding managed rule group, which your
// customers can access and use.
Name *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
High-level information for a managed rule set.
This is intended for use only by vendors of managed rule sets. Vendors are Amazon Web Services and Amazon Web Services Marketplace sellers.
Vendors, you can use the managed rule set APIs to provide controlled rollout of your versioned managed rule group offerings for your customers. The APIs are ListManagedRuleSets, GetManagedRuleSet, PutManagedRuleSetVersions, and UpdateManagedRuleSetVersionExpiryDate.
func (s ManagedRuleSetSummary) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ManagedRuleSetSummary) SetARN(v string) *ManagedRuleSetSummary
SetARN sets the ARN field's value.
func (s *ManagedRuleSetSummary) SetDescription(v string) *ManagedRuleSetSummary
SetDescription sets the Description field's value.
func (s *ManagedRuleSetSummary) SetId(v string) *ManagedRuleSetSummary
SetId sets the Id field's value.
func (s *ManagedRuleSetSummary) SetLabelNamespace(v string) *ManagedRuleSetSummary
SetLabelNamespace sets the LabelNamespace field's value.
func (s *ManagedRuleSetSummary) SetLockToken(v string) *ManagedRuleSetSummary
SetLockToken sets the LockToken field's value.
func (s *ManagedRuleSetSummary) SetName(v string) *ManagedRuleSetSummary
SetName sets the Name field's value.
func (s ManagedRuleSetSummary) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ManagedRuleSetVersion struct {
// The Amazon Resource Name (ARN) of the vendor rule group that's used to define
// the published version of your managed rule group.
AssociatedRuleGroupArn *string `min:"20" type:"string"`
// The web ACL capacity units (WCUs) required for this rule group.
//
// WAF uses WCUs to calculate and control the operating resources that are used
// to run your rules, rule groups, and web ACLs. WAF calculates capacity differently
// for each rule type, to reflect the relative cost of each rule. Simple rules
// that cost little to run use fewer WCUs than more complex rules that use more
// processing power. Rule group capacity is fixed at creation, which helps users
// plan their web ACL WCU usage when they use a rule group. For more information,
// see WAF web ACL capacity units (WCU) (https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html)
// in the WAF Developer Guide.
Capacity *int64 `min:"1" type:"long"`
// The time that this version is set to expire.
//
// Times are in Coordinated Universal Time (UTC) format. UTC format includes
// the special designator, Z. For example, "2016-09-27T14:50Z".
ExpiryTimestamp *time.Time `type:"timestamp"`
// The amount of time you expect this version of your managed rule group to
// last, in days.
ForecastedLifetime *int64 `min:"1" type:"integer"`
// The last time that you updated this version.
//
// Times are in Coordinated Universal Time (UTC) format. UTC format includes
// the special designator, Z. For example, "2016-09-27T14:50Z".
LastUpdateTimestamp *time.Time `type:"timestamp"`
// The time that you first published this version.
//
// Times are in Coordinated Universal Time (UTC) format. UTC format includes
// the special designator, Z. For example, "2016-09-27T14:50Z".
PublishTimestamp *time.Time `type:"timestamp"`
// contains filtered or unexported fields
}
Information for a single version of a managed rule set.
This is intended for use only by vendors of managed rule sets. Vendors are Amazon Web Services and Amazon Web Services Marketplace sellers.
Vendors, you can use the managed rule set APIs to provide controlled rollout of your versioned managed rule group offerings for your customers. The APIs are ListManagedRuleSets, GetManagedRuleSet, PutManagedRuleSetVersions, and UpdateManagedRuleSetVersionExpiryDate.
func (s ManagedRuleSetVersion) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ManagedRuleSetVersion) SetAssociatedRuleGroupArn(v string) *ManagedRuleSetVersion
SetAssociatedRuleGroupArn sets the AssociatedRuleGroupArn field's value.
func (s *ManagedRuleSetVersion) SetCapacity(v int64) *ManagedRuleSetVersion
SetCapacity sets the Capacity field's value.
func (s *ManagedRuleSetVersion) SetExpiryTimestamp(v time.Time) *ManagedRuleSetVersion
SetExpiryTimestamp sets the ExpiryTimestamp field's value.
func (s *ManagedRuleSetVersion) SetForecastedLifetime(v int64) *ManagedRuleSetVersion
SetForecastedLifetime sets the ForecastedLifetime field's value.
func (s *ManagedRuleSetVersion) SetLastUpdateTimestamp(v time.Time) *ManagedRuleSetVersion
SetLastUpdateTimestamp sets the LastUpdateTimestamp field's value.
func (s *ManagedRuleSetVersion) SetPublishTimestamp(v time.Time) *ManagedRuleSetVersion
SetPublishTimestamp sets the PublishTimestamp field's value.
func (s ManagedRuleSetVersion) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type Method struct {
// contains filtered or unexported fields
}
Inspect the HTTP method of the web request. The method indicates the type of operation that the request is asking the origin to perform.
This is used in the FieldToMatch specification for some web request component types.
JSON specification: "Method": {}
func (s Method) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s Method) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type MobileSdkRelease struct {
// Notes describing the release.
ReleaseNotes *string `type:"string"`
// The release version.
ReleaseVersion *string `min:"1" type:"string"`
// Tags that are associated with the release.
Tags []*Tag `min:"1" type:"list"`
// The timestamp of the release.
Timestamp *time.Time `type:"timestamp"`
// contains filtered or unexported fields
}
Information for a release of the mobile SDK, including release notes and tags.
The mobile SDK is not generally available. Customers who have access to the mobile SDK can use it to establish and manage WAF tokens for use in HTTP(S) requests from a mobile device to WAF. For more information, see WAF client application integration (https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html) in the WAF Developer Guide.
func (s MobileSdkRelease) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *MobileSdkRelease) SetReleaseNotes(v string) *MobileSdkRelease
SetReleaseNotes sets the ReleaseNotes field's value.
func (s *MobileSdkRelease) SetReleaseVersion(v string) *MobileSdkRelease
SetReleaseVersion sets the ReleaseVersion field's value.
func (s *MobileSdkRelease) SetTags(v []*Tag) *MobileSdkRelease
SetTags sets the Tags field's value.
func (s *MobileSdkRelease) SetTimestamp(v time.Time) *MobileSdkRelease
SetTimestamp sets the Timestamp field's value.
func (s MobileSdkRelease) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type NoneAction struct {
// contains filtered or unexported fields
}
Specifies that WAF should do nothing. This is used for the OverrideAction setting on a Rule when the rule uses a rule group reference statement.
This is used in the context of other settings, for example to specify values for RuleAction and web ACL DefaultAction.
JSON specification: "None": {}
func (s NoneAction) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s NoneAction) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type NotStatement struct {
// The statement to negate. You can use any statement that can be nested.
//
// Statement is a required field
Statement *Statement `type:"structure" required:"true"`
// contains filtered or unexported fields
}
A logical rule statement used to negate the results of another rule statement. You provide one Statement within the NotStatement.
func (s NotStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *NotStatement) SetStatement(v *Statement) *NotStatement
SetStatement sets the Statement field's value.
func (s NotStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *NotStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type OrStatement struct {
// The statements to combine with OR logic. You can use any statements that
// can be nested.
//
// Statements is a required field
Statements []*Statement `type:"list" required:"true"`
// contains filtered or unexported fields
}
A logical rule statement used to combine other rule statements with OR logic. You provide more than one Statement within the OrStatement.
func (s OrStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OrStatement) SetStatements(v []*Statement) *OrStatement
SetStatements sets the Statements field's value.
func (s OrStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OrStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type OverrideAction struct {
// Override the rule group evaluation result to count only.
//
// This option is usually set to none. It does not affect how the rules in the
// rule group are evaluated. If you want the rules in the rule group to only
// count matches, do not use this and instead use the rule action override option,
// with Count action, in your rule group reference statement settings.
Count *CountAction `type:"structure"`
// Don't override the rule group evaluation result. This is the most common
// setting.
None *NoneAction `type:"structure"`
// contains filtered or unexported fields
}
The action to use in the place of the action that results from the rule group evaluation. Set the override action to none to leave the result of the rule group alone. Set it to count to override the result to count only.
You can only use this for rule statements that reference a rule group, like RuleGroupReferenceStatement and ManagedRuleGroupStatement.
This option is usually set to none. It does not affect how the rules in the rule group are evaluated. If you want the rules in the rule group to only count matches, do not use this and instead use the rule action override option, with Count action, in your rule group reference statement settings.
func (s OverrideAction) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OverrideAction) SetCount(v *CountAction) *OverrideAction
SetCount sets the Count field's value.
func (s *OverrideAction) SetNone(v *NoneAction) *OverrideAction
SetNone sets the None field's value.
func (s OverrideAction) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OverrideAction) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type PasswordField struct {
// The name of the password field. For example /form/password.
//
// Identifier is a required field
Identifier *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
Details about your login page password field for request inspection, used in the AWSManagedRulesATPRuleSet RequestInspection configuration.
func (s PasswordField) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PasswordField) SetIdentifier(v string) *PasswordField
SetIdentifier sets the Identifier field's value.
func (s PasswordField) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PasswordField) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type PutLoggingConfigurationInput struct {
// Defines an association between logging destinations and a web ACL resource,
// for logging from WAF. As part of the association, you can specify parts of
// the standard logging fields to keep out of the logs and you can specify filters
// so that you log only a subset of the logging records.
//
// You can define one logging destination per web ACL.
//
// You can access information about the traffic that WAF inspects using the
// following steps:
//
// Create your logging destination. You can use an Amazon CloudWatch Logs log
// group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon
// Kinesis Data Firehose.
//
// The name that you give the destination must start with aws-waf-logs-. Depending
// on the type of destination, you might need to configure additional settings
// or permissions.
//
// For configuration requirements and pricing information for each destination
// type, see Logging web ACL traffic (https://docs.aws.amazon.com/waf/latest/developerguide/logging.html)
// in the WAF Developer Guide.
//
// Associate your logging destination to your web ACL using a PutLoggingConfiguration
// request.
//
// When you successfully enable logging using a PutLoggingConfiguration request,
// WAF creates an additional role or policy that is required to write logs to
// the logging destination. For an Amazon CloudWatch Logs log group, WAF creates
// a resource policy on the log group. For an Amazon S3 bucket, WAF creates
// a bucket policy. For an Amazon Kinesis Data Firehose, WAF creates a service-linked
// role.
//
// For additional information about web ACL logging, see Logging web ACL traffic
// information (https://docs.aws.amazon.com/waf/latest/developerguide/logging.html)
// in the WAF Developer Guide.
//
// LoggingConfiguration is a required field
LoggingConfiguration *LoggingConfiguration `type:"structure" required:"true"`
// contains filtered or unexported fields
}
func (s PutLoggingConfigurationInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PutLoggingConfigurationInput) SetLoggingConfiguration(v *LoggingConfiguration) *PutLoggingConfigurationInput
SetLoggingConfiguration sets the LoggingConfiguration field's value.
func (s PutLoggingConfigurationInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PutLoggingConfigurationInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type PutLoggingConfigurationOutput struct {
// Defines an association between logging destinations and a web ACL resource,
// for logging from WAF. As part of the association, you can specify parts of
// the standard logging fields to keep out of the logs and you can specify filters
// so that you log only a subset of the logging records.
//
// You can define one logging destination per web ACL.
//
// You can access information about the traffic that WAF inspects using the
// following steps:
//
// Create your logging destination. You can use an Amazon CloudWatch Logs log
// group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon
// Kinesis Data Firehose.
//
// The name that you give the destination must start with aws-waf-logs-. Depending
// on the type of destination, you might need to configure additional settings
// or permissions.
//
// For configuration requirements and pricing information for each destination
// type, see Logging web ACL traffic (https://docs.aws.amazon.com/waf/latest/developerguide/logging.html)
// in the WAF Developer Guide.
//
// Associate your logging destination to your web ACL using a PutLoggingConfiguration
// request.
//
// When you successfully enable logging using a PutLoggingConfiguration request,
// WAF creates an additional role or policy that is required to write logs to
// the logging destination. For an Amazon CloudWatch Logs log group, WAF creates
// a resource policy on the log group. For an Amazon S3 bucket, WAF creates
// a bucket policy. For an Amazon Kinesis Data Firehose, WAF creates a service-linked
// role.
//
// For additional information about web ACL logging, see Logging web ACL traffic
// information (https://docs.aws.amazon.com/waf/latest/developerguide/logging.html)
// in the WAF Developer Guide.
LoggingConfiguration *LoggingConfiguration `type:"structure"`
// contains filtered or unexported fields
}
func (s PutLoggingConfigurationOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PutLoggingConfigurationOutput) SetLoggingConfiguration(v *LoggingConfiguration) *PutLoggingConfigurationOutput
SetLoggingConfiguration sets the LoggingConfiguration field's value.
func (s PutLoggingConfigurationOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type PutManagedRuleSetVersionsInput struct {
// A unique identifier for the managed rule set. The ID is returned in the responses
// to commands like list. You provide it to operations like get and update.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
//
// LockToken is a required field
LockToken *string `min:"1" type:"string" required:"true"`
// The name of the managed rule set. You use this, along with the rule set ID,
// to identify the rule set.
//
// This name is assigned to the corresponding managed rule group, which your
// customers can access and use.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// The version of the named managed rule group that you'd like your customers
// to choose, from among your version offerings.
RecommendedVersion *string `min:"1" type:"string"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon
// Cognito user pool, an App Runner service, or an Amazon Web Services Verified
// Access instance.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// The versions of the named managed rule group that you want to offer to your
// customers.
VersionsToPublish map[string]*VersionToPublish `type:"map"`
// contains filtered or unexported fields
}
func (s PutManagedRuleSetVersionsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PutManagedRuleSetVersionsInput) SetId(v string) *PutManagedRuleSetVersionsInput
SetId sets the Id field's value.
func (s *PutManagedRuleSetVersionsInput) SetLockToken(v string) *PutManagedRuleSetVersionsInput
SetLockToken sets the LockToken field's value.
func (s *PutManagedRuleSetVersionsInput) SetName(v string) *PutManagedRuleSetVersionsInput
SetName sets the Name field's value.
func (s *PutManagedRuleSetVersionsInput) SetRecommendedVersion(v string) *PutManagedRuleSetVersionsInput
SetRecommendedVersion sets the RecommendedVersion field's value.
func (s *PutManagedRuleSetVersionsInput) SetScope(v string) *PutManagedRuleSetVersionsInput
SetScope sets the Scope field's value.
func (s *PutManagedRuleSetVersionsInput) SetVersionsToPublish(v map[string]*VersionToPublish) *PutManagedRuleSetVersionsInput
SetVersionsToPublish sets the VersionsToPublish field's value.
func (s PutManagedRuleSetVersionsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PutManagedRuleSetVersionsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type PutManagedRuleSetVersionsOutput struct {
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
NextLockToken *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
func (s PutManagedRuleSetVersionsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PutManagedRuleSetVersionsOutput) SetNextLockToken(v string) *PutManagedRuleSetVersionsOutput
SetNextLockToken sets the NextLockToken field's value.
func (s PutManagedRuleSetVersionsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type PutPermissionPolicyInput struct {
// The policy to attach to the specified rule group.
//
// The policy specifications must conform to the following:
//
// * The policy must be composed using IAM Policy version 2012-10-17.
//
// * The policy must include specifications for Effect, Action, and Principal.
//
// * Effect must specify Allow.
//
// * Action must specify wafv2:CreateWebACL, wafv2:UpdateWebACL, and wafv2:PutFirewallManagerRuleGroups
// and may optionally specify wafv2:GetRuleGroup. WAF rejects any extra actions
// or wildcard actions in the policy.
//
// * The policy must not include a Resource parameter.
//
// For more information, see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html).
//
// Policy is a required field
Policy *string `min:"1" type:"string" required:"true"`
// The Amazon Resource Name (ARN) of the RuleGroup to which you want to attach
// the policy.
//
// ResourceArn is a required field
ResourceArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s PutPermissionPolicyInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PutPermissionPolicyInput) SetPolicy(v string) *PutPermissionPolicyInput
SetPolicy sets the Policy field's value.
func (s *PutPermissionPolicyInput) SetResourceArn(v string) *PutPermissionPolicyInput
SetResourceArn sets the ResourceArn field's value.
func (s PutPermissionPolicyInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PutPermissionPolicyInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type PutPermissionPolicyOutput struct {
// contains filtered or unexported fields
}
func (s PutPermissionPolicyOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s PutPermissionPolicyOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type QueryString struct {
// contains filtered or unexported fields
}
Inspect the query string of the web request. This is the part of a URL that appears after a ? character, if any.
This is used in the FieldToMatch specification for some web request component types.
JSON specification: "QueryString": {}
func (s QueryString) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s QueryString) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type RateBasedStatement struct {
// Setting that indicates how to aggregate the request counts.
//
// Web requests that are missing any of the components specified in the aggregation
// keys are omitted from the rate-based rule evaluation and handling.
//
// * CONSTANT - Count and limit the requests that match the rate-based rule's
// scope-down statement. With this option, the counted requests aren't further
// aggregated. The scope-down statement is the only specification used. When
// the count of all requests that satisfy the scope-down statement goes over
// the limit, WAF applies the rule action to all requests that satisfy the
// scope-down statement. With this option, you must configure the ScopeDownStatement
// property.
//
// * CUSTOM_KEYS - Aggregate the request counts using one or more web request
// components as the aggregate keys. With this option, you must specify the
// aggregate keys in the CustomKeys property. To aggregate on only the IP
// address or only the forwarded IP address, don't use custom keys. Instead,
// set the aggregate key type to IP or FORWARDED_IP.
//
// * FORWARDED_IP - Aggregate the request counts on the first IP address
// in an HTTP header. With this option, you must specify the header to use
// in the ForwardedIPConfig property. To aggregate on a combination of the
// forwarded IP address with other aggregate keys, use CUSTOM_KEYS.
//
// * IP - Aggregate the request counts on the IP address from the web request
// origin. To aggregate on a combination of the IP address with other aggregate
// keys, use CUSTOM_KEYS.
//
// AggregateKeyType is a required field
AggregateKeyType *string `type:"string" required:"true" enum:"RateBasedStatementAggregateKeyType"`
// Specifies the aggregate keys to use in a rate-base rule.
CustomKeys []*RateBasedStatementCustomKey `min:"1" type:"list"`
// The configuration for inspecting IP addresses in an HTTP header that you
// specify, instead of using the IP address that's reported by the web request
// origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify
// any header name.
//
// If the specified header isn't present in the request, WAF doesn't apply the
// rule to the web request at all.
//
// This is required if you specify a forwarded IP in the rule's aggregate key
// settings.
ForwardedIPConfig *ForwardedIPConfig `type:"structure"`
// The limit on requests per 5-minute period for a single aggregation instance
// for the rate-based rule. If the rate-based statement includes a ScopeDownStatement,
// this limit is applied only to the requests that match the statement.
//
// Examples:
//
// * If you aggregate on just the IP address, this is the limit on requests
// from any single IP address.
//
// * If you aggregate on the HTTP method and the query argument name "city",
// then this is the limit on requests for any single method, city pair.
//
// Limit is a required field
Limit *int64 `min:"100" type:"long" required:"true"`
// An optional nested statement that narrows the scope of the web requests that
// are evaluated and managed by the rate-based statement. When you use a scope-down
// statement, the rate-based rule only tracks and rate limits requests that
// match the scope-down statement. You can use any nestable Statement in the
// scope-down statement, and you can nest statements at any level, the same
// as you can for a rule statement.
ScopeDownStatement *Statement `type:"structure"`
// contains filtered or unexported fields
}
A rate-based rule counts incoming requests and rate limits requests when they are coming at too fast a rate. The rule categorizes requests according to your aggregation criteria, collects them into aggregation instances, and counts and rate limits the requests for each instance.
You can specify individual aggregation keys, like IP address or HTTP method. You can also specify aggregation key combinations, like IP address and HTTP method, or HTTP method, query argument, and cookie.
Each unique set of values for the aggregation keys that you specify is a separate aggregation instance, with the value from each key contributing to the aggregation instance definition.
For example, assume the rule evaluates web requests with the following IP address and HTTP method values:
IP address 10.1.1.1, HTTP method POST
IP address 10.1.1.1, HTTP method GET
IP address 127.0.0.0, HTTP method POST
IP address 10.1.1.1, HTTP method GET
The rule would create different aggregation instances according to your aggregation criteria, for example:
If the aggregation criteria is just the IP address, then each individual address is an aggregation instance, and WAF counts requests separately for each. The aggregation instances and request counts for our example would be the following: IP address 10.1.1.1: count 3 IP address 127.0.0.0: count 1
If the aggregation criteria is HTTP method, then each individual HTTP method is an aggregation instance. The aggregation instances and request counts for our example would be the following: HTTP method POST: count 2 HTTP method GET: count 2
If the aggregation criteria is IP address and HTTP method, then each IP address and each HTTP method would contribute to the combined aggregation instance. The aggregation instances and request counts for our example would be the following: IP address 10.1.1.1, HTTP method POST: count 1 IP address 10.1.1.1, HTTP method GET: count 2 IP address 127.0.0.0, HTTP method POST: count 1
For any n-tuple of aggregation keys, each unique combination of values for the keys defines a separate aggregation instance, which WAF counts and rate-limits individually.
You can optionally nest another statement inside the rate-based statement, to narrow the scope of the rule so that it only counts and rate limits requests that match the nested statement. You can use this nested scope-down statement in conjunction with your aggregation key specifications or you can just count and rate limit all requests that match the scope-down statement, without additional aggregation. When you choose to just manage all requests that match a scope-down statement, the aggregation instance is singular for the rule.
You cannot nest a RateBasedStatement inside another statement, for example inside a NotStatement or OrStatement. You can define a RateBasedStatement inside a web ACL and inside a rule group.
For additional information about the options, see Rate limiting web requests using rate-based rules (https://docs.aws.amazon.com/waf/latest/developerguide/waf-rate-based-rules.html) in the WAF Developer Guide.
If you only aggregate on the individual IP address or forwarded IP address, you can retrieve the list of IP addresses that WAF is currently rate limiting for a rule through the API call GetRateBasedStatementManagedKeys. This option is not available for other aggregation configurations.
WAF tracks and manages web requests separately for each instance of a rate-based rule that you use. For example, if you provide the same rate-based rule settings in two web ACLs, each of the two rule statements represents a separate instance of the rate-based rule and gets its own tracking and management by WAF. If you define a rate-based rule inside a rule group, and then use that rule group in multiple places, each use creates a separate instance of the rate-based rule that gets its own tracking and management by WAF.
func (s RateBasedStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RateBasedStatement) SetAggregateKeyType(v string) *RateBasedStatement
SetAggregateKeyType sets the AggregateKeyType field's value.
func (s *RateBasedStatement) SetCustomKeys(v []*RateBasedStatementCustomKey) *RateBasedStatement
SetCustomKeys sets the CustomKeys field's value.
func (s *RateBasedStatement) SetForwardedIPConfig(v *ForwardedIPConfig) *RateBasedStatement
SetForwardedIPConfig sets the ForwardedIPConfig field's value.
func (s *RateBasedStatement) SetLimit(v int64) *RateBasedStatement
SetLimit sets the Limit field's value.
func (s *RateBasedStatement) SetScopeDownStatement(v *Statement) *RateBasedStatement
SetScopeDownStatement sets the ScopeDownStatement field's value.
func (s RateBasedStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RateBasedStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type RateBasedStatementCustomKey struct {
// Use the value of a cookie in the request as an aggregate key. Each distinct
// value in the cookie contributes to the aggregation instance. If you use a
// single cookie as your custom key, then each value fully defines an aggregation
// instance.
Cookie *RateLimitCookie `type:"structure"`
// Use the first IP address in an HTTP header as an aggregate key. Each distinct
// forwarded IP address contributes to the aggregation instance.
//
// When you specify an IP or forwarded IP in the custom key settings, you must
// also specify at least one other key to use. You can aggregate on only the
// forwarded IP address by specifying FORWARDED_IP in your rate-based statement's
// AggregateKeyType.
//
// With this option, you must specify the header to use in the rate-based rule's
// ForwardedIPConfig property.
ForwardedIP *RateLimitForwardedIP `type:"structure"`
// Use the request's HTTP method as an aggregate key. Each distinct HTTP method
// contributes to the aggregation instance. If you use just the HTTP method
// as your custom key, then each method fully defines an aggregation instance.
HTTPMethod *RateLimitHTTPMethod `type:"structure"`
// Use the value of a header in the request as an aggregate key. Each distinct
// value in the header contributes to the aggregation instance. If you use a
// single header as your custom key, then each value fully defines an aggregation
// instance.
Header *RateLimitHeader `type:"structure"`
// Use the request's originating IP address as an aggregate key. Each distinct
// IP address contributes to the aggregation instance.
//
// When you specify an IP or forwarded IP in the custom key settings, you must
// also specify at least one other key to use. You can aggregate on only the
// IP address by specifying IP in your rate-based statement's AggregateKeyType.
IP *RateLimitIP `type:"structure"`
// Use the specified label namespace as an aggregate key. Each distinct fully
// qualified label name that has the specified label namespace contributes to
// the aggregation instance. If you use just one label namespace as your custom
// key, then each label name fully defines an aggregation instance.
//
// This uses only labels that have been added to the request by rules that are
// evaluated before this rate-based rule in the web ACL.
//
// For information about label namespaces and names, see Label syntax and naming
// requirements (https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-label-requirements.html)
// in the WAF Developer Guide.
LabelNamespace *RateLimitLabelNamespace `type:"structure"`
// Use the specified query argument as an aggregate key. Each distinct value
// for the named query argument contributes to the aggregation instance. If
// you use a single query argument as your custom key, then each value fully
// defines an aggregation instance.
QueryArgument *RateLimitQueryArgument `type:"structure"`
// Use the request's query string as an aggregate key. Each distinct string
// contributes to the aggregation instance. If you use just the query string
// as your custom key, then each string fully defines an aggregation instance.
QueryString *RateLimitQueryString `type:"structure"`
// contains filtered or unexported fields
}
Specifies a single custom aggregate key for a rate-base rule.
Web requests that are missing any of the components specified in the aggregation keys are omitted from the rate-based rule evaluation and handling.
func (s RateBasedStatementCustomKey) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RateBasedStatementCustomKey) SetCookie(v *RateLimitCookie) *RateBasedStatementCustomKey
SetCookie sets the Cookie field's value.
func (s *RateBasedStatementCustomKey) SetForwardedIP(v *RateLimitForwardedIP) *RateBasedStatementCustomKey
SetForwardedIP sets the ForwardedIP field's value.
func (s *RateBasedStatementCustomKey) SetHTTPMethod(v *RateLimitHTTPMethod) *RateBasedStatementCustomKey
SetHTTPMethod sets the HTTPMethod field's value.
func (s *RateBasedStatementCustomKey) SetHeader(v *RateLimitHeader) *RateBasedStatementCustomKey
SetHeader sets the Header field's value.
func (s *RateBasedStatementCustomKey) SetIP(v *RateLimitIP) *RateBasedStatementCustomKey
SetIP sets the IP field's value.
func (s *RateBasedStatementCustomKey) SetLabelNamespace(v *RateLimitLabelNamespace) *RateBasedStatementCustomKey
SetLabelNamespace sets the LabelNamespace field's value.
func (s *RateBasedStatementCustomKey) SetQueryArgument(v *RateLimitQueryArgument) *RateBasedStatementCustomKey
SetQueryArgument sets the QueryArgument field's value.
func (s *RateBasedStatementCustomKey) SetQueryString(v *RateLimitQueryString) *RateBasedStatementCustomKey
SetQueryString sets the QueryString field's value.
func (s RateBasedStatementCustomKey) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RateBasedStatementCustomKey) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type RateBasedStatementManagedKeysIPSet struct {
// The IP addresses that are currently blocked.
Addresses []*string `type:"list"`
// The version of the IP addresses, either IPV4 or IPV6.
IPAddressVersion *string `type:"string" enum:"IPAddressVersion"`
// contains filtered or unexported fields
}
The set of IP addresses that are currently blocked for a RateBasedStatement. This is only available for rate-based rules that aggregate on just the IP address, with the AggregateKeyType set to IP or FORWARDED_IP.
A rate-based rule applies its rule action to requests from IP addresses that are in the rule's managed keys list and that match the rule's scope-down statement. When a rule has no scope-down statement, it applies the action to all requests from the IP addresses that are in the list. The rule applies its rule action to rate limit the matching requests. The action is usually Block but it can be any valid rule action except for Allow.
The maximum number of IP addresses that can be rate limited by a single rate-based rule instance is 10,000. If more than 10,000 addresses exceed the rate limit, WAF limits those with the highest rates.
func (s RateBasedStatementManagedKeysIPSet) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RateBasedStatementManagedKeysIPSet) SetAddresses(v []*string) *RateBasedStatementManagedKeysIPSet
SetAddresses sets the Addresses field's value.
func (s *RateBasedStatementManagedKeysIPSet) SetIPAddressVersion(v string) *RateBasedStatementManagedKeysIPSet
SetIPAddressVersion sets the IPAddressVersion field's value.
func (s RateBasedStatementManagedKeysIPSet) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type RateLimitCookie struct {
// The name of the cookie to use.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Text transformations eliminate some of the unusual formatting that attackers
// use in web requests in an effort to bypass detection. Text transformations
// are used in rule match statements, to transform the FieldToMatch request
// component before inspecting it, and they're used in rate-based rule statements,
// to transform request components before using them as custom aggregation keys.
// If you specify one or more transformations to apply, WAF performs all transformations
// on the specified content, starting from the lowest priority setting, and
// then uses the component contents.
//
// TextTransformations is a required field
TextTransformations []*TextTransformation `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
Specifies a cookie as an aggregate key for a rate-based rule. Each distinct value in the cookie contributes to the aggregation instance. If you use a single cookie as your custom key, then each value fully defines an aggregation instance.
func (s RateLimitCookie) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RateLimitCookie) SetName(v string) *RateLimitCookie
SetName sets the Name field's value.
func (s *RateLimitCookie) SetTextTransformations(v []*TextTransformation) *RateLimitCookie
SetTextTransformations sets the TextTransformations field's value.
func (s RateLimitCookie) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RateLimitCookie) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type RateLimitForwardedIP struct {
// contains filtered or unexported fields
}
Specifies the first IP address in an HTTP header as an aggregate key for a rate-based rule. Each distinct forwarded IP address contributes to the aggregation instance.
This setting is used only in the RateBasedStatementCustomKey specification of a rate-based rule statement. When you specify an IP or forwarded IP in the custom key settings, you must also specify at least one other key to use. You can aggregate on only the forwarded IP address by specifying FORWARDED_IP in your rate-based statement's AggregateKeyType.
This data type supports using the forwarded IP address in the web request aggregation for a rate-based rule, in RateBasedStatementCustomKey. The JSON specification for using the forwarded IP address doesn't explicitly use this data type.
JSON specification: "ForwardedIP": {}
When you use this specification, you must also configure the forwarded IP address in the rate-based statement's ForwardedIPConfig.
func (s RateLimitForwardedIP) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s RateLimitForwardedIP) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type RateLimitHTTPMethod struct {
// contains filtered or unexported fields
}
Specifies the request's HTTP method as an aggregate key for a rate-based rule. Each distinct HTTP method contributes to the aggregation instance. If you use just the HTTP method as your custom key, then each method fully defines an aggregation instance.
JSON specification: "RateLimitHTTPMethod": {}
func (s RateLimitHTTPMethod) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s RateLimitHTTPMethod) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type RateLimitHeader struct {
// The name of the header to use.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Text transformations eliminate some of the unusual formatting that attackers
// use in web requests in an effort to bypass detection. Text transformations
// are used in rule match statements, to transform the FieldToMatch request
// component before inspecting it, and they're used in rate-based rule statements,
// to transform request components before using them as custom aggregation keys.
// If you specify one or more transformations to apply, WAF performs all transformations
// on the specified content, starting from the lowest priority setting, and
// then uses the component contents.
//
// TextTransformations is a required field
TextTransformations []*TextTransformation `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
Specifies a header as an aggregate key for a rate-based rule. Each distinct value in the header contributes to the aggregation instance. If you use a single header as your custom key, then each value fully defines an aggregation instance.
func (s RateLimitHeader) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RateLimitHeader) SetName(v string) *RateLimitHeader
SetName sets the Name field's value.
func (s *RateLimitHeader) SetTextTransformations(v []*TextTransformation) *RateLimitHeader
SetTextTransformations sets the TextTransformations field's value.
func (s RateLimitHeader) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RateLimitHeader) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type RateLimitIP struct {
// contains filtered or unexported fields
}
Specifies the IP address in the web request as an aggregate key for a rate-based rule. Each distinct IP address contributes to the aggregation instance.
This setting is used only in the RateBasedStatementCustomKey specification of a rate-based rule statement. To use this in the custom key settings, you must specify at least one other key to use, along with the IP address. To aggregate on only the IP address, in your rate-based statement's AggregateKeyType, specify IP.
JSON specification: "RateLimitIP": {}
func (s RateLimitIP) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s RateLimitIP) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type RateLimitLabelNamespace struct {
// The namespace to use for aggregation.
//
// Namespace is a required field
Namespace *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
Specifies a label namespace to use as an aggregate key for a rate-based rule. Each distinct fully qualified label name that has the specified label namespace contributes to the aggregation instance. If you use just one label namespace as your custom key, then each label name fully defines an aggregation instance.
This uses only labels that have been added to the request by rules that are evaluated before this rate-based rule in the web ACL.
For information about label namespaces and names, see Label syntax and naming requirements (https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-label-requirements.html) in the WAF Developer Guide.
func (s RateLimitLabelNamespace) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RateLimitLabelNamespace) SetNamespace(v string) *RateLimitLabelNamespace
SetNamespace sets the Namespace field's value.
func (s RateLimitLabelNamespace) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RateLimitLabelNamespace) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type RateLimitQueryArgument struct {
// The name of the query argument to use.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Text transformations eliminate some of the unusual formatting that attackers
// use in web requests in an effort to bypass detection. Text transformations
// are used in rule match statements, to transform the FieldToMatch request
// component before inspecting it, and they're used in rate-based rule statements,
// to transform request components before using them as custom aggregation keys.
// If you specify one or more transformations to apply, WAF performs all transformations
// on the specified content, starting from the lowest priority setting, and
// then uses the component contents.
//
// TextTransformations is a required field
TextTransformations []*TextTransformation `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
Specifies a query argument in the request as an aggregate key for a rate-based rule. Each distinct value for the named query argument contributes to the aggregation instance. If you use a single query argument as your custom key, then each value fully defines an aggregation instance.
func (s RateLimitQueryArgument) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RateLimitQueryArgument) SetName(v string) *RateLimitQueryArgument
SetName sets the Name field's value.
func (s *RateLimitQueryArgument) SetTextTransformations(v []*TextTransformation) *RateLimitQueryArgument
SetTextTransformations sets the TextTransformations field's value.
func (s RateLimitQueryArgument) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RateLimitQueryArgument) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type RateLimitQueryString struct {
// Text transformations eliminate some of the unusual formatting that attackers
// use in web requests in an effort to bypass detection. Text transformations
// are used in rule match statements, to transform the FieldToMatch request
// component before inspecting it, and they're used in rate-based rule statements,
// to transform request components before using them as custom aggregation keys.
// If you specify one or more transformations to apply, WAF performs all transformations
// on the specified content, starting from the lowest priority setting, and
// then uses the component contents.
//
// TextTransformations is a required field
TextTransformations []*TextTransformation `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
Specifies the request's query string as an aggregate key for a rate-based rule. Each distinct string contributes to the aggregation instance. If you use just the query string as your custom key, then each string fully defines an aggregation instance.
func (s RateLimitQueryString) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RateLimitQueryString) SetTextTransformations(v []*TextTransformation) *RateLimitQueryString
SetTextTransformations sets the TextTransformations field's value.
func (s RateLimitQueryString) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RateLimitQueryString) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type Regex struct {
// The string representing the regular expression.
RegexString *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
A single regular expression. This is used in a RegexPatternSet.
func (s Regex) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Regex) SetRegexString(v string) *Regex
SetRegexString sets the RegexString field's value.
func (s Regex) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Regex) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type RegexMatchStatement struct {
// The part of the web request that you want WAF to inspect.
//
// FieldToMatch is a required field
FieldToMatch *FieldToMatch `type:"structure" required:"true"`
// The string representing the regular expression.
//
// RegexString is a required field
RegexString *string `min:"1" type:"string" required:"true"`
// Text transformations eliminate some of the unusual formatting that attackers
// use in web requests in an effort to bypass detection. Text transformations
// are used in rule match statements, to transform the FieldToMatch request
// component before inspecting it, and they're used in rate-based rule statements,
// to transform request components before using them as custom aggregation keys.
// If you specify one or more transformations to apply, WAF performs all transformations
// on the specified content, starting from the lowest priority setting, and
// then uses the component contents.
//
// TextTransformations is a required field
TextTransformations []*TextTransformation `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
A rule statement used to search web request components for a match against a single regular expression.
func (s RegexMatchStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RegexMatchStatement) SetFieldToMatch(v *FieldToMatch) *RegexMatchStatement
SetFieldToMatch sets the FieldToMatch field's value.
func (s *RegexMatchStatement) SetRegexString(v string) *RegexMatchStatement
SetRegexString sets the RegexString field's value.
func (s *RegexMatchStatement) SetTextTransformations(v []*TextTransformation) *RegexMatchStatement
SetTextTransformations sets the TextTransformations field's value.
func (s RegexMatchStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RegexMatchStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type RegexPatternSet struct {
// The Amazon Resource Name (ARN) of the entity.
ARN *string `min:"20" type:"string"`
// A description of the set that helps with identification.
Description *string `min:"1" type:"string"`
// A unique identifier for the set. This ID is returned in the responses to
// create and list commands. You provide it to operations like update and delete.
Id *string `min:"1" type:"string"`
// The name of the set. You cannot change the name after you create the set.
Name *string `min:"1" type:"string"`
// The regular expression patterns in the set.
RegularExpressionList []*Regex `type:"list"`
// contains filtered or unexported fields
}
Contains one or more regular expressions.
WAF assigns an ARN to each RegexPatternSet that you create. To use a set in a rule, you provide the ARN to the Rule statement RegexPatternSetReferenceStatement.
func (s RegexPatternSet) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RegexPatternSet) SetARN(v string) *RegexPatternSet
SetARN sets the ARN field's value.
func (s *RegexPatternSet) SetDescription(v string) *RegexPatternSet
SetDescription sets the Description field's value.
func (s *RegexPatternSet) SetId(v string) *RegexPatternSet
SetId sets the Id field's value.
func (s *RegexPatternSet) SetName(v string) *RegexPatternSet
SetName sets the Name field's value.
func (s *RegexPatternSet) SetRegularExpressionList(v []*Regex) *RegexPatternSet
SetRegularExpressionList sets the RegularExpressionList field's value.
func (s RegexPatternSet) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type RegexPatternSetReferenceStatement struct {
// The Amazon Resource Name (ARN) of the RegexPatternSet that this statement
// references.
//
// ARN is a required field
ARN *string `min:"20" type:"string" required:"true"`
// The part of the web request that you want WAF to inspect.
//
// FieldToMatch is a required field
FieldToMatch *FieldToMatch `type:"structure" required:"true"`
// Text transformations eliminate some of the unusual formatting that attackers
// use in web requests in an effort to bypass detection. Text transformations
// are used in rule match statements, to transform the FieldToMatch request
// component before inspecting it, and they're used in rate-based rule statements,
// to transform request components before using them as custom aggregation keys.
// If you specify one or more transformations to apply, WAF performs all transformations
// on the specified content, starting from the lowest priority setting, and
// then uses the component contents.
//
// TextTransformations is a required field
TextTransformations []*TextTransformation `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
A rule statement used to search web request components for matches with regular expressions. To use this, create a RegexPatternSet that specifies the expressions that you want to detect, then use the ARN of that set in this statement. A web request matches the pattern set rule statement if the request component matches any of the patterns in the set. To create a regex pattern set, see CreateRegexPatternSet.
Each regex pattern set rule statement references a regex pattern set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, WAF automatically updates all rules that reference it.
func (s RegexPatternSetReferenceStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RegexPatternSetReferenceStatement) SetARN(v string) *RegexPatternSetReferenceStatement
SetARN sets the ARN field's value.
func (s *RegexPatternSetReferenceStatement) SetFieldToMatch(v *FieldToMatch) *RegexPatternSetReferenceStatement
SetFieldToMatch sets the FieldToMatch field's value.
func (s *RegexPatternSetReferenceStatement) SetTextTransformations(v []*TextTransformation) *RegexPatternSetReferenceStatement
SetTextTransformations sets the TextTransformations field's value.
func (s RegexPatternSetReferenceStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RegexPatternSetReferenceStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type RegexPatternSetSummary struct {
// The Amazon Resource Name (ARN) of the entity.
ARN *string `min:"20" type:"string"`
// A description of the set that helps with identification.
Description *string `min:"1" type:"string"`
// A unique identifier for the set. This ID is returned in the responses to
// create and list commands. You provide it to operations like update and delete.
Id *string `min:"1" type:"string"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
LockToken *string `min:"1" type:"string"`
// The name of the data type instance. You cannot change the name after you
// create the instance.
Name *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
High-level information about a RegexPatternSet, returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage a RegexPatternSet, and the ARN, that you provide to the RegexPatternSetReferenceStatement to use the pattern set in a Rule.
func (s RegexPatternSetSummary) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RegexPatternSetSummary) SetARN(v string) *RegexPatternSetSummary
SetARN sets the ARN field's value.
func (s *RegexPatternSetSummary) SetDescription(v string) *RegexPatternSetSummary
SetDescription sets the Description field's value.
func (s *RegexPatternSetSummary) SetId(v string) *RegexPatternSetSummary
SetId sets the Id field's value.
func (s *RegexPatternSetSummary) SetLockToken(v string) *RegexPatternSetSummary
SetLockToken sets the LockToken field's value.
func (s *RegexPatternSetSummary) SetName(v string) *RegexPatternSetSummary
SetName sets the Name field's value.
func (s RegexPatternSetSummary) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ReleaseSummary struct {
// The release version.
ReleaseVersion *string `min:"1" type:"string"`
// The timestamp of the release.
Timestamp *time.Time `type:"timestamp"`
// contains filtered or unexported fields
}
High level information for an SDK release.
func (s ReleaseSummary) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ReleaseSummary) SetReleaseVersion(v string) *ReleaseSummary
SetReleaseVersion sets the ReleaseVersion field's value.
func (s *ReleaseSummary) SetTimestamp(v time.Time) *ReleaseSummary
SetTimestamp sets the Timestamp field's value.
func (s ReleaseSummary) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type RequestBodyAssociatedResourceTypeConfig struct {
// Specifies the maximum size of the web request body component that an associated
// CloudFront distribution should send to WAF for inspection. This applies to
// statements in the web ACL that inspect the body or JSON body.
//
// Default: 16 KB (16,384 kilobytes)
//
// DefaultSizeInspectionLimit is a required field
DefaultSizeInspectionLimit *string `type:"string" required:"true" enum:"SizeInspectionLimit"`
// contains filtered or unexported fields
}
Customizes the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default size is 16 KB (16,384 kilobytes).
You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing (http://aws.amazon.com/waf/pricing/).
This is used in the AssociationConfig of the web ACL.
func (s RequestBodyAssociatedResourceTypeConfig) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RequestBodyAssociatedResourceTypeConfig) SetDefaultSizeInspectionLimit(v string) *RequestBodyAssociatedResourceTypeConfig
SetDefaultSizeInspectionLimit sets the DefaultSizeInspectionLimit field's value.
func (s RequestBodyAssociatedResourceTypeConfig) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RequestBodyAssociatedResourceTypeConfig) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type RequestInspection struct {
// Details about your login page password field.
//
// How you specify this depends on the payload type.
//
// * For JSON payloads, specify the field name in JSON pointer syntax. For
// information about the JSON Pointer syntax, see the Internet Engineering
// Task Force (IETF) documentation JavaScript Object Notation (JSON) Pointer
// (https://tools.ietf.org/html/rfc6901). For example, for the JSON payload
// { "login": { "username": "THE_USERNAME", "password": "THE_PASSWORD" }
// }, the username field specification is /login/username and the password
// field specification is /login/password.
//
// * For form encoded payload types, use the HTML form names. For example,
// for an HTML form with input elements named username1 and password1, the
// username field specification is username1 and the password field specification
// is password1.
//
// PasswordField is a required field
PasswordField *PasswordField `type:"structure" required:"true"`
// The payload type for your login endpoint, either JSON or form encoded.
//
// PayloadType is a required field
PayloadType *string `type:"string" required:"true" enum:"PayloadType"`
// Details about your login page username field.
//
// How you specify this depends on the payload type.
//
// * For JSON payloads, specify the field name in JSON pointer syntax. For
// information about the JSON Pointer syntax, see the Internet Engineering
// Task Force (IETF) documentation JavaScript Object Notation (JSON) Pointer
// (https://tools.ietf.org/html/rfc6901). For example, for the JSON payload
// { "login": { "username": "THE_USERNAME", "password": "THE_PASSWORD" }
// }, the username field specification is /login/username and the password
// field specification is /login/password.
//
// * For form encoded payload types, use the HTML form names. For example,
// for an HTML form with input elements named username1 and password1, the
// username field specification is username1 and the password field specification
// is password1.
//
// UsernameField is a required field
UsernameField *UsernameField `type:"structure" required:"true"`
// contains filtered or unexported fields
}
The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage.
This is part of the AWSManagedRulesATPRuleSet configuration in ManagedRuleGroupConfig.
In these settings, you specify how your application accepts login attempts by providing the request payload type and the names of the fields within the request body where the username and password are provided.
func (s RequestInspection) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RequestInspection) SetPasswordField(v *PasswordField) *RequestInspection
SetPasswordField sets the PasswordField field's value.
func (s *RequestInspection) SetPayloadType(v string) *RequestInspection
SetPayloadType sets the PayloadType field's value.
func (s *RequestInspection) SetUsernameField(v *UsernameField) *RequestInspection
SetUsernameField sets the UsernameField field's value.
func (s RequestInspection) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RequestInspection) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ResponseInspection struct {
// Configures inspection of the response body. WAF can inspect the first 65,536
// bytes (64 KB) of the response body.
BodyContains *ResponseInspectionBodyContains `type:"structure"`
// Configures inspection of the response header.
Header *ResponseInspectionHeader `type:"structure"`
// Configures inspection of the response JSON. WAF can inspect the first 65,536
// bytes (64 KB) of the response JSON.
Json *ResponseInspectionJson `type:"structure"`
// Configures inspection of the response status code.
StatusCode *ResponseInspectionStatusCode `type:"structure"`
// contains filtered or unexported fields
}
The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates.
The ATP rule group evaluates the responses that your protected resources send back to client login attempts, keeping count of successful and failed attempts from each IP address and client session. Using this information, the rule group labels and mitigates requests from client sessions and IP addresses that submit too many failed login attempts in a short amount of time.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
This is part of the AWSManagedRulesATPRuleSet configuration in ManagedRuleGroupConfig.
Enable login response inspection by configuring exactly one component of the response to inspect. You can't configure more than one. If you don't configure any of the response inspection options, response inspection is disabled.
func (s ResponseInspection) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResponseInspection) SetBodyContains(v *ResponseInspectionBodyContains) *ResponseInspection
SetBodyContains sets the BodyContains field's value.
func (s *ResponseInspection) SetHeader(v *ResponseInspectionHeader) *ResponseInspection
SetHeader sets the Header field's value.
func (s *ResponseInspection) SetJson(v *ResponseInspectionJson) *ResponseInspection
SetJson sets the Json field's value.
func (s *ResponseInspection) SetStatusCode(v *ResponseInspectionStatusCode) *ResponseInspection
SetStatusCode sets the StatusCode field's value.
func (s ResponseInspection) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResponseInspection) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ResponseInspectionBodyContains struct {
// Strings in the body of the response that indicate a failed login attempt.
// To be counted as a failed login, the string can be anywhere in the body and
// must be an exact match, including case. Each string must be unique among
// the success and failure strings.
//
// JSON example: "FailureStrings": [ "Login failed" ]
//
// FailureStrings is a required field
FailureStrings []*string `min:"1" type:"list" required:"true"`
// Strings in the body of the response that indicate a successful login attempt.
// To be counted as a successful login, the string can be anywhere in the body
// and must be an exact match, including case. Each string must be unique among
// the success and failure strings.
//
// JSON example: "SuccessStrings": [ "Login successful", "Welcome to our site!"
// ]
//
// SuccessStrings is a required field
SuccessStrings []*string `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
Configures inspection of the response body. WAF can inspect the first 65,536 bytes (64 KB) of the response body. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
func (s ResponseInspectionBodyContains) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResponseInspectionBodyContains) SetFailureStrings(v []*string) *ResponseInspectionBodyContains
SetFailureStrings sets the FailureStrings field's value.
func (s *ResponseInspectionBodyContains) SetSuccessStrings(v []*string) *ResponseInspectionBodyContains
SetSuccessStrings sets the SuccessStrings field's value.
func (s ResponseInspectionBodyContains) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResponseInspectionBodyContains) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ResponseInspectionHeader struct {
// Values in the response header with the specified name that indicate a failed
// login attempt. To be counted as a failed login, the value must be an exact
// match, including case. Each value must be unique among the success and failure
// values.
//
// JSON example: "FailureValues": [ "LoginFailed", "Failed login" ]
//
// FailureValues is a required field
FailureValues []*string `min:"1" type:"list" required:"true"`
// The name of the header to match against. The name must be an exact match,
// including case.
//
// JSON example: "Name": [ "LoginResult" ]
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Values in the response header with the specified name that indicate a successful
// login attempt. To be counted as a successful login, the value must be an
// exact match, including case. Each value must be unique among the success
// and failure values.
//
// JSON example: "SuccessValues": [ "LoginPassed", "Successful login" ]
//
// SuccessValues is a required field
SuccessValues []*string `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
Configures inspection of the response header. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
func (s ResponseInspectionHeader) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResponseInspectionHeader) SetFailureValues(v []*string) *ResponseInspectionHeader
SetFailureValues sets the FailureValues field's value.
func (s *ResponseInspectionHeader) SetName(v string) *ResponseInspectionHeader
SetName sets the Name field's value.
func (s *ResponseInspectionHeader) SetSuccessValues(v []*string) *ResponseInspectionHeader
SetSuccessValues sets the SuccessValues field's value.
func (s ResponseInspectionHeader) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResponseInspectionHeader) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ResponseInspectionJson struct {
// Values for the specified identifier in the response JSON that indicate a
// failed login attempt. To be counted as a failed login, the value must be
// an exact match, including case. Each value must be unique among the success
// and failure values.
//
// JSON example: "FailureValues": [ "False", "Failed" ]
//
// FailureValues is a required field
FailureValues []*string `min:"1" type:"list" required:"true"`
// The identifier for the value to match against in the JSON. The identifier
// must be an exact match, including case.
//
// JSON example: "Identifier": [ "/login/success" ]
//
// Identifier is a required field
Identifier *string `min:"1" type:"string" required:"true"`
// Values for the specified identifier in the response JSON that indicate a
// successful login attempt. To be counted as a successful login, the value
// must be an exact match, including case. Each value must be unique among the
// success and failure values.
//
// JSON example: "SuccessValues": [ "True", "Succeeded" ]
//
// SuccessValues is a required field
SuccessValues []*string `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
Configures inspection of the response JSON. WAF can inspect the first 65,536 bytes (64 KB) of the response JSON. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
func (s ResponseInspectionJson) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResponseInspectionJson) SetFailureValues(v []*string) *ResponseInspectionJson
SetFailureValues sets the FailureValues field's value.
func (s *ResponseInspectionJson) SetIdentifier(v string) *ResponseInspectionJson
SetIdentifier sets the Identifier field's value.
func (s *ResponseInspectionJson) SetSuccessValues(v []*string) *ResponseInspectionJson
SetSuccessValues sets the SuccessValues field's value.
func (s ResponseInspectionJson) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResponseInspectionJson) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ResponseInspectionStatusCode struct {
// Status codes in the response that indicate a failed login attempt. To be
// counted as a failed login, the response status code must match one of these.
// Each code must be unique among the success and failure status codes.
//
// JSON example: "FailureCodes": [ 400, 404 ]
//
// FailureCodes is a required field
FailureCodes []*int64 `min:"1" type:"list" required:"true"`
// Status codes in the response that indicate a successful login attempt. To
// be counted as a successful login, the response status code must match one
// of these. Each code must be unique among the success and failure status codes.
//
// JSON example: "SuccessCodes": [ 200, 201 ]
//
// SuccessCodes is a required field
SuccessCodes []*int64 `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
Configures inspection of the response status code. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
func (s ResponseInspectionStatusCode) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResponseInspectionStatusCode) SetFailureCodes(v []*int64) *ResponseInspectionStatusCode
SetFailureCodes sets the FailureCodes field's value.
func (s *ResponseInspectionStatusCode) SetSuccessCodes(v []*int64) *ResponseInspectionStatusCode
SetSuccessCodes sets the SuccessCodes field's value.
func (s ResponseInspectionStatusCode) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResponseInspectionStatusCode) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type Rule struct {
// The action that WAF should take on a web request when it matches the rule
// statement. Settings at the web ACL level can override the rule action setting.
//
// This is used only for rules whose statements do not reference a rule group.
// Rule statements that reference a rule group include RuleGroupReferenceStatement
// and ManagedRuleGroupStatement.
//
// You must specify either this Action setting or the rule OverrideAction setting,
// but not both:
//
// * If the rule statement does not reference a rule group, use this rule
// action setting and not the rule override action setting.
//
// * If the rule statement references a rule group, use the override action
// setting and not this action setting.
Action *RuleAction `type:"structure"`
// Specifies how WAF should handle CAPTCHA evaluations. If you don't specify
// this, WAF uses the CAPTCHA configuration that's defined for the web ACL.
CaptchaConfig *CaptchaConfig `type:"structure"`
// Specifies how WAF should handle Challenge evaluations. If you don't specify
// this, WAF uses the challenge configuration that's defined for the web ACL.
ChallengeConfig *ChallengeConfig `type:"structure"`
// The name of the rule. You can't change the name of a Rule after you create
// it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// The action to use in the place of the action that results from the rule group
// evaluation. Set the override action to none to leave the result of the rule
// group alone. Set it to count to override the result to count only.
//
// You can only use this for rule statements that reference a rule group, like
// RuleGroupReferenceStatement and ManagedRuleGroupStatement.
//
// This option is usually set to none. It does not affect how the rules in the
// rule group are evaluated. If you want the rules in the rule group to only
// count matches, do not use this and instead use the rule action override option,
// with Count action, in your rule group reference statement settings.
OverrideAction *OverrideAction `type:"structure"`
// If you define more than one Rule in a WebACL, WAF evaluates each request
// against the Rules in order based on the value of Priority. WAF processes
// rules with lower priority first. The priorities don't need to be consecutive,
// but they must all be different.
//
// Priority is a required field
Priority *int64 `type:"integer" required:"true"`
// Labels to apply to web requests that match the rule match statement. WAF
// applies fully qualified labels to matching web requests. A fully qualified
// label is the concatenation of a label namespace and a rule label. The rule's
// rule group or web ACL defines the label namespace.
//
// Rules that run after this rule in the web ACL can match against these labels
// using a LabelMatchStatement.
//
// For each label, provide a case-sensitive string containing optional namespaces
// and a label name, according to the following guidelines:
//
// * Separate each component of the label with a colon.
//
// * Each namespace or name can have up to 128 characters.
//
// * You can specify up to 5 namespaces in a label.
//
// * Don't use the following reserved words in your label specification:
// aws, waf, managed, rulegroup, webacl, regexpatternset, or ipset.
//
// For example, myLabelName or nameSpace1:nameSpace2:myLabelName.
RuleLabels []*Label `type:"list"`
// The WAF processing statement for the rule, for example ByteMatchStatement
// or SizeConstraintStatement.
//
// Statement is a required field
Statement *Statement `type:"structure" required:"true"`
// Defines and enables Amazon CloudWatch metrics and web request sample collection.
//
// VisibilityConfig is a required field
VisibilityConfig *VisibilityConfig `type:"structure" required:"true"`
// contains filtered or unexported fields
}
A single rule, which you can use in a WebACL or RuleGroup to identify web requests that you want to allow, block, or count. Each rule includes one top-level Statement that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.
func (s Rule) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Rule) SetAction(v *RuleAction) *Rule
SetAction sets the Action field's value.
func (s *Rule) SetCaptchaConfig(v *CaptchaConfig) *Rule
SetCaptchaConfig sets the CaptchaConfig field's value.
func (s *Rule) SetChallengeConfig(v *ChallengeConfig) *Rule
SetChallengeConfig sets the ChallengeConfig field's value.