func ActionValue_Values() []string
ActionValue_Values returns all elements of the ActionValue enum
func BodyParsingFallbackBehavior_Values() []string
BodyParsingFallbackBehavior_Values returns all elements of the BodyParsingFallbackBehavior enum
func ComparisonOperator_Values() []string
ComparisonOperator_Values returns all elements of the ComparisonOperator enum
func CountryCode_Values() []string
CountryCode_Values returns all elements of the CountryCode enum
func FailureReason_Values() []string
FailureReason_Values returns all elements of the FailureReason enum
func FallbackBehavior_Values() []string
FallbackBehavior_Values returns all elements of the FallbackBehavior enum
func FilterBehavior_Values() []string
FilterBehavior_Values returns all elements of the FilterBehavior enum
func FilterRequirement_Values() []string
FilterRequirement_Values returns all elements of the FilterRequirement enum
func ForwardedIPPosition_Values() []string
ForwardedIPPosition_Values returns all elements of the ForwardedIPPosition enum
func IPAddressVersion_Values() []string
IPAddressVersion_Values returns all elements of the IPAddressVersion enum
func InspectionLevel_Values() []string
InspectionLevel_Values returns all elements of the InspectionLevel enum
func JsonMatchScope_Values() []string
JsonMatchScope_Values returns all elements of the JsonMatchScope enum
func LabelMatchScope_Values() []string
LabelMatchScope_Values returns all elements of the LabelMatchScope enum
func MapMatchScope_Values() []string
MapMatchScope_Values returns all elements of the MapMatchScope enum
func OversizeHandling_Values() []string
OversizeHandling_Values returns all elements of the OversizeHandling enum
func ParameterExceptionField_Values() []string
ParameterExceptionField_Values returns all elements of the ParameterExceptionField enum
func PayloadType_Values() []string
PayloadType_Values returns all elements of the PayloadType enum
func Platform_Values() []string
Platform_Values returns all elements of the Platform enum
func PositionalConstraint_Values() []string
PositionalConstraint_Values returns all elements of the PositionalConstraint enum
func RateBasedStatementAggregateKeyType_Values() []string
RateBasedStatementAggregateKeyType_Values returns all elements of the RateBasedStatementAggregateKeyType enum
func ResourceType_Values() []string
ResourceType_Values returns all elements of the ResourceType enum
func ResponseContentType_Values() []string
ResponseContentType_Values returns all elements of the ResponseContentType enum
func Scope_Values() []string
Scope_Values returns all elements of the Scope enum
func SensitivityLevel_Values() []string
SensitivityLevel_Values returns all elements of the SensitivityLevel enum
func TextTransformationType_Values() []string
TextTransformationType_Values returns all elements of the TextTransformationType enum
type AWSManagedRulesATPRuleSet struct {
// The path of the login endpoint for your application. For example, for the
// URL https://example.com/web/login, you would provide the path /web/login.
//
// The rule group inspects only HTTP POST requests to your specified login endpoint.
//
// LoginPath is a required field
LoginPath *string `type:"string" required:"true"`
// The criteria for inspecting login requests, used by the ATP rule group to
// validate credentials usage.
RequestInspection *RequestInspection `type:"structure"`
// The criteria for inspecting responses to login requests, used by the ATP
// rule group to track login failure rates.
//
// The ATP rule group evaluates the responses that your protected resources
// send back to client login attempts, keeping count of successful and failed
// attempts from each IP address and client session. Using this information,
// the rule group labels and mitigates requests from client sessions and IP
// addresses that submit too many failed login attempts in a short amount of
// time.
//
// Response inspection is available only in web ACLs that protect Amazon CloudFront
// distributions.
ResponseInspection *ResponseInspection `type:"structure"`
// contains filtered or unexported fields
}
Details for your use of the account takeover prevention managed rule group, AWSManagedRulesATPRuleSet. This configuration is used in ManagedRuleGroupConfig.
func (s AWSManagedRulesATPRuleSet) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AWSManagedRulesATPRuleSet) SetLoginPath(v string) *AWSManagedRulesATPRuleSet
SetLoginPath sets the LoginPath field's value.
func (s *AWSManagedRulesATPRuleSet) SetRequestInspection(v *RequestInspection) *AWSManagedRulesATPRuleSet
SetRequestInspection sets the RequestInspection field's value.
func (s *AWSManagedRulesATPRuleSet) SetResponseInspection(v *ResponseInspection) *AWSManagedRulesATPRuleSet
SetResponseInspection sets the ResponseInspection field's value.
func (s AWSManagedRulesATPRuleSet) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AWSManagedRulesATPRuleSet) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type AWSManagedRulesBotControlRuleSet struct {
// The inspection level to use for the Bot Control rule group. The common level
// is the least expensive. The targeted level includes all common level rules
// and adds rules with more advanced inspection criteria. For details, see WAF
// Bot Control rule group (https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html).
//
// InspectionLevel is a required field
InspectionLevel *string `type:"string" required:"true" enum:"InspectionLevel"`
// contains filtered or unexported fields
}
Details for your use of the Bot Control managed rule group, AWSManagedRulesBotControlRuleSet. This configuration is used in ManagedRuleGroupConfig.
func (s AWSManagedRulesBotControlRuleSet) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AWSManagedRulesBotControlRuleSet) SetInspectionLevel(v string) *AWSManagedRulesBotControlRuleSet
SetInspectionLevel sets the InspectionLevel field's value.
func (s AWSManagedRulesBotControlRuleSet) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AWSManagedRulesBotControlRuleSet) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ActionCondition struct {
// The action setting that a log record must contain in order to meet the condition.
// This is the action that WAF applied to the web request.
//
// For rule groups, this is either the configured rule action setting, or if
// you've applied a rule action override to the rule, it's the override action.
// The value EXCLUDED_AS_COUNT matches on excluded rules and also on rules that
// have a rule action override of Count.
//
// Action is a required field
Action *string `type:"string" required:"true" enum:"ActionValue"`
// contains filtered or unexported fields
}
A single action condition for a Condition in a logging filter.
func (s ActionCondition) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ActionCondition) SetAction(v string) *ActionCondition
SetAction sets the Action field's value.
func (s ActionCondition) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ActionCondition) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type All struct {
// contains filtered or unexported fields
}
Inspect all of the elements that WAF has parsed and extracted from the web request component that you've identified in your FieldToMatch specifications.
This is used only in the FieldToMatch specification for some web request component types.
JSON specification: "All": {}
func (s All) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s All) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type AllQueryArguments struct {
// contains filtered or unexported fields
}
Inspect all query arguments of the web request.
This is used only in the FieldToMatch specification for some web request component types.
JSON specification: "AllQueryArguments": {}
func (s AllQueryArguments) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s AllQueryArguments) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type AllowAction struct {
// Defines custom handling for the web request.
//
// For information about customizing web requests and responses, see Customizing
// web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
// in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
CustomRequestHandling *CustomRequestHandling `type:"structure"`
// contains filtered or unexported fields
}
Specifies that WAF should allow the request and optionally defines additional custom handling for the request.
This is used in the context of other settings, for example to specify values for RuleAction and web ACL DefaultAction.
func (s AllowAction) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AllowAction) SetCustomRequestHandling(v *CustomRequestHandling) *AllowAction
SetCustomRequestHandling sets the CustomRequestHandling field's value.
func (s AllowAction) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AllowAction) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type AndStatement struct {
// The statements to combine with AND logic. You can use any statements that
// can be nested.
//
// Statements is a required field
Statements []*Statement `type:"list" required:"true"`
// contains filtered or unexported fields
}
A logical rule statement used to combine other rule statements with AND logic. You provide more than one Statement within the AndStatement.
func (s AndStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AndStatement) SetStatements(v []*Statement) *AndStatement
SetStatements sets the Statements field's value.
func (s AndStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AndStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type AssociateWebACLInput struct {
// The Amazon Resource Name (ARN) of the resource to associate with the web
// ACL.
//
// The ARN must be in one of the following formats:
//
// * For an Application Load Balancer: arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
//
// * For an Amazon API Gateway REST API: arn:aws:apigateway:region::/restapis/api-id/stages/stage-name
//
// * For an AppSync GraphQL API: arn:aws:appsync:region:account-id:apis/GraphQLApiId
//
// * For an Amazon Cognito user pool: arn:aws:cognito-idp:region:account-id:userpool/user-pool-id
//
// * For an App Runner service: arn:aws:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
//
// ResourceArn is a required field
ResourceArn *string `min:"20" type:"string" required:"true"`
// The Amazon Resource Name (ARN) of the web ACL that you want to associate
// with the resource.
//
// WebACLArn is a required field
WebACLArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s AssociateWebACLInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AssociateWebACLInput) SetResourceArn(v string) *AssociateWebACLInput
SetResourceArn sets the ResourceArn field's value.
func (s *AssociateWebACLInput) SetWebACLArn(v string) *AssociateWebACLInput
SetWebACLArn sets the WebACLArn field's value.
func (s AssociateWebACLInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *AssociateWebACLInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type AssociateWebACLOutput struct {
// contains filtered or unexported fields
}
func (s AssociateWebACLOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s AssociateWebACLOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type BlockAction struct {
// Defines a custom response for the web request.
//
// For information about customizing web requests and responses, see Customizing
// web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
// in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
CustomResponse *CustomResponse `type:"structure"`
// contains filtered or unexported fields
}
Specifies that WAF should block the request and optionally defines additional custom handling for the response to the web request.
This is used in the context of other settings, for example to specify values for RuleAction and web ACL DefaultAction.
func (s BlockAction) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *BlockAction) SetCustomResponse(v *CustomResponse) *BlockAction
SetCustomResponse sets the CustomResponse field's value.
func (s BlockAction) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *BlockAction) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type Body struct {
// What WAF should do if the body is larger than WAF can inspect. WAF does not
// support inspecting the entire contents of the body of a web request when
// the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body
// are forwarded to WAF by the underlying host service.
//
// The options for oversize handling are the following:
//
// * CONTINUE - Inspect the body normally, according to the rule inspection
// criteria.
//
// * MATCH - Treat the web request as matching the rule statement. WAF applies
// the rule action to the request.
//
// * NO_MATCH - Treat the web request as not matching the rule statement.
//
// You can combine the MATCH or NO_MATCH settings for oversize handling with
// your rule and web ACL action settings, so that you block any request whose
// body is over 8 KB.
//
// Default: CONTINUE
OversizeHandling *string `type:"string" enum:"OversizeHandling"`
// contains filtered or unexported fields
}
Inspect the body of the web request. The body immediately follows the request headers.
This is used to indicate the web request component to inspect, in the FieldToMatch specification.
func (s Body) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Body) SetOversizeHandling(v string) *Body
SetOversizeHandling sets the OversizeHandling field's value.
func (s Body) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ByteMatchStatement struct {
// The part of the web request that you want WAF to inspect.
//
// FieldToMatch is a required field
FieldToMatch *FieldToMatch `type:"structure" required:"true"`
// The area within the portion of the web request that you want WAF to search
// for SearchString. Valid values include the following:
//
// CONTAINS
//
// The specified part of the web request must include the value of SearchString,
// but the location doesn't matter.
//
// CONTAINS_WORD
//
// The specified part of the web request must include the value of SearchString,
// and SearchString must contain only alphanumeric characters or underscore
// (A-Z, a-z, 0-9, or _). In addition, SearchString must be a word, which means
// that both of the following are true:
//
// * SearchString is at the beginning of the specified part of the web request
// or is preceded by a character other than an alphanumeric character or
// underscore (_). Examples include the value of a header and ;BadBot.
//
// * SearchString is at the end of the specified part of the web request
// or is followed by a character other than an alphanumeric character or
// underscore (_), for example, BadBot; and -BadBot;.
//
// EXACTLY
//
// The value of the specified part of the web request must exactly match the
// value of SearchString.
//
// STARTS_WITH
//
// The value of SearchString must appear at the beginning of the specified part
// of the web request.
//
// ENDS_WITH
//
// The value of SearchString must appear at the end of the specified part of
// the web request.
//
// PositionalConstraint is a required field
PositionalConstraint *string `type:"string" required:"true" enum:"PositionalConstraint"`
// A string value that you want WAF to search for. WAF searches only in the
// part of web requests that you designate for inspection in FieldToMatch. The
// maximum length of the value is 200 bytes.
//
// Valid values depend on the component that you specify for inspection in FieldToMatch:
//
// * Method: The HTTP method that you want WAF to search for. This indicates
// the type of operation specified in the request.
//
// * UriPath: The value that you want WAF to search for in the URI path,
// for example, /images/daily-ad.jpg.
//
// If SearchString includes alphabetic characters A-Z and a-z, note that the
// value is case sensitive.
//
// If you're using the WAF API
//
// Specify a base64-encoded version of the value. The maximum length of the
// value before you base64-encode it is 200 bytes.
//
// For example, suppose the value of Type is HEADER and the value of Data is
// User-Agent. If you want to search the User-Agent header for the value BadBot,
// you base64-encode BadBot using MIME base64-encoding and include the resulting
// value, QmFkQm90, in the value of SearchString.
//
// If you're using the CLI or one of the Amazon Web Services SDKs
//
// The value that you want WAF to search for. The SDK automatically base64 encodes
// the value.
// SearchString is automatically base64 encoded/decoded by the SDK.
//
// SearchString is a required field
SearchString []byte `type:"blob" required:"true"`
// Text transformations eliminate some of the unusual formatting that attackers
// use in web requests in an effort to bypass detection. If you specify one
// or more transformations in a rule statement, WAF performs all transformations
// on the content of the request component identified by FieldToMatch, starting
// from the lowest priority setting, before inspecting the content for a match.
//
// TextTransformations is a required field
TextTransformations []*TextTransformation `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
A rule statement that defines a string match search for WAF to apply to web requests. The byte match statement provides the bytes to search for, the location in requests that you want WAF to search, and other settings. The bytes to search for are typically a string that corresponds with ASCII characters. In the WAF console and the developer guide, this is called a string match statement.
func (s ByteMatchStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ByteMatchStatement) SetFieldToMatch(v *FieldToMatch) *ByteMatchStatement
SetFieldToMatch sets the FieldToMatch field's value.
func (s *ByteMatchStatement) SetPositionalConstraint(v string) *ByteMatchStatement
SetPositionalConstraint sets the PositionalConstraint field's value.
func (s *ByteMatchStatement) SetSearchString(v []byte) *ByteMatchStatement
SetSearchString sets the SearchString field's value.
func (s *ByteMatchStatement) SetTextTransformations(v []*TextTransformation) *ByteMatchStatement
SetTextTransformations sets the TextTransformations field's value.
func (s ByteMatchStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ByteMatchStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CaptchaAction struct {
// Defines custom handling for the web request, used when the CAPTCHA inspection
// determines that the request's token is valid and unexpired.
//
// For information about customizing web requests and responses, see Customizing
// web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
// in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
CustomRequestHandling *CustomRequestHandling `type:"structure"`
// contains filtered or unexported fields
}
Specifies that WAF should run a CAPTCHA check against the request:
If the request includes a valid, unexpired CAPTCHA token, WAF applies any custom request handling and labels that you've configured and then allows the web request inspection to proceed to the next rule, similar to a CountAction.
If the request doesn't include a valid, unexpired token, WAF discontinues the web ACL evaluation of the request and blocks it from going to its intended destination. WAF generates a response that it sends back to the client, which includes the following: The header x-amzn-waf-action with a value of captcha. The HTTP status code 405 Method Not Allowed. If the request contains an Accept header with a value of text/html, the response includes a CAPTCHA JavaScript page interstitial.
You can configure the expiration time in the CaptchaConfig ImmunityTimeProperty setting at the rule and web ACL level. The rule setting overrides the web ACL setting.
This action option is available for rules. It isn't available for web ACL default actions.
func (s CaptchaAction) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CaptchaAction) SetCustomRequestHandling(v *CustomRequestHandling) *CaptchaAction
SetCustomRequestHandling sets the CustomRequestHandling field's value.
func (s CaptchaAction) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CaptchaAction) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CaptchaConfig struct {
// Determines how long a CAPTCHA timestamp in the token remains valid after
// the client successfully solves a CAPTCHA puzzle.
ImmunityTimeProperty *ImmunityTimeProperty `type:"structure"`
// contains filtered or unexported fields
}
Specifies how WAF should handle CAPTCHA evaluations. This is available at the web ACL level and in each rule.
func (s CaptchaConfig) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CaptchaConfig) SetImmunityTimeProperty(v *ImmunityTimeProperty) *CaptchaConfig
SetImmunityTimeProperty sets the ImmunityTimeProperty field's value.
func (s CaptchaConfig) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CaptchaConfig) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CaptchaResponse struct {
// The reason for failure, populated when the evaluation of the token fails.
FailureReason *string `type:"string" enum:"FailureReason"`
// The HTTP response code indicating the status of the CAPTCHA token in the
// web request. If the token is missing, invalid, or expired, this code is 405
// Method Not Allowed.
ResponseCode *int64 `type:"integer"`
// The time that the CAPTCHA was last solved for the supplied token.
SolveTimestamp *int64 `type:"long"`
// contains filtered or unexported fields
}
The result from the inspection of the web request for a valid CAPTCHA token.
func (s CaptchaResponse) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CaptchaResponse) SetFailureReason(v string) *CaptchaResponse
SetFailureReason sets the FailureReason field's value.
func (s *CaptchaResponse) SetResponseCode(v int64) *CaptchaResponse
SetResponseCode sets the ResponseCode field's value.
func (s *CaptchaResponse) SetSolveTimestamp(v int64) *CaptchaResponse
SetSolveTimestamp sets the SolveTimestamp field's value.
func (s CaptchaResponse) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ChallengeAction struct {
// Defines custom handling for the web request, used when the challenge inspection
// determines that the request's token is valid and unexpired.
//
// For information about customizing web requests and responses, see Customizing
// web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
// in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
CustomRequestHandling *CustomRequestHandling `type:"structure"`
// contains filtered or unexported fields
}
Specifies that WAF should run a Challenge check against the request to verify that the request is coming from a legitimate client session:
If the request includes a valid, unexpired challenge token, WAF applies any custom request handling and labels that you've configured and then allows the web request inspection to proceed to the next rule, similar to a CountAction.
If the request doesn't include a valid, unexpired challenge token, WAF discontinues the web ACL evaluation of the request and blocks it from going to its intended destination. WAF then generates a challenge response that it sends back to the client, which includes the following: The header x-amzn-waf-action with a value of challenge. The HTTP status code 202 Request Accepted. If the request contains an Accept header with a value of text/html, the response includes a JavaScript page interstitial with a challenge script. Challenges run silent browser interrogations in the background, and don't generally affect the end user experience. A challenge enforces token acquisition using an interstitial JavaScript challenge that inspects the client session for legitimate behavior. The challenge blocks bots or at least increases the cost of operating sophisticated bots. After the client session successfully responds to the challenge, it receives a new token from WAF, which the challenge script uses to resubmit the original request.
You can configure the expiration time in the ChallengeConfig ImmunityTimeProperty setting at the rule and web ACL level. The rule setting overrides the web ACL setting.
This action option is available for rules. It isn't available for web ACL default actions.
func (s ChallengeAction) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ChallengeAction) SetCustomRequestHandling(v *CustomRequestHandling) *ChallengeAction
SetCustomRequestHandling sets the CustomRequestHandling field's value.
func (s ChallengeAction) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ChallengeAction) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ChallengeConfig struct {
// Determines how long a challenge timestamp in the token remains valid after
// the client successfully responds to a challenge.
ImmunityTimeProperty *ImmunityTimeProperty `type:"structure"`
// contains filtered or unexported fields
}
Specifies how WAF should handle Challenge evaluations. This is available at the web ACL level and in each rule.
func (s ChallengeConfig) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ChallengeConfig) SetImmunityTimeProperty(v *ImmunityTimeProperty) *ChallengeConfig
SetImmunityTimeProperty sets the ImmunityTimeProperty field's value.
func (s ChallengeConfig) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ChallengeConfig) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ChallengeResponse struct {
// The reason for failure, populated when the evaluation of the token fails.
FailureReason *string `type:"string" enum:"FailureReason"`
// The HTTP response code indicating the status of the challenge token in the
// web request. If the token is missing, invalid, or expired, this code is 202
// Request Accepted.
ResponseCode *int64 `type:"integer"`
// The time that the challenge was last solved for the supplied token.
SolveTimestamp *int64 `type:"long"`
// contains filtered or unexported fields
}
The result from the inspection of the web request for a valid challenge token.
func (s ChallengeResponse) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ChallengeResponse) SetFailureReason(v string) *ChallengeResponse
SetFailureReason sets the FailureReason field's value.
func (s *ChallengeResponse) SetResponseCode(v int64) *ChallengeResponse
SetResponseCode sets the ResponseCode field's value.
func (s *ChallengeResponse) SetSolveTimestamp(v int64) *ChallengeResponse
SetSolveTimestamp sets the SolveTimestamp field's value.
func (s ChallengeResponse) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type CheckCapacityInput struct {
// An array of Rule that you're configuring to use in a rule group or web ACL.
//
// Rules is a required field
Rules []*Rule `type:"list" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s CheckCapacityInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CheckCapacityInput) SetRules(v []*Rule) *CheckCapacityInput
SetRules sets the Rules field's value.
func (s *CheckCapacityInput) SetScope(v string) *CheckCapacityInput
SetScope sets the Scope field's value.
func (s CheckCapacityInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CheckCapacityInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CheckCapacityOutput struct {
// The capacity required by the rules and scope.
Capacity *int64 `type:"long"`
// contains filtered or unexported fields
}
func (s CheckCapacityOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CheckCapacityOutput) SetCapacity(v int64) *CheckCapacityOutput
SetCapacity sets the Capacity field's value.
func (s CheckCapacityOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type Condition struct {
// A single action condition. This is the action setting that a log record must
// contain in order to meet the condition.
ActionCondition *ActionCondition `type:"structure"`
// A single label name condition. This is the fully qualified label name that
// a log record must contain in order to meet the condition. Fully qualified
// labels have a prefix, optional namespaces, and label name. The prefix identifies
// the rule group or web ACL context of the rule that added the label.
LabelNameCondition *LabelNameCondition `type:"structure"`
// contains filtered or unexported fields
}
A single match condition for a Filter.
func (s Condition) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Condition) SetActionCondition(v *ActionCondition) *Condition
SetActionCondition sets the ActionCondition field's value.
func (s *Condition) SetLabelNameCondition(v *LabelNameCondition) *Condition
SetLabelNameCondition sets the LabelNameCondition field's value.
func (s Condition) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Condition) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CookieMatchPattern struct {
// Inspect all cookies.
All *All `type:"structure"`
// Inspect only the cookies whose keys don't match any of the strings specified
// here.
ExcludedCookies []*string `min:"1" type:"list"`
// Inspect only the cookies that have a key that matches one of the strings
// specified here.
IncludedCookies []*string `min:"1" type:"list"`
// contains filtered or unexported fields
}
The filter to use to identify the subset of cookies to inspect in a web request.
You must specify exactly one setting: either All, IncludedCookies, or ExcludedCookies.
Example JSON: "MatchPattern": { "IncludedCookies": {"KeyToInclude1", "KeyToInclude2", "KeyToInclude3"} }
func (s CookieMatchPattern) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CookieMatchPattern) SetAll(v *All) *CookieMatchPattern
SetAll sets the All field's value.
func (s *CookieMatchPattern) SetExcludedCookies(v []*string) *CookieMatchPattern
SetExcludedCookies sets the ExcludedCookies field's value.
func (s *CookieMatchPattern) SetIncludedCookies(v []*string) *CookieMatchPattern
SetIncludedCookies sets the IncludedCookies field's value.
func (s CookieMatchPattern) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CookieMatchPattern) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type Cookies struct {
// The filter to use to identify the subset of cookies to inspect in a web request.
//
// You must specify exactly one setting: either All, IncludedCookies, or ExcludedCookies.
//
// Example JSON: "MatchPattern": { "IncludedCookies": {"KeyToInclude1", "KeyToInclude2",
// "KeyToInclude3"} }
//
// MatchPattern is a required field
MatchPattern *CookieMatchPattern `type:"structure" required:"true"`
// The parts of the cookies to inspect with the rule inspection criteria. If
// you specify All, WAF inspects both keys and values.
//
// MatchScope is a required field
MatchScope *string `type:"string" required:"true" enum:"MapMatchScope"`
// What WAF should do if the cookies of the request are larger than WAF can
// inspect. WAF does not support inspecting the entire contents of request cookies
// when they exceed 8 KB (8192 bytes) or 200 total cookies. The underlying host
// service forwards a maximum of 200 cookies and at most 8 KB of cookie contents
// to WAF.
//
// The options for oversize handling are the following:
//
// * CONTINUE - Inspect the cookies normally, according to the rule inspection
// criteria.
//
// * MATCH - Treat the web request as matching the rule statement. WAF applies
// the rule action to the request.
//
// * NO_MATCH - Treat the web request as not matching the rule statement.
//
// OversizeHandling is a required field
OversizeHandling *string `type:"string" required:"true" enum:"OversizeHandling"`
// contains filtered or unexported fields
}
Inspect the cookies in the web request. You can specify the parts of the cookies to inspect and you can narrow the set of cookies to inspect by including or excluding specific keys.
This is used to indicate the web request component to inspect, in the FieldToMatch specification.
Example JSON: "Cookies": { "MatchPattern": { "All": {} }, "MatchScope": "KEY", "OversizeHandling": "MATCH" }
func (s Cookies) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Cookies) SetMatchPattern(v *CookieMatchPattern) *Cookies
SetMatchPattern sets the MatchPattern field's value.
func (s *Cookies) SetMatchScope(v string) *Cookies
SetMatchScope sets the MatchScope field's value.
func (s *Cookies) SetOversizeHandling(v string) *Cookies
SetOversizeHandling sets the OversizeHandling field's value.
func (s Cookies) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Cookies) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CountAction struct {
// Defines custom handling for the web request.
//
// For information about customizing web requests and responses, see Customizing
// web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
// in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
CustomRequestHandling *CustomRequestHandling `type:"structure"`
// contains filtered or unexported fields
}
Specifies that WAF should count the request. Optionally defines additional custom handling for the request.
This is used in the context of other settings, for example to specify values for RuleAction and web ACL DefaultAction.
func (s CountAction) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CountAction) SetCustomRequestHandling(v *CustomRequestHandling) *CountAction
SetCustomRequestHandling sets the CustomRequestHandling field's value.
func (s CountAction) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CountAction) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CreateIPSetInput struct {
// Contains an array of strings that specifies zero or more IP addresses or
// blocks of IP addresses. All addresses must be specified using Classless Inter-Domain
// Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges except
// for /0.
//
// Example address strings:
//
// * To configure WAF to allow, block, or count requests that originated
// from the IP address 192.0.2.44, specify 192.0.2.44/32.
//
// * To configure WAF to allow, block, or count requests that originated
// from IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24.
//
// * To configure WAF to allow, block, or count requests that originated
// from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128.
//
// * To configure WAF to allow, block, or count requests that originated
// from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff,
// specify 1111:0000:0000:0000:0000:0000:0000:0000/64.
//
// For more information about CIDR notation, see the Wikipedia entry Classless
// Inter-Domain Routing (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).
//
// Example JSON Addresses specifications:
//
// * Empty array: "Addresses": []
//
// * Array with one address: "Addresses": ["192.0.2.44/32"]
//
// * Array with three addresses: "Addresses": ["192.0.2.44/32", "192.0.2.0/24",
// "192.0.0.0/16"]
//
// * INVALID specification: "Addresses": [""] INVALID
//
// Addresses is a required field
Addresses []*string `type:"list" required:"true"`
// A description of the IP set that helps with identification.
Description *string `min:"1" type:"string"`
// The version of the IP addresses, either IPV4 or IPV6.
//
// IPAddressVersion is a required field
IPAddressVersion *string `type:"string" required:"true" enum:"IPAddressVersion"`
// The name of the IP set. You cannot change the name of an IPSet after you
// create it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// An array of key:value pairs to associate with the resource.
Tags []*Tag `min:"1" type:"list"`
// contains filtered or unexported fields
}
func (s CreateIPSetInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateIPSetInput) SetAddresses(v []*string) *CreateIPSetInput
SetAddresses sets the Addresses field's value.
func (s *CreateIPSetInput) SetDescription(v string) *CreateIPSetInput
SetDescription sets the Description field's value.
func (s *CreateIPSetInput) SetIPAddressVersion(v string) *CreateIPSetInput
SetIPAddressVersion sets the IPAddressVersion field's value.
func (s *CreateIPSetInput) SetName(v string) *CreateIPSetInput
SetName sets the Name field's value.
func (s *CreateIPSetInput) SetScope(v string) *CreateIPSetInput
SetScope sets the Scope field's value.
func (s *CreateIPSetInput) SetTags(v []*Tag) *CreateIPSetInput
SetTags sets the Tags field's value.
func (s CreateIPSetInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateIPSetInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CreateIPSetOutput struct {
// High-level information about an IPSet, returned by operations like create
// and list. This provides information like the ID, that you can use to retrieve
// and manage an IPSet, and the ARN, that you provide to the IPSetReferenceStatement
// to use the address set in a Rule.
Summary *IPSetSummary `type:"structure"`
// contains filtered or unexported fields
}
func (s CreateIPSetOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateIPSetOutput) SetSummary(v *IPSetSummary) *CreateIPSetOutput
SetSummary sets the Summary field's value.
func (s CreateIPSetOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type CreateRegexPatternSetInput struct {
// A description of the set that helps with identification.
Description *string `min:"1" type:"string"`
// The name of the set. You cannot change the name after you create the set.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Array of regular expression strings.
//
// RegularExpressionList is a required field
RegularExpressionList []*Regex `type:"list" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// An array of key:value pairs to associate with the resource.
Tags []*Tag `min:"1" type:"list"`
// contains filtered or unexported fields
}
func (s CreateRegexPatternSetInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateRegexPatternSetInput) SetDescription(v string) *CreateRegexPatternSetInput
SetDescription sets the Description field's value.
func (s *CreateRegexPatternSetInput) SetName(v string) *CreateRegexPatternSetInput
SetName sets the Name field's value.
func (s *CreateRegexPatternSetInput) SetRegularExpressionList(v []*Regex) *CreateRegexPatternSetInput
SetRegularExpressionList sets the RegularExpressionList field's value.
func (s *CreateRegexPatternSetInput) SetScope(v string) *CreateRegexPatternSetInput
SetScope sets the Scope field's value.
func (s *CreateRegexPatternSetInput) SetTags(v []*Tag) *CreateRegexPatternSetInput
SetTags sets the Tags field's value.
func (s CreateRegexPatternSetInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateRegexPatternSetInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CreateRegexPatternSetOutput struct {
// High-level information about a RegexPatternSet, returned by operations like
// create and list. This provides information like the ID, that you can use
// to retrieve and manage a RegexPatternSet, and the ARN, that you provide to
// the RegexPatternSetReferenceStatement to use the pattern set in a Rule.
Summary *RegexPatternSetSummary `type:"structure"`
// contains filtered or unexported fields
}
func (s CreateRegexPatternSetOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateRegexPatternSetOutput) SetSummary(v *RegexPatternSetSummary) *CreateRegexPatternSetOutput
SetSummary sets the Summary field's value.
func (s CreateRegexPatternSetOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type CreateRuleGroupInput struct {
// The web ACL capacity units (WCUs) required for this rule group.
//
// When you create your own rule group, you define this, and you cannot change
// it after creation. When you add or modify the rules in a rule group, WAF
// enforces this limit. You can check the capacity for a set of rules using
// CheckCapacity.
//
// WAF uses WCUs to calculate and control the operating resources that are used
// to run your rules, rule groups, and web ACLs. WAF calculates capacity differently
// for each rule type, to reflect the relative cost of each rule. Simple rules
// that cost little to run use fewer WCUs than more complex rules that use more
// processing power. Rule group capacity is fixed at creation, which helps users
// plan their web ACL WCU usage when they use a rule group. The WCU limit for
// web ACLs is 1,500.
//
// Capacity is a required field
Capacity *int64 `min:"1" type:"long" required:"true"`
// A map of custom response keys and content bodies. When you create a rule
// with a block action, you can send a custom response to the web request. You
// define these for the rule group, and then use them in the rules that you
// define in the rule group.
//
// For information about customizing web requests and responses, see Customizing
// web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
// in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
//
// For information about the limits on count and size for custom request and
// response settings, see WAF quotas (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html)
// in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
CustomResponseBodies map[string]*CustomResponseBody `min:"1" type:"map"`
// A description of the rule group that helps with identification.
Description *string `min:"1" type:"string"`
// The name of the rule group. You cannot change the name of a rule group after
// you create it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// The Rule statements used to identify the web requests that you want to allow,
// block, or count. Each rule includes one top-level statement that WAF uses
// to identify matching web requests, and parameters that govern how WAF handles
// them.
Rules []*Rule `type:"list"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// An array of key:value pairs to associate with the resource.
Tags []*Tag `min:"1" type:"list"`
// Defines and enables Amazon CloudWatch metrics and web request sample collection.
//
// VisibilityConfig is a required field
VisibilityConfig *VisibilityConfig `type:"structure" required:"true"`
// contains filtered or unexported fields
}
func (s CreateRuleGroupInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateRuleGroupInput) SetCapacity(v int64) *CreateRuleGroupInput
SetCapacity sets the Capacity field's value.
func (s *CreateRuleGroupInput) SetCustomResponseBodies(v map[string]*CustomResponseBody) *CreateRuleGroupInput
SetCustomResponseBodies sets the CustomResponseBodies field's value.
func (s *CreateRuleGroupInput) SetDescription(v string) *CreateRuleGroupInput
SetDescription sets the Description field's value.
func (s *CreateRuleGroupInput) SetName(v string) *CreateRuleGroupInput
SetName sets the Name field's value.
func (s *CreateRuleGroupInput) SetRules(v []*Rule) *CreateRuleGroupInput
SetRules sets the Rules field's value.
func (s *CreateRuleGroupInput) SetScope(v string) *CreateRuleGroupInput
SetScope sets the Scope field's value.
func (s *CreateRuleGroupInput) SetTags(v []*Tag) *CreateRuleGroupInput
SetTags sets the Tags field's value.
func (s *CreateRuleGroupInput) SetVisibilityConfig(v *VisibilityConfig) *CreateRuleGroupInput
SetVisibilityConfig sets the VisibilityConfig field's value.
func (s CreateRuleGroupInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateRuleGroupInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CreateRuleGroupOutput struct {
// High-level information about a RuleGroup, returned by operations like create
// and list. This provides information like the ID, that you can use to retrieve
// and manage a RuleGroup, and the ARN, that you provide to the RuleGroupReferenceStatement
// to use the rule group in a Rule.
Summary *RuleGroupSummary `type:"structure"`
// contains filtered or unexported fields
}
func (s CreateRuleGroupOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateRuleGroupOutput) SetSummary(v *RuleGroupSummary) *CreateRuleGroupOutput
SetSummary sets the Summary field's value.
func (s CreateRuleGroupOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type CreateWebACLInput struct {
// Specifies how WAF should handle CAPTCHA evaluations for rules that don't
// have their own CaptchaConfig settings. If you don't specify this, WAF uses
// its default settings for CaptchaConfig.
CaptchaConfig *CaptchaConfig `type:"structure"`
// Specifies how WAF should handle challenge evaluations for rules that don't
// have their own ChallengeConfig settings. If you don't specify this, WAF uses
// its default settings for ChallengeConfig.
ChallengeConfig *ChallengeConfig `type:"structure"`
// A map of custom response keys and content bodies. When you create a rule
// with a block action, you can send a custom response to the web request. You
// define these for the web ACL, and then use them in the rules and default
// actions that you define in the web ACL.
//
// For information about customizing web requests and responses, see Customizing
// web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
// in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
//
// For information about the limits on count and size for custom request and
// response settings, see WAF quotas (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html)
// in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
CustomResponseBodies map[string]*CustomResponseBody `min:"1" type:"map"`
// The action to perform if none of the Rules contained in the WebACL match.
//
// DefaultAction is a required field
DefaultAction *DefaultAction `type:"structure" required:"true"`
// A description of the web ACL that helps with identification.
Description *string `min:"1" type:"string"`
// The name of the web ACL. You cannot change the name of a web ACL after you
// create it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// The Rule statements used to identify the web requests that you want to allow,
// block, or count. Each rule includes one top-level statement that WAF uses
// to identify matching web requests, and parameters that govern how WAF handles
// them.
Rules []*Rule `type:"list"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// An array of key:value pairs to associate with the resource.
Tags []*Tag `min:"1" type:"list"`
// Specifies the domains that WAF should accept in a web request token. This
// enables the use of tokens across multiple protected websites. When WAF provides
// a token, it uses the domain of the Amazon Web Services resource that the
// web ACL is protecting. If you don't specify a list of token domains, WAF
// accepts tokens only for the domain of the protected resource. With a token
// domain list, WAF accepts the resource's host domain plus all domains in the
// token domain list, including their prefixed subdomains.
//
// Example JSON: "TokenDomains": { "mywebsite.com", "myotherwebsite.com" }
//
// Public suffixes aren't allowed. For example, you can't use usa.gov or co.uk
// as token domains.
TokenDomains []*string `type:"list"`
// Defines and enables Amazon CloudWatch metrics and web request sample collection.
//
// VisibilityConfig is a required field
VisibilityConfig *VisibilityConfig `type:"structure" required:"true"`
// contains filtered or unexported fields
}
func (s CreateWebACLInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateWebACLInput) SetCaptchaConfig(v *CaptchaConfig) *CreateWebACLInput
SetCaptchaConfig sets the CaptchaConfig field's value.
func (s *CreateWebACLInput) SetChallengeConfig(v *ChallengeConfig) *CreateWebACLInput
SetChallengeConfig sets the ChallengeConfig field's value.
func (s *CreateWebACLInput) SetCustomResponseBodies(v map[string]*CustomResponseBody) *CreateWebACLInput
SetCustomResponseBodies sets the CustomResponseBodies field's value.
func (s *CreateWebACLInput) SetDefaultAction(v *DefaultAction) *CreateWebACLInput
SetDefaultAction sets the DefaultAction field's value.
func (s *CreateWebACLInput) SetDescription(v string) *CreateWebACLInput
SetDescription sets the Description field's value.
func (s *CreateWebACLInput) SetName(v string) *CreateWebACLInput
SetName sets the Name field's value.
func (s *CreateWebACLInput) SetRules(v []*Rule) *CreateWebACLInput
SetRules sets the Rules field's value.
func (s *CreateWebACLInput) SetScope(v string) *CreateWebACLInput
SetScope sets the Scope field's value.
func (s *CreateWebACLInput) SetTags(v []*Tag) *CreateWebACLInput
SetTags sets the Tags field's value.
func (s *CreateWebACLInput) SetTokenDomains(v []*string) *CreateWebACLInput
SetTokenDomains sets the TokenDomains field's value.
func (s *CreateWebACLInput) SetVisibilityConfig(v *VisibilityConfig) *CreateWebACLInput
SetVisibilityConfig sets the VisibilityConfig field's value.
func (s CreateWebACLInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateWebACLInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CreateWebACLOutput struct {
// High-level information about a WebACL, returned by operations like create
// and list. This provides information like the ID, that you can use to retrieve
// and manage a WebACL, and the ARN, that you provide to operations like AssociateWebACL.
Summary *WebACLSummary `type:"structure"`
// contains filtered or unexported fields
}
func (s CreateWebACLOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CreateWebACLOutput) SetSummary(v *WebACLSummary) *CreateWebACLOutput
SetSummary sets the Summary field's value.
func (s CreateWebACLOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type CustomHTTPHeader struct {
// The name of the custom header.
//
// For custom request header insertion, when WAF inserts the header into the
// request, it prefixes this name x-amzn-waf-, to avoid confusion with the headers
// that are already in the request. For example, for the header name sample,
// WAF inserts the header x-amzn-waf-sample.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// The value of the custom header.
//
// Value is a required field
Value *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
A custom header for custom request and response handling. This is used in CustomResponse and CustomRequestHandling.
func (s CustomHTTPHeader) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CustomHTTPHeader) SetName(v string) *CustomHTTPHeader
SetName sets the Name field's value.
func (s *CustomHTTPHeader) SetValue(v string) *CustomHTTPHeader
SetValue sets the Value field's value.
func (s CustomHTTPHeader) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CustomHTTPHeader) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CustomRequestHandling struct {
// The HTTP headers to insert into the request. Duplicate header names are not
// allowed.
//
// For information about the limits on count and size for custom request and
// response settings, see WAF quotas (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html)
// in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
//
// InsertHeaders is a required field
InsertHeaders []*CustomHTTPHeader `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
Custom request handling behavior that inserts custom headers into a web request. You can add custom request handling for WAF to use when the rule action doesn't block the request. For example, CaptchaAction for requests with valid t okens, and AllowAction.
For information about customizing web requests and responses, see Customizing web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html) in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
func (s CustomRequestHandling) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CustomRequestHandling) SetInsertHeaders(v []*CustomHTTPHeader) *CustomRequestHandling
SetInsertHeaders sets the InsertHeaders field's value.
func (s CustomRequestHandling) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CustomRequestHandling) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CustomResponse struct {
// References the response body that you want WAF to return to the web request
// client. You can define a custom response for a rule action or a default web
// ACL action that is set to block. To do this, you first define the response
// body key and value in the CustomResponseBodies setting for the WebACL or
// RuleGroup where you want to use it. Then, in the rule action or web ACL default
// action BlockAction setting, you reference the response body using this key.
CustomResponseBodyKey *string `min:"1" type:"string"`
// The HTTP status code to return to the client.
//
// For a list of status codes that you can use in your custom responses, see
// Supported status codes for custom response (https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html)
// in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
//
// ResponseCode is a required field
ResponseCode *int64 `min:"200" type:"integer" required:"true"`
// The HTTP headers to use in the response. Duplicate header names are not allowed.
//
// For information about the limits on count and size for custom request and
// response settings, see WAF quotas (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html)
// in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
ResponseHeaders []*CustomHTTPHeader `min:"1" type:"list"`
// contains filtered or unexported fields
}
A custom response to send to the client. You can define a custom response for rule actions and default web ACL actions that are set to BlockAction.
For information about customizing web requests and responses, see Customizing web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html) in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
func (s CustomResponse) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CustomResponse) SetCustomResponseBodyKey(v string) *CustomResponse
SetCustomResponseBodyKey sets the CustomResponseBodyKey field's value.
func (s *CustomResponse) SetResponseCode(v int64) *CustomResponse
SetResponseCode sets the ResponseCode field's value.
func (s *CustomResponse) SetResponseHeaders(v []*CustomHTTPHeader) *CustomResponse
SetResponseHeaders sets the ResponseHeaders field's value.
func (s CustomResponse) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CustomResponse) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type CustomResponseBody struct {
// The payload of the custom response.
//
// You can use JSON escape strings in JSON content. To do this, you must specify
// JSON content in the ContentType setting.
//
// For information about the limits on count and size for custom request and
// response settings, see WAF quotas (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html)
// in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
//
// Content is a required field
Content *string `min:"1" type:"string" required:"true"`
// The type of content in the payload that you are defining in the Content string.
//
// ContentType is a required field
ContentType *string `type:"string" required:"true" enum:"ResponseContentType"`
// contains filtered or unexported fields
}
The response body to use in a custom response to a web request. This is referenced by key from CustomResponse CustomResponseBodyKey.
func (s CustomResponseBody) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CustomResponseBody) SetContent(v string) *CustomResponseBody
SetContent sets the Content field's value.
func (s *CustomResponseBody) SetContentType(v string) *CustomResponseBody
SetContentType sets the ContentType field's value.
func (s CustomResponseBody) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *CustomResponseBody) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DefaultAction struct {
// Specifies that WAF should allow requests by default.
Allow *AllowAction `type:"structure"`
// Specifies that WAF should block requests by default.
Block *BlockAction `type:"structure"`
// contains filtered or unexported fields
}
In a WebACL, this is the action that you want WAF to perform when a web request doesn't match any of the rules in the WebACL. The default action must be a terminating action.
func (s DefaultAction) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DefaultAction) SetAllow(v *AllowAction) *DefaultAction
SetAllow sets the Allow field's value.
func (s *DefaultAction) SetBlock(v *BlockAction) *DefaultAction
SetBlock sets the Block field's value.
func (s DefaultAction) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DefaultAction) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DeleteFirewallManagerRuleGroupsInput struct {
// The Amazon Resource Name (ARN) of the web ACL.
//
// WebACLArn is a required field
WebACLArn *string `min:"20" type:"string" required:"true"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
//
// WebACLLockToken is a required field
WebACLLockToken *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s DeleteFirewallManagerRuleGroupsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteFirewallManagerRuleGroupsInput) SetWebACLArn(v string) *DeleteFirewallManagerRuleGroupsInput
SetWebACLArn sets the WebACLArn field's value.
func (s *DeleteFirewallManagerRuleGroupsInput) SetWebACLLockToken(v string) *DeleteFirewallManagerRuleGroupsInput
SetWebACLLockToken sets the WebACLLockToken field's value.
func (s DeleteFirewallManagerRuleGroupsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteFirewallManagerRuleGroupsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DeleteFirewallManagerRuleGroupsOutput struct {
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
NextWebACLLockToken *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
func (s DeleteFirewallManagerRuleGroupsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteFirewallManagerRuleGroupsOutput) SetNextWebACLLockToken(v string) *DeleteFirewallManagerRuleGroupsOutput
SetNextWebACLLockToken sets the NextWebACLLockToken field's value.
func (s DeleteFirewallManagerRuleGroupsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DeleteIPSetInput struct {
// A unique identifier for the set. This ID is returned in the responses to
// create and list commands. You provide it to operations like update and delete.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
//
// LockToken is a required field
LockToken *string `min:"1" type:"string" required:"true"`
// The name of the IP set. You cannot change the name of an IPSet after you
// create it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s DeleteIPSetInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteIPSetInput) SetId(v string) *DeleteIPSetInput
SetId sets the Id field's value.
func (s *DeleteIPSetInput) SetLockToken(v string) *DeleteIPSetInput
SetLockToken sets the LockToken field's value.
func (s *DeleteIPSetInput) SetName(v string) *DeleteIPSetInput
SetName sets the Name field's value.
func (s *DeleteIPSetInput) SetScope(v string) *DeleteIPSetInput
SetScope sets the Scope field's value.
func (s DeleteIPSetInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteIPSetInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DeleteIPSetOutput struct {
// contains filtered or unexported fields
}
func (s DeleteIPSetOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s DeleteIPSetOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DeleteLoggingConfigurationInput struct {
// The Amazon Resource Name (ARN) of the web ACL from which you want to delete
// the LoggingConfiguration.
//
// ResourceArn is a required field
ResourceArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s DeleteLoggingConfigurationInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteLoggingConfigurationInput) SetResourceArn(v string) *DeleteLoggingConfigurationInput
SetResourceArn sets the ResourceArn field's value.
func (s DeleteLoggingConfigurationInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteLoggingConfigurationInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DeleteLoggingConfigurationOutput struct {
// contains filtered or unexported fields
}
func (s DeleteLoggingConfigurationOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s DeleteLoggingConfigurationOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DeletePermissionPolicyInput struct {
// The Amazon Resource Name (ARN) of the rule group from which you want to delete
// the policy.
//
// You must be the owner of the rule group to perform this operation.
//
// ResourceArn is a required field
ResourceArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s DeletePermissionPolicyInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeletePermissionPolicyInput) SetResourceArn(v string) *DeletePermissionPolicyInput
SetResourceArn sets the ResourceArn field's value.
func (s DeletePermissionPolicyInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeletePermissionPolicyInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DeletePermissionPolicyOutput struct {
// contains filtered or unexported fields
}
func (s DeletePermissionPolicyOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s DeletePermissionPolicyOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DeleteRegexPatternSetInput struct {
// A unique identifier for the set. This ID is returned in the responses to
// create and list commands. You provide it to operations like update and delete.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
//
// LockToken is a required field
LockToken *string `min:"1" type:"string" required:"true"`
// The name of the set. You cannot change the name after you create the set.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s DeleteRegexPatternSetInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteRegexPatternSetInput) SetId(v string) *DeleteRegexPatternSetInput
SetId sets the Id field's value.
func (s *DeleteRegexPatternSetInput) SetLockToken(v string) *DeleteRegexPatternSetInput
SetLockToken sets the LockToken field's value.
func (s *DeleteRegexPatternSetInput) SetName(v string) *DeleteRegexPatternSetInput
SetName sets the Name field's value.
func (s *DeleteRegexPatternSetInput) SetScope(v string) *DeleteRegexPatternSetInput
SetScope sets the Scope field's value.
func (s DeleteRegexPatternSetInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteRegexPatternSetInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DeleteRegexPatternSetOutput struct {
// contains filtered or unexported fields
}
func (s DeleteRegexPatternSetOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s DeleteRegexPatternSetOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DeleteRuleGroupInput struct {
// A unique identifier for the rule group. This ID is returned in the responses
// to create and list commands. You provide it to operations like update and
// delete.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
//
// LockToken is a required field
LockToken *string `min:"1" type:"string" required:"true"`
// The name of the rule group. You cannot change the name of a rule group after
// you create it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s DeleteRuleGroupInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteRuleGroupInput) SetId(v string) *DeleteRuleGroupInput
SetId sets the Id field's value.
func (s *DeleteRuleGroupInput) SetLockToken(v string) *DeleteRuleGroupInput
SetLockToken sets the LockToken field's value.
func (s *DeleteRuleGroupInput) SetName(v string) *DeleteRuleGroupInput
SetName sets the Name field's value.
func (s *DeleteRuleGroupInput) SetScope(v string) *DeleteRuleGroupInput
SetScope sets the Scope field's value.
func (s DeleteRuleGroupInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteRuleGroupInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DeleteRuleGroupOutput struct {
// contains filtered or unexported fields
}
func (s DeleteRuleGroupOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s DeleteRuleGroupOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DeleteWebACLInput struct {
// The unique identifier for the web ACL. This ID is returned in the responses
// to create and list commands. You provide it to operations like update and
// delete.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
//
// LockToken is a required field
LockToken *string `min:"1" type:"string" required:"true"`
// The name of the web ACL. You cannot change the name of a web ACL after you
// create it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s DeleteWebACLInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteWebACLInput) SetId(v string) *DeleteWebACLInput
SetId sets the Id field's value.
func (s *DeleteWebACLInput) SetLockToken(v string) *DeleteWebACLInput
SetLockToken sets the LockToken field's value.
func (s *DeleteWebACLInput) SetName(v string) *DeleteWebACLInput
SetName sets the Name field's value.
func (s *DeleteWebACLInput) SetScope(v string) *DeleteWebACLInput
SetScope sets the Scope field's value.
func (s DeleteWebACLInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DeleteWebACLInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DeleteWebACLOutput struct {
// contains filtered or unexported fields
}
func (s DeleteWebACLOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s DeleteWebACLOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DescribeManagedRuleGroupInput struct {
// The name of the managed rule group. You use this, along with the vendor name,
// to identify the rule group.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// The name of the managed rule group vendor. You use this, along with the rule
// group name, to identify the rule group.
//
// VendorName is a required field
VendorName *string `min:"1" type:"string" required:"true"`
// The version of the rule group. You can only use a version that is not scheduled
// for expiration. If you don't provide this, WAF uses the vendor's default
// version.
VersionName *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
func (s DescribeManagedRuleGroupInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DescribeManagedRuleGroupInput) SetName(v string) *DescribeManagedRuleGroupInput
SetName sets the Name field's value.
func (s *DescribeManagedRuleGroupInput) SetScope(v string) *DescribeManagedRuleGroupInput
SetScope sets the Scope field's value.
func (s *DescribeManagedRuleGroupInput) SetVendorName(v string) *DescribeManagedRuleGroupInput
SetVendorName sets the VendorName field's value.
func (s *DescribeManagedRuleGroupInput) SetVersionName(v string) *DescribeManagedRuleGroupInput
SetVersionName sets the VersionName field's value.
func (s DescribeManagedRuleGroupInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DescribeManagedRuleGroupInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DescribeManagedRuleGroupOutput struct {
// The labels that one or more rules in this rule group add to matching web
// requests. These labels are defined in the RuleLabels for a Rule.
AvailableLabels []*LabelSummary `type:"list"`
// The web ACL capacity units (WCUs) required for this rule group. WAF uses
// web ACL capacity units (WCU) to calculate and control the operating resources
// that are used to run your rules, rule groups, and web ACLs. WAF calculates
// capacity differently for each rule type, to reflect each rule's relative
// cost. Rule group capacity is fixed at creation, so users can plan their web
// ACL WCU usage when they use a rule group. The WCU limit for web ACLs is 1,500.
Capacity *int64 `min:"1" type:"long"`
// The labels that one or more rules in this rule group match against in label
// match statements. These labels are defined in a LabelMatchStatement specification,
// in the Statement definition of a rule.
ConsumedLabels []*LabelSummary `type:"list"`
// The label namespace prefix for this rule group. All labels added by rules
// in this rule group have this prefix.
//
// * The syntax for the label namespace prefix for a managed rule group is
// the following: awswaf:managed:<vendor>:<rule group name>:
//
// * When a rule with a label matches a web request, WAF adds the fully qualified
// label to the request. A fully qualified label is made up of the label
// namespace from the rule group or web ACL where the rule is defined and
// the label from the rule, separated by a colon: <label namespace>:<label
// from rule>
LabelNamespace *string `min:"1" type:"string"`
Rules []*RuleSummary `type:"list"`
// The Amazon resource name (ARN) of the Amazon Simple Notification Service
// SNS topic that's used to record changes to the managed rule group. You can
// subscribe to the SNS topic to receive notifications when the managed rule
// group is modified, such as for new versions and for version expiration. For
// more information, see the Amazon Simple Notification Service Developer Guide
// (https://docs.aws.amazon.com/sns/latest/dg/welcome.html).
SnsTopicArn *string `min:"20" type:"string"`
// The managed rule group's version.
VersionName *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
func (s DescribeManagedRuleGroupOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DescribeManagedRuleGroupOutput) SetAvailableLabels(v []*LabelSummary) *DescribeManagedRuleGroupOutput
SetAvailableLabels sets the AvailableLabels field's value.
func (s *DescribeManagedRuleGroupOutput) SetCapacity(v int64) *DescribeManagedRuleGroupOutput
SetCapacity sets the Capacity field's value.
func (s *DescribeManagedRuleGroupOutput) SetConsumedLabels(v []*LabelSummary) *DescribeManagedRuleGroupOutput
SetConsumedLabels sets the ConsumedLabels field's value.
func (s *DescribeManagedRuleGroupOutput) SetLabelNamespace(v string) *DescribeManagedRuleGroupOutput
SetLabelNamespace sets the LabelNamespace field's value.
func (s *DescribeManagedRuleGroupOutput) SetRules(v []*RuleSummary) *DescribeManagedRuleGroupOutput
SetRules sets the Rules field's value.
func (s *DescribeManagedRuleGroupOutput) SetSnsTopicArn(v string) *DescribeManagedRuleGroupOutput
SetSnsTopicArn sets the SnsTopicArn field's value.
func (s *DescribeManagedRuleGroupOutput) SetVersionName(v string) *DescribeManagedRuleGroupOutput
SetVersionName sets the VersionName field's value.
func (s DescribeManagedRuleGroupOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type DisassociateWebACLInput struct {
// The Amazon Resource Name (ARN) of the resource to disassociate from the web
// ACL.
//
// The ARN must be in one of the following formats:
//
// * For an Application Load Balancer: arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
//
// * For an Amazon API Gateway REST API: arn:aws:apigateway:region::/restapis/api-id/stages/stage-name
//
// * For an AppSync GraphQL API: arn:aws:appsync:region:account-id:apis/GraphQLApiId
//
// * For an Amazon Cognito user pool: arn:aws:cognito-idp:region:account-id:userpool/user-pool-id
//
// * For an App Runner service: arn:aws:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
//
// ResourceArn is a required field
ResourceArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s DisassociateWebACLInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DisassociateWebACLInput) SetResourceArn(v string) *DisassociateWebACLInput
SetResourceArn sets the ResourceArn field's value.
func (s DisassociateWebACLInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *DisassociateWebACLInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type DisassociateWebACLOutput struct {
// contains filtered or unexported fields
}
func (s DisassociateWebACLOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s DisassociateWebACLOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ExcludedRule struct {
// The name of the rule whose action you want to override to Count.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
Specifies a single rule in a rule group whose action you want to override to Count.
Instead of this option, use RuleActionOverrides. It accepts any valid action setting, including Count.
func (s ExcludedRule) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ExcludedRule) SetName(v string) *ExcludedRule
SetName sets the Name field's value.
func (s ExcludedRule) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ExcludedRule) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type FieldToMatch struct {
// Inspect all query arguments.
AllQueryArguments *AllQueryArguments `type:"structure"`
// Inspect the request body as plain text. The request body immediately follows
// the request headers. This is the part of a request that contains any additional
// data that you want to send to your web server as the HTTP request body, such
// as data from a form.
//
// Only the first 8 KB (8192 bytes) of the request body are forwarded to WAF
// for inspection by the underlying host service. For information about how
// to handle oversized request bodies, see the Body object configuration.
Body *Body `type:"structure"`
// Inspect the request cookies. You must configure scope and pattern matching
// filters in the Cookies object, to define the set of cookies and the parts
// of the cookies that WAF inspects.
//
// Only the first 8 KB (8192 bytes) of a request's cookies and only the first
// 200 cookies are forwarded to WAF for inspection by the underlying host service.
// You must configure how to handle any oversize cookie content in the Cookies
// object. WAF applies the pattern matching filters to the cookies that it receives
// from the underlying host service.
Cookies *Cookies `type:"structure"`
// Inspect the request headers. You must configure scope and pattern matching
// filters in the Headers object, to define the set of headers to and the parts
// of the headers that WAF inspects.
//
// Only the first 8 KB (8192 bytes) of a request's headers and only the first
// 200 headers are forwarded to WAF for inspection by the underlying host service.
// You must configure how to handle any oversize header content in the Headers
// object. WAF applies the pattern matching filters to the headers that it receives
// from the underlying host service.
Headers *Headers `type:"structure"`
// Inspect the request body as JSON. The request body immediately follows the
// request headers. This is the part of a request that contains any additional
// data that you want to send to your web server as the HTTP request body, such
// as data from a form.
//
// Only the first 8 KB (8192 bytes) of the request body are forwarded to WAF
// for inspection by the underlying host service. For information about how
// to handle oversized request bodies, see the JsonBody object configuration.
JsonBody *JsonBody `type:"structure"`
// Inspect the HTTP method. The method indicates the type of operation that
// the request is asking the origin to perform.
Method *Method `type:"structure"`
// Inspect the query string. This is the part of a URL that appears after a
// ? character, if any.
QueryString *QueryString `type:"structure"`
// Inspect a single header. Provide the name of the header to inspect, for example,
// User-Agent or Referer. This setting isn't case sensitive.
//
// Example JSON: "SingleHeader": { "Name": "haystack" }
//
// Alternately, you can filter and inspect all headers with the Headers FieldToMatch
// setting.
SingleHeader *SingleHeader `type:"structure"`
// Inspect a single query argument. Provide the name of the query argument to
// inspect, such as UserName or SalesRegion. The name can be up to 30 characters
// long and isn't case sensitive.
//
// Example JSON: "SingleQueryArgument": { "Name": "myArgument" }
SingleQueryArgument *SingleQueryArgument `type:"structure"`
// Inspect the request URI path. This is the part of the web request that identifies
// a resource, for example, /images/daily-ad.jpg.
UriPath *UriPath `type:"structure"`
// contains filtered or unexported fields
}
The part of the web request that you want WAF to inspect. Include the single FieldToMatch type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in FieldToMatch for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component.
Example JSON for a QueryString field to match:
"FieldToMatch": { "QueryString": {} }
Example JSON for a Method field to match specification:
"FieldToMatch": { "Method": { "Name": "DELETE" } }
func (s FieldToMatch) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *FieldToMatch) SetAllQueryArguments(v *AllQueryArguments) *FieldToMatch
SetAllQueryArguments sets the AllQueryArguments field's value.
func (s *FieldToMatch) SetBody(v *Body) *FieldToMatch
SetBody sets the Body field's value.
func (s *FieldToMatch) SetCookies(v *Cookies) *FieldToMatch
SetCookies sets the Cookies field's value.
func (s *FieldToMatch) SetHeaders(v *Headers) *FieldToMatch
SetHeaders sets the Headers field's value.
func (s *FieldToMatch) SetJsonBody(v *JsonBody) *FieldToMatch
SetJsonBody sets the JsonBody field's value.
func (s *FieldToMatch) SetMethod(v *Method) *FieldToMatch
SetMethod sets the Method field's value.
func (s *FieldToMatch) SetQueryString(v *QueryString) *FieldToMatch
SetQueryString sets the QueryString field's value.
func (s *FieldToMatch) SetSingleHeader(v *SingleHeader) *FieldToMatch
SetSingleHeader sets the SingleHeader field's value.
func (s *FieldToMatch) SetSingleQueryArgument(v *SingleQueryArgument) *FieldToMatch
SetSingleQueryArgument sets the SingleQueryArgument field's value.
func (s *FieldToMatch) SetUriPath(v *UriPath) *FieldToMatch
SetUriPath sets the UriPath field's value.
func (s FieldToMatch) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *FieldToMatch) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type Filter struct {
// How to handle logs that satisfy the filter's conditions and requirement.
//
// Behavior is a required field
Behavior *string `type:"string" required:"true" enum:"FilterBehavior"`
// Match conditions for the filter.
//
// Conditions is a required field
Conditions []*Condition `min:"1" type:"list" required:"true"`
// Logic to apply to the filtering conditions. You can specify that, in order
// to satisfy the filter, a log must match all conditions or must match at least
// one condition.
//
// Requirement is a required field
Requirement *string `type:"string" required:"true" enum:"FilterRequirement"`
// contains filtered or unexported fields
}
A single logging filter, used in LoggingFilter.
func (s Filter) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Filter) SetBehavior(v string) *Filter
SetBehavior sets the Behavior field's value.
func (s *Filter) SetConditions(v []*Condition) *Filter
SetConditions sets the Conditions field's value.
func (s *Filter) SetRequirement(v string) *Filter
SetRequirement sets the Requirement field's value.
func (s Filter) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Filter) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type FirewallManagerRuleGroup struct {
// The processing guidance for an Firewall Manager rule. This is like a regular
// rule Statement, but it can only contain a rule group reference.
//
// FirewallManagerStatement is a required field
FirewallManagerStatement *FirewallManagerStatement `type:"structure" required:"true"`
// The name of the rule group. You cannot change the name of a rule group after
// you create it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// The action to use in the place of the action that results from the rule group
// evaluation. Set the override action to none to leave the result of the rule
// group alone. Set it to count to override the result to count only.
//
// You can only use this for rule statements that reference a rule group, like
// RuleGroupReferenceStatement and ManagedRuleGroupStatement.
//
// This option is usually set to none. It does not affect how the rules in the
// rule group are evaluated. If you want the rules in the rule group to only
// count matches, do not use this and instead use the rule action override option,
// with Count action, in your rule group reference statement settings.
//
// OverrideAction is a required field
OverrideAction *OverrideAction `type:"structure" required:"true"`
// If you define more than one rule group in the first or last Firewall Manager
// rule groups, WAF evaluates each request against the rule groups in order,
// starting from the lowest priority setting. The priorities don't need to be
// consecutive, but they must all be different.
//
// Priority is a required field
Priority *int64 `type:"integer" required:"true"`
// Defines and enables Amazon CloudWatch metrics and web request sample collection.
//
// VisibilityConfig is a required field
VisibilityConfig *VisibilityConfig `type:"structure" required:"true"`
// contains filtered or unexported fields
}
A rule group that's defined for an Firewall Manager WAF policy.
func (s FirewallManagerRuleGroup) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *FirewallManagerRuleGroup) SetFirewallManagerStatement(v *FirewallManagerStatement) *FirewallManagerRuleGroup
SetFirewallManagerStatement sets the FirewallManagerStatement field's value.
func (s *FirewallManagerRuleGroup) SetName(v string) *FirewallManagerRuleGroup
SetName sets the Name field's value.
func (s *FirewallManagerRuleGroup) SetOverrideAction(v *OverrideAction) *FirewallManagerRuleGroup
SetOverrideAction sets the OverrideAction field's value.
func (s *FirewallManagerRuleGroup) SetPriority(v int64) *FirewallManagerRuleGroup
SetPriority sets the Priority field's value.
func (s *FirewallManagerRuleGroup) SetVisibilityConfig(v *VisibilityConfig) *FirewallManagerRuleGroup
SetVisibilityConfig sets the VisibilityConfig field's value.
func (s FirewallManagerRuleGroup) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type FirewallManagerStatement struct {
// A rule statement used to run the rules that are defined in a managed rule
// group. To use this, provide the vendor name and the name of the rule group
// in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.
//
// You cannot nest a ManagedRuleGroupStatement, for example for use inside a
// NotStatement or OrStatement. It can only be referenced as a top-level statement
// within a rule.
//
// You are charged additional fees when you use the WAF Bot Control managed
// rule group AWSManagedRulesBotControlRuleSet or the WAF Fraud Control account
// takeover prevention (ATP) managed rule group AWSManagedRulesATPRuleSet. For
// more information, see WAF Pricing (http://aws.amazon.com/waf/pricing/).
ManagedRuleGroupStatement *ManagedRuleGroupStatement `type:"structure"`
// A rule statement used to run the rules that are defined in a RuleGroup. To
// use this, create a rule group with your rules, then provide the ARN of the
// rule group in this statement.
//
// You cannot nest a RuleGroupReferenceStatement, for example for use inside
// a NotStatement or OrStatement. You can only use a rule group reference statement
// at the top level inside a web ACL.
RuleGroupReferenceStatement *RuleGroupReferenceStatement `type:"structure"`
// contains filtered or unexported fields
}
The processing guidance for an Firewall Manager rule. This is like a regular rule Statement, but it can only contain a rule group reference.
func (s FirewallManagerStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *FirewallManagerStatement) SetManagedRuleGroupStatement(v *ManagedRuleGroupStatement) *FirewallManagerStatement
SetManagedRuleGroupStatement sets the ManagedRuleGroupStatement field's value.
func (s *FirewallManagerStatement) SetRuleGroupReferenceStatement(v *RuleGroupReferenceStatement) *FirewallManagerStatement
SetRuleGroupReferenceStatement sets the RuleGroupReferenceStatement field's value.
func (s FirewallManagerStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ForwardedIPConfig struct {
// The match status to assign to the web request if the request doesn't have
// a valid IP address in the specified position.
//
// If the specified header isn't present in the request, WAF doesn't apply the
// rule to the web request at all.
//
// You can specify the following fallback behaviors:
//
// * MATCH - Treat the web request as matching the rule statement. WAF applies
// the rule action to the request.
//
// * NO_MATCH - Treat the web request as not matching the rule statement.
//
// FallbackBehavior is a required field
FallbackBehavior *string `type:"string" required:"true" enum:"FallbackBehavior"`
// The name of the HTTP header to use for the IP address. For example, to use
// the X-Forwarded-For (XFF) header, set this to X-Forwarded-For.
//
// If the specified header isn't present in the request, WAF doesn't apply the
// rule to the web request at all.
//
// HeaderName is a required field
HeaderName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.
If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.
This configuration is used for GeoMatchStatement and RateBasedStatement. For IPSetReferenceStatement, use IPSetForwardedIPConfig instead.
WAF only evaluates the first IP address found in the specified HTTP header.
func (s ForwardedIPConfig) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ForwardedIPConfig) SetFallbackBehavior(v string) *ForwardedIPConfig
SetFallbackBehavior sets the FallbackBehavior field's value.
func (s *ForwardedIPConfig) SetHeaderName(v string) *ForwardedIPConfig
SetHeaderName sets the HeaderName field's value.
func (s ForwardedIPConfig) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ForwardedIPConfig) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GenerateMobileSdkReleaseUrlInput struct {
// The device platform.
//
// Platform is a required field
Platform *string `type:"string" required:"true" enum:"Platform"`
// The release version. For the latest available version, specify LATEST.
//
// ReleaseVersion is a required field
ReleaseVersion *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s GenerateMobileSdkReleaseUrlInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GenerateMobileSdkReleaseUrlInput) SetPlatform(v string) *GenerateMobileSdkReleaseUrlInput
SetPlatform sets the Platform field's value.
func (s *GenerateMobileSdkReleaseUrlInput) SetReleaseVersion(v string) *GenerateMobileSdkReleaseUrlInput
SetReleaseVersion sets the ReleaseVersion field's value.
func (s GenerateMobileSdkReleaseUrlInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GenerateMobileSdkReleaseUrlInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GenerateMobileSdkReleaseUrlOutput struct {
// The presigned download URL for the specified SDK release.
Url *string `type:"string"`
// contains filtered or unexported fields
}
func (s GenerateMobileSdkReleaseUrlOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GenerateMobileSdkReleaseUrlOutput) SetUrl(v string) *GenerateMobileSdkReleaseUrlOutput
SetUrl sets the Url field's value.
func (s GenerateMobileSdkReleaseUrlOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GeoMatchStatement struct {
// An array of two-character country codes that you want to match against, for
// example, [ "US", "CN" ], from the alpha-2 country ISO codes of the ISO 3166
// international standard.
//
// When you use a geo match statement just for the region and country labels
// that it adds to requests, you still have to supply a country code for the
// rule to evaluate. In this case, you configure the rule to only count matching
// requests, but it will still generate logging and count metrics for any matches.
// You can reduce the logging and metrics that the rule produces by specifying
// a country that's unlikely to be a source of traffic to your site.
CountryCodes []*string `min:"1" type:"list" enum:"CountryCode"`
// The configuration for inspecting IP addresses in an HTTP header that you
// specify, instead of using the IP address that's reported by the web request
// origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify
// any header name.
//
// If the specified header isn't present in the request, WAF doesn't apply the
// rule to the web request at all.
ForwardedIPConfig *ForwardedIPConfig `type:"structure"`
// contains filtered or unexported fields
}
A rule statement that labels web requests by country and region and that matches against web requests based on country code. A geo match rule labels every request that it inspects regardless of whether it finds a match.
To manage requests only by country, you can use this statement by itself and specify the countries that you want to match against in the CountryCodes array.
Otherwise, configure your geo match rule with Count action so that it only labels requests. Then, add one or more label match rules to run after the geo match rule and configure them to match against the geographic labels and handle the requests as needed.
WAF labels requests using the alpha-2 country and region codes from the International Organization for Standardization (ISO) 3166 standard. WAF determines the codes using either the IP address in the web request origin or, if you specify it, the address in the geo match ForwardedIPConfig.
If you use the web request origin, the label formats are awswaf:clientip:geo:region:<ISO country code>-<ISO region code> and awswaf:clientip:geo:country:<ISO country code>.
If you use a forwarded IP address, the label formats are awswaf:forwardedip:geo:region:<ISO country code>-<ISO region code> and awswaf:forwardedip:geo:country:<ISO country code>.
For additional details, see Geographic match rule statement (https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-geo-match.html) in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
func (s GeoMatchStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GeoMatchStatement) SetCountryCodes(v []*string) *GeoMatchStatement
SetCountryCodes sets the CountryCodes field's value.
func (s *GeoMatchStatement) SetForwardedIPConfig(v *ForwardedIPConfig) *GeoMatchStatement
SetForwardedIPConfig sets the ForwardedIPConfig field's value.
func (s GeoMatchStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GeoMatchStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetIPSetInput struct {
// A unique identifier for the set. This ID is returned in the responses to
// create and list commands. You provide it to operations like update and delete.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// The name of the IP set. You cannot change the name of an IPSet after you
// create it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s GetIPSetInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetIPSetInput) SetId(v string) *GetIPSetInput
SetId sets the Id field's value.
func (s *GetIPSetInput) SetName(v string) *GetIPSetInput
SetName sets the Name field's value.
func (s *GetIPSetInput) SetScope(v string) *GetIPSetInput
SetScope sets the Scope field's value.
func (s GetIPSetInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetIPSetInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetIPSetOutput struct {
// Contains zero or more IP addresses or blocks of IP addresses specified in
// Classless Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and
// IPv6 CIDR ranges except for /0. For information about CIDR notation, see
// the Wikipedia entry Classless Inter-Domain Routing (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).
//
// WAF assigns an ARN to each IPSet that you create. To use an IP set in a rule,
// you provide the ARN to the Rule statement IPSetReferenceStatement.
IPSet *IPSet `type:"structure"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
LockToken *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
func (s GetIPSetOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetIPSetOutput) SetIPSet(v *IPSet) *GetIPSetOutput
SetIPSet sets the IPSet field's value.
func (s *GetIPSetOutput) SetLockToken(v string) *GetIPSetOutput
SetLockToken sets the LockToken field's value.
func (s GetIPSetOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetLoggingConfigurationInput struct {
// The Amazon Resource Name (ARN) of the web ACL for which you want to get the
// LoggingConfiguration.
//
// ResourceArn is a required field
ResourceArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s GetLoggingConfigurationInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetLoggingConfigurationInput) SetResourceArn(v string) *GetLoggingConfigurationInput
SetResourceArn sets the ResourceArn field's value.
func (s GetLoggingConfigurationInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetLoggingConfigurationInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetLoggingConfigurationOutput struct {
// The LoggingConfiguration for the specified web ACL.
LoggingConfiguration *LoggingConfiguration `type:"structure"`
// contains filtered or unexported fields
}
func (s GetLoggingConfigurationOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetLoggingConfigurationOutput) SetLoggingConfiguration(v *LoggingConfiguration) *GetLoggingConfigurationOutput
SetLoggingConfiguration sets the LoggingConfiguration field's value.
func (s GetLoggingConfigurationOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetManagedRuleSetInput struct {
// A unique identifier for the managed rule set. The ID is returned in the responses
// to commands like list. You provide it to operations like get and update.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// The name of the managed rule set. You use this, along with the rule set ID,
// to identify the rule set.
//
// This name is assigned to the corresponding managed rule group, which your
// customers can access and use.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s GetManagedRuleSetInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetManagedRuleSetInput) SetId(v string) *GetManagedRuleSetInput
SetId sets the Id field's value.
func (s *GetManagedRuleSetInput) SetName(v string) *GetManagedRuleSetInput
SetName sets the Name field's value.
func (s *GetManagedRuleSetInput) SetScope(v string) *GetManagedRuleSetInput
SetScope sets the Scope field's value.
func (s GetManagedRuleSetInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetManagedRuleSetInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetManagedRuleSetOutput struct {
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
LockToken *string `min:"1" type:"string"`
// The managed rule set that you requested.
ManagedRuleSet *ManagedRuleSet `type:"structure"`
// contains filtered or unexported fields
}
func (s GetManagedRuleSetOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetManagedRuleSetOutput) SetLockToken(v string) *GetManagedRuleSetOutput
SetLockToken sets the LockToken field's value.
func (s *GetManagedRuleSetOutput) SetManagedRuleSet(v *ManagedRuleSet) *GetManagedRuleSetOutput
SetManagedRuleSet sets the ManagedRuleSet field's value.
func (s GetManagedRuleSetOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetMobileSdkReleaseInput struct {
// The device platform.
//
// Platform is a required field
Platform *string `type:"string" required:"true" enum:"Platform"`
// The release version. For the latest available version, specify LATEST.
//
// ReleaseVersion is a required field
ReleaseVersion *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s GetMobileSdkReleaseInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetMobileSdkReleaseInput) SetPlatform(v string) *GetMobileSdkReleaseInput
SetPlatform sets the Platform field's value.
func (s *GetMobileSdkReleaseInput) SetReleaseVersion(v string) *GetMobileSdkReleaseInput
SetReleaseVersion sets the ReleaseVersion field's value.
func (s GetMobileSdkReleaseInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetMobileSdkReleaseInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetMobileSdkReleaseOutput struct {
// Information for a specified SDK release, including release notes and tags.
MobileSdkRelease *MobileSdkRelease `type:"structure"`
// contains filtered or unexported fields
}
func (s GetMobileSdkReleaseOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetMobileSdkReleaseOutput) SetMobileSdkRelease(v *MobileSdkRelease) *GetMobileSdkReleaseOutput
SetMobileSdkRelease sets the MobileSdkRelease field's value.
func (s GetMobileSdkReleaseOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetPermissionPolicyInput struct {
// The Amazon Resource Name (ARN) of the rule group for which you want to get
// the policy.
//
// ResourceArn is a required field
ResourceArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s GetPermissionPolicyInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetPermissionPolicyInput) SetResourceArn(v string) *GetPermissionPolicyInput
SetResourceArn sets the ResourceArn field's value.
func (s GetPermissionPolicyInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetPermissionPolicyInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetPermissionPolicyOutput struct {
// The IAM policy that is attached to the specified rule group.
Policy *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
func (s GetPermissionPolicyOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetPermissionPolicyOutput) SetPolicy(v string) *GetPermissionPolicyOutput
SetPolicy sets the Policy field's value.
func (s GetPermissionPolicyOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetRateBasedStatementManagedKeysInput struct {
// The name of the rule group reference statement in your web ACL. This is required
// only when you have the rate-based rule nested inside a rule group.
RuleGroupRuleName *string `min:"1" type:"string"`
// The name of the rate-based rule to get the keys for. If you have the rule
// defined inside a rule group that you're using in your web ACL, also provide
// the name of the rule group reference statement in the request parameter RuleGroupRuleName.
//
// RuleName is a required field
RuleName *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// The unique identifier for the web ACL. This ID is returned in the responses
// to create and list commands. You provide it to operations like update and
// delete.
//
// WebACLId is a required field
WebACLId *string `min:"1" type:"string" required:"true"`
// The name of the web ACL. You cannot change the name of a web ACL after you
// create it.
//
// WebACLName is a required field
WebACLName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s GetRateBasedStatementManagedKeysInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetRateBasedStatementManagedKeysInput) SetRuleGroupRuleName(v string) *GetRateBasedStatementManagedKeysInput
SetRuleGroupRuleName sets the RuleGroupRuleName field's value.
func (s *GetRateBasedStatementManagedKeysInput) SetRuleName(v string) *GetRateBasedStatementManagedKeysInput
SetRuleName sets the RuleName field's value.
func (s *GetRateBasedStatementManagedKeysInput) SetScope(v string) *GetRateBasedStatementManagedKeysInput
SetScope sets the Scope field's value.
func (s *GetRateBasedStatementManagedKeysInput) SetWebACLId(v string) *GetRateBasedStatementManagedKeysInput
SetWebACLId sets the WebACLId field's value.
func (s *GetRateBasedStatementManagedKeysInput) SetWebACLName(v string) *GetRateBasedStatementManagedKeysInput
SetWebACLName sets the WebACLName field's value.
func (s GetRateBasedStatementManagedKeysInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetRateBasedStatementManagedKeysInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetRateBasedStatementManagedKeysOutput struct {
// The keys that are of Internet Protocol version 4 (IPv4).
ManagedKeysIPV4 *RateBasedStatementManagedKeysIPSet `type:"structure"`
// The keys that are of Internet Protocol version 6 (IPv6).
ManagedKeysIPV6 *RateBasedStatementManagedKeysIPSet `type:"structure"`
// contains filtered or unexported fields
}
func (s GetRateBasedStatementManagedKeysOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetRateBasedStatementManagedKeysOutput) SetManagedKeysIPV4(v *RateBasedStatementManagedKeysIPSet) *GetRateBasedStatementManagedKeysOutput
SetManagedKeysIPV4 sets the ManagedKeysIPV4 field's value.
func (s *GetRateBasedStatementManagedKeysOutput) SetManagedKeysIPV6(v *RateBasedStatementManagedKeysIPSet) *GetRateBasedStatementManagedKeysOutput
SetManagedKeysIPV6 sets the ManagedKeysIPV6 field's value.
func (s GetRateBasedStatementManagedKeysOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetRegexPatternSetInput struct {
// A unique identifier for the set. This ID is returned in the responses to
// create and list commands. You provide it to operations like update and delete.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// The name of the set. You cannot change the name after you create the set.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s GetRegexPatternSetInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetRegexPatternSetInput) SetId(v string) *GetRegexPatternSetInput
SetId sets the Id field's value.
func (s *GetRegexPatternSetInput) SetName(v string) *GetRegexPatternSetInput
SetName sets the Name field's value.
func (s *GetRegexPatternSetInput) SetScope(v string) *GetRegexPatternSetInput
SetScope sets the Scope field's value.
func (s GetRegexPatternSetInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetRegexPatternSetInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetRegexPatternSetOutput struct {
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
LockToken *string `min:"1" type:"string"`
// Contains one or more regular expressions.
//
// WAF assigns an ARN to each RegexPatternSet that you create. To use a set
// in a rule, you provide the ARN to the Rule statement RegexPatternSetReferenceStatement.
RegexPatternSet *RegexPatternSet `type:"structure"`
// contains filtered or unexported fields
}
func (s GetRegexPatternSetOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetRegexPatternSetOutput) SetLockToken(v string) *GetRegexPatternSetOutput
SetLockToken sets the LockToken field's value.
func (s *GetRegexPatternSetOutput) SetRegexPatternSet(v *RegexPatternSet) *GetRegexPatternSetOutput
SetRegexPatternSet sets the RegexPatternSet field's value.
func (s GetRegexPatternSetOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetRuleGroupInput struct {
// The Amazon Resource Name (ARN) of the entity.
ARN *string `min:"20" type:"string"`
// A unique identifier for the rule group. This ID is returned in the responses
// to create and list commands. You provide it to operations like update and
// delete.
Id *string `min:"1" type:"string"`
// The name of the rule group. You cannot change the name of a rule group after
// you create it.
Name *string `min:"1" type:"string"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
Scope *string `type:"string" enum:"Scope"`
// contains filtered or unexported fields
}
func (s GetRuleGroupInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetRuleGroupInput) SetARN(v string) *GetRuleGroupInput
SetARN sets the ARN field's value.
func (s *GetRuleGroupInput) SetId(v string) *GetRuleGroupInput
SetId sets the Id field's value.
func (s *GetRuleGroupInput) SetName(v string) *GetRuleGroupInput
SetName sets the Name field's value.
func (s *GetRuleGroupInput) SetScope(v string) *GetRuleGroupInput
SetScope sets the Scope field's value.
func (s GetRuleGroupInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetRuleGroupInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetRuleGroupOutput struct {
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
LockToken *string `min:"1" type:"string"`
// A rule group defines a collection of rules to inspect and control web requests
// that you can use in a WebACL. When you create a rule group, you define an
// immutable capacity limit. If you update a rule group, you must stay within
// the capacity. This allows others to reuse the rule group with confidence
// in its capacity requirements.
RuleGroup *RuleGroup `type:"structure"`
// contains filtered or unexported fields
}
func (s GetRuleGroupOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetRuleGroupOutput) SetLockToken(v string) *GetRuleGroupOutput
SetLockToken sets the LockToken field's value.
func (s *GetRuleGroupOutput) SetRuleGroup(v *RuleGroup) *GetRuleGroupOutput
SetRuleGroup sets the RuleGroup field's value.
func (s GetRuleGroupOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetSampledRequestsInput struct {
// The number of requests that you want WAF to return from among the first 5,000
// requests that your Amazon Web Services resource received during the time
// range. If your resource received fewer requests than the value of MaxItems,
// GetSampledRequests returns information about all of them.
//
// MaxItems is a required field
MaxItems *int64 `min:"1" type:"long" required:"true"`
// The metric name assigned to the Rule or RuleGroup dimension for which you
// want a sample of requests.
//
// RuleMetricName is a required field
RuleMetricName *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// The start date and time and the end date and time of the range for which
// you want GetSampledRequests to return a sample of requests. You must specify
// the times in Coordinated Universal Time (UTC) format. UTC format includes
// the special designator, Z. For example, "2016-09-27T14:50Z". You can specify
// any time range in the previous three hours. If you specify a start time that's
// earlier than three hours ago, WAF sets it to three hours ago.
//
// TimeWindow is a required field
TimeWindow *TimeWindow `type:"structure" required:"true"`
// The Amazon resource name (ARN) of the WebACL for which you want a sample
// of requests.
//
// WebAclArn is a required field
WebAclArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s GetSampledRequestsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetSampledRequestsInput) SetMaxItems(v int64) *GetSampledRequestsInput
SetMaxItems sets the MaxItems field's value.
func (s *GetSampledRequestsInput) SetRuleMetricName(v string) *GetSampledRequestsInput
SetRuleMetricName sets the RuleMetricName field's value.
func (s *GetSampledRequestsInput) SetScope(v string) *GetSampledRequestsInput
SetScope sets the Scope field's value.
func (s *GetSampledRequestsInput) SetTimeWindow(v *TimeWindow) *GetSampledRequestsInput
SetTimeWindow sets the TimeWindow field's value.
func (s *GetSampledRequestsInput) SetWebAclArn(v string) *GetSampledRequestsInput
SetWebAclArn sets the WebAclArn field's value.
func (s GetSampledRequestsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetSampledRequestsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetSampledRequestsOutput struct {
// The total number of requests from which GetSampledRequests got a sample of
// MaxItems requests. If PopulationSize is less than MaxItems, the sample includes
// every request that your Amazon Web Services resource received during the
// specified time range.
PopulationSize *int64 `type:"long"`
// A complex type that contains detailed information about each of the requests
// in the sample.
SampledRequests []*SampledHTTPRequest `type:"list"`
// Usually, TimeWindow is the time range that you specified in the GetSampledRequests
// request. However, if your Amazon Web Services resource received more than
// 5,000 requests during the time range that you specified in the request, GetSampledRequests
// returns the time range for the first 5,000 requests. Times are in Coordinated
// Universal Time (UTC) format.
TimeWindow *TimeWindow `type:"structure"`
// contains filtered or unexported fields
}
func (s GetSampledRequestsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetSampledRequestsOutput) SetPopulationSize(v int64) *GetSampledRequestsOutput
SetPopulationSize sets the PopulationSize field's value.
func (s *GetSampledRequestsOutput) SetSampledRequests(v []*SampledHTTPRequest) *GetSampledRequestsOutput
SetSampledRequests sets the SampledRequests field's value.
func (s *GetSampledRequestsOutput) SetTimeWindow(v *TimeWindow) *GetSampledRequestsOutput
SetTimeWindow sets the TimeWindow field's value.
func (s GetSampledRequestsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetWebACLForResourceInput struct {
// The Amazon Resource Name (ARN) of the resource whose web ACL you want to
// retrieve.
//
// The ARN must be in one of the following formats:
//
// * For an Application Load Balancer: arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
//
// * For an Amazon API Gateway REST API: arn:aws:apigateway:region::/restapis/api-id/stages/stage-name
//
// * For an AppSync GraphQL API: arn:aws:appsync:region:account-id:apis/GraphQLApiId
//
// * For an Amazon Cognito user pool: arn:aws:cognito-idp:region:account-id:userpool/user-pool-id
//
// * For an App Runner service: arn:aws:apprunner:region:account-id:service/apprunner-service-name/apprunner-service-id
//
// ResourceArn is a required field
ResourceArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s GetWebACLForResourceInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetWebACLForResourceInput) SetResourceArn(v string) *GetWebACLForResourceInput
SetResourceArn sets the ResourceArn field's value.
func (s GetWebACLForResourceInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetWebACLForResourceInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetWebACLForResourceOutput struct {
// The web ACL that is associated with the resource. If there is no associated
// resource, WAF returns a null web ACL.
WebACL *WebACL `type:"structure"`
// contains filtered or unexported fields
}
func (s GetWebACLForResourceOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetWebACLForResourceOutput) SetWebACL(v *WebACL) *GetWebACLForResourceOutput
SetWebACL sets the WebACL field's value.
func (s GetWebACLForResourceOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type GetWebACLInput struct {
// The unique identifier for the web ACL. This ID is returned in the responses
// to create and list commands. You provide it to operations like update and
// delete.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// The name of the web ACL. You cannot change the name of a web ACL after you
// create it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s GetWebACLInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetWebACLInput) SetId(v string) *GetWebACLInput
SetId sets the Id field's value.
func (s *GetWebACLInput) SetName(v string) *GetWebACLInput
SetName sets the Name field's value.
func (s *GetWebACLInput) SetScope(v string) *GetWebACLInput
SetScope sets the Scope field's value.
func (s GetWebACLInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetWebACLInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type GetWebACLOutput struct {
// The URL to use in SDK integrations with Amazon Web Services managed rule
// groups. For example, you can use the integration SDKs with the account takeover
// prevention managed rule group AWSManagedRulesATPRuleSet. This is only populated
// if you are using a rule group in your web ACL that integrates with your applications
// in this way. For more information, see WAF client application integration
// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html)
// in the WAF Developer Guide.
ApplicationIntegrationURL *string `type:"string"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
LockToken *string `min:"1" type:"string"`
// The web ACL specification. You can modify the settings in this web ACL and
// use it to update this web ACL or create a new one.
WebACL *WebACL `type:"structure"`
// contains filtered or unexported fields
}
func (s GetWebACLOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *GetWebACLOutput) SetApplicationIntegrationURL(v string) *GetWebACLOutput
SetApplicationIntegrationURL sets the ApplicationIntegrationURL field's value.
func (s *GetWebACLOutput) SetLockToken(v string) *GetWebACLOutput
SetLockToken sets the LockToken field's value.
func (s *GetWebACLOutput) SetWebACL(v *WebACL) *GetWebACLOutput
SetWebACL sets the WebACL field's value.
func (s GetWebACLOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type HTTPHeader struct {
// The name of the HTTP header.
Name *string `type:"string"`
// The value of the HTTP header.
Value *string `type:"string"`
// contains filtered or unexported fields
}
Part of the response from GetSampledRequests. This is a complex type that appears as Headers in the response syntax. HTTPHeader contains the names and values of all of the headers that appear in one of the web requests.
func (s HTTPHeader) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *HTTPHeader) SetName(v string) *HTTPHeader
SetName sets the Name field's value.
func (s *HTTPHeader) SetValue(v string) *HTTPHeader
SetValue sets the Value field's value.
func (s HTTPHeader) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type HTTPRequest struct {
// The IP address that the request originated from. If the web ACL is associated
// with a CloudFront distribution, this is the value of one of the following
// fields in CloudFront access logs:
//
// * c-ip, if the viewer did not use an HTTP proxy or a load balancer to
// send the request
//
// * x-forwarded-for, if the viewer did use an HTTP proxy or a load balancer
// to send the request
ClientIP *string `type:"string"`
// The two-letter country code for the country that the request originated from.
// For a current list of country codes, see the Wikipedia entry ISO 3166-1 alpha-2
// (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2).
Country *string `type:"string"`
// The HTTP version specified in the sampled web request, for example, HTTP/1.1.
HTTPVersion *string `type:"string"`
// A complex type that contains the name and value for each header in the sampled
// web request.
Headers []*HTTPHeader `type:"list"`
// The HTTP method specified in the sampled web request.
Method *string `type:"string"`
// The URI path of the request, which identifies the resource, for example,
// /images/daily-ad.jpg.
URI *string `type:"string"`
// contains filtered or unexported fields
}
Part of the response from GetSampledRequests. This is a complex type that appears as Request in the response syntax. HTTPRequest contains information about one of the web requests.
func (s HTTPRequest) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *HTTPRequest) SetClientIP(v string) *HTTPRequest
SetClientIP sets the ClientIP field's value.
func (s *HTTPRequest) SetCountry(v string) *HTTPRequest
SetCountry sets the Country field's value.
func (s *HTTPRequest) SetHTTPVersion(v string) *HTTPRequest
SetHTTPVersion sets the HTTPVersion field's value.
func (s *HTTPRequest) SetHeaders(v []*HTTPHeader) *HTTPRequest
SetHeaders sets the Headers field's value.
func (s *HTTPRequest) SetMethod(v string) *HTTPRequest
SetMethod sets the Method field's value.
func (s *HTTPRequest) SetURI(v string) *HTTPRequest
SetURI sets the URI field's value.
func (s HTTPRequest) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type HeaderMatchPattern struct {
// Inspect all headers.
All *All `type:"structure"`
// Inspect only the headers whose keys don't match any of the strings specified
// here.
ExcludedHeaders []*string `min:"1" type:"list"`
// Inspect only the headers that have a key that matches one of the strings
// specified here.
IncludedHeaders []*string `min:"1" type:"list"`
// contains filtered or unexported fields
}
The filter to use to identify the subset of headers to inspect in a web request.
You must specify exactly one setting: either All, IncludedHeaders, or ExcludedHeaders.
Example JSON: "MatchPattern": { "ExcludedHeaders": {"KeyToExclude1", "KeyToExclude2"} }
func (s HeaderMatchPattern) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *HeaderMatchPattern) SetAll(v *All) *HeaderMatchPattern
SetAll sets the All field's value.
func (s *HeaderMatchPattern) SetExcludedHeaders(v []*string) *HeaderMatchPattern
SetExcludedHeaders sets the ExcludedHeaders field's value.
func (s *HeaderMatchPattern) SetIncludedHeaders(v []*string) *HeaderMatchPattern
SetIncludedHeaders sets the IncludedHeaders field's value.
func (s HeaderMatchPattern) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *HeaderMatchPattern) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type Headers struct {
// The filter to use to identify the subset of headers to inspect in a web request.
//
// You must specify exactly one setting: either All, IncludedHeaders, or ExcludedHeaders.
//
// Example JSON: "MatchPattern": { "ExcludedHeaders": {"KeyToExclude1", "KeyToExclude2"}
// }
//
// MatchPattern is a required field
MatchPattern *HeaderMatchPattern `type:"structure" required:"true"`
// The parts of the headers to match with the rule inspection criteria. If you
// specify All, WAF inspects both keys and values.
//
// MatchScope is a required field
MatchScope *string `type:"string" required:"true" enum:"MapMatchScope"`
// What WAF should do if the headers of the request are larger than WAF can
// inspect. WAF does not support inspecting the entire contents of request headers
// when they exceed 8 KB (8192 bytes) or 200 total headers. The underlying host
// service forwards a maximum of 200 headers and at most 8 KB of header contents
// to WAF.
//
// The options for oversize handling are the following:
//
// * CONTINUE - Inspect the headers normally, according to the rule inspection
// criteria.
//
// * MATCH - Treat the web request as matching the rule statement. WAF applies
// the rule action to the request.
//
// * NO_MATCH - Treat the web request as not matching the rule statement.
//
// OversizeHandling is a required field
OversizeHandling *string `type:"string" required:"true" enum:"OversizeHandling"`
// contains filtered or unexported fields
}
Inspect all headers in the web request. You can specify the parts of the headers to inspect and you can narrow the set of headers to inspect by including or excluding specific keys.
This is used to indicate the web request component to inspect, in the FieldToMatch specification.
If you want to inspect just the value of a single header, use the SingleHeader FieldToMatch setting instead.
Example JSON: "Headers": { "MatchPattern": { "All": {} }, "MatchScope": "KEY", "OversizeHandling": "MATCH" }
func (s Headers) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Headers) SetMatchPattern(v *HeaderMatchPattern) *Headers
SetMatchPattern sets the MatchPattern field's value.
func (s *Headers) SetMatchScope(v string) *Headers
SetMatchScope sets the MatchScope field's value.
func (s *Headers) SetOversizeHandling(v string) *Headers
SetOversizeHandling sets the OversizeHandling field's value.
func (s Headers) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Headers) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type IPSet struct {
// The Amazon Resource Name (ARN) of the entity.
//
// ARN is a required field
ARN *string `min:"20" type:"string" required:"true"`
// Contains an array of strings that specifies zero or more IP addresses or
// blocks of IP addresses. All addresses must be specified using Classless Inter-Domain
// Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges except
// for /0.
//
// Example address strings:
//
// * To configure WAF to allow, block, or count requests that originated
// from the IP address 192.0.2.44, specify 192.0.2.44/32.
//
// * To configure WAF to allow, block, or count requests that originated
// from IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24.
//
// * To configure WAF to allow, block, or count requests that originated
// from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128.
//
// * To configure WAF to allow, block, or count requests that originated
// from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff,
// specify 1111:0000:0000:0000:0000:0000:0000:0000/64.
//
// For more information about CIDR notation, see the Wikipedia entry Classless
// Inter-Domain Routing (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).
//
// Example JSON Addresses specifications:
//
// * Empty array: "Addresses": []
//
// * Array with one address: "Addresses": ["192.0.2.44/32"]
//
// * Array with three addresses: "Addresses": ["192.0.2.44/32", "192.0.2.0/24",
// "192.0.0.0/16"]
//
// * INVALID specification: "Addresses": [""] INVALID
//
// Addresses is a required field
Addresses []*string `type:"list" required:"true"`
// A description of the IP set that helps with identification.
Description *string `min:"1" type:"string"`
// The version of the IP addresses, either IPV4 or IPV6.
//
// IPAddressVersion is a required field
IPAddressVersion *string `type:"string" required:"true" enum:"IPAddressVersion"`
// A unique identifier for the set. This ID is returned in the responses to
// create and list commands. You provide it to operations like update and delete.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// The name of the IP set. You cannot change the name of an IPSet after you
// create it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
Contains zero or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges except for /0. For information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).
WAF assigns an ARN to each IPSet that you create. To use an IP set in a rule, you provide the ARN to the Rule statement IPSetReferenceStatement.
func (s IPSet) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IPSet) SetARN(v string) *IPSet
SetARN sets the ARN field's value.
func (s *IPSet) SetAddresses(v []*string) *IPSet
SetAddresses sets the Addresses field's value.
func (s *IPSet) SetDescription(v string) *IPSet
SetDescription sets the Description field's value.
func (s *IPSet) SetIPAddressVersion(v string) *IPSet
SetIPAddressVersion sets the IPAddressVersion field's value.
func (s *IPSet) SetId(v string) *IPSet
SetId sets the Id field's value.
func (s *IPSet) SetName(v string) *IPSet
SetName sets the Name field's value.
func (s IPSet) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type IPSetForwardedIPConfig struct {
// The match status to assign to the web request if the request doesn't have
// a valid IP address in the specified position.
//
// If the specified header isn't present in the request, WAF doesn't apply the
// rule to the web request at all.
//
// You can specify the following fallback behaviors:
//
// * MATCH - Treat the web request as matching the rule statement. WAF applies
// the rule action to the request.
//
// * NO_MATCH - Treat the web request as not matching the rule statement.
//
// FallbackBehavior is a required field
FallbackBehavior *string `type:"string" required:"true" enum:"FallbackBehavior"`
// The name of the HTTP header to use for the IP address. For example, to use
// the X-Forwarded-For (XFF) header, set this to X-Forwarded-For.
//
// If the specified header isn't present in the request, WAF doesn't apply the
// rule to the web request at all.
//
// HeaderName is a required field
HeaderName *string `min:"1" type:"string" required:"true"`
// The position in the header to search for the IP address. The header can contain
// IP addresses of the original client and also of proxies. For example, the
// header value could be 10.1.1.1, 127.0.0.0, 10.10.10.10 where the first IP
// address identifies the original client and the rest identify proxies that
// the request went through.
//
// The options for this setting are the following:
//
// * FIRST - Inspect the first IP address in the list of IP addresses in
// the header. This is usually the client's original IP.
//
// * LAST - Inspect the last IP address in the list of IP addresses in the
// header.
//
// * ANY - Inspect all IP addresses in the header for a match. If the header
// contains more than 10 IP addresses, WAF inspects the last 10.
//
// Position is a required field
Position *string `type:"string" required:"true" enum:"ForwardedIPPosition"`
// contains filtered or unexported fields
}
The configuration for inspecting IP addresses in an HTTP header that you specify, instead of using the IP address that's reported by the web request origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify any header name.
If the specified header isn't present in the request, WAF doesn't apply the rule to the web request at all.
This configuration is used only for IPSetReferenceStatement. For GeoMatchStatement and RateBasedStatement, use ForwardedIPConfig instead.
func (s IPSetForwardedIPConfig) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IPSetForwardedIPConfig) SetFallbackBehavior(v string) *IPSetForwardedIPConfig
SetFallbackBehavior sets the FallbackBehavior field's value.
func (s *IPSetForwardedIPConfig) SetHeaderName(v string) *IPSetForwardedIPConfig
SetHeaderName sets the HeaderName field's value.
func (s *IPSetForwardedIPConfig) SetPosition(v string) *IPSetForwardedIPConfig
SetPosition sets the Position field's value.
func (s IPSetForwardedIPConfig) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IPSetForwardedIPConfig) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type IPSetReferenceStatement struct {
// The Amazon Resource Name (ARN) of the IPSet that this statement references.
//
// ARN is a required field
ARN *string `min:"20" type:"string" required:"true"`
// The configuration for inspecting IP addresses in an HTTP header that you
// specify, instead of using the IP address that's reported by the web request
// origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify
// any header name.
//
// If the specified header isn't present in the request, WAF doesn't apply the
// rule to the web request at all.
IPSetForwardedIPConfig *IPSetForwardedIPConfig `type:"structure"`
// contains filtered or unexported fields
}
A rule statement used to detect web requests coming from particular IP addresses or address ranges. To use this, create an IPSet that specifies the addresses you want to detect, then use the ARN of that set in this statement. To create an IP set, see CreateIPSet.
Each IP set rule statement references an IP set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, WAF automatically updates all rules that reference it.
func (s IPSetReferenceStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IPSetReferenceStatement) SetARN(v string) *IPSetReferenceStatement
SetARN sets the ARN field's value.
func (s *IPSetReferenceStatement) SetIPSetForwardedIPConfig(v *IPSetForwardedIPConfig) *IPSetReferenceStatement
SetIPSetForwardedIPConfig sets the IPSetForwardedIPConfig field's value.
func (s IPSetReferenceStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IPSetReferenceStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type IPSetSummary struct {
// The Amazon Resource Name (ARN) of the entity.
ARN *string `min:"20" type:"string"`
// A description of the IP set that helps with identification.
Description *string `min:"1" type:"string"`
// A unique identifier for the set. This ID is returned in the responses to
// create and list commands. You provide it to operations like update and delete.
Id *string `min:"1" type:"string"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
LockToken *string `min:"1" type:"string"`
// The name of the IP set. You cannot change the name of an IPSet after you
// create it.
Name *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
High-level information about an IPSet, returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage an IPSet, and the ARN, that you provide to the IPSetReferenceStatement to use the address set in a Rule.
func (s IPSetSummary) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *IPSetSummary) SetARN(v string) *IPSetSummary
SetARN sets the ARN field's value.
func (s *IPSetSummary) SetDescription(v string) *IPSetSummary
SetDescription sets the Description field's value.
func (s *IPSetSummary) SetId(v string) *IPSetSummary
SetId sets the Id field's value.
func (s *IPSetSummary) SetLockToken(v string) *IPSetSummary
SetLockToken sets the LockToken field's value.
func (s *IPSetSummary) SetName(v string) *IPSetSummary
SetName sets the Name field's value.
func (s IPSetSummary) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ImmunityTimeProperty struct {
// The amount of time, in seconds, that a CAPTCHA or challenge timestamp is
// considered valid by WAF. The default setting is 300.
//
// For the Challenge action, the minimum setting is 300.
//
// ImmunityTime is a required field
ImmunityTime *int64 `min:"60" type:"long" required:"true"`
// contains filtered or unexported fields
}
Used for CAPTCHA and challenge token settings. Determines how long a CAPTCHA or challenge timestamp remains valid after WAF updates it for a successful CAPTCHA or challenge response.
func (s ImmunityTimeProperty) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ImmunityTimeProperty) SetImmunityTime(v int64) *ImmunityTimeProperty
SetImmunityTime sets the ImmunityTime field's value.
func (s ImmunityTimeProperty) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ImmunityTimeProperty) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type JsonBody struct {
// What WAF should do if it fails to completely parse the JSON body. The options
// are the following:
//
// * EVALUATE_AS_STRING - Inspect the body as plain text. WAF applies the
// text transformations and inspection criteria that you defined for the
// JSON inspection to the body text string.
//
// * MATCH - Treat the web request as matching the rule statement. WAF applies
// the rule action to the request.
//
// * NO_MATCH - Treat the web request as not matching the rule statement.
//
// If you don't provide this setting, WAF parses and evaluates the content only
// up to the first parsing failure that it encounters.
//
// WAF does its best to parse the entire JSON body, but might be forced to stop
// for reasons such as invalid characters, duplicate keys, truncation, and any
// content whose root node isn't an object or an array.
//
// WAF parses the JSON in the following examples as two valid key, value pairs:
//
// * Missing comma: {"key1":"value1""key2":"value2"}
//
// * Missing colon: {"key1":"value1","key2""value2"}
//
// * Extra colons: {"key1"::"value1","key2""value2"}
InvalidFallbackBehavior *string `type:"string" enum:"BodyParsingFallbackBehavior"`
// The patterns to look for in the JSON body. WAF inspects the results of these
// pattern matches against the rule inspection criteria.
//
// MatchPattern is a required field
MatchPattern *JsonMatchPattern `type:"structure" required:"true"`
// The parts of the JSON to match against using the MatchPattern. If you specify
// All, WAF matches against keys and values.
//
// MatchScope is a required field
MatchScope *string `type:"string" required:"true" enum:"JsonMatchScope"`
// What WAF should do if the body is larger than WAF can inspect. WAF does not
// support inspecting the entire contents of the body of a web request when
// the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body
// are forwarded to WAF by the underlying host service.
//
// The options for oversize handling are the following:
//
// * CONTINUE - Inspect the body normally, according to the rule inspection
// criteria.
//
// * MATCH - Treat the web request as matching the rule statement. WAF applies
// the rule action to the request.
//
// * NO_MATCH - Treat the web request as not matching the rule statement.
//
// You can combine the MATCH or NO_MATCH settings for oversize handling with
// your rule and web ACL action settings, so that you block any request whose
// body is over 8 KB.
//
// Default: CONTINUE
OversizeHandling *string `type:"string" enum:"OversizeHandling"`
// contains filtered or unexported fields
}
Inspect the body of the web request as JSON. The body immediately follows the request headers.
This is used to indicate the web request component to inspect, in the FieldToMatch specification.
Use the specifications in this object to indicate which parts of the JSON body to inspect using the rule's inspection criteria. WAF inspects only the parts of the JSON that result from the matches that you indicate.
Example JSON: "JsonBody": { "MatchPattern": { "All": {} }, "MatchScope": "ALL" }
func (s JsonBody) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *JsonBody) SetInvalidFallbackBehavior(v string) *JsonBody
SetInvalidFallbackBehavior sets the InvalidFallbackBehavior field's value.
func (s *JsonBody) SetMatchPattern(v *JsonMatchPattern) *JsonBody
SetMatchPattern sets the MatchPattern field's value.
func (s *JsonBody) SetMatchScope(v string) *JsonBody
SetMatchScope sets the MatchScope field's value.
func (s *JsonBody) SetOversizeHandling(v string) *JsonBody
SetOversizeHandling sets the OversizeHandling field's value.
func (s JsonBody) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *JsonBody) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type JsonMatchPattern struct {
// Match all of the elements. See also MatchScope in JsonBody.
//
// You must specify either this setting or the IncludedPaths setting, but not
// both.
All *All `type:"structure"`
// Match only the specified include paths. See also MatchScope in JsonBody.
//
// Provide the include paths using JSON Pointer syntax. For example, "IncludedPaths":
// ["/dogs/0/name", "/dogs/1/name"]. For information about this syntax, see
// the Internet Engineering Task Force (IETF) documentation JavaScript Object
// Notation (JSON) Pointer (https://tools.ietf.org/html/rfc6901).
//
// You must specify either this setting or the All setting, but not both.
//
// Don't use this option to include all paths. Instead, use the All setting.
IncludedPaths []*string `min:"1" type:"list"`
// contains filtered or unexported fields
}
The patterns to look for in the JSON body. WAF inspects the results of these pattern matches against the rule inspection criteria. This is used with the FieldToMatch option JsonBody.
func (s JsonMatchPattern) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *JsonMatchPattern) SetAll(v *All) *JsonMatchPattern
SetAll sets the All field's value.
func (s *JsonMatchPattern) SetIncludedPaths(v []*string) *JsonMatchPattern
SetIncludedPaths sets the IncludedPaths field's value.
func (s JsonMatchPattern) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *JsonMatchPattern) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type Label struct {
// The label string.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
A single label container. This is used as an element of a label array in multiple contexts, for example, in RuleLabels inside a Rule and in Labels inside a SampledHTTPRequest.
func (s Label) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Label) SetName(v string) *Label
SetName sets the Name field's value.
func (s Label) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Label) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type LabelMatchStatement struct {
// The string to match against. The setting you provide for this depends on
// the match statement's Scope setting:
//
// * If the Scope indicates LABEL, then this specification must include the
// name and can include any number of preceding namespace specifications
// and prefix up to providing the fully qualified label name.
//
// * If the Scope indicates NAMESPACE, then this specification can include
// any number of contiguous namespace strings, and can include the entire
// label namespace prefix from the rule group or web ACL where the label
// originates.
//
// Labels are case sensitive and components of a label must be separated by
// colon, for example NS1:NS2:name.
//
// Key is a required field
Key *string `min:"1" type:"string" required:"true"`
// Specify whether you want to match using the label name or just the namespace.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"LabelMatchScope"`
// contains filtered or unexported fields
}
A rule statement to match against labels that have been added to the web request by rules that have already run in the web ACL.
The label match statement provides the label or namespace string to search for. The label string can represent a part or all of the fully qualified label name that had been added to the web request. Fully qualified labels have a prefix, optional namespaces, and label name. The prefix identifies the rule group or web ACL context of the rule that added the label. If you do not provide the fully qualified name in your label match string, WAF performs the search for labels that were added in the same context as the label match statement.
func (s LabelMatchStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *LabelMatchStatement) SetKey(v string) *LabelMatchStatement
SetKey sets the Key field's value.
func (s *LabelMatchStatement) SetScope(v string) *LabelMatchStatement
SetScope sets the Scope field's value.
func (s LabelMatchStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *LabelMatchStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type LabelNameCondition struct {
// The label name that a log record must contain in order to meet the condition.
// This must be a fully qualified label name. Fully qualified labels have a
// prefix, optional namespaces, and label name. The prefix identifies the rule
// group or web ACL context of the rule that added the label.
//
// LabelName is a required field
LabelName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
A single label name condition for a Condition in a logging filter.
func (s LabelNameCondition) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *LabelNameCondition) SetLabelName(v string) *LabelNameCondition
SetLabelName sets the LabelName field's value.
func (s LabelNameCondition) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *LabelNameCondition) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type LabelSummary struct {
// An individual label specification.
Name *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
List of labels used by one or more of the rules of a RuleGroup. This summary object is used for the following rule group lists:
AvailableLabels - Labels that rules add to matching requests. These labels are defined in the RuleLabels for a Rule.
ConsumedLabels - Labels that rules match against. These labels are defined in a LabelMatchStatement specification, in the Statement definition of a rule.
func (s LabelSummary) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *LabelSummary) SetName(v string) *LabelSummary
SetName sets the Name field's value.
func (s LabelSummary) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListAvailableManagedRuleGroupVersionsInput struct {
// The maximum number of objects that you want WAF to return for this request.
// If more objects are available, in the response, WAF provides a NextMarker
// value that you can use in a subsequent call to get the next batch of objects.
Limit *int64 `min:"1" type:"integer"`
// The name of the managed rule group. You use this, along with the vendor name,
// to identify the rule group.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// The name of the managed rule group vendor. You use this, along with the rule
// group name, to identify the rule group.
//
// VendorName is a required field
VendorName *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s ListAvailableManagedRuleGroupVersionsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListAvailableManagedRuleGroupVersionsInput) SetLimit(v int64) *ListAvailableManagedRuleGroupVersionsInput
SetLimit sets the Limit field's value.
func (s *ListAvailableManagedRuleGroupVersionsInput) SetName(v string) *ListAvailableManagedRuleGroupVersionsInput
SetName sets the Name field's value.
func (s *ListAvailableManagedRuleGroupVersionsInput) SetNextMarker(v string) *ListAvailableManagedRuleGroupVersionsInput
SetNextMarker sets the NextMarker field's value.
func (s *ListAvailableManagedRuleGroupVersionsInput) SetScope(v string) *ListAvailableManagedRuleGroupVersionsInput
SetScope sets the Scope field's value.
func (s *ListAvailableManagedRuleGroupVersionsInput) SetVendorName(v string) *ListAvailableManagedRuleGroupVersionsInput
SetVendorName sets the VendorName field's value.
func (s ListAvailableManagedRuleGroupVersionsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListAvailableManagedRuleGroupVersionsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListAvailableManagedRuleGroupVersionsOutput struct {
// The name of the version that's currently set as the default.
CurrentDefaultVersion *string `min:"1" type:"string"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// The versions that are currently available for the specified managed rule
// group.
Versions []*ManagedRuleGroupVersion `type:"list"`
// contains filtered or unexported fields
}
func (s ListAvailableManagedRuleGroupVersionsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListAvailableManagedRuleGroupVersionsOutput) SetCurrentDefaultVersion(v string) *ListAvailableManagedRuleGroupVersionsOutput
SetCurrentDefaultVersion sets the CurrentDefaultVersion field's value.
func (s *ListAvailableManagedRuleGroupVersionsOutput) SetNextMarker(v string) *ListAvailableManagedRuleGroupVersionsOutput
SetNextMarker sets the NextMarker field's value.
func (s *ListAvailableManagedRuleGroupVersionsOutput) SetVersions(v []*ManagedRuleGroupVersion) *ListAvailableManagedRuleGroupVersionsOutput
SetVersions sets the Versions field's value.
func (s ListAvailableManagedRuleGroupVersionsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListAvailableManagedRuleGroupsInput struct {
// The maximum number of objects that you want WAF to return for this request.
// If more objects are available, in the response, WAF provides a NextMarker
// value that you can use in a subsequent call to get the next batch of objects.
Limit *int64 `min:"1" type:"integer"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s ListAvailableManagedRuleGroupsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListAvailableManagedRuleGroupsInput) SetLimit(v int64) *ListAvailableManagedRuleGroupsInput
SetLimit sets the Limit field's value.
func (s *ListAvailableManagedRuleGroupsInput) SetNextMarker(v string) *ListAvailableManagedRuleGroupsInput
SetNextMarker sets the NextMarker field's value.
func (s *ListAvailableManagedRuleGroupsInput) SetScope(v string) *ListAvailableManagedRuleGroupsInput
SetScope sets the Scope field's value.
func (s ListAvailableManagedRuleGroupsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListAvailableManagedRuleGroupsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListAvailableManagedRuleGroupsOutput struct {
ManagedRuleGroups []*ManagedRuleGroupSummary `type:"list"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
func (s ListAvailableManagedRuleGroupsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListAvailableManagedRuleGroupsOutput) SetManagedRuleGroups(v []*ManagedRuleGroupSummary) *ListAvailableManagedRuleGroupsOutput
SetManagedRuleGroups sets the ManagedRuleGroups field's value.
func (s *ListAvailableManagedRuleGroupsOutput) SetNextMarker(v string) *ListAvailableManagedRuleGroupsOutput
SetNextMarker sets the NextMarker field's value.
func (s ListAvailableManagedRuleGroupsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListIPSetsInput struct {
// The maximum number of objects that you want WAF to return for this request.
// If more objects are available, in the response, WAF provides a NextMarker
// value that you can use in a subsequent call to get the next batch of objects.
Limit *int64 `min:"1" type:"integer"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s ListIPSetsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListIPSetsInput) SetLimit(v int64) *ListIPSetsInput
SetLimit sets the Limit field's value.
func (s *ListIPSetsInput) SetNextMarker(v string) *ListIPSetsInput
SetNextMarker sets the NextMarker field's value.
func (s *ListIPSetsInput) SetScope(v string) *ListIPSetsInput
SetScope sets the Scope field's value.
func (s ListIPSetsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListIPSetsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListIPSetsOutput struct {
// Array of IPSets. This may not be the full list of IPSets that you have defined.
// See the Limit specification for this request.
IPSets []*IPSetSummary `type:"list"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
func (s ListIPSetsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListIPSetsOutput) SetIPSets(v []*IPSetSummary) *ListIPSetsOutput
SetIPSets sets the IPSets field's value.
func (s *ListIPSetsOutput) SetNextMarker(v string) *ListIPSetsOutput
SetNextMarker sets the NextMarker field's value.
func (s ListIPSetsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListLoggingConfigurationsInput struct {
// The maximum number of objects that you want WAF to return for this request.
// If more objects are available, in the response, WAF provides a NextMarker
// value that you can use in a subsequent call to get the next batch of objects.
Limit *int64 `min:"1" type:"integer"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s ListLoggingConfigurationsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListLoggingConfigurationsInput) SetLimit(v int64) *ListLoggingConfigurationsInput
SetLimit sets the Limit field's value.
func (s *ListLoggingConfigurationsInput) SetNextMarker(v string) *ListLoggingConfigurationsInput
SetNextMarker sets the NextMarker field's value.
func (s *ListLoggingConfigurationsInput) SetScope(v string) *ListLoggingConfigurationsInput
SetScope sets the Scope field's value.
func (s ListLoggingConfigurationsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListLoggingConfigurationsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListLoggingConfigurationsOutput struct {
LoggingConfigurations []*LoggingConfiguration `type:"list"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
func (s ListLoggingConfigurationsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListLoggingConfigurationsOutput) SetLoggingConfigurations(v []*LoggingConfiguration) *ListLoggingConfigurationsOutput
SetLoggingConfigurations sets the LoggingConfigurations field's value.
func (s *ListLoggingConfigurationsOutput) SetNextMarker(v string) *ListLoggingConfigurationsOutput
SetNextMarker sets the NextMarker field's value.
func (s ListLoggingConfigurationsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListManagedRuleSetsInput struct {
// The maximum number of objects that you want WAF to return for this request.
// If more objects are available, in the response, WAF provides a NextMarker
// value that you can use in a subsequent call to get the next batch of objects.
Limit *int64 `min:"1" type:"integer"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s ListManagedRuleSetsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListManagedRuleSetsInput) SetLimit(v int64) *ListManagedRuleSetsInput
SetLimit sets the Limit field's value.
func (s *ListManagedRuleSetsInput) SetNextMarker(v string) *ListManagedRuleSetsInput
SetNextMarker sets the NextMarker field's value.
func (s *ListManagedRuleSetsInput) SetScope(v string) *ListManagedRuleSetsInput
SetScope sets the Scope field's value.
func (s ListManagedRuleSetsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListManagedRuleSetsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListManagedRuleSetsOutput struct {
// Your managed rule sets.
ManagedRuleSets []*ManagedRuleSetSummary `type:"list"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
func (s ListManagedRuleSetsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListManagedRuleSetsOutput) SetManagedRuleSets(v []*ManagedRuleSetSummary) *ListManagedRuleSetsOutput
SetManagedRuleSets sets the ManagedRuleSets field's value.
func (s *ListManagedRuleSetsOutput) SetNextMarker(v string) *ListManagedRuleSetsOutput
SetNextMarker sets the NextMarker field's value.
func (s ListManagedRuleSetsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListMobileSdkReleasesInput struct {
// The maximum number of objects that you want WAF to return for this request.
// If more objects are available, in the response, WAF provides a NextMarker
// value that you can use in a subsequent call to get the next batch of objects.
Limit *int64 `min:"1" type:"integer"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// The device platform to retrieve the list for.
//
// Platform is a required field
Platform *string `type:"string" required:"true" enum:"Platform"`
// contains filtered or unexported fields
}
func (s ListMobileSdkReleasesInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListMobileSdkReleasesInput) SetLimit(v int64) *ListMobileSdkReleasesInput
SetLimit sets the Limit field's value.
func (s *ListMobileSdkReleasesInput) SetNextMarker(v string) *ListMobileSdkReleasesInput
SetNextMarker sets the NextMarker field's value.
func (s *ListMobileSdkReleasesInput) SetPlatform(v string) *ListMobileSdkReleasesInput
SetPlatform sets the Platform field's value.
func (s ListMobileSdkReleasesInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListMobileSdkReleasesInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListMobileSdkReleasesOutput struct {
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// High level information for the available SDK releases.
ReleaseSummaries []*ReleaseSummary `type:"list"`
// contains filtered or unexported fields
}
func (s ListMobileSdkReleasesOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListMobileSdkReleasesOutput) SetNextMarker(v string) *ListMobileSdkReleasesOutput
SetNextMarker sets the NextMarker field's value.
func (s *ListMobileSdkReleasesOutput) SetReleaseSummaries(v []*ReleaseSummary) *ListMobileSdkReleasesOutput
SetReleaseSummaries sets the ReleaseSummaries field's value.
func (s ListMobileSdkReleasesOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListRegexPatternSetsInput struct {
// The maximum number of objects that you want WAF to return for this request.
// If more objects are available, in the response, WAF provides a NextMarker
// value that you can use in a subsequent call to get the next batch of objects.
Limit *int64 `min:"1" type:"integer"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s ListRegexPatternSetsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListRegexPatternSetsInput) SetLimit(v int64) *ListRegexPatternSetsInput
SetLimit sets the Limit field's value.
func (s *ListRegexPatternSetsInput) SetNextMarker(v string) *ListRegexPatternSetsInput
SetNextMarker sets the NextMarker field's value.
func (s *ListRegexPatternSetsInput) SetScope(v string) *ListRegexPatternSetsInput
SetScope sets the Scope field's value.
func (s ListRegexPatternSetsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListRegexPatternSetsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListRegexPatternSetsOutput struct {
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
RegexPatternSets []*RegexPatternSetSummary `type:"list"`
// contains filtered or unexported fields
}
func (s ListRegexPatternSetsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListRegexPatternSetsOutput) SetNextMarker(v string) *ListRegexPatternSetsOutput
SetNextMarker sets the NextMarker field's value.
func (s *ListRegexPatternSetsOutput) SetRegexPatternSets(v []*RegexPatternSetSummary) *ListRegexPatternSetsOutput
SetRegexPatternSets sets the RegexPatternSets field's value.
func (s ListRegexPatternSetsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListResourcesForWebACLInput struct {
// Used for web ACLs that are scoped for regional applications. A regional application
// can be an Application Load Balancer (ALB), an Amazon API Gateway REST API,
// an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.
//
// If you don't provide a resource type, the call uses the resource type APPLICATION_LOAD_BALANCER.
//
// Default: APPLICATION_LOAD_BALANCER
ResourceType *string `type:"string" enum:"ResourceType"`
// The Amazon Resource Name (ARN) of the web ACL.
//
// WebACLArn is a required field
WebACLArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s ListResourcesForWebACLInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListResourcesForWebACLInput) SetResourceType(v string) *ListResourcesForWebACLInput
SetResourceType sets the ResourceType field's value.
func (s *ListResourcesForWebACLInput) SetWebACLArn(v string) *ListResourcesForWebACLInput
SetWebACLArn sets the WebACLArn field's value.
func (s ListResourcesForWebACLInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListResourcesForWebACLInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListResourcesForWebACLOutput struct {
// The array of Amazon Resource Names (ARNs) of the associated resources.
ResourceArns []*string `type:"list"`
// contains filtered or unexported fields
}
func (s ListResourcesForWebACLOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListResourcesForWebACLOutput) SetResourceArns(v []*string) *ListResourcesForWebACLOutput
SetResourceArns sets the ResourceArns field's value.
func (s ListResourcesForWebACLOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListRuleGroupsInput struct {
// The maximum number of objects that you want WAF to return for this request.
// If more objects are available, in the response, WAF provides a NextMarker
// value that you can use in a subsequent call to get the next batch of objects.
Limit *int64 `min:"1" type:"integer"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s ListRuleGroupsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListRuleGroupsInput) SetLimit(v int64) *ListRuleGroupsInput
SetLimit sets the Limit field's value.
func (s *ListRuleGroupsInput) SetNextMarker(v string) *ListRuleGroupsInput
SetNextMarker sets the NextMarker field's value.
func (s *ListRuleGroupsInput) SetScope(v string) *ListRuleGroupsInput
SetScope sets the Scope field's value.
func (s ListRuleGroupsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListRuleGroupsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListRuleGroupsOutput struct {
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
RuleGroups []*RuleGroupSummary `type:"list"`
// contains filtered or unexported fields
}
func (s ListRuleGroupsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListRuleGroupsOutput) SetNextMarker(v string) *ListRuleGroupsOutput
SetNextMarker sets the NextMarker field's value.
func (s *ListRuleGroupsOutput) SetRuleGroups(v []*RuleGroupSummary) *ListRuleGroupsOutput
SetRuleGroups sets the RuleGroups field's value.
func (s ListRuleGroupsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListTagsForResourceInput struct {
// The maximum number of objects that you want WAF to return for this request.
// If more objects are available, in the response, WAF provides a NextMarker
// value that you can use in a subsequent call to get the next batch of objects.
Limit *int64 `min:"1" type:"integer"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// The Amazon Resource Name (ARN) of the resource.
//
// ResourceARN is a required field
ResourceARN *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s ListTagsForResourceInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListTagsForResourceInput) SetLimit(v int64) *ListTagsForResourceInput
SetLimit sets the Limit field's value.
func (s *ListTagsForResourceInput) SetNextMarker(v string) *ListTagsForResourceInput
SetNextMarker sets the NextMarker field's value.
func (s *ListTagsForResourceInput) SetResourceARN(v string) *ListTagsForResourceInput
SetResourceARN sets the ResourceARN field's value.
func (s ListTagsForResourceInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListTagsForResourceInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListTagsForResourceOutput struct {
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// The collection of tagging definitions for the resource.
TagInfoForResource *TagInfoForResource `type:"structure"`
// contains filtered or unexported fields
}
func (s ListTagsForResourceOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListTagsForResourceOutput) SetNextMarker(v string) *ListTagsForResourceOutput
SetNextMarker sets the NextMarker field's value.
func (s *ListTagsForResourceOutput) SetTagInfoForResource(v *TagInfoForResource) *ListTagsForResourceOutput
SetTagInfoForResource sets the TagInfoForResource field's value.
func (s ListTagsForResourceOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ListWebACLsInput struct {
// The maximum number of objects that you want WAF to return for this request.
// If more objects are available, in the response, WAF provides a NextMarker
// value that you can use in a subsequent call to get the next batch of objects.
Limit *int64 `min:"1" type:"integer"`
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// contains filtered or unexported fields
}
func (s ListWebACLsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListWebACLsInput) SetLimit(v int64) *ListWebACLsInput
SetLimit sets the Limit field's value.
func (s *ListWebACLsInput) SetNextMarker(v string) *ListWebACLsInput
SetNextMarker sets the NextMarker field's value.
func (s *ListWebACLsInput) SetScope(v string) *ListWebACLsInput
SetScope sets the Scope field's value.
func (s ListWebACLsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListWebACLsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ListWebACLsOutput struct {
// When you request a list of objects with a Limit setting, if the number of
// objects that are still available for retrieval exceeds the limit, WAF returns
// a NextMarker value in the response. To retrieve the next batch of objects,
// provide the marker from the prior call in your next request.
NextMarker *string `min:"1" type:"string"`
WebACLs []*WebACLSummary `type:"list"`
// contains filtered or unexported fields
}
func (s ListWebACLsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ListWebACLsOutput) SetNextMarker(v string) *ListWebACLsOutput
SetNextMarker sets the NextMarker field's value.
func (s *ListWebACLsOutput) SetWebACLs(v []*WebACLSummary) *ListWebACLsOutput
SetWebACLs sets the WebACLs field's value.
func (s ListWebACLsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type LoggingConfiguration struct {
// The logging destination configuration that you want to associate with the
// web ACL.
//
// You can associate one logging destination to a web ACL.
//
// LogDestinationConfigs is a required field
LogDestinationConfigs []*string `min:"1" type:"list" required:"true"`
// Filtering that specifies which web requests are kept in the logs and which
// are dropped. You can filter on the rule action and on the web request labels
// that were applied by matching rules during web ACL evaluation.
LoggingFilter *LoggingFilter `type:"structure"`
// Indicates whether the logging configuration was created by Firewall Manager,
// as part of an WAF policy configuration. If true, only Firewall Manager can
// modify or delete the configuration.
ManagedByFirewallManager *bool `type:"boolean"`
// The parts of the request that you want to keep out of the logs. For example,
// if you redact the SingleHeader field, the HEADER field in the logs will be
// REDACTED.
//
// You can specify only the following fields for redaction: UriPath, QueryString,
// SingleHeader, Method, and JsonBody.
RedactedFields []*FieldToMatch `type:"list"`
// The Amazon Resource Name (ARN) of the web ACL that you want to associate
// with LogDestinationConfigs.
//
// ResourceArn is a required field
ResourceArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
Defines an association between logging destinations and a web ACL resource, for logging from WAF. As part of the association, you can specify parts of the standard logging fields to keep out of the logs and you can specify filters so that you log only a subset of the logging records.
You can define one logging destination per web ACL.
You can access information about the traffic that WAF inspects using the following steps:
Create your logging destination. You can use an Amazon CloudWatch Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon Kinesis Data Firehose.
The name that you give the destination must start with aws-waf-logs-. Depending on the type of destination, you might need to configure additional settings or permissions.
For configuration requirements and pricing information for each destination type, see Logging web ACL traffic (https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) in the WAF Developer Guide.
Associate your logging destination to your web ACL using a PutLoggingConfiguration request.
When you successfully enable logging using a PutLoggingConfiguration request, WAF creates an additional role or policy that is required to write logs to the logging destination. For an Amazon CloudWatch Logs log group, WAF creates a resource policy on the log group. For an Amazon S3 bucket, WAF creates a bucket policy. For an Amazon Kinesis Data Firehose, WAF creates a service-linked role.
For additional information about web ACL logging, see Logging web ACL traffic information (https://docs.aws.amazon.com/waf/latest/developerguide/logging.html) in the WAF Developer Guide.
func (s LoggingConfiguration) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *LoggingConfiguration) SetLogDestinationConfigs(v []*string) *LoggingConfiguration
SetLogDestinationConfigs sets the LogDestinationConfigs field's value.
func (s *LoggingConfiguration) SetLoggingFilter(v *LoggingFilter) *LoggingConfiguration
SetLoggingFilter sets the LoggingFilter field's value.
func (s *LoggingConfiguration) SetManagedByFirewallManager(v bool) *LoggingConfiguration
SetManagedByFirewallManager sets the ManagedByFirewallManager field's value.
func (s *LoggingConfiguration) SetRedactedFields(v []*FieldToMatch) *LoggingConfiguration
SetRedactedFields sets the RedactedFields field's value.
func (s *LoggingConfiguration) SetResourceArn(v string) *LoggingConfiguration
SetResourceArn sets the ResourceArn field's value.
func (s LoggingConfiguration) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *LoggingConfiguration) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type LoggingFilter struct {
// Default handling for logs that don't match any of the specified filtering
// conditions.
//
// DefaultBehavior is a required field
DefaultBehavior *string `type:"string" required:"true" enum:"FilterBehavior"`
// The filters that you want to apply to the logs.
//
// Filters is a required field
Filters []*Filter `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
Filtering that specifies which web requests are kept in the logs and which are dropped, defined for a web ACL's LoggingConfiguration.
You can filter on the rule action and on the web request labels that were applied by matching rules during web ACL evaluation.
func (s LoggingFilter) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *LoggingFilter) SetDefaultBehavior(v string) *LoggingFilter
SetDefaultBehavior sets the DefaultBehavior field's value.
func (s *LoggingFilter) SetFilters(v []*Filter) *LoggingFilter
SetFilters sets the Filters field's value.
func (s LoggingFilter) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *LoggingFilter) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ManagedRuleGroupConfig struct {
// Additional configuration for using the account takeover prevention (ATP)
// managed rule group, AWSManagedRulesATPRuleSet. Use this to provide login
// request information to the rule group. For web ACLs that protect CloudFront
// distributions, use this to also provide the information about how your distribution
// responds to login requests.
//
// This configuration replaces the individual configuration fields in ManagedRuleGroupConfig
// and provides additional feature configuration.
//
// For information about using the ATP managed rule group, see WAF Fraud Control
// account takeover prevention (ATP) rule group (https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-atp.html)
// and WAF Fraud Control account takeover prevention (ATP) (https://docs.aws.amazon.com/waf/latest/developerguide/waf-atp.html)
// in the WAF Developer Guide.
AWSManagedRulesATPRuleSet *AWSManagedRulesATPRuleSet `type:"structure"`
// Additional configuration for using the Bot Control managed rule group. Use
// this to specify the inspection level that you want to use. For information
// about using the Bot Control managed rule group, see WAF Bot Control rule
// group (https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html)
// and WAF Bot Control (https://docs.aws.amazon.com/waf/latest/developerguide/waf-bot-control.html)
// in the WAF Developer Guide.
AWSManagedRulesBotControlRuleSet *AWSManagedRulesBotControlRuleSet `type:"structure"`
//
// Instead of this setting, provide your configuration under AWSManagedRulesATPRuleSet.
//
// Deprecated: Deprecated. Use AWSManagedRulesATPRuleSet LoginPath
LoginPath *string `min:"1" deprecated:"true" type:"string"`
//
// Instead of this setting, provide your configuration under AWSManagedRulesATPRuleSet
// RequestInspection.
//
// Deprecated: Deprecated. Use AWSManagedRulesATPRuleSet RequestInspection PasswordField
PasswordField *PasswordField `deprecated:"true" type:"structure"`
//
// Instead of this setting, provide your configuration under AWSManagedRulesATPRuleSet
// RequestInspection.
//
// Deprecated: Deprecated. Use AWSManagedRulesATPRuleSet RequestInspection PayloadType
PayloadType *string `deprecated:"true" type:"string" enum:"PayloadType"`
//
// Instead of this setting, provide your configuration under AWSManagedRulesATPRuleSet
// RequestInspection.
//
// Deprecated: Deprecated. Use AWSManagedRulesATPRuleSet RequestInspection UsernameField
UsernameField *UsernameField `deprecated:"true" type:"structure"`
// contains filtered or unexported fields
}
Additional information that's used by a managed rule group. Many managed rule groups don't require this.
Use the AWSManagedRulesATPRuleSet configuration object for the account takeover prevention managed rule group, to provide information such as the sign-in page of your application and the type of content to accept or reject from the client.
Use the AWSManagedRulesBotControlRuleSet configuration object to configure the protection level that you want the Bot Control rule group to use.
For example specifications, see the examples section of CreateWebACL.
func (s ManagedRuleGroupConfig) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ManagedRuleGroupConfig) SetAWSManagedRulesATPRuleSet(v *AWSManagedRulesATPRuleSet) *ManagedRuleGroupConfig
SetAWSManagedRulesATPRuleSet sets the AWSManagedRulesATPRuleSet field's value.
func (s *ManagedRuleGroupConfig) SetAWSManagedRulesBotControlRuleSet(v *AWSManagedRulesBotControlRuleSet) *ManagedRuleGroupConfig
SetAWSManagedRulesBotControlRuleSet sets the AWSManagedRulesBotControlRuleSet field's value.
func (s *ManagedRuleGroupConfig) SetLoginPath(v string) *ManagedRuleGroupConfig
SetLoginPath sets the LoginPath field's value.
func (s *ManagedRuleGroupConfig) SetPasswordField(v *PasswordField) *ManagedRuleGroupConfig
SetPasswordField sets the PasswordField field's value.
func (s *ManagedRuleGroupConfig) SetPayloadType(v string) *ManagedRuleGroupConfig
SetPayloadType sets the PayloadType field's value.
func (s *ManagedRuleGroupConfig) SetUsernameField(v *UsernameField) *ManagedRuleGroupConfig
SetUsernameField sets the UsernameField field's value.
func (s ManagedRuleGroupConfig) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ManagedRuleGroupConfig) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ManagedRuleGroupStatement struct {
// Rules in the referenced rule group whose actions are set to Count.
//
// Instead of this option, use RuleActionOverrides. It accepts any valid action
// setting, including Count.
ExcludedRules []*ExcludedRule `type:"list"`
// Additional information that's used by a managed rule group. Many managed
// rule groups don't require this.
//
// Use the AWSManagedRulesATPRuleSet configuration object for the account takeover
// prevention managed rule group, to provide information such as the sign-in
// page of your application and the type of content to accept or reject from
// the client.
//
// Use the AWSManagedRulesBotControlRuleSet configuration object to configure
// the protection level that you want the Bot Control rule group to use.
ManagedRuleGroupConfigs []*ManagedRuleGroupConfig `type:"list"`
// The name of the managed rule group. You use this, along with the vendor name,
// to identify the rule group.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Action settings to use in the place of the rule actions that are configured
// inside the rule group. You specify one override for each rule whose action
// you want to change.
//
// You can use overrides for testing, for example you can override all of rule
// actions to Count and then monitor the resulting count metrics to understand
// how the rule group would handle your web traffic. You can also permanently
// override some or all actions, to modify how the rule group manages your web
// traffic.
RuleActionOverrides []*RuleActionOverride `min:"1" type:"list"`
// An optional nested statement that narrows the scope of the web requests that
// are evaluated by the managed rule group. Requests are only evaluated by the
// rule group if they match the scope-down statement. You can use any nestable
// Statement in the scope-down statement, and you can nest statements at any
// level, the same as you can for a rule statement.
ScopeDownStatement *Statement `type:"structure"`
// The name of the managed rule group vendor. You use this, along with the rule
// group name, to identify the rule group.
//
// VendorName is a required field
VendorName *string `min:"1" type:"string" required:"true"`
// The version of the managed rule group to use. If you specify this, the version
// setting is fixed until you change it. If you don't specify this, WAF uses
// the vendor's default version, and then keeps the version at the vendor's
// default when the vendor updates the managed rule group settings.
Version *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.
You cannot nest a ManagedRuleGroupStatement, for example for use inside a NotStatement or OrStatement. It can only be referenced as a top-level statement within a rule.
You are charged additional fees when you use the WAF Bot Control managed rule group AWSManagedRulesBotControlRuleSet or the WAF Fraud Control account takeover prevention (ATP) managed rule group AWSManagedRulesATPRuleSet. For more information, see WAF Pricing (http://aws.amazon.com/waf/pricing/).
func (s ManagedRuleGroupStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ManagedRuleGroupStatement) SetExcludedRules(v []*ExcludedRule) *ManagedRuleGroupStatement
SetExcludedRules sets the ExcludedRules field's value.
func (s *ManagedRuleGroupStatement) SetManagedRuleGroupConfigs(v []*ManagedRuleGroupConfig) *ManagedRuleGroupStatement
SetManagedRuleGroupConfigs sets the ManagedRuleGroupConfigs field's value.
func (s *ManagedRuleGroupStatement) SetName(v string) *ManagedRuleGroupStatement
SetName sets the Name field's value.
func (s *ManagedRuleGroupStatement) SetRuleActionOverrides(v []*RuleActionOverride) *ManagedRuleGroupStatement
SetRuleActionOverrides sets the RuleActionOverrides field's value.
func (s *ManagedRuleGroupStatement) SetScopeDownStatement(v *Statement) *ManagedRuleGroupStatement
SetScopeDownStatement sets the ScopeDownStatement field's value.
func (s *ManagedRuleGroupStatement) SetVendorName(v string) *ManagedRuleGroupStatement
SetVendorName sets the VendorName field's value.
func (s *ManagedRuleGroupStatement) SetVersion(v string) *ManagedRuleGroupStatement
SetVersion sets the Version field's value.
func (s ManagedRuleGroupStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ManagedRuleGroupStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ManagedRuleGroupSummary struct {
// The description of the managed rule group, provided by Amazon Web Services
// Managed Rules or the Amazon Web Services Marketplace seller who manages it.
Description *string `min:"1" type:"string"`
// The name of the managed rule group. You use this, along with the vendor name,
// to identify the rule group.
Name *string `min:"1" type:"string"`
// The name of the managed rule group vendor. You use this, along with the rule
// group name, to identify the rule group.
VendorName *string `min:"1" type:"string"`
// Indicates whether the managed rule group is versioned. If it is, you can
// retrieve the versions list by calling ListAvailableManagedRuleGroupVersions.
VersioningSupported *bool `type:"boolean"`
// contains filtered or unexported fields
}
High-level information about a managed rule group, returned by ListAvailableManagedRuleGroups. This provides information like the name and vendor name, that you provide when you add a ManagedRuleGroupStatement to a web ACL. Managed rule groups include Amazon Web Services Managed Rules rule groups, which are free of charge to WAF customers, and Amazon Web Services Marketplace managed rule groups, which you can subscribe to through Amazon Web Services Marketplace.
func (s ManagedRuleGroupSummary) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ManagedRuleGroupSummary) SetDescription(v string) *ManagedRuleGroupSummary
SetDescription sets the Description field's value.
func (s *ManagedRuleGroupSummary) SetName(v string) *ManagedRuleGroupSummary
SetName sets the Name field's value.
func (s *ManagedRuleGroupSummary) SetVendorName(v string) *ManagedRuleGroupSummary
SetVendorName sets the VendorName field's value.
func (s *ManagedRuleGroupSummary) SetVersioningSupported(v bool) *ManagedRuleGroupSummary
SetVersioningSupported sets the VersioningSupported field's value.
func (s ManagedRuleGroupSummary) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ManagedRuleGroupVersion struct {
// The date and time that the managed rule group owner updated the rule group
// version information.
LastUpdateTimestamp *time.Time `type:"timestamp"`
// The version name.
Name *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
Describes a single version of a managed rule group.
func (s ManagedRuleGroupVersion) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ManagedRuleGroupVersion) SetLastUpdateTimestamp(v time.Time) *ManagedRuleGroupVersion
SetLastUpdateTimestamp sets the LastUpdateTimestamp field's value.
func (s *ManagedRuleGroupVersion) SetName(v string) *ManagedRuleGroupVersion
SetName sets the Name field's value.
func (s ManagedRuleGroupVersion) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ManagedRuleSet struct {
// The Amazon Resource Name (ARN) of the entity.
//
// ARN is a required field
ARN *string `min:"20" type:"string" required:"true"`
// A description of the set that helps with identification.
Description *string `min:"1" type:"string"`
// A unique identifier for the managed rule set. The ID is returned in the responses
// to commands like list. You provide it to operations like get and update.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// The label namespace prefix for the managed rule groups that are offered to
// customers from this managed rule set. All labels that are added by rules
// in the managed rule group have this prefix.
//
// * The syntax for the label namespace prefix for a managed rule group is
// the following: awswaf:managed:<vendor>:<rule group name>:
//
// * When a rule with a label matches a web request, WAF adds the fully qualified
// label to the request. A fully qualified label is made up of the label
// namespace from the rule group or web ACL where the rule is defined and
// the label from the rule, separated by a colon: <label namespace>:<label
// from rule>
LabelNamespace *string `min:"1" type:"string"`
// The name of the managed rule set. You use this, along with the rule set ID,
// to identify the rule set.
//
// This name is assigned to the corresponding managed rule group, which your
// customers can access and use.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// The versions of this managed rule set that are available for use by customers.
PublishedVersions map[string]*ManagedRuleSetVersion `type:"map"`
// The version that you would like your customers to use.
RecommendedVersion *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
A set of rules that is managed by Amazon Web Services and Amazon Web Services Marketplace sellers to provide versioned managed rule groups for customers of WAF.
This is intended for use only by vendors of managed rule sets. Vendors are Amazon Web Services and Amazon Web Services Marketplace sellers.
Vendors, you can use the managed rule set APIs to provide controlled rollout of your versioned managed rule group offerings for your customers. The APIs are ListManagedRuleSets, GetManagedRuleSet, PutManagedRuleSetVersions, and UpdateManagedRuleSetVersionExpiryDate.
func (s ManagedRuleSet) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ManagedRuleSet) SetARN(v string) *ManagedRuleSet
SetARN sets the ARN field's value.
func (s *ManagedRuleSet) SetDescription(v string) *ManagedRuleSet
SetDescription sets the Description field's value.
func (s *ManagedRuleSet) SetId(v string) *ManagedRuleSet
SetId sets the Id field's value.
func (s *ManagedRuleSet) SetLabelNamespace(v string) *ManagedRuleSet
SetLabelNamespace sets the LabelNamespace field's value.
func (s *ManagedRuleSet) SetName(v string) *ManagedRuleSet
SetName sets the Name field's value.
func (s *ManagedRuleSet) SetPublishedVersions(v map[string]*ManagedRuleSetVersion) *ManagedRuleSet
SetPublishedVersions sets the PublishedVersions field's value.
func (s *ManagedRuleSet) SetRecommendedVersion(v string) *ManagedRuleSet
SetRecommendedVersion sets the RecommendedVersion field's value.
func (s ManagedRuleSet) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ManagedRuleSetSummary struct {
// The Amazon Resource Name (ARN) of the entity.
ARN *string `min:"20" type:"string"`
// A description of the set that helps with identification.
Description *string `min:"1" type:"string"`
// A unique identifier for the managed rule set. The ID is returned in the responses
// to commands like list. You provide it to operations like get and update.
Id *string `min:"1" type:"string"`
// The label namespace prefix for the managed rule groups that are offered to
// customers from this managed rule set. All labels that are added by rules
// in the managed rule group have this prefix.
//
// * The syntax for the label namespace prefix for a managed rule group is
// the following: awswaf:managed:<vendor>:<rule group name>:
//
// * When a rule with a label matches a web request, WAF adds the fully qualified
// label to the request. A fully qualified label is made up of the label
// namespace from the rule group or web ACL where the rule is defined and
// the label from the rule, separated by a colon: <label namespace>:<label
// from rule>
LabelNamespace *string `min:"1" type:"string"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
LockToken *string `min:"1" type:"string"`
// The name of the managed rule set. You use this, along with the rule set ID,
// to identify the rule set.
//
// This name is assigned to the corresponding managed rule group, which your
// customers can access and use.
Name *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
High-level information for a managed rule set.
This is intended for use only by vendors of managed rule sets. Vendors are Amazon Web Services and Amazon Web Services Marketplace sellers.
Vendors, you can use the managed rule set APIs to provide controlled rollout of your versioned managed rule group offerings for your customers. The APIs are ListManagedRuleSets, GetManagedRuleSet, PutManagedRuleSetVersions, and UpdateManagedRuleSetVersionExpiryDate.
func (s ManagedRuleSetSummary) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ManagedRuleSetSummary) SetARN(v string) *ManagedRuleSetSummary
SetARN sets the ARN field's value.
func (s *ManagedRuleSetSummary) SetDescription(v string) *ManagedRuleSetSummary
SetDescription sets the Description field's value.
func (s *ManagedRuleSetSummary) SetId(v string) *ManagedRuleSetSummary
SetId sets the Id field's value.
func (s *ManagedRuleSetSummary) SetLabelNamespace(v string) *ManagedRuleSetSummary
SetLabelNamespace sets the LabelNamespace field's value.
func (s *ManagedRuleSetSummary) SetLockToken(v string) *ManagedRuleSetSummary
SetLockToken sets the LockToken field's value.
func (s *ManagedRuleSetSummary) SetName(v string) *ManagedRuleSetSummary
SetName sets the Name field's value.
func (s ManagedRuleSetSummary) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ManagedRuleSetVersion struct {
// The Amazon Resource Name (ARN) of the vendor rule group that's used to define
// the published version of your managed rule group.
AssociatedRuleGroupArn *string `min:"20" type:"string"`
// The web ACL capacity units (WCUs) required for this rule group.
//
// WAF uses WCUs to calculate and control the operating resources that are used
// to run your rules, rule groups, and web ACLs. WAF calculates capacity differently
// for each rule type, to reflect the relative cost of each rule. Simple rules
// that cost little to run use fewer WCUs than more complex rules that use more
// processing power. Rule group capacity is fixed at creation, which helps users
// plan their web ACL WCU usage when they use a rule group. The WCU limit for
// web ACLs is 1,500.
Capacity *int64 `min:"1" type:"long"`
// The time that this version is set to expire.
//
// Times are in Coordinated Universal Time (UTC) format. UTC format includes
// the special designator, Z. For example, "2016-09-27T14:50Z".
ExpiryTimestamp *time.Time `type:"timestamp"`
// The amount of time you expect this version of your managed rule group to
// last, in days.
ForecastedLifetime *int64 `min:"1" type:"integer"`
// The last time that you updated this version.
//
// Times are in Coordinated Universal Time (UTC) format. UTC format includes
// the special designator, Z. For example, "2016-09-27T14:50Z".
LastUpdateTimestamp *time.Time `type:"timestamp"`
// The time that you first published this version.
//
// Times are in Coordinated Universal Time (UTC) format. UTC format includes
// the special designator, Z. For example, "2016-09-27T14:50Z".
PublishTimestamp *time.Time `type:"timestamp"`
// contains filtered or unexported fields
}
Information for a single version of a managed rule set.
This is intended for use only by vendors of managed rule sets. Vendors are Amazon Web Services and Amazon Web Services Marketplace sellers.
Vendors, you can use the managed rule set APIs to provide controlled rollout of your versioned managed rule group offerings for your customers. The APIs are ListManagedRuleSets, GetManagedRuleSet, PutManagedRuleSetVersions, and UpdateManagedRuleSetVersionExpiryDate.
func (s ManagedRuleSetVersion) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ManagedRuleSetVersion) SetAssociatedRuleGroupArn(v string) *ManagedRuleSetVersion
SetAssociatedRuleGroupArn sets the AssociatedRuleGroupArn field's value.
func (s *ManagedRuleSetVersion) SetCapacity(v int64) *ManagedRuleSetVersion
SetCapacity sets the Capacity field's value.
func (s *ManagedRuleSetVersion) SetExpiryTimestamp(v time.Time) *ManagedRuleSetVersion
SetExpiryTimestamp sets the ExpiryTimestamp field's value.
func (s *ManagedRuleSetVersion) SetForecastedLifetime(v int64) *ManagedRuleSetVersion
SetForecastedLifetime sets the ForecastedLifetime field's value.
func (s *ManagedRuleSetVersion) SetLastUpdateTimestamp(v time.Time) *ManagedRuleSetVersion
SetLastUpdateTimestamp sets the LastUpdateTimestamp field's value.
func (s *ManagedRuleSetVersion) SetPublishTimestamp(v time.Time) *ManagedRuleSetVersion
SetPublishTimestamp sets the PublishTimestamp field's value.
func (s ManagedRuleSetVersion) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type Method struct {
// contains filtered or unexported fields
}
Inspect the HTTP method of the web request. The method indicates the type of operation that the request is asking the origin to perform.
This is used only in the FieldToMatch specification for some web request component types.
JSON specification: "Method": {}
func (s Method) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s Method) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type MobileSdkRelease struct {
// Notes describing the release.
ReleaseNotes *string `type:"string"`
// The release version.
ReleaseVersion *string `min:"1" type:"string"`
// Tags that are associated with the release.
Tags []*Tag `min:"1" type:"list"`
// The timestamp of the release.
Timestamp *time.Time `type:"timestamp"`
// contains filtered or unexported fields
}
Information for a release of the mobile SDK, including release notes and tags.
The mobile SDK is not generally available. Customers who have access to the mobile SDK can use it to establish and manage WAF tokens for use in HTTP(S) requests from a mobile device to WAF. For more information, see WAF client application integration (https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html) in the WAF Developer Guide.
func (s MobileSdkRelease) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *MobileSdkRelease) SetReleaseNotes(v string) *MobileSdkRelease
SetReleaseNotes sets the ReleaseNotes field's value.
func (s *MobileSdkRelease) SetReleaseVersion(v string) *MobileSdkRelease
SetReleaseVersion sets the ReleaseVersion field's value.
func (s *MobileSdkRelease) SetTags(v []*Tag) *MobileSdkRelease
SetTags sets the Tags field's value.
func (s *MobileSdkRelease) SetTimestamp(v time.Time) *MobileSdkRelease
SetTimestamp sets the Timestamp field's value.
func (s MobileSdkRelease) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type NoneAction struct {
// contains filtered or unexported fields
}
Specifies that WAF should do nothing. This is used for the OverrideAction setting on a Rule when the rule uses a rule group reference statement.
This is used in the context of other settings, for example to specify values for RuleAction and web ACL DefaultAction.
JSON specification: "None": {}
func (s NoneAction) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s NoneAction) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type NotStatement struct {
// The statement to negate. You can use any statement that can be nested.
//
// Statement is a required field
Statement *Statement `type:"structure" required:"true"`
// contains filtered or unexported fields
}
A logical rule statement used to negate the results of another rule statement. You provide one Statement within the NotStatement.
func (s NotStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *NotStatement) SetStatement(v *Statement) *NotStatement
SetStatement sets the Statement field's value.
func (s NotStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *NotStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type OrStatement struct {
// The statements to combine with OR logic. You can use any statements that
// can be nested.
//
// Statements is a required field
Statements []*Statement `type:"list" required:"true"`
// contains filtered or unexported fields
}
A logical rule statement used to combine other rule statements with OR logic. You provide more than one Statement within the OrStatement.
func (s OrStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OrStatement) SetStatements(v []*Statement) *OrStatement
SetStatements sets the Statements field's value.
func (s OrStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OrStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type OverrideAction struct {
// Override the rule group evaluation result to count only.
//
// This option is usually set to none. It does not affect how the rules in the
// rule group are evaluated. If you want the rules in the rule group to only
// count matches, do not use this and instead use the rule action override option,
// with Count action, in your rule group reference statement settings.
Count *CountAction `type:"structure"`
// Don't override the rule group evaluation result. This is the most common
// setting.
None *NoneAction `type:"structure"`
// contains filtered or unexported fields
}
The action to use in the place of the action that results from the rule group evaluation. Set the override action to none to leave the result of the rule group alone. Set it to count to override the result to count only.
You can only use this for rule statements that reference a rule group, like RuleGroupReferenceStatement and ManagedRuleGroupStatement.
This option is usually set to none. It does not affect how the rules in the rule group are evaluated. If you want the rules in the rule group to only count matches, do not use this and instead use the rule action override option, with Count action, in your rule group reference statement settings.
func (s OverrideAction) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OverrideAction) SetCount(v *CountAction) *OverrideAction
SetCount sets the Count field's value.
func (s *OverrideAction) SetNone(v *NoneAction) *OverrideAction
SetNone sets the None field's value.
func (s OverrideAction) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *OverrideAction) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type PasswordField struct {
// The name of the password field. For example /form/password.
//
// Identifier is a required field
Identifier *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
Details about your login page password field for request inspection, used in the AWSManagedRulesATPRuleSet RequestInspection configuration.
func (s PasswordField) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PasswordField) SetIdentifier(v string) *PasswordField
SetIdentifier sets the Identifier field's value.
func (s PasswordField) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PasswordField) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type PutLoggingConfigurationInput struct {
// Defines an association between logging destinations and a web ACL resource,
// for logging from WAF. As part of the association, you can specify parts of
// the standard logging fields to keep out of the logs and you can specify filters
// so that you log only a subset of the logging records.
//
// You can define one logging destination per web ACL.
//
// You can access information about the traffic that WAF inspects using the
// following steps:
//
// Create your logging destination. You can use an Amazon CloudWatch Logs log
// group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon
// Kinesis Data Firehose.
//
// The name that you give the destination must start with aws-waf-logs-. Depending
// on the type of destination, you might need to configure additional settings
// or permissions.
//
// For configuration requirements and pricing information for each destination
// type, see Logging web ACL traffic (https://docs.aws.amazon.com/waf/latest/developerguide/logging.html)
// in the WAF Developer Guide.
//
// Associate your logging destination to your web ACL using a PutLoggingConfiguration
// request.
//
// When you successfully enable logging using a PutLoggingConfiguration request,
// WAF creates an additional role or policy that is required to write logs to
// the logging destination. For an Amazon CloudWatch Logs log group, WAF creates
// a resource policy on the log group. For an Amazon S3 bucket, WAF creates
// a bucket policy. For an Amazon Kinesis Data Firehose, WAF creates a service-linked
// role.
//
// For additional information about web ACL logging, see Logging web ACL traffic
// information (https://docs.aws.amazon.com/waf/latest/developerguide/logging.html)
// in the WAF Developer Guide.
//
// LoggingConfiguration is a required field
LoggingConfiguration *LoggingConfiguration `type:"structure" required:"true"`
// contains filtered or unexported fields
}
func (s PutLoggingConfigurationInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PutLoggingConfigurationInput) SetLoggingConfiguration(v *LoggingConfiguration) *PutLoggingConfigurationInput
SetLoggingConfiguration sets the LoggingConfiguration field's value.
func (s PutLoggingConfigurationInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PutLoggingConfigurationInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type PutLoggingConfigurationOutput struct {
// Defines an association between logging destinations and a web ACL resource,
// for logging from WAF. As part of the association, you can specify parts of
// the standard logging fields to keep out of the logs and you can specify filters
// so that you log only a subset of the logging records.
//
// You can define one logging destination per web ACL.
//
// You can access information about the traffic that WAF inspects using the
// following steps:
//
// Create your logging destination. You can use an Amazon CloudWatch Logs log
// group, an Amazon Simple Storage Service (Amazon S3) bucket, or an Amazon
// Kinesis Data Firehose.
//
// The name that you give the destination must start with aws-waf-logs-. Depending
// on the type of destination, you might need to configure additional settings
// or permissions.
//
// For configuration requirements and pricing information for each destination
// type, see Logging web ACL traffic (https://docs.aws.amazon.com/waf/latest/developerguide/logging.html)
// in the WAF Developer Guide.
//
// Associate your logging destination to your web ACL using a PutLoggingConfiguration
// request.
//
// When you successfully enable logging using a PutLoggingConfiguration request,
// WAF creates an additional role or policy that is required to write logs to
// the logging destination. For an Amazon CloudWatch Logs log group, WAF creates
// a resource policy on the log group. For an Amazon S3 bucket, WAF creates
// a bucket policy. For an Amazon Kinesis Data Firehose, WAF creates a service-linked
// role.
//
// For additional information about web ACL logging, see Logging web ACL traffic
// information (https://docs.aws.amazon.com/waf/latest/developerguide/logging.html)
// in the WAF Developer Guide.
LoggingConfiguration *LoggingConfiguration `type:"structure"`
// contains filtered or unexported fields
}
func (s PutLoggingConfigurationOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PutLoggingConfigurationOutput) SetLoggingConfiguration(v *LoggingConfiguration) *PutLoggingConfigurationOutput
SetLoggingConfiguration sets the LoggingConfiguration field's value.
func (s PutLoggingConfigurationOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type PutManagedRuleSetVersionsInput struct {
// A unique identifier for the managed rule set. The ID is returned in the responses
// to commands like list. You provide it to operations like get and update.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
//
// LockToken is a required field
LockToken *string `min:"1" type:"string" required:"true"`
// The name of the managed rule set. You use this, along with the rule set ID,
// to identify the rule set.
//
// This name is assigned to the corresponding managed rule group, which your
// customers can access and use.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// The version of the named managed rule group that you'd like your customers
// to choose, from among your version offerings.
RecommendedVersion *string `min:"1" type:"string"`
// Specifies whether this is for an Amazon CloudFront distribution or for a
// regional application. A regional application can be an Application Load Balancer
// (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito
// user pool, or an App Runner service.
//
// To work with CloudFront, you must also specify the Region US East (N. Virginia)
// as follows:
//
// * CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT
// --region=us-east-1.
//
// * API and SDKs - For all calls, use the Region endpoint us-east-1.
//
// Scope is a required field
Scope *string `type:"string" required:"true" enum:"Scope"`
// The versions of the named managed rule group that you want to offer to your
// customers.
VersionsToPublish map[string]*VersionToPublish `type:"map"`
// contains filtered or unexported fields
}
func (s PutManagedRuleSetVersionsInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PutManagedRuleSetVersionsInput) SetId(v string) *PutManagedRuleSetVersionsInput
SetId sets the Id field's value.
func (s *PutManagedRuleSetVersionsInput) SetLockToken(v string) *PutManagedRuleSetVersionsInput
SetLockToken sets the LockToken field's value.
func (s *PutManagedRuleSetVersionsInput) SetName(v string) *PutManagedRuleSetVersionsInput
SetName sets the Name field's value.
func (s *PutManagedRuleSetVersionsInput) SetRecommendedVersion(v string) *PutManagedRuleSetVersionsInput
SetRecommendedVersion sets the RecommendedVersion field's value.
func (s *PutManagedRuleSetVersionsInput) SetScope(v string) *PutManagedRuleSetVersionsInput
SetScope sets the Scope field's value.
func (s *PutManagedRuleSetVersionsInput) SetVersionsToPublish(v map[string]*VersionToPublish) *PutManagedRuleSetVersionsInput
SetVersionsToPublish sets the VersionsToPublish field's value.
func (s PutManagedRuleSetVersionsInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PutManagedRuleSetVersionsInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type PutManagedRuleSetVersionsOutput struct {
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
NextLockToken *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
func (s PutManagedRuleSetVersionsOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PutManagedRuleSetVersionsOutput) SetNextLockToken(v string) *PutManagedRuleSetVersionsOutput
SetNextLockToken sets the NextLockToken field's value.
func (s PutManagedRuleSetVersionsOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type PutPermissionPolicyInput struct {
// The policy to attach to the specified rule group.
//
// The policy specifications must conform to the following:
//
// * The policy must be composed using IAM Policy version 2012-10-17 or version
// 2015-01-01.
//
// * The policy must include specifications for Effect, Action, and Principal.
//
// * Effect must specify Allow.
//
// * Action must specify wafv2:CreateWebACL, wafv2:UpdateWebACL, and wafv2:PutFirewallManagerRuleGroups
// and may optionally specify wafv2:GetRuleGroup. WAF rejects any extra actions
// or wildcard actions in the policy.
//
// * The policy must not include a Resource parameter.
//
// For more information, see IAM Policies (https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html).
//
// Policy is a required field
Policy *string `min:"1" type:"string" required:"true"`
// The Amazon Resource Name (ARN) of the RuleGroup to which you want to attach
// the policy.
//
// ResourceArn is a required field
ResourceArn *string `min:"20" type:"string" required:"true"`
// contains filtered or unexported fields
}
func (s PutPermissionPolicyInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PutPermissionPolicyInput) SetPolicy(v string) *PutPermissionPolicyInput
SetPolicy sets the Policy field's value.
func (s *PutPermissionPolicyInput) SetResourceArn(v string) *PutPermissionPolicyInput
SetResourceArn sets the ResourceArn field's value.
func (s PutPermissionPolicyInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *PutPermissionPolicyInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type PutPermissionPolicyOutput struct {
// contains filtered or unexported fields
}
func (s PutPermissionPolicyOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s PutPermissionPolicyOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type QueryString struct {
// contains filtered or unexported fields
}
Inspect the query string of the web request. This is the part of a URL that appears after a ? character, if any.
This is used only in the FieldToMatch specification for some web request component types.
JSON specification: "QueryString": {}
func (s QueryString) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s QueryString) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type RateBasedStatement struct {
// Setting that indicates how to aggregate the request counts. The options are
// the following:
//
// * IP - Aggregate the request counts on the IP address from the web request
// origin.
//
// * FORWARDED_IP - Aggregate the request counts on the first IP address
// in an HTTP header. If you use this, configure the ForwardedIPConfig, to
// specify the header to use.
//
// AggregateKeyType is a required field
AggregateKeyType *string `type:"string" required:"true" enum:"RateBasedStatementAggregateKeyType"`
// The configuration for inspecting IP addresses in an HTTP header that you
// specify, instead of using the IP address that's reported by the web request
// origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify
// any header name.
//
// If the specified header isn't present in the request, WAF doesn't apply the
// rule to the web request at all.
//
// This is required if AggregateKeyType is set to FORWARDED_IP.
ForwardedIPConfig *ForwardedIPConfig `type:"structure"`
// The limit on requests per 5-minute period for a single originating IP address.
// If the statement includes a ScopeDownStatement, this limit is applied only
// to the requests that match the statement.
//
// Limit is a required field
Limit *int64 `min:"100" type:"long" required:"true"`
// An optional nested statement that narrows the scope of the web requests that
// are evaluated by the rate-based statement. Requests are only tracked by the
// rate-based statement if they match the scope-down statement. You can use
// any nestable Statement in the scope-down statement, and you can nest statements
// at any level, the same as you can for a rule statement.
ScopeDownStatement *Statement `type:"structure"`
// contains filtered or unexported fields
}
A rate-based rule tracks the rate of requests for each originating IP address, and triggers the rule action when the rate exceeds a limit that you specify on the number of requests in any 5-minute time span. You can use this to put a temporary block on requests from an IP address that is sending excessive requests.
WAF tracks and manages web requests separately for each instance of a rate-based rule that you use. For example, if you provide the same rate-based rule settings in two web ACLs, each of the two rule statements represents a separate instance of the rate-based rule and gets its own tracking and management by WAF. If you define a rate-based rule inside a rule group, and then use that rule group in multiple places, each use creates a separate instance of the rate-based rule that gets its own tracking and management by WAF.
When the rule action triggers, WAF blocks additional requests from the IP address until the request rate falls below the limit.
You can optionally nest another statement inside the rate-based statement, to narrow the scope of the rule so that it only counts requests that match the nested statement. For example, based on recent requests that you have seen from an attacker, you might create a rate-based rule with a nested AND rule statement that contains the following nested statements:
An IP match statement with an IP set that specifies the address 192.0.2.44.
A string match statement that searches in the User-Agent header for the string BadBot.
In this rate-based rule, you also define a rate limit. For this example, the rate limit is 1,000. Requests that meet the criteria of both of the nested statements are counted. If the count exceeds 1,000 requests per five minutes, the rule action triggers. Requests that do not meet the criteria of both of the nested statements are not counted towards the rate limit and are not affected by this rule.
You cannot nest a RateBasedStatement inside another statement, for example inside a NotStatement or OrStatement. You can define a RateBasedStatement inside a web ACL and inside a rule group.
func (s RateBasedStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RateBasedStatement) SetAggregateKeyType(v string) *RateBasedStatement
SetAggregateKeyType sets the AggregateKeyType field's value.
func (s *RateBasedStatement) SetForwardedIPConfig(v *ForwardedIPConfig) *RateBasedStatement
SetForwardedIPConfig sets the ForwardedIPConfig field's value.
func (s *RateBasedStatement) SetLimit(v int64) *RateBasedStatement
SetLimit sets the Limit field's value.
func (s *RateBasedStatement) SetScopeDownStatement(v *Statement) *RateBasedStatement
SetScopeDownStatement sets the ScopeDownStatement field's value.
func (s RateBasedStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RateBasedStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type RateBasedStatementManagedKeysIPSet struct {
// The IP addresses that are currently blocked.
Addresses []*string `type:"list"`
// The version of the IP addresses, either IPV4 or IPV6.
IPAddressVersion *string `type:"string" enum:"IPAddressVersion"`
// contains filtered or unexported fields
}
The set of IP addresses that are currently blocked for a RateBasedStatement.
func (s RateBasedStatementManagedKeysIPSet) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RateBasedStatementManagedKeysIPSet) SetAddresses(v []*string) *RateBasedStatementManagedKeysIPSet
SetAddresses sets the Addresses field's value.
func (s *RateBasedStatementManagedKeysIPSet) SetIPAddressVersion(v string) *RateBasedStatementManagedKeysIPSet
SetIPAddressVersion sets the IPAddressVersion field's value.
func (s RateBasedStatementManagedKeysIPSet) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type Regex struct {
// The string representing the regular expression.
RegexString *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
A single regular expression. This is used in a RegexPatternSet.
func (s Regex) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Regex) SetRegexString(v string) *Regex
SetRegexString sets the RegexString field's value.
func (s Regex) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Regex) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type RegexMatchStatement struct {
// The part of the web request that you want WAF to inspect.
//
// FieldToMatch is a required field
FieldToMatch *FieldToMatch `type:"structure" required:"true"`
// The string representing the regular expression.
//
// RegexString is a required field
RegexString *string `min:"1" type:"string" required:"true"`
// Text transformations eliminate some of the unusual formatting that attackers
// use in web requests in an effort to bypass detection. If you specify one
// or more transformations in a rule statement, WAF performs all transformations
// on the content of the request component identified by FieldToMatch, starting
// from the lowest priority setting, before inspecting the content for a match.
//
// TextTransformations is a required field
TextTransformations []*TextTransformation `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
A rule statement used to search web request components for a match against a single regular expression.
func (s RegexMatchStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RegexMatchStatement) SetFieldToMatch(v *FieldToMatch) *RegexMatchStatement
SetFieldToMatch sets the FieldToMatch field's value.
func (s *RegexMatchStatement) SetRegexString(v string) *RegexMatchStatement
SetRegexString sets the RegexString field's value.
func (s *RegexMatchStatement) SetTextTransformations(v []*TextTransformation) *RegexMatchStatement
SetTextTransformations sets the TextTransformations field's value.
func (s RegexMatchStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RegexMatchStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type RegexPatternSet struct {
// The Amazon Resource Name (ARN) of the entity.
ARN *string `min:"20" type:"string"`
// A description of the set that helps with identification.
Description *string `min:"1" type:"string"`
// A unique identifier for the set. This ID is returned in the responses to
// create and list commands. You provide it to operations like update and delete.
Id *string `min:"1" type:"string"`
// The name of the set. You cannot change the name after you create the set.
Name *string `min:"1" type:"string"`
// The regular expression patterns in the set.
RegularExpressionList []*Regex `type:"list"`
// contains filtered or unexported fields
}
Contains one or more regular expressions.
WAF assigns an ARN to each RegexPatternSet that you create. To use a set in a rule, you provide the ARN to the Rule statement RegexPatternSetReferenceStatement.
func (s RegexPatternSet) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RegexPatternSet) SetARN(v string) *RegexPatternSet
SetARN sets the ARN field's value.
func (s *RegexPatternSet) SetDescription(v string) *RegexPatternSet
SetDescription sets the Description field's value.
func (s *RegexPatternSet) SetId(v string) *RegexPatternSet
SetId sets the Id field's value.
func (s *RegexPatternSet) SetName(v string) *RegexPatternSet
SetName sets the Name field's value.
func (s *RegexPatternSet) SetRegularExpressionList(v []*Regex) *RegexPatternSet
SetRegularExpressionList sets the RegularExpressionList field's value.
func (s RegexPatternSet) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type RegexPatternSetReferenceStatement struct {
// The Amazon Resource Name (ARN) of the RegexPatternSet that this statement
// references.
//
// ARN is a required field
ARN *string `min:"20" type:"string" required:"true"`
// The part of the web request that you want WAF to inspect.
//
// FieldToMatch is a required field
FieldToMatch *FieldToMatch `type:"structure" required:"true"`
// Text transformations eliminate some of the unusual formatting that attackers
// use in web requests in an effort to bypass detection. If you specify one
// or more transformations in a rule statement, WAF performs all transformations
// on the content of the request component identified by FieldToMatch, starting
// from the lowest priority setting, before inspecting the content for a match.
//
// TextTransformations is a required field
TextTransformations []*TextTransformation `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
A rule statement used to search web request components for matches with regular expressions. To use this, create a RegexPatternSet that specifies the expressions that you want to detect, then use the ARN of that set in this statement. A web request matches the pattern set rule statement if the request component matches any of the patterns in the set. To create a regex pattern set, see CreateRegexPatternSet.
Each regex pattern set rule statement references a regex pattern set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, WAF automatically updates all rules that reference it.
func (s RegexPatternSetReferenceStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RegexPatternSetReferenceStatement) SetARN(v string) *RegexPatternSetReferenceStatement
SetARN sets the ARN field's value.
func (s *RegexPatternSetReferenceStatement) SetFieldToMatch(v *FieldToMatch) *RegexPatternSetReferenceStatement
SetFieldToMatch sets the FieldToMatch field's value.
func (s *RegexPatternSetReferenceStatement) SetTextTransformations(v []*TextTransformation) *RegexPatternSetReferenceStatement
SetTextTransformations sets the TextTransformations field's value.
func (s RegexPatternSetReferenceStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RegexPatternSetReferenceStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type RegexPatternSetSummary struct {
// The Amazon Resource Name (ARN) of the entity.
ARN *string `min:"20" type:"string"`
// A description of the set that helps with identification.
Description *string `min:"1" type:"string"`
// A unique identifier for the set. This ID is returned in the responses to
// create and list commands. You provide it to operations like update and delete.
Id *string `min:"1" type:"string"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
LockToken *string `min:"1" type:"string"`
// The name of the data type instance. You cannot change the name after you
// create the instance.
Name *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
High-level information about a RegexPatternSet, returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage a RegexPatternSet, and the ARN, that you provide to the RegexPatternSetReferenceStatement to use the pattern set in a Rule.
func (s RegexPatternSetSummary) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RegexPatternSetSummary) SetARN(v string) *RegexPatternSetSummary
SetARN sets the ARN field's value.
func (s *RegexPatternSetSummary) SetDescription(v string) *RegexPatternSetSummary
SetDescription sets the Description field's value.
func (s *RegexPatternSetSummary) SetId(v string) *RegexPatternSetSummary
SetId sets the Id field's value.
func (s *RegexPatternSetSummary) SetLockToken(v string) *RegexPatternSetSummary
SetLockToken sets the LockToken field's value.
func (s *RegexPatternSetSummary) SetName(v string) *RegexPatternSetSummary
SetName sets the Name field's value.
func (s RegexPatternSetSummary) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type ReleaseSummary struct {
// The release version.
ReleaseVersion *string `min:"1" type:"string"`
// The timestamp of the release.
Timestamp *time.Time `type:"timestamp"`
// contains filtered or unexported fields
}
High level information for an SDK release.
func (s ReleaseSummary) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ReleaseSummary) SetReleaseVersion(v string) *ReleaseSummary
SetReleaseVersion sets the ReleaseVersion field's value.
func (s *ReleaseSummary) SetTimestamp(v time.Time) *ReleaseSummary
SetTimestamp sets the Timestamp field's value.
func (s ReleaseSummary) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type RequestInspection struct {
// Details about your login page password field.
//
// How you specify this depends on the payload type.
//
// * For JSON payloads, specify the field name in JSON pointer syntax. For
// information about the JSON Pointer syntax, see the Internet Engineering
// Task Force (IETF) documentation JavaScript Object Notation (JSON) Pointer
// (https://tools.ietf.org/html/rfc6901). For example, for the JSON payload
// { "login": { "username": "THE_USERNAME", "password": "THE_PASSWORD" }
// }, the username field specification is /login/username and the password
// field specification is /login/password.
//
// * For form encoded payload types, use the HTML form names. For example,
// for an HTML form with input elements named username1 and password1, the
// username field specification is username1 and the password field specification
// is password1.
//
// PasswordField is a required field
PasswordField *PasswordField `type:"structure" required:"true"`
// The payload type for your login endpoint, either JSON or form encoded.
//
// PayloadType is a required field
PayloadType *string `type:"string" required:"true" enum:"PayloadType"`
// Details about your login page username field.
//
// How you specify this depends on the payload type.
//
// * For JSON payloads, specify the field name in JSON pointer syntax. For
// information about the JSON Pointer syntax, see the Internet Engineering
// Task Force (IETF) documentation JavaScript Object Notation (JSON) Pointer
// (https://tools.ietf.org/html/rfc6901). For example, for the JSON payload
// { "login": { "username": "THE_USERNAME", "password": "THE_PASSWORD" }
// }, the username field specification is /login/username and the password
// field specification is /login/password.
//
// * For form encoded payload types, use the HTML form names. For example,
// for an HTML form with input elements named username1 and password1, the
// username field specification is username1 and the password field specification
// is password1.
//
// UsernameField is a required field
UsernameField *UsernameField `type:"structure" required:"true"`
// contains filtered or unexported fields
}
The criteria for inspecting login requests, used by the ATP rule group to validate credentials usage.
This is part of the AWSManagedRulesATPRuleSet configuration in ManagedRuleGroupConfig.
In these settings, you specify how your application accepts login attempts by providing the request payload type and the names of the fields within the request body where the username and password are provided.
func (s RequestInspection) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RequestInspection) SetPasswordField(v *PasswordField) *RequestInspection
SetPasswordField sets the PasswordField field's value.
func (s *RequestInspection) SetPayloadType(v string) *RequestInspection
SetPayloadType sets the PayloadType field's value.
func (s *RequestInspection) SetUsernameField(v *UsernameField) *RequestInspection
SetUsernameField sets the UsernameField field's value.
func (s RequestInspection) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RequestInspection) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ResponseInspection struct {
// Configures inspection of the response body. WAF can inspect the first 65,536
// bytes (64 KB) of the response body.
BodyContains *ResponseInspectionBodyContains `type:"structure"`
// Configures inspection of the response header.
Header *ResponseInspectionHeader `type:"structure"`
// Configures inspection of the response JSON. WAF can inspect the first 65,536
// bytes (64 KB) of the response JSON.
Json *ResponseInspectionJson `type:"structure"`
// Configures inspection of the response status code.
StatusCode *ResponseInspectionStatusCode `type:"structure"`
// contains filtered or unexported fields
}
The criteria for inspecting responses to login requests, used by the ATP rule group to track login failure rates.
The ATP rule group evaluates the responses that your protected resources send back to client login attempts, keeping count of successful and failed attempts from each IP address and client session. Using this information, the rule group labels and mitigates requests from client sessions and IP addresses that submit too many failed login attempts in a short amount of time.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
This is part of the AWSManagedRulesATPRuleSet configuration in ManagedRuleGroupConfig.
Enable login response inspection by configuring exactly one component of the response to inspect. You can't configure more than one. If you don't configure any of the response inspection options, response inspection is disabled.
func (s ResponseInspection) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResponseInspection) SetBodyContains(v *ResponseInspectionBodyContains) *ResponseInspection
SetBodyContains sets the BodyContains field's value.
func (s *ResponseInspection) SetHeader(v *ResponseInspectionHeader) *ResponseInspection
SetHeader sets the Header field's value.
func (s *ResponseInspection) SetJson(v *ResponseInspectionJson) *ResponseInspection
SetJson sets the Json field's value.
func (s *ResponseInspection) SetStatusCode(v *ResponseInspectionStatusCode) *ResponseInspection
SetStatusCode sets the StatusCode field's value.
func (s ResponseInspection) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResponseInspection) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ResponseInspectionBodyContains struct {
// Strings in the body of the response that indicate a failed login attempt.
// To be counted as a failed login, the string can be anywhere in the body and
// must be an exact match, including case. Each string must be unique among
// the success and failure strings.
//
// JSON example: "FailureStrings": [ "Login failed" ]
//
// FailureStrings is a required field
FailureStrings []*string `min:"1" type:"list" required:"true"`
// Strings in the body of the response that indicate a successful login attempt.
// To be counted as a successful login, the string can be anywhere in the body
// and must be an exact match, including case. Each string must be unique among
// the success and failure strings.
//
// JSON example: "SuccessStrings": [ "Login successful", "Welcome to our site!"
// ]
//
// SuccessStrings is a required field
SuccessStrings []*string `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
Configures inspection of the response body. WAF can inspect the first 65,536 bytes (64 KB) of the response body. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
func (s ResponseInspectionBodyContains) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResponseInspectionBodyContains) SetFailureStrings(v []*string) *ResponseInspectionBodyContains
SetFailureStrings sets the FailureStrings field's value.
func (s *ResponseInspectionBodyContains) SetSuccessStrings(v []*string) *ResponseInspectionBodyContains
SetSuccessStrings sets the SuccessStrings field's value.
func (s ResponseInspectionBodyContains) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResponseInspectionBodyContains) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ResponseInspectionHeader struct {
// Values in the response header with the specified name that indicate a failed
// login attempt. To be counted as a failed login, the value must be an exact
// match, including case. Each value must be unique among the success and failure
// values.
//
// JSON example: "FailureValues": [ "LoginFailed", "Failed login" ]
//
// FailureValues is a required field
FailureValues []*string `min:"1" type:"list" required:"true"`
// The name of the header to match against. The name must be an exact match,
// including case.
//
// JSON example: "Name": [ "LoginResult" ]
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// Values in the response header with the specified name that indicate a successful
// login attempt. To be counted as a successful login, the value must be an
// exact match, including case. Each value must be unique among the success
// and failure values.
//
// JSON example: "SuccessValues": [ "LoginPassed", "Successful login" ]
//
// SuccessValues is a required field
SuccessValues []*string `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
Configures inspection of the response header. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
func (s ResponseInspectionHeader) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResponseInspectionHeader) SetFailureValues(v []*string) *ResponseInspectionHeader
SetFailureValues sets the FailureValues field's value.
func (s *ResponseInspectionHeader) SetName(v string) *ResponseInspectionHeader
SetName sets the Name field's value.
func (s *ResponseInspectionHeader) SetSuccessValues(v []*string) *ResponseInspectionHeader
SetSuccessValues sets the SuccessValues field's value.
func (s ResponseInspectionHeader) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResponseInspectionHeader) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ResponseInspectionJson struct {
// Values for the specified identifier in the response JSON that indicate a
// failed login attempt. To be counted as a failed login, the value must be
// an exact match, including case. Each value must be unique among the success
// and failure values.
//
// JSON example: "FailureValues": [ "False", "Failed" ]
//
// FailureValues is a required field
FailureValues []*string `min:"1" type:"list" required:"true"`
// The identifier for the value to match against in the JSON. The identifier
// must be an exact match, including case.
//
// JSON example: "Identifier": [ "/login/success" ]
//
// Identifier is a required field
Identifier *string `min:"1" type:"string" required:"true"`
// Values for the specified identifier in the response JSON that indicate a
// successful login attempt. To be counted as a successful login, the value
// must be an exact match, including case. Each value must be unique among the
// success and failure values.
//
// JSON example: "SuccessValues": [ "True", "Succeeded" ]
//
// SuccessValues is a required field
SuccessValues []*string `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
Configures inspection of the response JSON. WAF can inspect the first 65,536 bytes (64 KB) of the response JSON. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
func (s ResponseInspectionJson) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResponseInspectionJson) SetFailureValues(v []*string) *ResponseInspectionJson
SetFailureValues sets the FailureValues field's value.
func (s *ResponseInspectionJson) SetIdentifier(v string) *ResponseInspectionJson
SetIdentifier sets the Identifier field's value.
func (s *ResponseInspectionJson) SetSuccessValues(v []*string) *ResponseInspectionJson
SetSuccessValues sets the SuccessValues field's value.
func (s ResponseInspectionJson) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResponseInspectionJson) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type ResponseInspectionStatusCode struct {
// Status codes in the response that indicate a failed login attempt. To be
// counted as a failed login, the response status code must match one of these.
// Each code must be unique among the success and failure status codes.
//
// JSON example: "FailureCodes": [ 400, 404 ]
//
// FailureCodes is a required field
FailureCodes []*int64 `min:"1" type:"list" required:"true"`
// Status codes in the response that indicate a successful login attempt. To
// be counted as a successful login, the response status code must match one
// of these. Each code must be unique among the success and failure status codes.
//
// JSON example: "SuccessCodes": [ 200, 201 ]
//
// SuccessCodes is a required field
SuccessCodes []*int64 `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
Configures inspection of the response status code. This is part of the ResponseInspection configuration for AWSManagedRulesATPRuleSet.
Response inspection is available only in web ACLs that protect Amazon CloudFront distributions.
func (s ResponseInspectionStatusCode) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResponseInspectionStatusCode) SetFailureCodes(v []*int64) *ResponseInspectionStatusCode
SetFailureCodes sets the FailureCodes field's value.
func (s *ResponseInspectionStatusCode) SetSuccessCodes(v []*int64) *ResponseInspectionStatusCode
SetSuccessCodes sets the SuccessCodes field's value.
func (s ResponseInspectionStatusCode) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *ResponseInspectionStatusCode) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type Rule struct {
// The action that WAF should take on a web request when it matches the rule
// statement. Settings at the web ACL level can override the rule action setting.
//
// This is used only for rules whose statements do not reference a rule group.
// Rule statements that reference a rule group include RuleGroupReferenceStatement
// and ManagedRuleGroupStatement.
//
// You must specify either this Action setting or the rule OverrideAction setting,
// but not both:
//
// * If the rule statement does not reference a rule group, use this rule
// action setting and not the rule override action setting.
//
// * If the rule statement references a rule group, use the override action
// setting and not this action setting.
Action *RuleAction `type:"structure"`
// Specifies how WAF should handle CAPTCHA evaluations. If you don't specify
// this, WAF uses the CAPTCHA configuration that's defined for the web ACL.
CaptchaConfig *CaptchaConfig `type:"structure"`
// Specifies how WAF should handle Challenge evaluations. If you don't specify
// this, WAF uses the challenge configuration that's defined for the web ACL.
ChallengeConfig *ChallengeConfig `type:"structure"`
// The name of the rule. You can't change the name of a Rule after you create
// it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// The action to use in the place of the action that results from the rule group
// evaluation. Set the override action to none to leave the result of the rule
// group alone. Set it to count to override the result to count only.
//
// You can only use this for rule statements that reference a rule group, like
// RuleGroupReferenceStatement and ManagedRuleGroupStatement.
//
// This option is usually set to none. It does not affect how the rules in the
// rule group are evaluated. If you want the rules in the rule group to only
// count matches, do not use this and instead use the rule action override option,
// with Count action, in your rule group reference statement settings.
OverrideAction *OverrideAction `type:"structure"`
// If you define more than one Rule in a WebACL, WAF evaluates each request
// against the Rules in order based on the value of Priority. WAF processes
// rules with lower priority first. The priorities don't need to be consecutive,
// but they must all be different.
//
// Priority is a required field
Priority *int64 `type:"integer" required:"true"`
// Labels to apply to web requests that match the rule match statement. WAF
// applies fully qualified labels to matching web requests. A fully qualified
// label is the concatenation of a label namespace and a rule label. The rule's
// rule group or web ACL defines the label namespace.
//
// Rules that run after this rule in the web ACL can match against these labels
// using a LabelMatchStatement.
//
// For each label, provide a case-sensitive string containing optional namespaces
// and a label name, according to the following guidelines:
//
// * Separate each component of the label with a colon.
//
// * Each namespace or name can have up to 128 characters.
//
// * You can specify up to 5 namespaces in a label.
//
// * Don't use the following reserved words in your label specification:
// aws, waf, managed, rulegroup, webacl, regexpatternset, or ipset.
//
// For example, myLabelName or nameSpace1:nameSpace2:myLabelName.
RuleLabels []*Label `type:"list"`
// The WAF processing statement for the rule, for example ByteMatchStatement
// or SizeConstraintStatement.
//
// Statement is a required field
Statement *Statement `type:"structure" required:"true"`
// Defines and enables Amazon CloudWatch metrics and web request sample collection.
//
// VisibilityConfig is a required field
VisibilityConfig *VisibilityConfig `type:"structure" required:"true"`
// contains filtered or unexported fields
}
A single rule, which you can use in a WebACL or RuleGroup to identify web requests that you want to allow, block, or count. Each rule includes one top-level Statement that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.
func (s Rule) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Rule) SetAction(v *RuleAction) *Rule
SetAction sets the Action field's value.
func (s *Rule) SetCaptchaConfig(v *CaptchaConfig) *Rule
SetCaptchaConfig sets the CaptchaConfig field's value.
func (s *Rule) SetChallengeConfig(v *ChallengeConfig) *Rule
SetChallengeConfig sets the ChallengeConfig field's value.
func (s *Rule) SetName(v string) *Rule
SetName sets the Name field's value.
func (s *Rule) SetOverrideAction(v *OverrideAction) *Rule
SetOverrideAction sets the OverrideAction field's value.
func (s *Rule) SetPriority(v int64) *Rule
SetPriority sets the Priority field's value.
func (s *Rule) SetRuleLabels(v []*Label) *Rule
SetRuleLabels sets the RuleLabels field's value.
func (s *Rule) SetStatement(v *Statement) *Rule
SetStatement sets the Statement field's value.
func (s *Rule) SetVisibilityConfig(v *VisibilityConfig) *Rule
SetVisibilityConfig sets the VisibilityConfig field's value.
func (s Rule) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Rule) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type RuleAction struct {
// Instructs WAF to allow the web request.
Allow *AllowAction `type:"structure"`
// Instructs WAF to block the web request.
Block *BlockAction `type:"structure"`
// Instructs WAF to run a CAPTCHA check against the web request.
Captcha *CaptchaAction `type:"structure"`
// Instructs WAF to run a Challenge check against the web request.
Challenge *ChallengeAction `type:"structure"`
// Instructs WAF to count the web request and then continue evaluating the request
// using the remaining rules in the web ACL.
Count *CountAction `type:"structure"`
// contains filtered or unexported fields
}
The action that WAF should take on a web request when it matches a rule's statement. Settings at the web ACL level can override the rule action setting.
func (s RuleAction) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RuleAction) SetAllow(v *AllowAction) *RuleAction
SetAllow sets the Allow field's value.
func (s *RuleAction) SetBlock(v *BlockAction) *RuleAction
SetBlock sets the Block field's value.
func (s *RuleAction) SetCaptcha(v *CaptchaAction) *RuleAction
SetCaptcha sets the Captcha field's value.
func (s *RuleAction) SetChallenge(v *ChallengeAction) *RuleAction
SetChallenge sets the Challenge field's value.
func (s *RuleAction) SetCount(v *CountAction) *RuleAction
SetCount sets the Count field's value.
func (s RuleAction) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RuleAction) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type RuleActionOverride struct {
// The override action to use, in place of the configured action of the rule
// in the rule group.
//
// ActionToUse is a required field
ActionToUse *RuleAction `type:"structure" required:"true"`
// The name of the rule to override.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
Action setting to use in the place of a rule action that is configured inside the rule group. You specify one override for each rule whose action you want to change.
You can use overrides for testing, for example you can override all of rule actions to Count and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.
func (s RuleActionOverride) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RuleActionOverride) SetActionToUse(v *RuleAction) *RuleActionOverride
SetActionToUse sets the ActionToUse field's value.
func (s *RuleActionOverride) SetName(v string) *RuleActionOverride
SetName sets the Name field's value.
func (s RuleActionOverride) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RuleActionOverride) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type RuleGroup struct {
// The Amazon Resource Name (ARN) of the entity.
//
// ARN is a required field
ARN *string `min:"20" type:"string" required:"true"`
// The labels that one or more rules in this rule group add to matching web
// requests. These labels are defined in the RuleLabels for a Rule.
AvailableLabels []*LabelSummary `type:"list"`
// The web ACL capacity units (WCUs) required for this rule group.
//
// When you create your own rule group, you define this, and you cannot change
// it after creation. When you add or modify the rules in a rule group, WAF
// enforces this limit. You can check the capacity for a set of rules using
// CheckCapacity.
//
// WAF uses WCUs to calculate and control the operating resources that are used
// to run your rules, rule groups, and web ACLs. WAF calculates capacity differently
// for each rule type, to reflect the relative cost of each rule. Simple rules
// that cost little to run use fewer WCUs than more complex rules that use more
// processing power. Rule group capacity is fixed at creation, which helps users
// plan their web ACL WCU usage when they use a rule group. The WCU limit for
// web ACLs is 1,500.
//
// Capacity is a required field
Capacity *int64 `min:"1" type:"long" required:"true"`
// The labels that one or more rules in this rule group match against in label
// match statements. These labels are defined in a LabelMatchStatement specification,
// in the Statement definition of a rule.
ConsumedLabels []*LabelSummary `type:"list"`
// A map of custom response keys and content bodies. When you create a rule
// with a block action, you can send a custom response to the web request. You
// define these for the rule group, and then use them in the rules that you
// define in the rule group.
//
// For information about customizing web requests and responses, see Customizing
// web requests and responses in WAF (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
// in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
//
// For information about the limits on count and size for custom request and
// response settings, see WAF quotas (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html)
// in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
CustomResponseBodies map[string]*CustomResponseBody `min:"1" type:"map"`
// A description of the rule group that helps with identification.
Description *string `min:"1" type:"string"`
// A unique identifier for the rule group. This ID is returned in the responses
// to create and list commands. You provide it to operations like update and
// delete.
//
// Id is a required field
Id *string `min:"1" type:"string" required:"true"`
// The label namespace prefix for this rule group. All labels added by rules
// in this rule group have this prefix.
//
// * The syntax for the label namespace prefix for your rule groups is the
// following: awswaf:<account ID>:rulegroup:<rule group name>:
//
// * When a rule with a label matches a web request, WAF adds the fully qualified
// label to the request. A fully qualified label is made up of the label
// namespace from the rule group or web ACL where the rule is defined and
// the label from the rule, separated by a colon: <label namespace>:<label
// from rule>
LabelNamespace *string `min:"1" type:"string"`
// The name of the rule group. You cannot change the name of a rule group after
// you create it.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// The Rule statements used to identify the web requests that you want to allow,
// block, or count. Each rule includes one top-level statement that WAF uses
// to identify matching web requests, and parameters that govern how WAF handles
// them.
Rules []*Rule `type:"list"`
// Defines and enables Amazon CloudWatch metrics and web request sample collection.
//
// VisibilityConfig is a required field
VisibilityConfig *VisibilityConfig `type:"structure" required:"true"`
// contains filtered or unexported fields
}
A rule group defines a collection of rules to inspect and control web requests that you can use in a WebACL. When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements.
func (s RuleGroup) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RuleGroup) SetARN(v string) *RuleGroup
SetARN sets the ARN field's value.
func (s *RuleGroup) SetAvailableLabels(v []*LabelSummary) *RuleGroup
SetAvailableLabels sets the AvailableLabels field's value.
func (s *RuleGroup) SetCapacity(v int64) *RuleGroup
SetCapacity sets the Capacity field's value.
func (s *RuleGroup) SetConsumedLabels(v []*LabelSummary) *RuleGroup
SetConsumedLabels sets the ConsumedLabels field's value.
func (s *RuleGroup) SetCustomResponseBodies(v map[string]*CustomResponseBody) *RuleGroup
SetCustomResponseBodies sets the CustomResponseBodies field's value.
func (s *RuleGroup) SetDescription(v string) *RuleGroup
SetDescription sets the Description field's value.
func (s *RuleGroup) SetId(v string) *RuleGroup
SetId sets the Id field's value.
func (s *RuleGroup) SetLabelNamespace(v string) *RuleGroup
SetLabelNamespace sets the LabelNamespace field's value.
func (s *RuleGroup) SetName(v string) *RuleGroup
SetName sets the Name field's value.
func (s *RuleGroup) SetRules(v []*Rule) *RuleGroup
SetRules sets the Rules field's value.
func (s *RuleGroup) SetVisibilityConfig(v *VisibilityConfig) *RuleGroup
SetVisibilityConfig sets the VisibilityConfig field's value.
func (s RuleGroup) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type RuleGroupReferenceStatement struct {
// The Amazon Resource Name (ARN) of the entity.
//
// ARN is a required field
ARN *string `min:"20" type:"string" required:"true"`
// Rules in the referenced rule group whose actions are set to Count.
//
// Instead of this option, use RuleActionOverrides. It accepts any valid action
// setting, including Count.
ExcludedRules []*ExcludedRule `type:"list"`
// Action settings to use in the place of the rule actions that are configured
// inside the rule group. You specify one override for each rule whose action
// you want to change.
//
// You can use overrides for testing, for example you can override all of rule
// actions to Count and then monitor the resulting count metrics to understand
// how the rule group would handle your web traffic. You can also permanently
// override some or all actions, to modify how the rule group manages your web
// traffic.
RuleActionOverrides []*RuleActionOverride `min:"1" type:"list"`
// contains filtered or unexported fields
}
A rule statement used to run the rules that are defined in a RuleGroup. To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.
You cannot nest a RuleGroupReferenceStatement, for example for use inside a NotStatement or OrStatement. You can only use a rule group reference statement at the top level inside a web ACL.
func (s RuleGroupReferenceStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RuleGroupReferenceStatement) SetARN(v string) *RuleGroupReferenceStatement
SetARN sets the ARN field's value.
func (s *RuleGroupReferenceStatement) SetExcludedRules(v []*ExcludedRule) *RuleGroupReferenceStatement
SetExcludedRules sets the ExcludedRules field's value.
func (s *RuleGroupReferenceStatement) SetRuleActionOverrides(v []*RuleActionOverride) *RuleGroupReferenceStatement
SetRuleActionOverrides sets the RuleActionOverrides field's value.
func (s RuleGroupReferenceStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RuleGroupReferenceStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type RuleGroupSummary struct {
// The Amazon Resource Name (ARN) of the entity.
ARN *string `min:"20" type:"string"`
// A description of the rule group that helps with identification.
Description *string `min:"1" type:"string"`
// A unique identifier for the rule group. This ID is returned in the responses
// to create and list commands. You provide it to operations like update and
// delete.
Id *string `min:"1" type:"string"`
// A token used for optimistic locking. WAF returns a token to your get and
// list requests, to mark the state of the entity at the time of the request.
// To make changes to the entity associated with the token, you provide the
// token to operations like update and delete. WAF uses the token to ensure
// that no changes have been made to the entity since you last retrieved it.
// If a change has been made, the update fails with a WAFOptimisticLockException.
// If this happens, perform another get, and use the new token returned by that
// operation.
LockToken *string `min:"1" type:"string"`
// The name of the data type instance. You cannot change the name after you
// create the instance.
Name *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
High-level information about a RuleGroup, returned by operations like create and list. This provides information like the ID, that you can use to retrieve and manage a RuleGroup, and the ARN, that you provide to the RuleGroupReferenceStatement to use the rule group in a Rule.
func (s RuleGroupSummary) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RuleGroupSummary) SetARN(v string) *RuleGroupSummary
SetARN sets the ARN field's value.
func (s *RuleGroupSummary) SetDescription(v string) *RuleGroupSummary
SetDescription sets the Description field's value.
func (s *RuleGroupSummary) SetId(v string) *RuleGroupSummary
SetId sets the Id field's value.
func (s *RuleGroupSummary) SetLockToken(v string) *RuleGroupSummary
SetLockToken sets the LockToken field's value.
func (s *RuleGroupSummary) SetName(v string) *RuleGroupSummary
SetName sets the Name field's value.
func (s RuleGroupSummary) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type RuleSummary struct {
// The action that WAF should take on a web request when it matches a rule's
// statement. Settings at the web ACL level can override the rule action setting.
Action *RuleAction `type:"structure"`
// The name of the rule.
Name *string `min:"1" type:"string"`
// contains filtered or unexported fields
}
High-level information about a Rule, returned by operations like DescribeManagedRuleGroup. This provides information like the ID, that you can use to retrieve and manage a RuleGroup, and the ARN, that you provide to the RuleGroupReferenceStatement to use the rule group in a Rule.
func (s RuleSummary) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *RuleSummary) SetAction(v *RuleAction) *RuleSummary
SetAction sets the Action field's value.
func (s *RuleSummary) SetName(v string) *RuleSummary
SetName sets the Name field's value.
func (s RuleSummary) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type SampledHTTPRequest struct {
// The action that WAF applied to the request.
Action *string `type:"string"`
// The CAPTCHA response for the request.
CaptchaResponse *CaptchaResponse `type:"structure"`
// The Challenge response for the request.
ChallengeResponse *ChallengeResponse `type:"structure"`
// Labels applied to the web request by matching rules. WAF applies fully qualified
// labels to matching web requests. A fully qualified label is the concatenation
// of a label namespace and a rule label. The rule's rule group or web ACL defines
// the label namespace.
//
// For example, awswaf:111122223333:myRuleGroup:testRules:testNS1:testNS2:labelNameA
// or awswaf:managed:aws:managed-rule-set:header:encoding:utf8.
Labels []*Label `type:"list"`
// Used only for rule group rules that have a rule action override in place
// in the web ACL. This is the action that the rule group rule is configured
// for, and not the action that was applied to the request. The action that
// WAF applied is the Action value.
OverriddenAction *string `type:"string"`
// A complex type that contains detailed information about the request.
//
// Request is a required field
Request *HTTPRequest `type:"structure" required:"true"`
// Custom request headers inserted by WAF into the request, according to the
// custom request configuration for the matching rule action.
RequestHeadersInserted []*HTTPHeader `type:"list"`
// The response code that was sent for the request.
ResponseCodeSent *int64 `min:"200" type:"integer"`
// The name of the Rule that the request matched. For managed rule groups, the
// format for this name is <vendor name>#<managed rule group name>#<rule name>.
// For your own rule groups, the format for this name is <rule group name>#<rule
// name>. If the rule is not in a rule group, this field is absent.
RuleNameWithinRuleGroup *string `min:"1" type:"string"`
// The time at which WAF received the request from your Amazon Web Services
// resource, in Unix time format (in seconds).
Timestamp *time.Time `type:"timestamp"`
// A value that indicates how one result in the response relates proportionally
// to other results in the response. For example, a result that has a weight
// of 2 represents roughly twice as many web requests as a result that has a
// weight of 1.
//
// Weight is a required field
Weight *int64 `type:"long" required:"true"`
// contains filtered or unexported fields
}
Represents a single sampled web request. The response from GetSampledRequests includes a SampledHTTPRequests complex type that appears as SampledRequests in the response syntax. SampledHTTPRequests contains an array of SampledHTTPRequest objects.
func (s SampledHTTPRequest) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *SampledHTTPRequest) SetAction(v string) *SampledHTTPRequest
SetAction sets the Action field's value.
func (s *SampledHTTPRequest) SetCaptchaResponse(v *CaptchaResponse) *SampledHTTPRequest
SetCaptchaResponse sets the CaptchaResponse field's value.
func (s *SampledHTTPRequest) SetChallengeResponse(v *ChallengeResponse) *SampledHTTPRequest
SetChallengeResponse sets the ChallengeResponse field's value.
func (s *SampledHTTPRequest) SetLabels(v []*Label) *SampledHTTPRequest
SetLabels sets the Labels field's value.
func (s *SampledHTTPRequest) SetOverriddenAction(v string) *SampledHTTPRequest
SetOverriddenAction sets the OverriddenAction field's value.
func (s *SampledHTTPRequest) SetRequest(v *HTTPRequest) *SampledHTTPRequest
SetRequest sets the Request field's value.
func (s *SampledHTTPRequest) SetRequestHeadersInserted(v []*HTTPHeader) *SampledHTTPRequest
SetRequestHeadersInserted sets the RequestHeadersInserted field's value.
func (s *SampledHTTPRequest) SetResponseCodeSent(v int64) *SampledHTTPRequest
SetResponseCodeSent sets the ResponseCodeSent field's value.
func (s *SampledHTTPRequest) SetRuleNameWithinRuleGroup(v string) *SampledHTTPRequest
SetRuleNameWithinRuleGroup sets the RuleNameWithinRuleGroup field's value.
func (s *SampledHTTPRequest) SetTimestamp(v time.Time) *SampledHTTPRequest
SetTimestamp sets the Timestamp field's value.
func (s *SampledHTTPRequest) SetWeight(v int64) *SampledHTTPRequest
SetWeight sets the Weight field's value.
func (s SampledHTTPRequest) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type SingleHeader struct {
// The name of the query header to inspect.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
Inspect one of the headers in the web request, identified by name, for example, User-Agent or Referer. The name isn't case sensitive.
You can filter and inspect all headers with the FieldToMatch setting Headers.
This is used to indicate the web request component to inspect, in the FieldToMatch specification.
Example JSON: "SingleHeader": { "Name": "haystack" }
func (s SingleHeader) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *SingleHeader) SetName(v string) *SingleHeader
SetName sets the Name field's value.
func (s SingleHeader) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *SingleHeader) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type SingleQueryArgument struct {
// The name of the query argument to inspect.
//
// Name is a required field
Name *string `min:"1" type:"string" required:"true"`
// contains filtered or unexported fields
}
Inspect one query argument in the web request, identified by name, for example UserName or SalesRegion. The name isn't case sensitive.
This is used to indicate the web request component to inspect, in the FieldToMatch specification.
Example JSON: "SingleQueryArgument": { "Name": "myArgument" }
func (s SingleQueryArgument) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *SingleQueryArgument) SetName(v string) *SingleQueryArgument
SetName sets the Name field's value.
func (s SingleQueryArgument) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *SingleQueryArgument) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type SizeConstraintStatement struct {
// The operator to use to compare the request part to the size setting.
//
// ComparisonOperator is a required field
ComparisonOperator *string `type:"string" required:"true" enum:"ComparisonOperator"`
// The part of the web request that you want WAF to inspect.
//
// FieldToMatch is a required field
FieldToMatch *FieldToMatch `type:"structure" required:"true"`
// The size, in byte, to compare to the request part, after any transformations.
//
// Size is a required field
Size *int64 `type:"long" required:"true"`
// Text transformations eliminate some of the unusual formatting that attackers
// use in web requests in an effort to bypass detection. If you specify one
// or more transformations in a rule statement, WAF performs all transformations
// on the content of the request component identified by FieldToMatch, starting
// from the lowest priority setting, before inspecting the content for a match.
//
// TextTransformations is a required field
TextTransformations []*TextTransformation `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.
If you configure WAF to inspect the request body, WAF inspects only the first 8192 bytes (8 KB). If the request body for your web requests never exceeds 8192 bytes, you could use a size constraint statement to block requests that have a request body greater than 8192 bytes.
If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI /logo.jpg is nine characters long.
func (s SizeConstraintStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *SizeConstraintStatement) SetComparisonOperator(v string) *SizeConstraintStatement
SetComparisonOperator sets the ComparisonOperator field's value.
func (s *SizeConstraintStatement) SetFieldToMatch(v *FieldToMatch) *SizeConstraintStatement
SetFieldToMatch sets the FieldToMatch field's value.
func (s *SizeConstraintStatement) SetSize(v int64) *SizeConstraintStatement
SetSize sets the Size field's value.
func (s *SizeConstraintStatement) SetTextTransformations(v []*TextTransformation) *SizeConstraintStatement
SetTextTransformations sets the TextTransformations field's value.
func (s SizeConstraintStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *SizeConstraintStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type SqliMatchStatement struct {
// The part of the web request that you want WAF to inspect.
//
// FieldToMatch is a required field
FieldToMatch *FieldToMatch `type:"structure" required:"true"`
// The sensitivity that you want WAF to use to inspect for SQL injection attacks.
//
// HIGH detects more attacks, but might generate more false positives, especially
// if your web requests frequently contain unusual strings. For information
// about identifying and mitigating false positives, see Testing and tuning
// (https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-testing.html)
// in the WAF Developer Guide.
//
// LOW is generally a better choice for resources that already have other protections
// against SQL injection attacks or that have a low tolerance for false positives.
//
// Default: LOW
SensitivityLevel *string `type:"string" enum:"SensitivityLevel"`
// Text transformations eliminate some of the unusual formatting that attackers
// use in web requests in an effort to bypass detection. If you specify one
// or more transformations in a rule statement, WAF performs all transformations
// on the content of the request component identified by FieldToMatch, starting
// from the lowest priority setting, before inspecting the content for a match.
//
// TextTransformations is a required field
TextTransformations []*TextTransformation `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
A rule statement that inspects for malicious SQL code. Attackers insert malicious SQL code into web requests to do things like modify your database or extract data from it.
func (s SqliMatchStatement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *SqliMatchStatement) SetFieldToMatch(v *FieldToMatch) *SqliMatchStatement
SetFieldToMatch sets the FieldToMatch field's value.
func (s *SqliMatchStatement) SetSensitivityLevel(v string) *SqliMatchStatement
SetSensitivityLevel sets the SensitivityLevel field's value.
func (s *SqliMatchStatement) SetTextTransformations(v []*TextTransformation) *SqliMatchStatement
SetTextTransformations sets the TextTransformations field's value.
func (s SqliMatchStatement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *SqliMatchStatement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type Statement struct {
// A logical rule statement used to combine other rule statements with AND logic.
// You provide more than one Statement within the AndStatement.
AndStatement *AndStatement `type:"structure"`
// A rule statement that defines a string match search for WAF to apply to web
// requests. The byte match statement provides the bytes to search for, the
// location in requests that you want WAF to search, and other settings. The
// bytes to search for are typically a string that corresponds with ASCII characters.
// In the WAF console and the developer guide, this is called a string match
// statement.
ByteMatchStatement *ByteMatchStatement `type:"structure"`
// A rule statement that labels web requests by country and region and that
// matches against web requests based on country code. A geo match rule labels
// every request that it inspects regardless of whether it finds a match.
//
// * To manage requests only by country, you can use this statement by itself
// and specify the countries that you want to match against in the CountryCodes
// array.
//
// * Otherwise, configure your geo match rule with Count action so that it
// only labels requests. Then, add one or more label match rules to run after
// the geo match rule and configure them to match against the geographic
// labels and handle the requests as needed.
//
// WAF labels requests using the alpha-2 country and region codes from the International
// Organization for Standardization (ISO) 3166 standard. WAF determines the
// codes using either the IP address in the web request origin or, if you specify
// it, the address in the geo match ForwardedIPConfig.
//
// If you use the web request origin, the label formats are awswaf:clientip:geo:region:<ISO
// country code>-<ISO region code> and awswaf:clientip:geo:country:<ISO country
// code>.
//
// If you use a forwarded IP address, the label formats are awswaf:forwardedip:geo:region:<ISO
// country code>-<ISO region code> and awswaf:forwardedip:geo:country:<ISO country
// code>.
//
// For additional details, see Geographic match rule statement (https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-geo-match.html)
// in the WAF Developer Guide (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
GeoMatchStatement *GeoMatchStatement `type:"structure"`
// A rule statement used to detect web requests coming from particular IP addresses
// or address ranges. To use this, create an IPSet that specifies the addresses
// you want to detect, then use the ARN of that set in this statement. To create
// an IP set, see CreateIPSet.
//
// Each IP set rule statement references an IP set. You create and maintain
// the set independent of your rules. This allows you to use the single set
// in multiple rules. When you update the referenced set, WAF automatically
// updates all rules that reference it.
IPSetReferenceStatement *IPSetReferenceStatement `type:"structure"`
// A rule statement to match against labels that have been added to the web
// request by rules that have already run in the web ACL.
//
// The label match statement provides the label or namespace string to search
// for. The label string can represent a part or all of the fully qualified
// label name that had been added to the web request. Fully qualified labels
// have a prefix, optional namespaces, and label name. The prefix identifies
// the rule group or web ACL context of the rule that added the label. If you
// do not provide the fully qualified name in your label match string, WAF performs
// the search for labels that were added in the same context as the label match
// statement.
LabelMatchStatement *LabelMatchStatement `type:"structure"`
// A rule statement used to run the rules that are defined in a managed rule
// group. To use this, provide the vendor name and the name of the rule group
// in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.
//
// You cannot nest a ManagedRuleGroupStatement, for example for use inside a
// NotStatement or OrStatement. It can only be referenced as a top-level statement
// within a rule.
//
// You are charged additional fees when you use the WAF Bot Control managed
// rule group AWSManagedRulesBotControlRuleSet or the WAF Fraud Control account
// takeover prevention (ATP) managed rule group AWSManagedRulesATPRuleSet. For
// more information, see WAF Pricing (http://aws.amazon.com/waf/pricing/).
ManagedRuleGroupStatement *ManagedRuleGroupStatement `type:"structure"`
// A logical rule statement used to negate the results of another rule statement.
// You provide one Statement within the NotStatement.
NotStatement *NotStatement `type:"structure"`
// A logical rule statement used to combine other rule statements with OR logic.
// You provide more than one Statement within the OrStatement.
OrStatement *OrStatement `type:"structure"`
// A rate-based rule tracks the rate of requests for each originating IP address,
// and triggers the rule action when the rate exceeds a limit that you specify
// on the number of requests in any 5-minute time span. You can use this to
// put a temporary block on requests from an IP address that is sending excessive
// requests.
//
// WAF tracks and manages web requests separately for each instance of a rate-based
// rule that you use. For example, if you provide the same rate-based rule settings
// in two web ACLs, each of the two rule statements represents a separate instance
// of the rate-based rule and gets its own tracking and management by WAF. If
// you define a rate-based rule inside a rule group, and then use that rule
// group in multiple places, each use creates a separate instance of the rate-based
// rule that gets its own tracking and management by WAF.
//
// When the rule action triggers, WAF blocks additional requests from the IP
// address until the request rate falls below the limit.
//
// You can optionally nest another statement inside the rate-based statement,
// to narrow the scope of the rule so that it only counts requests that match
// the nested statement. For example, based on recent requests that you have
// seen from an attacker, you might create a rate-based rule with a nested AND
// rule statement that contains the following nested statements:
//
// * An IP match statement with an IP set that specifies the address 192.0.2.44.
//
// * A string match statement that searches in the User-Agent header for
// the string BadBot.
//
// In this rate-based rule, you also define a rate limit. For this example,
// the rate limit is 1,000. Requests that meet the criteria of both of the nested
// statements are counted. If the count exceeds 1,000 requests per five minutes,
// the rule action triggers. Requests that do not meet the criteria of both
// of the nested statements are not counted towards the rate limit and are not
// affected by this rule.
//
// You cannot nest a RateBasedStatement inside another statement, for example
// inside a NotStatement or OrStatement. You can define a RateBasedStatement
// inside a web ACL and inside a rule group.
RateBasedStatement *RateBasedStatement `type:"structure"`
// A rule statement used to search web request components for a match against
// a single regular expression.
RegexMatchStatement *RegexMatchStatement `type:"structure"`
// A rule statement used to search web request components for matches with regular
// expressions. To use this, create a RegexPatternSet that specifies the expressions
// that you want to detect, then use the ARN of that set in this statement.
// A web request matches the pattern set rule statement if the request component
// matches any of the patterns in the set. To create a regex pattern set, see
// CreateRegexPatternSet.
//
// Each regex pattern set rule statement references a regex pattern set. You
// create and maintain the set independent of your rules. This allows you to
// use the single set in multiple rules. When you update the referenced set,
// WAF automatically updates all rules that reference it.
RegexPatternSetReferenceStatement *RegexPatternSetReferenceStatement `type:"structure"`
// A rule statement used to run the rules that are defined in a RuleGroup. To
// use this, create a rule group with your rules, then provide the ARN of the
// rule group in this statement.
//
// You cannot nest a RuleGroupReferenceStatement, for example for use inside
// a NotStatement or OrStatement. You can only use a rule group reference statement
// at the top level inside a web ACL.
RuleGroupReferenceStatement *RuleGroupReferenceStatement `type:"structure"`
// A rule statement that compares a number of bytes against the size of a request
// component, using a comparison operator, such as greater than (>) or less
// than (<). For example, you can use a size constraint statement to look for
// query strings that are longer than 100 bytes.
//
// If you configure WAF to inspect the request body, WAF inspects only the first
// 8192 bytes (8 KB). If the request body for your web requests never exceeds
// 8192 bytes, you could use a size constraint statement to block requests that
// have a request body greater than 8192 bytes.
//
// If you choose URI for the value of Part of the request to filter on, the
// slash (/) in the URI counts as one character. For example, the URI /logo.jpg
// is nine characters long.
SizeConstraintStatement *SizeConstraintStatement `type:"structure"`
// A rule statement that inspects for malicious SQL code. Attackers insert malicious
// SQL code into web requests to do things like modify your database or extract
// data from it.
SqliMatchStatement *SqliMatchStatement `type:"structure"`
// A rule statement that inspects for cross-site scripting (XSS) attacks. In
// XSS attacks, the attacker uses vulnerabilities in a benign website as a vehicle
// to inject malicious client-site scripts into other legitimate web browsers.
XssMatchStatement *XssMatchStatement `type:"structure"`
// contains filtered or unexported fields
}
The processing guidance for a Rule, used by WAF to determine whether a web request matches the rule.
For example specifications, see the examples section of CreateWebACL.
func (s Statement) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Statement) SetAndStatement(v *AndStatement) *Statement
SetAndStatement sets the AndStatement field's value.
func (s *Statement) SetByteMatchStatement(v *ByteMatchStatement) *Statement
SetByteMatchStatement sets the ByteMatchStatement field's value.
func (s *Statement) SetGeoMatchStatement(v *GeoMatchStatement) *Statement
SetGeoMatchStatement sets the GeoMatchStatement field's value.
func (s *Statement) SetIPSetReferenceStatement(v *IPSetReferenceStatement) *Statement
SetIPSetReferenceStatement sets the IPSetReferenceStatement field's value.
func (s *Statement) SetLabelMatchStatement(v *LabelMatchStatement) *Statement
SetLabelMatchStatement sets the LabelMatchStatement field's value.
func (s *Statement) SetManagedRuleGroupStatement(v *ManagedRuleGroupStatement) *Statement
SetManagedRuleGroupStatement sets the ManagedRuleGroupStatement field's value.
func (s *Statement) SetNotStatement(v *NotStatement) *Statement
SetNotStatement sets the NotStatement field's value.
func (s *Statement) SetOrStatement(v *OrStatement) *Statement
SetOrStatement sets the OrStatement field's value.
func (s *Statement) SetRateBasedStatement(v *RateBasedStatement) *Statement
SetRateBasedStatement sets the RateBasedStatement field's value.
func (s *Statement) SetRegexMatchStatement(v *RegexMatchStatement) *Statement
SetRegexMatchStatement sets the RegexMatchStatement field's value.
func (s *Statement) SetRegexPatternSetReferenceStatement(v *RegexPatternSetReferenceStatement) *Statement
SetRegexPatternSetReferenceStatement sets the RegexPatternSetReferenceStatement field's value.
func (s *Statement) SetRuleGroupReferenceStatement(v *RuleGroupReferenceStatement) *Statement
SetRuleGroupReferenceStatement sets the RuleGroupReferenceStatement field's value.
func (s *Statement) SetSizeConstraintStatement(v *SizeConstraintStatement) *Statement
SetSizeConstraintStatement sets the SizeConstraintStatement field's value.
func (s *Statement) SetSqliMatchStatement(v *SqliMatchStatement) *Statement
SetSqliMatchStatement sets the SqliMatchStatement field's value.
func (s *Statement) SetXssMatchStatement(v *XssMatchStatement) *Statement
SetXssMatchStatement sets the XssMatchStatement field's value.
func (s Statement) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Statement) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type Tag struct {
// Part of the key:value pair that defines a tag. You can use a tag key to describe
// a category of information, such as "customer." Tag keys are case-sensitive.
//
// Key is a required field
Key *string `min:"1" type:"string" required:"true"`
// Part of the key:value pair that defines a tag. You can use a tag value to
// describe a specific value within a category, such as "companyA" or "companyB."
// Tag values are case-sensitive.
//
// Value is a required field
Value *string `type:"string" required:"true"`
// contains filtered or unexported fields
}
A tag associated with an Amazon Web Services resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing or other management. Typically, the tag key represents a category, such as "environment", and the tag value represents a specific value within that category, such as "test," "development," or "production". Or you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.
You can tag the Amazon Web Services resources that you manage through WAF: web ACLs, rule groups, IP sets, and regex pattern sets. You can't manage or view tags through the WAF console.
func (s Tag) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Tag) SetKey(v string) *Tag
SetKey sets the Key field's value.
func (s *Tag) SetValue(v string) *Tag
SetValue sets the Value field's value.
func (s Tag) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *Tag) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type TagInfoForResource struct {
// The Amazon Resource Name (ARN) of the resource.
ResourceARN *string `min:"20" type:"string"`
// The array of Tag objects defined for the resource.
TagList []*Tag `min:"1" type:"list"`
// contains filtered or unexported fields
}
The collection of tagging definitions for an Amazon Web Services resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing or other management. Typically, the tag key represents a category, such as "environment", and the tag value represents a specific value within that category, such as "test," "development," or "production". Or you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.
You can tag the Amazon Web Services resources that you manage through WAF: web ACLs, rule groups, IP sets, and regex pattern sets. You can't manage or view tags through the WAF console.
func (s TagInfoForResource) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *TagInfoForResource) SetResourceARN(v string) *TagInfoForResource
SetResourceARN sets the ResourceARN field's value.
func (s *TagInfoForResource) SetTagList(v []*Tag) *TagInfoForResource
SetTagList sets the TagList field's value.
func (s TagInfoForResource) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type TagResourceInput struct {
// The Amazon Resource Name (ARN) of the resource.
//
// ResourceARN is a required field
ResourceARN *string `min:"20" type:"string" required:"true"`
// An array of key:value pairs to associate with the resource.
//
// Tags is a required field
Tags []*Tag `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
func (s TagResourceInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *TagResourceInput) SetResourceARN(v string) *TagResourceInput
SetResourceARN sets the ResourceARN field's value.
func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput
SetTags sets the Tags field's value.
func (s TagResourceInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *TagResourceInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type TagResourceOutput struct {
// contains filtered or unexported fields
}
func (s TagResourceOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s TagResourceOutput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
type TextTransformation struct {
// Sets the relative processing order for multiple transformations that are
// defined for a rule statement. WAF processes all transformations, from lowest
// priority to highest, before inspecting the transformed content. The priorities
// don't need to be consecutive, but they must all be different.
//
// Priority is a required field
Priority *int64 `type:"integer" required:"true"`
// You can specify the following transformation types:
//
// BASE64_DECODE - Decode a Base64-encoded string.
//
// BASE64_DECODE_EXT - Decode a Base64-encoded string, but use a forgiving implementation
// that ignores characters that aren't valid.
//
// CMD_LINE - Command-line transformations. These are helpful in reducing effectiveness
// of attackers who inject an operating system command-line command and use
// unusual formatting to disguise some or all of the command.
//
// * Delete the following characters: \ " ' ^
//
// * Delete spaces before the following characters: / (
//
// * Replace the following characters with a space: , ;
//
// * Replace multiple spaces with one space
//
// * Convert uppercase letters (A-Z) to lowercase (a-z)
//
// COMPRESS_WHITE_SPACE - Replace these characters with a space character (decimal
// 32):
//
// * \f, formfeed, decimal 12
//
// * \t, tab, decimal 9
//
// * \n, newline, decimal 10
//
// * \r, carriage return, decimal 13
//
// * \v, vertical tab, decimal 11
//
// * Non-breaking space, decimal 160
//
// COMPRESS_WHITE_SPACE also replaces multiple spaces with one space.
//
// CSS_DECODE - Decode characters that were encoded using CSS 2.x escape rules
// syndata.html#characters. This function uses up to two bytes in the decoding
// process, so it can help to uncover ASCII characters that were encoded using
// CSS encoding that wouldn’t typically be encoded. It's also useful in countering
// evasion, which is a combination of a backslash and non-hexadecimal characters.
// For example, ja\vascript for javascript.
//
// ESCAPE_SEQ_DECODE - Decode the following ANSI C escape sequences: \a, \b,
// \f, \n, \r, \t, \v, \\, \?, \', \", \xHH (hexadecimal), \0OOO (octal). Encodings
// that aren't valid remain in the output.
//
// HEX_DECODE - Decode a string of hexadecimal characters into a binary.
//
// HTML_ENTITY_DECODE - Replace HTML-encoded characters with unencoded characters.
// HTML_ENTITY_DECODE performs these operations:
//
// * Replaces (ampersand)quot; with "
//
// * Replaces (ampersand)nbsp; with a non-breaking space, decimal 160
//
// * Replaces (ampersand)lt; with a "less than" symbol
//
// * Replaces (ampersand)gt; with >
//
// * Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh;,
// with the corresponding characters
//
// * Replaces characters that are represented in decimal format, (ampersand)#nnnn;,
// with the corresponding characters
//
// JS_DECODE - Decode JavaScript escape sequences. If a \ u HHHH code is in
// the full-width ASCII code range of FF01-FF5E, then the higher byte is used
// to detect and adjust the lower byte. If not, only the lower byte is used
// and the higher byte is zeroed, causing a possible loss of information.
//
// LOWERCASE - Convert uppercase letters (A-Z) to lowercase (a-z).
//
// MD5 - Calculate an MD5 hash from the data in the input. The computed hash
// is in a raw binary form.
//
// NONE - Specify NONE if you don't want any text transformations.
//
// NORMALIZE_PATH - Remove multiple slashes, directory self-references, and
// directory back-references that are not at the beginning of the input from
// an input string.
//
// NORMALIZE_PATH_WIN - This is the same as NORMALIZE_PATH, but first converts
// backslash characters to forward slashes.
//
// REMOVE_NULLS - Remove all NULL bytes from the input.
//
// REPLACE_COMMENTS - Replace each occurrence of a C-style comment (/* ... */)
// with a single space. Multiple consecutive occurrences are not compressed.
// Unterminated comments are also replaced with a space (ASCII 0x20). However,
// a standalone termination of a comment (*/) is not acted upon.
//
// REPLACE_NULLS - Replace NULL bytes in the input with space characters (ASCII
// 0x20).
//
// SQL_HEX_DECODE - Decode SQL hex data. Example (0x414243) will be decoded
// to (ABC).
//
// URL_DECODE - Decode a URL-encoded value.
//
// URL_DECODE_UNI - Like URL_DECODE, but with support for Microsoft-specific
// %u encoding. If the code is in the full-width ASCII code range of FF01-FF5E,
// the higher byte is used to detect and adjust the lower byte. Otherwise, only
// the lower byte is used and the higher byte is zeroed.
//
// UTF8_TO_UNICODE - Convert all UTF-8 character sequences to Unicode. This
// helps input normalization, and minimizing false-positives and false-negatives
// for non-English languages.
//
// Type is a required field
Type *string `type:"string" required:"true" enum:"TextTransformationType"`
// contains filtered or unexported fields
}
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.
func (s TextTransformation) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *TextTransformation) SetPriority(v int64) *TextTransformation
SetPriority sets the Priority field's value.
func (s *TextTransformation) SetType(v string) *TextTransformation
SetType sets the Type field's value.
func (s TextTransformation) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *TextTransformation) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type TimeWindow struct {
// The end of the time range from which you want GetSampledRequests to return
// a sample of the requests that your Amazon Web Services resource received.
// You must specify the times in Coordinated Universal Time (UTC) format. UTC
// format includes the special designator, Z. For example, "2016-09-27T14:50Z".
// You can specify any time range in the previous three hours.
//
// EndTime is a required field
EndTime *time.Time `type:"timestamp" required:"true"`
// The beginning of the time range from which you want GetSampledRequests to
// return a sample of the requests that your Amazon Web Services resource received.
// You must specify the times in Coordinated Universal Time (UTC) format. UTC
// format includes the special designator, Z. For example, "2016-09-27T14:50Z".
// You can specify any time range in the previous three hours.
//
// StartTime is a required field
StartTime *time.Time `type:"timestamp" required:"true"`
// contains filtered or unexported fields
}
In a GetSampledRequests request, the StartTime and EndTime objects specify the time range for which you want WAF to return a sample of web requests.
You must specify the times in Coordinated Universal Time (UTC) format. UTC format includes the special designator, Z. For example, "2016-09-27T14:50Z". You can specify any time range in the previous three hours.
In a GetSampledRequests response, the StartTime and EndTime objects specify the time range for which WAF actually returned a sample of web requests. WAF gets the specified number of requests from among the first 5,000 requests that your Amazon Web Services resource receives during the specified time period. If your resource receives more than 5,000 requests during that period, WAF stops sampling after the 5,000th request. In that case, EndTime is the time that WAF received the 5,000th request.
func (s TimeWindow) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *TimeWindow) SetEndTime(v time.Time) *TimeWindow
SetEndTime sets the EndTime field's value.
func (s *TimeWindow) SetStartTime(v time.Time) *TimeWindow
SetStartTime sets the StartTime field's value.
func (s TimeWindow) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *TimeWindow) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type UntagResourceInput struct {
// The Amazon Resource Name (ARN) of the resource.
//
// ResourceARN is a required field
ResourceARN *string `min:"20" type:"string" required:"true"`
// An array of keys identifying the tags to disassociate from the resource.
//
// TagKeys is a required field
TagKeys []*string `min:"1" type:"list" required:"true"`
// contains filtered or unexported fields
}
func (s UntagResourceInput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UntagResourceInput) SetResourceARN(v string) *UntagResourceInput
SetResourceARN sets the ResourceARN field's value.
func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput
SetTagKeys sets the TagKeys field's value.
func (s UntagResourceInput) String() string
String returns the string representation.
API parameter values that are decorated as "sensitive" in the API will not be included in the string output. The member name will be present, but the value will be replaced with "sensitive".
func (s *UntagResourceInput) Validate() error
Validate inspects the fields of the type to determine if they are valid.
type UntagResourceOutput struct {
// contains filtered or unexported fields
}
func (s UntagResourceOutput) GoString() string
GoString returns the string representation.
API parameter values that are decorated as "sensitive" i