Class: Aws::WAFV2::Client

Inherits:
Seahorse::Client::Base show all
Includes:
ClientStubs
Defined in:
gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb

Overview

An API client for WAFV2. To construct a client, you need to configure a :region and :credentials.

client = Aws::WAFV2::Client.new(
  region: region_name,
  credentials: credentials,
  # ...
)

For details on configuring region and credentials see the developer guide.

See #initialize for a full list of supported configuration options.

Instance Attribute Summary

Attributes inherited from Seahorse::Client::Base

#config, #handlers

API Operations collapse

Instance Method Summary collapse

Methods included from ClientStubs

#api_requests, #stub_data, #stub_responses

Methods inherited from Seahorse::Client::Base

add_plugin, api, clear_plugins, define, new, #operation_names, plugins, remove_plugin, set_api, set_plugins

Methods included from Seahorse::Client::HandlerBuilder

#handle, #handle_request, #handle_response

Constructor Details

#initialize(options) ⇒ Client

Returns a new instance of Client.

Parameters:

  • options (Hash)

Options Hash (options):

  • :credentials (required, Aws::CredentialProvider)

    Your AWS credentials. This can be an instance of any one of the following classes:

    • Aws::Credentials - Used for configuring static, non-refreshing credentials.

    • Aws::InstanceProfileCredentials - Used for loading credentials from an EC2 IMDS on an EC2 instance.

    • Aws::SharedCredentials - Used for loading credentials from a shared file, such as ~/.aws/config.

    • Aws::AssumeRoleCredentials - Used when you need to assume a role.

    When :credentials are not configured directly, the following locations will be searched for credentials:

    • Aws.config[:credentials]
    • The :access_key_id, :secret_access_key, and :session_token options.
    • ENV['AWS_ACCESS_KEY_ID'], ENV['AWS_SECRET_ACCESS_KEY']
    • ~/.aws/credentials
    • ~/.aws/config
    • EC2 IMDS instance profile - When used by default, the timeouts are very aggressive. Construct and pass an instance of Aws::InstanceProfileCredentails to enable retries and extended timeouts.
  • :region (required, String)

    The AWS region to connect to. The configured :region is used to determine the service :endpoint. When not passed, a default :region is searched for in the following locations:

    • Aws.config[:region]
    • ENV['AWS_REGION']
    • ENV['AMAZON_REGION']
    • ENV['AWS_DEFAULT_REGION']
    • ~/.aws/credentials
    • ~/.aws/config
  • :access_key_id (String)
  • :active_endpoint_cache (Boolean) — default: false

    When set to true, a thread polling for endpoints will be running in the background every 60 secs (default). Defaults to false.

  • :adaptive_retry_wait_to_fill (Boolean) — default: true

    Used only in adaptive retry mode. When true, the request will sleep until there is sufficent client side capacity to retry the request. When false, the request will raise a RetryCapacityNotAvailableError and will not retry instead of sleeping.

  • :client_side_monitoring (Boolean) — default: false

    When true, client-side metrics will be collected for all API requests from this client.

  • :client_side_monitoring_client_id (String) — default: ""

    Allows you to provide an identifier for this client which will be attached to all generated client side metrics. Defaults to an empty string.

  • :client_side_monitoring_host (String) — default: "127.0.0.1"

    Allows you to specify the DNS hostname or IPv4 or IPv6 address that the client side monitoring agent is running on, where client metrics will be published via UDP.

  • :client_side_monitoring_port (Integer) — default: 31000

    Required for publishing client metrics. The port that the client side monitoring agent is running on, where client metrics will be published via UDP.

  • :client_side_monitoring_publisher (Aws::ClientSideMonitoring::Publisher) — default: Aws::ClientSideMonitoring::Publisher

    Allows you to provide a custom client-side monitoring publisher class. By default, will use the Client Side Monitoring Agent Publisher.

  • :convert_params (Boolean) — default: true

    When true, an attempt is made to coerce request parameters into the required types.

  • :correct_clock_skew (Boolean) — default: true

    Used only in standard and adaptive retry modes. Specifies whether to apply a clock skew correction and retry requests with skewed client clocks.

  • :disable_host_prefix_injection (Boolean) — default: false

    Set to true to disable SDK automatically adding host prefix to default service endpoint when available.

  • :endpoint (String)

    The client endpoint is normally constructed from the :region option. You should only configure an :endpoint when connecting to test or custom endpoints. This should be a valid HTTP(S) URI.

  • :endpoint_cache_max_entries (Integer) — default: 1000

    Used for the maximum size limit of the LRU cache storing endpoints data for endpoint discovery enabled operations. Defaults to 1000.

  • :endpoint_cache_max_threads (Integer) — default: 10

    Used for the maximum threads in use for polling endpoints to be cached, defaults to 10.

  • :endpoint_cache_poll_interval (Integer) — default: 60

    When :endpoint_discovery and :active_endpoint_cache is enabled, Use this option to config the time interval in seconds for making requests fetching endpoints information. Defaults to 60 sec.

  • :endpoint_discovery (Boolean) — default: false

    When set to true, endpoint discovery will be enabled for operations when available.

  • :log_formatter (Aws::Log::Formatter) — default: Aws::Log::Formatter.default

    The log formatter.

  • :log_level (Symbol) — default: :info

    The log level to send messages to the :logger at.

  • :logger (Logger)

    The Logger instance to send log messages to. If this option is not set, logging will be disabled.

  • :max_attempts (Integer) — default: 3

    An integer representing the maximum number attempts that will be made for a single request, including the initial attempt. For example, setting this value to 5 will result in a request being retried up to 4 times. Used in standard and adaptive retry modes.

  • :profile (String) — default: "default"

    Used when loading credentials from the shared credentials file at HOME/.aws/credentials. When not specified, 'default' is used.

  • :retry_backoff (Proc)

    A proc or lambda used for backoff. Defaults to 2**retries * retry_base_delay. This option is only used in the legacy retry mode.

  • :retry_base_delay (Float) — default: 0.3

    The base delay in seconds used by the default backoff function. This option is only used in the legacy retry mode.

  • :retry_jitter (Symbol) — default: :none

    A delay randomiser function used by the default backoff function. Some predefined functions can be referenced by name - :none, :equal, :full, otherwise a Proc that takes and returns a number. This option is only used in the legacy retry mode.

    @see https://www.awsarchitectureblog.com/2015/03/backoff.html

  • :retry_limit (Integer) — default: 3

    The maximum number of times to retry failed requests. Only ~ 500 level server errors and certain ~ 400 level client errors are retried. Generally, these are throttling errors, data checksum errors, networking errors, timeout errors, auth errors, endpoint discovery, and errors from expired credentials. This option is only used in the legacy retry mode.

  • :retry_max_delay (Integer) — default: 0

    The maximum number of seconds to delay between retries (0 for no limit) used by the default backoff function. This option is only used in the legacy retry mode.

  • :retry_mode (String) — default: "legacy"

    Specifies which retry algorithm to use. Values are:

    • legacy - The pre-existing retry behavior. This is default value if no retry mode is provided.

    • standard - A standardized set of retry rules across the AWS SDKs. This includes support for retry quotas, which limit the number of unsuccessful retries a client can make.

    • adaptive - An experimental retry mode that includes all the functionality of standard mode along with automatic client side throttling. This is a provisional mode that may change behavior in the future.

  • :secret_access_key (String)
  • :session_token (String)
  • :simple_json (Boolean) — default: false

    Disables request parameter conversion, validation, and formatting. Also disable response data type conversions. This option is useful when you want to ensure the highest level of performance by avoiding overhead of walking request parameters and response data structures.

    When :simple_json is enabled, the request parameters hash must be formatted exactly as the DynamoDB API expects.

  • :stub_responses (Boolean) — default: false

    Causes the client to return stubbed responses. By default fake responses are generated and returned. You can specify the response data to return or errors to raise by calling ClientStubs#stub_responses. See ClientStubs for more information.

    Please note When response stubbing is enabled, no HTTP requests are made, and retries are disabled.

  • :validate_params (Boolean) — default: true

    When true, request parameters are validated before sending the request.

  • :http_proxy (URI::HTTP, String)

    A proxy to send requests through. Formatted like 'http://proxy.com:123'.

  • :http_open_timeout (Float) — default: 15

    The number of seconds to wait when opening a HTTP session before raising a Timeout::Error.

  • :http_read_timeout (Integer) — default: 60

    The default number of seconds to wait for response data. This value can safely be set per-request on the session.

  • :http_idle_timeout (Float) — default: 5

    The number of seconds a connection is allowed to sit idle before it is considered stale. Stale connections are closed and removed from the pool before making a request.

  • :http_continue_timeout (Float) — default: 1

    The number of seconds to wait for a 100-continue response before sending the request body. This option has no effect unless the request has "Expect" header set to "100-continue". Defaults to nil which disables this behaviour. This value can safely be set per request on the session.

  • :http_wire_trace (Boolean) — default: false

    When true, HTTP debug output will be sent to the :logger.

  • :ssl_verify_peer (Boolean) — default: true

    When true, SSL peer certificates are verified when establishing a connection.

  • :ssl_ca_bundle (String)

    Full path to the SSL certificate authority bundle file that should be used when verifying peer certificates. If you do not pass :ssl_ca_bundle or :ssl_ca_directory the the system default will be used if available.

  • :ssl_ca_directory (String)

    Full path of the directory that contains the unbundled SSL certificate authority files for verifying peer certificates. If you do not pass :ssl_ca_bundle or :ssl_ca_directory the the system default will be used if available.



319
320
321
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 319

def initialize(*args)
  super
end

Instance Method Details

#associate_web_acl(params = {}) ⇒ Struct

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Associates a Web ACL with a regional application resource, to protect the resource. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

For AWS CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To associate a Web ACL, in the CloudFront call UpdateDistribution, set the web ACL ID to the Amazon Resource Name (ARN) of the Web ACL. For information, see UpdateDistribution.

Examples:

Request syntax with placeholder values


resp = client.associate_web_acl({
  web_acl_arn: "ResourceArn", # required
  resource_arn: "ResourceArn", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :web_acl_arn (required, String)

    The Amazon Resource Name (ARN) of the Web ACL that you want to associate with the resource.

  • :resource_arn (required, String)

    The Amazon Resource Name (ARN) of the resource to associate with the web ACL.

    The ARN must be in one of the following formats:

    • For an Application Load Balancer: arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id

    • For an Amazon API Gateway stage: arn:aws:apigateway:region::/restapis/api-id/stages/stage-name

Returns:

  • (Struct)

    Returns an empty response.

See Also:



377
378
379
380
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 377

def associate_web_acl(params = {}, options = {})
  req = build_request(:associate_web_acl, params)
  req.send_request(options)
end

#check_capacity(params = {}) ⇒ Types::CheckCapacityResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Returns the web ACL capacity unit (WCU) requirements for a specified scope and set of rules. You can use this to check the capacity requirements for the rules you want to use in a RuleGroup or WebACL.

AWS WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. AWS WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. The WCU limit for web ACLs is 1,500.

Examples:

Request syntax with placeholder values


resp = client.check_capacity({
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  rules: [ # required
    {
      name: "EntityName", # required
      priority: 1, # required
      statement: { # required
        byte_match_statement: {
          search_string: "data", # required
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
          positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
        },
        sqli_match_statement: {
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
        },
        xss_match_statement: {
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
        },
        size_constraint_statement: {
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          comparison_operator: "EQ", # required, accepts EQ, NE, LE, LT, GE, GT
          size: 1, # required
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
        },
        geo_match_statement: {
          country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
        },
        rule_group_reference_statement: {
          arn: "ResourceArn", # required
          excluded_rules: [
            {
              name: "EntityName", # required
            },
          ],
        },
        ip_set_reference_statement: {
          arn: "ResourceArn", # required
        },
        regex_pattern_set_reference_statement: {
          arn: "ResourceArn", # required
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
        },
        rate_based_statement: {
          limit: 1, # required
          aggregate_key_type: "IP", # required, accepts IP
          scope_down_statement: {
            # recursive Statement
          },
        },
        and_statement: {
          statements: [ # required
            {
              # recursive Statement
            },
          ],
        },
        or_statement: {
          statements: [ # required
            {
              # recursive Statement
            },
          ],
        },
        not_statement: {
          statement: { # required
            # recursive Statement
          },
        },
        managed_rule_group_statement: {
          vendor_name: "VendorName", # required
          name: "EntityName", # required
          excluded_rules: [
            {
              name: "EntityName", # required
            },
          ],
        },
      },
      action: {
        block: {
        },
        allow: {
        },
        count: {
        },
      },
      override_action: {
        count: {
        },
        none: {
        },
      },
      visibility_config: { # required
        sampled_requests_enabled: false, # required
        cloud_watch_metrics_enabled: false, # required
        metric_name: "MetricName", # required
      },
    },
  ],
})

Response structure


resp.capacity #=> Integer

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :rules (required, Array<Types::Rule>)

    An array of Rule that you're configuring to use in a rule group or web ACL.

Returns:

See Also:



652
653
654
655
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 652

def check_capacity(params = {}, options = {})
  req = build_request(:check_capacity, params)
  req.send_request(options)
end

#create_ip_set(params = {}) ⇒ Types::CreateIPSetResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Creates an IPSet, which you use to identify web requests that originate from specific IP addresses or ranges of IP addresses. For example, if you're receiving a lot of requests from a ranges of IP addresses, you can configure AWS WAF to block them using an IPSet that lists those IP addresses.

Examples:

Request syntax with placeholder values


resp = client.create_ip_set({
  name: "EntityName", # required
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  description: "EntityDescription",
  ip_address_version: "IPV4", # required, accepts IPV4, IPV6
  addresses: ["IPAddress"], # required
  tags: [
    {
      key: "TagKey", # required
      value: "TagValue", # required
    },
  ],
})

Response structure


resp.summary.name #=> String
resp.summary.id #=> String
resp.summary.description #=> String
resp.summary.lock_token #=> String
resp.summary.arn #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the IP set. You cannot change the name of an IPSet after you create it.

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :description (String)

    A description of the IP set that helps with identification. You cannot change the description of an IP set after you create it.

  • :ip_address_version (required, String)

    Specify IPV4 or IPV6.

  • :addresses (required, Array<String>)

    Contains an array of strings that specify one or more IP addresses or blocks of IP addresses in Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports all address ranges for IP versions IPv4 and IPv6.

    Examples:

    • To configure AWS WAF to allow, block, or count requests that originated from the IP address 192.0.2.44, specify 192.0.2.44/32.

    • To configure AWS WAF to allow, block, or count requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24.

    • To configure AWS WAF to allow, block, or count requests that originated from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128.

    • To configure AWS WAF to allow, block, or count requests that originated from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64.

    For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.

  • :tags (Array<Types::Tag>)

    An array of key:value pairs to associate with the resource.

Returns:

See Also:



765
766
767
768
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 765

def create_ip_set(params = {}, options = {})
  req = build_request(:create_ip_set, params)
  req.send_request(options)
end

#create_regex_pattern_set(params = {}) ⇒ Types::CreateRegexPatternSetResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Creates a RegexPatternSet, which you reference in a RegexPatternSetReferenceStatement, to have AWS WAF inspect a web request component for the specified patterns.

Examples:

Request syntax with placeholder values


resp = client.create_regex_pattern_set({
  name: "EntityName", # required
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  description: "EntityDescription",
  regular_expression_list: [ # required
    {
      regex_string: "RegexPatternString",
    },
  ],
  tags: [
    {
      key: "TagKey", # required
      value: "TagValue", # required
    },
  ],
})

Response structure


resp.summary.name #=> String
resp.summary.id #=> String
resp.summary.description #=> String
resp.summary.lock_token #=> String
resp.summary.arn #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the set. You cannot change the name after you create the set.

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :description (String)

    A description of the set that helps with identification. You cannot change the description of a set after you create it.

  • :regular_expression_list (required, Array<Types::Regex>)

    Array of regular expression strings.

  • :tags (Array<Types::Tag>)

    An array of key:value pairs to associate with the resource.

Returns:

See Also:



847
848
849
850
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 847

def create_regex_pattern_set(params = {}, options = {})
  req = build_request(:create_regex_pattern_set, params)
  req.send_request(options)
end

#create_rule_group(params = {}) ⇒ Types::CreateRuleGroupResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Creates a RuleGroup per the specifications provided.

A rule group defines a collection of rules to inspect and control web requests that you can use in a WebACL. When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements.

Examples:

Request syntax with placeholder values


resp = client.create_rule_group({
  name: "EntityName", # required
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  capacity: 1, # required
  description: "EntityDescription",
  rules: [
    {
      name: "EntityName", # required
      priority: 1, # required
      statement: { # required
        byte_match_statement: {
          search_string: "data", # required
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
          positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
        },
        sqli_match_statement: {
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
        },
        xss_match_statement: {
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
        },
        size_constraint_statement: {
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          comparison_operator: "EQ", # required, accepts EQ, NE, LE, LT, GE, GT
          size: 1, # required
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
        },
        geo_match_statement: {
          country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
        },
        rule_group_reference_statement: {
          arn: "ResourceArn", # required
          excluded_rules: [
            {
              name: "EntityName", # required
            },
          ],
        },
        ip_set_reference_statement: {
          arn: "ResourceArn", # required
        },
        regex_pattern_set_reference_statement: {
          arn: "ResourceArn", # required
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
        },
        rate_based_statement: {
          limit: 1, # required
          aggregate_key_type: "IP", # required, accepts IP
          scope_down_statement: {
            # recursive Statement
          },
        },
        and_statement: {
          statements: [ # required
            {
              # recursive Statement
            },
          ],
        },
        or_statement: {
          statements: [ # required
            {
              # recursive Statement
            },
          ],
        },
        not_statement: {
          statement: { # required
            # recursive Statement
          },
        },
        managed_rule_group_statement: {
          vendor_name: "VendorName", # required
          name: "EntityName", # required
          excluded_rules: [
            {
              name: "EntityName", # required
            },
          ],
        },
      },
      action: {
        block: {
        },
        allow: {
        },
        count: {
        },
      },
      override_action: {
        count: {
        },
        none: {
        },
      },
      visibility_config: { # required
        sampled_requests_enabled: false, # required
        cloud_watch_metrics_enabled: false, # required
        metric_name: "MetricName", # required
      },
    },
  ],
  visibility_config: { # required
    sampled_requests_enabled: false, # required
    cloud_watch_metrics_enabled: false, # required
    metric_name: "MetricName", # required
  },
  tags: [
    {
      key: "TagKey", # required
      value: "TagValue", # required
    },
  ],
})

Response structure


resp.summary.name #=> String
resp.summary.id #=> String
resp.summary.description #=> String
resp.summary.lock_token #=> String
resp.summary.arn #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the rule group. You cannot change the name of a rule group after you create it.

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :capacity (required, Integer)

    The web ACL capacity units (WCUs) required for this rule group.

    When you create your own rule group, you define this, and you cannot change it after creation. When you add or modify the rules in a rule group, AWS WAF enforces this limit. You can check the capacity for a set of rules using CheckCapacity.

    AWS WAF uses WCUs to calculate and control the operating resources that are used to run your rules, rule groups, and web ACLs. AWS WAF calculates capacity differently for each rule type, to reflect the relative cost of each rule. Simple rules that cost little to run use fewer WCUs than more complex rules that use more processing power. Rule group capacity is fixed at creation, which helps users plan their web ACL WCU usage when they use a rule group. The WCU limit for web ACLs is 1,500.

  • :description (String)

    A description of the rule group that helps with identification. You cannot change the description of a rule group after you create it.

  • :rules (Array<Types::Rule>)

    The Rule statements used to identify the web requests that you want to allow, block, or count. Each rule includes one top-level statement that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.

  • :visibility_config (required, Types::VisibilityConfig)

    Defines and enables Amazon CloudWatch metrics and web request sample collection.

  • :tags (Array<Types::Tag>)

    An array of key:value pairs to associate with the resource.

Returns:

See Also:



1169
1170
1171
1172
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 1169

def create_rule_group(params = {}, options = {})
  req = build_request(:create_rule_group, params)
  req.send_request(options)
end

#create_web_acl(params = {}) ⇒ Types::CreateWebACLResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Creates a WebACL per the specifications provided.

A Web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the Web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a Web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a Web ACL with one or more AWS resources to protect. The resources can be Amazon CloudFront, an Amazon API Gateway API, or an Application Load Balancer.

Examples:

Request syntax with placeholder values


resp = client.create_web_acl({
  name: "EntityName", # required
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  default_action: { # required
    block: {
    },
    allow: {
    },
  },
  description: "EntityDescription",
  rules: [
    {
      name: "EntityName", # required
      priority: 1, # required
      statement: { # required
        byte_match_statement: {
          search_string: "data", # required
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
          positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
        },
        sqli_match_statement: {
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
        },
        xss_match_statement: {
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
        },
        size_constraint_statement: {
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          comparison_operator: "EQ", # required, accepts EQ, NE, LE, LT, GE, GT
          size: 1, # required
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
        },
        geo_match_statement: {
          country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
        },
        rule_group_reference_statement: {
          arn: "ResourceArn", # required
          excluded_rules: [
            {
              name: "EntityName", # required
            },
          ],
        },
        ip_set_reference_statement: {
          arn: "ResourceArn", # required
        },
        regex_pattern_set_reference_statement: {
          arn: "ResourceArn", # required
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
        },
        rate_based_statement: {
          limit: 1, # required
          aggregate_key_type: "IP", # required, accepts IP
          scope_down_statement: {
            # recursive Statement
          },
        },
        and_statement: {
          statements: [ # required
            {
              # recursive Statement
            },
          ],
        },
        or_statement: {
          statements: [ # required
            {
              # recursive Statement
            },
          ],
        },
        not_statement: {
          statement: { # required
            # recursive Statement
          },
        },
        managed_rule_group_statement: {
          vendor_name: "VendorName", # required
          name: "EntityName", # required
          excluded_rules: [
            {
              name: "EntityName", # required
            },
          ],
        },
      },
      action: {
        block: {
        },
        allow: {
        },
        count: {
        },
      },
      override_action: {
        count: {
        },
        none: {
        },
      },
      visibility_config: { # required
        sampled_requests_enabled: false, # required
        cloud_watch_metrics_enabled: false, # required
        metric_name: "MetricName", # required
      },
    },
  ],
  visibility_config: { # required
    sampled_requests_enabled: false, # required
    cloud_watch_metrics_enabled: false, # required
    metric_name: "MetricName", # required
  },
  tags: [
    {
      key: "TagKey", # required
      value: "TagValue", # required
    },
  ],
})

Response structure


resp.summary.name #=> String
resp.summary.id #=> String
resp.summary.description #=> String
resp.summary.lock_token #=> String
resp.summary.arn #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the Web ACL. You cannot change the name of a Web ACL after you create it.

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :default_action (required, Types::DefaultAction)

    The action to perform if none of the Rules contained in the WebACL match.

  • :description (String)

    A description of the Web ACL that helps with identification. You cannot change the description of a Web ACL after you create it.

  • :rules (Array<Types::Rule>)

    The Rule statements used to identify the web requests that you want to allow, block, or count. Each rule includes one top-level statement that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.

  • :visibility_config (required, Types::VisibilityConfig)

    Defines and enables Amazon CloudWatch metrics and web request sample collection.

  • :tags (Array<Types::Tag>)

    An array of key:value pairs to associate with the resource.

Returns:

See Also:



1487
1488
1489
1490
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 1487

def create_web_acl(params = {}, options = {})
  req = build_request(:create_web_acl, params)
  req.send_request(options)
end

#delete_firewall_manager_rule_groups(params = {}) ⇒ Types::DeleteFirewallManagerRuleGroupsResponse

Deletes all rule groups that are managed by AWS Firewall Manager for the specified web ACL.

You can only use this if ManagedByFirewallManager is false in the specified WebACL.

Examples:

Request syntax with placeholder values


resp = client.delete_firewall_manager_rule_groups({
  web_acl_arn: "ResourceArn", # required
  web_acl_lock_token: "LockToken", # required
})

Response structure


resp.next_web_acl_lock_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :web_acl_arn (required, String)

    The Amazon Resource Name (ARN) of the web ACL.

  • :web_acl_lock_token (required, String)

    A token used for optimistic locking. AWS WAF returns a token to your get and list requests, to mark the state of the entity at the time of the request. To make changes to the entity associated with the token, you provide the token to operations like update and delete. AWS WAF uses the token to ensure that no changes have been made to the entity since you last retrieved it. If a change has been made, the update fails with a WAFOptimisticLockException. If this happens, perform another get, and use the new token returned by that operation.

Returns:

See Also:



1530
1531
1532
1533
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 1530

def delete_firewall_manager_rule_groups(params = {}, options = {})
  req = build_request(:delete_firewall_manager_rule_groups, params)
  req.send_request(options)
end

#delete_ip_set(params = {}) ⇒ Struct

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Deletes the specified IPSet.

Examples:

Request syntax with placeholder values


resp = client.delete_ip_set({
  name: "EntityName", # required
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  id: "EntityId", # required
  lock_token: "LockToken", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the IP set. You cannot change the name of an IPSet after you create it.

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :id (required, String)

    A unique identifier for the set. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.

  • :lock_token (required, String)

    A token used for optimistic locking. AWS WAF returns a token to your get and list requests, to mark the state of the entity at the time of the request. To make changes to the entity associated with the token, you provide the token to operations like update and delete. AWS WAF uses the token to ensure that no changes have been made to the entity since you last retrieved it. If a change has been made, the update fails with a WAFOptimisticLockException. If this happens, perform another get, and use the new token returned by that operation.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1595
1596
1597
1598
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 1595

def delete_ip_set(params = {}, options = {})
  req = build_request(:delete_ip_set, params)
  req.send_request(options)
end

#delete_logging_configuration(params = {}) ⇒ Struct

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Deletes the LoggingConfiguration from the specified web ACL.

Examples:

Request syntax with placeholder values


resp = client.delete_logging_configuration({
  resource_arn: "ResourceArn", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :resource_arn (required, String)

    The Amazon Resource Name (ARN) of the web ACL from which you want to delete the LoggingConfiguration.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1629
1630
1631
1632
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 1629

def delete_logging_configuration(params = {}, options = {})
  req = build_request(:delete_logging_configuration, params)
  req.send_request(options)
end

#delete_permission_policy(params = {}) ⇒ Struct

Permanently deletes an IAM policy from the specified rule group.

You must be the owner of the rule group to perform this operation.

Examples:

Request syntax with placeholder values


resp = client.delete_permission_policy({
  resource_arn: "ResourceArn", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :resource_arn (required, String)

    The Amazon Resource Name (ARN) of the rule group from which you want to delete the policy.

    You must be the owner of the rule group to perform this operation.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1656
1657
1658
1659
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 1656

def delete_permission_policy(params = {}, options = {})
  req = build_request(:delete_permission_policy, params)
  req.send_request(options)
end

#delete_regex_pattern_set(params = {}) ⇒ Struct

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Deletes the specified RegexPatternSet.

Examples:

Request syntax with placeholder values


resp = client.delete_regex_pattern_set({
  name: "EntityName", # required
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  id: "EntityId", # required
  lock_token: "LockToken", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the set. You cannot change the name after you create the set.

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :id (required, String)

    A unique identifier for the set. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.

  • :lock_token (required, String)

    A token used for optimistic locking. AWS WAF returns a token to your get and list requests, to mark the state of the entity at the time of the request. To make changes to the entity associated with the token, you provide the token to operations like update and delete. AWS WAF uses the token to ensure that no changes have been made to the entity since you last retrieved it. If a change has been made, the update fails with a WAFOptimisticLockException. If this happens, perform another get, and use the new token returned by that operation.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1721
1722
1723
1724
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 1721

def delete_regex_pattern_set(params = {}, options = {})
  req = build_request(:delete_regex_pattern_set, params)
  req.send_request(options)
end

#delete_rule_group(params = {}) ⇒ Struct

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Deletes the specified RuleGroup.

Examples:

Request syntax with placeholder values


resp = client.delete_rule_group({
  name: "EntityName", # required
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  id: "EntityId", # required
  lock_token: "LockToken", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the rule group. You cannot change the name of a rule group after you create it.

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :id (required, String)

    A unique identifier for the rule group. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.

  • :lock_token (required, String)

    A token used for optimistic locking. AWS WAF returns a token to your get and list requests, to mark the state of the entity at the time of the request. To make changes to the entity associated with the token, you provide the token to operations like update and delete. AWS WAF uses the token to ensure that no changes have been made to the entity since you last retrieved it. If a change has been made, the update fails with a WAFOptimisticLockException. If this happens, perform another get, and use the new token returned by that operation.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1786
1787
1788
1789
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 1786

def delete_rule_group(params = {}, options = {})
  req = build_request(:delete_rule_group, params)
  req.send_request(options)
end

#delete_web_acl(params = {}) ⇒ Struct

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Deletes the specified WebACL.

You can only use this if ManagedByFirewallManager is false in the specified WebACL.

Examples:

Request syntax with placeholder values


resp = client.delete_web_acl({
  name: "EntityName", # required
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  id: "EntityId", # required
  lock_token: "LockToken", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the Web ACL. You cannot change the name of a Web ACL after you create it.

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :id (required, String)

    The unique identifier for the Web ACL. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.

  • :lock_token (required, String)

    A token used for optimistic locking. AWS WAF returns a token to your get and list requests, to mark the state of the entity at the time of the request. To make changes to the entity associated with the token, you provide the token to operations like update and delete. AWS WAF uses the token to ensure that no changes have been made to the entity since you last retrieved it. If a change has been made, the update fails with a WAFOptimisticLockException. If this happens, perform another get, and use the new token returned by that operation.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1854
1855
1856
1857
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 1854

def delete_web_acl(params = {}, options = {})
  req = build_request(:delete_web_acl, params)
  req.send_request(options)
end

#describe_managed_rule_group(params = {}) ⇒ Types::DescribeManagedRuleGroupResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Provides high-level information for a managed rule group, including descriptions of the rules.

Examples:

Request syntax with placeholder values


resp = client.describe_managed_rule_group({
  vendor_name: "VendorName", # required
  name: "EntityName", # required
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
})

Response structure


resp.capacity #=> Integer
resp.rules #=> Array
resp.rules[0].name #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :vendor_name (required, String)

    The name of the managed rule group vendor. You use this, along with the rule group name, to identify the rule group.

  • :name (required, String)

    The name of the managed rule group. You use this, along with the vendor name, to identify the rule group.

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

Returns:

See Also:



1917
1918
1919
1920
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 1917

def describe_managed_rule_group(params = {}, options = {})
  req = build_request(:describe_managed_rule_group, params)
  req.send_request(options)
end

#disassociate_web_acl(params = {}) ⇒ Struct

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Disassociates a Web ACL from a regional application resource. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

For AWS CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To disassociate a Web ACL, provide an empty web ACL ID in the CloudFront call UpdateDistribution. For information, see UpdateDistribution.

Examples:

Request syntax with placeholder values


resp = client.disassociate_web_acl({
  resource_arn: "ResourceArn", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :resource_arn (required, String)

    The Amazon Resource Name (ARN) of the resource to disassociate from the web ACL.

    The ARN must be in one of the following formats:

    • For an Application Load Balancer: arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id

    • For an Amazon API Gateway stage: arn:aws:apigateway:region::/restapis/api-id/stages/stage-name

Returns:

  • (Struct)

    Returns an empty response.

See Also:



1968
1969
1970
1971
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 1968

def disassociate_web_acl(params = {}, options = {})
  req = build_request(:disassociate_web_acl, params)
  req.send_request(options)
end

#get_ip_set(params = {}) ⇒ Types::GetIPSetResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Retrieves the specified IPSet.

Examples:

Request syntax with placeholder values


resp = client.get_ip_set({
  name: "EntityName", # required
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  id: "EntityId", # required
})

Response structure


resp.ip_set.name #=> String
resp.ip_set.id #=> String
resp.ip_set.arn #=> String
resp.ip_set.description #=> String
resp.ip_set.ip_address_version #=> String, one of "IPV4", "IPV6"
resp.ip_set.addresses #=> Array
resp.ip_set.addresses[0] #=> String
resp.lock_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the IP set. You cannot change the name of an IPSet after you create it.

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :id (required, String)

    A unique identifier for the set. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.

Returns:

See Also:



2036
2037
2038
2039
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 2036

def get_ip_set(params = {}, options = {})
  req = build_request(:get_ip_set, params)
  req.send_request(options)
end

#get_logging_configuration(params = {}) ⇒ Types::GetLoggingConfigurationResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Returns the LoggingConfiguration for the specified web ACL.

Examples:

Request syntax with placeholder values


resp = client.get_logging_configuration({
  resource_arn: "ResourceArn", # required
})

Response structure


resp.logging_configuration.resource_arn #=> String
resp.logging_configuration.log_destination_configs #=> Array
resp.logging_configuration.log_destination_configs[0] #=> String
resp.logging_configuration.redacted_fields #=> Array
resp.logging_configuration.redacted_fields[0].single_header.name #=> String
resp.logging_configuration.redacted_fields[0].single_query_argument.name #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :resource_arn (required, String)

    The Amazon Resource Name (ARN) of the web ACL for which you want to get the LoggingConfiguration.

Returns:

See Also:



2081
2082
2083
2084
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 2081

def get_logging_configuration(params = {}, options = {})
  req = build_request(:get_logging_configuration, params)
  req.send_request(options)
end

#get_permission_policy(params = {}) ⇒ Types::GetPermissionPolicyResponse

Returns the IAM policy that is attached to the specified rule group.

You must be the owner of the rule group to perform this operation.

Examples:

Request syntax with placeholder values


resp = client.get_permission_policy({
  resource_arn: "ResourceArn", # required
})

Response structure


resp.policy #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :resource_arn (required, String)

    The Amazon Resource Name (ARN) of the rule group for which you want to get the policy.

Returns:

See Also:



2112
2113
2114
2115
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 2112

def get_permission_policy(params = {}, options = {})
  req = build_request(:get_permission_policy, params)
  req.send_request(options)
end

#get_rate_based_statement_managed_keys(params = {}) ⇒ Types::GetRateBasedStatementManagedKeysResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Retrieves the keys that are currently blocked by a rate-based rule. The maximum number of managed keys that can be blocked for a single rate-based rule is 10,000. If more than 10,000 addresses exceed the rate limit, those with the highest rates are blocked.

Examples:

Request syntax with placeholder values


resp = client.get_rate_based_statement_managed_keys({
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  web_acl_name: "EntityName", # required
  web_acl_id: "EntityId", # required
  rule_name: "EntityName", # required
})

Response structure


resp.managed_keys_ipv4.ip_address_version #=> String, one of "IPV4", "IPV6"
resp.managed_keys_ipv4.addresses #=> Array
resp.managed_keys_ipv4.addresses[0] #=> String
resp.managed_keys_ipv6.ip_address_version #=> String, one of "IPV4", "IPV6"
resp.managed_keys_ipv6.addresses #=> Array
resp.managed_keys_ipv6.addresses[0] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :web_acl_name (required, String)

    The name of the Web ACL. You cannot change the name of a Web ACL after you create it.

  • :web_acl_id (required, String)

    The unique identifier for the Web ACL. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.

  • :rule_name (required, String)

    The name of the rate-based rule to get the keys for.

Returns:

See Also:



2185
2186
2187
2188
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 2185

def get_rate_based_statement_managed_keys(params = {}, options = {})
  req = build_request(:get_rate_based_statement_managed_keys, params)
  req.send_request(options)
end

#get_regex_pattern_set(params = {}) ⇒ Types::GetRegexPatternSetResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Retrieves the specified RegexPatternSet.

Examples:

Request syntax with placeholder values


resp = client.get_regex_pattern_set({
  name: "EntityName", # required
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  id: "EntityId", # required
})

Response structure


resp.regex_pattern_set.name #=> String
resp.regex_pattern_set.id #=> String
resp.regex_pattern_set.arn #=> String
resp.regex_pattern_set.description #=> String
resp.regex_pattern_set.regular_expression_list #=> Array
resp.regex_pattern_set.regular_expression_list[0].regex_string #=> String
resp.lock_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the set. You cannot change the name after you create the set.

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :id (required, String)

    A unique identifier for the set. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.

Returns:

See Also:



2252
2253
2254
2255
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 2252

def get_regex_pattern_set(params = {}, options = {})
  req = build_request(:get_regex_pattern_set, params)
  req.send_request(options)
end

#get_rule_group(params = {}) ⇒ Types::GetRuleGroupResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Retrieves the specified RuleGroup.

Examples:

Request syntax with placeholder values


resp = client.get_rule_group({
  name: "EntityName", # required
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  id: "EntityId", # required
})

Response structure


resp.rule_group.name #=> String
resp.rule_group.id #=> String
resp.rule_group.capacity #=> Integer
resp.rule_group.arn #=> String
resp.rule_group.description #=> String
resp.rule_group.rules #=> Array
resp.rule_group.rules[0].name #=> String
resp.rule_group.rules[0].priority #=> Integer
resp.rule_group.rules[0].statement.byte_match_statement.search_string #=> String
resp.rule_group.rules[0].statement.byte_match_statement.field_to_match.single_header.name #=> String
resp.rule_group.rules[0].statement.byte_match_statement.field_to_match.single_query_argument.name #=> String
resp.rule_group.rules[0].statement.byte_match_statement.text_transformations #=> Array
resp.rule_group.rules[0].statement.byte_match_statement.text_transformations[0].priority #=> Integer
resp.rule_group.rules[0].statement.byte_match_statement.text_transformations[0].type #=> String, one of "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE"
resp.rule_group.rules[0].statement.byte_match_statement.positional_constraint #=> String, one of "EXACTLY", "STARTS_WITH", "ENDS_WITH", "CONTAINS", "CONTAINS_WORD"
resp.rule_group.rules[0].statement.sqli_match_statement.field_to_match.single_header.name #=> String
resp.rule_group.rules[0].statement.sqli_match_statement.field_to_match.single_query_argument.name #=> String
resp.rule_group.rules[0].statement.sqli_match_statement.text_transformations #=> Array
resp.rule_group.rules[0].statement.sqli_match_statement.text_transformations[0].priority #=> Integer
resp.rule_group.rules[0].statement.sqli_match_statement.text_transformations[0].type #=> String, one of "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE"
resp.rule_group.rules[0].statement.xss_match_statement.field_to_match.single_header.name #=> String
resp.rule_group.rules[0].statement.xss_match_statement.field_to_match.single_query_argument.name #=> String
resp.rule_group.rules[0].statement.xss_match_statement.text_transformations #=> Array
resp.rule_group.rules[0].statement.xss_match_statement.text_transformations[0].priority #=> Integer
resp.rule_group.rules[0].statement.xss_match_statement.text_transformations[0].type #=> String, one of "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE"
resp.rule_group.rules[0].statement.size_constraint_statement.field_to_match.single_header.name #=> String
resp.rule_group.rules[0].statement.size_constraint_statement.field_to_match.single_query_argument.name #=> String
resp.rule_group.rules[0].statement.size_constraint_statement.comparison_operator #=> String, one of "EQ", "NE", "LE", "LT", "GE", "GT"
resp.rule_group.rules[0].statement.size_constraint_statement.size #=> Integer
resp.rule_group.rules[0].statement.size_constraint_statement.text_transformations #=> Array
resp.rule_group.rules[0].statement.size_constraint_statement.text_transformations[0].priority #=> Integer
resp.rule_group.rules[0].statement.size_constraint_statement.text_transformations[0].type #=> String, one of "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE"
resp.rule_group.rules[0].statement.geo_match_statement.country_codes #=> Array
resp.rule_group.rules[0].statement.geo_match_statement.country_codes[0] #=> String, one of "AF", "AX", "AL", "DZ", "AS", "AD", "AO", "AI", "AQ", "AG", "AR", "AM", "AW", "AU", "AT", "AZ", "BS", "BH", "BD", "BB", "BY", "BE", "BZ", "BJ", "BM", "BT", "BO", "BQ", "BA", "BW", "BV", "BR", "IO", "BN", "BG", "BF", "BI", "KH", "CM", "CA", "CV", "KY", "CF", "TD", "CL", "CN", "CX", "CC", "CO", "KM", "CG", "CD", "CK", "CR", "CI", "HR", "CU", "CW", "CY", "CZ", "DK", "DJ", "DM", "DO", "EC", "EG", "SV", "GQ", "ER", "EE", "ET", "FK", "FO", "FJ", "FI", "FR", "GF", "PF", "TF", "GA", "GM", "GE", "DE", "GH", "GI", "GR", "GL", "GD", "GP", "GU", "GT", "GG", "GN", "GW", "GY", "HT", "HM", "VA", "HN", "HK", "HU", "IS", "IN", "ID", "IR", "IQ", "IE", "IM", "IL", "IT", "JM", "JP", "JE", "JO", "KZ", "KE", "KI", "KP", "KR", "KW", "KG", "LA", "LV", "LB", "LS", "LR", "LY", "LI", "LT", "LU", "MO", "MK", "MG", "MW", "MY", "MV", "ML", "MT", "MH", "MQ", "MR", "MU", "YT", "MX", "FM", "MD", "MC", "MN", "ME", "MS", "MA", "MZ", "MM", "NA", "NR", "NP", "NL", "NC", "NZ", "NI", "NE", "NG", "NU", "NF", "MP", "NO", "OM", "PK", "PW", "PS", "PA", "PG", "PY", "PE", "PH", "PN", "PL", "PT", "PR", "QA", "RE", "RO", "RU", "RW", "BL", "SH", "KN", "LC", "MF", "PM", "VC", "WS", "SM", "ST", "SA", "SN", "RS", "SC", "SL", "SG", "SX", "SK", "SI", "SB", "SO", "ZA", "GS", "SS", "ES", "LK", "SD", "SR", "SJ", "SZ", "SE", "CH", "SY", "TW", "TJ", "TZ", "TH", "TL", "TG", "TK", "TO", "TT", "TN", "TR", "TM", "TC", "TV", "UG", "UA", "AE", "GB", "US", "UM", "UY", "UZ", "VU", "VE", "VN", "VG", "VI", "WF", "EH", "YE", "ZM", "ZW"
resp.rule_group.rules[0].statement.rule_group_reference_statement.arn #=> String
resp.rule_group.rules[0].statement.rule_group_reference_statement.excluded_rules #=> Array
resp.rule_group.rules[0].statement.rule_group_reference_statement.excluded_rules[0].name #=> String
resp.rule_group.rules[0].statement.ip_set_reference_statement.arn #=> String
resp.rule_group.rules[0].statement.regex_pattern_set_reference_statement.arn #=> String
resp.rule_group.rules[0].statement.regex_pattern_set_reference_statement.field_to_match.single_header.name #=> String
resp.rule_group.rules[0].statement.regex_pattern_set_reference_statement.field_to_match.single_query_argument.name #=> String
resp.rule_group.rules[0].statement.regex_pattern_set_reference_statement.text_transformations #=> Array
resp.rule_group.rules[0].statement.regex_pattern_set_reference_statement.text_transformations[0].priority #=> Integer
resp.rule_group.rules[0].statement.regex_pattern_set_reference_statement.text_transformations[0].type #=> String, one of "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE"
resp.rule_group.rules[0].statement.rate_based_statement.limit #=> Integer
resp.rule_group.rules[0].statement.rate_based_statement.aggregate_key_type #=> String, one of "IP"
resp.rule_group.rules[0].statement.rate_based_statement.scope_down_statement #=> Types::Statement
resp.rule_group.rules[0].statement.and_statement.statements #=> Array
resp.rule_group.rules[0].statement.and_statement.statements[0] #=> Types::Statement
resp.rule_group.rules[0].statement.or_statement.statements #=> Array
resp.rule_group.rules[0].statement.or_statement.statements[0] #=> Types::Statement
resp.rule_group.rules[0].statement.not_statement.statement #=> Types::Statement
resp.rule_group.rules[0].statement.managed_rule_group_statement.vendor_name #=> String
resp.rule_group.rules[0].statement.managed_rule_group_statement.name #=> String
resp.rule_group.rules[0].statement.managed_rule_group_statement.excluded_rules #=> Array
resp.rule_group.rules[0].statement.managed_rule_group_statement.excluded_rules[0].name #=> String
resp.rule_group.rules[0].visibility_config.sampled_requests_enabled #=> Boolean
resp.rule_group.rules[0].visibility_config.cloud_watch_metrics_enabled #=> Boolean
resp.rule_group.rules[0].visibility_config.metric_name #=> String
resp.rule_group.visibility_config.sampled_requests_enabled #=> Boolean
resp.rule_group.visibility_config.cloud_watch_metrics_enabled #=> Boolean
resp.rule_group.visibility_config.metric_name #=> String
resp.lock_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the rule group. You cannot change the name of a rule group after you create it.

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :id (required, String)

    A unique identifier for the rule group. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.

Returns:

See Also:



2375
2376
2377
2378
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 2375

def get_rule_group(params = {}, options = {})
  req = build_request(:get_rule_group, params)
  req.send_request(options)
end

#get_sampled_requests(params = {}) ⇒ Types::GetSampledRequestsResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Gets detailed information about a specified number of requests--a sample--that AWS WAF randomly selects from among the first 5,000 requests that your AWS resource received during a time range that you choose. You can specify a sample size of up to 500 requests, and you can specify any time range in the previous three hours.

GetSampledRequests returns a time range, which is usually the time range that you specified. However, if your resource (such as a CloudFront distribution) received 5,000 requests before the specified time range elapsed, GetSampledRequests returns an updated time range. This new time range indicates the actual period during which AWS WAF selected the requests in the sample.

Examples:

Request syntax with placeholder values


resp = client.get_sampled_requests({
  web_acl_arn: "ResourceArn", # required
  rule_metric_name: "MetricName", # required
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  time_window: { # required
    start_time: Time.now, # required
    end_time: Time.now, # required
  },
  max_items: 1, # required
})

Response structure


resp.sampled_requests #=> Array
resp.sampled_requests[0].request.client_ip #=> String
resp.sampled_requests[0].request.country #=> String
resp.sampled_requests[0].request.uri #=> String
resp.sampled_requests[0].request.method #=> String
resp.sampled_requests[0].request.http_version #=> String
resp.sampled_requests[0].request.headers #=> Array
resp.sampled_requests[0].request.headers[0].name #=> String
resp.sampled_requests[0].request.headers[0].value #=> String
resp.sampled_requests[0].weight #=> Integer
resp.sampled_requests[0].timestamp #=> Time
resp.sampled_requests[0].action #=> String
resp.sampled_requests[0].rule_name_within_rule_group #=> String
resp.population_size #=> Integer
resp.time_window.start_time #=> Time
resp.time_window.end_time #=> Time

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :web_acl_arn (required, String)

    The Amazon resource name (ARN) of the WebACL for which you want a sample of requests.

  • :rule_metric_name (required, String)

    The metric name assigned to the Rule or RuleGroup for which you want a sample of requests.

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :time_window (required, Types::TimeWindow)

    The start date and time and the end date and time of the range for which you want GetSampledRequests to return a sample of requests. Specify the date and time in the following format: "2016-09-27T14:50Z". You can specify any time range in the previous three hours.

  • :max_items (required, Integer)

    The number of requests that you want AWS WAF to return from among the first 5,000 requests that your AWS resource received during the time range. If your resource received fewer requests than the value of MaxItems, GetSampledRequests returns information about all of them.

Returns:

See Also:



2481
2482
2483
2484
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 2481

def get_sampled_requests(params = {}, options = {})
  req = build_request(:get_sampled_requests, params)
  req.send_request(options)
end

#get_web_acl(params = {}) ⇒ Types::GetWebACLResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Retrieves the specified WebACL.

Examples:

Request syntax with placeholder values


resp = client.get_web_acl({
  name: "EntityName", # required
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  id: "EntityId", # required
})

Response structure


resp.web_acl.name #=> String
resp.web_acl.id #=> String
resp.web_acl.arn #=> String
resp.web_acl.description #=> String
resp.web_acl.rules #=> Array
resp.web_acl.rules[0].name #=> String
resp.web_acl.rules[0].priority #=> Integer
resp.web_acl.rules[0].statement.byte_match_statement.search_string #=> String
resp.web_acl.rules[0].statement.byte_match_statement.field_to_match.single_header.name #=> String
resp.web_acl.rules[0].statement.byte_match_statement.field_to_match.single_query_argument.name #=> String
resp.web_acl.rules[0].statement.byte_match_statement.text_transformations #=> Array
resp.web_acl.rules[0].statement.byte_match_statement.text_transformations[0].priority #=> Integer
resp.web_acl.rules[0].statement.byte_match_statement.text_transformations[0].type #=> String, one of "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE"
resp.web_acl.rules[0].statement.byte_match_statement.positional_constraint #=> String, one of "EXACTLY", "STARTS_WITH", "ENDS_WITH", "CONTAINS", "CONTAINS_WORD"
resp.web_acl.rules[0].statement.sqli_match_statement.field_to_match.single_header.name #=> String
resp.web_acl.rules[0].statement.sqli_match_statement.field_to_match.single_query_argument.name #=> String
resp.web_acl.rules[0].statement.sqli_match_statement.text_transformations #=> Array
resp.web_acl.rules[0].statement.sqli_match_statement.text_transformations[0].priority #=> Integer
resp.web_acl.rules[0].statement.sqli_match_statement.text_transformations[0].type #=> String, one of "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE"
resp.web_acl.rules[0].statement.xss_match_statement.field_to_match.single_header.name #=> String
resp.web_acl.rules[0].statement.xss_match_statement.field_to_match.single_query_argument.name #=> String
resp.web_acl.rules[0].statement.xss_match_statement.text_transformations #=> Array
resp.web_acl.rules[0].statement.xss_match_statement.text_transformations[0].priority #=> Integer
resp.web_acl.rules[0].statement.xss_match_statement.text_transformations[0].type #=> String, one of "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE"
resp.web_acl.rules[0].statement.size_constraint_statement.field_to_match.single_header.name #=> String
resp.web_acl.rules[0].statement.size_constraint_statement.field_to_match.single_query_argument.name #=> String
resp.web_acl.rules[0].statement.size_constraint_statement.comparison_operator #=> String, one of "EQ", "NE", "LE", "LT", "GE", "GT"
resp.web_acl.rules[0].statement.size_constraint_statement.size #=> Integer
resp.web_acl.rules[0].statement.size_constraint_statement.text_transformations #=> Array
resp.web_acl.rules[0].statement.size_constraint_statement.text_transformations[0].priority #=> Integer
resp.web_acl.rules[0].statement.size_constraint_statement.text_transformations[0].type #=> String, one of "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE"
resp.web_acl.rules[0].statement.geo_match_statement.country_codes #=> Array
resp.web_acl.rules[0].statement.geo_match_statement.country_codes[0] #=> String, one of "AF", "AX", "AL", "DZ", "AS", "AD", "AO", "AI", "AQ", "AG", "AR", "AM", "AW", "AU", "AT", "AZ", "BS", "BH", "BD", "BB", "BY", "BE", "BZ", "BJ", "BM", "BT", "BO", "BQ", "BA", "BW", "BV", "BR", "IO", "BN", "BG", "BF", "BI", "KH", "CM", "CA", "CV", "KY", "CF", "TD", "CL", "CN", "CX", "CC", "CO", "KM", "CG", "CD", "CK", "CR", "CI", "HR", "CU", "CW", "CY", "CZ", "DK", "DJ", "DM", "DO", "EC", "EG", "SV", "GQ", "ER", "EE", "ET", "FK", "FO", "FJ", "FI", "FR", "GF", "PF", "TF", "GA", "GM", "GE", "DE", "GH", "GI", "GR", "GL", "GD", "GP", "GU", "GT", "GG", "GN", "GW", "GY", "HT", "HM", "VA", "HN", "HK", "HU", "IS", "IN", "ID", "IR", "IQ", "IE", "IM", "IL", "IT", "JM", "JP", "JE", "JO", "KZ", "KE", "KI", "KP", "KR", "KW", "KG", "LA", "LV", "LB", "LS", "LR", "LY", "LI", "LT", "LU", "MO", "MK", "MG", "MW", "MY", "MV", "ML", "MT", "MH", "MQ", "MR", "MU", "YT", "MX", "FM", "MD", "MC", "MN", "ME", "MS", "MA", "MZ", "MM", "NA", "NR", "NP", "NL", "NC", "NZ", "NI", "NE", "NG", "NU", "NF", "MP", "NO", "OM", "PK", "PW", "PS", "PA", "PG", "PY", "PE", "PH", "PN", "PL", "PT", "PR", "QA", "RE", "RO", "RU", "RW", "BL", "SH", "KN", "LC", "MF", "PM", "VC", "WS", "SM", "ST", "SA", "SN", "RS", "SC", "SL", "SG", "SX", "SK", "SI", "SB", "SO", "ZA", "GS", "SS", "ES", "LK", "SD", "SR", "SJ", "SZ", "SE", "CH", "SY", "TW", "TJ", "TZ", "TH", "TL", "TG", "TK", "TO", "TT", "TN", "TR", "TM", "TC", "TV", "UG", "UA", "AE", "GB", "US", "UM", "UY", "UZ", "VU", "VE", "VN", "VG", "VI", "WF", "EH", "YE", "ZM", "ZW"
resp.web_acl.rules[0].statement.rule_group_reference_statement.arn #=> String
resp.web_acl.rules[0].statement.rule_group_reference_statement.excluded_rules #=> Array
resp.web_acl.rules[0].statement.rule_group_reference_statement.excluded_rules[0].name #=> String
resp.web_acl.rules[0].statement.ip_set_reference_statement.arn #=> String
resp.web_acl.rules[0].statement.regex_pattern_set_reference_statement.arn #=> String
resp.web_acl.rules[0].statement.regex_pattern_set_reference_statement.field_to_match.single_header.name #=> String
resp.web_acl.rules[0].statement.regex_pattern_set_reference_statement.field_to_match.single_query_argument.name #=> String
resp.web_acl.rules[0].statement.regex_pattern_set_reference_statement.text_transformations #=> Array
resp.web_acl.rules[0].statement.regex_pattern_set_reference_statement.text_transformations[0].priority #=> Integer
resp.web_acl.rules[0].statement.regex_pattern_set_reference_statement.text_transformations[0].type #=> String, one of "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE"
resp.web_acl.rules[0].statement.rate_based_statement.limit #=> Integer
resp.web_acl.rules[0].statement.rate_based_statement.aggregate_key_type #=> String, one of "IP"
resp.web_acl.rules[0].statement.rate_based_statement.scope_down_statement #=> Types::Statement
resp.web_acl.rules[0].statement.and_statement.statements #=> Array
resp.web_acl.rules[0].statement.and_statement.statements[0] #=> Types::Statement
resp.web_acl.rules[0].statement.or_statement.statements #=> Array
resp.web_acl.rules[0].statement.or_statement.statements[0] #=> Types::Statement
resp.web_acl.rules[0].statement.not_statement.statement #=> Types::Statement
resp.web_acl.rules[0].statement.managed_rule_group_statement.vendor_name #=> String
resp.web_acl.rules[0].statement.managed_rule_group_statement.name #=> String
resp.web_acl.rules[0].statement.managed_rule_group_statement.excluded_rules #=> Array
resp.web_acl.rules[0].statement.managed_rule_group_statement.excluded_rules[0].name #=> String
resp.web_acl.rules[0].visibility_config.sampled_requests_enabled #=> Boolean
resp.web_acl.rules[0].visibility_config.cloud_watch_metrics_enabled #=> Boolean
resp.web_acl.rules[0].visibility_config.metric_name #=> String
resp.web_acl.visibility_config.sampled_requests_enabled #=> Boolean
resp.web_acl.visibility_config.cloud_watch_metrics_enabled #=> Boolean
resp.web_acl.visibility_config.metric_name #=> String
resp.web_acl.capacity #=> Integer
resp.web_acl.pre_process_firewall_manager_rule_groups #=> Array
resp.web_acl.pre_process_firewall_manager_rule_groups[0].name #=> String
resp.web_acl.pre_process_firewall_manager_rule_groups[0].priority #=> Integer
resp.web_acl.pre_process_firewall_manager_rule_groups[0].firewall_manager_statement.managed_rule_group_statement.vendor_name #=> String
resp.web_acl.pre_process_firewall_manager_rule_groups[0].firewall_manager_statement.managed_rule_group_statement.name #=> String
resp.web_acl.pre_process_firewall_manager_rule_groups[0].firewall_manager_statement.managed_rule_group_statement.excluded_rules #=> Array
resp.web_acl.pre_process_firewall_manager_rule_groups[0].firewall_manager_statement.managed_rule_group_statement.excluded_rules[0].name #=> String
resp.web_acl.pre_process_firewall_manager_rule_groups[0].firewall_manager_statement.rule_group_reference_statement.arn #=> String
resp.web_acl.pre_process_firewall_manager_rule_groups[0].firewall_manager_statement.rule_group_reference_statement.excluded_rules #=> Array
resp.web_acl.pre_process_firewall_manager_rule_groups[0].firewall_manager_statement.rule_group_reference_statement.excluded_rules[0].name #=> String
resp.web_acl.pre_process_firewall_manager_rule_groups[0].visibility_config.sampled_requests_enabled #=> Boolean
resp.web_acl.pre_process_firewall_manager_rule_groups[0].visibility_config.cloud_watch_metrics_enabled #=> Boolean
resp.web_acl.pre_process_firewall_manager_rule_groups[0].visibility_config.metric_name #=> String
resp.web_acl.post_process_firewall_manager_rule_groups #=> Array
resp.web_acl.post_process_firewall_manager_rule_groups[0].name #=> String
resp.web_acl.post_process_firewall_manager_rule_groups[0].priority #=> Integer
resp.web_acl.post_process_firewall_manager_rule_groups[0].firewall_manager_statement.managed_rule_group_statement.vendor_name #=> String
resp.web_acl.post_process_firewall_manager_rule_groups[0].firewall_manager_statement.managed_rule_group_statement.name #=> String
resp.web_acl.post_process_firewall_manager_rule_groups[0].firewall_manager_statement.managed_rule_group_statement.excluded_rules #=> Array
resp.web_acl.post_process_firewall_manager_rule_groups[0].firewall_manager_statement.managed_rule_group_statement.excluded_rules[0].name #=> String
resp.web_acl.post_process_firewall_manager_rule_groups[0].firewall_manager_statement.rule_group_reference_statement.arn #=> String
resp.web_acl.post_process_firewall_manager_rule_groups[0].firewall_manager_statement.rule_group_reference_statement.excluded_rules #=> Array
resp.web_acl.post_process_firewall_manager_rule_groups[0].firewall_manager_statement.rule_group_reference_statement.excluded_rules[0].name #=> String
resp.web_acl.post_process_firewall_manager_rule_groups[0].visibility_config.sampled_requests_enabled #=> Boolean
resp.web_acl.post_process_firewall_manager_rule_groups[0].visibility_config.cloud_watch_metrics_enabled #=> Boolean
resp.web_acl.post_process_firewall_manager_rule_groups[0].visibility_config.metric_name #=> String
resp.web_acl.managed_by_firewall_manager #=> Boolean
resp.lock_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the Web ACL. You cannot change the name of a Web ACL after you create it.

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :id (required, String)

    The unique identifier for the Web ACL. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.

Returns:

See Also:



2631
2632
2633
2634
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 2631

def get_web_acl(params = {}, options = {})
  req = build_request(:get_web_acl, params)
  req.send_request(options)
end

#get_web_acl_for_resource(params = {}) ⇒ Types::GetWebACLForResourceResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Retrieves the WebACL for the specified resource.

Examples:

Request syntax with placeholder values


resp = client.get_web_acl_for_resource({
  resource_arn: "ResourceArn", # required
})

Response structure


resp.web_acl.name #=> String
resp.web_acl.id #=> String
resp.web_acl.arn #=> String
resp.web_acl.description #=> String
resp.web_acl.rules #=> Array
resp.web_acl.rules[0].name #=> String
resp.web_acl.rules[0].priority #=> Integer
resp.web_acl.rules[0].statement.byte_match_statement.search_string #=> String
resp.web_acl.rules[0].statement.byte_match_statement.field_to_match.single_header.name #=> String
resp.web_acl.rules[0].statement.byte_match_statement.field_to_match.single_query_argument.name #=> String
resp.web_acl.rules[0].statement.byte_match_statement.text_transformations #=> Array
resp.web_acl.rules[0].statement.byte_match_statement.text_transformations[0].priority #=> Integer
resp.web_acl.rules[0].statement.byte_match_statement.text_transformations[0].type #=> String, one of "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE"
resp.web_acl.rules[0].statement.byte_match_statement.positional_constraint #=> String, one of "EXACTLY", "STARTS_WITH", "ENDS_WITH", "CONTAINS", "CONTAINS_WORD"
resp.web_acl.rules[0].statement.sqli_match_statement.field_to_match.single_header.name #=> String
resp.web_acl.rules[0].statement.sqli_match_statement.field_to_match.single_query_argument.name #=> String
resp.web_acl.rules[0].statement.sqli_match_statement.text_transformations #=> Array
resp.web_acl.rules[0].statement.sqli_match_statement.text_transformations[0].priority #=> Integer
resp.web_acl.rules[0].statement.sqli_match_statement.text_transformations[0].type #=> String, one of "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE"
resp.web_acl.rules[0].statement.xss_match_statement.field_to_match.single_header.name #=> String
resp.web_acl.rules[0].statement.xss_match_statement.field_to_match.single_query_argument.name #=> String
resp.web_acl.rules[0].statement.xss_match_statement.text_transformations #=> Array
resp.web_acl.rules[0].statement.xss_match_statement.text_transformations[0].priority #=> Integer
resp.web_acl.rules[0].statement.xss_match_statement.text_transformations[0].type #=> String, one of "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE"
resp.web_acl.rules[0].statement.size_constraint_statement.field_to_match.single_header.name #=> String
resp.web_acl.rules[0].statement.size_constraint_statement.field_to_match.single_query_argument.name #=> String
resp.web_acl.rules[0].statement.size_constraint_statement.comparison_operator #=> String, one of "EQ", "NE", "LE", "LT", "GE", "GT"
resp.web_acl.rules[0].statement.size_constraint_statement.size #=> Integer
resp.web_acl.rules[0].statement.size_constraint_statement.text_transformations #=> Array
resp.web_acl.rules[0].statement.size_constraint_statement.text_transformations[0].priority #=> Integer
resp.web_acl.rules[0].statement.size_constraint_statement.text_transformations[0].type #=> String, one of "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE"
resp.web_acl.rules[0].statement.geo_match_statement.country_codes #=> Array
resp.web_acl.rules[0].statement.geo_match_statement.country_codes[0] #=> String, one of "AF", "AX", "AL", "DZ", "AS", "AD", "AO", "AI", "AQ", "AG", "AR", "AM", "AW", "AU", "AT", "AZ", "BS", "BH", "BD", "BB", "BY", "BE", "BZ", "BJ", "BM", "BT", "BO", "BQ", "BA", "BW", "BV", "BR", "IO", "BN", "BG", "BF", "BI", "KH", "CM", "CA", "CV", "KY", "CF", "TD", "CL", "CN", "CX", "CC", "CO", "KM", "CG", "CD", "CK", "CR", "CI", "HR", "CU", "CW", "CY", "CZ", "DK", "DJ", "DM", "DO", "EC", "EG", "SV", "GQ", "ER", "EE", "ET", "FK", "FO", "FJ", "FI", "FR", "GF", "PF", "TF", "GA", "GM", "GE", "DE", "GH", "GI", "GR", "GL", "GD", "GP", "GU", "GT", "GG", "GN", "GW", "GY", "HT", "HM", "VA", "HN", "HK", "HU", "IS", "IN", "ID", "IR", "IQ", "IE", "IM", "IL", "IT", "JM", "JP", "JE", "JO", "KZ", "KE", "KI", "KP", "KR", "KW", "KG", "LA", "LV", "LB", "LS", "LR", "LY", "LI", "LT", "LU", "MO", "MK", "MG", "MW", "MY", "MV", "ML", "MT", "MH", "MQ", "MR", "MU", "YT", "MX", "FM", "MD", "MC", "MN", "ME", "MS", "MA", "MZ", "MM", "NA", "NR", "NP", "NL", "NC", "NZ", "NI", "NE", "NG", "NU", "NF", "MP", "NO", "OM", "PK", "PW", "PS", "PA", "PG", "PY", "PE", "PH", "PN", "PL", "PT", "PR", "QA", "RE", "RO", "RU", "RW", "BL", "SH", "KN", "LC", "MF", "PM", "VC", "WS", "SM", "ST", "SA", "SN", "RS", "SC", "SL", "SG", "SX", "SK", "SI", "SB", "SO", "ZA", "GS", "SS", "ES", "LK", "SD", "SR", "SJ", "SZ", "SE", "CH", "SY", "TW", "TJ", "TZ", "TH", "TL", "TG", "TK", "TO", "TT", "TN", "TR", "TM", "TC", "TV", "UG", "UA", "AE", "GB", "US", "UM", "UY", "UZ", "VU", "VE", "VN", "VG", "VI", "WF", "EH", "YE", "ZM", "ZW"
resp.web_acl.rules[0].statement.rule_group_reference_statement.arn #=> String
resp.web_acl.rules[0].statement.rule_group_reference_statement.excluded_rules #=> Array
resp.web_acl.rules[0].statement.rule_group_reference_statement.excluded_rules[0].name #=> String
resp.web_acl.rules[0].statement.ip_set_reference_statement.arn #=> String
resp.web_acl.rules[0].statement.regex_pattern_set_reference_statement.arn #=> String
resp.web_acl.rules[0].statement.regex_pattern_set_reference_statement.field_to_match.single_header.name #=> String
resp.web_acl.rules[0].statement.regex_pattern_set_reference_statement.field_to_match.single_query_argument.name #=> String
resp.web_acl.rules[0].statement.regex_pattern_set_reference_statement.text_transformations #=> Array
resp.web_acl.rules[0].statement.regex_pattern_set_reference_statement.text_transformations[0].priority #=> Integer
resp.web_acl.rules[0].statement.regex_pattern_set_reference_statement.text_transformations[0].type #=> String, one of "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE"
resp.web_acl.rules[0].statement.rate_based_statement.limit #=> Integer
resp.web_acl.rules[0].statement.rate_based_statement.aggregate_key_type #=> String, one of "IP"
resp.web_acl.rules[0].statement.rate_based_statement.scope_down_statement #=> Types::Statement
resp.web_acl.rules[0].statement.and_statement.statements #=> Array
resp.web_acl.rules[0].statement.and_statement.statements[0] #=> Types::Statement
resp.web_acl.rules[0].statement.or_statement.statements #=> Array
resp.web_acl.rules[0].statement.or_statement.statements[0] #=> Types::Statement
resp.web_acl.rules[0].statement.not_statement.statement #=> Types::Statement
resp.web_acl.rules[0].statement.managed_rule_group_statement.vendor_name #=> String
resp.web_acl.rules[0].statement.managed_rule_group_statement.name #=> String
resp.web_acl.rules[0].statement.managed_rule_group_statement.excluded_rules #=> Array
resp.web_acl.rules[0].statement.managed_rule_group_statement.excluded_rules[0].name #=> String
resp.web_acl.rules[0].visibility_config.sampled_requests_enabled #=> Boolean
resp.web_acl.rules[0].visibility_config.cloud_watch_metrics_enabled #=> Boolean
resp.web_acl.rules[0].visibility_config.metric_name #=> String
resp.web_acl.visibility_config.sampled_requests_enabled #=> Boolean
resp.web_acl.visibility_config.cloud_watch_metrics_enabled #=> Boolean
resp.web_acl.visibility_config.metric_name #=> String
resp.web_acl.capacity #=> Integer
resp.web_acl.pre_process_firewall_manager_rule_groups #=> Array
resp.web_acl.pre_process_firewall_manager_rule_groups[0].name #=> String
resp.web_acl.pre_process_firewall_manager_rule_groups[0].priority #=> Integer
resp.web_acl.pre_process_firewall_manager_rule_groups[0].firewall_manager_statement.managed_rule_group_statement.vendor_name #=> String
resp.web_acl.pre_process_firewall_manager_rule_groups[0].firewall_manager_statement.managed_rule_group_statement.name #=> String
resp.web_acl.pre_process_firewall_manager_rule_groups[0].firewall_manager_statement.managed_rule_group_statement.excluded_rules #=> Array
resp.web_acl.pre_process_firewall_manager_rule_groups[0].firewall_manager_statement.managed_rule_group_statement.excluded_rules[0].name #=> String
resp.web_acl.pre_process_firewall_manager_rule_groups[0].firewall_manager_statement.rule_group_reference_statement.arn #=> String
resp.web_acl.pre_process_firewall_manager_rule_groups[0].firewall_manager_statement.rule_group_reference_statement.excluded_rules #=> Array
resp.web_acl.pre_process_firewall_manager_rule_groups[0].firewall_manager_statement.rule_group_reference_statement.excluded_rules[0].name #=> String
resp.web_acl.pre_process_firewall_manager_rule_groups[0].visibility_config.sampled_requests_enabled #=> Boolean
resp.web_acl.pre_process_firewall_manager_rule_groups[0].visibility_config.cloud_watch_metrics_enabled #=> Boolean
resp.web_acl.pre_process_firewall_manager_rule_groups[0].visibility_config.metric_name #=> String
resp.web_acl.post_process_firewall_manager_rule_groups #=> Array
resp.web_acl.post_process_firewall_manager_rule_groups[0].name #=> String
resp.web_acl.post_process_firewall_manager_rule_groups[0].priority #=> Integer
resp.web_acl.post_process_firewall_manager_rule_groups[0].firewall_manager_statement.managed_rule_group_statement.vendor_name #=> String
resp.web_acl.post_process_firewall_manager_rule_groups[0].firewall_manager_statement.managed_rule_group_statement.name #=> String
resp.web_acl.post_process_firewall_manager_rule_groups[0].firewall_manager_statement.managed_rule_group_statement.excluded_rules #=> Array
resp.web_acl.post_process_firewall_manager_rule_groups[0].firewall_manager_statement.managed_rule_group_statement.excluded_rules[0].name #=> String
resp.web_acl.post_process_firewall_manager_rule_groups[0].firewall_manager_statement.rule_group_reference_statement.arn #=> String
resp.web_acl.post_process_firewall_manager_rule_groups[0].firewall_manager_statement.rule_group_reference_statement.excluded_rules #=> Array
resp.web_acl.post_process_firewall_manager_rule_groups[0].firewall_manager_statement.rule_group_reference_statement.excluded_rules[0].name #=> String
resp.web_acl.post_process_firewall_manager_rule_groups[0].visibility_config.sampled_requests_enabled #=> Boolean
resp.web_acl.post_process_firewall_manager_rule_groups[0].visibility_config.cloud_watch_metrics_enabled #=> Boolean
resp.web_acl.post_process_firewall_manager_rule_groups[0].visibility_config.metric_name #=> String
resp.web_acl.managed_by_firewall_manager #=> Boolean

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :resource_arn (required, String)

    The ARN (Amazon Resource Name) of the resource.

Returns:

See Also:



2758
2759
2760
2761
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 2758

def get_web_acl_for_resource(params = {}, options = {})
  req = build_request(:get_web_acl_for_resource, params)
  req.send_request(options)
end

#list_available_managed_rule_groups(params = {}) ⇒ Types::ListAvailableManagedRuleGroupsResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Retrieves an array of managed rule groups that are available for you to use. This list includes all AWS Managed Rules rule groups and the AWS Marketplace managed rule groups that you're subscribed to.

Examples:

Request syntax with placeholder values


resp = client.list_available_managed_rule_groups({
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  next_marker: "NextMarker",
  limit: 1,
})

Response structure


resp.next_marker #=> String
resp.managed_rule_groups #=> Array
resp.managed_rule_groups[0].vendor_name #=> String
resp.managed_rule_groups[0].name #=> String
resp.managed_rule_groups[0].description #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :next_marker (String)

    When you request a list of objects with a Limit setting, if the number of objects that are still available for retrieval exceeds the limit, AWS WAF returns a NextMarker value in the response. To retrieve the next batch of objects, provide the marker from the prior call in your next request.

  • :limit (Integer)

    The maximum number of objects that you want AWS WAF to return for this request. If more objects are available, in the response, AWS WAF provides a NextMarker value that you can use in a subsequent call to get the next batch of objects.

Returns:

See Also:



2829
2830
2831
2832
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 2829

def list_available_managed_rule_groups(params = {}, options = {})
  req = build_request(:list_available_managed_rule_groups, params)
  req.send_request(options)
end

#list_ip_sets(params = {}) ⇒ Types::ListIPSetsResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Retrieves an array of IPSetSummary objects for the IP sets that you manage.

Examples:

Request syntax with placeholder values


resp = client.list_ip_sets({
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  next_marker: "NextMarker",
  limit: 1,
})

Response structure


resp.next_marker #=> String
resp.ip_sets #=> Array
resp.ip_sets[0].name #=> String
resp.ip_sets[0].id #=> String
resp.ip_sets[0].description #=> String
resp.ip_sets[0].lock_token #=> String
resp.ip_sets[0].arn #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :next_marker (String)

    When you request a list of objects with a Limit setting, if the number of objects that are still available for retrieval exceeds the limit, AWS WAF returns a NextMarker value in the response. To retrieve the next batch of objects, provide the marker from the prior call in your next request.

  • :limit (Integer)

    The maximum number of objects that you want AWS WAF to return for this request. If more objects are available, in the response, AWS WAF provides a NextMarker value that you can use in a subsequent call to get the next batch of objects.

Returns:

See Also:



2901
2902
2903
2904
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 2901

def list_ip_sets(params = {}, options = {})
  req = build_request(:list_ip_sets, params)
  req.send_request(options)
end

#list_logging_configurations(params = {}) ⇒ Types::ListLoggingConfigurationsResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Retrieves an array of your LoggingConfiguration objects.

Examples:

Request syntax with placeholder values


resp = client.list_logging_configurations({
  scope: "CLOUDFRONT", # accepts CLOUDFRONT, REGIONAL
  next_marker: "NextMarker",
  limit: 1,
})

Response structure


resp.logging_configurations #=> Array
resp.logging_configurations[0].resource_arn #=> String
resp.logging_configurations[0].log_destination_configs #=> Array
resp.logging_configurations[0].log_destination_configs[0] #=> String
resp.logging_configurations[0].redacted_fields #=> Array
resp.logging_configurations[0].redacted_fields[0].single_header.name #=> String
resp.logging_configurations[0].redacted_fields[0].single_query_argument.name #=> String
resp.next_marker #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :scope (String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :next_marker (String)

    When you request a list of objects with a Limit setting, if the number of objects that are still available for retrieval exceeds the limit, AWS WAF returns a NextMarker value in the response. To retrieve the next batch of objects, provide the marker from the prior call in your next request.

  • :limit (Integer)

    The maximum number of objects that you want AWS WAF to return for this request. If more objects are available, in the response, AWS WAF provides a NextMarker value that you can use in a subsequent call to get the next batch of objects.

Returns:

See Also:



2973
2974
2975
2976
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 2973

def list_logging_configurations(params = {}, options = {})
  req = build_request(:list_logging_configurations, params)
  req.send_request(options)
end

#list_regex_pattern_sets(params = {}) ⇒ Types::ListRegexPatternSetsResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Retrieves an array of RegexPatternSetSummary objects for the regex pattern sets that you manage.

Examples:

Request syntax with placeholder values


resp = client.list_regex_pattern_sets({
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  next_marker: "NextMarker",
  limit: 1,
})

Response structure


resp.next_marker #=> String
resp.regex_pattern_sets #=> Array
resp.regex_pattern_sets[0].name #=> String
resp.regex_pattern_sets[0].id #=> String
resp.regex_pattern_sets[0].description #=> String
resp.regex_pattern_sets[0].lock_token #=> String
resp.regex_pattern_sets[0].arn #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :next_marker (String)

    When you request a list of objects with a Limit setting, if the number of objects that are still available for retrieval exceeds the limit, AWS WAF returns a NextMarker value in the response. To retrieve the next batch of objects, provide the marker from the prior call in your next request.

  • :limit (Integer)

    The maximum number of objects that you want AWS WAF to return for this request. If more objects are available, in the response, AWS WAF provides a NextMarker value that you can use in a subsequent call to get the next batch of objects.

Returns:

See Also:



3045
3046
3047
3048
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 3045

def list_regex_pattern_sets(params = {}, options = {})
  req = build_request(:list_regex_pattern_sets, params)
  req.send_request(options)
end

#list_resources_for_web_acl(params = {}) ⇒ Types::ListResourcesForWebACLResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Retrieves an array of the Amazon Resource Names (ARNs) for the regional resources that are associated with the specified web ACL. If you want the list of AWS CloudFront resources, use the AWS CloudFront call ListDistributionsByWebACLId.

Examples:

Request syntax with placeholder values


resp = client.list_resources_for_web_acl({
  web_acl_arn: "ResourceArn", # required
  resource_type: "APPLICATION_LOAD_BALANCER", # accepts APPLICATION_LOAD_BALANCER, API_GATEWAY
})

Response structure


resp.resource_arns #=> Array
resp.resource_arns[0] #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :web_acl_arn (required, String)

    The Amazon Resource Name (ARN) of the Web ACL.

  • :resource_type (String)

    Used for web ACLs that are scoped for regional applications. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

Returns:

See Also:



3094
3095
3096
3097
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 3094

def list_resources_for_web_acl(params = {}, options = {})
  req = build_request(:list_resources_for_web_acl, params)
  req.send_request(options)
end

#list_rule_groups(params = {}) ⇒ Types::ListRuleGroupsResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Retrieves an array of RuleGroupSummary objects for the rule groups that you manage.

Examples:

Request syntax with placeholder values


resp = client.list_rule_groups({
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  next_marker: "NextMarker",
  limit: 1,
})

Response structure


resp.next_marker #=> String
resp.rule_groups #=> Array
resp.rule_groups[0].name #=> String
resp.rule_groups[0].id #=> String
resp.rule_groups[0].description #=> String
resp.rule_groups[0].lock_token #=> String
resp.rule_groups[0].arn #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :next_marker (String)

    When you request a list of objects with a Limit setting, if the number of objects that are still available for retrieval exceeds the limit, AWS WAF returns a NextMarker value in the response. To retrieve the next batch of objects, provide the marker from the prior call in your next request.

  • :limit (Integer)

    The maximum number of objects that you want AWS WAF to return for this request. If more objects are available, in the response, AWS WAF provides a NextMarker value that you can use in a subsequent call to get the next batch of objects.

Returns:

See Also:



3166
3167
3168
3169
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 3166

def list_rule_groups(params = {}, options = {})
  req = build_request(:list_rule_groups, params)
  req.send_request(options)
end

#list_tags_for_resource(params = {}) ⇒ Types::ListTagsForResourceResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Retrieves the TagInfoForResource for the specified resource.

Examples:

Request syntax with placeholder values


resp = client.list_tags_for_resource({
  next_marker: "NextMarker",
  limit: 1,
  resource_arn: "ResourceArn", # required
})

Response structure


resp.next_marker #=> String
resp.tag_info_for_resource.resource_arn #=> String
resp.tag_info_for_resource.tag_list #=> Array
resp.tag_info_for_resource.tag_list[0].key #=> String
resp.tag_info_for_resource.tag_list[0].value #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :next_marker (String)

    When you request a list of objects with a Limit setting, if the number of objects that are still available for retrieval exceeds the limit, AWS WAF returns a NextMarker value in the response. To retrieve the next batch of objects, provide the marker from the prior call in your next request.

  • :limit (Integer)

    The maximum number of objects that you want AWS WAF to return for this request. If more objects are available, in the response, AWS WAF provides a NextMarker value that you can use in a subsequent call to get the next batch of objects.

  • :resource_arn (required, String)

    The Amazon Resource Name (ARN) of the resource.

Returns:

See Also:



3225
3226
3227
3228
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 3225

def list_tags_for_resource(params = {}, options = {})
  req = build_request(:list_tags_for_resource, params)
  req.send_request(options)
end

#list_web_acls(params = {}) ⇒ Types::ListWebACLsResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Retrieves an array of WebACLSummary objects for the web ACLs that you manage.

Examples:

Request syntax with placeholder values


resp = client.list_web_acls({
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  next_marker: "NextMarker",
  limit: 1,
})

Response structure


resp.next_marker #=> String
resp.web_acls #=> Array
resp.web_acls[0].name #=> String
resp.web_acls[0].id #=> String
resp.web_acls[0].description #=> String
resp.web_acls[0].lock_token #=> String
resp.web_acls[0].arn #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :next_marker (String)

    When you request a list of objects with a Limit setting, if the number of objects that are still available for retrieval exceeds the limit, AWS WAF returns a NextMarker value in the response. To retrieve the next batch of objects, provide the marker from the prior call in your next request.

  • :limit (Integer)

    The maximum number of objects that you want AWS WAF to return for this request. If more objects are available, in the response, AWS WAF provides a NextMarker value that you can use in a subsequent call to get the next batch of objects.

Returns:

See Also:



3297
3298
3299
3300
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 3297

def list_web_acls(params = {}, options = {})
  req = build_request(:list_web_acls, params)
  req.send_request(options)
end

#put_logging_configuration(params = {}) ⇒ Types::PutLoggingConfigurationResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Enables the specified LoggingConfiguration, to start logging from a web ACL, according to the configuration provided.

You can access information about all traffic that AWS WAF inspects using the following steps:

  1. Create an Amazon Kinesis Data Firehose.

    Create the data firehose with a PUT source and in the Region that you are operating. If you are capturing logs for Amazon CloudFront, always create the firehose in US East (N. Virginia).

    Do not create the data firehose using a Kinesis stream as your source.

  2. Associate that firehose to your web ACL using a PutLoggingConfiguration request.

When you successfully enable logging using a PutLoggingConfiguration request, AWS WAF will create a service linked role with the necessary permissions to write logs to the Amazon Kinesis Data Firehose. For more information, see Logging Web ACL Traffic Information in the AWS WAF Developer Guide.

Examples:

Request syntax with placeholder values


resp = client.put_logging_configuration({
  logging_configuration: { # required
    resource_arn: "ResourceArn", # required
    log_destination_configs: ["ResourceArn"], # required
    redacted_fields: [
      {
        single_header: {
          name: "FieldToMatchData", # required
        },
        single_query_argument: {
          name: "FieldToMatchData", # required
        },
        all_query_arguments: {
        },
        uri_path: {
        },
        query_string: {
        },
        body: {
        },
        method: {
        },
      },
    ],
  },
})

Response structure


resp.logging_configuration.resource_arn #=> String
resp.logging_configuration.log_destination_configs #=> Array
resp.logging_configuration.log_destination_configs[0] #=> String
resp.logging_configuration.redacted_fields #=> Array
resp.logging_configuration.redacted_fields[0].single_header.name #=> String
resp.logging_configuration.redacted_fields[0].single_query_argument.name #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

Returns:

See Also:



3388
3389
3390
3391
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 3388

def put_logging_configuration(params = {}, options = {})
  req = build_request(:put_logging_configuration, params)
  req.send_request(options)
end

#put_permission_policy(params = {}) ⇒ Struct

Attaches an IAM policy to the specified resource. Use this to share a rule group across accounts.

You must be the owner of the rule group to perform this operation.

This action is subject to the following restrictions:

  • You can attach only one policy with each PutPermissionPolicy request.

  • The ARN in the request must be a valid WAF RuleGroup ARN and the rule group must exist in the same region.

  • The user making the request must be the owner of the rule group.

Examples:

Request syntax with placeholder values


resp = client.put_permission_policy({
  resource_arn: "ResourceArn", # required
  policy: "PolicyString", # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :resource_arn (required, String)

    The Amazon Resource Name (ARN) of the RuleGroup to which you want to attach the policy.

  • :policy (required, String)

    The policy to attach to the specified rule group.

    The policy specifications must conform to the following:

    • The policy must be composed using IAM Policy version 2012-10-17 or version 2015-01-01.

    • The policy must include specifications for Effect, Action, and Principal.

    • Effect must specify Allow.

    • Action must specify wafv2:CreateWebACL, wafv2:UpdateWebACL, and wafv2:PutFirewallManagerRuleGroups. AWS WAF rejects any extra actions or wildcard actions in the policy.

    • The policy must not include a Resource parameter.

    For more information, see IAM Policies.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



3450
3451
3452
3453
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 3450

def put_permission_policy(params = {}, options = {})
  req = build_request(:put_permission_policy, params)
  req.send_request(options)
end

#tag_resource(params = {}) ⇒ Struct

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Associates tags with the specified AWS resource. Tags are key:value pairs that you can associate with AWS resources. For example, the tag key might be "customer" and the tag value might be "companyA." You can specify one or more tags to add to each container. You can add up to 50 tags to each AWS resource.

Examples:

Request syntax with placeholder values


resp = client.tag_resource({
  resource_arn: "ResourceArn", # required
  tags: [ # required
    {
      key: "TagKey", # required
      value: "TagValue", # required
    },
  ],
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :resource_arn (required, String)

    The Amazon Resource Name (ARN) of the resource.

  • :tags (required, Array<Types::Tag>)

    An array of key:value pairs to associate with the resource.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



3496
3497
3498
3499
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 3496

def tag_resource(params = {}, options = {})
  req = build_request(:tag_resource, params)
  req.send_request(options)
end

#untag_resource(params = {}) ⇒ Struct

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Disassociates tags from an AWS resource. Tags are key:value pairs that you can associate with AWS resources. For example, the tag key might be "customer" and the tag value might be "companyA." You can specify one or more tags to add to each container. You can add up to 50 tags to each AWS resource.

Examples:

Request syntax with placeholder values


resp = client.untag_resource({
  resource_arn: "ResourceArn", # required
  tag_keys: ["TagKey"], # required
})

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :resource_arn (required, String)

    The Amazon Resource Name (ARN) of the resource.

  • :tag_keys (required, Array<String>)

    An array of keys identifying the tags to disassociate from the resource.

Returns:

  • (Struct)

    Returns an empty response.

See Also:



3538
3539
3540
3541
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 3538

def untag_resource(params = {}, options = {})
  req = build_request(:untag_resource, params)
  req.send_request(options)
end

#update_ip_set(params = {}) ⇒ Types::UpdateIPSetResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Updates the specified IPSet.

Examples:

Request syntax with placeholder values


resp = client.update_ip_set({
  name: "EntityName", # required
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  id: "EntityId", # required
  description: "EntityDescription",
  addresses: ["IPAddress"], # required
  lock_token: "LockToken", # required
})

Response structure


resp.next_lock_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the IP set. You cannot change the name of an IPSet after you create it.

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :id (required, String)

    A unique identifier for the set. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.

  • :description (String)

    A description of the IP set that helps with identification. You cannot change the description of an IP set after you create it.

  • :addresses (required, Array<String>)

    Contains an array of strings that specify one or more IP addresses or blocks of IP addresses in Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports all address ranges for IP versions IPv4 and IPv6.

    Examples:

    • To configure AWS WAF to allow, block, or count requests that originated from the IP address 192.0.2.44, specify 192.0.2.44/32.

    • To configure AWS WAF to allow, block, or count requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24.

    • To configure AWS WAF to allow, block, or count requests that originated from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128.

    • To configure AWS WAF to allow, block, or count requests that originated from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64.

    For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.

  • :lock_token (required, String)

    A token used for optimistic locking. AWS WAF returns a token to your get and list requests, to mark the state of the entity at the time of the request. To make changes to the entity associated with the token, you provide the token to operations like update and delete. AWS WAF uses the token to ensure that no changes have been made to the entity since you last retrieved it. If a change has been made, the update fails with a WAFOptimisticLockException. If this happens, perform another get, and use the new token returned by that operation.

Returns:

See Also:



3647
3648
3649
3650
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 3647

def update_ip_set(params = {}, options = {})
  req = build_request(:update_ip_set, params)
  req.send_request(options)
end

#update_regex_pattern_set(params = {}) ⇒ Types::UpdateRegexPatternSetResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Updates the specified RegexPatternSet.

Examples:

Request syntax with placeholder values


resp = client.update_regex_pattern_set({
  name: "EntityName", # required
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  id: "EntityId", # required
  description: "EntityDescription",
  regular_expression_list: [ # required
    {
      regex_string: "RegexPatternString",
    },
  ],
  lock_token: "LockToken", # required
})

Response structure


resp.next_lock_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the set. You cannot change the name after you create the set.

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :id (required, String)

    A unique identifier for the set. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.

  • :description (String)

    A description of the set that helps with identification. You cannot change the description of a set after you create it.

  • :regular_expression_list (required, Array<Types::Regex>)
  • :lock_token (required, String)

    A token used for optimistic locking. AWS WAF returns a token to your get and list requests, to mark the state of the entity at the time of the request. To make changes to the entity associated with the token, you provide the token to operations like update and delete. AWS WAF uses the token to ensure that no changes have been made to the entity since you last retrieved it. If a change has been made, the update fails with a WAFOptimisticLockException. If this happens, perform another get, and use the new token returned by that operation.

Returns:

See Also:



3730
3731
3732
3733
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 3730

def update_regex_pattern_set(params = {}, options = {})
  req = build_request(:update_regex_pattern_set, params)
  req.send_request(options)
end

#update_rule_group(params = {}) ⇒ Types::UpdateRuleGroupResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Updates the specified RuleGroup.

A rule group defines a collection of rules to inspect and control web requests that you can use in a WebACL. When you create a rule group, you define an immutable capacity limit. If you update a rule group, you must stay within the capacity. This allows others to reuse the rule group with confidence in its capacity requirements.

Examples:

Request syntax with placeholder values


resp = client.update_rule_group({
  name: "EntityName", # required
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  id: "EntityId", # required
  description: "EntityDescription",
  rules: [
    {
      name: "EntityName", # required
      priority: 1, # required
      statement: { # required
        byte_match_statement: {
          search_string: "data", # required
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
          positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
        },
        sqli_match_statement: {
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
        },
        xss_match_statement: {
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
        },
        size_constraint_statement: {
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          comparison_operator: "EQ", # required, accepts EQ, NE, LE, LT, GE, GT
          size: 1, # required
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
        },
        geo_match_statement: {
          country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
        },
        rule_group_reference_statement: {
          arn: "ResourceArn", # required
          excluded_rules: [
            {
              name: "EntityName", # required
            },
          ],
        },
        ip_set_reference_statement: {
          arn: "ResourceArn", # required
        },
        regex_pattern_set_reference_statement: {
          arn: "ResourceArn", # required
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
        },
        rate_based_statement: {
          limit: 1, # required
          aggregate_key_type: "IP", # required, accepts IP
          scope_down_statement: {
            # recursive Statement
          },
        },
        and_statement: {
          statements: [ # required
            {
              # recursive Statement
            },
          ],
        },
        or_statement: {
          statements: [ # required
            {
              # recursive Statement
            },
          ],
        },
        not_statement: {
          statement: { # required
            # recursive Statement
          },
        },
        managed_rule_group_statement: {
          vendor_name: "VendorName", # required
          name: "EntityName", # required
          excluded_rules: [
            {
              name: "EntityName", # required
            },
          ],
        },
      },
      action: {
        block: {
        },
        allow: {
        },
        count: {
        },
      },
      override_action: {
        count: {
        },
        none: {
        },
      },
      visibility_config: { # required
        sampled_requests_enabled: false, # required
        cloud_watch_metrics_enabled: false, # required
        metric_name: "MetricName", # required
      },
    },
  ],
  visibility_config: { # required
    sampled_requests_enabled: false, # required
    cloud_watch_metrics_enabled: false, # required
    metric_name: "MetricName", # required
  },
  lock_token: "LockToken", # required
})

Response structure


resp.next_lock_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the rule group. You cannot change the name of a rule group after you create it.

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :id (required, String)

    A unique identifier for the rule group. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.

  • :description (String)

    A description of the rule group that helps with identification. You cannot change the description of a rule group after you create it.

  • :rules (Array<Types::Rule>)

    The Rule statements used to identify the web requests that you want to allow, block, or count. Each rule includes one top-level statement that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.

  • :visibility_config (required, Types::VisibilityConfig)

    Defines and enables Amazon CloudWatch metrics and web request sample collection.

  • :lock_token (required, String)

    A token used for optimistic locking. AWS WAF returns a token to your get and list requests, to mark the state of the entity at the time of the request. To make changes to the entity associated with the token, you provide the token to operations like update and delete. AWS WAF uses the token to ensure that no changes have been made to the entity since you last retrieved it. If a change has been made, the update fails with a WAFOptimisticLockException. If this happens, perform another get, and use the new token returned by that operation.

Returns:

See Also:



4038
4039
4040
4041
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 4038

def update_rule_group(params = {}, options = {})
  req = build_request(:update_rule_group, params)
  req.send_request(options)
end

#update_web_acl(params = {}) ⇒ Types::UpdateWebACLResponse

This is the latest version of AWS WAF, named AWS WAFV2, released in November, 2019. For information, including how to migrate your AWS WAF resources from the prior release, see the AWS WAF Developer Guide.

Updates the specified WebACL.

A Web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the Web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a Web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a Web ACL with one or more AWS resources to protect. The resources can be Amazon CloudFront, an Amazon API Gateway API, or an Application Load Balancer.

Examples:

Request syntax with placeholder values


resp = client.update_web_acl({
  name: "EntityName", # required
  scope: "CLOUDFRONT", # required, accepts CLOUDFRONT, REGIONAL
  id: "EntityId", # required
  default_action: { # required
    block: {
    },
    allow: {
    },
  },
  description: "EntityDescription",
  rules: [
    {
      name: "EntityName", # required
      priority: 1, # required
      statement: { # required
        byte_match_statement: {
          search_string: "data", # required
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
          positional_constraint: "EXACTLY", # required, accepts EXACTLY, STARTS_WITH, ENDS_WITH, CONTAINS, CONTAINS_WORD
        },
        sqli_match_statement: {
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
        },
        xss_match_statement: {
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
        },
        size_constraint_statement: {
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          comparison_operator: "EQ", # required, accepts EQ, NE, LE, LT, GE, GT
          size: 1, # required
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
        },
        geo_match_statement: {
          country_codes: ["AF"], # accepts AF, AX, AL, DZ, AS, AD, AO, AI, AQ, AG, AR, AM, AW, AU, AT, AZ, BS, BH, BD, BB, BY, BE, BZ, BJ, BM, BT, BO, BQ, BA, BW, BV, BR, IO, BN, BG, BF, BI, KH, CM, CA, CV, KY, CF, TD, CL, CN, CX, CC, CO, KM, CG, CD, CK, CR, CI, HR, CU, CW, CY, CZ, DK, DJ, DM, DO, EC, EG, SV, GQ, ER, EE, ET, FK, FO, FJ, FI, FR, GF, PF, TF, GA, GM, GE, DE, GH, GI, GR, GL, GD, GP, GU, GT, GG, GN, GW, GY, HT, HM, VA, HN, HK, HU, IS, IN, ID, IR, IQ, IE, IM, IL, IT, JM, JP, JE, JO, KZ, KE, KI, KP, KR, KW, KG, LA, LV, LB, LS, LR, LY, LI, LT, LU, MO, MK, MG, MW, MY, MV, ML, MT, MH, MQ, MR, MU, YT, MX, FM, MD, MC, MN, ME, MS, MA, MZ, MM, NA, NR, NP, NL, NC, NZ, NI, NE, NG, NU, NF, MP, NO, OM, PK, PW, PS, PA, PG, PY, PE, PH, PN, PL, PT, PR, QA, RE, RO, RU, RW, BL, SH, KN, LC, MF, PM, VC, WS, SM, ST, SA, SN, RS, SC, SL, SG, SX, SK, SI, SB, SO, ZA, GS, SS, ES, LK, SD, SR, SJ, SZ, SE, CH, SY, TW, TJ, TZ, TH, TL, TG, TK, TO, TT, TN, TR, TM, TC, TV, UG, UA, AE, GB, US, UM, UY, UZ, VU, VE, VN, VG, VI, WF, EH, YE, ZM, ZW
        },
        rule_group_reference_statement: {
          arn: "ResourceArn", # required
          excluded_rules: [
            {
              name: "EntityName", # required
            },
          ],
        },
        ip_set_reference_statement: {
          arn: "ResourceArn", # required
        },
        regex_pattern_set_reference_statement: {
          arn: "ResourceArn", # required
          field_to_match: { # required
            single_header: {
              name: "FieldToMatchData", # required
            },
            single_query_argument: {
              name: "FieldToMatchData", # required
            },
            all_query_arguments: {
            },
            uri_path: {
            },
            query_string: {
            },
            body: {
            },
            method: {
            },
          },
          text_transformations: [ # required
            {
              priority: 1, # required
              type: "NONE", # required, accepts NONE, COMPRESS_WHITE_SPACE, HTML_ENTITY_DECODE, LOWERCASE, CMD_LINE, URL_DECODE
            },
          ],
        },
        rate_based_statement: {
          limit: 1, # required
          aggregate_key_type: "IP", # required, accepts IP
          scope_down_statement: {
            # recursive Statement
          },
        },
        and_statement: {
          statements: [ # required
            {
              # recursive Statement
            },
          ],
        },
        or_statement: {
          statements: [ # required
            {
              # recursive Statement
            },
          ],
        },
        not_statement: {
          statement: { # required
            # recursive Statement
          },
        },
        managed_rule_group_statement: {
          vendor_name: "VendorName", # required
          name: "EntityName", # required
          excluded_rules: [
            {
              name: "EntityName", # required
            },
          ],
        },
      },
      action: {
        block: {
        },
        allow: {
        },
        count: {
        },
      },
      override_action: {
        count: {
        },
        none: {
        },
      },
      visibility_config: { # required
        sampled_requests_enabled: false, # required
        cloud_watch_metrics_enabled: false, # required
        metric_name: "MetricName", # required
      },
    },
  ],
  visibility_config: { # required
    sampled_requests_enabled: false, # required
    cloud_watch_metrics_enabled: false, # required
    metric_name: "MetricName", # required
  },
  lock_token: "LockToken", # required
})

Response structure


resp.next_lock_token #=> String

Parameters:

  • params (Hash) (defaults to: {})

    ({})

Options Hash (params):

  • :name (required, String)

    The name of the Web ACL. You cannot change the name of a Web ACL after you create it.

  • :scope (required, String)

    Specifies whether this is for an AWS CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB) or an API Gateway stage.

    To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:

    • CLI - Specify the Region when you use the CloudFront scope: --scope=CLOUDFRONT --region=us-east-1.

    • API and SDKs - For all calls, use the Region endpoint us-east-1.

  • :id (required, String)

    The unique identifier for the Web ACL. This ID is returned in the responses to create and list commands. You provide it to operations like update and delete.

  • :default_action (required, Types::DefaultAction)

    The action to perform if none of the Rules contained in the WebACL match.

  • :description (String)

    A description of the Web ACL that helps with identification. You cannot change the description of a Web ACL after you create it.

  • :rules (Array<Types::Rule>)

    The Rule statements used to identify the web requests that you want to allow, block, or count. Each rule includes one top-level statement that AWS WAF uses to identify matching web requests, and parameters that govern how AWS WAF handles them.

  • :visibility_config (required, Types::VisibilityConfig)

    Defines and enables Amazon CloudWatch metrics and web request sample collection.

  • :lock_token (required, String)

    A token used for optimistic locking. AWS WAF returns a token to your get and list requests, to mark the state of the entity at the time of the request. To make changes to the entity associated with the token, you provide the token to operations like update and delete. AWS WAF uses the token to ensure that no changes have been made to the entity since you last retrieved it. If a change has been made, the update fails with a WAFOptimisticLockException. If this happens, perform another get, and use the new token returned by that operation.

Returns:

See Also:



4360
4361
4362
4363
# File 'gems/aws-sdk-wafv2/lib/aws-sdk-wafv2/client.rb', line 4360

def update_web_acl(params = {}, options = {})
  req = build_request(:update_web_acl, params)
  req.send_request(options)
end