Exchanges an access code for a token.
" + "documentation":"This is for internal use.
Amplify uses this action to exchange an access code for a token.
" }, "ExportComponents":{ "name":"ExportComponents", @@ -340,7 +340,7 @@ "errors":[ {"shape":"InvalidParameterException"} ], - "documentation":"Refreshes a previously issued access token that might have expired.
" + "documentation":"This is for internal use.
Amplify uses this action to refresh a previously issued access token that might have expired.
" }, "StartCodegenJob":{ "name":"StartCodegenJob", @@ -486,6 +486,32 @@ "type":"boolean", "box":true }, + "CodegenDependencies":{ + "type":"list", + "member":{"shape":"CodegenDependency"} + }, + "CodegenDependency":{ + "type":"structure", + "members":{ + "name":{ + "shape":"String", + "documentation":"Name of the dependency package.
" + }, + "supportedVersion":{ + "shape":"String", + "documentation":"Indicates the version of the supported dependency package.
" + }, + "isSemVer":{ + "shape":"Boolean", + "documentation":"Determines if the dependency package is using Semantic versioning. If set to true, it indicates that the dependency package uses Semantic versioning.
" + }, + "reason":{ + "shape":"String", + "documentation":"Indicates the reason to include the dependency package in your project code.
" + } + }, + "documentation":"Dependency package that may be required for the project code to run.
" + }, "CodegenFeatureFlags":{ "type":"structure", "members":{ @@ -728,6 +754,10 @@ "modifiedAt":{ "shape":"SyntheticTimestamp_date_time", "documentation":"The time that the code generation job was modified.
" + }, + "dependencies":{ + "shape":"CodegenDependencies", + "documentation":"Lists the dependency packages that may be required for the project code to run.
" } }, "documentation":"Describes the configuration for a code generation job that is associated with an Amplify app.
" @@ -2952,6 +2982,12 @@ }, "payload":"body" }, + "ReactCodegenDependencies":{ + "type":"map", + "key":{"shape":"String"}, + "value":{"shape":"String"}, + "documentation":"Indicates the dependency version of the project code to be generated by Amazon Web Services Amplify. The version of the generated code output is determined by the version number contained in aws-amplify.
The API configuration for the code generation job.
" + }, + "dependencies":{ + "shape":"ReactCodegenDependencies", + "documentation":"Lists the dependency packages that may be required for the project code to run.
" } }, "documentation":"Describes the code generation job configuration for a React project.
" diff --git a/botocore/data/chime-sdk-media-pipelines/2021-07-15/service-2.json b/botocore/data/chime-sdk-media-pipelines/2021-07-15/service-2.json index b6e1b7fbca..e61a6b93bc 100644 --- a/botocore/data/chime-sdk-media-pipelines/2021-07-15/service-2.json +++ b/botocore/data/chime-sdk-media-pipelines/2021-07-15/service-2.json @@ -113,6 +113,48 @@ ], "documentation":"Creates a media live connector pipeline in an Amazon Chime SDK meeting.
" }, + "CreateMediaPipelineKinesisVideoStreamPool":{ + "name":"CreateMediaPipelineKinesisVideoStreamPool", + "http":{ + "method":"POST", + "requestUri":"/media-pipeline-kinesis-video-stream-pools", + "responseCode":201 + }, + "input":{"shape":"CreateMediaPipelineKinesisVideoStreamPoolRequest"}, + "output":{"shape":"CreateMediaPipelineKinesisVideoStreamPoolResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"ForbiddenException"}, + {"shape":"UnauthorizedClientException"}, + {"shape":"ThrottledClientException"}, + {"shape":"ResourceLimitExceededException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ServiceFailureException"} + ], + "documentation":"Creates an Kinesis video stream pool for the media pipeline.
" + }, + "CreateMediaStreamPipeline":{ + "name":"CreateMediaStreamPipeline", + "http":{ + "method":"POST", + "requestUri":"/sdk-media-stream-pipelines", + "responseCode":201 + }, + "input":{"shape":"CreateMediaStreamPipelineRequest"}, + "output":{"shape":"CreateMediaStreamPipelineResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"ForbiddenException"}, + {"shape":"NotFoundException"}, + {"shape":"UnauthorizedClientException"}, + {"shape":"ThrottledClientException"}, + {"shape":"ResourceLimitExceededException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ServiceFailureException"} + ], + "documentation":"Creates a streaming media pipeline.
" + }, "DeleteMediaCapturePipeline":{ "name":"DeleteMediaCapturePipeline", "http":{ @@ -172,6 +214,26 @@ ], "documentation":"Deletes the media pipeline.
" }, + "DeleteMediaPipelineKinesisVideoStreamPool":{ + "name":"DeleteMediaPipelineKinesisVideoStreamPool", + "http":{ + "method":"DELETE", + "requestUri":"/media-pipeline-kinesis-video-stream-pools/{identifier}", + "responseCode":204 + }, + "input":{"shape":"DeleteMediaPipelineKinesisVideoStreamPoolRequest"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"ForbiddenException"}, + {"shape":"ThrottledClientException"}, + {"shape":"NotFoundException"}, + {"shape":"UnauthorizedClientException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ServiceFailureException"} + ], + "documentation":"Deletes an Kinesis video stream pool.
" + }, "GetMediaCapturePipeline":{ "name":"GetMediaCapturePipeline", "http":{ @@ -232,6 +294,26 @@ ], "documentation":"Gets an existing media pipeline.
" }, + "GetMediaPipelineKinesisVideoStreamPool":{ + "name":"GetMediaPipelineKinesisVideoStreamPool", + "http":{ + "method":"GET", + "requestUri":"/media-pipeline-kinesis-video-stream-pools/{identifier}", + "responseCode":200 + }, + "input":{"shape":"GetMediaPipelineKinesisVideoStreamPoolRequest"}, + "output":{"shape":"GetMediaPipelineKinesisVideoStreamPoolResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"ForbiddenException"}, + {"shape":"NotFoundException"}, + {"shape":"UnauthorizedClientException"}, + {"shape":"ThrottledClientException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ServiceFailureException"} + ], + "documentation":"Gets an Kinesis video stream pool.
" + }, "GetSpeakerSearchTask":{ "name":"GetSpeakerSearchTask", "http":{ @@ -312,6 +394,26 @@ ], "documentation":"Lists the available media insights pipeline configurations.
" }, + "ListMediaPipelineKinesisVideoStreamPools":{ + "name":"ListMediaPipelineKinesisVideoStreamPools", + "http":{ + "method":"GET", + "requestUri":"/media-pipeline-kinesis-video-stream-pools", + "responseCode":200 + }, + "input":{"shape":"ListMediaPipelineKinesisVideoStreamPoolsRequest"}, + "output":{"shape":"ListMediaPipelineKinesisVideoStreamPoolsResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"ForbiddenException"}, + {"shape":"UnauthorizedClientException"}, + {"shape":"ThrottledClientException"}, + {"shape":"ResourceLimitExceededException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ServiceFailureException"} + ], + "documentation":"Lists the video stream pools in the media pipeline.
" + }, "ListMediaPipelines":{ "name":"ListMediaPipelines", "http":{ @@ -514,6 +616,27 @@ {"shape":"ServiceFailureException"} ], "documentation":"Updates the status of a media insights pipeline.
" + }, + "UpdateMediaPipelineKinesisVideoStreamPool":{ + "name":"UpdateMediaPipelineKinesisVideoStreamPool", + "http":{ + "method":"PUT", + "requestUri":"/media-pipeline-kinesis-video-stream-pools/{identifier}", + "responseCode":200 + }, + "input":{"shape":"UpdateMediaPipelineKinesisVideoStreamPoolRequest"}, + "output":{"shape":"UpdateMediaPipelineKinesisVideoStreamPoolResponse"}, + "errors":[ + {"shape":"BadRequestException"}, + {"shape":"ForbiddenException"}, + {"shape":"NotFoundException"}, + {"shape":"UnauthorizedClientException"}, + {"shape":"ThrottledClientException"}, + {"shape":"ConflictException"}, + {"shape":"ServiceUnavailableException"}, + {"shape":"ServiceFailureException"} + ], + "documentation":"Updates an Kinesis video stream pool in a media pipeline.
" } }, "shapes":{ @@ -816,6 +939,12 @@ "type":"string", "pattern":"44100|48000" }, + "AwsRegion":{ + "type":"string", + "max":32, + "min":1, + "pattern":"^([a-z]+-){2,}\\d+$" + }, "BadRequestException":{ "type":"structure", "members":{ @@ -1327,6 +1456,76 @@ } } }, + "CreateMediaPipelineKinesisVideoStreamPoolRequest":{ + "type":"structure", + "required":[ + "StreamConfiguration", + "PoolName" + ], + "members":{ + "StreamConfiguration":{ + "shape":"KinesisVideoStreamConfiguration", + "documentation":"The configuration settings for the video stream.
" + }, + "PoolName":{ + "shape":"KinesisVideoStreamPoolName", + "documentation":"The name of the video stream pool.
" + }, + "ClientRequestToken":{ + "shape":"ClientRequestToken", + "documentation":"The token assigned to the client making the request.
", + "idempotencyToken":true + }, + "Tags":{ + "shape":"TagList", + "documentation":"The tags assigned to the video stream pool.
" + } + } + }, + "CreateMediaPipelineKinesisVideoStreamPoolResponse":{ + "type":"structure", + "members":{ + "KinesisVideoStreamPoolConfiguration":{ + "shape":"KinesisVideoStreamPoolConfiguration", + "documentation":"The configuration for the Kinesis video stream pool.
" + } + } + }, + "CreateMediaStreamPipelineRequest":{ + "type":"structure", + "required":[ + "Sources", + "Sinks" + ], + "members":{ + "Sources":{ + "shape":"MediaStreamSourceList", + "documentation":"The data sources for the media pipeline.
" + }, + "Sinks":{ + "shape":"MediaStreamSinkList", + "documentation":"The data sink for the media pipeline.
" + }, + "ClientRequestToken":{ + "shape":"ClientRequestToken", + "documentation":"The token assigned to the client making the request.
", + "idempotencyToken":true + }, + "Tags":{ + "shape":"TagList", + "documentation":"The tags assigned to the media pipeline.
" + } + } + }, + "CreateMediaStreamPipelineResponse":{ + "type":"structure", + "members":{ + "MediaStreamPipeline":{ + "shape":"MediaStreamPipeline", + "documentation":"The requested media pipeline.
" + } + } + }, "DataChannelConcatenationConfiguration":{ "type":"structure", "required":["State"], @@ -1338,6 +1537,14 @@ }, "documentation":"The content configuration object's data channel.
" }, + "DataRetentionChangeInHours":{ + "type":"integer", + "min":1 + }, + "DataRetentionInHours":{ + "type":"integer", + "min":0 + }, "DeleteMediaCapturePipelineRequest":{ "type":"structure", "required":["MediaPipelineId"], @@ -1362,6 +1569,18 @@ } } }, + "DeleteMediaPipelineKinesisVideoStreamPoolRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"NonEmptyString", + "documentation":"The ID of the pool being deleted.
", + "location":"uri", + "locationName":"identifier" + } + } + }, "DeleteMediaPipelineRequest":{ "type":"structure", "required":["MediaPipelineId"], @@ -1484,6 +1703,27 @@ } } }, + "GetMediaPipelineKinesisVideoStreamPoolRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"NonEmptyString", + "documentation":"The ID of the video stream pool.
", + "location":"uri", + "locationName":"identifier" + } + } + }, + "GetMediaPipelineKinesisVideoStreamPoolResponse":{ + "type":"structure", + "members":{ + "KinesisVideoStreamPoolConfiguration":{ + "shape":"KinesisVideoStreamPoolConfiguration", + "documentation":"The video stream pool configuration object.
" + } + } + }, "GetMediaPipelineRequest":{ "type":"structure", "required":["MediaPipelineId"], @@ -1550,7 +1790,7 @@ }, "VoiceToneAnalysisTaskId":{ "shape":"GuidString", - "documentation":"The ID of the voice tone anlysis task.
", + "documentation":"The ID of the voice tone analysis task.
", "location":"uri", "locationName":"voiceToneAnalysisTaskId" } @@ -1634,7 +1874,7 @@ }, "TileAspectRatio":{ "shape":"TileAspectRatio", - "documentation":"Sets the aspect ratio of the video tiles, such as 16:9.
" + "documentation":"Specifies the aspect ratio of all video tiles.
" } }, "documentation":"Defines the configuration settings for the horizontal layout.
" @@ -1711,6 +1951,117 @@ "min":1, "pattern":"arn:[a-z\\d-]+:kinesisvideo:[a-z0-9-]+:[0-9]+:[a-z]+/[a-zA-Z0-9_.-]+/[0-9]+" }, + "KinesisVideoStreamConfiguration":{ + "type":"structure", + "required":["Region"], + "members":{ + "Region":{ + "shape":"AwsRegion", + "documentation":"The Amazon Web Services Region of the video stream.
" + }, + "DataRetentionInHours":{ + "shape":"DataRetentionInHours", + "documentation":"The amount of time that data is retained.
" + } + }, + "documentation":"The configuration of an Kinesis video stream.
" + }, + "KinesisVideoStreamConfigurationUpdate":{ + "type":"structure", + "members":{ + "DataRetentionInHours":{ + "shape":"DataRetentionChangeInHours", + "documentation":"The updated time that data is retained.
" + } + }, + "documentation":"The updated Kinesis video stream configuration object.
" + }, + "KinesisVideoStreamPoolConfiguration":{ + "type":"structure", + "members":{ + "PoolArn":{ + "shape":"Arn", + "documentation":"The ARN of the video stream pool configuration.
" + }, + "PoolName":{ + "shape":"KinesisVideoStreamPoolName", + "documentation":"The name of the video stream pool configuration.
" + }, + "PoolId":{ + "shape":"KinesisVideoStreamPoolId", + "documentation":"The ID of the video stream pool in the configuration.
" + }, + "PoolStatus":{ + "shape":"KinesisVideoStreamPoolStatus", + "documentation":"The status of the video stream pool in the configuration.
" + }, + "PoolSize":{ + "shape":"KinesisVideoStreamPoolSize", + "documentation":"The size of the video stream pool in the configuration.
" + }, + "StreamConfiguration":{ + "shape":"KinesisVideoStreamConfiguration", + "documentation":"The Kinesis video stream pool configuration object.
" + }, + "CreatedTimestamp":{ + "shape":"Iso8601Timestamp", + "documentation":"The time at which the configuration was created.
" + }, + "UpdatedTimestamp":{ + "shape":"Iso8601Timestamp", + "documentation":"The time at which the configuration was updated.
" + } + }, + "documentation":"The video stream pool configuration object.
" + }, + "KinesisVideoStreamPoolId":{ + "type":"string", + "max":256, + "min":1, + "pattern":"^[0-9a-zA-Z._-]+" + }, + "KinesisVideoStreamPoolName":{ + "type":"string", + "max":128, + "min":1, + "pattern":"^[0-9a-zA-Z._-]+" + }, + "KinesisVideoStreamPoolSize":{ + "type":"integer", + "min":0 + }, + "KinesisVideoStreamPoolStatus":{ + "type":"string", + "enum":[ + "CREATING", + "ACTIVE", + "UPDATING", + "DELETING", + "FAILED" + ] + }, + "KinesisVideoStreamPoolSummary":{ + "type":"structure", + "members":{ + "PoolName":{ + "shape":"KinesisVideoStreamPoolName", + "documentation":"The name of the video stream pool.
" + }, + "PoolId":{ + "shape":"KinesisVideoStreamPoolId", + "documentation":"The ID of the video stream pool.
" + }, + "PoolArn":{ + "shape":"Arn", + "documentation":"The ARN of the video stream pool.
" + } + }, + "documentation":"A summary of the Kinesis video stream pool.
" + }, + "KinesisVideoStreamPoolSummaryList":{ + "type":"list", + "member":{"shape":"KinesisVideoStreamPoolSummary"} + }, "KinesisVideoStreamRecordingSourceRuntimeConfiguration":{ "type":"structure", "required":[ @@ -1854,6 +2205,36 @@ } } }, + "ListMediaPipelineKinesisVideoStreamPoolsRequest":{ + "type":"structure", + "members":{ + "NextToken":{ + "shape":"String", + "documentation":"The token used to return the next page of results.
", + "location":"querystring", + "locationName":"next-token" + }, + "MaxResults":{ + "shape":"ResultMax", + "documentation":"The maximum number of results to return in a single call.
", + "location":"querystring", + "locationName":"max-results" + } + } + }, + "ListMediaPipelineKinesisVideoStreamPoolsResponse":{ + "type":"structure", + "members":{ + "KinesisVideoStreamPools":{ + "shape":"KinesisVideoStreamPoolSummaryList", + "documentation":"The list of video stream pools.
" + }, + "NextToken":{ + "shape":"String", + "documentation":"The token used to return the next page of results.
" + } + } + }, "ListMediaPipelinesRequest":{ "type":"structure", "members":{ @@ -2360,6 +2741,10 @@ "MediaInsightsPipeline":{ "shape":"MediaInsightsPipeline", "documentation":"The media insights pipeline of a media pipeline.
" + }, + "MediaStreamPipeline":{ + "shape":"MediaStreamPipeline", + "documentation":"Designates a media pipeline as a media stream pipeline.
" } }, "documentation":"A pipeline consisting of a media capture, media concatenation, or live-streaming pipeline.
" @@ -2438,6 +2823,108 @@ "max":48000, "min":8000 }, + "MediaStreamPipeline":{ + "type":"structure", + "members":{ + "MediaPipelineId":{ + "shape":"GuidString", + "documentation":"The ID of the media stream pipeline
" + }, + "MediaPipelineArn":{ + "shape":"AmazonResourceName", + "documentation":"The ARN of the media stream pipeline.
" + }, + "CreatedTimestamp":{ + "shape":"Iso8601Timestamp", + "documentation":"The time at which the media stream pipeline was created.
" + }, + "UpdatedTimestamp":{ + "shape":"Iso8601Timestamp", + "documentation":"The time at which the media stream pipeline was updated.
" + }, + "Status":{ + "shape":"MediaPipelineStatus", + "documentation":"The status of the media stream pipeline.
" + }, + "Sources":{ + "shape":"MediaStreamSourceList", + "documentation":"The media stream pipeline's data sources.
" + }, + "Sinks":{ + "shape":"MediaStreamSinkList", + "documentation":"The media stream pipeline's data sinks.
" + } + }, + "documentation":"Structure that contains the settings for a media stream pipeline.
" + }, + "MediaStreamPipelineSinkType":{ + "type":"string", + "enum":["KinesisVideoStreamPool"] + }, + "MediaStreamSink":{ + "type":"structure", + "required":[ + "SinkArn", + "SinkType", + "ReservedStreamCapacity", + "MediaStreamType" + ], + "members":{ + "SinkArn":{ + "shape":"Arn", + "documentation":"The ARN of the media stream sink.
" + }, + "SinkType":{ + "shape":"MediaStreamPipelineSinkType", + "documentation":"The media stream sink's type.
" + }, + "ReservedStreamCapacity":{ + "shape":"ReservedStreamCapacity", + "documentation":"Specifies the number of streams that the sink can accept.
" + }, + "MediaStreamType":{ + "shape":"MediaStreamType", + "documentation":"The media stream sink's media stream type.
" + } + }, + "documentation":"Structure that contains the settings for a media stream sink.
" + }, + "MediaStreamSinkList":{ + "type":"list", + "member":{"shape":"MediaStreamSink"}, + "max":2, + "min":1 + }, + "MediaStreamSource":{ + "type":"structure", + "required":[ + "SourceType", + "SourceArn" + ], + "members":{ + "SourceType":{ + "shape":"MediaPipelineSourceType", + "documentation":"The type of media stream source.
" + }, + "SourceArn":{ + "shape":"Arn", + "documentation":"The ARN of the media stream source.
" + } + }, + "documentation":"Structure that contains the settings for media stream sources.
" + }, + "MediaStreamSourceList":{ + "type":"list", + "member":{"shape":"MediaStreamSource"}, + "min":1 + }, + "MediaStreamType":{ + "type":"string", + "enum":[ + "MixedAudio", + "IndividualAudio" + ] + }, "MeetingEventsConcatenationConfiguration":{ "type":"structure", "required":["State"], @@ -2619,6 +3106,11 @@ "max":2, "min":2 }, + "ReservedStreamCapacity":{ + "type":"integer", + "max":10, + "min":1 + }, "ResolutionOption":{ "type":"string", "enum":[ @@ -3206,6 +3698,31 @@ } } }, + "UpdateMediaPipelineKinesisVideoStreamPoolRequest":{ + "type":"structure", + "required":["Identifier"], + "members":{ + "Identifier":{ + "shape":"NonEmptyString", + "documentation":"The ID of the video stream pool.
", + "location":"uri", + "locationName":"identifier" + }, + "StreamConfiguration":{ + "shape":"KinesisVideoStreamConfigurationUpdate", + "documentation":"The configuration settings for the video stream.
" + } + } + }, + "UpdateMediaPipelineKinesisVideoStreamPoolResponse":{ + "type":"structure", + "members":{ + "KinesisVideoStreamPoolConfiguration":{ + "shape":"KinesisVideoStreamPoolConfiguration", + "documentation":"The video stream pool configuration object.
" + } + } + }, "VerticalLayoutConfiguration":{ "type":"structure", "members":{ diff --git a/botocore/data/emr-serverless/2021-07-13/service-2.json b/botocore/data/emr-serverless/2021-07-13/service-2.json index a4437ef55a..33f6edb8e3 100644 --- a/botocore/data/emr-serverless/2021-07-13/service-2.json +++ b/botocore/data/emr-serverless/2021-07-13/service-2.json @@ -345,7 +345,12 @@ "workerTypeSpecifications":{ "shape":"WorkerTypeSpecificationMap", "documentation":"The specification applied to each worker type.
" - } + }, + "runtimeConfiguration":{ + "shape":"ConfigurationList", + "documentation":"The Configuration specifications of an application. Each configuration consists of a classification and properties. You use this parameter when creating or updating an application. To see the runtimeConfiguration object of an application, run the GetApplication API operation.
" + }, + "monitoringConfiguration":{"shape":"MonitoringConfiguration"} }, "documentation":"Information about an application. Amazon EMR Serverless uses applications to run jobs.
" }, @@ -674,6 +679,14 @@ "workerTypeSpecifications":{ "shape":"WorkerTypeSpecificationInputMap", "documentation":"The key-value pairs that specify worker type to WorkerTypeSpecificationInput. This parameter must contain all valid worker types for a Spark or Hive application. Valid worker types include Driver and Executor for Spark applications and HiveDriver and TezTask for Hive applications. You can either set image details in this parameter for each worker type, or in imageConfiguration for all worker types.
The Configuration specifications to use when creating an application. Each configuration consists of a classification and properties. This configuration is applied to all the job runs submitted under the application.
" + }, + "monitoringConfiguration":{ + "shape":"MonitoringConfiguration", + "documentation":"The configuration setting for monitoring.
" } } }, @@ -1800,6 +1813,14 @@ "releaseLabel":{ "shape":"ReleaseLabel", "documentation":"The Amazon EMR release label for the application. You can change the release label to use a different release of Amazon EMR.
" + }, + "runtimeConfiguration":{ + "shape":"ConfigurationList", + "documentation":"The Configuration specifications to use when updating an application. Each configuration consists of a classification and properties. This configuration is applied across all the job runs submitted under the application.
" + }, + "monitoringConfiguration":{ + "shape":"MonitoringConfiguration", + "documentation":"The configuration setting for monitoring.
" } } }, diff --git a/botocore/data/endpoints.json b/botocore/data/endpoints.json index 83b37c9681..4e596321c1 100644 --- a/botocore/data/endpoints.json +++ b/botocore/data/endpoints.json @@ -23077,6 +23077,12 @@ "us-gov-west-1" : { } } }, + "rolesanywhere" : { + "endpoints" : { + "us-gov-east-1" : { }, + "us-gov-west-1" : { } + } + }, "route53" : { "endpoints" : { "aws-us-gov-global" : { diff --git a/botocore/data/finspace-data/2020-07-13/service-2.json b/botocore/data/finspace-data/2020-07-13/service-2.json index e537e5865f..8998082fd6 100644 --- a/botocore/data/finspace-data/2020-07-13/service-2.json +++ b/botocore/data/finspace-data/2020-07-13/service-2.json @@ -29,7 +29,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"} ], - "documentation":"Adds a user account to a permission group to grant permissions for actions a user can perform in FinSpace.
" + "documentation":"Adds a user to a permission group to grant permissions for actions a user can perform in FinSpace.
" }, "CreateChangeset":{ "name":"CreateChangeset", @@ -195,7 +195,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"} ], - "documentation":"Removes a user account from a permission group.
" + "documentation":"Removes a user from a permission group.
" }, "EnableUser":{ "name":"EnableUser", @@ -317,7 +317,7 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Request programmatic credentials to use with FinSpace SDK.
" + "documentation":"Request programmatic credentials to use with FinSpace SDK. For more information, see Step 2. Access credentials programmatically using IAM access key id and secret access key.
" }, "GetUser":{ "name":"GetUser", @@ -435,7 +435,7 @@ {"shape":"AccessDeniedException"}, {"shape":"ResourceNotFoundException"} ], - "documentation":"Lists all the permission groups that are associated with a specific user account.
" + "documentation":"Lists all the permission groups that are associated with a specific user.
" }, "ListUsers":{ "name":"ListUsers", @@ -451,7 +451,7 @@ {"shape":"ThrottlingException"}, {"shape":"AccessDeniedException"} ], - "documentation":"Lists all available user accounts in FinSpace.
" + "documentation":"Lists all available users in FinSpace.
" }, "ListUsersByPermissionGroup":{ "name":"ListUsersByPermissionGroup", @@ -558,7 +558,7 @@ {"shape":"ResourceNotFoundException"}, {"shape":"ConflictException"} ], - "documentation":"Modifies the details of the specified user account. You cannot update the userId for a user.
Modifies the details of the specified user. You cannot update the userId for a user.
The Epoch time when the current credentials expire.
" } }, - "documentation":"The credentials required to access the external Dataview from the S3 location.
" + "documentation":"The credentials required to access the external Dataview from the S3 location.
", + "sensitive":true }, "Boolean":{ "type":"boolean", @@ -1058,7 +1059,7 @@ "shape":"LastName", "documentation":"The last name of the user that you want to register.
" }, - "ApiAccess":{ + "apiAccess":{ "shape":"ApiAccess", "documentation":"The option to indicate whether the user can use the GetProgrammaticAccessCredentials API to obtain credentials that can then be used to access other FinSpace Data API operations.
ENABLED – The user has permissions to use the APIs.
DISABLED – The user does not have permissions to use any APIs.
The session token.
" } }, - "documentation":"Short term API credentials.
" + "documentation":"Short term API credentials.
", + "sensitive":true }, "DataViewArn":{ "type":"string", @@ -1395,7 +1397,7 @@ "members":{ "userId":{ "shape":"UserId", - "documentation":"The unique identifier for the user account that you want to disable.
", + "documentation":"The unique identifier for the user that you want to deactivate.
", "location":"uri", "locationName":"userId" }, @@ -1411,7 +1413,7 @@ "members":{ "userId":{ "shape":"UserId", - "documentation":"The unique identifier for the disabled user account.
" + "documentation":"The unique identifier for the deactivated user.
" } } }, @@ -1466,7 +1468,7 @@ "members":{ "userId":{ "shape":"UserId", - "documentation":"The unique identifier for the user account that you want to enable.
", + "documentation":"The unique identifier for the user that you want to activate.
", "location":"uri", "locationName":"userId" }, @@ -1482,7 +1484,7 @@ "members":{ "userId":{ "shape":"UserId", - "documentation":"The unique identifier for the enabled user account.
" + "documentation":"The unique identifier for the active user.
" } } }, @@ -1846,11 +1848,11 @@ "members":{ "userId":{ "shape":"UserId", - "documentation":"The unique identifier for the user account that is retrieved.
" + "documentation":"The unique identifier for the user that is retrieved.
" }, "status":{ "shape":"UserStatus", - "documentation":"The current status of the user account.
CREATING – The user account creation is in progress.
ENABLED – The user account is created and is currently active.
DISABLED – The user account is currently inactive.
The current status of the user.
CREATING – The creation is in progress.
ENABLED – The user is created and is currently active.
DISABLED – The user is currently inactive.
The timestamp at which the user account was created in FinSpace. The value is determined as epoch time in milliseconds.
" + "documentation":"The timestamp at which the user was created in FinSpace. The value is determined as epoch time in milliseconds.
" }, "lastEnabledTime":{ "shape":"TimestampEpoch", - "documentation":"Describes the last time the user account was enabled. The value is determined as epoch time in milliseconds.
" + "documentation":"Describes the last time the user was activated. The value is determined as epoch time in milliseconds.
" }, "lastDisabledTime":{ "shape":"TimestampEpoch", - "documentation":"Describes the last time the user account was disabled. The value is determined as epoch time in milliseconds.
" + "documentation":"Describes the last time the user was deactivated. The value is determined as epoch time in milliseconds.
" }, "lastModifiedTime":{ "shape":"TimestampEpoch", - "documentation":"Describes the last time the user account was updated. The value is determined as epoch time in milliseconds.
" + "documentation":"Describes the last time the user details were updated. The value is determined as epoch time in milliseconds.
" }, "lastLoginTime":{ "shape":"TimestampEpoch", @@ -2211,7 +2213,7 @@ "members":{ "users":{ "shape":"UserList", - "documentation":"A list of all the user accounts.
" + "documentation":"A list of all the users.
" }, "nextToken":{ "shape":"PaginationToken", @@ -2268,7 +2270,7 @@ }, "membershipStatus":{ "shape":"PermissionGroupMembershipStatus", - "documentation":"Indicates the status of the user account within a permission group.
ADDITION_IN_PROGRESS – The user account is currently being added to the permission group.
ADDITION_SUCCESS – The user account is successfully added to the permission group.
REMOVAL_IN_PROGRESS – The user is currently being removed from the permission group.
Indicates the status of the user within a permission group.
ADDITION_IN_PROGRESS – The user is currently being added to the permission group.
ADDITION_SUCCESS – The user is successfully added to the permission group.
REMOVAL_IN_PROGRESS – The user is currently being removed from the permission group.
The structure for a permission group.
" @@ -2286,10 +2288,10 @@ }, "membershipStatus":{ "shape":"PermissionGroupMembershipStatus", - "documentation":"Indicates the status of the user account within a permission group.
ADDITION_IN_PROGRESS – The user account is currently being added to the permission group.
ADDITION_SUCCESS – The user account is successfully added to the permission group.
REMOVAL_IN_PROGRESS – The user is currently being removed from the permission group.
Indicates the status of the user within a permission group.
ADDITION_IN_PROGRESS – The user is currently being added to the permission group.
ADDITION_SUCCESS – The user is successfully added to the permission group.
REMOVAL_IN_PROGRESS – The user is currently being removed from the permission group.
The structure of a permission group associated with a user account.
" + "documentation":"The structure of a permission group associated with a user.
" }, "PermissionGroupByUserList":{ "type":"list", @@ -2374,7 +2376,7 @@ }, "temporaryPassword":{ "shape":"Password", - "documentation":"A randomly generated temporary password for the requested user account. This password expires in 7 days.
" + "documentation":"A randomly generated temporary password for the requested user. This password expires in 7 days.
" } } }, @@ -2482,8 +2484,8 @@ }, "SessionDuration":{ "type":"long", - "max":720, - "min":60 + "max":60, + "min":1 }, "SessionToken":{ "type":"string", @@ -2687,7 +2689,7 @@ "members":{ "userId":{ "shape":"UserId", - "documentation":"The unique identifier for the user account to update.
", + "documentation":"The unique identifier for the user that you want to update.
", "location":"uri", "locationName":"userId" }, @@ -2723,7 +2725,7 @@ "members":{ "userId":{ "shape":"UserId", - "documentation":"The unique identifier of the updated user account.
" + "documentation":"The unique identifier of the updated user.
" } } }, @@ -2736,7 +2738,7 @@ }, "status":{ "shape":"UserStatus", - "documentation":"The current status of the user account.
CREATING – The user account creation is in progress.
ENABLED – The user account is created and is currently active.
DISABLED – The user account is currently inactive.
The current status of the user.
CREATING – The user creation is in progress.
ENABLED – The user is created and is currently active.
DISABLED – The user is currently inactive.
The timestamp at which the user account was created in FinSpace. The value is determined as epoch time in milliseconds.
" + "documentation":"The timestamp at which the user was created in FinSpace. The value is determined as epoch time in milliseconds.
" }, "lastEnabledTime":{ "shape":"TimestampEpoch", - "documentation":"Describes the last time the user account was enabled. The value is determined as epoch time in milliseconds.
" + "documentation":"Describes the last time the user was activated. The value is determined as epoch time in milliseconds.
" }, "lastDisabledTime":{ "shape":"TimestampEpoch", - "documentation":"Describes the last time the user account was disabled. The value is determined as epoch time in milliseconds.
" + "documentation":"Describes the last time the user was deactivated. The value is determined as epoch time in milliseconds.
" }, "lastModifiedTime":{ "shape":"TimestampEpoch", - "documentation":"Describes the last time the user account was updated. The value is determined as epoch time in milliseconds.
" + "documentation":"Describes the last time the user was updated. The value is determined as epoch time in milliseconds.
" }, "lastLoginTime":{ "shape":"TimestampEpoch", "documentation":"Describes the last time that the user logged into their account. The value is determined as epoch time in milliseconds.
" } }, - "documentation":"The details of the user account.
" + "documentation":"The details of the user.
" }, "UserByPermissionGroup":{ "type":"structure", @@ -2794,7 +2796,7 @@ }, "status":{ "shape":"UserStatus", - "documentation":"The current status of the user account.
CREATING – The user account creation is in progress.
ENABLED – The user account is created and is currently active.
DISABLED – The user account is currently inactive.
The current status of the user.
CREATING – The user creation is in progress.
ENABLED – The user is created and is currently active.
DISABLED – The user is currently inactive.
Indicates the status of the user account within a permission group.
ADDITION_IN_PROGRESS – The user account is currently being added to the permission group.
ADDITION_SUCCESS – The user account is successfully added to the permission group.
REMOVAL_IN_PROGRESS – The user is currently being removed from the permission group.
Indicates the status of the user within a permission group.
ADDITION_IN_PROGRESS – The user is currently being added to the permission group.
ADDITION_SUCCESS – The user is successfully added to the permission group.
REMOVAL_IN_PROGRESS – The user is currently being removed from the permission group.
The structure of a user account associated with a permission group.
" + "documentation":"The structure of a user associated with a permission group.
" }, "UserByPermissionGroupList":{ "type":"list", diff --git a/botocore/data/quicksight/2018-04-01/service-2.json b/botocore/data/quicksight/2018-04-01/service-2.json index 31585cba2e..46eb4838e2 100644 --- a/botocore/data/quicksight/2018-04-01/service-2.json +++ b/botocore/data/quicksight/2018-04-01/service-2.json @@ -2462,7 +2462,7 @@ {"shape":"ThrottlingException"}, {"shape":"InternalFailureException"} ], - "documentation":"Assigns one or more tags (key-value pairs) to the specified Amazon QuickSight resource.
Tags can help you organize and categorize your resources. You can also use them to scope user permissions, by granting a user permission to access or change only resources with certain tag values. You can use the TagResource operation with a resource that already has tags. If you specify a new tag key for the resource, this tag is appended to the list of tags associated with the resource. If you specify a tag key that is already associated with the resource, the new tag value that you specify replaces the previous value for that tag.
You can associate as many as 50 tags with a resource. Amazon QuickSight supports tagging on data set, data source, dashboard, template, and topic.
Tagging for Amazon QuickSight works in a similar way to tagging for other Amazon Web Services services, except for the following:
You can't use tags to track costs for Amazon QuickSight. This isn't possible because you can't tag the resources that Amazon QuickSight costs are based on, for example Amazon QuickSight storage capacity (SPICE), number of users, type of users, and usage metrics.
Amazon QuickSight doesn't currently support the tag editor for Resource Groups.
Assigns one or more tags (key-value pairs) to the specified Amazon QuickSight resource.
Tags can help you organize and categorize your resources. You can also use them to scope user permissions, by granting a user permission to access or change only resources with certain tag values. You can use the TagResource operation with a resource that already has tags. If you specify a new tag key for the resource, this tag is appended to the list of tags associated with the resource. If you specify a tag key that is already associated with the resource, the new tag value that you specify replaces the previous value for that tag.
You can associate as many as 50 tags with a resource. Amazon QuickSight supports tagging on data set, data source, dashboard, template, topic, and user.
Tagging for Amazon QuickSight works in a similar way to tagging for other Amazon Web Services services, except for the following:
Tags are used to track costs for users in Amazon QuickSight. You can't tag other resources that Amazon QuickSight costs are based on, such as storage capacoty (SPICE), session usage, alert consumption, or reporting units.
Amazon QuickSight doesn't currently support the tag editor for Resource Groups.
The identity ID for a user in the external login provider.
" + }, + "Tags":{ + "shape":"TagList", + "documentation":"The tags to associate with the user.
" } } }, diff --git a/botocore/data/ssm/2014-11-06/service-2.json b/botocore/data/ssm/2014-11-06/service-2.json index 529149bbff..448bbb0351 100644 --- a/botocore/data/ssm/2014-11-06/service-2.json +++ b/botocore/data/ssm/2014-11-06/service-2.json @@ -4397,8 +4397,8 @@ "ConnectionStatus":{ "type":"string", "enum":[ - "Connected", - "NotConnected" + "connected", + "notconnected" ] }, "ContentLength":{"type":"long"}, @@ -4794,11 +4794,11 @@ "members":{ "Description":{ "shape":"OpsItemDescription", - "documentation":"Information about the OpsItem.
" + "documentation":"User-defined text that contains information about the OpsItem, in Markdown format.
Provide enough information so that users viewing this OpsItem for the first time understand the issue.
The type of OpsItem to create. Systems Manager supports the following types of OpsItems:
/aws/issue
This type of OpsItem is used for default OpsItems created by OpsCenter.
/aws/changerequest
This type of OpsItem is used by Change Manager for reviewing and approving or rejecting change requests.
/aws/insights
This type of OpsItem is used by OpsCenter for aggregating and reporting on duplicate OpsItems.
The type of OpsItem to create. Systems Manager supports the following types of OpsItems:
/aws/issue
This type of OpsItem is used for default OpsItems created by OpsCenter.
/aws/changerequest
This type of OpsItem is used by Change Manager for reviewing and approving or rejecting change requests.
/aws/insight
This type of OpsItem is used by OpsCenter for aggregating and reporting on duplicate OpsItems.
The type of OpsItem. Systems Manager supports the following types of OpsItems:
/aws/issue
This type of OpsItem is used for default OpsItems created by OpsCenter.
/aws/changerequest
This type of OpsItem is used by Change Manager for reviewing and approving or rejecting change requests.
/aws/insights
This type of OpsItem is used by OpsCenter for aggregating and reporting on duplicate OpsItems.
The type of OpsItem. Systems Manager supports the following types of OpsItems:
/aws/issue
This type of OpsItem is used for default OpsItems created by OpsCenter.
/aws/changerequest
This type of OpsItem is used by Change Manager for reviewing and approving or rejecting change requests.
/aws/insight
This type of OpsItem is used by OpsCenter for aggregating and reporting on duplicate OpsItems.
The type of OpsItem. Systems Manager supports the following types of OpsItems:
/aws/issue
This type of OpsItem is used for default OpsItems created by OpsCenter.
/aws/changerequest
This type of OpsItem is used by Change Manager for reviewing and approving or rejecting change requests.
/aws/insights
This type of OpsItem is used by OpsCenter for aggregating and reporting on duplicate OpsItems.
The type of OpsItem. Systems Manager supports the following types of OpsItems:
/aws/issue
This type of OpsItem is used for default OpsItems created by OpsCenter.
/aws/changerequest
This type of OpsItem is used by Change Manager for reviewing and approving or rejecting change requests.
/aws/insight
This type of OpsItem is used by OpsCenter for aggregating and reporting on duplicate OpsItems.
Update the information about the OpsItem. Provide enough information so that users reading this OpsItem for the first time understand the issue.
" + "documentation":"User-defined text that contains information about the OpsItem, in Markdown format.
" }, "OperationalData":{ "shape":"OpsItemOperationalData", @@ -16601,5 +16600,5 @@ "pattern":"^[0-9]{1,6}(\\.[0-9]{1,6}){2,3}$" } }, - "documentation":"Amazon Web Services Systems Manager is the operations hub for your Amazon Web Services applications and resources and a secure end-to-end management solution for hybrid cloud environments that enables safe and secure operations at scale.
This reference is intended to be used with the Amazon Web Services Systems Manager User Guide. To get started, see Setting up Amazon Web Services Systems Manager.
Related resources
For information about each of the capabilities that comprise Systems Manager, see Systems Manager capabilities in the Amazon Web Services Systems Manager User Guide.
For details about predefined runbooks for Automation, a capability of Amazon Web Services Systems Manager, see the Systems Manager Automation runbook reference .
For information about AppConfig, a capability of Systems Manager, see the AppConfig User Guide and the AppConfig API Reference .
For information about Incident Manager, a capability of Systems Manager, see the Systems Manager Incident Manager User Guide and the Systems Manager Incident Manager API Reference .
Amazon Web Services Systems Manager is the operations hub for your Amazon Web Services applications and resources and a secure end-to-end management solution for hybrid cloud environments that enables safe and secure operations at scale.
This reference is intended to be used with the Amazon Web Services Systems Manager User Guide. To get started, see Setting up Amazon Web Services Systems Manager.
Related resources
For information about each of the capabilities that comprise Systems Manager, see Systems Manager capabilities in the Amazon Web Services Systems Manager User Guide.
For details about predefined runbooks for Automation, a capability of Amazon Web Services Systems Manager, see the Systems Manager Automation runbook reference .
For information about AppConfig, a capability of Systems Manager, see the AppConfig User Guide and the AppConfig API Reference .
For information about Incident Manager, a capability of Systems Manager, see the Systems Manager Incident Manager User Guide and the Systems Manager Incident Manager API Reference .
Creates a WebACL per the specifications provided.
A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.
" + "documentation":"Creates a WebACL per the specifications provided.
A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.
" }, "DeleteFirewallManagerRuleGroups":{ "name":"DeleteFirewallManagerRuleGroups", @@ -931,7 +931,7 @@ {"shape":"WAFExpiredManagedRuleGroupVersionException"}, {"shape":"WAFConfigurationWarningException"} ], - "documentation":"Updates the specified WebACL. While updating a web ACL, WAF provides continuous coverage to the resources that you have associated with the web ACL.
This operation completely replaces the mutable specifications that you already have for the web ACL with the ones that you provide to this call.
To modify a web ACL, do the following:
Retrieve it by calling GetWebACL
Update its settings as needed
Provide the complete web ACL specification to this call
When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.
A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.
" + "documentation":"Updates the specified WebACL. While updating a web ACL, WAF provides continuous coverage to the resources that you have associated with the web ACL.
This operation completely replaces the mutable specifications that you already have for the web ACL with the ones that you provide to this call.
To modify a web ACL, do the following:
Retrieve it by calling GetWebACL
Update its settings as needed
Provide the complete web ACL specification to this call
When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.
A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.
" } }, "shapes":{ @@ -986,11 +986,11 @@ "members":{ "CreationPath":{ "shape":"CreationPathString", - "documentation":"The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
For example, for the URL https://example.com/web/signup, you would provide the path /web/signup.
The path of the account creation endpoint for your application. This is the page on your website that accepts the completed registration form for a new user. This page must accept POST requests.
For example, for the URL https://example.com/web/newaccount, you would provide the path /web/newaccount. Account creation page paths that start with the path that you provide are considered a match. For example /web/newaccount matches the account creation paths /web/newaccount, /web/newaccount/, /web/newaccountPage, and /web/newaccount/thisPage, but doesn't match the path /home/web/newaccount or /website/newaccount.
The path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users.
This page must accept GET text/html requests.
For example, for the URL https://example.com/web/register, you would provide the path /web/register.
The path of the account registration endpoint for your application. This is the page on your website that presents the registration form to new users.
This page must accept GET text/html requests.
For example, for the URL https://example.com/web/registration, you would provide the path /web/registration. Registration page paths that start with the path that you provide are considered a match. For example /web/registration matches the registration paths /web/registration, /web/registration/, /web/registrationPage, and /web/registration/thisPage, but doesn't match the path /home/web/registration or /website/registration.
The path of the login endpoint for your application. For example, for the URL https://example.com/web/login, you would provide the path /web/login.
The rule group inspects only HTTP POST requests to your specified login endpoint.
The path of the login endpoint for your application. For example, for the URL https://example.com/web/login, you would provide the path /web/login. Login paths that start with the path that you provide are considered a match. For example /web/login matches the login paths /web/login, /web/login/, /web/loginPage, and /web/login/thisPage, but doesn't match the login path /home/web/login or /website/login.
The rule group inspects only HTTP POST requests to your specified login endpoint.
A string value that you want WAF to search for. WAF searches only in the part of web requests that you designate for inspection in FieldToMatch. The maximum length of the value is 200 bytes.
Valid values depend on the component that you specify for inspection in FieldToMatch:
Method: The HTTP method that you want WAF to search for. This indicates the type of operation specified in the request.
UriPath: The value that you want WAF to search for in the URI path, for example, /images/daily-ad.jpg.
HeaderOrder: The comma-separated list of header names to match for. WAF creates a string that contains the ordered list of header names, from the headers in the web request, and then matches against that string.
If SearchString includes alphabetic characters A-Z and a-z, note that the value is case sensitive.
If you're using the WAF API
Specify a base64-encoded version of the value. The maximum length of the value before you base64-encode it is 200 bytes.
For example, suppose the value of Type is HEADER and the value of Data is User-Agent. If you want to search the User-Agent header for the value BadBot, you base64-encode BadBot using MIME base64-encoding and include the resulting value, QmFkQm90, in the value of SearchString.
If you're using the CLI or one of the Amazon Web Services SDKs
The value that you want WAF to search for. The SDK automatically base64 encodes the value.
" + "documentation":"A string value that you want WAF to search for. WAF searches only in the part of web requests that you designate for inspection in FieldToMatch. The maximum length of the value is 200 bytes.
Valid values depend on the component that you specify for inspection in FieldToMatch:
Method: The HTTP method that you want WAF to search for. This indicates the type of operation specified in the request.
UriPath: The value that you want WAF to search for in the URI path, for example, /images/daily-ad.jpg.
JA3Fingerprint: The string to match against the web request's JA3 fingerprint header. The header contains a hash fingerprint of the TLS Client Hello packet for the request.
HeaderOrder: The comma-separated list of header names to match for. WAF creates a string that contains the ordered list of header names, from the headers in the web request, and then matches against that string.
If SearchString includes alphabetic characters A-Z and a-z, note that the value is case sensitive.
If you're using the WAF API
Specify a base64-encoded version of the value. The maximum length of the value before you base64-encode it is 200 bytes.
For example, suppose the value of Type is HEADER and the value of Data is User-Agent. If you want to search the User-Agent header for the value BadBot, you base64-encode BadBot using MIME base64-encoding and include the resulting value, QmFkQm90, in the value of SearchString.
If you're using the CLI or one of the Amazon Web Services SDKs
The value that you want WAF to search for. The SDK automatically base64 encodes the value.
" }, "FieldToMatch":{ "shape":"FieldToMatch", @@ -1200,7 +1200,7 @@ }, "TextTransformations":{ "shape":"TextTransformations", - "documentation":"Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the component contents.
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.
Contains an array of strings that specifies zero or more IP addresses or blocks of IP addresses. All addresses must be specified using Classless Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges except for /0.
Example address strings:
To configure WAF to allow, block, or count requests that originated from the IP address 192.0.2.44, specify 192.0.2.44/32.
To configure WAF to allow, block, or count requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24.
To configure WAF to allow, block, or count requests that originated from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128.
To configure WAF to allow, block, or count requests that originated from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64.
For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.
Example JSON Addresses specifications:
Empty array: \"Addresses\": []
Array with one address: \"Addresses\": [\"192.0.2.44/32\"]
Array with three addresses: \"Addresses\": [\"192.0.2.44/32\", \"192.0.2.0/24\", \"192.0.0.0/16\"]
INVALID specification: \"Addresses\": [\"\"] INVALID
Contains an array of strings that specifies zero or more IP addresses or blocks of IP addresses that you want WAF to inspect for in incoming requests. All addresses must be specified using Classless Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges except for /0.
Example address strings:
For requests that originated from the IP address 192.0.2.44, specify 192.0.2.44/32.
For requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24.
For requests that originated from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128.
For requests that originated from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64.
For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.
Example JSON Addresses specifications:
Empty array: \"Addresses\": []
Array with one address: \"Addresses\": [\"192.0.2.44/32\"]
Array with three addresses: \"Addresses\": [\"192.0.2.44/32\", \"192.0.2.0/24\", \"192.0.0.0/16\"]
INVALID specification: \"Addresses\": [\"\"] INVALID
The Rule statements used to identify the web requests that you want to allow, block, or count. Each rule includes one top-level statement that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.
" + "documentation":"The Rule statements used to identify the web requests that you want to manage. Each rule includes one top-level statement that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.
" }, "VisibilityConfig":{ "shape":"VisibilityConfig", @@ -1855,7 +1855,7 @@ }, "Rules":{ "shape":"Rules", - "documentation":"The Rule statements used to identify the web requests that you want to allow, block, or count. Each rule includes one top-level statement that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.
" + "documentation":"The Rule statements used to identify the web requests that you want to manage. Each rule includes one top-level statement that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.
" }, "VisibilityConfig":{ "shape":"VisibilityConfig", @@ -1962,7 +1962,7 @@ }, "ResponseHeaders":{ "shape":"CustomHTTPHeaders", - "documentation":"The HTTP headers to use in the response. Duplicate header names are not allowed.
For information about the limits on count and size for custom request and response settings, see WAF quotas in the WAF Developer Guide.
" + "documentation":"The HTTP headers to use in the response. You can specify any header name except for content-type. Duplicate header names are not allowed.
For information about the limits on count and size for custom request and response settings, see WAF quotas in the WAF Developer Guide.
" } }, "documentation":"A custom response to send to the client. You can define a custom response for rule actions and default web ACL actions that are set to BlockAction.
For information about customizing web requests and responses, see Customizing web requests and responses in WAF in the WAF Developer Guide.
" @@ -2435,6 +2435,10 @@ "HeaderOrder":{ "shape":"HeaderOrder", "documentation":"Inspect a string containing the list of the request's header names, ordered as they appear in the web request that WAF receives for inspection. WAF generates the string and then uses that as the field to match component in its inspection. WAF separates the header names in the string using colons and no added spaces, for example host:user-agent:accept:authorization:referer.
Match against the request's JA3 fingerprint header. The header contains a hash fingerprint of the TLS Client Hello packet for the request.
You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.
The part of the web request that you want WAF to inspect. Include the single FieldToMatch type that you want to inspect, with additional specifications as needed, according to the type. You specify a single request component in FieldToMatch for each rule statement that requires it. To inspect more than one component of the web request, create a separate rule statement for each component.
Example JSON for a QueryString field to match:
\"FieldToMatch\": { \"QueryString\": {} }
Example JSON for a Method field to match specification:
\"FieldToMatch\": { \"Method\": { \"Name\": \"DELETE\" } }
Contains an array of strings that specifies zero or more IP addresses or blocks of IP addresses. All addresses must be specified using Classless Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges except for /0.
Example address strings:
To configure WAF to allow, block, or count requests that originated from the IP address 192.0.2.44, specify 192.0.2.44/32.
To configure WAF to allow, block, or count requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24.
To configure WAF to allow, block, or count requests that originated from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128.
To configure WAF to allow, block, or count requests that originated from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64.
For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.
Example JSON Addresses specifications:
Empty array: \"Addresses\": []
Array with one address: \"Addresses\": [\"192.0.2.44/32\"]
Array with three addresses: \"Addresses\": [\"192.0.2.44/32\", \"192.0.2.0/24\", \"192.0.0.0/16\"]
INVALID specification: \"Addresses\": [\"\"] INVALID
Contains an array of strings that specifies zero or more IP addresses or blocks of IP addresses that you want WAF to inspect for in incoming requests. All addresses must be specified using Classless Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges except for /0.
Example address strings:
For requests that originated from the IP address 192.0.2.44, specify 192.0.2.44/32.
For requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24.
For requests that originated from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128.
For requests that originated from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64.
For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.
Example JSON Addresses specifications:
Empty array: \"Addresses\": []
Array with one address: \"Addresses\": [\"192.0.2.44/32\"]
Array with three addresses: \"Addresses\": [\"192.0.2.44/32\", \"192.0.2.0/24\", \"192.0.0.0/16\"]
INVALID specification: \"Addresses\": [\"\"] INVALID
Contains zero or more IP addresses or blocks of IP addresses specified in Classless Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges except for /0. For information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.
WAF assigns an ARN to each IPSet that you create. To use an IP set in a rule, you provide the ARN to the Rule statement IPSetReferenceStatement.
The match status to assign to the web request if the request doesn't have a JA3 fingerprint.
You can specify the following fallback behaviors:
MATCH - Treat the web request as matching the rule statement. WAF applies the rule action to the request.
NO_MATCH - Treat the web request as not matching the rule statement.
Match against the request's JA3 fingerprint header. The header contains a hash fingerprint of the TLS Client Hello packet for the request.
You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to EXACTLY.
Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change.
You can use overrides for testing, for example you can override all of rule actions to Count and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.
A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.
You cannot nest a ManagedRuleGroupStatement, for example for use inside a NotStatement or OrStatement. It can only be referenced as a top-level statement within a rule.
You are charged additional fees when you use the WAF Bot Control managed rule group AWSManagedRulesBotControlRuleSet, the WAF Fraud Control account takeover prevention (ATP) managed rule group AWSManagedRulesATPRuleSet, or the WAF Fraud Control account creation fraud prevention (ACFP) managed rule group AWSManagedRulesACFPRuleSet. For more information, see WAF Pricing.
A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.
You cannot nest a ManagedRuleGroupStatement, for example for use inside a NotStatement or OrStatement. You cannot use a managed rule group inside another rule group. You can only reference a managed rule group as a top-level statement within a rule that you define in a web ACL.
You are charged additional fees when you use the WAF Bot Control managed rule group AWSManagedRulesBotControlRuleSet, the WAF Fraud Control account takeover prevention (ATP) managed rule group AWSManagedRulesATPRuleSet, or the WAF Fraud Control account creation fraud prevention (ACFP) managed rule group AWSManagedRulesACFPRuleSet. For more information, see WAF Pricing.
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the component contents.
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.
Specifies a cookie as an aggregate key for a rate-based rule. Each distinct value in the cookie contributes to the aggregation instance. If you use a single cookie as your custom key, then each value fully defines an aggregation instance.
" @@ -4630,7 +4645,7 @@ }, "TextTransformations":{ "shape":"TextTransformations", - "documentation":"Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the component contents.
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.
Specifies a header as an aggregate key for a rate-based rule. Each distinct value in the header contributes to the aggregation instance. If you use a single header as your custom key, then each value fully defines an aggregation instance.
" @@ -4665,7 +4680,7 @@ }, "TextTransformations":{ "shape":"TextTransformations", - "documentation":"Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the component contents.
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.
Specifies a query argument in the request as an aggregate key for a rate-based rule. Each distinct value for the named query argument contributes to the aggregation instance. If you use a single query argument as your custom key, then each value fully defines an aggregation instance.
" @@ -4676,7 +4691,7 @@ "members":{ "TextTransformations":{ "shape":"TextTransformations", - "documentation":"Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the component contents.
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.
Specifies the request's query string as an aggregate key for a rate-based rule. Each distinct string contributes to the aggregation instance. If you use just the query string as your custom key, then each string fully defines an aggregation instance.
" @@ -4687,7 +4702,7 @@ "members":{ "TextTransformations":{ "shape":"TextTransformations", - "documentation":"Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the component contents.
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.
Specifies the request's URI path as an aggregate key for a rate-based rule. Each distinct URI path contributes to the aggregation instance. If you use just the URI path as your custom key, then each URI path fully defines an aggregation instance.
" @@ -4725,7 +4740,7 @@ }, "TextTransformations":{ "shape":"TextTransformations", - "documentation":"Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the component contents.
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.
A rule statement used to search web request components for a match against a single regular expression.
" @@ -4774,7 +4789,7 @@ }, "TextTransformations":{ "shape":"TextTransformations", - "documentation":"Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the component contents.
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.
A rule statement used to search web request components for matches with regular expressions. To use this, create a RegexPatternSet that specifies the expressions that you want to detect, then use the ARN of that set in this statement. A web request matches the pattern set rule statement if the request component matches any of the patterns in the set. To create a regex pattern set, see CreateRegexPatternSet.
Each regex pattern set rule statement references a regex pattern set. You create and maintain the set independent of your rules. This allows you to use the single set in multiple rules. When you update the referenced set, WAF automatically updates all rules that reference it.
" @@ -5159,7 +5174,7 @@ "documentation":"Specifies how WAF should handle Challenge evaluations. If you don't specify this, WAF uses the challenge configuration that's defined for the web ACL.
A single rule, which you can use in a WebACL or RuleGroup to identify web requests that you want to allow, block, or count. Each rule includes one top-level Statement that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.
" + "documentation":"A single rule, which you can use in a WebACL or RuleGroup to identify web requests that you want to manage in some way. Each rule includes one top-level Statement that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.
" }, "RuleAction":{ "type":"structure", @@ -5243,7 +5258,7 @@ }, "Rules":{ "shape":"Rules", - "documentation":"The Rule statements used to identify the web requests that you want to allow, block, or count. Each rule includes one top-level statement that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.
" + "documentation":"The Rule statements used to identify the web requests that you want to manage. Each rule includes one top-level statement that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.
" }, "VisibilityConfig":{ "shape":"VisibilityConfig", @@ -5285,7 +5300,7 @@ "documentation":"Action settings to use in the place of the rule actions that are configured inside the rule group. You specify one override for each rule whose action you want to change.
You can use overrides for testing, for example you can override all of rule actions to Count and then monitor the resulting count metrics to understand how the rule group would handle your web traffic. You can also permanently override some or all actions, to modify how the rule group manages your web traffic.
A rule statement used to run the rules that are defined in a RuleGroup. To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.
You cannot nest a RuleGroupReferenceStatement, for example for use inside a NotStatement or OrStatement. You can only use a rule group reference statement at the top level inside a web ACL.
A rule statement used to run the rules that are defined in a RuleGroup. To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.
You cannot nest a RuleGroupReferenceStatement, for example for use inside a NotStatement or OrStatement. You cannot use a rule group reference statement inside another rule group. You can only reference a rule group as a top-level statement within a rule that you define in a web ACL.
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the component contents.
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.
A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes.
If you configure WAF to inspect the request body, WAF inspects only the number of bytes of the body up to the limit for the web ACL. By default, for regional web ACLs, this limit is 8 KB (8,192 bytes) and for CloudFront web ACLs, this limit is 16 KB (16,384 bytes). For CloudFront web ACLs, you can increase the limit in the web ACL AssociationConfig, for additional fees. If you know that the request body for your web requests should never exceed the inspection limit, you could use a size constraint statement to block requests that have a larger request body size.
If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI /logo.jpg is nine characters long.
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the component contents.
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.
A rule statement used to run the rules that are defined in a RuleGroup. To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.
You cannot nest a RuleGroupReferenceStatement, for example for use inside a NotStatement or OrStatement. You can only use a rule group reference statement at the top level inside a web ACL.
A rule statement used to run the rules that are defined in a RuleGroup. To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.
You cannot nest a RuleGroupReferenceStatement, for example for use inside a NotStatement or OrStatement. You cannot use a rule group reference statement inside another rule group. You can only reference a rule group as a top-level statement within a rule that you define in a web ACL.
A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.
You cannot nest a ManagedRuleGroupStatement, for example for use inside a NotStatement or OrStatement. It can only be referenced as a top-level statement within a rule.
You are charged additional fees when you use the WAF Bot Control managed rule group AWSManagedRulesBotControlRuleSet, the WAF Fraud Control account takeover prevention (ATP) managed rule group AWSManagedRulesATPRuleSet, or the WAF Fraud Control account creation fraud prevention (ACFP) managed rule group AWSManagedRulesACFPRuleSet. For more information, see WAF Pricing.
A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling ListAvailableManagedRuleGroups.
You cannot nest a ManagedRuleGroupStatement, for example for use inside a NotStatement or OrStatement. You cannot use a managed rule group inside another rule group. You can only reference a managed rule group as a top-level statement within a rule that you define in a web ACL.
You are charged additional fees when you use the WAF Bot Control managed rule group AWSManagedRulesBotControlRuleSet, the WAF Fraud Control account takeover prevention (ATP) managed rule group AWSManagedRulesATPRuleSet, or the WAF Fraud Control account creation fraud prevention (ACFP) managed rule group AWSManagedRulesACFPRuleSet. For more information, see WAF Pricing.
You can specify the following transformation types:
BASE64_DECODE - Decode a Base64-encoded string.
BASE64_DECODE_EXT - Decode a Base64-encoded string, but use a forgiving implementation that ignores characters that aren't valid.
CMD_LINE - Command-line transformations. These are helpful in reducing effectiveness of attackers who inject an operating system command-line command and use unusual formatting to disguise some or all of the command.
Delete the following characters: \\ \" ' ^
Delete spaces before the following characters: / (
Replace the following characters with a space: , ;
Replace multiple spaces with one space
Convert uppercase letters (A-Z) to lowercase (a-z)
COMPRESS_WHITE_SPACE - Replace these characters with a space character (decimal 32):
\\f, formfeed, decimal 12
\\t, tab, decimal 9
\\n, newline, decimal 10
\\r, carriage return, decimal 13
\\v, vertical tab, decimal 11
Non-breaking space, decimal 160
COMPRESS_WHITE_SPACE also replaces multiple spaces with one space.
CSS_DECODE - Decode characters that were encoded using CSS 2.x escape rules syndata.html#characters. This function uses up to two bytes in the decoding process, so it can help to uncover ASCII characters that were encoded using CSS encoding that wouldn’t typically be encoded. It's also useful in countering evasion, which is a combination of a backslash and non-hexadecimal characters. For example, ja\\vascript for javascript.
ESCAPE_SEQ_DECODE - Decode the following ANSI C escape sequences: \\a, \\b, \\f, \\n, \\r, \\t, \\v, \\\\, \\?, \\', \\\", \\xHH (hexadecimal), \\0OOO (octal). Encodings that aren't valid remain in the output.
HEX_DECODE - Decode a string of hexadecimal characters into a binary.
HTML_ENTITY_DECODE - Replace HTML-encoded characters with unencoded characters. HTML_ENTITY_DECODE performs these operations:
Replaces (ampersand)quot; with \"
Replaces (ampersand)nbsp; with a non-breaking space, decimal 160
Replaces (ampersand)lt; with a \"less than\" symbol
Replaces (ampersand)gt; with >
Replaces characters that are represented in hexadecimal format, (ampersand)#xhhhh;, with the corresponding characters
Replaces characters that are represented in decimal format, (ampersand)#nnnn;, with the corresponding characters
JS_DECODE - Decode JavaScript escape sequences. If a \\ u HHHH code is in the full-width ASCII code range of FF01-FF5E, then the higher byte is used to detect and adjust the lower byte. If not, only the lower byte is used and the higher byte is zeroed, causing a possible loss of information.
LOWERCASE - Convert uppercase letters (A-Z) to lowercase (a-z).
MD5 - Calculate an MD5 hash from the data in the input. The computed hash is in a raw binary form.
NONE - Specify NONE if you don't want any text transformations.
NORMALIZE_PATH - Remove multiple slashes, directory self-references, and directory back-references that are not at the beginning of the input from an input string.
NORMALIZE_PATH_WIN - This is the same as NORMALIZE_PATH, but first converts backslash characters to forward slashes.
REMOVE_NULLS - Remove all NULL bytes from the input.
REPLACE_COMMENTS - Replace each occurrence of a C-style comment (/* ... */) with a single space. Multiple consecutive occurrences are not compressed. Unterminated comments are also replaced with a space (ASCII 0x20). However, a standalone termination of a comment (*/) is not acted upon.
REPLACE_NULLS - Replace NULL bytes in the input with space characters (ASCII 0x20).
SQL_HEX_DECODE - Decode SQL hex data. Example (0x414243) will be decoded to (ABC).
URL_DECODE - Decode a URL-encoded value.
URL_DECODE_UNI - Like URL_DECODE, but with support for Microsoft-specific %u encoding. If the code is in the full-width ASCII code range of FF01-FF5E, the higher byte is used to detect and adjust the lower byte. Otherwise, only the lower byte is used and the higher byte is zeroed.
UTF8_TO_UNICODE - Convert all UTF-8 character sequences to Unicode. This helps input normalization, and minimizing false-positives and false-negatives for non-English languages.
" + "documentation":"For detailed descriptions of each of the transformation types, see Text transformations in the WAF Developer Guide.
" } }, "documentation":"Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection.
" @@ -5813,7 +5828,7 @@ }, "Addresses":{ "shape":"IPAddresses", - "documentation":"Contains an array of strings that specifies zero or more IP addresses or blocks of IP addresses. All addresses must be specified using Classless Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges except for /0.
Example address strings:
To configure WAF to allow, block, or count requests that originated from the IP address 192.0.2.44, specify 192.0.2.44/32.
To configure WAF to allow, block, or count requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24.
To configure WAF to allow, block, or count requests that originated from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128.
To configure WAF to allow, block, or count requests that originated from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64.
For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.
Example JSON Addresses specifications:
Empty array: \"Addresses\": []
Array with one address: \"Addresses\": [\"192.0.2.44/32\"]
Array with three addresses: \"Addresses\": [\"192.0.2.44/32\", \"192.0.2.0/24\", \"192.0.0.0/16\"]
INVALID specification: \"Addresses\": [\"\"] INVALID
Contains an array of strings that specifies zero or more IP addresses or blocks of IP addresses that you want WAF to inspect for in incoming requests. All addresses must be specified using Classless Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6 CIDR ranges except for /0.
Example address strings:
For requests that originated from the IP address 192.0.2.44, specify 192.0.2.44/32.
For requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24.
For requests that originated from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128.
For requests that originated from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64.
For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.
Example JSON Addresses specifications:
Empty array: \"Addresses\": []
Array with one address: \"Addresses\": [\"192.0.2.44/32\"]
Array with three addresses: \"Addresses\": [\"192.0.2.44/32\", \"192.0.2.0/24\", \"192.0.0.0/16\"]
INVALID specification: \"Addresses\": [\"\"] INVALID
The Rule statements used to identify the web requests that you want to allow, block, or count. Each rule includes one top-level statement that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.
" + "documentation":"The Rule statements used to identify the web requests that you want to manage. Each rule includes one top-level statement that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.
" }, "VisibilityConfig":{ "shape":"VisibilityConfig", @@ -6015,7 +6030,7 @@ }, "Rules":{ "shape":"Rules", - "documentation":"The Rule statements used to identify the web requests that you want to allow, block, or count. Each rule includes one top-level statement that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.
" + "documentation":"The Rule statements used to identify the web requests that you want to manage. Each rule includes one top-level statement that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.
" }, "VisibilityConfig":{ "shape":"VisibilityConfig", @@ -6325,7 +6340,7 @@ }, "Rules":{ "shape":"Rules", - "documentation":"The Rule statements used to identify the web requests that you want to allow, block, or count. Each rule includes one top-level statement that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.
" + "documentation":"The Rule statements used to identify the web requests that you want to manage. Each rule includes one top-level statement that WAF uses to identify matching web requests, and parameters that govern how WAF handles them.
" }, "VisibilityConfig":{ "shape":"VisibilityConfig", @@ -6372,7 +6387,7 @@ "documentation":"Specifies custom configurations for the associations between the web ACL and protected resources.
Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 bytes).
You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see WAF Pricing.
A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.
" + "documentation":"A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.
" }, "WebACLSummaries":{ "type":"list", @@ -6417,7 +6432,7 @@ }, "TextTransformations":{ "shape":"TextTransformations", - "documentation":"Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the component contents.
Text transformations eliminate some of the unusual formatting that attackers use in web requests in an effort to bypass detection. Text transformations are used in rule match statements, to transform the FieldToMatch request component before inspecting it, and they're used in rate-based rule statements, to transform request components before using them as custom aggregation keys. If you specify one or more transformations to apply, WAF performs all transformations on the specified content, starting from the lowest priority setting, and then uses the transformed component contents.
A rule statement that inspects for cross-site scripting (XSS) attacks. In XSS attacks, the attacker uses vulnerabilities in a benign website as a vehicle to inject malicious client-site scripts into other legitimate web browsers.
" diff --git a/docs/source/conf.py b/docs/source/conf.py index e85075138b..e39c6aaa00 100644 --- a/docs/source/conf.py +++ b/docs/source/conf.py @@ -59,7 +59,7 @@ # The short X.Y version. version = '1.31.' # The full version, including alpha/beta/rc tags. -release = '1.31.53' +release = '1.31.54' # The language for content autogenerated by Sphinx. Refer to documentation # for a list of supported languages.