AWS WAFV2 - API ReferenceAWS WAFV2 API Reference
AWS WAFV2: API Reference Copyright © Amazon Web Services, Inc.
and/or its affiliates. All rights reserved.
AWS WAFV2 API Reference
Amazon's trademarks and trade dress may not be used in connection
with any product or service that is not Amazon's, in any manner
that is likely to cause confusion among customers, or in any manner
that disparages or discredits Amazon. All other trademarks not
owned by Amazon are the property of their respective owners, who
may or may not be affiliated with, connected to, or sponsored by
Amazon.
AWS WAFV2 API Reference
Table of Contents Welcome .... . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 1
AWS WAFV2 .... . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 AWS WAF
Classic ... . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 2 AWS WAF Classic Regional
... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 2
Actions .... . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 3 AWS WAFV2 .... . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 7
AssociateWebACL .... . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 9 CheckCapacity .... . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
12 CreateIPSet .... . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 20 CreateRegexPatternSet
.... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
CreateRuleGroup .... . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 28 CreateWebACL .... . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
DeleteFirewallManagerRuleGroups .... . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
DeleteIPSet .... . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 52 DeleteLoggingConfiguration
.... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 55
DeletePermissionPolicy .... . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 57 DeleteRegexPatternSet .... . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 59 DeleteRuleGroup .... . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
DeleteWebACL .... . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 65 DescribeManagedRuleGroup .... . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 68 DisassociateWebACL .... .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
GetIPSet .... . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 75
GetLoggingConfiguration .... . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . 78 GetManagedRuleSet .... . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 81 GetPermissionPolicy .... . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
GetRateBasedStatementManagedKeys .... . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 86
GetRegexPatternSet .... . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 90 GetRuleGroup .... . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
GetSampledRequests ... . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 102 GetWebACL .... . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 106
GetWebACLForResource .... . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 125 ListAvailableManagedRuleGroups .... . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 143 ListAvailableManagedRuleGroupVersions .... . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
ListIPSets ... . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 149
ListLoggingConfigurations .... . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 152 ListManagedRuleSets ... . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 156 ListRegexPatternSets .... . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . 159
ListResourcesForWebACL .... . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 162 ListRuleGroups .... . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 165 ListTagsForResource
.... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
168 ListWebACLs .... . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 171 PutLoggingConfiguration
.... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 174
PutManagedRuleSetVersions .... . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 179 PutPermissionPolicy .... . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . 183 TagResource .... . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
UntagResource .... . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 189 UpdateIPSet .... . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
191 UpdateManagedRuleSetVersionExpiryDate .... . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 195
UpdateRegexPatternSet .... . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . 199 UpdateRuleGroup .... . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 203 UpdateWebACL .... . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
213
AWS WAF Classic ... . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 223 CreateByteMatchSet
.... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
226 CreateGeoMatchSet .... . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 230
iii
iv
AWS WAF Classic Regional ... . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . 471 AssociateWebACL .... . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 474
CreateByteMatchSet .... . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 477 CreateGeoMatchSet .... . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 481 CreateIPSet .... . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . 485 CreateRateBasedRule .... . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 488 CreateRegexMatchSet .... . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 493
CreateRegexPatternSet .... . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 496 CreateRule .... . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 499
CreateRuleGroup .... . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 503 CreateSizeConstraintSet .... . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 507
CreateSqlInjectionMatchSet .... . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . 511 CreateWebACL .... . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 515 CreateWebACLMigrationStack
.... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 520 CreateXssMatchSet ....
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524
DeleteByteMatchSet .... . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 528 DeleteGeoMatchSet .... . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . 531 DeleteIPSet .... . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . 534 DeleteLoggingConfiguration .... . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 537 DeletePermissionPolicy .... . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 539 DeleteRateBasedRule .... .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 541
DeleteRegexMatchSet .... . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 544 DeleteRegexPatternSet .... . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 547 DeleteRule .... . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . 550 DeleteRuleGroup .... . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 553 DeleteSizeConstraintSet .... .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 556
DeleteSqlInjectionMatchSet .... . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . 559 DeleteWebACL .... . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 562 DeleteXssMatchSet .... . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565
DisassociateWebACL .... . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 568 GetByteMatchSet .... . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 570 GetChangeToken
.... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 573 GetChangeTokenStatus .... . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 575 GetGeoMatchSet .... . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 577 GetIPSet .... .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 579 GetLoggingConfiguration .... . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 581 GetPermissionPolicy ....
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 583
GetRateBasedRule .... . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 585 GetRateBasedRuleManagedKeys .... . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 587
v
Data Types .... . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
731 AWS WAFV2 .... . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 735
ActionCondition .... . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . 738 All ... . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 739 AllowAction .... . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 740
AllQueryArguments .... . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 741 AndStatement .... . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . 742 BlockAction
.... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 743 Body .... . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . 744 ByteMatchStatement .... . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 745 CaptchaAction .... . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . 747
CaptchaConfig .... . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 748 CaptchaResponse .... . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 749
Condition .... . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 750
vi
vii
AWS WAF Classic ... . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 855 ActivatedRule .... .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 858 ByteMatchSet .... . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 861 ByteMatchSetSummary
.... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 863
ByteMatchSetUpdate .... . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . 864 ByteMatchTuple .... . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 865 ExcludedRule .... . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 869 FieldToMatch .... . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 870 GeoMatchConstraint
... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
872 GeoMatchSet .... . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 874 GeoMatchSetSummary .... . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 876
GeoMatchSetUpdate .... . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 877 HTTPHeader .... . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . 878 HTTPRequest
... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 879 IPSet .... . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 881 IPSetDescriptor ... . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 883 IPSetSummary .... . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 885
IPSetUpdate .... . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 886 LoggingConfiguration .... . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 887 Predicate
.... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 889 RateBasedRule .... . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 891
RegexMatchSet .... . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . 893 RegexMatchSetSummary .... . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 895 RegexMatchSetUpdate .... .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 896
RegexMatchTuple .... . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 897 RegexPatternSet .... . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 900
RegexPatternSetSummary .... . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . 902 RegexPatternSetUpdate .... . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 903 Rule .... . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . 904 RuleGroup .... . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 906 RuleGroupSummary
.... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
908 RuleGroupUpdate .... . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . 909 RuleSummary .... . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 910
RuleUpdate .... . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 911 SampledHTTPRequest ... . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 912
SizeConstraint ... . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 914 SizeConstraintSet .... . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 917
SizeConstraintSetSummary .... . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . 919 SizeConstraintSetUpdate .... . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 920 SqlInjectionMatchSet .... . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . 921
SqlInjectionMatchSetSummary .... . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
923 SqlInjectionMatchSetUpdate .... . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 924 SqlInjectionMatchTuple .... . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 925 SubscribedRuleGroupSummary .... . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 927 Tag .... . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . 929
viii
AWS WAF Classic Regional ... . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . 943 ActivatedRule .... . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 946
ByteMatchSet .... . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 949 ByteMatchSetSummary .... . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 951 ByteMatchSetUpdate
.... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 952
ByteMatchTuple .... . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . 953 ExcludedRule .... . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 957
FieldToMatch .... . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 958 GeoMatchConstraint ... . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 960 GeoMatchSet
.... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 962 GeoMatchSetSummary .... . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 964 GeoMatchSetUpdate .... . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . 965 HTTPHeader
.... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . 966 HTTPRequest ... . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 967 IPSet
.... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 969 IPSetDescriptor ... .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 971 IPSetSummary .... . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . 973 IPSetUpdate .... . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 974 LoggingConfiguration .... . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . 975 Predicate .... . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. 977 RateBasedRule .... . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 979 RegexMatchSet .... . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 981
RegexMatchSetSummary .... . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 983 RegexMatchSetUpdate .... . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . 984 RegexMatchTuple .... . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . 985 RegexPatternSet
.... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 988 RegexPatternSetSummary .... . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 990 RegexPatternSetUpdate .... . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . 991 Rule .... . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . 992 RuleGroup .... . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 994
RuleGroupSummary .... . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 996 RuleGroupUpdate .... . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 997 RuleSummary .... . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . 998 RuleUpdate .... . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . 999 SampledHTTPRequest
... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1000
SizeConstraint ... . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 1002 SizeConstraintSet .... . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . 1005
SizeConstraintSetSummary .... . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1007 SizeConstraintSetUpdate .... . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . 1008 SqlInjectionMatchSet .... . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . 1009 SqlInjectionMatchSetSummary ....
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . 1011 SqlInjectionMatchSetUpdate .... .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . 1012 SqlInjectionMatchTuple .... .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 1013
SubscribedRuleGroupSummary .... . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1015
Tag .... . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 1017
TagInfoForResource .... . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . 1018
ix
Common Parameters ... . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . 1032 Common Errors
... . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . 1034
x
Welcome
AWS WAFV2 Note This is the latest version of the AWS WAF API,
released in November, 2019. The names of the entities that you use
to access this API, like endpoints and namespaces, all have the
versioning information added, like "V2" or "v2", to distinguish
from the prior version. We recommend migrating your resources to
this version, because it has a number of significant improvements.
If you used AWS WAF prior to this release, you can't use this AWS
WAFV2 API to access any AWS WAF resources that you created before.
You can access your old rules, web ACLs, and other AWS WAF
resources only through the AWS WAF Classic APIs. The AWS WAF
Classic APIs have retained the prior names, endpoints, and
namespaces. For information, including how to migrate your AWS WAF
resources to this version, see the AWS WAF Developer Guide.
AWS WAF is a web application firewall that lets you monitor the
HTTP and HTTPS requests that are forwarded to Amazon CloudFront, an
Amazon API Gateway REST API, an Application Load Balancer, or an
AWS AppSync GraphQL API. AWS WAF also lets you control access to
your content. Based on conditions that you specify, such as the IP
addresses that requests originate from or the values of query
strings, the Amazon API Gateway REST API, CloudFront distribution,
the Application Load Balancer, or the AWS AppSync GraphQL API
responds to requests either with the requested content or with an
HTTP 403 status code (Forbidden). You also can configure CloudFront
to return a custom error page when a request is blocked.
This API guide is for developers who need detailed information
about AWS WAF API actions, data types, and errors. For detailed
information about AWS WAF features and an overview of how to use
AWS WAF, see the AWS WAF Developer Guide.
You can make calls using the endpoints listed in AWS WAF endpoints
and quotas.
• For regional applications, you can use any of the endpoints in
the list. A regional application can be an Application Load
Balancer (ALB), an Amazon API Gateway REST API, or an AWS AppSync
GraphQL API.
• For Amazon CloudFront applications, you must use the API endpoint
listed for US East (N. Virginia): us- east-1.
Alternatively, you can use one of the AWS SDKs to access an API
that's tailored to the programming language or platform that you're
using. For more information, see AWS SDKs.
We currently provide two versions of the AWS WAF API: this API and
the prior versions, the classic AWS WAF APIs. This new API provides
the same functionality as the older versions, with the following
major improvements:
• You use one API for both global and regional applications. Where
you need to distinguish the scope, you specify a Scope parameter
and set it to CLOUDFRONT or REGIONAL.
• You can define a web ACL or rule group with a single call, and
update it with a single call. You define all rule specifications in
JSON format, and pass them to your rule group or web ACL
calls.
• The limits AWS WAF places on the use of rules more closely
reflects the cost of running each type of rule. Rule groups include
capacity settings, so you know the maximum cost of a rule group
when you use it.
AWS WAFV2 API Reference AWS WAF Classic
AWS WAF Classic Note This is AWS WAF Classic documentation. For
more information, see AWS WAF Classic in the developer guide. For
the latest version of AWS WAF , use the AWS WAFV2 API and see the
AWS WAF Developer Guide. With the latest version, AWS WAF has a
single set of endpoints for regional and global use.
This is the AWS WAF Classic API Reference for using AWS WAF Classic
with Amazon CloudFront. The AWS WAF Classic actions and data types
listed in the reference are available for protecting CloudFront
distributions. You can use these actions and data types via the
endpoint waf.amazonaws.com. This guide is for developers who need
detailed information about the AWS WAF Classic API actions, data
types, and errors. For detailed information about AWS WAF Classic
features and an overview of how to use the AWS WAF Classic API, see
the AWS WAF Classic in the developer guide.
AWS WAF Classic Regional Note This is AWS WAF Classic
documentation. For more information, see AWS WAF Classic in the
developer guide. For the latest version of AWS WAF , use the AWS
WAFV2 API and see the AWS WAF Developer Guide. With the latest
version, AWS WAF has a single set of endpoints for regional and
global use.
This is the AWS WAF Classic Regional API Reference for using AWS
WAF Classic with the AWS resources, Elastic Load Balancing
Application Load Balancers and Amazon API Gateway APIs. The AWS WAF
Classic actions and data types listed in the reference are
available for protecting these resource types. You can use these
actions and data types by means of the endpoints listed in AWS WAF
Classic endpoints and quotas. This guide is for developers who need
detailed information about the AWS WAF Classic API actions, data
types, and errors. For detailed information about AWS WAF Classic
features and an overview of how to use the AWS WAF Classic API, see
the AWS WAF Classic in the developer guide.
• AssociateWebACL (p. 9) • CheckCapacity (p. 12) • CreateIPSet (p.
20) • CreateRegexPatternSet (p. 24) • CreateRuleGroup (p. 28) •
CreateWebACL (p. 38) • DeleteFirewallManagerRuleGroups (p. 49) •
DeleteIPSet (p. 52) • DeleteLoggingConfiguration (p. 55) •
DeletePermissionPolicy (p. 57) • DeleteRegexPatternSet (p. 59) •
DeleteRuleGroup (p. 62) • DeleteWebACL (p. 65) •
DescribeManagedRuleGroup (p. 68) • DisassociateWebACL (p. 73) •
GetIPSet (p. 75) • GetLoggingConfiguration (p. 78) •
GetManagedRuleSet (p. 81) • GetPermissionPolicy (p. 84) •
GetRateBasedStatementManagedKeys (p. 86) • GetRegexPatternSet (p.
90) • GetRuleGroup (p. 93) • GetSampledRequests (p. 102) •
GetWebACL (p. 106) • GetWebACLForResource (p. 125) •
ListAvailableManagedRuleGroups (p. 143) •
ListAvailableManagedRuleGroupVersions (p. 146) • ListIPSets (p.
149) • ListLoggingConfigurations (p. 152) • ListManagedRuleSets (p.
156) • ListRegexPatternSets (p. 159) • ListResourcesForWebACL (p.
162) • ListRuleGroups (p. 165) • ListTagsForResource (p. 168) •
ListWebACLs (p. 171) • PutLoggingConfiguration (p. 174) •
PutManagedRuleSetVersions (p. 179) • PutPermissionPolicy (p. 183) •
TagResource (p. 186) • UntagResource (p. 189)
3
The following actions are supported by AWS WAF Classic:
• CreateByteMatchSet (p. 226) • CreateGeoMatchSet (p. 230) •
CreateIPSet (p. 234) • CreateRateBasedRule (p. 237) •
CreateRegexMatchSet (p. 242) • CreateRegexPatternSet (p. 245) •
CreateRule (p. 248) • CreateRuleGroup (p. 252) •
CreateSizeConstraintSet (p. 256) • CreateSqlInjectionMatchSet (p.
260) • CreateWebACL (p. 264) • CreateWebACLMigrationStack (p. 269)
• CreateXssMatchSet (p. 273) • DeleteByteMatchSet (p. 277) •
DeleteGeoMatchSet (p. 280) • DeleteIPSet (p. 283) •
DeleteLoggingConfiguration (p. 286) • DeletePermissionPolicy (p.
288) • DeleteRateBasedRule (p. 290) • DeleteRegexMatchSet (p. 293)
• DeleteRegexPatternSet (p. 296) • DeleteRule (p. 299) •
DeleteRuleGroup (p. 302) • DeleteSizeConstraintSet (p. 305) •
DeleteSqlInjectionMatchSet (p. 308) • DeleteWebACL (p. 311) •
DeleteXssMatchSet (p. 314) • GetByteMatchSet (p. 317) •
GetChangeToken (p. 320) • GetChangeTokenStatus (p. 322) •
GetGeoMatchSet (p. 324) • GetIPSet (p. 326) •
GetLoggingConfiguration (p. 328) • GetPermissionPolicy (p. 330) •
GetRateBasedRule (p. 332) • GetRateBasedRuleManagedKeys (p. 334) •
GetRegexMatchSet (p. 337) • GetRegexPatternSet (p. 339)
4
The following actions are supported by AWS WAF Classic
Regional:
• AssociateWebACL (p. 474) • CreateByteMatchSet (p. 477) •
CreateGeoMatchSet (p. 481) • CreateIPSet (p. 485)
5
6
• ListGeoMatchSets (p. 623) • ListIPSets (p. 626) •
ListLoggingConfigurations (p. 629) • ListRateBasedRules (p. 632) •
ListRegexMatchSets (p. 635) • ListRegexPatternSets (p. 638) •
ListResourcesForWebACL (p. 641) • ListRuleGroups (p. 644) •
ListRules (p. 647) • ListSizeConstraintSets (p. 650) •
ListSqlInjectionMatchSets (p. 653) • ListSubscribedRuleGroups (p.
656) • ListTagsForResource (p. 659) • ListWebACLs (p. 662) •
ListXssMatchSets (p. 665) • PutLoggingConfiguration (p. 668) •
PutPermissionPolicy (p. 671) • TagResource (p. 674) • UntagResource
(p. 677) • UpdateByteMatchSet (p. 679) • UpdateGeoMatchSet (p. 683)
• UpdateIPSet (p. 687) • UpdateRateBasedRule (p. 692) •
UpdateRegexMatchSet (p. 697) • UpdateRegexPatternSet (p. 701) •
UpdateRule (p. 705) • UpdateRuleGroup (p. 709) •
UpdateSizeConstraintSet (p. 713) • UpdateSqlInjectionMatchSet (p.
718) • UpdateWebACL (p. 722) • UpdateXssMatchSet (p. 727)
AWS WAFV2 The following actions are supported by AWS WAFV2:
• AssociateWebACL (p. 9) • CheckCapacity (p. 12) • CreateIPSet (p.
20) • CreateRegexPatternSet (p. 24) • CreateRuleGroup (p. 28) •
CreateWebACL (p. 38) • DeleteFirewallManagerRuleGroups (p. 49) •
DeleteIPSet (p. 52) • DeleteLoggingConfiguration (p. 55)
7
• DeletePermissionPolicy (p. 57) • DeleteRegexPatternSet (p. 59) •
DeleteRuleGroup (p. 62) • DeleteWebACL (p. 65) •
DescribeManagedRuleGroup (p. 68) • DisassociateWebACL (p. 73) •
GetIPSet (p. 75) • GetLoggingConfiguration (p. 78) •
GetManagedRuleSet (p. 81) • GetPermissionPolicy (p. 84) •
GetRateBasedStatementManagedKeys (p. 86) • GetRegexPatternSet (p.
90) • GetRuleGroup (p. 93) • GetSampledRequests (p. 102) •
GetWebACL (p. 106) • GetWebACLForResource (p. 125) •
ListAvailableManagedRuleGroups (p. 143) •
ListAvailableManagedRuleGroupVersions (p. 146) • ListIPSets (p.
149) • ListLoggingConfigurations (p. 152) • ListManagedRuleSets (p.
156) • ListRegexPatternSets (p. 159) • ListResourcesForWebACL (p.
162) • ListRuleGroups (p. 165) • ListTagsForResource (p. 168) •
ListWebACLs (p. 171) • PutLoggingConfiguration (p. 174) •
PutManagedRuleSetVersions (p. 179) • PutPermissionPolicy (p. 183) •
TagResource (p. 186) • UntagResource (p. 189) • UpdateIPSet (p.
191) • UpdateManagedRuleSetVersionExpiryDate (p. 195) •
UpdateRegexPatternSet (p. 199) • UpdateRuleGroup (p. 203) •
UpdateWebACL (p. 213)
8
AssociateWebACL Service: AWS WAFV2
Associates a web ACL with a regional application resource, to
protect the resource. A regional application can be an Application
Load Balancer (ALB), an Amazon API Gateway REST API, or an AWS
AppSync GraphQL API.
For Amazon CloudFront, don't use this call. Instead, use your
CloudFront distribution configuration. To associate a web ACL, in
the CloudFront call UpdateDistribution, set the web ACL ID to the
Amazon Resource Name (ARN) of the web ACL. For information, see
UpdateDistribution.
Request Syntax
{ "ResourceArn": "string", "WebACLArn": "string" }
Request Parameters For information about the parameters that are
common to all actions, see Common Parameters (p. 1032).
The request accepts the following data in JSON format.
ResourceArn (p. 9)
The Amazon Resource Name (ARN) of the resource to associate with
the web ACL.
The ARN must be in one of the following formats:
• For an Application Load Balancer:
arn:aws:elasticloadbalancing:region:account-
id:loadbalancer/app/load-balancer-name/load-balancer-id
• For an Amazon API Gateway REST API:
arn:aws:apigateway:region::/restapis/api-id/
stages/stage-name
• For an AWS AppSync GraphQL API: arn:aws:appsync:region:account-
id:apis/GraphQLApiId
Type: String
Length Constraints: Minimum length of 20. Maximum length of
2048.
Pattern: .*\S.*
Required: Yes
WebACLArn (p. 9)
The Amazon Resource Name (ARN) of the web ACL that you want to
associate with the resource.
Type: String
Length Constraints: Minimum length of 20. Maximum length of
2048.
Pattern: .*\S.*
Required: Yes
AWS WAFV2 API Reference AssociateWebACL
Response Elements If the action is successful, the service sends
back an HTTP 200 response with an empty HTTP body.
Errors For information about the errors that are common to all
actions, see Common Errors (p. 1034).
WAFInternalErrorException
Your request is valid, but AWS WAF couldn’t perform the operation
because of a system problem. Retry your request.
HTTP Status Code: 500 WAFInvalidOperationException
The operation isn't valid.
HTTP Status Code: 400 WAFInvalidParameterException
The operation failed because AWS WAF didn't recognize a parameter
in the request. For example: • You specified a parameter name or
value that isn't valid. • Your nested statement isn't valid. You
might have tried to nest a statement that can’t be nested. • You
tried to update a WebACL with a DefaultAction that isn't among the
types available at
DefaultAction (p. 757). • Your request references an ARN that is
malformed, or corresponds to a resource with which a web
ACL can't be associated.
HTTP Status Code: 400 WAFNonexistentItemException
AWS WAF couldn’t perform the operation because your resource
doesn’t exist.
HTTP Status Code: 400 WAFUnavailableEntityException
AWS WAF couldn’t retrieve the resource that you requested. Retry
your request.
HTTP Status Code: 400
See Also For more information about using this API in one of the
language-specific AWS SDKs, see the following:
• AWS Command Line Interface • AWS SDK for .NET • AWS SDK for C++ •
AWS SDK for Go • AWS SDK for Java V2 • AWS SDK for JavaScript • AWS
SDK for PHP V3 • AWS SDK for Python
CheckCapacity Service: AWS WAFV2
Returns the web ACL capacity unit (WCU) requirements for a
specified scope and set of rules. You can use this to check the
capacity requirements for the rules you want to use in a RuleGroup
(p. 822) or WebACL (p. 849).
AWS WAF uses WCUs to calculate and control the operating resources
that are used to run your rules, rule groups, and web ACLs. AWS WAF
calculates capacity differently for each rule type, to reflect the
relative cost of each rule. Simple rules that cost little to run
use fewer WCUs than more complex rules that use more processing
power. Rule group capacity is fixed at creation, which helps users
plan their web ACL WCU usage when they use a rule group. The WCU
limit for web ACLs is 1,500.
Request Syntax
12
"CaptchaConfig": { "ImmunityTimeProperty": { "ImmunityTime": number
} }, "Name": "string", "OverrideAction": { "Count": {
"CustomRequestHandling": { "InsertHeaders": [ { "Name": "string",
"Value": "string" } ] } }, "None": { } }, "Priority": number,
"RuleLabels": [ { "Name": "string" } ], "Statement": {
"AndStatement": { "Statements": [ "Statement" ] },
"ByteMatchStatement": { "FieldToMatch": { "AllQueryArguments": { },
"Body": { }, "JsonBody": { "InvalidFallbackBehavior": "string",
"MatchPattern": { "All": { }, "IncludedPaths": [ "string" ] },
"MatchScope": "string" }, "Method": { }, "QueryString": { },
"SingleHeader": { "Name": "string" }, "SingleQueryArgument": {
"Name": "string" }, "UriPath": { } }, "PositionalConstraint":
"string", "SearchString": blob, "TextTransformations": [ {
"Priority": number, "Type": "string"
13
} ] }, "GeoMatchStatement": { "CountryCodes": [ "string" ],
"ForwardedIPConfig": { "FallbackBehavior": "string", "HeaderName":
"string" } }, "IPSetReferenceStatement": { "ARN": "string",
"IPSetForwardedIPConfig": { "FallbackBehavior": "string",
"HeaderName": "string", "Position": "string" } },
"LabelMatchStatement": { "Key": "string", "Scope": "string" },
"ManagedRuleGroupStatement": { "ExcludedRules": [ { "Name":
"string" } ], "Name": "string", "ScopeDownStatement": "Statement",
"VendorName": "string", "Version": "string" }, "NotStatement": {
"Statement": "Statement" }, "OrStatement": { "Statements": [
"Statement" ] }, "RateBasedStatement": { "AggregateKeyType":
"string", "ForwardedIPConfig": { "FallbackBehavior": "string",
"HeaderName": "string" }, "Limit": number, "ScopeDownStatement":
"Statement" }, "RegexMatchStatement": { "FieldToMatch": {
"AllQueryArguments": { }, "Body": { }, "JsonBody": {
"InvalidFallbackBehavior": "string", "MatchPattern": { "All": { },
"IncludedPaths": [ "string" ] }, "MatchScope": "string" },
"Method": {
14
}, "QueryString": { }, "SingleHeader": { "Name": "string" },
"SingleQueryArgument": { "Name": "string" }, "UriPath": { } },
"RegexString": "string", "TextTransformations": [ { "Priority":
number, "Type": "string" } ] },
"RegexPatternSetReferenceStatement": { "ARN": "string",
"FieldToMatch": { "AllQueryArguments": { }, "Body": { },
"JsonBody": { "InvalidFallbackBehavior": "string", "MatchPattern":
{ "All": { }, "IncludedPaths": [ "string" ] }, "MatchScope":
"string" }, "Method": { }, "QueryString": { }, "SingleHeader": {
"Name": "string" }, "SingleQueryArgument": { "Name": "string" },
"UriPath": { } }, "TextTransformations": [ { "Priority": number,
"Type": "string" } ] }, "RuleGroupReferenceStatement": { "ARN":
"string", "ExcludedRules": [ { "Name": "string" } ] },
"SizeConstraintStatement": { "ComparisonOperator": "string",
15
"FieldToMatch": { "AllQueryArguments": { }, "Body": { },
"JsonBody": { "InvalidFallbackBehavior": "string", "MatchPattern":
{ "All": { }, "IncludedPaths": [ "string" ] }, "MatchScope":
"string" }, "Method": { }, "QueryString": { }, "SingleHeader": {
"Name": "string" }, "SingleQueryArgument": { "Name": "string" },
"UriPath": { } }, "Size": number, "TextTransformations": [ {
"Priority": number, "Type": "string" } ] }, "SqliMatchStatement": {
"FieldToMatch": { "AllQueryArguments": { }, "Body": { },
"JsonBody": { "InvalidFallbackBehavior": "string", "MatchPattern":
{ "All": { }, "IncludedPaths": [ "string" ] }, "MatchScope":
"string" }, "Method": { }, "QueryString": { }, "SingleHeader": {
"Name": "string" }, "SingleQueryArgument": { "Name": "string" },
"UriPath": { } }, "TextTransformations": [ { "Priority":
number,
16
"Type": "string" } ] }, "XssMatchStatement": { "FieldToMatch": {
"AllQueryArguments": { }, "Body": { }, "JsonBody": {
"InvalidFallbackBehavior": "string", "MatchPattern": { "All": { },
"IncludedPaths": [ "string" ] }, "MatchScope": "string" },
"Method": { }, "QueryString": { }, "SingleHeader": { "Name":
"string" }, "SingleQueryArgument": { "Name": "string" }, "UriPath":
{ } }, "TextTransformations": [ { "Priority": number, "Type":
"string" } ] } }, "VisibilityConfig": { "CloudWatchMetricsEnabled":
boolean, "MetricName": "string", "SampledRequestsEnabled": boolean
} } ], "Scope": "string" }
Request Parameters For information about the parameters that are
common to all actions, see Common Parameters (p. 1032).
The request accepts the following data in JSON format.
Rules (p. 12)
An array of Rule (p. 818) that you're configuring to use in a rule
group or web ACL.
Type: Array of Rule (p. 818) objects
Required: Yes
Scope (p. 12)
Specifies whether this is for an Amazon CloudFront distribution or
for a regional application. A regional application can be an
Application Load Balancer (ALB), an Amazon API Gateway REST API, or
an AWS AppSync GraphQL API.
To work with CloudFront, you must also specify the Region US East
(N. Virginia) as follows: • CLI - Specify the Region when you use
the CloudFront scope: --scope=CLOUDFRONT -- region=us-east-1.
• API and SDKs - For all calls, use the Region endpoint
us-east-1.
Type: String
Required: Yes
Response Syntax
{ "Capacity": number }
Response Elements If the action is successful, the service sends
back an HTTP 200 response.
The following data is returned in JSON format by the service.
Capacity (p. 18)
Type: Long
Valid Range: Minimum value of 0.
Errors For information about the errors that are common to all
actions, see Common Errors (p. 1034).
WAFExpiredManagedRuleGroupVersionException
The operation failed because the specified version for the managed
rule group has expired. You can retrieve the available versions for
the managed rule group by calling
ListAvailableManagedRuleGroupVersions (p. 146).
HTTP Status Code: 400 WAFInternalErrorException
Your request is valid, but AWS WAF couldn’t perform the operation
because of a system problem. Retry your request.
HTTP Status Code: 500 WAFInvalidParameterException
The operation failed because AWS WAF didn't recognize a parameter
in the request. For example:
18
AWS WAFV2 API Reference CheckCapacity
• You specified a parameter name or value that isn't valid. • Your
nested statement isn't valid. You might have tried to nest a
statement that can’t be nested. • You tried to update a WebACL with
a DefaultAction that isn't among the types available at
DefaultAction (p. 757). • Your request references an ARN that is
malformed, or corresponds to a resource with which a web
ACL can't be associated.
HTTP Status Code: 400 WAFInvalidResourceException
AWS WAF couldn’t perform the operation because the resource that
you requested isn’t valid. Check the resource, and try again.
HTTP Status Code: 400 WAFLimitsExceededException
AWS WAF couldn’t perform the operation because you exceeded your
resource limit. For example, the maximum number of WebACL objects
that you can create for an AWS account. For more information, see
AWS WAF quotas in the AWS WAF Developer Guide.
HTTP Status Code: 400 WAFNonexistentItemException
AWS WAF couldn’t perform the operation because your resource
doesn’t exist.
HTTP Status Code: 400 WAFSubscriptionNotFoundException
You tried to use a managed rule group that's available by
subscription, but you aren't subscribed to it yet.
HTTP Status Code: 400 WAFUnavailableEntityException
AWS WAF couldn’t retrieve the resource that you requested. Retry
your request.
HTTP Status Code: 400
See Also For more information about using this API in one of the
language-specific AWS SDKs, see the following:
• AWS Command Line Interface • AWS SDK for .NET • AWS SDK for C++ •
AWS SDK for Go • AWS SDK for Java V2 • AWS SDK for JavaScript • AWS
SDK for PHP V3 • AWS SDK for Python • AWS SDK for Ruby V3
CreateIPSet Service: AWS WAFV2
Creates an IPSet (p. 773), which you use to identify web requests
that originate from specific IP addresses or ranges of IP
addresses. For example, if you're receiving a lot of requests from
a ranges of IP addresses, you can configure AWS WAF to block them
using an IPSet that lists those IP addresses.
Request Syntax
{ "Addresses": [ "string" ], "Description": "string",
"IPAddressVersion": "string", "Name": "string", "Scope": "string",
"Tags": [ { "Key": "string", "Value": "string" } ] }
Request Parameters For information about the parameters that are
common to all actions, see Common Parameters (p. 1032).
The request accepts the following data in JSON format.
Addresses (p. 20)
Contains an array of strings that specify one or more IP addresses
or blocks of IP addresses in Classless Inter-Domain Routing (CIDR)
notation. AWS WAF supports all IPv4 and IPv6 CIDR ranges except for
/0.
Examples: • To configure AWS WAF to allow, block, or count requests
that originated from the IP address
192.0.2.44, specify 192.0.2.44/32. • To configure AWS WAF to allow,
block, or count requests that originated from IP addresses
from
192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24. • To configure AWS
WAF to allow, block, or count requests that originated
from the IP address 1111:0000:0000:0000:0000:0000:0000:0111,
specify 1111:0000:0000:0000:0000:0000:0000:0111/128.
• To configure AWS WAF to allow, block, or count requests that
originated from IP addresses
1111:0000:0000:0000:0000:0000:0000:0000 to
1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
1111:0000:0000:0000:0000:0000:0000:0000/64.
For more information about CIDR notation, see the Wikipedia entry
Classless Inter-Domain Routing.
Type: Array of strings
Length Constraints: Minimum length of 1. Maximum length of
50.
Pattern: .*\S.*
Required: Yes
A description of the IP set that helps with identification.
Type: String
Length Constraints: Minimum length of 1. Maximum length of
256.
Pattern: ^[\w+=:#@/\-,\.][\w+=:#@/\-,\.\s]+[\w+=:#@/\-,\.]$
Required: No
The version of the IP addresses, either IPV4 or IPV6.
Type: String
Name (p. 20)
The name of the IP set. You cannot change the name of an IPSet
after you create it.
Type: String
Length Constraints: Minimum length of 1. Maximum length of
128.
Pattern: ^[\w\-]+$
Required: Yes
Scope (p. 20)
Specifies whether this is for an Amazon CloudFront distribution or
for a regional application. A regional application can be an
Application Load Balancer (ALB), an Amazon API Gateway REST API, or
an AWS AppSync GraphQL API.
To work with CloudFront, you must also specify the Region US East
(N. Virginia) as follows:
• CLI - Specify the Region when you use the CloudFront scope:
--scope=CLOUDFRONT -- region=us-east-1.
• API and SDKs - For all calls, use the Region endpoint
us-east-1.
Type: String
An array of key:value pairs to associate with the resource.
Type: Array of Tag (p. 840) objects
Array Members: Minimum number of 1 item.
Required: No
Response Syntax
{ "Summary": { "ARN": "string", "Description": "string", "Id":
"string", "LockToken": "string", "Name": "string" } }
Response Elements If the action is successful, the service sends
back an HTTP 200 response.
The following data is returned in JSON format by the service.
Summary (p. 22)
High-level information about an IPSet (p. 773), returned by
operations like create and list. This provides information like the
ID, that you can use to retrieve and manage an IPSet, and the ARN,
that you provide to the IPSetReferenceStatement (p. 777) to use the
address set in a Rule (p. 818).
Type: IPSetSummary (p. 778) object
Errors For information about the errors that are common to all
actions, see Common Errors (p. 1034).
WAFDuplicateItemException
AWS WAF couldn’t perform the operation because the resource that
you tried to save is a duplicate of an existing one.
HTTP Status Code: 400 WAFInternalErrorException
Your request is valid, but AWS WAF couldn’t perform the operation
because of a system problem. Retry your request.
HTTP Status Code: 500 WAFInvalidOperationException
The operation isn't valid.
HTTP Status Code: 400 WAFInvalidParameterException
The operation failed because AWS WAF didn't recognize a parameter
in the request. For example: • You specified a parameter name or
value that isn't valid. • Your nested statement isn't valid. You
might have tried to nest a statement that can’t be nested. • You
tried to update a WebACL with a DefaultAction that isn't among the
types available at
DefaultAction (p. 757).
AWS WAFV2 API Reference CreateIPSet
• Your request references an ARN that is malformed, or corresponds
to a resource with which a web ACL can't be associated.
HTTP Status Code: 400 WAFLimitsExceededException
AWS WAF couldn’t perform the operation because you exceeded your
resource limit. For example, the maximum number of WebACL objects
that you can create for an AWS account. For more information, see
AWS WAF quotas in the AWS WAF Developer Guide.
HTTP Status Code: 400 WAFOptimisticLockException
AWS WAF couldn’t save your changes because you tried to update or
delete a resource that has changed since you last retrieved it. Get
the resource again, make any changes you need to make to the new
copy, and retry your operation.
HTTP Status Code: 400 WAFTagOperationException
An error occurred during the tagging operation. Retry your
request.
HTTP Status Code: 400 WAFTagOperationInternalErrorException
AWS WAF couldn’t perform your tagging operation because of an
internal error. Retry your request.
HTTP Status Code: 500
See Also For more information about using this API in one of the
language-specific AWS SDKs, see the following:
• AWS Command Line Interface • AWS SDK for .NET • AWS SDK for C++ •
AWS SDK for Go • AWS SDK for Java V2 • AWS SDK for JavaScript • AWS
SDK for PHP V3 • AWS SDK for Python • AWS SDK for Ruby V3
CreateRegexPatternSet Service: AWS WAFV2
Creates a RegexPatternSet (p. 813), which you reference in a
RegexPatternSetReferenceStatement (p. 815), to have AWS WAF inspect
a web request component for the specified patterns.
Request Syntax
{ "Description": "string", "Name": "string",
"RegularExpressionList": [ { "RegexString": "string" } ], "Scope":
"string", "Tags": [ { "Key": "string", "Value": "string" } ]
}
Request Parameters For information about the parameters that are
common to all actions, see Common Parameters (p. 1032).
The request accepts the following data in JSON format.
Description (p. 24)
Type: String
Length Constraints: Minimum length of 1. Maximum length of
256.
Pattern: ^[\w+=:#@/\-,\.][\w+=:#@/\-,\.\s]+[\w+=:#@/\-,\.]$
Required: No Name (p. 24)
The name of the set. You cannot change the name after you create
the set.
Type: String
Length Constraints: Minimum length of 1. Maximum length of
128.
Pattern: ^[\w\-]+$
Type: Array of Regex (p. 811) objects
24
AWS WAFV2 API Reference CreateRegexPatternSet
Required: Yes Scope (p. 24)
Specifies whether this is for an Amazon CloudFront distribution or
for a regional application. A regional application can be an
Application Load Balancer (ALB), an Amazon API Gateway REST API, or
an AWS AppSync GraphQL API.
To work with CloudFront, you must also specify the Region US East
(N. Virginia) as follows: • CLI - Specify the Region when you use
the CloudFront scope: --scope=CLOUDFRONT -- region=us-east-1.
• API and SDKs - For all calls, use the Region endpoint
us-east-1.
Type: String
An array of key:value pairs to associate with the resource.
Type: Array of Tag (p. 840) objects
Array Members: Minimum number of 1 item.
Required: No
Response Syntax
{ "Summary": { "ARN": "string", "Description": "string", "Id":
"string", "LockToken": "string", "Name": "string" } }
Response Elements If the action is successful, the service sends
back an HTTP 200 response.
The following data is returned in JSON format by the service.
Summary (p. 25)
High-level information about a RegexPatternSet (p. 813), returned
by operations like create and list. This provides information like
the ID, that you can use to retrieve and manage a RegexPatternSet,
and the ARN, that you provide to the
RegexPatternSetReferenceStatement (p. 815) to use the pattern set
in a Rule (p. 818).
Type: RegexPatternSetSummary (p. 816) object
Errors For information about the errors that are common to all
actions, see Common Errors (p. 1034).
25
WAFDuplicateItemException
AWS WAF couldn’t perform the operation because the resource that
you tried to save is a duplicate of an existing one.
HTTP Status Code: 400 WAFInternalErrorException
Your request is valid, but AWS WAF couldn’t perform the operation
because of a system problem. Retry your request.
HTTP Status Code: 500 WAFInvalidOperationException
The operation isn't valid.
HTTP Status Code: 400 WAFInvalidParameterException
The operation failed because AWS WAF didn't recognize a parameter
in the request. For example: • You specified a parameter name or
value that isn't valid. • Your nested statement isn't valid. You
might have tried to nest a statement that can’t be nested. • You
tried to update a WebACL with a DefaultAction that isn't among the
types available at
DefaultAction (p. 757). • Your request references an ARN that is
malformed, or corresponds to a resource with which a web
ACL can't be associated.
HTTP Status Code: 400 WAFLimitsExceededException
AWS WAF couldn’t perform the operation because you exceeded your
resource limit. For example, the maximum number of WebACL objects
that you can create for an AWS account. For more information, see
AWS WAF quotas in the AWS WAF Developer Guide.
HTTP Status Code: 400 WAFOptimisticLockException
AWS WAF couldn’t save your changes because you tried to update or
delete a resource that has changed since you last retrieved it. Get
the resource again, make any changes you need to make to the new
copy, and retry your operation.
HTTP Status Code: 400 WAFTagOperationException
An error occurred during the tagging operation. Retry your
request.
HTTP Status Code: 400 WAFTagOperationInternalErrorException
AWS WAF couldn’t perform your tagging operation because of an
internal error. Retry your request.
HTTP Status Code: 500
See Also For more information about using this API in one of the
language-specific AWS SDKs, see the following:
AWS WAFV2 API Reference CreateRegexPatternSet
• AWS Command Line Interface • AWS SDK for .NET • AWS SDK for C++ •
AWS SDK for Go • AWS SDK for Java V2 • AWS SDK for JavaScript • AWS
SDK for PHP V3 • AWS SDK for Python • AWS SDK for Ruby V3
CreateRuleGroup Service: AWS WAFV2
Creates a RuleGroup (p. 822) per the specifications provided.
A rule group defines a collection of rules to inspect and control
web requests that you can use in a WebACL (p. 849). When you create
a rule group, you define an immutable capacity limit. If you update
a rule group, you must stay within the capacity. This allows others
to reuse the rule group with confidence in its capacity
requirements.
Request Syntax
28
} ] } } }, "CaptchaConfig": { "ImmunityTimeProperty": {
"ImmunityTime": number } }, "Name": "string", "OverrideAction": {
"Count": { "CustomRequestHandling": { "InsertHeaders": [ { "Name":
"string", "Value": "string" } ] } }, "None": { } }, "Priority":
number, "RuleLabels": [ { "Name": "string" } ], "Statement": {
"AndStatement": { "Statements": [ "Statement" ] },
"ByteMatchStatement": { "FieldToMatch": { "AllQueryArguments": { },
"Body": { }, "JsonBody": { "InvalidFallbackBehavior": "string",
"MatchPattern": { "All": { }, "IncludedPaths": [ "string" ] },
"MatchScope": "string" }, "Method": { }, "QueryString": { },
"SingleHeader": { "Name": "string" }, "SingleQueryArgument": {
"Name": "string" }, "UriPath": { } }, "PositionalConstraint":
"string",
29
"SearchString": blob, "TextTransformations": [ { "Priority":
number, "Type": "string" } ] }, "GeoMatchStatement": {
"CountryCodes": [ "string" ], "ForwardedIPConfig": {
"FallbackBehavior": "string", "HeaderName": "string" } },
"IPSetReferenceStatement": { "ARN": "string",
"IPSetForwardedIPConfig": { "FallbackBehavior": "string",
"HeaderName": "string", "Position": "string" } },
"LabelMatchStatement": { "Key": "string", "Scope": "string" },
"ManagedRuleGroupStatement": { "ExcludedRules": [ { "Name":
"string" } ], "Name": "string", "ScopeDownStatement": "Statement",
"VendorName": "string", "Version": "string" }, "NotStatement": {
"Statement": "Statement" }, "OrStatement": { "Statements": [
"Statement" ] }, "RateBasedStatement": { "AggregateKeyType":
"string", "ForwardedIPConfig": { "FallbackBehavior": "string",
"HeaderName": "string" }, "Limit": number, "ScopeDownStatement":
"Statement" }, "RegexMatchStatement": { "FieldToMatch": {
"AllQueryArguments": { }, "Body": { }, "JsonBody": {
"InvalidFallbackBehavior": "string", "MatchPattern": { "All": {
},
30
"IncludedPaths": [ "string" ] }, "MatchScope": "string" },
"Method": { }, "QueryString": { }, "SingleHeader": { "Name":
"string" }, "SingleQueryArgument": { "Name": "string" }, "UriPath":
{ } }, "RegexString": "string", "TextTransformations": [ {
"Priority": number, "Type": "string" } ] },
"RegexPatternSetReferenceStatement": { "ARN": "string",
"FieldToMatch": { "AllQueryArguments": { }, "Body": { },
"JsonBody": { "InvalidFallbackBehavior": "string", "MatchPattern":
{ "All": { }, "IncludedPaths": [ "string" ] }, "MatchScope":
"string" }, "Method": { }, "QueryString": { }, "SingleHeader": {
"Name": "string" }, "SingleQueryArgument": { "Name": "string" },
"UriPath": { } }, "TextTransformations": [ { "Priority": number,
"Type": "string" } ] }, "RuleGroupReferenceStatement": { "ARN":
"string", "ExcludedRules": [ { "Name": "string"
31
} ] }, "SizeConstraintStatement": { "ComparisonOperator": "string",
"FieldToMatch": { "AllQueryArguments": { }, "Body": { },
"JsonBody": { "InvalidFallbackBehavior": "string", "MatchPatt