feat(client-wafv2): For protected CloudFront distributions, you can n…

…ow use the AWS WAF Fraud Control account takeover prevention (ATP) managed rule group to block new login attempts from clients that have recently submitted too many failed login attempts.
aws · Feb 15, 2023 · dc28d4e · dc28d4e
1 parent 804b9bc
commit dc28d4e
Show file tree

Hide file tree

Showing 8 changed files with 2,470 additions and 1,169 deletions.
diff --git a/clients/client-wafv2/README.md b/clients/client-wafv2/README.md
@@ -25,16 +25,15 @@ have retained the prior names, endpoints, and namespaces. </p>
 see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
 </note>
 <p>WAF is a web application firewall that lets you monitor the HTTP and HTTPS
-requests that are forwarded to Amazon CloudFront, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync
-GraphQL API, or an Amazon Cognito user pool. WAF also lets you control access to your content. Based on conditions that
+requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync
+GraphQL API, or Amazon Cognito user pool. WAF also lets you control access to your content,
+to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that
 you specify, such as the IP addresses that requests originate from or the values of query
-strings, the Amazon API Gateway REST API, CloudFront distribution, the Application Load Balancer, the AppSync GraphQL
-API, or the Amazon Cognito user pool responds to requests either with the requested content or with an HTTP 403 status code
-(Forbidden). You also can configure CloudFront to return a custom error page when a request is
-blocked.</p>
+strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code
+(Forbidden), or with a custom response. </p>
 <p>This API guide is for developers who need detailed information about WAF API actions,
-data types, and errors. For detailed information about WAF features and an overview of
-how to use WAF, see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html">WAF Developer
+data types, and errors. For detailed information about WAF features and guidance for configuring and using
+WAF, see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html">WAF Developer
 Guide</a>.</p>
 <p>You can make calls using the endpoints listed in <a href="https://docs.aws.amazon.com/general/latest/gr/waf.html">WAF endpoints and quotas</a>. </p>
 <ul>

diff --git a/clients/client-wafv2/src/WAFV2.ts b/clients/client-wafv2/src/WAFV2.ts
@@ -227,16 +227,15 @@ import { WAFV2Client } from "./WAFV2Client";
  *             see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
  *          </note>
  *          <p>WAF is a web application firewall that lets you monitor the HTTP and HTTPS
- *          requests that are forwarded to Amazon CloudFront, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync
- *          GraphQL API, or an Amazon Cognito user pool. WAF also lets you control access to your content. Based on conditions that
+ *          requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync
+ *       GraphQL API, or Amazon Cognito user pool. WAF also lets you control access to your content,
+ *       to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that
  *          you specify, such as the IP addresses that requests originate from or the values of query
- *          strings, the Amazon API Gateway REST API, CloudFront distribution, the Application Load Balancer, the AppSync GraphQL
- *          API, or the Amazon Cognito user pool responds to requests either with the requested content or with an HTTP 403 status code
- *          (Forbidden). You also can configure CloudFront to return a custom error page when a request is
- *          blocked.</p>
+ *          strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code
+ *          (Forbidden), or with a custom response. </p>
  *          <p>This API guide is for developers who need detailed information about WAF API actions,
- *          data types, and errors. For detailed information about WAF features and an overview of
- *          how to use WAF, see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html">WAF Developer
+ *          data types, and errors. For detailed information about WAF features and guidance for configuring and using
+ *          WAF, see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html">WAF Developer
  *          Guide</a>.</p>
  *          <p>You can make calls using the endpoints listed in <a href="https://docs.aws.amazon.com/general/latest/gr/waf.html">WAF endpoints and quotas</a>. </p>
  *          <ul>

diff --git a/clients/client-wafv2/src/WAFV2Client.ts b/clients/client-wafv2/src/WAFV2Client.ts
@@ -445,16 +445,15 @@ export interface WAFV2ClientResolvedConfig extends WAFV2ClientResolvedConfigType
  *             see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
  *          </note>
  *          <p>WAF is a web application firewall that lets you monitor the HTTP and HTTPS
- *          requests that are forwarded to Amazon CloudFront, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync
- *          GraphQL API, or an Amazon Cognito user pool. WAF also lets you control access to your content. Based on conditions that
+ *          requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync
+ *       GraphQL API, or Amazon Cognito user pool. WAF also lets you control access to your content,
+ *       to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that
  *          you specify, such as the IP addresses that requests originate from or the values of query
- *          strings, the Amazon API Gateway REST API, CloudFront distribution, the Application Load Balancer, the AppSync GraphQL
- *          API, or the Amazon Cognito user pool responds to requests either with the requested content or with an HTTP 403 status code
- *          (Forbidden). You also can configure CloudFront to return a custom error page when a request is
- *          blocked.</p>
+ *          strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code
+ *          (Forbidden), or with a custom response. </p>
  *          <p>This API guide is for developers who need detailed information about WAF API actions,
- *          data types, and errors. For detailed information about WAF features and an overview of
- *          how to use WAF, see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html">WAF Developer
+ *          data types, and errors. For detailed information about WAF features and guidance for configuring and using
+ *          WAF, see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html">WAF Developer
  *          Guide</a>.</p>
  *          <p>You can make calls using the endpoints listed in <a href="https://docs.aws.amazon.com/general/latest/gr/waf.html">WAF endpoints and quotas</a>. </p>
  *          <ul>

diff --git a/clients/client-wafv2/src/endpoint/EndpointParameters.ts b/clients/client-wafv2/src/endpoint/EndpointParameters.ts
@@ -24,7 +24,7 @@ export const resolveClientEndpointParameters = <T>(
 };
 
 export interface EndpointParameters extends __EndpointParameters {
-  Region: string;
+  Region?: string;
   UseDualStack?: boolean;
   UseFIPS?: boolean;
   Endpoint?: string;

diff --git a/clients/client-wafv2/src/endpoint/ruleset.ts b/clients/client-wafv2/src/endpoint/ruleset.ts
@@ -6,24 +6,27 @@ import { RuleSetObject } from "@aws-sdk/util-endpoints";
    or see "smithy.rules#endpointRuleSet"
    in codegen/sdk-codegen/aws-models/wafv2.json */
 
-const q="fn",
-r="argv",
-s="ref";
-const a=true,
-b=false,
-c="String",
-d="PartitionResult",
-e="tree",
-f="error",
-g="endpoint",
-h={"required":true,"default":false,"type":"Boolean"},
-i={[s]:"Endpoint"},
-j={[q]:"booleanEquals",[r]:[{[s]:"UseFIPS"},true]},
-k={[q]:"booleanEquals",[r]:[{[s]:"UseDualStack"},true]},
+const s="required",
+t="fn",
+u="argv",
+v="ref";
+const a="isSet",
+b="tree",
+c="error",
+d="endpoint",
+e="PartitionResult",
+f="stringEquals",
+g={[s]:false,"type":"String"},
+h={[s]:true,"default":false,"type":"Boolean"},
+i={[v]:"Endpoint"},
+j={[t]:"booleanEquals",[u]:[{[v]:"UseFIPS"},true]},
+k={[t]:"booleanEquals",[u]:[{[v]:"UseDualStack"},true]},
 l={},
-m={[q]:"booleanEquals",[r]:[true,{[q]:"getAttr",[r]:[{[s]:d},"supportsFIPS"]}]},
-n={[q]:"booleanEquals",[r]:[true,{[q]:"getAttr",[r]:[{[s]:d},"supportsDualStack"]}]},
-o=[j],
-p=[k];
-const _data={version:"1.0",parameters:{Region:{required:a,type:c},UseDualStack:h,UseFIPS:h,Endpoint:{required:b,type:c}},rules:[{conditions:[{[q]:"aws.partition",[r]:[{[s]:"Region"}],assign:d}],type:e,rules:[{conditions:[{[q]:"isSet",[r]:[i]}],type:e,rules:[{conditions:o,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:f},{type:e,rules:[{conditions:p,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:f},{endpoint:{url:i,properties:l,headers:l},type:g}]}]},{conditions:[j,k],type:e,rules:[{conditions:[m,n],type:e,rules:[{endpoint:{url:"https://wafv2-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:l,headers:l},type:g}]},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:f}]},{conditions:o,type:e,rules:[{conditions:[m],type:e,rules:[{type:e,rules:[{endpoint:{url:"https://wafv2-fips.{Region}.{PartitionResult#dnsSuffix}",properties:l,headers:l},type:g}]}]},{error:"FIPS is enabled but this partition does not support FIPS",type:f}]},{conditions:p,type:e,rules:[{conditions:[n],type:e,rules:[{endpoint:{url:"https://wafv2.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:l,headers:l},type:g}]},{error:"DualStack is enabled but this partition does not support DualStack",type:f}]},{endpoint:{url:"https://wafv2.{Region}.{PartitionResult#dnsSuffix}",properties:l,headers:l},type:g}]}]};
+m={[v]:"Region"},
+n={[t]:"booleanEquals",[u]:[true,{[t]:"getAttr",[u]:[{[v]:e},"supportsFIPS"]}]},
+o={[t]:"booleanEquals",[u]:[true,{[t]:"getAttr",[u]:[{[v]:e},"supportsDualStack"]}]},
+p=[j],
+q=[k],
+r=[m];
+const _data={version:"1.0",parameters:{Region:g,UseDualStack:h,UseFIPS:h,Endpoint:g},rules:[{conditions:[{[t]:a,[u]:[i]}],type:b,rules:[{conditions:p,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:c},{type:b,rules:[{conditions:q,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:c},{endpoint:{url:i,properties:l,headers:l},type:d}]}]},{type:b,rules:[{conditions:[{[t]:a,[u]:r}],type:b,rules:[{conditions:[{[t]:"aws.partition",[u]:r,assign:e}],type:b,rules:[{conditions:[j,k],type:b,rules:[{conditions:[n,o],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://wafv2-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:l,headers:l},type:d}]}]},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:c}]},{conditions:p,type:b,rules:[{conditions:[n],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://wafv2-fips.{Region}.{PartitionResult#dnsSuffix}",properties:l,headers:l},type:d}]}]},{error:"FIPS is enabled but this partition does not support FIPS",type:c}]},{conditions:q,type:b,rules:[{conditions:[o],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://wafv2.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:l,headers:l},type:d}]}]},{error:"DualStack is enabled but this partition does not support DualStack",type:c}]},{type:b,rules:[{conditions:[{[t]:f,[u]:[m,"af-south-1"]}],endpoint:{url:"https://wafv2.af-south-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-east-1"]}],endpoint:{url:"https://wafv2.ap-east-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-northeast-1"]}],endpoint:{url:"https://wafv2.ap-northeast-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-northeast-2"]}],endpoint:{url:"https://wafv2.ap-northeast-2.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-northeast-3"]}],endpoint:{url:"https://wafv2.ap-northeast-3.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-south-1"]}],endpoint:{url:"https://wafv2.ap-south-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-southeast-1"]}],endpoint:{url:"https://wafv2.ap-southeast-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-southeast-2"]}],endpoint:{url:"https://wafv2.ap-southeast-2.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-southeast-3"]}],endpoint:{url:"https://wafv2.ap-southeast-3.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ca-central-1"]}],endpoint:{url:"https://wafv2.ca-central-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"eu-central-1"]}],endpoint:{url:"https://wafv2.eu-central-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"eu-north-1"]}],endpoint:{url:"https://wafv2.eu-north-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"eu-south-1"]}],endpoint:{url:"https://wafv2.eu-south-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"eu-west-1"]}],endpoint:{url:"https://wafv2.eu-west-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"eu-west-2"]}],endpoint:{url:"https://wafv2.eu-west-2.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"eu-west-3"]}],endpoint:{url:"https://wafv2.eu-west-3.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"me-south-1"]}],endpoint:{url:"https://wafv2.me-south-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"sa-east-1"]}],endpoint:{url:"https://wafv2.sa-east-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"us-east-1"]}],endpoint:{url:"https://wafv2.us-east-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"us-east-2"]}],endpoint:{url:"https://wafv2.us-east-2.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"us-west-1"]}],endpoint:{url:"https://wafv2.us-west-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"us-west-2"]}],endpoint:{url:"https://wafv2.us-west-2.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"cn-north-1"]}],endpoint:{url:"https://wafv2.cn-north-1.amazonaws.com.cn",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"cn-northwest-1"]}],endpoint:{url:"https://wafv2.cn-northwest-1.amazonaws.com.cn",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"us-gov-east-1"]}],endpoint:{url:"https://wafv2.us-gov-east-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"us-gov-west-1"]}],endpoint:{url:"https://wafv2.us-gov-west-1.amazonaws.com",properties:l,headers:l},type:d},{endpoint:{url:"https://wafv2.{Region}.{PartitionResult#dnsSuffix}",properties:l,headers:l},type:d}]}]}]},{error:"Invalid Configuration: Missing Region",type:c}]}]};
 export const ruleSet: RuleSetObject = _data;