diff --git a/clients/client-wafv2/src/commands/DeleteLoggingConfigurationCommand.ts b/clients/client-wafv2/src/commands/DeleteLoggingConfigurationCommand.ts index 5feb5377c049..bf3b0dfde2d6 100644 --- a/clients/client-wafv2/src/commands/DeleteLoggingConfigurationCommand.ts +++ b/clients/client-wafv2/src/commands/DeleteLoggingConfigurationCommand.ts @@ -36,6 +36,8 @@ export interface DeleteLoggingConfigurationCommandOutput extends DeleteLoggingCo * const client = new WAFV2Client(config); * const input = { // DeleteLoggingConfigurationRequest * ResourceArn: "STRING_VALUE", // required + * LogType: "WAF_LOGS", + * LogScope: "CUSTOMER" || "SECURITY_LAKE", * }; * const command = new DeleteLoggingConfigurationCommand(input); * const response = await client.send(command); diff --git a/clients/client-wafv2/src/commands/GetLoggingConfigurationCommand.ts b/clients/client-wafv2/src/commands/GetLoggingConfigurationCommand.ts index cee4625d16c9..443f9861ad79 100644 --- a/clients/client-wafv2/src/commands/GetLoggingConfigurationCommand.ts +++ b/clients/client-wafv2/src/commands/GetLoggingConfigurationCommand.ts @@ -36,6 +36,8 @@ export interface GetLoggingConfigurationCommandOutput extends GetLoggingConfigur * const client = new WAFV2Client(config); * const input = { // GetLoggingConfigurationRequest * ResourceArn: "STRING_VALUE", // required + * LogType: "WAF_LOGS", + * LogScope: "CUSTOMER" || "SECURITY_LAKE", * }; * const command = new GetLoggingConfigurationCommand(input); * const response = await client.send(command); @@ -125,6 +127,8 @@ export interface GetLoggingConfigurationCommandOutput extends GetLoggingConfigur * // ], * // DefaultBehavior: "KEEP" || "DROP", // required * // }, + * // LogType: "WAF_LOGS", + * // LogScope: "CUSTOMER" || "SECURITY_LAKE", * // }, * // }; * diff --git a/clients/client-wafv2/src/commands/ListLoggingConfigurationsCommand.ts b/clients/client-wafv2/src/commands/ListLoggingConfigurationsCommand.ts index 3ea3d2518d7c..c765f89561a5 100644 --- a/clients/client-wafv2/src/commands/ListLoggingConfigurationsCommand.ts +++ b/clients/client-wafv2/src/commands/ListLoggingConfigurationsCommand.ts @@ -38,6 +38,7 @@ export interface ListLoggingConfigurationsCommandOutput extends ListLoggingConfi * Scope: "CLOUDFRONT" || "REGIONAL", // required * NextMarker: "STRING_VALUE", * Limit: Number("int"), + * LogScope: "CUSTOMER" || "SECURITY_LAKE", * }; * const command = new ListLoggingConfigurationsCommand(input); * const response = await client.send(command); @@ -128,6 +129,8 @@ export interface ListLoggingConfigurationsCommandOutput extends ListLoggingConfi * // ], * // DefaultBehavior: "KEEP" || "DROP", // required * // }, + * // LogType: "WAF_LOGS", + * // LogScope: "CUSTOMER" || "SECURITY_LAKE", * // }, * // ], * // NextMarker: "STRING_VALUE", diff --git a/clients/client-wafv2/src/commands/PutLoggingConfigurationCommand.ts b/clients/client-wafv2/src/commands/PutLoggingConfigurationCommand.ts index 764d5453907a..938896b3c0cb 100644 --- a/clients/client-wafv2/src/commands/PutLoggingConfigurationCommand.ts +++ b/clients/client-wafv2/src/commands/PutLoggingConfigurationCommand.ts @@ -162,6 +162,8 @@ export interface PutLoggingConfigurationCommandOutput extends PutLoggingConfigur * ], * DefaultBehavior: "KEEP" || "DROP", // required * }, + * LogType: "WAF_LOGS", + * LogScope: "CUSTOMER" || "SECURITY_LAKE", * }, * }; * const command = new PutLoggingConfigurationCommand(input); @@ -252,6 +254,8 @@ export interface PutLoggingConfigurationCommandOutput extends PutLoggingConfigur * // ], * // DefaultBehavior: "KEEP" || "DROP", // required * // }, + * // LogType: "WAF_LOGS", + * // LogScope: "CUSTOMER" || "SECURITY_LAKE", * // }, * // }; * diff --git a/clients/client-wafv2/src/models/models_0.ts b/clients/client-wafv2/src/models/models_0.ts index b434deacabfe..a0de7bd7c9cf 100644 --- a/clients/client-wafv2/src/models/models_0.ts +++ b/clients/client-wafv2/src/models/models_0.ts @@ -449,7 +449,7 @@ export const FallbackBehavior = { export type FallbackBehavior = (typeof FallbackBehavior)[keyof typeof FallbackBehavior]; /** - *
Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each + *
Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each * request that has enough TLS Client Hello information for the calculation. Almost * all web requests include this information.
*In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, * but for field redaction, you are specifying the component type to redact from the logs.
* + *If you have request sampling enabled, the redacted fields configuration for logging has no impact on sampling. + * The only way to exclude fields from request sampling is by disabling sampling in the web ACL visibility configuration.
+ *Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each + *
Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each * request that has enough TLS Client Hello information for the calculation. Almost * all web requests include this information.
*
- * JA3Fingerprint
: Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. You can use this choice only with a string match ByteMatchStatement
with the PositionalConstraint
set to
+ * JA3Fingerprint
: Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. You can use this choice only with a string match ByteMatchStatement
with the PositionalConstraint
set to
* EXACTLY
.
You can obtain the JA3 fingerprint for client requests from the web ACL logs. * If WAF is able to calculate the fingerprint, it includes it in the logs. @@ -3493,6 +3497,10 @@ export interface VisibilityConfig { /** *
Indicates whether WAF should store a sampling of the web requests that * match the rules. You can view the sampled requests through the WAF console.
+ *Request sampling doesn't provide a field redaction option, and any field redaction that you specify in your logging configuration doesn't affect sampling. + * The only way to exclude fields from request sampling is by disabling sampling in the web ACL visibility configuration.
+ *Used to distinguish between various logging options. Currently, there is one option.
+ *Default: WAF_LOGS
+ *
The owner of the logging configuration, which must be set to CUSTOMER
for the configurations that you manage.
The log scope SECURITY_LAKE
indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see
+ * Collecting data from Amazon Web Services services
+ * in the Amazon Security Lake user guide.
Default: CUSTOMER
+ *
Used to distinguish between various logging options. Currently, there is one option.
+ *Default: WAF_LOGS
+ *
The owner of the logging configuration, which must be set to CUSTOMER
for the configurations that you manage.
The log scope SECURITY_LAKE
indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see
+ * Collecting data from Amazon Web Services services
+ * in the Amazon Security Lake user guide.
Default: CUSTOMER
+ *
You can specify only the following fields for redaction: UriPath
,
* QueryString
, SingleHeader
, and Method
.
This setting has no impact on request sampling. With request sampling, + * the only way to exclude fields is by disabling sampling in the web ACL visibility configuration.
+ *Used to distinguish between various logging options. Currently, there is one option.
+ *Default: WAF_LOGS
+ *
The owner of the logging configuration, which must be set to CUSTOMER
for the configurations that you manage.
The log scope SECURITY_LAKE
indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see
+ * Collecting data from Amazon Web Services services
+ * in the Amazon Security Lake user guide.
Default: CUSTOMER
+ *
The owner of the logging configuration, which must be set to CUSTOMER
for the configurations that you manage.
The log scope SECURITY_LAKE
indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see
+ * Collecting data from Amazon Web Services services
+ * in the Amazon Security Lake user guide.
Default: CUSTOMER
+ *
A string value that you want WAF to search for. WAF searches only in the part of\n web requests that you designate for inspection in FieldToMatch. The\n maximum length of the value is 200 bytes.
\nValid values depend on the component that you specify for inspection in\n FieldToMatch
:
\n Method
: The HTTP method that you want WAF to search for. This\n indicates the type of operation specified in the request.
\n UriPath
: The value that you want WAF to search for in the URI path,\n for example, /images/daily-ad.jpg
.
\n JA3Fingerprint
: Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. You can use this choice only with a string match ByteMatchStatement
with the PositionalConstraint
set to \n EXACTLY
.
You can obtain the JA3 fingerprint for client requests from the web ACL logs. \n\t\t\t\t\t\tIf WAF is able to calculate the fingerprint, it includes it in the logs. \n\t\t\t\t\t\tFor information about the logging fields, \nsee Log fields in the WAF Developer Guide.
\n\n HeaderOrder
: The list of header names to match for. WAF creates a \n string that contains the ordered list of header names, from the headers in the web request, and then matches against that string.
If SearchString
includes alphabetic characters A-Z and a-z, note that the\n value is case sensitive.
\n If you're using the WAF API\n
\nSpecify a base64-encoded version of the value. The maximum length of the value before\n you base64-encode it is 200 bytes.
\nFor example, suppose the value of Type
is HEADER
and the value\n of Data
is User-Agent
. If you want to search the\n User-Agent
header for the value BadBot
, you base64-encode\n BadBot
using MIME base64-encoding and include the resulting value,\n QmFkQm90
, in the value of SearchString
.
\n If you're using the CLI or one of the Amazon Web Services SDKs\n
\nThe value that you want WAF to search for. The SDK automatically base64 encodes the\n value.
", + "smithy.api#documentation": "A string value that you want WAF to search for. WAF searches only in the part of\n web requests that you designate for inspection in FieldToMatch. The\n maximum length of the value is 200 bytes.
\nValid values depend on the component that you specify for inspection in\n FieldToMatch
:
\n Method
: The HTTP method that you want WAF to search for. This\n indicates the type of operation specified in the request.
\n UriPath
: The value that you want WAF to search for in the URI path,\n for example, /images/daily-ad.jpg
.
\n JA3Fingerprint
: Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. You can use this choice only with a string match ByteMatchStatement
with the PositionalConstraint
set to \n EXACTLY
.
You can obtain the JA3 fingerprint for client requests from the web ACL logs. \n\t\t\t\t\t\tIf WAF is able to calculate the fingerprint, it includes it in the logs. \n\t\t\t\t\t\tFor information about the logging fields, \nsee Log fields in the WAF Developer Guide.
\n\n HeaderOrder
: The list of header names to match for. WAF creates a \n string that contains the ordered list of header names, from the headers in the web request, and then matches against that string.
If SearchString
includes alphabetic characters A-Z and a-z, note that the\n value is case sensitive.
\n If you're using the WAF API\n
\nSpecify a base64-encoded version of the value. The maximum length of the value before\n you base64-encode it is 200 bytes.
\nFor example, suppose the value of Type
is HEADER
and the value\n of Data
is User-Agent
. If you want to search the\n User-Agent
header for the value BadBot
, you base64-encode\n BadBot
using MIME base64-encoding and include the resulting value,\n QmFkQm90
, in the value of SearchString
.
\n If you're using the CLI or one of the Amazon Web Services SDKs\n
\nThe value that you want WAF to search for. The SDK automatically base64 encodes the\n value.
", "smithy.api#required": {} } }, @@ -4739,6 +4739,18 @@ "smithy.api#documentation": "The Amazon Resource Name (ARN) of the web ACL from which you want to delete the LoggingConfiguration.
", "smithy.api#required": {} } + }, + "LogType": { + "target": "com.amazonaws.wafv2#LogType", + "traits": { + "smithy.api#documentation": "Used to distinguish between various logging options. Currently, there is one option.
\nDefault: WAF_LOGS
\n
The owner of the logging configuration, which must be set to CUSTOMER
for the configurations that you manage.
The log scope SECURITY_LAKE
indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see \n Collecting data from Amazon Web Services services\n in the Amazon Security Lake user guide.
Default: CUSTOMER
\n
Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each\n\t\t\t\t\t\trequest that has enough TLS Client Hello information for the calculation. Almost \n all web requests include this information.
\nYou can use this choice only with a string match ByteMatchStatement
with the PositionalConstraint
set to \n EXACTLY
.
You can obtain the JA3 fingerprint for client requests from the web ACL logs. \n\t\t\t\t\t\tIf WAF is able to calculate the fingerprint, it includes it in the logs. \n\t\t\t\t\t\tFor information about the logging fields, \nsee Log fields in the WAF Developer Guide.
\nProvide the JA3 fingerprint string from the logs in your string match statement\n\t\t\t\t\t\t\tspecification, to match with any future requests that have the same TLS configuration.
" + "smithy.api#documentation": "Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each\n\t\t\t\t\t\trequest that has enough TLS Client Hello information for the calculation. Almost \n all web requests include this information.
\nYou can use this choice only with a string match ByteMatchStatement
with the PositionalConstraint
set to \n EXACTLY
.
You can obtain the JA3 fingerprint for client requests from the web ACL logs. \n\t\t\t\t\t\tIf WAF is able to calculate the fingerprint, it includes it in the logs. \n\t\t\t\t\t\tFor information about the logging fields, \nsee Log fields in the WAF Developer Guide.
\nProvide the JA3 fingerprint string from the logs in your string match statement\n\t\t\t\t\t\t\tspecification, to match with any future requests that have the same TLS configuration.
" } } }, "traits": { - "smithy.api#documentation": "Specifies a web request component to be used in a rule match statement or in a logging configuration.
\nIn a rule statement, this is the part of the web request that you want WAF to inspect. Include the single\n FieldToMatch
type that you want to inspect, with additional specifications\n as needed, according to the type. You specify a single request component in\n FieldToMatch
for each rule statement that requires it. To inspect more than\n one component of the web request, create a separate rule statement for each\n component.
Example JSON for a QueryString
field to match:
\n \"FieldToMatch\": { \"QueryString\": {} }
\n
Example JSON for a Method
field to match specification:
\n \"FieldToMatch\": { \"Method\": { \"Name\": \"DELETE\" } }
\n
In a logging configuration, this is used in the RedactedFields
property to specify a field to \n redact from the logging records. For this use case, note the following:
Even though all FieldToMatch
settings \n are available, the only valid settings for field redaction are UriPath
, QueryString
, SingleHeader
, and Method
.
In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, \n but for field redaction, you are specifying the component type to redact from the logs.
\nSpecifies a web request component to be used in a rule match statement or in a logging configuration.
\nIn a rule statement, this is the part of the web request that you want WAF to inspect. Include the single\n FieldToMatch
type that you want to inspect, with additional specifications\n as needed, according to the type. You specify a single request component in\n FieldToMatch
for each rule statement that requires it. To inspect more than\n one component of the web request, create a separate rule statement for each\n component.
Example JSON for a QueryString
field to match:
\n \"FieldToMatch\": { \"QueryString\": {} }
\n
Example JSON for a Method
field to match specification:
\n \"FieldToMatch\": { \"Method\": { \"Name\": \"DELETE\" } }
\n
In a logging configuration, this is used in the RedactedFields
property to specify a field to \n redact from the logging records. For this use case, note the following:
Even though all FieldToMatch
settings \n are available, the only valid settings for field redaction are UriPath
, QueryString
, SingleHeader
, and Method
.
In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, \n but for field redaction, you are specifying the component type to redact from the logs.
\nIf you have request sampling enabled, the redacted fields configuration for logging has no impact on sampling. \n The only way to exclude fields from request sampling is by disabling sampling in the web ACL visibility configuration.
\nThe Amazon Resource Name (ARN) of the web ACL for which you want to get the LoggingConfiguration.
", "smithy.api#required": {} } + }, + "LogType": { + "target": "com.amazonaws.wafv2#LogType", + "traits": { + "smithy.api#documentation": "Used to distinguish between various logging options. Currently, there is one option.
\nDefault: WAF_LOGS
\n
The owner of the logging configuration, which must be set to CUSTOMER
for the configurations that you manage.
The log scope SECURITY_LAKE
indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see \n Collecting data from Amazon Web Services services\n in the Amazon Security Lake user guide.
Default: CUSTOMER
\n
Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each\n\t\t\t\t\t\trequest that has enough TLS Client Hello information for the calculation. Almost \n all web requests include this information.
\nYou can use this choice only with a string match ByteMatchStatement
with the PositionalConstraint
set to \n EXACTLY
.
You can obtain the JA3 fingerprint for client requests from the web ACL logs. \n\t\t\t\t\t\tIf WAF is able to calculate the fingerprint, it includes it in the logs. \n\t\t\t\t\t\tFor information about the logging fields, \nsee Log fields in the WAF Developer Guide.
\nProvide the JA3 fingerprint string from the logs in your string match statement\n\t\t\t\t\t\t\tspecification, to match with any future requests that have the same TLS configuration.
" + "smithy.api#documentation": "Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each\n\t\t\t\t\t\trequest that has enough TLS Client Hello information for the calculation. Almost \n all web requests include this information.
\nYou can use this choice only with a string match ByteMatchStatement
with the PositionalConstraint
set to \n EXACTLY
.
You can obtain the JA3 fingerprint for client requests from the web ACL logs. \n\t\t\t\t\t\tIf WAF is able to calculate the fingerprint, it includes it in the logs. \n\t\t\t\t\t\tFor information about the logging fields, \nsee Log fields in the WAF Developer Guide.
\nProvide the JA3 fingerprint string from the logs in your string match statement\n\t\t\t\t\t\t\tspecification, to match with any future requests that have the same TLS configuration.
" } }, "com.amazonaws.wafv2#JsonBody": { @@ -7688,6 +7712,12 @@ "traits": { "smithy.api#documentation": "The maximum number of objects that you want WAF to return for this request. If more \n objects are available, in the response, WAF provides a \n NextMarker
value that you can use in a subsequent call to get the next batch of objects.
The owner of the logging configuration, which must be set to CUSTOMER
for the configurations that you manage.
The log scope SECURITY_LAKE
indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see \n Collecting data from Amazon Web Services services\n in the Amazon Security Lake user guide.
Default: CUSTOMER
\n
The parts of the request that you want to keep out of the logs.
\nFor example, if you\n redact the SingleHeader
field, the HEADER
field in the logs will\n be REDACTED
for all rules that use the SingleHeader
\n FieldToMatch
setting.
Redaction applies only to the component that's specified in the rule's FieldToMatch
setting, so the SingleHeader
redaction \n doesn't apply to rules that use the Headers
\n FieldToMatch
.
You can specify only the following fields for redaction: UriPath
,\n QueryString
, SingleHeader
, and Method
.
The parts of the request that you want to keep out of the logs.
\nFor example, if you\n redact the SingleHeader
field, the HEADER
field in the logs will\n be REDACTED
for all rules that use the SingleHeader
\n FieldToMatch
setting.
Redaction applies only to the component that's specified in the rule's FieldToMatch
setting, so the SingleHeader
redaction \n doesn't apply to rules that use the Headers
\n FieldToMatch
.
You can specify only the following fields for redaction: UriPath
,\n QueryString
, SingleHeader
, and Method
.
This setting has no impact on request sampling. With request sampling, \n the only way to exclude fields is by disabling sampling in the web ACL visibility configuration.
\nFiltering that specifies which web requests are kept in the logs and which are dropped.\n You can filter on the rule action and on the web request labels that were applied by\n matching rules during web ACL evaluation.
" } + }, + "LogType": { + "target": "com.amazonaws.wafv2#LogType", + "traits": { + "smithy.api#documentation": "Used to distinguish between various logging options. Currently, there is one option.
\nDefault: WAF_LOGS
\n
The owner of the logging configuration, which must be set to CUSTOMER
for the configurations that you manage.
The log scope SECURITY_LAKE
indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see \n Collecting data from Amazon Web Services services\n in the Amazon Security Lake user guide.
Default: CUSTOMER
\n
Indicates whether WAF should store a sampling of the web requests that\n match the rules. You can view the sampled requests through the WAF console.
", + "smithy.api#documentation": "Indicates whether WAF should store a sampling of the web requests that\n match the rules. You can view the sampled requests through the WAF console.
\nRequest sampling doesn't provide a field redaction option, and any field redaction that you specify in your logging configuration doesn't affect sampling. \n The only way to exclude fields from request sampling is by disabling sampling in the web ACL visibility configuration.
\n