@pulumi/aws-native

Version:

The Pulumi AWS Cloud Control Provider enables you to build, deploy, and manage [any AWS resource that's supported by the AWS Cloud Control API](https://github.com/pulumi/pulumi-aws-native/blob/master/provider/cmd/pulumi-gen-aws-native/supported-types.txt)

pulumi.com

pulumi/pulumi-aws-native

655 lines (654 loc) • 34.1 kB

TypeScript

export declare const IpSetIpAddressVersion: { readonly Ipv4: "IPV4"; readonly Ipv6: "IPV6"; }; /** * Type of addresses in the IPSet, use IPV4 for IPV4 IP addresses, IPV6 for IPV6 address. */ export type IpSetIpAddressVersion = (typeof IpSetIpAddressVersion)[keyof typeof IpSetIpAddressVersion]; export declare const IpSetScope: { readonly Cloudfront: "CLOUDFRONT"; readonly Regional: "REGIONAL"; }; /** * Use CLOUDFRONT for CloudFront IPSet, use REGIONAL for Application Load Balancer and API Gateway. */ export type IpSetScope = (typeof IpSetScope)[keyof typeof IpSetScope]; export declare const LoggingConfigurationConditionActionConditionPropertiesAction: { readonly Allow: "ALLOW"; readonly Block: "BLOCK"; readonly Count: "COUNT"; readonly Captcha: "CAPTCHA"; readonly Challenge: "CHALLENGE"; readonly ExcludedAsCount: "EXCLUDED_AS_COUNT"; }; /** * Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition. */ export type LoggingConfigurationConditionActionConditionPropertiesAction = (typeof LoggingConfigurationConditionActionConditionPropertiesAction)[keyof typeof LoggingConfigurationConditionActionConditionPropertiesAction]; export declare const LoggingConfigurationFilterBehavior: { readonly Keep: "KEEP"; readonly Drop: "DROP"; }; /** * How to handle logs that satisfy the filter's conditions and requirement. */ export type LoggingConfigurationFilterBehavior = (typeof LoggingConfigurationFilterBehavior)[keyof typeof LoggingConfigurationFilterBehavior]; export declare const LoggingConfigurationFilterRequirement: { readonly MeetsAll: "MEETS_ALL"; readonly MeetsAny: "MEETS_ANY"; }; /** * Logic to apply to the filtering conditions. You can specify that, in order to satisfy the filter, a log must match all conditions or must match at least one condition. */ export type LoggingConfigurationFilterRequirement = (typeof LoggingConfigurationFilterRequirement)[keyof typeof LoggingConfigurationFilterRequirement]; export declare const LoggingConfigurationLoggingFilterPropertiesDefaultBehavior: { readonly Keep: "KEEP"; readonly Drop: "DROP"; }; /** * Default handling for logs that don't match any of the specified filtering conditions. */ export type LoggingConfigurationLoggingFilterPropertiesDefaultBehavior = (typeof LoggingConfigurationLoggingFilterPropertiesDefaultBehavior)[keyof typeof LoggingConfigurationLoggingFilterPropertiesDefaultBehavior]; export declare const RegexPatternSetScope: { readonly Cloudfront: "CLOUDFRONT"; readonly Regional: "REGIONAL"; }; /** * Use CLOUDFRONT for CloudFront RegexPatternSet, use REGIONAL for Application Load Balancer and API Gateway. */ export type RegexPatternSetScope = (typeof RegexPatternSetScope)[keyof typeof RegexPatternSetScope]; export declare const RuleGroupBodyParsingFallbackBehavior: { readonly Match: "MATCH"; readonly NoMatch: "NO_MATCH"; readonly EvaluateAsString: "EVALUATE_AS_STRING"; }; /** * The inspection behavior to fall back to if the JSON in the request body is invalid. */ export type RuleGroupBodyParsingFallbackBehavior = (typeof RuleGroupBodyParsingFallbackBehavior)[keyof typeof RuleGroupBodyParsingFallbackBehavior]; export declare const RuleGroupForwardedIpConfigurationFallbackBehavior: { readonly Match: "MATCH"; readonly NoMatch: "NO_MATCH"; }; /** * The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. * * > If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at all. * * You can specify the following fallback behaviors: * * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. * - `NO_MATCH` - Treat the web request as not matching the rule statement. */ export type RuleGroupForwardedIpConfigurationFallbackBehavior = (typeof RuleGroupForwardedIpConfigurationFallbackBehavior)[keyof typeof RuleGroupForwardedIpConfigurationFallbackBehavior]; export declare const RuleGroupIpSetForwardedIpConfigurationFallbackBehavior: { readonly Match: "MATCH"; readonly NoMatch: "NO_MATCH"; }; /** * The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. * * > If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at all. * * You can specify the following fallback behaviors: * * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. * - `NO_MATCH` - Treat the web request as not matching the rule statement. */ export type RuleGroupIpSetForwardedIpConfigurationFallbackBehavior = (typeof RuleGroupIpSetForwardedIpConfigurationFallbackBehavior)[keyof typeof RuleGroupIpSetForwardedIpConfigurationFallbackBehavior]; export declare const RuleGroupIpSetForwardedIpConfigurationPosition: { readonly First: "FIRST"; readonly Last: "LAST"; readonly Any: "ANY"; }; /** * The position in the header to search for the IP address. The header can contain IP addresses of the original client and also of proxies. For example, the header value could be `10.1.1.1, 127.0.0.0, 10.10.10.10` where the first IP address identifies the original client and the rest identify proxies that the request went through. * * The options for this setting are the following: * * - FIRST - Inspect the first IP address in the list of IP addresses in the header. This is usually the client's original IP. * - LAST - Inspect the last IP address in the list of IP addresses in the header. * - ANY - Inspect all IP addresses in the header for a match. If the header contains more than 10 IP addresses, AWS WAF inspects the last 10. */ export type RuleGroupIpSetForwardedIpConfigurationPosition = (typeof RuleGroupIpSetForwardedIpConfigurationPosition)[keyof typeof RuleGroupIpSetForwardedIpConfigurationPosition]; export declare const RuleGroupJa3FingerprintFallbackBehavior: { readonly Match: "MATCH"; readonly NoMatch: "NO_MATCH"; }; /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. * * You can specify the following fallback behaviors: * * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. * - `NO_MATCH` - Treat the web request as not matching the rule statement. */ export type RuleGroupJa3FingerprintFallbackBehavior = (typeof RuleGroupJa3FingerprintFallbackBehavior)[keyof typeof RuleGroupJa3FingerprintFallbackBehavior]; export declare const RuleGroupJa4FingerprintFallbackBehavior: { readonly Match: "MATCH"; readonly NoMatch: "NO_MATCH"; }; /** * The match status to assign to the web request if the request doesn't have a JA4 fingerprint. * * You can specify the following fallback behaviors: * * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. * - `NO_MATCH` - Treat the web request as not matching the rule statement. */ export type RuleGroupJa4FingerprintFallbackBehavior = (typeof RuleGroupJa4FingerprintFallbackBehavior)[keyof typeof RuleGroupJa4FingerprintFallbackBehavior]; export declare const RuleGroupJsonMatchScope: { readonly All: "ALL"; readonly Key: "KEY"; readonly Value: "VALUE"; }; /** * The parts of the JSON to match against using the MatchPattern. */ export type RuleGroupJsonMatchScope = (typeof RuleGroupJsonMatchScope)[keyof typeof RuleGroupJsonMatchScope]; export declare const RuleGroupLabelMatchScope: { readonly Label: "LABEL"; readonly Namespace: "NAMESPACE"; }; export type RuleGroupLabelMatchScope = (typeof RuleGroupLabelMatchScope)[keyof typeof RuleGroupLabelMatchScope]; export declare const RuleGroupMapMatchScope: { readonly All: "ALL"; readonly Key: "KEY"; readonly Value: "VALUE"; }; /** * The parts of the request to match against using the MatchPattern. */ export type RuleGroupMapMatchScope = (typeof RuleGroupMapMatchScope)[keyof typeof RuleGroupMapMatchScope]; export declare const RuleGroupOversizeHandling: { readonly Continue: "CONTINUE"; readonly Match: "MATCH"; readonly NoMatch: "NO_MATCH"; }; /** * Handling of requests containing oversize fields */ export type RuleGroupOversizeHandling = (typeof RuleGroupOversizeHandling)[keyof typeof RuleGroupOversizeHandling]; export declare const RuleGroupPositionalConstraint: { readonly Exactly: "EXACTLY"; readonly StartsWith: "STARTS_WITH"; readonly EndsWith: "ENDS_WITH"; readonly Contains: "CONTAINS"; readonly ContainsWord: "CONTAINS_WORD"; }; /** * Position of the evaluation in the FieldToMatch of request. */ export type RuleGroupPositionalConstraint = (typeof RuleGroupPositionalConstraint)[keyof typeof RuleGroupPositionalConstraint]; export declare const RuleGroupRateBasedStatementAggregateKeyType: { readonly Ip: "IP"; readonly ForwardedIp: "FORWARDED_IP"; readonly Constant: "CONSTANT"; readonly CustomKeys: "CUSTOM_KEYS"; }; /** * Setting that indicates how to aggregate the request counts. * * > Web requests that are missing any of the components specified in the aggregation keys are omitted from the rate-based rule evaluation and handling. * * - `CONSTANT` - Count and limit the requests that match the rate-based rule's scope-down statement. With this option, the counted requests aren't further aggregated. The scope-down statement is the only specification used. When the count of all requests that satisfy the scope-down statement goes over the limit, AWS WAF applies the rule action to all requests that satisfy the scope-down statement. * * With this option, you must configure the `ScopeDownStatement` property. * - `CUSTOM_KEYS` - Aggregate the request counts using one or more web request components as the aggregate keys. * * With this option, you must specify the aggregate keys in the `CustomKeys` property. * * To aggregate on only the IP address or only the forwarded IP address, don't use custom keys. Instead, set the aggregate key type to `IP` or `FORWARDED_IP` . * - `FORWARDED_IP` - Aggregate the request counts on the first IP address in an HTTP header. * * With this option, you must specify the header to use in the `ForwardedIPConfig` property. * * To aggregate on a combination of the forwarded IP address with other aggregate keys, use `CUSTOM_KEYS` . * - `IP` - Aggregate the request counts on the IP address from the web request origin. * * To aggregate on a combination of the IP address with other aggregate keys, use `CUSTOM_KEYS` . */ export type RuleGroupRateBasedStatementAggregateKeyType = (typeof RuleGroupRateBasedStatementAggregateKeyType)[keyof typeof RuleGroupRateBasedStatementAggregateKeyType]; export declare const RuleGroupRateLimitJa3FingerprintFallbackBehavior: { readonly Match: "MATCH"; readonly NoMatch: "NO_MATCH"; }; /** * The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. * * You can specify the following fallback behaviors: * * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. * - `NO_MATCH` - Treat the web request as not matching the rule statement. */ export type RuleGroupRateLimitJa3FingerprintFallbackBehavior = (typeof RuleGroupRateLimitJa3FingerprintFallbackBehavior)[keyof typeof RuleGroupRateLimitJa3FingerprintFallbackBehavior]; export declare const RuleGroupRateLimitJa4FingerprintFallbackBehavior: { readonly Match: "MATCH"; readonly NoMatch: "NO_MATCH"; }; /** * The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. * * You can specify the following fallback behaviors: * * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. * - `NO_MATCH` - Treat the web request as not matching the rule statement. */ export type RuleGroupRateLimitJa4FingerprintFallbackBehavior = (typeof RuleGroupRateLimitJa4FingerprintFallbackBehavior)[keyof typeof RuleGroupRateLimitJa4FingerprintFallbackBehavior]; export declare const RuleGroupResponseContentType: { readonly TextPlain: "TEXT_PLAIN"; readonly TextHtml: "TEXT_HTML"; readonly ApplicationJson: "APPLICATION_JSON"; }; /** * Valid values are TEXT_PLAIN, TEXT_HTML, and APPLICATION_JSON. */ export type RuleGroupResponseContentType = (typeof RuleGroupResponseContentType)[keyof typeof RuleGroupResponseContentType]; export declare const RuleGroupScope: { readonly Cloudfront: "CLOUDFRONT"; readonly Regional: "REGIONAL"; }; /** * Use CLOUDFRONT for CloudFront RuleGroup, use REGIONAL for Application Load Balancer and API Gateway. */ export type RuleGroupScope = (typeof RuleGroupScope)[keyof typeof RuleGroupScope]; export declare const RuleGroupSensitivityLevel: { readonly Low: "LOW"; readonly High: "HIGH"; }; /** * Sensitivity Level current only used for sqli match statements. */ export type RuleGroupSensitivityLevel = (typeof RuleGroupSensitivityLevel)[keyof typeof RuleGroupSensitivityLevel]; export declare const RuleGroupSizeConstraintStatementComparisonOperator: { readonly Eq: "EQ"; readonly Ne: "NE"; readonly Le: "LE"; readonly Lt: "LT"; readonly Ge: "GE"; readonly Gt: "GT"; }; /** * The operator to use to compare the request part to the size setting. */ export type RuleGroupSizeConstraintStatementComparisonOperator = (typeof RuleGroupSizeConstraintStatementComparisonOperator)[keyof typeof RuleGroupSizeConstraintStatementComparisonOperator]; export declare const RuleGroupTextTransformationType: { readonly None: "NONE"; readonly CompressWhiteSpace: "COMPRESS_WHITE_SPACE"; readonly HtmlEntityDecode: "HTML_ENTITY_DECODE"; readonly Lowercase: "LOWERCASE"; readonly CmdLine: "CMD_LINE"; readonly UrlDecode: "URL_DECODE"; readonly Base64Decode: "BASE64_DECODE"; readonly HexDecode: "HEX_DECODE"; readonly Md5: "MD5"; readonly ReplaceComments: "REPLACE_COMMENTS"; readonly EscapeSeqDecode: "ESCAPE_SEQ_DECODE"; readonly SqlHexDecode: "SQL_HEX_DECODE"; readonly CssDecode: "CSS_DECODE"; readonly JsDecode: "JS_DECODE"; readonly NormalizePath: "NORMALIZE_PATH"; readonly NormalizePathWin: "NORMALIZE_PATH_WIN"; readonly RemoveNulls: "REMOVE_NULLS"; readonly ReplaceNulls: "REPLACE_NULLS"; readonly Base64DecodeExt: "BASE64_DECODE_EXT"; readonly UrlDecodeUni: "URL_DECODE_UNI"; readonly Utf8ToUnicode: "UTF8_TO_UNICODE"; }; /** * Type of text transformation. */ export type RuleGroupTextTransformationType = (typeof RuleGroupTextTransformationType)[keyof typeof RuleGroupTextTransformationType]; export declare const RuleGroupUriFragmentFallbackBehavior: { readonly Match: "MATCH"; readonly NoMatch: "NO_MATCH"; }; /** * What AWS WAF should do if it fails to completely parse the JSON body. The options are the following: * * - `EVALUATE_AS_STRING` - Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string. * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. * - `NO_MATCH` - Treat the web request as not matching the rule statement. * * If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters. * * Example JSON: `{ "UriFragment": { "FallbackBehavior": "MATCH"} }` * * > AWS WAF parsing doesn't fully validate the input JSON string, so parsing can succeed even for invalid JSON. When parsing succeeds, AWS WAF doesn't apply the fallback behavior. For more information, see [JSON body](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body) in the *AWS WAF Developer Guide* . */ export type RuleGroupUriFragmentFallbackBehavior = (typeof RuleGroupUriFragmentFallbackBehavior)[keyof typeof RuleGroupUriFragmentFallbackBehavior]; export declare const WebAclAwsManagedRulesBotControlRuleSetInspectionLevel: { readonly Common: "COMMON"; readonly Targeted: "TARGETED"; }; /** * The inspection level to use for the Bot Control rule group. The common level is the least expensive. The targeted level includes all common level rules and adds rules with more advanced inspection criteria. For details, see [AWS WAF Bot Control rule group](https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html) in the *AWS WAF Developer Guide* . */ export type WebAclAwsManagedRulesBotControlRuleSetInspectionLevel = (typeof WebAclAwsManagedRulesBotControlRuleSetInspectionLevel)[keyof typeof WebAclAwsManagedRulesBotControlRuleSetInspectionLevel]; export declare const WebAclBodyParsingFallbackBehavior: { readonly Match: "MATCH"; readonly NoMatch: "NO_MATCH"; readonly EvaluateAsString: "EVALUATE_AS_STRING"; }; /** * The inspection behavior to fall back to if the JSON in the request body is invalid. */ export type WebAclBodyParsingFallbackBehavior = (typeof WebAclBodyParsingFallbackBehavior)[keyof typeof WebAclBodyParsingFallbackBehavior]; export declare const WebAclDataProtectionAction: { readonly Substitution: "SUBSTITUTION"; readonly Hash: "HASH"; }; export type WebAclDataProtectionAction = (typeof WebAclDataProtectionAction)[keyof typeof WebAclDataProtectionAction]; export declare const WebAclFieldToProtectFieldType: { readonly SingleHeader: "SINGLE_HEADER"; readonly SingleCookie: "SINGLE_COOKIE"; readonly SingleQueryArgument: "SINGLE_QUERY_ARGUMENT"; readonly QueryString: "QUERY_STRING"; readonly Body: "BODY"; }; /** * Field type to protect */ export type WebAclFieldToProtectFieldType = (typeof WebAclFieldToProtectFieldType)[keyof typeof WebAclFieldToProtectFieldType]; export declare const WebAclForwardedIpConfigurationFallbackBehavior: { readonly Match: "MATCH"; readonly NoMatch: "NO_MATCH"; }; /** * The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. * * > If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at all. * * You can specify the following fallback behaviors: * * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. * - `NO_MATCH` - Treat the web request as not matching the rule statement. */ export type WebAclForwardedIpConfigurationFallbackBehavior = (typeof WebAclForwardedIpConfigurationFallbackBehavior)[keyof typeof WebAclForwardedIpConfigurationFallbackBehavior]; export declare const WebAclIpSetForwardedIpConfigurationFallbackBehavior: { readonly Match: "MATCH"; readonly NoMatch: "NO_MATCH"; }; /** * The match status to assign to the web request if the request doesn't have a valid IP address in the specified position. * * > If the specified header isn't present in the request, AWS WAF doesn't apply the rule to the web request at all. * * You can specify the following fallback behaviors: * * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. * - `NO_MATCH` - Treat the web request as not matching the rule statement. */ export type WebAclIpSetForwardedIpConfigurationFallbackBehavior = (typeof WebAclIpSetForwardedIpConfigurationFallbackBehavior)[keyof typeof WebAclIpSetForwardedIpConfigurationFallbackBehavior]; export declare const WebAclIpSetForwardedIpConfigurationPosition: { readonly First: "FIRST"; readonly Last: "LAST"; readonly Any: "ANY"; }; /** * The position in the header to search for the IP address. The header can contain IP addresses of the original client and also of proxies. For example, the header value could be `10.1.1.1, 127.0.0.0, 10.10.10.10` where the first IP address identifies the original client and the rest identify proxies that the request went through. * * The options for this setting are the following: * * - FIRST - Inspect the first IP address in the list of IP addresses in the header. This is usually the client's original IP. * - LAST - Inspect the last IP address in the list of IP addresses in the header. * - ANY - Inspect all IP addresses in the header for a match. If the header contains more than 10 IP addresses, AWS WAF inspects the last 10. */ export type WebAclIpSetForwardedIpConfigurationPosition = (typeof WebAclIpSetForwardedIpConfigurationPosition)[keyof typeof WebAclIpSetForwardedIpConfigurationPosition]; export declare const WebAclJa3FingerprintFallbackBehavior: { readonly Match: "MATCH"; readonly NoMatch: "NO_MATCH"; }; /** * The match status to assign to the web request if the request doesn't have a JA3 fingerprint. * * You can specify the following fallback behaviors: * * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. * - `NO_MATCH` - Treat the web request as not matching the rule statement. */ export type WebAclJa3FingerprintFallbackBehavior = (typeof WebAclJa3FingerprintFallbackBehavior)[keyof typeof WebAclJa3FingerprintFallbackBehavior]; export declare const WebAclJa4FingerprintFallbackBehavior: { readonly Match: "MATCH"; readonly NoMatch: "NO_MATCH"; }; /** * The match status to assign to the web request if the request doesn't have a JA4 fingerprint. * * You can specify the following fallback behaviors: * * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. * - `NO_MATCH` - Treat the web request as not matching the rule statement. */ export type WebAclJa4FingerprintFallbackBehavior = (typeof WebAclJa4FingerprintFallbackBehavior)[keyof typeof WebAclJa4FingerprintFallbackBehavior]; export declare const WebAclJsonMatchScope: { readonly All: "ALL"; readonly Key: "KEY"; readonly Value: "VALUE"; }; /** * The parts of the JSON to match against using the MatchPattern. */ export type WebAclJsonMatchScope = (typeof WebAclJsonMatchScope)[keyof typeof WebAclJsonMatchScope]; export declare const WebAclLabelMatchScope: { readonly Label: "LABEL"; readonly Namespace: "NAMESPACE"; }; export type WebAclLabelMatchScope = (typeof WebAclLabelMatchScope)[keyof typeof WebAclLabelMatchScope]; export declare const WebAclManagedRuleGroupConfigPayloadType: { readonly Json: "JSON"; readonly FormEncoded: "FORM_ENCODED"; }; /** * > Instead of this setting, provide your configuration under the request inspection configuration for `AWSManagedRulesATPRuleSet` or `AWSManagedRulesACFPRuleSet` . */ export type WebAclManagedRuleGroupConfigPayloadType = (typeof WebAclManagedRuleGroupConfigPayloadType)[keyof typeof WebAclManagedRuleGroupConfigPayloadType]; export declare const WebAclMapMatchScope: { readonly All: "ALL"; readonly Key: "KEY"; readonly Value: "VALUE"; }; /** * The parts of the request to match against using the MatchPattern. */ export type WebAclMapMatchScope = (typeof WebAclMapMatchScope)[keyof typeof WebAclMapMatchScope]; export declare const WebAclOnSourceDDoSProtectionConfigAlbLowReputationMode: { readonly ActiveUnderDdos: "ACTIVE_UNDER_DDOS"; readonly AlwaysOn: "ALWAYS_ON"; }; /** * The level of DDoS protection that applies to web ACLs associated with Application Load Balancers. `ACTIVE_UNDER_DDOS` protection is enabled by default whenever a web ACL is associated with an Application Load Balancer. In the event that an Application Load Balancer experiences high-load conditions or suspected DDoS attacks, the `ACTIVE_UNDER_DDOS` protection automatically rate limits traffic from known low reputation sources without disrupting Application Load Balancer availability. `ALWAYS_ON` protection provides constant, always-on monitoring of known low reputation sources for suspected DDoS attacks. While this provides a higher level of protection, there may be potential impacts on legitimate traffic. */ export type WebAclOnSourceDDoSProtectionConfigAlbLowReputationMode = (typeof WebAclOnSourceDDoSProtectionConfigAlbLowReputationMode)[keyof typeof WebAclOnSourceDDoSProtectionConfigAlbLowReputationMode]; export declare const WebAclOversizeHandling: { readonly Continue: "CONTINUE"; readonly Match: "MATCH"; readonly NoMatch: "NO_MATCH"; }; /** * Handling of requests containing oversize fields */ export type WebAclOversizeHandling = (typeof WebAclOversizeHandling)[keyof typeof WebAclOversizeHandling]; export declare const WebAclPositionalConstraint: { readonly Exactly: "EXACTLY"; readonly StartsWith: "STARTS_WITH"; readonly EndsWith: "ENDS_WITH"; readonly Contains: "CONTAINS"; readonly ContainsWord: "CONTAINS_WORD"; }; /** * Position of the evaluation in the FieldToMatch of request. */ export type WebAclPositionalConstraint = (typeof WebAclPositionalConstraint)[keyof typeof WebAclPositionalConstraint]; export declare const WebAclRateBasedStatementAggregateKeyType: { readonly Constant: "CONSTANT"; readonly Ip: "IP"; readonly ForwardedIp: "FORWARDED_IP"; readonly CustomKeys: "CUSTOM_KEYS"; }; /** * Setting that indicates how to aggregate the request counts. * * > Web requests that are missing any of the components specified in the aggregation keys are omitted from the rate-based rule evaluation and handling. * * - `CONSTANT` - Count and limit the requests that match the rate-based rule's scope-down statement. With this option, the counted requests aren't further aggregated. The scope-down statement is the only specification used. When the count of all requests that satisfy the scope-down statement goes over the limit, AWS WAF applies the rule action to all requests that satisfy the scope-down statement. * * With this option, you must configure the `ScopeDownStatement` property. * - `CUSTOM_KEYS` - Aggregate the request counts using one or more web request components as the aggregate keys. * * With this option, you must specify the aggregate keys in the `CustomKeys` property. * * To aggregate on only the IP address or only the forwarded IP address, don't use custom keys. Instead, set the aggregate key type to `IP` or `FORWARDED_IP` . * - `FORWARDED_IP` - Aggregate the request counts on the first IP address in an HTTP header. * * With this option, you must specify the header to use in the `ForwardedIPConfig` property. * * To aggregate on a combination of the forwarded IP address with other aggregate keys, use `CUSTOM_KEYS` . * - `IP` - Aggregate the request counts on the IP address from the web request origin. * * To aggregate on a combination of the IP address with other aggregate keys, use `CUSTOM_KEYS` . */ export type WebAclRateBasedStatementAggregateKeyType = (typeof WebAclRateBasedStatementAggregateKeyType)[keyof typeof WebAclRateBasedStatementAggregateKeyType]; export declare const WebAclRateLimitJa3FingerprintFallbackBehavior: { readonly Match: "MATCH"; readonly NoMatch: "NO_MATCH"; }; /** * The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA3 fingerprint. * * You can specify the following fallback behaviors: * * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. * - `NO_MATCH` - Treat the web request as not matching the rule statement. */ export type WebAclRateLimitJa3FingerprintFallbackBehavior = (typeof WebAclRateLimitJa3FingerprintFallbackBehavior)[keyof typeof WebAclRateLimitJa3FingerprintFallbackBehavior]; export declare const WebAclRateLimitJa4FingerprintFallbackBehavior: { readonly Match: "MATCH"; readonly NoMatch: "NO_MATCH"; }; /** * The match status to assign to the web request if there is insufficient TSL Client Hello information to compute the JA4 fingerprint. * * You can specify the following fallback behaviors: * * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. * - `NO_MATCH` - Treat the web request as not matching the rule statement. */ export type WebAclRateLimitJa4FingerprintFallbackBehavior = (typeof WebAclRateLimitJa4FingerprintFallbackBehavior)[keyof typeof WebAclRateLimitJa4FingerprintFallbackBehavior]; export declare const WebAclRequestInspectionAcfpPayloadType: { readonly Json: "JSON"; readonly FormEncoded: "FORM_ENCODED"; }; /** * The payload type for your account creation endpoint, either JSON or form encoded. */ export type WebAclRequestInspectionAcfpPayloadType = (typeof WebAclRequestInspectionAcfpPayloadType)[keyof typeof WebAclRequestInspectionAcfpPayloadType]; export declare const WebAclRequestInspectionPayloadType: { readonly Json: "JSON"; readonly FormEncoded: "FORM_ENCODED"; }; /** * The payload type for your login endpoint, either JSON or form encoded. */ export type WebAclRequestInspectionPayloadType = (typeof WebAclRequestInspectionPayloadType)[keyof typeof WebAclRequestInspectionPayloadType]; export declare const WebAclResponseContentType: { readonly TextPlain: "TEXT_PLAIN"; readonly TextHtml: "TEXT_HTML"; readonly ApplicationJson: "APPLICATION_JSON"; }; /** * Valid values are TEXT_PLAIN, TEXT_HTML, and APPLICATION_JSON. */ export type WebAclResponseContentType = (typeof WebAclResponseContentType)[keyof typeof WebAclResponseContentType]; export declare const WebAclScope: { readonly Cloudfront: "CLOUDFRONT"; readonly Regional: "REGIONAL"; }; /** * Use CLOUDFRONT for CloudFront WebACL, use REGIONAL for Application Load Balancer and API Gateway. */ export type WebAclScope = (typeof WebAclScope)[keyof typeof WebAclScope]; export declare const WebAclSensitivityLevel: { readonly Low: "LOW"; readonly High: "HIGH"; }; /** * Sensitivity Level current only used for sqli match statements. */ export type WebAclSensitivityLevel = (typeof WebAclSensitivityLevel)[keyof typeof WebAclSensitivityLevel]; export declare const WebAclSensitivityToAct: { readonly Low: "LOW"; readonly Medium: "MEDIUM"; readonly High: "HIGH"; }; export type WebAclSensitivityToAct = (typeof WebAclSensitivityToAct)[keyof typeof WebAclSensitivityToAct]; export declare const WebAclSizeConstraintStatementComparisonOperator: { readonly Eq: "EQ"; readonly Ne: "NE"; readonly Le: "LE"; readonly Lt: "LT"; readonly Ge: "GE"; readonly Gt: "GT"; }; /** * The operator to use to compare the request part to the size setting. */ export type WebAclSizeConstraintStatementComparisonOperator = (typeof WebAclSizeConstraintStatementComparisonOperator)[keyof typeof WebAclSizeConstraintStatementComparisonOperator]; export declare const WebAclSizeInspectionLimit: { readonly Kb16: "KB_16"; readonly Kb32: "KB_32"; readonly Kb48: "KB_48"; readonly Kb64: "KB_64"; }; export type WebAclSizeInspectionLimit = (typeof WebAclSizeInspectionLimit)[keyof typeof WebAclSizeInspectionLimit]; export declare const WebAclTextTransformationType: { readonly None: "NONE"; readonly CompressWhiteSpace: "COMPRESS_WHITE_SPACE"; readonly HtmlEntityDecode: "HTML_ENTITY_DECODE"; readonly Lowercase: "LOWERCASE"; readonly CmdLine: "CMD_LINE"; readonly UrlDecode: "URL_DECODE"; readonly Base64Decode: "BASE64_DECODE"; readonly HexDecode: "HEX_DECODE"; readonly Md5: "MD5"; readonly ReplaceComments: "REPLACE_COMMENTS"; readonly EscapeSeqDecode: "ESCAPE_SEQ_DECODE"; readonly SqlHexDecode: "SQL_HEX_DECODE"; readonly CssDecode: "CSS_DECODE"; readonly JsDecode: "JS_DECODE"; readonly NormalizePath: "NORMALIZE_PATH"; readonly NormalizePathWin: "NORMALIZE_PATH_WIN"; readonly RemoveNulls: "REMOVE_NULLS"; readonly ReplaceNulls: "REPLACE_NULLS"; readonly Base64DecodeExt: "BASE64_DECODE_EXT"; readonly UrlDecodeUni: "URL_DECODE_UNI"; readonly Utf8ToUnicode: "UTF8_TO_UNICODE"; }; /** * Type of text transformation. */ export type WebAclTextTransformationType = (typeof WebAclTextTransformationType)[keyof typeof WebAclTextTransformationType]; export declare const WebAclUriFragmentFallbackBehavior: { readonly Match: "MATCH"; readonly NoMatch: "NO_MATCH"; }; /** * What AWS WAF should do if it fails to completely parse the JSON body. The options are the following: * * - `EVALUATE_AS_STRING` - Inspect the body as plain text. AWS WAF applies the text transformations and inspection criteria that you defined for the JSON inspection to the body text string. * - `MATCH` - Treat the web request as matching the rule statement. AWS WAF applies the rule action to the request. * - `NO_MATCH` - Treat the web request as not matching the rule statement. * * If you don't provide this setting, AWS WAF parses and evaluates the content only up to the first parsing failure that it encounters. * * Example JSON: `{ "UriFragment": { "FallbackBehavior": "MATCH"} }` * * > AWS WAF parsing doesn't fully validate the input JSON string, so parsing can succeed even for invalid JSON. When parsing succeeds, AWS WAF doesn't apply the fallback behavior. For more information, see [JSON body](https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-fields-list.html#waf-rule-statement-request-component-json-body) in the *AWS WAF Developer Guide* . */ export type WebAclUriFragmentFallbackBehavior = (typeof WebAclUriFragmentFallbackBehavior)[keyof typeof WebAclUriFragmentFallbackBehavior]; export declare const WebAclUsageOfAction: { readonly Enabled: "ENABLED"; readonly Disabled: "DISABLED"; }; export type WebAclUsageOfAction = (typeof WebAclUsageOfAction)[keyof typeof WebAclUsageOfAction];