/* eslint-disable */ /** * This file was automatically generated by json-schema-to-typescript. * DO NOT MODIFY IT BY HAND. Instead, modify the source JSONSchema file, * and run json-schema-to-typescript to regenerate this file. */ /** * ARN of the WAF entity. */ export type ResourceArn = string; /** * HTTP header name. */ export type CustomHTTPHeaderName = string; /** * HTTP header value. */ export type CustomHTTPHeaderValue = string; /** * Custom response code. */ export type ResponseStatusCode = number; /** * Description of the entity. */ export type EntityDescription = string; /** * Name of the WebACL. */ export type EntityName = string; /** * Id of the WebACL */ export type EntityId = string; /** * Use CLOUDFRONT for CloudFront WebACL, use REGIONAL for Application Load Balancer and API Gateway. */ export type Scope = "CLOUDFRONT" | "REGIONAL"; /** * Priority of the Rule, Rules get evaluated from lower to higher priority. */ export type RulePriority = number; /** * String that is searched to find a match. */ export type SearchString = string; /** * Base64 encoded string that is searched to find a match. */ export type SearchStringBase64 = string; /** * Handling of requests containing oversize fields */ export type OversizeHandling = "CONTINUE" | "MATCH" | "NO_MATCH"; /** * JSON pointer path in the web request's JSON body */ export type JsonPointerPath = string; /** * The parts of the JSON to match against using the MatchPattern. */ export type JsonMatchScope = "ALL" | "KEY" | "VALUE"; /** * The inspection behavior to fall back to if the JSON in the request body is invalid. */ export type BodyParsingFallbackBehavior = "MATCH" | "NO_MATCH" | "EVALUATE_AS_STRING"; /** * The parts of the request to match against using the MatchPattern. */ export type MapMatchScope = "ALL" | "KEY" | "VALUE"; /** * Priority of Rule being evaluated. */ export type TextTransformationPriority = number; /** * Type of text transformation. */ export type TextTransformationType = | "NONE" | "COMPRESS_WHITE_SPACE" | "HTML_ENTITY_DECODE" | "LOWERCASE" | "CMD_LINE" | "URL_DECODE" | "BASE64_DECODE" | "HEX_DECODE" | "MD5" | "REPLACE_COMMENTS" | "ESCAPE_SEQ_DECODE" | "SQL_HEX_DECODE" | "CSS_DECODE" | "JS_DECODE" | "NORMALIZE_PATH" | "NORMALIZE_PATH_WIN" | "REMOVE_NULLS" | "REPLACE_NULLS" | "BASE64_DECODE_EXT" | "URL_DECODE_UNI" | "UTF8_TO_UNICODE"; /** * Position of the evaluation in the FieldToMatch of request. */ export type PositionalConstraint = "EXACTLY" | "STARTS_WITH" | "ENDS_WITH" | "CONTAINS" | "CONTAINS_WORD"; /** * Sensitivity Level current only used for sqli match statements. */ export type SensitivityLevel = "LOW" | "HIGH"; export type RateLimit = number; export type LabelMatchScope = "LABEL" | "NAMESPACE"; export type LabelMatchKey = string; /** * Name of the Label. */ export type LabelName = string; /** * Valid values are TEXT_PLAIN, TEXT_HTML, and APPLICATION_JSON. */ export type ResponseContentType = "TEXT_PLAIN" | "TEXT_HTML" | "APPLICATION_JSON"; /** * Response content. */ export type ResponseContent = string; /** * List of domains to accept in web request tokens, in addition to the domain of the protected resource. */ export type TokenDomains = string[]; /** * Contains the Rules that identify the requests that you want to allow, block, or count. In a WebACL, you also specify a default action (ALLOW or BLOCK), and the action for each Rule that you add to a WebACL, for example, block requests from specified IP addresses or block requests from specified referrers. You also associate the WebACL with a CloudFront distribution to identify the requests that you want AWS WAF to filter. If you add more than one Rule to a WebACL, a request needs to match only one of the specifications to be allowed, blocked, or counted. */ export interface AwsWafv2Webacl { Arn?: ResourceArn; Capacity?: number; DefaultAction: DefaultAction; Description?: EntityDescription; Name?: EntityName; Id?: EntityId; Scope: Scope; /** * Collection of Rules. */ Rules?: Rule[]; VisibilityConfig: VisibilityConfig; /** * @minItems 1 */ Tags?: [Tag, ...Tag[]]; LabelNamespace?: LabelName; CustomResponseBodies?: CustomResponseBodies; CaptchaConfig?: CaptchaConfig; ChallengeConfig?: ChallengeConfig; TokenDomains?: TokenDomains; } /** * Default Action WebACL will take against ingress traffic when there is no matching Rule. */ export interface DefaultAction { Allow?: AllowAction; Block?: BlockAction; } /** * Allow traffic towards application. */ export interface AllowAction { CustomRequestHandling?: CustomRequestHandling; } /** * Custom request handling. */ export interface CustomRequestHandling { /** * Collection of HTTP headers. * * @minItems 1 */ InsertHeaders: [CustomHTTPHeader, ...CustomHTTPHeader[]]; } /** * HTTP header. */ export interface CustomHTTPHeader { Name: CustomHTTPHeaderName; Value: CustomHTTPHeaderValue; } /** * Block traffic towards application. */ export interface BlockAction { CustomResponse?: CustomResponse; } /** * Custom response. */ export interface CustomResponse { ResponseCode: ResponseStatusCode; /** * Custom response body key. */ CustomResponseBodyKey?: string; /** * Collection of HTTP headers. * * @minItems 1 */ ResponseHeaders?: [CustomHTTPHeader, ...CustomHTTPHeader[]]; } /** * Rule of WebACL that contains condition and action. */ export interface Rule { Name: EntityName; Priority: RulePriority; Statement: Statement; Action?: RuleAction; OverrideAction?: OverrideAction; /** * Collection of Rule Labels. */ RuleLabels?: Label[]; VisibilityConfig: VisibilityConfig; CaptchaConfig?: CaptchaConfig; ChallengeConfig?: ChallengeConfig; } /** * First level statement that contains conditions, such as ByteMatch, SizeConstraint, etc */ export interface Statement { ByteMatchStatement?: ByteMatchStatement; SqliMatchStatement?: SqliMatchStatement; XssMatchStatement?: XssMatchStatement; SizeConstraintStatement?: SizeConstraintStatement; GeoMatchStatement?: GeoMatchStatement; RuleGroupReferenceStatement?: RuleGroupReferenceStatement; IPSetReferenceStatement?: IPSetReferenceStatement; RegexPatternSetReferenceStatement?: RegexPatternSetReferenceStatement; ManagedRuleGroupStatement?: ManagedRuleGroupStatement; RateBasedStatement?: RateBasedStatement; AndStatement?: AndStatement; OrStatement?: OrStatement; NotStatement?: NotStatement; LabelMatchStatement?: LabelMatchStatement; RegexMatchStatement?: RegexMatchStatement; } /** * Byte Match statement. */ export interface ByteMatchStatement { SearchString?: SearchString; SearchStringBase64?: SearchStringBase64; FieldToMatch: FieldToMatch; TextTransformations: TextTransformation[]; PositionalConstraint: PositionalConstraint; } /** * Field of the request to match. */ export interface FieldToMatch { SingleHeader?: { Name: string; }; /** * One query argument in a web request, identified by name, for example UserName or SalesRegion. The name can be up to 30 characters long and isn't case sensitive. */ SingleQueryArgument?: { Name: string; }; /** * All query arguments of a web request. */ AllQueryArguments?: { [k: string]: unknown; }; /** * The path component of the URI of a web request. This is the part of a web request that identifies a resource, for example, /images/daily-ad.jpg. */ UriPath?: { [k: string]: unknown; }; /** * The query string of a web request. This is the part of a URL that appears after a ? character, if any. */ QueryString?: { [k: string]: unknown; }; Body?: Body; /** * The HTTP method of a web request. The method indicates the type of operation that the request is asking the origin to perform. */ Method?: { [k: string]: unknown; }; JsonBody?: JsonBody; Headers?: Headers; Cookies?: Cookies; } /** * The body of a web request. This immediately follows the request headers. */ export interface Body { OversizeHandling?: OversizeHandling; } /** * Inspect the request body as JSON. The request body immediately follows the request headers. */ export interface JsonBody { MatchPattern: JsonMatchPattern; MatchScope: JsonMatchScope; InvalidFallbackBehavior?: BodyParsingFallbackBehavior; OversizeHandling?: OversizeHandling; } /** * The pattern to look for in the JSON body. */ export interface JsonMatchPattern { /** * Inspect all parts of the web request's JSON body. */ All?: { [k: string]: unknown; }; IncludedPaths?: JsonPointerPath[]; } /** * Includes headers of a web request. */ export interface Headers { MatchPattern: HeaderMatchPattern; MatchScope: MapMatchScope; OversizeHandling: OversizeHandling; } /** * The pattern to look for in the request headers. */ export interface HeaderMatchPattern { /** * Inspect all parts of the web request headers. */ All?: { [k: string]: unknown; }; /** * @minItems 1 * @maxItems 199 */ IncludedHeaders?: [string, ...string[]]; /** * @minItems 1 * @maxItems 199 */ ExcludedHeaders?: [string, ...string[]]; } /** * Includes headers of a web request. */ export interface Cookies { MatchPattern: CookieMatchPattern; MatchScope: MapMatchScope; OversizeHandling: OversizeHandling; } /** * The pattern to look for in the request cookies. */ export interface CookieMatchPattern { /** * Inspect all parts of the web request cookies. */ All?: { [k: string]: unknown; }; /** * @minItems 1 * @maxItems 199 */ IncludedCookies?: [string, ...string[]]; /** * @minItems 1 * @maxItems 199 */ ExcludedCookies?: [string, ...string[]]; } /** * Text Transformation on the Search String before match. */ export interface TextTransformation { Priority: TextTransformationPriority; Type: TextTransformationType; } /** * Sqli Match Statement. */ export interface SqliMatchStatement { FieldToMatch: FieldToMatch; TextTransformations: TextTransformation[]; SensitivityLevel?: SensitivityLevel; } /** * Xss Match Statement. */ export interface XssMatchStatement { FieldToMatch: FieldToMatch; TextTransformations: TextTransformation[]; } /** * Size Constraint statement. */ export interface SizeConstraintStatement { FieldToMatch: FieldToMatch; ComparisonOperator: "EQ" | "NE" | "LE" | "LT" | "GE" | "GT"; Size: number; TextTransformations: TextTransformation[]; } export interface GeoMatchStatement { CountryCodes?: string[]; ForwardedIPConfig?: ForwardedIPConfiguration; } export interface ForwardedIPConfiguration { HeaderName: string; FallbackBehavior: "MATCH" | "NO_MATCH"; } export interface RuleGroupReferenceStatement { Arn: ResourceArn; ExcludedRules?: ExcludedRule[]; /** * Action overrides for rules in the rule group. * * @minItems 1 * @maxItems 100 */ RuleActionOverrides?: [RuleActionOverride, ...RuleActionOverride[]]; } /** * Excluded Rule in the RuleGroup or ManagedRuleGroup will not be evaluated. */ export interface ExcludedRule { Name: EntityName; } /** * Action override for rules in the rule group. */ export interface RuleActionOverride { Name: EntityName; ActionToUse: RuleAction; } /** * Action taken when Rule matches its condition. */ export interface RuleAction { Allow?: AllowAction; Block?: BlockAction; Count?: CountAction; Captcha?: CaptchaAction; Challenge?: ChallengeAction; } /** * Allow traffic towards application. */ export interface CountAction { CustomRequestHandling?: CustomRequestHandling; } /** * Checks valid token exists with request. */ export interface CaptchaAction { CustomRequestHandling?: CustomRequestHandling; } /** * Checks that the request has a valid token with an unexpired challenge timestamp and, if not, returns a browser challenge to the client. */ export interface ChallengeAction { CustomRequestHandling?: CustomRequestHandling; } export interface IPSetReferenceStatement { Arn: ResourceArn; IPSetForwardedIPConfig?: IPSetForwardedIPConfiguration; } export interface IPSetForwardedIPConfiguration { HeaderName: string; FallbackBehavior: "MATCH" | "NO_MATCH"; Position: "FIRST" | "LAST" | "ANY"; } export interface RegexPatternSetReferenceStatement { Arn: ResourceArn; FieldToMatch: FieldToMatch; TextTransformations: TextTransformation[]; } export interface ManagedRuleGroupStatement { Name: EntityName; VendorName: string; Version?: string; ExcludedRules?: ExcludedRule[]; ScopeDownStatement?: Statement; /** * Collection of ManagedRuleGroupConfig. */ ManagedRuleGroupConfigs?: ManagedRuleGroupConfig[]; /** * Action overrides for rules in the rule group. * * @minItems 1 * @maxItems 100 */ RuleActionOverrides?: [RuleActionOverride, ...RuleActionOverride[]]; } /** * ManagedRuleGroupConfig. */ export interface ManagedRuleGroupConfig { LoginPath?: string; PayloadType?: "JSON" | "FORM_ENCODED"; UsernameField?: FieldIdentifier; PasswordField?: FieldIdentifier; AWSManagedRulesBotControlRuleSet?: AWSManagedRulesBotControlRuleSet; AWSManagedRulesATPRuleSet?: AWSManagedRulesATPRuleSet; } export interface FieldIdentifier { Identifier: string; } /** * Configures how to use the Bot Control managed rule group in the web ACL */ export interface AWSManagedRulesBotControlRuleSet { InspectionLevel: "COMMON" | "TARGETED"; } /** * Configures how to use the Account Takeover Prevention managed rule group in the web ACL */ export interface AWSManagedRulesATPRuleSet { LoginPath: string; RequestInspection?: RequestInspection; ResponseInspection?: ResponseInspection; } /** * Configures the inspection of login requests */ export interface RequestInspection { PayloadType: "JSON" | "FORM_ENCODED"; UsernameField: FieldIdentifier; PasswordField: FieldIdentifier; } /** * Configures the inspection of login responses */ export interface ResponseInspection { StatusCode?: ResponseInspectionStatusCode; Header?: ResponseInspectionHeader; BodyContains?: ResponseInspectionBodyContains; Json?: ResponseInspectionJson; } /** * Response status codes that indicate success or failure of a login request */ export interface ResponseInspectionStatusCode { /** * @minItems 1 * @maxItems 10 */ SuccessCodes: | [number] | [number, number] | [number, number, number] | [number, number, number, number] | [number, number, number, number, number] | [number, number, number, number, number, number] | [number, number, number, number, number, number, number] | [number, number, number, number, number, number, number, number] | [number, number, number, number, number, number, number, number, number] | [number, number, number, number, number, number, number, number, number, number]; /** * @minItems 1 * @maxItems 10 */ FailureCodes: | [number] | [number, number] | [number, number, number] | [number, number, number, number] | [number, number, number, number, number] | [number, number, number, number, number, number] | [number, number, number, number, number, number, number] | [number, number, number, number, number, number, number, number] | [number, number, number, number, number, number, number, number, number] | [number, number, number, number, number, number, number, number, number, number]; } /** * Response headers that indicate success or failure of a login request */ export interface ResponseInspectionHeader { Name: string; /** * @minItems 1 * @maxItems 3 */ SuccessValues: [string] | [string, string] | [string, string, string]; /** * @minItems 1 * @maxItems 3 */ FailureValues: [string] | [string, string] | [string, string, string]; } /** * Response body contents that indicate success or failure of a login request */ export interface ResponseInspectionBodyContains { /** * @minItems 1 * @maxItems 5 */ SuccessStrings: | [string] | [string, string] | [string, string, string] | [string, string, string, string] | [string, string, string, string, string]; /** * @minItems 1 * @maxItems 5 */ FailureStrings: | [string] | [string, string] | [string, string, string] | [string, string, string, string] | [string, string, string, string, string]; } /** * Response JSON that indicate success or failure of a login request */ export interface ResponseInspectionJson { Identifier: string; /** * @minItems 1 * @maxItems 5 */ SuccessValues: | [string] | [string, string] | [string, string, string] | [string, string, string, string] | [string, string, string, string, string]; /** * @minItems 1 * @maxItems 5 */ FailureValues: | [string] | [string, string] | [string, string, string] | [string, string, string, string] | [string, string, string, string, string]; } export interface RateBasedStatement { Limit: RateLimit; AggregateKeyType: "IP" | "FORWARDED_IP"; ScopeDownStatement?: Statement; ForwardedIPConfig?: ForwardedIPConfiguration; } export interface AndStatement { Statements: Statement[]; } export interface OrStatement { Statements: Statement[]; } export interface NotStatement { Statement: Statement; } export interface LabelMatchStatement { Scope: LabelMatchScope; Key: LabelMatchKey; } export interface RegexMatchStatement { RegexString: string; FieldToMatch: FieldToMatch; TextTransformations: TextTransformation[]; } /** * Override a RuleGroup or ManagedRuleGroup behavior. This can only be applied to Rule that has RuleGroupReferenceStatement or ManagedRuleGroupReferenceStatement. */ export interface OverrideAction { /** * Count traffic towards application. */ Count?: { [k: string]: unknown; }; /** * Keep the RuleGroup or ManagedRuleGroup behavior as is. */ None?: { [k: string]: unknown; }; } export interface Label { Name: LabelName; } /** * Visibility Metric of the WebACL. */ export interface VisibilityConfig { SampledRequestsEnabled: boolean; CloudWatchMetricsEnabled: boolean; MetricName: string; } export interface CaptchaConfig { ImmunityTimeProperty?: ImmunityTimeProperty; } export interface ImmunityTimeProperty { ImmunityTime: number; } export interface ChallengeConfig { ImmunityTimeProperty?: ImmunityTimeProperty; } export interface Tag { Key?: string; Value?: string; } /** * Custom response key and body map. */ export interface CustomResponseBodies { [k: string]: CustomResponseBody; } /** * Custom response body. * * This interface was referenced by `CustomResponseBodies`'s JSON-Schema definition * via the `patternProperty` "^[\w\-]+$". */ export interface CustomResponseBody { ContentType: ResponseContentType; Content: ResponseContent; }