From 0292fb4a465619c6bc91a374ceaddef9fc34e0de Mon Sep 17 00:00:00 2001 From: awstools Date: Wed, 22 May 2024 18:15:36 +0000 Subject: [PATCH] feat(client-wafv2): You can now use Security Lake to collect web ACL traffic data. --- .../DeleteLoggingConfigurationCommand.ts | 2 + .../GetLoggingConfigurationCommand.ts | 4 + .../ListLoggingConfigurationsCommand.ts | 3 + .../PutLoggingConfigurationCommand.ts | 4 + clients/client-wafv2/src/models/models_0.ts | 113 +++++++++++++++++- codegen/sdk-codegen/aws-models/wafv2.json | 82 ++++++++++++- 6 files changed, 199 insertions(+), 9 deletions(-) diff --git a/clients/client-wafv2/src/commands/DeleteLoggingConfigurationCommand.ts b/clients/client-wafv2/src/commands/DeleteLoggingConfigurationCommand.ts index 5feb5377c049..bf3b0dfde2d6 100644 --- a/clients/client-wafv2/src/commands/DeleteLoggingConfigurationCommand.ts +++ b/clients/client-wafv2/src/commands/DeleteLoggingConfigurationCommand.ts @@ -36,6 +36,8 @@ export interface DeleteLoggingConfigurationCommandOutput extends DeleteLoggingCo * const client = new WAFV2Client(config); * const input = { // DeleteLoggingConfigurationRequest * ResourceArn: "STRING_VALUE", // required + * LogType: "WAF_LOGS", + * LogScope: "CUSTOMER" || "SECURITY_LAKE", * }; * const command = new DeleteLoggingConfigurationCommand(input); * const response = await client.send(command); diff --git a/clients/client-wafv2/src/commands/GetLoggingConfigurationCommand.ts b/clients/client-wafv2/src/commands/GetLoggingConfigurationCommand.ts index cee4625d16c9..443f9861ad79 100644 --- a/clients/client-wafv2/src/commands/GetLoggingConfigurationCommand.ts +++ b/clients/client-wafv2/src/commands/GetLoggingConfigurationCommand.ts @@ -36,6 +36,8 @@ export interface GetLoggingConfigurationCommandOutput extends GetLoggingConfigur * const client = new WAFV2Client(config); * const input = { // GetLoggingConfigurationRequest * ResourceArn: "STRING_VALUE", // required + * LogType: "WAF_LOGS", + * LogScope: "CUSTOMER" || "SECURITY_LAKE", * }; * const command = new GetLoggingConfigurationCommand(input); * const response = await client.send(command); @@ -125,6 +127,8 @@ export interface GetLoggingConfigurationCommandOutput extends GetLoggingConfigur * // ], * // DefaultBehavior: "KEEP" || "DROP", // required * // }, + * // LogType: "WAF_LOGS", + * // LogScope: "CUSTOMER" || "SECURITY_LAKE", * // }, * // }; * diff --git a/clients/client-wafv2/src/commands/ListLoggingConfigurationsCommand.ts b/clients/client-wafv2/src/commands/ListLoggingConfigurationsCommand.ts index 3ea3d2518d7c..c765f89561a5 100644 --- a/clients/client-wafv2/src/commands/ListLoggingConfigurationsCommand.ts +++ b/clients/client-wafv2/src/commands/ListLoggingConfigurationsCommand.ts @@ -38,6 +38,7 @@ export interface ListLoggingConfigurationsCommandOutput extends ListLoggingConfi * Scope: "CLOUDFRONT" || "REGIONAL", // required * NextMarker: "STRING_VALUE", * Limit: Number("int"), + * LogScope: "CUSTOMER" || "SECURITY_LAKE", * }; * const command = new ListLoggingConfigurationsCommand(input); * const response = await client.send(command); @@ -128,6 +129,8 @@ export interface ListLoggingConfigurationsCommandOutput extends ListLoggingConfi * // ], * // DefaultBehavior: "KEEP" || "DROP", // required * // }, + * // LogType: "WAF_LOGS", + * // LogScope: "CUSTOMER" || "SECURITY_LAKE", * // }, * // ], * // NextMarker: "STRING_VALUE", diff --git a/clients/client-wafv2/src/commands/PutLoggingConfigurationCommand.ts b/clients/client-wafv2/src/commands/PutLoggingConfigurationCommand.ts index 764d5453907a..938896b3c0cb 100644 --- a/clients/client-wafv2/src/commands/PutLoggingConfigurationCommand.ts +++ b/clients/client-wafv2/src/commands/PutLoggingConfigurationCommand.ts @@ -162,6 +162,8 @@ export interface PutLoggingConfigurationCommandOutput extends PutLoggingConfigur * ], * DefaultBehavior: "KEEP" || "DROP", // required * }, + * LogType: "WAF_LOGS", + * LogScope: "CUSTOMER" || "SECURITY_LAKE", * }, * }; * const command = new PutLoggingConfigurationCommand(input); @@ -252,6 +254,8 @@ export interface PutLoggingConfigurationCommandOutput extends PutLoggingConfigur * // ], * // DefaultBehavior: "KEEP" || "DROP", // required * // }, + * // LogType: "WAF_LOGS", + * // LogScope: "CUSTOMER" || "SECURITY_LAKE", * // }, * // }; * diff --git a/clients/client-wafv2/src/models/models_0.ts b/clients/client-wafv2/src/models/models_0.ts index b434deacabfe..a0de7bd7c9cf 100644 --- a/clients/client-wafv2/src/models/models_0.ts +++ b/clients/client-wafv2/src/models/models_0.ts @@ -449,7 +449,7 @@ export const FallbackBehavior = { export type FallbackBehavior = (typeof FallbackBehavior)[keyof typeof FallbackBehavior]; /** - *

Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each + *

Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each * request that has enough TLS Client Hello information for the calculation. Almost * all web requests include this information.

* @@ -763,6 +763,10 @@ export interface UriPath {} *

In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, * but for field redaction, you are specifying the component type to redact from the logs.

* + *
  • + *

    If you have request sampling enabled, the redacted fields configuration for logging has no impact on sampling. + * The only way to exclude fields from request sampling is by disabling sampling in the web ACL visibility configuration.

    + *
    • * * * @@ -898,7 +902,7 @@ export interface FieldToMatch { HeaderOrder?: HeaderOrder; /** - *

    Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each + *

    Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each * request that has enough TLS Client Hello information for the calculation. Almost * all web requests include this information.

    * @@ -1013,7 +1017,7 @@ export interface ByteMatchStatement { * *
  • *

    - * JA3Fingerprint: Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to + * JA3Fingerprint: Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to * EXACTLY.

    *

    You can obtain the JA3 fingerprint for client requests from the web ACL logs. * If WAF is able to calculate the fingerprint, it includes it in the logs. @@ -3493,6 +3497,10 @@ export interface VisibilityConfig { /** *

    Indicates whether WAF should store a sampling of the web requests that * match the rules. You can view the sampled requests through the WAF console.

    + * + *

    Request sampling doesn't provide a field redaction option, and any field redaction that you specify in your logging configuration doesn't affect sampling. + * The only way to exclude fields from request sampling is by disabling sampling in the web ACL visibility configuration.

    + *     * @public */ SampledRequestsEnabled: boolean | undefined; @@ -4367,6 +4375,33 @@ export class WAFAssociatedItemException extends __BaseException { } } +/** + * @public + * @enum + */ +export const LogScope = { + CUSTOMER: "CUSTOMER", + SECURITY_LAKE: "SECURITY_LAKE", +} as const; + +/** + * @public + */ +export type LogScope = (typeof LogScope)[keyof typeof LogScope]; + +/** + * @public + * @enum + */ +export const LogType = { + WAF_LOGS: "WAF_LOGS", +} as const; + +/** + * @public + */ +export type LogType = (typeof LogType)[keyof typeof LogType]; + /** * @public */ @@ -4376,6 +4411,25 @@ export interface DeleteLoggingConfigurationRequest { * @public */ ResourceArn: string | undefined; + + /** + *

    Used to distinguish between various logging options. Currently, there is one option.

    + *

    Default: WAF_LOGS + *

    + * @public + */ + LogType?: LogType; + + /** + *

    The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.

    + *

    The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see + * Collecting data from Amazon Web Services services + * in the Amazon Security Lake user guide.

    + *

    Default: CUSTOMER + *

    + * @public + */ + LogScope?: LogScope; } /** @@ -5091,6 +5145,25 @@ export interface GetLoggingConfigurationRequest { * @public */ ResourceArn: string | undefined; + + /** + *

    Used to distinguish between various logging options. Currently, there is one option.

    + *

    Default: WAF_LOGS + *

    + * @public + */ + LogType?: LogType; + + /** + *

    The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.

    + *

    The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see + * Collecting data from Amazon Web Services services + * in the Amazon Security Lake user guide.

    + *

    Default: CUSTOMER + *

    + * @public + */ + LogScope?: LogScope; } /** @@ -5264,6 +5337,10 @@ export interface LoggingConfiguration { *

    You can specify only the following fields for redaction: UriPath, * QueryString, SingleHeader, and Method.

    * + * + *

    This setting has no impact on request sampling. With request sampling, + * the only way to exclude fields is by disabling sampling in the web ACL visibility configuration.

    + *     * @public */ RedactedFields?: FieldToMatch[]; @@ -5283,6 +5360,25 @@ export interface LoggingConfiguration { * @public */ LoggingFilter?: LoggingFilter; + + /** + *

    Used to distinguish between various logging options. Currently, there is one option.

    + *

    Default: WAF_LOGS + *

    + * @public + */ + LogType?: LogType; + + /** + *

    The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.

    + *

    The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see + * Collecting data from Amazon Web Services services + * in the Amazon Security Lake user guide.

    + *

    Default: CUSTOMER + *

    + * @public + */ + LogScope?: LogScope; } /** @@ -6557,6 +6653,17 @@ export interface ListLoggingConfigurationsRequest { * @public */ Limit?: number; + + /** + *

    The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.

    + *

    The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see + * Collecting data from Amazon Web Services services + * in the Amazon Security Lake user guide.

    + *

    Default: CUSTOMER + *

    + * @public + */ + LogScope?: LogScope; } /** diff --git a/codegen/sdk-codegen/aws-models/wafv2.json b/codegen/sdk-codegen/aws-models/wafv2.json index 90e8197e958d..532e61f6f8a6 100644 --- a/codegen/sdk-codegen/aws-models/wafv2.json +++ b/codegen/sdk-codegen/aws-models/wafv2.json @@ -1901,7 +1901,7 @@ "SearchString": { "target": "com.amazonaws.wafv2#SearchString", "traits": { - "smithy.api#documentation": "

    A string value that you want WAF to search for. WAF searches only in the part of\n web requests that you designate for inspection in FieldToMatch. The\n maximum length of the value is 200 bytes.

    \n

    Valid values depend on the component that you specify for inspection in\n FieldToMatch:

    \n
      \n
    • \n

      \n Method: The HTTP method that you want WAF to search for. This\n indicates the type of operation specified in the request.

      \n
      • \n
    • \n

      \n UriPath: The value that you want WAF to search for in the URI path,\n for example, /images/daily-ad.jpg.

      \n
      • \n
    • \n

      \n JA3Fingerprint: Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to \n EXACTLY.

      \n

      You can obtain the JA3 fingerprint for client requests from the web ACL logs. \n\t\t\t\t\t\tIf WAF is able to calculate the fingerprint, it includes it in the logs. \n\t\t\t\t\t\tFor information about the logging fields, \nsee Log fields in the WAF Developer Guide.

      \n
      • \n
    • \n

      \n HeaderOrder: The list of header names to match for. WAF creates a \n string that contains the ordered list of header names, from the headers in the web request, and then matches against that string.

      \n
      • \n
    \n

    If SearchString includes alphabetic characters A-Z and a-z, note that the\n value is case sensitive.

    \n

    \n If you're using the WAF API\n

    \n

    Specify a base64-encoded version of the value. The maximum length of the value before\n you base64-encode it is 200 bytes.

    \n

    For example, suppose the value of Type is HEADER and the value\n of Data is User-Agent. If you want to search the\n User-Agent header for the value BadBot, you base64-encode\n BadBot using MIME base64-encoding and include the resulting value,\n QmFkQm90, in the value of SearchString.

    \n

    \n If you're using the CLI or one of the Amazon Web Services SDKs\n

    \n

    The value that you want WAF to search for. The SDK automatically base64 encodes the\n value.

    ", + "smithy.api#documentation": "

    A string value that you want WAF to search for. WAF searches only in the part of\n web requests that you designate for inspection in FieldToMatch. The\n maximum length of the value is 200 bytes.

    \n

    Valid values depend on the component that you specify for inspection in\n FieldToMatch:

    \n
      \n
    • \n

      \n Method: The HTTP method that you want WAF to search for. This\n indicates the type of operation specified in the request.

      \n
      • \n
    • \n

      \n UriPath: The value that you want WAF to search for in the URI path,\n for example, /images/daily-ad.jpg.

      \n
      • \n
    • \n

      \n JA3Fingerprint: Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to \n EXACTLY.

      \n

      You can obtain the JA3 fingerprint for client requests from the web ACL logs. \n\t\t\t\t\t\tIf WAF is able to calculate the fingerprint, it includes it in the logs. \n\t\t\t\t\t\tFor information about the logging fields, \nsee Log fields in the WAF Developer Guide.

      \n
      • \n
    • \n

      \n HeaderOrder: The list of header names to match for. WAF creates a \n string that contains the ordered list of header names, from the headers in the web request, and then matches against that string.

      \n
      • \n
    \n

    If SearchString includes alphabetic characters A-Z and a-z, note that the\n value is case sensitive.

    \n

    \n If you're using the WAF API\n

    \n

    Specify a base64-encoded version of the value. The maximum length of the value before\n you base64-encode it is 200 bytes.

    \n

    For example, suppose the value of Type is HEADER and the value\n of Data is User-Agent. If you want to search the\n User-Agent header for the value BadBot, you base64-encode\n BadBot using MIME base64-encoding and include the resulting value,\n QmFkQm90, in the value of SearchString.

    \n

    \n If you're using the CLI or one of the Amazon Web Services SDKs\n

    \n

    The value that you want WAF to search for. The SDK automatically base64 encodes the\n value.

    ", "smithy.api#required": {} } }, @@ -4739,6 +4739,18 @@ "smithy.api#documentation": "

    The Amazon Resource Name (ARN) of the web ACL from which you want to delete the LoggingConfiguration.

    ", "smithy.api#required": {} } + }, + "LogType": { + "target": "com.amazonaws.wafv2#LogType", + "traits": { + "smithy.api#documentation": "

    Used to distinguish between various logging options. Currently, there is one option.

    \n

    Default: WAF_LOGS\n

    " + } + }, + "LogScope": { + "target": "com.amazonaws.wafv2#LogScope", + "traits": { + "smithy.api#documentation": "

    The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.

    \n

    The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see \n Collecting data from Amazon Web Services services\n in the Amazon Security Lake user guide.

    \n

    Default: CUSTOMER\n

    " + } } }, "traits": { @@ -5554,12 +5566,12 @@ "JA3Fingerprint": { "target": "com.amazonaws.wafv2#JA3Fingerprint", "traits": { - "smithy.api#documentation": "

    Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each\n\t\t\t\t\t\trequest that has enough TLS Client Hello information for the calculation. Almost \n all web requests include this information.

    \n \n

    You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to \n EXACTLY.

    \n     \n

    You can obtain the JA3 fingerprint for client requests from the web ACL logs. \n\t\t\t\t\t\tIf WAF is able to calculate the fingerprint, it includes it in the logs. \n\t\t\t\t\t\tFor information about the logging fields, \nsee Log fields in the WAF Developer Guide.

    \n

    Provide the JA3 fingerprint string from the logs in your string match statement\n\t\t\t\t\t\t\tspecification, to match with any future requests that have the same TLS configuration.

    " + "smithy.api#documentation": "

    Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each\n\t\t\t\t\t\trequest that has enough TLS Client Hello information for the calculation. Almost \n all web requests include this information.

    \n \n

    You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to \n EXACTLY.

    \n     \n

    You can obtain the JA3 fingerprint for client requests from the web ACL logs. \n\t\t\t\t\t\tIf WAF is able to calculate the fingerprint, it includes it in the logs. \n\t\t\t\t\t\tFor information about the logging fields, \nsee Log fields in the WAF Developer Guide.

    \n

    Provide the JA3 fingerprint string from the logs in your string match statement\n\t\t\t\t\t\t\tspecification, to match with any future requests that have the same TLS configuration.

    " } } }, "traits": { - "smithy.api#documentation": "

    Specifies a web request component to be used in a rule match statement or in a logging configuration.

    \n
      \n
    • \n

      In a rule statement, this is the part of the web request that you want WAF to inspect. Include the single\n FieldToMatch type that you want to inspect, with additional specifications\n as needed, according to the type. You specify a single request component in\n FieldToMatch for each rule statement that requires it. To inspect more than\n one component of the web request, create a separate rule statement for each\n component.

      \n

      Example JSON for a QueryString field to match:

      \n

      \n \"FieldToMatch\": { \"QueryString\": {} }\n

      \n

      Example JSON for a Method field to match specification:

      \n

      \n \"FieldToMatch\": { \"Method\": { \"Name\": \"DELETE\" } }\n

      \n
      • \n
    • \n

      In a logging configuration, this is used in the RedactedFields property to specify a field to \n redact from the logging records. For this use case, note the following:

      \n
        \n
      • \n

        Even though all FieldToMatch settings \n are available, the only valid settings for field redaction are UriPath, QueryString, SingleHeader, and Method.

        \n
        • \n
      • \n

        In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, \n but for field redaction, you are specifying the component type to redact from the logs.

        \n
        • \n
      \n
      • \n
    " + "smithy.api#documentation": "

    Specifies a web request component to be used in a rule match statement or in a logging configuration.

    \n
      \n
    • \n

      In a rule statement, this is the part of the web request that you want WAF to inspect. Include the single\n FieldToMatch type that you want to inspect, with additional specifications\n as needed, according to the type. You specify a single request component in\n FieldToMatch for each rule statement that requires it. To inspect more than\n one component of the web request, create a separate rule statement for each\n component.

      \n

      Example JSON for a QueryString field to match:

      \n

      \n \"FieldToMatch\": { \"QueryString\": {} }\n

      \n

      Example JSON for a Method field to match specification:

      \n

      \n \"FieldToMatch\": { \"Method\": { \"Name\": \"DELETE\" } }\n

      \n
      • \n
    • \n

      In a logging configuration, this is used in the RedactedFields property to specify a field to \n redact from the logging records. For this use case, note the following:

      \n
        \n
      • \n

        Even though all FieldToMatch settings \n are available, the only valid settings for field redaction are UriPath, QueryString, SingleHeader, and Method.

        \n
        • \n
      • \n

        In this documentation, the descriptions of the individual fields talk about specifying the web request component to inspect, \n but for field redaction, you are specifying the component type to redact from the logs.

        \n
        • \n
      • \n

        If you have request sampling enabled, the redacted fields configuration for logging has no impact on sampling. \n The only way to exclude fields from request sampling is by disabling sampling in the web ACL visibility configuration.

        \n
        • \n
      \n
      • \n
    " } }, "com.amazonaws.wafv2#FieldToMatchData": { @@ -6034,6 +6046,18 @@ "smithy.api#documentation": "

    The Amazon Resource Name (ARN) of the web ACL for which you want to get the LoggingConfiguration.

    ", "smithy.api#required": {} } + }, + "LogType": { + "target": "com.amazonaws.wafv2#LogType", + "traits": { + "smithy.api#documentation": "

    Used to distinguish between various logging options. Currently, there is one option.

    \n

    Default: WAF_LOGS\n

    " + } + }, + "LogScope": { + "target": "com.amazonaws.wafv2#LogScope", + "traits": { + "smithy.api#documentation": "

    The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.

    \n

    The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see \n Collecting data from Amazon Web Services services\n in the Amazon Security Lake user guide.

    \n

    Default: CUSTOMER\n

    " + } } }, "traits": { @@ -7106,7 +7130,7 @@ } }, "traits": { - "smithy.api#documentation": "

    Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each\n\t\t\t\t\t\trequest that has enough TLS Client Hello information for the calculation. Almost \n all web requests include this information.

    \n \n

    You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to \n EXACTLY.

    \n     \n

    You can obtain the JA3 fingerprint for client requests from the web ACL logs. \n\t\t\t\t\t\tIf WAF is able to calculate the fingerprint, it includes it in the logs. \n\t\t\t\t\t\tFor information about the logging fields, \nsee Log fields in the WAF Developer Guide.

    \n

    Provide the JA3 fingerprint string from the logs in your string match statement\n\t\t\t\t\t\t\tspecification, to match with any future requests that have the same TLS configuration.

    " + "smithy.api#documentation": "

    Available for use with Amazon CloudFront distributions and Application Load Balancers. Match against the request's JA3 fingerprint. The JA3 fingerprint is a 32-character hash derived from the TLS Client Hello of an incoming request. This fingerprint serves as a unique identifier for the client's TLS configuration. WAF calculates and logs this fingerprint for each\n\t\t\t\t\t\trequest that has enough TLS Client Hello information for the calculation. Almost \n all web requests include this information.

    \n \n

    You can use this choice only with a string match ByteMatchStatement with the PositionalConstraint set to \n EXACTLY.

    \n     \n

    You can obtain the JA3 fingerprint for client requests from the web ACL logs. \n\t\t\t\t\t\tIf WAF is able to calculate the fingerprint, it includes it in the logs. \n\t\t\t\t\t\tFor information about the logging fields, \nsee Log fields in the WAF Developer Guide.

    \n

    Provide the JA3 fingerprint string from the logs in your string match statement\n\t\t\t\t\t\t\tspecification, to match with any future requests that have the same TLS configuration.

    " } }, "com.amazonaws.wafv2#JsonBody": { @@ -7688,6 +7712,12 @@ "traits": { "smithy.api#documentation": "

    The maximum number of objects that you want WAF to return for this request. If more \n objects are available, in the response, WAF provides a \n NextMarker value that you can use in a subsequent call to get the next batch of objects.

    " } + }, + "LogScope": { + "target": "com.amazonaws.wafv2#LogScope", + "traits": { + "smithy.api#documentation": "

    The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.

    \n

    The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see \n Collecting data from Amazon Web Services services\n in the Amazon Security Lake user guide.

    \n

    Default: CUSTOMER\n

    " + } } }, "traits": { @@ -8251,6 +8281,34 @@ } } }, + "com.amazonaws.wafv2#LogScope": { + "type": "enum", + "members": { + "CUSTOMER": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "CUSTOMER" + } + }, + "SECURITY_LAKE": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "SECURITY_LAKE" + } + } + } + }, + "com.amazonaws.wafv2#LogType": { + "type": "enum", + "members": { + "WAF_LOGS": { + "target": "smithy.api#Unit", + "traits": { + "smithy.api#enumValue": "WAF_LOGS" + } + } + } + }, "com.amazonaws.wafv2#LoggingConfiguration": { "type": "structure", "members": { @@ -8271,7 +8329,7 @@ "RedactedFields": { "target": "com.amazonaws.wafv2#RedactedFields", "traits": { - "smithy.api#documentation": "

    The parts of the request that you want to keep out of the logs.

    \n

    For example, if you\n redact the SingleHeader field, the HEADER field in the logs will\n be REDACTED for all rules that use the SingleHeader\n FieldToMatch setting.

    \n

    Redaction applies only to the component that's specified in the rule's FieldToMatch setting, so the SingleHeader redaction \n doesn't apply to rules that use the Headers\n FieldToMatch.

    \n \n

    You can specify only the following fields for redaction: UriPath,\n QueryString, SingleHeader, and Method.

    \n     " + "smithy.api#documentation": "

    The parts of the request that you want to keep out of the logs.

    \n

    For example, if you\n redact the SingleHeader field, the HEADER field in the logs will\n be REDACTED for all rules that use the SingleHeader\n FieldToMatch setting.

    \n

    Redaction applies only to the component that's specified in the rule's FieldToMatch setting, so the SingleHeader redaction \n doesn't apply to rules that use the Headers\n FieldToMatch.

    \n \n

    You can specify only the following fields for redaction: UriPath,\n QueryString, SingleHeader, and Method.

    \n     \n \n

    This setting has no impact on request sampling. With request sampling, \n the only way to exclude fields is by disabling sampling in the web ACL visibility configuration.

    \n     " } }, "ManagedByFirewallManager": { @@ -8286,6 +8344,18 @@ "traits": { "smithy.api#documentation": "

    Filtering that specifies which web requests are kept in the logs and which are dropped.\n You can filter on the rule action and on the web request labels that were applied by\n matching rules during web ACL evaluation.

    " } + }, + "LogType": { + "target": "com.amazonaws.wafv2#LogType", + "traits": { + "smithy.api#documentation": "

    Used to distinguish between various logging options. Currently, there is one option.

    \n

    Default: WAF_LOGS\n

    " + } + }, + "LogScope": { + "target": "com.amazonaws.wafv2#LogScope", + "traits": { + "smithy.api#documentation": "

    The owner of the logging configuration, which must be set to CUSTOMER for the configurations that you manage.

    \n

    The log scope SECURITY_LAKE indicates a configuration that is managed through Amazon Security Lake. You can use Security Lake to collect log and event data from various sources for normalization, analysis, and management. For information, see \n Collecting data from Amazon Web Services services\n in the Amazon Security Lake user guide.

    \n

    Default: CUSTOMER\n

    " + } } }, "traits": { @@ -12533,7 +12603,7 @@ "target": "com.amazonaws.wafv2#Boolean", "traits": { "smithy.api#default": false, - "smithy.api#documentation": "

    Indicates whether WAF should store a sampling of the web requests that\n match the rules. You can view the sampled requests through the WAF console.

    ", + "smithy.api#documentation": "

    Indicates whether WAF should store a sampling of the web requests that\n match the rules. You can view the sampled requests through the WAF console.

    \n \n

    Request sampling doesn't provide a field redaction option, and any field redaction that you specify in your logging configuration doesn't affect sampling. \n The only way to exclude fields from request sampling is by disabling sampling in the web ACL visibility configuration.

    \n     ", "smithy.api#required": {} } },