feat(client-wafv2): Add a property to WebACL to indicate whether it's…

… been retrofitted by Firewall Manager.

clients/client-wafv2/README.md

@@ -15,10 +15,8 @@ like endpoints and namespaces, all have the versioning information added, like "
 "v2", to distinguish from the prior version. We recommend migrating your resources to
 this version, because it has a number of significant improvements.</p>
 <p>If you used WAF prior to this release, you can't use this WAFV2 API to access any
-WAF resources that you created before. You can access your old rules, web ACLs, and
-other WAF resources only through the WAF Classic APIs. The WAF Classic APIs
-have retained the prior names, endpoints, and namespaces. </p>
-<p>For information, including how to migrate your WAF resources to this version,
+WAF resources that you created before. WAF Classic support will end on September 30, 2025. </p>
+<p>For information about WAF, including how to migrate your WAF Classic resources to this version,
 see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
 </note>
 <p>WAF is a web application firewall that lets you monitor the HTTP and HTTPS
@@ -45,26 +43,6 @@ US East (N. Virginia): us-east-1.</p>
 </ul>
 <p>Alternatively, you can use one of the Amazon Web Services SDKs to access an API that's tailored to the
 programming language or platform that you're using. For more information, see <a href="http://aws.amazon.com/tools/#SDKs">Amazon Web Services SDKs</a>.</p>
-<p>We currently provide two versions of the WAF API: this API and the prior versions,
-the classic WAF APIs. This new API provides the same functionality as the older versions,
-with the following major improvements:</p>
-<ul>
-<li>
-<p>You use one API for both global and regional applications. Where you need to
-distinguish the scope, you specify a <code>Scope</code> parameter and set it to
-<code>CLOUDFRONT</code> or <code>REGIONAL</code>. </p>
-</li>
-<li>
-<p>You can define a web ACL or rule group with a single call, and update it with a
-single call. You define all rule specifications in JSON format, and pass them to your
-rule group or web ACL calls.</p>
-</li>
-<li>
-<p>The limits WAF places on the use of rules more closely reflects the cost of
-running each type of rule. Rule groups include capacity settings, so you know the
-maximum cost of a rule group when you use it.</p>
-</li>
-</ul>
 
 ## Installing
 

clients/client-wafv2/src/WAFV2.ts

@@ -1108,10 +1108,8 @@ export interface WAFV2 {
  *             "v2", to distinguish from the prior version. We recommend migrating your resources to
  *             this version, because it has a number of significant improvements.</p>
  *             <p>If you used WAF prior to this release, you can't use this WAFV2 API to access any
- *             WAF resources that you created before. You can access your old rules, web ACLs, and
- *             other WAF resources only through the WAF Classic APIs. The WAF Classic APIs
- *             have retained the prior names, endpoints, and namespaces. </p>
- *             <p>For information, including how to migrate your WAF resources to this version,
+ *             WAF resources that you created before. WAF Classic support will end on September 30, 2025. </p>
+ *             <p>For information about WAF, including how to migrate your WAF Classic resources to this version,
  *             see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
  *          </note>
  *          <p>WAF is a web application firewall that lets you monitor the HTTP and HTTPS
@@ -1138,26 +1136,6 @@ export interface WAFV2 {
  *          </ul>
  *          <p>Alternatively, you can use one of the Amazon Web Services SDKs to access an API that's tailored to the
  *          programming language or platform that you're using. For more information, see <a href="http://aws.amazon.com/tools/#SDKs">Amazon Web Services SDKs</a>.</p>
- *          <p>We currently provide two versions of the WAF API: this API and the prior versions,
- *          the classic WAF APIs. This new API provides the same functionality as the older versions,
- *          with the following major improvements:</p>
- *          <ul>
- *             <li>
- *                <p>You use one API for both global and regional applications. Where you need to
- *                distinguish the scope, you specify a <code>Scope</code> parameter and set it to
- *                   <code>CLOUDFRONT</code> or <code>REGIONAL</code>. </p>
- *             </li>
- *             <li>
- *                <p>You can define a web ACL or rule group with a single call, and update it with a
- *                single call. You define all rule specifications in JSON format, and pass them to your
- *                rule group or web ACL calls.</p>
- *             </li>
- *             <li>
- *                <p>The limits WAF places on the use of rules more closely reflects the cost of
- *                running each type of rule. Rule groups include capacity settings, so you know the
- *                maximum cost of a rule group when you use it.</p>
- *             </li>
- *          </ul>
  * @public
  */
 export class WAFV2 extends WAFV2Client implements WAFV2 {}

clients/client-wafv2/src/WAFV2Client.ts

@@ -497,10 +497,8 @@ export interface WAFV2ClientResolvedConfig extends WAFV2ClientResolvedConfigType
  *             "v2", to distinguish from the prior version. We recommend migrating your resources to
  *             this version, because it has a number of significant improvements.</p>
  *             <p>If you used WAF prior to this release, you can't use this WAFV2 API to access any
- *             WAF resources that you created before. You can access your old rules, web ACLs, and
- *             other WAF resources only through the WAF Classic APIs. The WAF Classic APIs
- *             have retained the prior names, endpoints, and namespaces. </p>
- *             <p>For information, including how to migrate your WAF resources to this version,
+ *             WAF resources that you created before. WAF Classic support will end on September 30, 2025. </p>
+ *             <p>For information about WAF, including how to migrate your WAF Classic resources to this version,
  *             see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
  *          </note>
  *          <p>WAF is a web application firewall that lets you monitor the HTTP and HTTPS
@@ -527,26 +525,6 @@ export interface WAFV2ClientResolvedConfig extends WAFV2ClientResolvedConfigType
  *          </ul>
  *          <p>Alternatively, you can use one of the Amazon Web Services SDKs to access an API that's tailored to the
  *          programming language or platform that you're using. For more information, see <a href="http://aws.amazon.com/tools/#SDKs">Amazon Web Services SDKs</a>.</p>
- *          <p>We currently provide two versions of the WAF API: this API and the prior versions,
- *          the classic WAF APIs. This new API provides the same functionality as the older versions,
- *          with the following major improvements:</p>
- *          <ul>
- *             <li>
- *                <p>You use one API for both global and regional applications. Where you need to
- *                distinguish the scope, you specify a <code>Scope</code> parameter and set it to
- *                   <code>CLOUDFRONT</code> or <code>REGIONAL</code>. </p>
- *             </li>
- *             <li>
- *                <p>You can define a web ACL or rule group with a single call, and update it with a
- *                single call. You define all rule specifications in JSON format, and pass them to your
- *                rule group or web ACL calls.</p>
- *             </li>
- *             <li>
- *                <p>The limits WAF places on the use of rules more closely reflects the cost of
- *                running each type of rule. Rule groups include capacity settings, so you know the
- *                maximum cost of a rule group when you use it.</p>
- *             </li>
- *          </ul>
  * @public
  */
 export class WAFV2Client extends __Client<

clients/client-wafv2/src/commands/DeleteFirewallManagerRuleGroupsCommand.ts

@@ -33,9 +33,8 @@ export interface DeleteFirewallManagerRuleGroupsCommandOutput
     __MetadataBearer {}
 
 /**
- * <p>Deletes all rule groups that are managed by Firewall Manager for the specified web ACL. </p>
- *          <p>You can only use this if <code>ManagedByFirewallManager</code> is false in the specified
- *             <a>WebACL</a>. </p>
+ * <p>Deletes all rule groups that are managed by Firewall Manager from the specified <a>WebACL</a>. </p>
+ *          <p>You can only use this if <code>ManagedByFirewallManager</code> and <code>RetrofittedByFirewallManager</code> are both false in the web ACL. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

clients/client-wafv2/src/commands/DeleteWebACLCommand.ts

@@ -29,8 +29,7 @@ export interface DeleteWebACLCommandOutput extends DeleteWebACLResponse, __Metad
 
 /**
  * <p>Deletes the specified <a>WebACL</a>. </p>
- *          <p>You can only use this if <code>ManagedByFirewallManager</code> is false in the specified
- *             <a>WebACL</a>. </p>
+ *          <p>You can only use this if <code>ManagedByFirewallManager</code> is false in the web ACL. </p>
  *          <note>
  *             <p>Before deleting any web ACL, first disassociate it from all resources.</p>
  *             <ul>

clients/client-wafv2/src/commands/GetWebACLCommand.ts

@@ -1217,6 +1217,7 @@ export interface GetWebACLCommandOutput extends GetWebACLResponse, __MetadataBea
  * //         },
  * //       },
  * //     },
+ * //     RetrofittedByFirewallManager: true || false,
  * //   },
  * //   LockToken: "STRING_VALUE",
  * //   ApplicationIntegrationURL: "STRING_VALUE",

clients/client-wafv2/src/commands/GetWebACLForResourceCommand.ts

@@ -1225,6 +1225,7 @@ export interface GetWebACLForResourceCommandOutput extends GetWebACLForResourceR
  * //         },
  * //       },
  * //     },
+ * //     RetrofittedByFirewallManager: true || false,
  * //   },
  * // };
  *

clients/client-wafv2/src/index.ts

@@ -9,10 +9,8 @@
  *             "v2", to distinguish from the prior version. We recommend migrating your resources to
  *             this version, because it has a number of significant improvements.</p>
  *             <p>If you used WAF prior to this release, you can't use this WAFV2 API to access any
- *             WAF resources that you created before. You can access your old rules, web ACLs, and
- *             other WAF resources only through the WAF Classic APIs. The WAF Classic APIs
- *             have retained the prior names, endpoints, and namespaces. </p>
- *             <p>For information, including how to migrate your WAF resources to this version,
+ *             WAF resources that you created before. WAF Classic support will end on September 30, 2025. </p>
+ *             <p>For information about WAF, including how to migrate your WAF Classic resources to this version,
  *             see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
  *          </note>
  *          <p>WAF is a web application firewall that lets you monitor the HTTP and HTTPS
@@ -39,26 +37,6 @@
  *          </ul>
  *          <p>Alternatively, you can use one of the Amazon Web Services SDKs to access an API that's tailored to the
  *          programming language or platform that you're using. For more information, see <a href="http://aws.amazon.com/tools/#SDKs">Amazon Web Services SDKs</a>.</p>
- *          <p>We currently provide two versions of the WAF API: this API and the prior versions,
- *          the classic WAF APIs. This new API provides the same functionality as the older versions,
- *          with the following major improvements:</p>
- *          <ul>
- *             <li>
- *                <p>You use one API for both global and regional applications. Where you need to
- *                distinguish the scope, you specify a <code>Scope</code> parameter and set it to
- *                   <code>CLOUDFRONT</code> or <code>REGIONAL</code>. </p>
- *             </li>
- *             <li>
- *                <p>You can define a web ACL or rule group with a single call, and update it with a
- *                single call. You define all rule specifications in JSON format, and pass them to your
- *                rule group or web ACL calls.</p>
- *             </li>
- *             <li>
- *                <p>The limits WAF places on the use of rules more closely reflects the cost of
- *                running each type of rule. Rule groups include capacity settings, so you know the
- *                maximum cost of a rule group when you use it.</p>
- *             </li>
- *          </ul>
  *
  * @packageDocumentation
  */

clients/client-wafv2/src/models/models_0.ts

@@ -5337,7 +5337,11 @@ export interface LoggingConfiguration {
   /**
    * <p>Indicates whether the logging configuration was created by Firewall Manager, as part of an
    *          WAF policy configuration. If true, only Firewall Manager can modify or delete the
-   *          configuration. </p>
+   *       configuration. </p>
+   *          <p>The logging configuration can be created by Firewall Manager for use with any web ACL that Firewall Manager is using for an WAF policy.
+   *        Web ACLs that Firewall Manager creates and uses have their <code>ManagedByFirewallManager</code> property set to true. Web ACLs that were created
+   *            by a customer account and then retrofitted by Firewall Manager for use by a policy have their <code>RetrofittedByFirewallManager</code> property set to true.
+   *        For either case, any corresponding logging configuration will indicate <code>ManagedByFirewallManager</code>.</p>
    * @public
    */
   ManagedByFirewallManager?: boolean;
@@ -8950,8 +8954,9 @@ export interface WebACL {
   PostProcessFirewallManagerRuleGroups?: FirewallManagerRuleGroup[];
 
   /**
-   * <p>Indicates whether this web ACL is managed by Firewall Manager. If true, then only Firewall Manager can
-   *          delete the web ACL or any Firewall Manager rule groups in the web ACL. </p>
+   * <p>Indicates whether this web ACL was created by Firewall Manager and is being managed by Firewall Manager. If true, then only Firewall Manager can
+   *           delete the web ACL or any Firewall Manager rule groups in the web ACL.
+   *            See also the properties <code>RetrofittedByFirewallManager</code>, <code>PreProcessFirewallManagerRuleGroups</code>, and <code>PostProcessFirewallManagerRuleGroups</code>. </p>
    * @public
    */
   ManagedByFirewallManager?: boolean;
@@ -9017,6 +9022,14 @@ export interface WebACL {
    * @public
    */
   AssociationConfig?: AssociationConfig;
+
+  /**
+   * <p>Indicates whether this web ACL was created by a customer account and then retrofitted by Firewall Manager. If true, then the web ACL is currently being
+   *        managed by a Firewall Manager WAF policy, and only Firewall Manager can manage any Firewall Manager rule groups in the web ACL.
+   *            See also the properties <code>ManagedByFirewallManager</code>, <code>PreProcessFirewallManagerRuleGroups</code>, and <code>PostProcessFirewallManagerRuleGroups</code>. </p>
+   * @public
+   */
+  RetrofittedByFirewallManager?: boolean;
 }
 
 /**

clients/client-wafv2/src/protocols/Aws_json1_1.ts

@@ -3998,6 +3998,7 @@ const de_WebACL = (output: any, context: __SerdeContext): WebACL => {
     Name: __expectString,
     PostProcessFirewallManagerRuleGroups: (_: any) => de_FirewallManagerRuleGroups(_, context),
     PreProcessFirewallManagerRuleGroups: (_: any) => de_FirewallManagerRuleGroups(_, context),
+    RetrofittedByFirewallManager: __expectBoolean,
     Rules: (_: any) => de_Rules(_, context),
     TokenDomains: _json,
     VisibilityConfig: _json,