Skip to content

Commit

Permalink
feat(client-wafv2): For protected CloudFront distributions, you can n…
Browse files Browse the repository at this point in the history
…ow use the AWS WAF Fraud Control account takeover prevention (ATP) managed rule group to block new login attempts from clients that have recently submitted too many failed login attempts.
  • Loading branch information
awstools committed Feb 15, 2023
1 parent 804b9bc commit dc28d4e
Show file tree
Hide file tree
Showing 8 changed files with 2,470 additions and 1,169 deletions.
15 changes: 7 additions & 8 deletions clients/client-wafv2/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -25,16 +25,15 @@ have retained the prior names, endpoints, and namespaces. </p>
see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
</note>
<p>WAF is a web application firewall that lets you monitor the HTTP and HTTPS
requests that are forwarded to Amazon CloudFront, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync
GraphQL API, or an Amazon Cognito user pool. WAF also lets you control access to your content. Based on conditions that
requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync
GraphQL API, or Amazon Cognito user pool. WAF also lets you control access to your content,
to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that
you specify, such as the IP addresses that requests originate from or the values of query
strings, the Amazon API Gateway REST API, CloudFront distribution, the Application Load Balancer, the AppSync GraphQL
API, or the Amazon Cognito user pool responds to requests either with the requested content or with an HTTP 403 status code
(Forbidden). You also can configure CloudFront to return a custom error page when a request is
blocked.</p>
strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code
(Forbidden), or with a custom response. </p>
<p>This API guide is for developers who need detailed information about WAF API actions,
data types, and errors. For detailed information about WAF features and an overview of
how to use WAF, see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html">WAF Developer
data types, and errors. For detailed information about WAF features and guidance for configuring and using
WAF, see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html">WAF Developer
Guide</a>.</p>
<p>You can make calls using the endpoints listed in <a href="https://docs.aws.amazon.com/general/latest/gr/waf.html">WAF endpoints and quotas</a>. </p>
<ul>
Expand Down
15 changes: 7 additions & 8 deletions clients/client-wafv2/src/WAFV2.ts
Original file line number Diff line number Diff line change
Expand Up @@ -227,16 +227,15 @@ import { WAFV2Client } from "./WAFV2Client";
* see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
* </note>
* <p>WAF is a web application firewall that lets you monitor the HTTP and HTTPS
* requests that are forwarded to Amazon CloudFront, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync
* GraphQL API, or an Amazon Cognito user pool. WAF also lets you control access to your content. Based on conditions that
* requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync
* GraphQL API, or Amazon Cognito user pool. WAF also lets you control access to your content,
* to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that
* you specify, such as the IP addresses that requests originate from or the values of query
* strings, the Amazon API Gateway REST API, CloudFront distribution, the Application Load Balancer, the AppSync GraphQL
* API, or the Amazon Cognito user pool responds to requests either with the requested content or with an HTTP 403 status code
* (Forbidden). You also can configure CloudFront to return a custom error page when a request is
* blocked.</p>
* strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code
* (Forbidden), or with a custom response. </p>
* <p>This API guide is for developers who need detailed information about WAF API actions,
* data types, and errors. For detailed information about WAF features and an overview of
* how to use WAF, see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html">WAF Developer
* data types, and errors. For detailed information about WAF features and guidance for configuring and using
* WAF, see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html">WAF Developer
* Guide</a>.</p>
* <p>You can make calls using the endpoints listed in <a href="https://docs.aws.amazon.com/general/latest/gr/waf.html">WAF endpoints and quotas</a>. </p>
* <ul>
Expand Down
15 changes: 7 additions & 8 deletions clients/client-wafv2/src/WAFV2Client.ts
Original file line number Diff line number Diff line change
Expand Up @@ -445,16 +445,15 @@ export interface WAFV2ClientResolvedConfig extends WAFV2ClientResolvedConfigType
* see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
* </note>
* <p>WAF is a web application firewall that lets you monitor the HTTP and HTTPS
* requests that are forwarded to Amazon CloudFront, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync
* GraphQL API, or an Amazon Cognito user pool. WAF also lets you control access to your content. Based on conditions that
* requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync
* GraphQL API, or Amazon Cognito user pool. WAF also lets you control access to your content,
* to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that
* you specify, such as the IP addresses that requests originate from or the values of query
* strings, the Amazon API Gateway REST API, CloudFront distribution, the Application Load Balancer, the AppSync GraphQL
* API, or the Amazon Cognito user pool responds to requests either with the requested content or with an HTTP 403 status code
* (Forbidden). You also can configure CloudFront to return a custom error page when a request is
* blocked.</p>
* strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code
* (Forbidden), or with a custom response. </p>
* <p>This API guide is for developers who need detailed information about WAF API actions,
* data types, and errors. For detailed information about WAF features and an overview of
* how to use WAF, see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html">WAF Developer
* data types, and errors. For detailed information about WAF features and guidance for configuring and using
* WAF, see the <a href="https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html">WAF Developer
* Guide</a>.</p>
* <p>You can make calls using the endpoints listed in <a href="https://docs.aws.amazon.com/general/latest/gr/waf.html">WAF endpoints and quotas</a>. </p>
* <ul>
Expand Down
2 changes: 1 addition & 1 deletion clients/client-wafv2/src/endpoint/EndpointParameters.ts
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ export const resolveClientEndpointParameters = <T>(
};

export interface EndpointParameters extends __EndpointParameters {
Region: string;
Region?: string;
UseDualStack?: boolean;
UseFIPS?: boolean;
Endpoint?: string;
Expand Down
41 changes: 22 additions & 19 deletions clients/client-wafv2/src/endpoint/ruleset.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,24 +6,27 @@ import { RuleSetObject } from "@aws-sdk/util-endpoints";
or see "smithy.rules#endpointRuleSet"
in codegen/sdk-codegen/aws-models/wafv2.json */

const q="fn",
r="argv",
s="ref";
const a=true,
b=false,
c="String",
d="PartitionResult",
e="tree",
f="error",
g="endpoint",
h={"required":true,"default":false,"type":"Boolean"},
i={[s]:"Endpoint"},
j={[q]:"booleanEquals",[r]:[{[s]:"UseFIPS"},true]},
k={[q]:"booleanEquals",[r]:[{[s]:"UseDualStack"},true]},
const s="required",
t="fn",
u="argv",
v="ref";
const a="isSet",
b="tree",
c="error",
d="endpoint",
e="PartitionResult",
f="stringEquals",
g={[s]:false,"type":"String"},
h={[s]:true,"default":false,"type":"Boolean"},
i={[v]:"Endpoint"},
j={[t]:"booleanEquals",[u]:[{[v]:"UseFIPS"},true]},
k={[t]:"booleanEquals",[u]:[{[v]:"UseDualStack"},true]},
l={},
m={[q]:"booleanEquals",[r]:[true,{[q]:"getAttr",[r]:[{[s]:d},"supportsFIPS"]}]},
n={[q]:"booleanEquals",[r]:[true,{[q]:"getAttr",[r]:[{[s]:d},"supportsDualStack"]}]},
o=[j],
p=[k];
const _data={version:"1.0",parameters:{Region:{required:a,type:c},UseDualStack:h,UseFIPS:h,Endpoint:{required:b,type:c}},rules:[{conditions:[{[q]:"aws.partition",[r]:[{[s]:"Region"}],assign:d}],type:e,rules:[{conditions:[{[q]:"isSet",[r]:[i]}],type:e,rules:[{conditions:o,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:f},{type:e,rules:[{conditions:p,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:f},{endpoint:{url:i,properties:l,headers:l},type:g}]}]},{conditions:[j,k],type:e,rules:[{conditions:[m,n],type:e,rules:[{endpoint:{url:"https://wafv2-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:l,headers:l},type:g}]},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:f}]},{conditions:o,type:e,rules:[{conditions:[m],type:e,rules:[{type:e,rules:[{endpoint:{url:"https://wafv2-fips.{Region}.{PartitionResult#dnsSuffix}",properties:l,headers:l},type:g}]}]},{error:"FIPS is enabled but this partition does not support FIPS",type:f}]},{conditions:p,type:e,rules:[{conditions:[n],type:e,rules:[{endpoint:{url:"https://wafv2.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:l,headers:l},type:g}]},{error:"DualStack is enabled but this partition does not support DualStack",type:f}]},{endpoint:{url:"https://wafv2.{Region}.{PartitionResult#dnsSuffix}",properties:l,headers:l},type:g}]}]};
m={[v]:"Region"},
n={[t]:"booleanEquals",[u]:[true,{[t]:"getAttr",[u]:[{[v]:e},"supportsFIPS"]}]},
o={[t]:"booleanEquals",[u]:[true,{[t]:"getAttr",[u]:[{[v]:e},"supportsDualStack"]}]},
p=[j],
q=[k],
r=[m];
const _data={version:"1.0",parameters:{Region:g,UseDualStack:h,UseFIPS:h,Endpoint:g},rules:[{conditions:[{[t]:a,[u]:[i]}],type:b,rules:[{conditions:p,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:c},{type:b,rules:[{conditions:q,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:c},{endpoint:{url:i,properties:l,headers:l},type:d}]}]},{type:b,rules:[{conditions:[{[t]:a,[u]:r}],type:b,rules:[{conditions:[{[t]:"aws.partition",[u]:r,assign:e}],type:b,rules:[{conditions:[j,k],type:b,rules:[{conditions:[n,o],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://wafv2-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:l,headers:l},type:d}]}]},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:c}]},{conditions:p,type:b,rules:[{conditions:[n],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://wafv2-fips.{Region}.{PartitionResult#dnsSuffix}",properties:l,headers:l},type:d}]}]},{error:"FIPS is enabled but this partition does not support FIPS",type:c}]},{conditions:q,type:b,rules:[{conditions:[o],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://wafv2.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:l,headers:l},type:d}]}]},{error:"DualStack is enabled but this partition does not support DualStack",type:c}]},{type:b,rules:[{conditions:[{[t]:f,[u]:[m,"af-south-1"]}],endpoint:{url:"https://wafv2.af-south-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-east-1"]}],endpoint:{url:"https://wafv2.ap-east-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-northeast-1"]}],endpoint:{url:"https://wafv2.ap-northeast-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-northeast-2"]}],endpoint:{url:"https://wafv2.ap-northeast-2.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-northeast-3"]}],endpoint:{url:"https://wafv2.ap-northeast-3.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-south-1"]}],endpoint:{url:"https://wafv2.ap-south-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-southeast-1"]}],endpoint:{url:"https://wafv2.ap-southeast-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-southeast-2"]}],endpoint:{url:"https://wafv2.ap-southeast-2.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-southeast-3"]}],endpoint:{url:"https://wafv2.ap-southeast-3.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ca-central-1"]}],endpoint:{url:"https://wafv2.ca-central-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"eu-central-1"]}],endpoint:{url:"https://wafv2.eu-central-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"eu-north-1"]}],endpoint:{url:"https://wafv2.eu-north-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"eu-south-1"]}],endpoint:{url:"https://wafv2.eu-south-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"eu-west-1"]}],endpoint:{url:"https://wafv2.eu-west-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"eu-west-2"]}],endpoint:{url:"https://wafv2.eu-west-2.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"eu-west-3"]}],endpoint:{url:"https://wafv2.eu-west-3.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"me-south-1"]}],endpoint:{url:"https://wafv2.me-south-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"sa-east-1"]}],endpoint:{url:"https://wafv2.sa-east-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"us-east-1"]}],endpoint:{url:"https://wafv2.us-east-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"us-east-2"]}],endpoint:{url:"https://wafv2.us-east-2.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"us-west-1"]}],endpoint:{url:"https://wafv2.us-west-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"us-west-2"]}],endpoint:{url:"https://wafv2.us-west-2.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"cn-north-1"]}],endpoint:{url:"https://wafv2.cn-north-1.amazonaws.com.cn",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"cn-northwest-1"]}],endpoint:{url:"https://wafv2.cn-northwest-1.amazonaws.com.cn",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"us-gov-east-1"]}],endpoint:{url:"https://wafv2.us-gov-east-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"us-gov-west-1"]}],endpoint:{url:"https://wafv2.us-gov-west-1.amazonaws.com",properties:l,headers:l},type:d},{endpoint:{url:"https://wafv2.{Region}.{PartitionResult#dnsSuffix}",properties:l,headers:l},type:d}]}]}]},{error:"Invalid Configuration: Missing Region",type:c}]}]};
export const ruleSet: RuleSetObject = _data;
Loading

0 comments on commit dc28d4e

Please sign in to comment.