type ActionCondition struct {

	// The action setting that a log record must contain in order to meet the
	// condition.
	//
	// This member is required.
	Action ActionValue
}

type ActionValue string

const (
	ActionValueAllow ActionValue = "ALLOW"
	ActionValueBlock ActionValue = "BLOCK"
	ActionValueCount ActionValue = "COUNT"
)

type All struct {
}

type AllQueryArguments struct {
}

type AllowAction struct {

	// Defines custom handling for the web request. For information about customizing
	// web requests and responses, see Customizing web requests and responses in AWS
	// WAF
	// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
	// in the AWS WAF Developer Guide
	// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
	CustomRequestHandling *CustomRequestHandling
}

type AndStatement struct {

	// The statements to combine with AND logic. You can use any statements that can be
	// nested.
	//
	// This member is required.
	Statements []Statement
}

type BlockAction struct {

	// Defines a custom response for the web request. For information about customizing
	// web requests and responses, see Customizing web requests and responses in AWS
	// WAF
	// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
	// in the AWS WAF Developer Guide
	// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
	CustomResponse *CustomResponse
}

type Body struct {
}

type BodyParsingFallbackBehavior string

const (
	BodyParsingFallbackBehaviorMatch            BodyParsingFallbackBehavior = "MATCH"
	BodyParsingFallbackBehaviorNoMatch          BodyParsingFallbackBehavior = "NO_MATCH"
	BodyParsingFallbackBehaviorEvaluateAsString BodyParsingFallbackBehavior = "EVALUATE_AS_STRING"
)

type ByteMatchStatement struct {

	// The part of a web request that you want AWS WAF to inspect. For more
	// information, see FieldToMatch.
	//
	// This member is required.
	FieldToMatch *FieldToMatch

	// The area within the portion of a web request that you want AWS WAF to search for
	// SearchString. Valid values include the following: CONTAINS The specified part of
	// the web request must include the value of SearchString, but the location doesn't
	// matter. CONTAINS_WORD The specified part of the web request must include the
	// value of SearchString, and SearchString must contain only alphanumeric
	// characters or underscore (A-Z, a-z, 0-9, or _). In addition, SearchString must
	// be a word, which means that both of the following are true:
	//
	// * SearchString is
	// at the beginning of the specified part of the web request or is preceded by a
	// character other than an alphanumeric character or underscore (_). Examples
	// include the value of a header and ;BadBot.
	//
	// * SearchString is at the end of the
	// specified part of the web request or is followed by a character other than an
	// alphanumeric character or underscore (_), for example, BadBot; and
	// -BadBot;.
	//
	// EXACTLY The value of the specified part of the web request must
	// exactly match the value of SearchString. STARTS_WITH The value of SearchString
	// must appear at the beginning of the specified part of the web request. ENDS_WITH
	// The value of SearchString must appear at the end of the specified part of the
	// web request.
	//
	// This member is required.
	PositionalConstraint PositionalConstraint

	// A string value that you want AWS WAF to search for. AWS WAF searches only in the
	// part of web requests that you designate for inspection in FieldToMatch. The
	// maximum length of the value is 50 bytes. Valid values depend on the component
	// that you specify for inspection in FieldToMatch:
	//
	// * Method: The HTTP method that
	// you want AWS WAF to search for. This indicates the type of operation specified
	// in the request.
	//
	// * UriPath: The value that you want AWS WAF to search for in the
	// URI path, for example, /images/daily-ad.jpg.
	//
	// If SearchString includes
	// alphabetic characters A-Z and a-z, note that the value is case sensitive. If
	// you're using the AWS WAF API Specify a base64-encoded version of the value. The
	// maximum length of the value before you base64-encode it is 50 bytes. For
	// example, suppose the value of Type is HEADER and the value of Data is
	// User-Agent. If you want to search the User-Agent header for the value BadBot,
	// you base64-encode BadBot using MIME base64-encoding and include the resulting
	// value, QmFkQm90, in the value of SearchString. If you're using the AWS CLI or
	// one of the AWS SDKs The value that you want AWS WAF to search for. The SDK
	// automatically base64 encodes the value.
	//
	// This member is required.
	SearchString []byte

	// Text transformations eliminate some of the unusual formatting that attackers use
	// in web requests in an effort to bypass detection. If you specify one or more
	// transformations in a rule statement, AWS WAF performs all transformations on the
	// content of the request component identified by FieldToMatch, starting from the
	// lowest priority setting, before inspecting the content for a match.
	//
	// This member is required.
	TextTransformations []TextTransformation
}

type ComparisonOperator string

const (
	ComparisonOperatorEq ComparisonOperator = "EQ"
	ComparisonOperatorNe ComparisonOperator = "NE"
	ComparisonOperatorLe ComparisonOperator = "LE"
	ComparisonOperatorLt ComparisonOperator = "LT"
	ComparisonOperatorGe ComparisonOperator = "GE"
	ComparisonOperatorGt ComparisonOperator = "GT"
)

type Condition struct {

	// A single action condition.
	ActionCondition *ActionCondition

	// A single label name condition.
	LabelNameCondition *LabelNameCondition
}

type CountAction struct {

	// Defines custom handling for the web request. For information about customizing
	// web requests and responses, see Customizing web requests and responses in AWS
	// WAF
	// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
	// in the AWS WAF Developer Guide
	// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
	CustomRequestHandling *CustomRequestHandling
}

type CountryCode string

const (
	CountryCodeAf CountryCode = "AF"
	CountryCodeAx CountryCode = "AX"
	CountryCodeAl CountryCode = "AL"
	CountryCodeDz CountryCode = "DZ"
	CountryCodeAs CountryCode = "AS"
	CountryCodeAd CountryCode = "AD"
	CountryCodeAo CountryCode = "AO"
	CountryCodeAi CountryCode = "AI"
	CountryCodeAq CountryCode = "AQ"
	CountryCodeAg CountryCode = "AG"
	CountryCodeAr CountryCode = "AR"
	CountryCodeAm CountryCode = "AM"
	CountryCodeAw CountryCode = "AW"
	CountryCodeAu CountryCode = "AU"
	CountryCodeAt CountryCode = "AT"
	CountryCodeAz CountryCode = "AZ"
	CountryCodeBs CountryCode = "BS"
	CountryCodeBh CountryCode = "BH"
	CountryCodeBd CountryCode = "BD"
	CountryCodeBb CountryCode = "BB"
	CountryCodeBy CountryCode = "BY"
	CountryCodeBe CountryCode = "BE"
	CountryCodeBz CountryCode = "BZ"
	CountryCodeBj CountryCode = "BJ"
	CountryCodeBm CountryCode = "BM"
	CountryCodeBt CountryCode = "BT"
	CountryCodeBo CountryCode = "BO"
	CountryCodeBq CountryCode = "BQ"
	CountryCodeBa CountryCode = "BA"
	CountryCodeBw CountryCode = "BW"
	CountryCodeBv CountryCode = "BV"
	CountryCodeBr CountryCode = "BR"
	CountryCodeIo CountryCode = "IO"
	CountryCodeBn CountryCode = "BN"
	CountryCodeBg CountryCode = "BG"
	CountryCodeBf CountryCode = "BF"
	CountryCodeBi CountryCode = "BI"
	CountryCodeKh CountryCode = "KH"
	CountryCodeCm CountryCode = "CM"
	CountryCodeCa CountryCode = "CA"
	CountryCodeCv CountryCode = "CV"
	CountryCodeKy CountryCode = "KY"
	CountryCodeCf CountryCode = "CF"
	CountryCodeTd CountryCode = "TD"
	CountryCodeCl CountryCode = "CL"
	CountryCodeCn CountryCode = "CN"
	CountryCodeCx CountryCode = "CX"
	CountryCodeCc CountryCode = "CC"
	CountryCodeCo CountryCode = "CO"
	CountryCodeKm CountryCode = "KM"
	CountryCodeCg CountryCode = "CG"
	CountryCodeCd CountryCode = "CD"
	CountryCodeCk CountryCode = "CK"
	CountryCodeCr CountryCode = "CR"
	CountryCodeCi CountryCode = "CI"
	CountryCodeHr CountryCode = "HR"
	CountryCodeCu CountryCode = "CU"
	CountryCodeCw CountryCode = "CW"
	CountryCodeCy CountryCode = "CY"
	CountryCodeCz CountryCode = "CZ"
	CountryCodeDk CountryCode = "DK"
	CountryCodeDj CountryCode = "DJ"
	CountryCodeDm CountryCode = "DM"
	CountryCodeDo CountryCode = "DO"
	CountryCodeEc CountryCode = "EC"
	CountryCodeEg CountryCode = "EG"
	CountryCodeSv CountryCode = "SV"
	CountryCodeGq CountryCode = "GQ"
	CountryCodeEr CountryCode = "ER"
	CountryCodeEe CountryCode = "EE"
	CountryCodeEt CountryCode = "ET"
	CountryCodeFk CountryCode = "FK"
	CountryCodeFo CountryCode = "FO"
	CountryCodeFj CountryCode = "FJ"
	CountryCodeFi CountryCode = "FI"
	CountryCodeFr CountryCode = "FR"
	CountryCodeGf CountryCode = "GF"
	CountryCodePf CountryCode = "PF"
	CountryCodeTf CountryCode = "TF"
	CountryCodeGa CountryCode = "GA"
	CountryCodeGm CountryCode = "GM"
	CountryCodeGe CountryCode = "GE"
	CountryCodeDe CountryCode = "DE"
	CountryCodeGh CountryCode = "GH"
	CountryCodeGi CountryCode = "GI"
	CountryCodeGr CountryCode = "GR"
	CountryCodeGl CountryCode = "GL"
	CountryCodeGd CountryCode = "GD"
	CountryCodeGp CountryCode = "GP"
	CountryCodeGu CountryCode = "GU"
	CountryCodeGt CountryCode = "GT"
	CountryCodeGg CountryCode = "GG"
	CountryCodeGn CountryCode = "GN"
	CountryCodeGw CountryCode = "GW"
	CountryCodeGy CountryCode = "GY"
	CountryCodeHt CountryCode = "HT"
	CountryCodeHm CountryCode = "HM"
	CountryCodeVa CountryCode = "VA"
	CountryCodeHn CountryCode = "HN"
	CountryCodeHk CountryCode = "HK"
	CountryCodeHu CountryCode = "HU"
	CountryCodeIs CountryCode = "IS"
	CountryCodeIn CountryCode = "IN"
	CountryCodeId CountryCode = "ID"
	CountryCodeIr CountryCode = "IR"
	CountryCodeIq CountryCode = "IQ"
	CountryCodeIe CountryCode = "IE"
	CountryCodeIm CountryCode = "IM"
	CountryCodeIl CountryCode = "IL"
	CountryCodeIt CountryCode = "IT"
	CountryCodeJm CountryCode = "JM"
	CountryCodeJp CountryCode = "JP"
	CountryCodeJe CountryCode = "JE"
	CountryCodeJo CountryCode = "JO"
	CountryCodeKz CountryCode = "KZ"
	CountryCodeKe CountryCode = "KE"
	CountryCodeKi CountryCode = "KI"
	CountryCodeKp CountryCode = "KP"
	CountryCodeKr CountryCode = "KR"
	CountryCodeKw CountryCode = "KW"
	CountryCodeKg CountryCode = "KG"
	CountryCodeLa CountryCode = "LA"
	CountryCodeLv CountryCode = "LV"
	CountryCodeLb CountryCode = "LB"
	CountryCodeLs CountryCode = "LS"
	CountryCodeLr CountryCode = "LR"
	CountryCodeLy CountryCode = "LY"
	CountryCodeLi CountryCode = "LI"
	CountryCodeLt CountryCode = "LT"
	CountryCodeLu CountryCode = "LU"
	CountryCodeMo CountryCode = "MO"
	CountryCodeMk CountryCode = "MK"
	CountryCodeMg CountryCode = "MG"
	CountryCodeMw CountryCode = "MW"
	CountryCodeMy CountryCode = "MY"
	CountryCodeMv CountryCode = "MV"
	CountryCodeMl CountryCode = "ML"
	CountryCodeMt CountryCode = "MT"
	CountryCodeMh CountryCode = "MH"
	CountryCodeMq CountryCode = "MQ"
	CountryCodeMr CountryCode = "MR"
	CountryCodeMu CountryCode = "MU"
	CountryCodeYt CountryCode = "YT"
	CountryCodeMx CountryCode = "MX"
	CountryCodeFm CountryCode = "FM"
	CountryCodeMd CountryCode = "MD"
	CountryCodeMc CountryCode = "MC"
	CountryCodeMn CountryCode = "MN"
	CountryCodeMe CountryCode = "ME"
	CountryCodeMs CountryCode = "MS"
	CountryCodeMa CountryCode = "MA"
	CountryCodeMz CountryCode = "MZ"
	CountryCodeMm CountryCode = "MM"
	CountryCodeNa CountryCode = "NA"
	CountryCodeNr CountryCode = "NR"
	CountryCodeNp CountryCode = "NP"
	CountryCodeNl CountryCode = "NL"
	CountryCodeNc CountryCode = "NC"
	CountryCodeNz CountryCode = "NZ"
	CountryCodeNi CountryCode = "NI"
	CountryCodeNe CountryCode = "NE"
	CountryCodeNg CountryCode = "NG"
	CountryCodeNu CountryCode = "NU"
	CountryCodeNf CountryCode = "NF"
	CountryCodeMp CountryCode = "MP"
	CountryCodeNo CountryCode = "NO"
	CountryCodeOm CountryCode = "OM"
	CountryCodePk CountryCode = "PK"
	CountryCodePw CountryCode = "PW"
	CountryCodePs CountryCode = "PS"
	CountryCodePa CountryCode = "PA"
	CountryCodePg CountryCode = "PG"
	CountryCodePy CountryCode = "PY"
	CountryCodePe CountryCode = "PE"
	CountryCodePh CountryCode = "PH"
	CountryCodePn CountryCode = "PN"
	CountryCodePl CountryCode = "PL"
	CountryCodePt CountryCode = "PT"
	CountryCodePr CountryCode = "PR"
	CountryCodeQa CountryCode = "QA"
	CountryCodeRe CountryCode = "RE"
	CountryCodeRo CountryCode = "RO"
	CountryCodeRu CountryCode = "RU"
	CountryCodeRw CountryCode = "RW"
	CountryCodeBl CountryCode = "BL"
	CountryCodeSh CountryCode = "SH"
	CountryCodeKn CountryCode = "KN"
	CountryCodeLc CountryCode = "LC"
	CountryCodeMf CountryCode = "MF"
	CountryCodePm CountryCode = "PM"
	CountryCodeVc CountryCode = "VC"
	CountryCodeWs CountryCode = "WS"
	CountryCodeSm CountryCode = "SM"
	CountryCodeSt CountryCode = "ST"
	CountryCodeSa CountryCode = "SA"
	CountryCodeSn CountryCode = "SN"
	CountryCodeRs CountryCode = "RS"
	CountryCodeSc CountryCode = "SC"
	CountryCodeSl CountryCode = "SL"
	CountryCodeSg CountryCode = "SG"
	CountryCodeSx CountryCode = "SX"
	CountryCodeSk CountryCode = "SK"
	CountryCodeSi CountryCode = "SI"
	CountryCodeSb CountryCode = "SB"
	CountryCodeSo CountryCode = "SO"
	CountryCodeZa CountryCode = "ZA"
	CountryCodeGs CountryCode = "GS"
	CountryCodeSs CountryCode = "SS"
	CountryCodeEs CountryCode = "ES"
	CountryCodeLk CountryCode = "LK"
	CountryCodeSd CountryCode = "SD"
	CountryCodeSr CountryCode = "SR"
	CountryCodeSj CountryCode = "SJ"
	CountryCodeSz CountryCode = "SZ"
	CountryCodeSe CountryCode = "SE"
	CountryCodeCh CountryCode = "CH"
	CountryCodeSy CountryCode = "SY"
	CountryCodeTw CountryCode = "TW"
	CountryCodeTj CountryCode = "TJ"
	CountryCodeTz CountryCode = "TZ"
	CountryCodeTh CountryCode = "TH"
	CountryCodeTl CountryCode = "TL"
	CountryCodeTg CountryCode = "TG"
	CountryCodeTk CountryCode = "TK"
	CountryCodeTo CountryCode = "TO"
	CountryCodeTt CountryCode = "TT"
	CountryCodeTn CountryCode = "TN"
	CountryCodeTr CountryCode = "TR"
	CountryCodeTm CountryCode = "TM"
	CountryCodeTc CountryCode = "TC"
	CountryCodeTv CountryCode = "TV"
	CountryCodeUg CountryCode = "UG"
	CountryCodeUa CountryCode = "UA"
	CountryCodeAe CountryCode = "AE"
	CountryCodeGb CountryCode = "GB"
	CountryCodeUs CountryCode = "US"
	CountryCodeUm CountryCode = "UM"
	CountryCodeUy CountryCode = "UY"
	CountryCodeUz CountryCode = "UZ"
	CountryCodeVu CountryCode = "VU"
	CountryCodeVe CountryCode = "VE"
	CountryCodeVn CountryCode = "VN"
	CountryCodeVg CountryCode = "VG"
	CountryCodeVi CountryCode = "VI"
	CountryCodeWf CountryCode = "WF"
	CountryCodeEh CountryCode = "EH"
	CountryCodeYe CountryCode = "YE"
	CountryCodeZm CountryCode = "ZM"
	CountryCodeZw CountryCode = "ZW"
)

type CustomHTTPHeader struct {

	// The name of the custom header. For custom request header insertion, when AWS WAF
	// inserts the header into the request, it prefixes this name x-amzn-waf-, to avoid
	// confusion with the headers that are already in the request. For example, for the
	// header name sample, AWS WAF inserts the header x-amzn-waf-sample.
	//
	// This member is required.
	Name *string

	// The value of the custom header.
	//
	// This member is required.
	Value *string
}

type CustomRequestHandling struct {

	// The HTTP headers to insert into the request. Duplicate header names are not
	// allowed. For information about the limits on count and size for custom request
	// and response settings, see AWS WAF quotas
	// (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html) in the AWS
	// WAF Developer Guide
	// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
	//
	// This member is required.
	InsertHeaders []CustomHTTPHeader
}

type CustomResponse struct {

	// The HTTP status code to return to the client. For a list of status codes that
	// you can use in your custom reqponses, see Supported status codes for custom
	// response
	// (https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html)
	// in the AWS WAF Developer Guide
	// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
	//
	// This member is required.
	ResponseCode *int32

	// References the response body that you want AWS WAF to return to the web request
	// client. You can define a custom response for a rule action or a default web ACL
	// action that is set to block. To do this, you first define the response body key
	// and value in the CustomResponseBodies setting for the WebACL or RuleGroup where
	// you want to use it. Then, in the rule action or web ACL default action
	// BlockAction setting, you reference the response body using this key.
	CustomResponseBodyKey *string

	// The HTTP headers to use in the response. Duplicate header names are not allowed.
	// For information about the limits on count and size for custom request and
	// response settings, see AWS WAF quotas
	// (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html) in the AWS
	// WAF Developer Guide
	// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
	ResponseHeaders []CustomHTTPHeader
}

type CustomResponseBody struct {

	// The payload of the custom response. You can use JSON escape strings in JSON
	// content. To do this, you must specify JSON content in the ContentType setting.
	// For information about the limits on count and size for custom request and
	// response settings, see AWS WAF quotas
	// (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html) in the AWS
	// WAF Developer Guide
	// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
	//
	// This member is required.
	Content *string

	// The type of content in the payload that you are defining in the Content string.
	//
	// This member is required.
	ContentType ResponseContentType
}

type DefaultAction struct {

	// Specifies that AWS WAF should allow requests by default.
	Allow *AllowAction

	// Specifies that AWS WAF should block requests by default.
	Block *BlockAction
}

type ExcludedRule struct {

	// The name of the rule to exclude.
	//
	// This member is required.
	Name *string
}

type FallbackBehavior string

const (
	FallbackBehaviorMatch   FallbackBehavior = "MATCH"
	FallbackBehaviorNoMatch FallbackBehavior = "NO_MATCH"
)

type FieldToMatch struct {

	// Inspect all query arguments.
	AllQueryArguments *AllQueryArguments

	// Inspect the request body as plain text. The request body immediately follows the
	// request headers. This is the part of a request that contains any additional data
	// that you want to send to your web server as the HTTP request body, such as data
	// from a form. Note that only the first 8 KB (8192 bytes) of the request body are
	// forwarded to AWS WAF for inspection by the underlying host service. If you don't
	// need to inspect more than 8 KB, you can guarantee that you don't allow
	// additional bytes in by combining a statement that inspects the body of the web
	// request, such as ByteMatchStatement or RegexPatternSetReferenceStatement, with a
	// SizeConstraintStatement that enforces an 8 KB size limit on the body of the
	// request. AWS WAF doesn't support inspecting the entire contents of web requests
	// whose bodies exceed the 8 KB limit.
	Body *Body

	// Inspect the request body as JSON. The request body immediately follows the
	// request headers. This is the part of a request that contains any additional data
	// that you want to send to your web server as the HTTP request body, such as data
	// from a form. Note that only the first 8 KB (8192 bytes) of the request body are
	// forwarded to AWS WAF for inspection by the underlying host service. If you don't
	// need to inspect more than 8 KB, you can guarantee that you don't allow
	// additional bytes in by combining a statement that inspects the body of the web
	// request, such as ByteMatchStatement or RegexPatternSetReferenceStatement, with a
	// SizeConstraintStatement that enforces an 8 KB size limit on the body of the
	// request. AWS WAF doesn't support inspecting the entire contents of web requests
	// whose bodies exceed the 8 KB limit.
	JsonBody *JsonBody

	// Inspect the HTTP method. The method indicates the type of operation that the
	// request is asking the origin to perform.
	Method *Method

	// Inspect the query string. This is the part of a URL that appears after a ?
	// character, if any.
	QueryString *QueryString

	// Inspect a single header. Provide the name of the header to inspect, for example,
	// User-Agent or Referer. This setting isn't case sensitive. Example JSON:
	// "SingleHeader": { "Name": "haystack" }
	SingleHeader *SingleHeader

	// Inspect a single query argument. Provide the name of the query argument to
	// inspect, such as UserName or SalesRegion. The name can be up to 30 characters
	// long and isn't case sensitive. This is used only to indicate the web request
	// component for AWS WAF to inspect, in the FieldToMatch specification. Example
	// JSON: "SingleQueryArgument": { "Name": "myArgument" }
	SingleQueryArgument *SingleQueryArgument

	// Inspect the request URI path. This is the part of a web request that identifies
	// a resource, for example, /images/daily-ad.jpg.
	UriPath *UriPath
}

type Filter struct {

	// How to handle logs that satisfy the filter's conditions and requirement.
	//
	// This member is required.
	Behavior FilterBehavior

	// Match conditions for the filter.
	//
	// This member is required.
	Conditions []Condition

	// Logic to apply to the filtering conditions. You can specify that, in order to
	// satisfy the filter, a log must match all conditions or must match at least one
	// condition.
	//
	// This member is required.
	Requirement FilterRequirement
}

type FilterBehavior string

const (
	FilterBehaviorKeep FilterBehavior = "KEEP"
	FilterBehaviorDrop FilterBehavior = "DROP"
)

type FilterRequirement string

const (
	FilterRequirementMeetsAll FilterRequirement = "MEETS_ALL"
	FilterRequirementMeetsAny FilterRequirement = "MEETS_ANY"
)

type FirewallManagerRuleGroup struct {

	// The processing guidance for an AWS Firewall Manager rule. This is like a regular
	// rule Statement, but it can only contain a rule group reference.
	//
	// This member is required.
	FirewallManagerStatement *FirewallManagerStatement

	// The name of the rule group. You cannot change the name of a rule group after you
	// create it.
	//
	// This member is required.
	Name *string

	// The override action to apply to the rules in a rule group. Used only for rule
	// statements that reference a rule group, like RuleGroupReferenceStatement and
	// ManagedRuleGroupStatement. Set the override action to none to leave the rule
	// actions in effect. Set it to count to only count matches, regardless of the rule
	// action settings. In a Rule, you must specify either this OverrideAction setting
	// or the rule Action setting, but not both:
	//
	// * If the rule statement references a
	// rule group, use this override action setting and not the action setting.
	//
	// * If
	// the rule statement does not reference a rule group, use the rule action setting
	// and not this rule override action setting.
	//
	// This member is required.
	OverrideAction *OverrideAction

	// If you define more than one rule group in the first or last Firewall Manager
	// rule groups, AWS WAF evaluates each request against the rule groups in order,
	// starting from the lowest priority setting. The priorities don't need to be
	// consecutive, but they must all be different.
	//
	// This member is required.
	Priority int32

	// Defines and enables Amazon CloudWatch metrics and web request sample collection.
	//
	// This member is required.
	VisibilityConfig *VisibilityConfig
}

type FirewallManagerStatement struct {

	// A rule statement used to run the rules that are defined in a managed rule group.
	// To use this, provide the vendor name and the name of the rule group in this
	// statement. You can retrieve the required names by calling
	// ListAvailableManagedRuleGroups. You can't nest a ManagedRuleGroupStatement, for
	// example for use inside a NotStatement or OrStatement. It can only be referenced
	// as a top-level statement within a rule.
	ManagedRuleGroupStatement *ManagedRuleGroupStatement

	// A rule statement used to run the rules that are defined in a RuleGroup. To use
	// this, create a rule group with your rules, then provide the ARN of the rule
	// group in this statement. You cannot nest a RuleGroupReferenceStatement, for
	// example for use inside a NotStatement or OrStatement. It can only be referenced
	// as a top-level statement within a rule.
	RuleGroupReferenceStatement *RuleGroupReferenceStatement
}

type ForwardedIPConfig struct {

	// The match status to assign to the web request if the request doesn't have a
	// valid IP address in the specified position. If the specified header isn't
	// present in the request, AWS WAF doesn't apply the rule to the web request at
	// all. You can specify the following fallback behaviors:
	//
	// * MATCH - Treat the web
	// request as matching the rule statement. AWS WAF applies the rule action to the
	// request.
	//
	// * NO_MATCH - Treat the web request as not matching the rule statement.
	//
	// This member is required.
	FallbackBehavior FallbackBehavior

	// The name of the HTTP header to use for the IP address. For example, to use the
	// X-Forwarded-For (XFF) header, set this to X-Forwarded-For. If the specified
	// header isn't present in the request, AWS WAF doesn't apply the rule to the web
	// request at all.
	//
	// This member is required.
	HeaderName *string
}

type ForwardedIPPosition string

const (
	ForwardedIPPositionFirst ForwardedIPPosition = "FIRST"
	ForwardedIPPositionLast  ForwardedIPPosition = "LAST"
	ForwardedIPPositionAny   ForwardedIPPosition = "ANY"
)

type GeoMatchStatement struct {

	// An array of two-character country codes, for example, [ "US", "CN" ], from the
	// alpha-2 country ISO codes of the ISO 3166 international standard.
	CountryCodes []CountryCode

	// The configuration for inspecting IP addresses in an HTTP header that you
	// specify, instead of using the IP address that's reported by the web request
	// origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify
	// any header name. If the specified header isn't present in the request, AWS WAF
	// doesn't apply the rule to the web request at all.
	ForwardedIPConfig *ForwardedIPConfig
}

type HTTPHeader struct {

	// The name of the HTTP header.
	Name *string

	// The value of the HTTP header.
	Value *string
}

type HTTPRequest struct {

	// The IP address that the request originated from. If the web ACL is associated
	// with a CloudFront distribution, this is the value of one of the following fields
	// in CloudFront access logs:
	//
	// * c-ip, if the viewer did not use an HTTP proxy or a
	// load balancer to send the request
	//
	// * x-forwarded-for, if the viewer did use an
	// HTTP proxy or a load balancer to send the request
	ClientIP *string

	// The two-letter country code for the country that the request originated from.
	// For a current list of country codes, see the Wikipedia entry ISO 3166-1 alpha-2
	// (https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2).
	Country *string

	// The HTTP version specified in the sampled web request, for example, HTTP/1.1.
	HTTPVersion *string

	// A complex type that contains the name and value for each header in the sampled
	// web request.
	Headers []HTTPHeader

	// The HTTP method specified in the sampled web request.
	Method *string

	// The URI path of the request, which identifies the resource, for example,
	// /images/daily-ad.jpg.
	URI *string
}

type IPAddressVersion string

const (
	IPAddressVersionIpv4 IPAddressVersion = "IPV4"
	IPAddressVersionIpv6 IPAddressVersion = "IPV6"
)

type IPSet struct {

	// The Amazon Resource Name (ARN) of the entity.
	//
	// This member is required.
	ARN *string

	// Contains an array of strings that specify one or more IP addresses or blocks of
	// IP addresses in Classless Inter-Domain Routing (CIDR) notation. AWS WAF supports
	// all IPv4 and IPv6 CIDR ranges except for /0. Examples:
	//
	// * To configure AWS WAF
	// to allow, block, or count requests that originated from the IP address
	// 192.0.2.44, specify 192.0.2.44/32.
	//
	// * To configure AWS WAF to allow, block, or
	// count requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255,
	// specify 192.0.2.0/24.
	//
	// * To configure AWS WAF to allow, block, or count requests
	// that originated from the IP address 1111:0000:0000:0000:0000:0000:0000:0111,
	// specify 1111:0000:0000:0000:0000:0000:0000:0111/128.
	//
	// * To configure AWS WAF to
	// allow, block, or count requests that originated from IP addresses
	// 1111:0000:0000:0000:0000:0000:0000:0000 to
	// 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
	// 1111:0000:0000:0000:0000:0000:0000:0000/64.
	//
	// For more information about CIDR
	// notation, see the Wikipedia entry Classless Inter-Domain Routing
	// (https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing).
	//
	// This member is required.
	Addresses []string

	// Specify IPV4 or IPV6.
	//
	// This member is required.
	IPAddressVersion IPAddressVersion

	// A unique identifier for the set. This ID is returned in the responses to create
	// and list commands. You provide it to operations like update and delete.
	//
	// This member is required.
	Id *string

	// The name of the IP set. You cannot change the name of an IPSet after you create
	// it.
	//
	// This member is required.
	Name *string

	// A description of the IP set that helps with identification.
	Description *string
}

type IPSetForwardedIPConfig struct {

	// The match status to assign to the web request if the request doesn't have a
	// valid IP address in the specified position. If the specified header isn't
	// present in the request, AWS WAF doesn't apply the rule to the web request at
	// all. You can specify the following fallback behaviors:
	//
	// * MATCH - Treat the web
	// request as matching the rule statement. AWS WAF applies the rule action to the
	// request.
	//
	// * NO_MATCH - Treat the web request as not matching the rule statement.
	//
	// This member is required.
	FallbackBehavior FallbackBehavior

	// The name of the HTTP header to use for the IP address. For example, to use the
	// X-Forwarded-For (XFF) header, set this to X-Forwarded-For. If the specified
	// header isn't present in the request, AWS WAF doesn't apply the rule to the web
	// request at all.
	//
	// This member is required.
	HeaderName *string

	// The position in the header to search for the IP address. The header can contain
	// IP addresses of the original client and also of proxies. For example, the header
	// value could be 10.1.1.1, 127.0.0.0, 10.10.10.10 where the first IP address
	// identifies the original client and the rest identify proxies that the request
	// went through. The options for this setting are the following:
	//
	// * FIRST - Inspect
	// the first IP address in the list of IP addresses in the header. This is usually
	// the client's original IP.
	//
	// * LAST - Inspect the last IP address in the list of
	// IP addresses in the header.
	//
	// * ANY - Inspect all IP addresses in the header for
	// a match. If the header contains more than 10 IP addresses, AWS WAF inspects the
	// last 10.
	//
	// This member is required.
	Position ForwardedIPPosition
}

type IPSetReferenceStatement struct {

	// The Amazon Resource Name (ARN) of the IPSet that this statement references.
	//
	// This member is required.
	ARN *string

	// The configuration for inspecting IP addresses in an HTTP header that you
	// specify, instead of using the IP address that's reported by the web request
	// origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify
	// any header name. If the specified header isn't present in the request, AWS WAF
	// doesn't apply the rule to the web request at all.
	IPSetForwardedIPConfig *IPSetForwardedIPConfig
}

type IPSetSummary struct {

	// The Amazon Resource Name (ARN) of the entity.
	ARN *string

	// A description of the IP set that helps with identification.
	Description *string

	// A unique identifier for the set. This ID is returned in the responses to create
	// and list commands. You provide it to operations like update and delete.
	Id *string

	// A token used for optimistic locking. AWS WAF returns a token to your get and
	// list requests, to mark the state of the entity at the time of the request. To
	// make changes to the entity associated with the token, you provide the token to
	// operations like update and delete. AWS WAF uses the token to ensure that no
	// changes have been made to the entity since you last retrieved it. If a change
	// has been made, the update fails with a WAFOptimisticLockException. If this
	// happens, perform another get, and use the new token returned by that operation.
	LockToken *string

	// The name of the IP set. You cannot change the name of an IPSet after you create
	// it.
	Name *string
}

type JsonBody struct {

	// The patterns to look for in the JSON body. AWS WAF inspects the results of these
	// pattern matches against the rule inspection criteria.
	//
	// This member is required.
	MatchPattern *JsonMatchPattern

	// The parts of the JSON to match against using the MatchPattern. If you specify
	// All, AWS WAF matches against keys and values.
	//
	// This member is required.
	MatchScope JsonMatchScope

	// What AWS WAF should do if it fails to completely parse the JSON body. The
	// options are the following:
	//
	// * EVALUATE_AS_STRING - Inspect the body as plain
	// text. AWS WAF applies the text transformations and inspection criteria that you
	// defined for the JSON inspection to the body text string.
	//
	// * MATCH - Treat the
	// web request as matching the rule statement. AWS WAF applies the rule action to
	// the request.
	//
	// * NO_MATCH - Treat the web request as not matching the rule
	// statement.
	//
	// If you don't provide this setting, AWS WAF parses and evaluates the
	// content only up to the first parsing failure that it encounters. AWS WAF does
	// its best to parse the entire JSON body, but might be forced to stop for reasons
	// such as invalid characters, duplicate keys, truncation, and any content whose
	// root node isn't an object or an array. AWS WAF parses the JSON in the following
	// examples as two valid key, value pairs:
	//
	// * Missing comma:
	// {"key1":"value1""key2":"value2"}
	//
	// * Missing colon:
	// {"key1":"value1","key2""value2"}
	//
	// * Extra colons:
	// {"key1"::"value1","key2""value2"}
	InvalidFallbackBehavior BodyParsingFallbackBehavior
}

type JsonMatchPattern struct {

	// Match all of the elements. See also MatchScope in JsonBody. You must specify
	// either this setting or the IncludedPaths setting, but not both.
	All *All

	// Match only the specified include paths. See also MatchScope in JsonBody. Provide
	// the include paths using JSON Pointer syntax. For example, "IncludedPaths":
	// ["/dogs/0/name", "/dogs/1/name"]. For information about this syntax, see the
	// Internet Engineering Task Force (IETF) documentation JavaScript Object Notation
	// (JSON) Pointer (https://tools.ietf.org/html/rfc6901). You must specify either
	// this setting or the All setting, but not both. Don't use this option to include
	// all paths. Instead, use the All setting.
	IncludedPaths []string
}

type JsonMatchScope string

const (
	JsonMatchScopeAll   JsonMatchScope = "ALL"
	JsonMatchScopeKey   JsonMatchScope = "KEY"
	JsonMatchScopeValue JsonMatchScope = "VALUE"
)

type Label struct {

	// The label string.
	//
	// This member is required.
	Name *string
}

type LabelMatchScope string

const (
	LabelMatchScopeLabel     LabelMatchScope = "LABEL"
	LabelMatchScopeNamespace LabelMatchScope = "NAMESPACE"
)

type LabelMatchStatement struct {

	// The string to match against. The setting you provide for this depends on the
	// match statement's Scope settings:
	//
	// * If the Scope indicates LABEL, then this
	// specification must include the name and can include any number of preceding
	// namespace specifications and prefix up to providing the fully qualified label
	// name.
	//
	// * If the Scope indicates NAMESPACE, then this specification can include
	// any number of contiguous namespace strings, and can include the entire label
	// namespace prefix from the rule group or web ACL where the label
	// originates.
	//
	// Labels are case sensitive and components of a label must be
	// separated by colon, for example NS1:NS2:name.
	//
	// This member is required.
	Key *string

	// Specify whether you want to match using the label name or just the namespace.
	//
	// This member is required.
	Scope LabelMatchScope
}

type LabelNameCondition struct {

	// The label name that a log record must contain in order to meet the condition.
	// This must be a fully qualified label name. Fully qualified labels have a prefix,
	// optional namespaces, and label name. The prefix identifies the rule group or web
	// ACL context of the rule that added the label.
	//
	// This member is required.
	LabelName *string
}

type LabelSummary struct {

	// An individual label specification.
	Name *string
}

type LoggingConfiguration struct {

	// The Amazon Kinesis Data Firehose Amazon Resource Name (ARNs) that you want to
	// associate with the web ACL.
	//
	// This member is required.
	LogDestinationConfigs []string

	// The Amazon Resource Name (ARN) of the web ACL that you want to associate with
	// LogDestinationConfigs.
	//
	// This member is required.
	ResourceArn *string

	// Filtering that specifies which web requests are kept in the logs and which are
	// dropped. You can filter on the rule action and on the web request labels that
	// were applied by matching rules during web ACL evaluation.
	LoggingFilter *LoggingFilter

	// Indicates whether the logging configuration was created by AWS Firewall Manager,
	// as part of an AWS WAF policy configuration. If true, only Firewall Manager can
	// modify or delete the configuration.
	ManagedByFirewallManager bool

	// The parts of the request that you want to keep out of the logs. For example, if
	// you redact the HEADER field, the HEADER field in the firehose will be xxx. You
	// must use one of the following values: URI, QUERY_STRING, HEADER, or METHOD.
	RedactedFields []FieldToMatch
}

type LoggingFilter struct {

	// Default handling for logs that don't match any of the specified filtering
	// conditions.
	//
	// This member is required.
	DefaultBehavior FilterBehavior

	// The filters that you want to apply to the logs.
	//
	// This member is required.
	Filters []Filter
}

type ManagedRuleGroupStatement struct {

	// The name of the managed rule group. You use this, along with the vendor name, to
	// identify the rule group.
	//
	// This member is required.
	Name *string

	// The name of the managed rule group vendor. You use this, along with the rule
	// group name, to identify the rule group.
	//
	// This member is required.
	VendorName *string

	// The rules whose actions are set to COUNT by the web ACL, regardless of the
	// action that is set on the rule. This effectively excludes the rule from acting
	// on web requests.
	ExcludedRules []ExcludedRule

	// The processing guidance for a Rule, used by AWS WAF to determine whether a web
	// request matches the rule.
	ScopeDownStatement *Statement
}

type ManagedRuleGroupSummary struct {

	// The description of the managed rule group, provided by AWS Managed Rules or the
	// AWS Marketplace seller who manages it.
	Description *string

	// The name of the managed rule group. You use this, along with the vendor name, to
	// identify the rule group.
	Name *string

	// The name of the managed rule group vendor. You use this, along with the rule
	// group name, to identify the rule group.
	VendorName *string
}

type Method struct {
}

type NoneAction struct {
}

type NotStatement struct {

	// The statement to negate. You can use any statement that can be nested.
	//
	// This member is required.
	Statement *Statement
}

type OrStatement struct {

	// The statements to combine with OR logic. You can use any statements that can be
	// nested.
	//
	// This member is required.
	Statements []Statement
}

type OverrideAction struct {

	// Override the rule action setting to count.
	Count *CountAction

	// Don't override the rule action setting.
	None *NoneAction
}

type ParameterExceptionField string

const (
	ParameterExceptionFieldWebAcl                         ParameterExceptionField = "WEB_ACL"
	ParameterExceptionFieldRuleGroup                      ParameterExceptionField = "RULE_GROUP"
	ParameterExceptionFieldRegexPatternSet                ParameterExceptionField = "REGEX_PATTERN_SET"
	ParameterExceptionFieldIpSet                          ParameterExceptionField = "IP_SET"
	ParameterExceptionFieldManagedRuleSet                 ParameterExceptionField = "MANAGED_RULE_SET"
	ParameterExceptionFieldRule                           ParameterExceptionField = "RULE"
	ParameterExceptionFieldExcludedRule                   ParameterExceptionField = "EXCLUDED_RULE"
	ParameterExceptionFieldStatement                      ParameterExceptionField = "STATEMENT"
	ParameterExceptionFieldByteMatchStatement             ParameterExceptionField = "BYTE_MATCH_STATEMENT"
	ParameterExceptionFieldSqliMatchStatement             ParameterExceptionField = "SQLI_MATCH_STATEMENT"
	ParameterExceptionFieldXssMatchStatement              ParameterExceptionField = "XSS_MATCH_STATEMENT"
	ParameterExceptionFieldSizeConstraintStatement        ParameterExceptionField = "SIZE_CONSTRAINT_STATEMENT"
	ParameterExceptionFieldGeoMatchStatement              ParameterExceptionField = "GEO_MATCH_STATEMENT"
	ParameterExceptionFieldRateBasedStatement             ParameterExceptionField = "RATE_BASED_STATEMENT"
	ParameterExceptionFieldRuleGroupReferenceStatement    ParameterExceptionField = "RULE_GROUP_REFERENCE_STATEMENT"
	ParameterExceptionFieldRegexPatternReferenceStatement ParameterExceptionField = "REGEX_PATTERN_REFERENCE_STATEMENT"
	ParameterExceptionFieldIpSetReferenceStatement        ParameterExceptionField = "IP_SET_REFERENCE_STATEMENT"
	ParameterExceptionFieldManagedRuleSetStatement        ParameterExceptionField = "MANAGED_RULE_SET_STATEMENT"
	ParameterExceptionFieldLabelMatchStatement            ParameterExceptionField = "LABEL_MATCH_STATEMENT"
	ParameterExceptionFieldAndStatement                   ParameterExceptionField = "AND_STATEMENT"
	ParameterExceptionFieldOrStatement                    ParameterExceptionField = "OR_STATEMENT"
	ParameterExceptionFieldNotStatement                   ParameterExceptionField = "NOT_STATEMENT"
	ParameterExceptionFieldIpAddress                      ParameterExceptionField = "IP_ADDRESS"
	ParameterExceptionFieldIpAddressVersion               ParameterExceptionField = "IP_ADDRESS_VERSION"
	ParameterExceptionFieldFieldToMatch                   ParameterExceptionField = "FIELD_TO_MATCH"
	ParameterExceptionFieldTextTransformation             ParameterExceptionField = "TEXT_TRANSFORMATION"
	ParameterExceptionFieldSingleQueryArgument            ParameterExceptionField = "SINGLE_QUERY_ARGUMENT"
	ParameterExceptionFieldSingleHeader                   ParameterExceptionField = "SINGLE_HEADER"
	ParameterExceptionFieldDefaultAction                  ParameterExceptionField = "DEFAULT_ACTION"
	ParameterExceptionFieldRuleAction                     ParameterExceptionField = "RULE_ACTION"
	ParameterExceptionFieldEntityLimit                    ParameterExceptionField = "ENTITY_LIMIT"
	ParameterExceptionFieldOverrideAction                 ParameterExceptionField = "OVERRIDE_ACTION"
	ParameterExceptionFieldScopeValue                     ParameterExceptionField = "SCOPE_VALUE"
	ParameterExceptionFieldResourceArn                    ParameterExceptionField = "RESOURCE_ARN"
	ParameterExceptionFieldResourceType                   ParameterExceptionField = "RESOURCE_TYPE"
	ParameterExceptionFieldTags                           ParameterExceptionField = "TAGS"
	ParameterExceptionFieldTagKeys                        ParameterExceptionField = "TAG_KEYS"
	ParameterExceptionFieldMetricName                     ParameterExceptionField = "METRIC_NAME"
	ParameterExceptionFieldFirewallManagerStatement       ParameterExceptionField = "FIREWALL_MANAGER_STATEMENT"
	ParameterExceptionFieldFallbackBehavior               ParameterExceptionField = "FALLBACK_BEHAVIOR"
	ParameterExceptionFieldPosition                       ParameterExceptionField = "POSITION"
	ParameterExceptionFieldForwardedIpConfig              ParameterExceptionField = "FORWARDED_IP_CONFIG"
	ParameterExceptionFieldIpSetForwardedIpConfig         ParameterExceptionField = "IP_SET_FORWARDED_IP_CONFIG"
	ParameterExceptionFieldHeaderName                     ParameterExceptionField = "HEADER_NAME"
	ParameterExceptionFieldCustomRequestHandling          ParameterExceptionField = "CUSTOM_REQUEST_HANDLING"
	ParameterExceptionFieldResponseContentType            ParameterExceptionField = "RESPONSE_CONTENT_TYPE"
	ParameterExceptionFieldCustomResponse                 ParameterExceptionField = "CUSTOM_RESPONSE"
	ParameterExceptionFieldCustomResponseBody             ParameterExceptionField = "CUSTOM_RESPONSE_BODY"
	ParameterExceptionFieldJsonMatchPattern               ParameterExceptionField = "JSON_MATCH_PATTERN"
	ParameterExceptionFieldJsonMatchScope                 ParameterExceptionField = "JSON_MATCH_SCOPE"
	ParameterExceptionFieldBodyParsingFallbackBehavior    ParameterExceptionField = "BODY_PARSING_FALLBACK_BEHAVIOR"
	ParameterExceptionFieldLoggingFilter                  ParameterExceptionField = "LOGGING_FILTER"
	ParameterExceptionFieldFilterCondition                ParameterExceptionField = "FILTER_CONDITION"
)

type PositionalConstraint string

const (
	PositionalConstraintExactly      PositionalConstraint = "EXACTLY"
	PositionalConstraintStartsWith   PositionalConstraint = "STARTS_WITH"
	PositionalConstraintEndsWith     PositionalConstraint = "ENDS_WITH"
	PositionalConstraintContains     PositionalConstraint = "CONTAINS"
	PositionalConstraintContainsWord PositionalConstraint = "CONTAINS_WORD"
)

type QueryString struct {
}

type RateBasedStatement struct {

	// Setting that indicates how to aggregate the request counts. The options are the
	// following:
	//
	// * IP - Aggregate the request counts on the IP address from the web
	// request origin.
	//
	// * FORWARDED_IP - Aggregate the request counts on the first IP
	// address in an HTTP header. If you use this, configure the ForwardedIPConfig, to
	// specify the header to use.
	//
	// This member is required.
	AggregateKeyType RateBasedStatementAggregateKeyType

	// The limit on requests per 5-minute period for a single originating IP address.
	// If the statement includes a ScopeDownStatement, this limit is applied only to
	// the requests that match the statement.
	//
	// This member is required.
	Limit int64

	// The configuration for inspecting IP addresses in an HTTP header that you
	// specify, instead of using the IP address that's reported by the web request
	// origin. Commonly, this is the X-Forwarded-For (XFF) header, but you can specify
	// any header name. If the specified header isn't present in the request, AWS WAF
	// doesn't apply the rule to the web request at all. This is required if
	// AggregateKeyType is set to FORWARDED_IP.
	ForwardedIPConfig *ForwardedIPConfig

	// An optional nested statement that narrows the scope of the rate-based statement
	// to matching web requests. This can be any nestable statement, and you can nest
	// statements at any level below this scope-down statement.
	ScopeDownStatement *Statement
}

type RateBasedStatementAggregateKeyType string

const (
	RateBasedStatementAggregateKeyTypeIp          RateBasedStatementAggregateKeyType = "IP"
	RateBasedStatementAggregateKeyTypeForwardedIp RateBasedStatementAggregateKeyType = "FORWARDED_IP"
)

type RateBasedStatementManagedKeysIPSet struct {

	// The IP addresses that are currently blocked.
	Addresses []string

	IPAddressVersion IPAddressVersion
}

type Regex struct {

	// The string representing the regular expression.
	RegexString *string
}

type RegexPatternSet struct {

	// The Amazon Resource Name (ARN) of the entity.
	ARN *string

	// A description of the set that helps with identification.
	Description *string

	// A unique identifier for the set. This ID is returned in the responses to create
	// and list commands. You provide it to operations like update and delete.
	Id *string

	// The name of the set. You cannot change the name after you create the set.
	Name *string

	// The regular expression patterns in the set.
	RegularExpressionList []Regex
}

type RegexPatternSetReferenceStatement struct {

	// The Amazon Resource Name (ARN) of the RegexPatternSet that this statement
	// references.
	//
	// This member is required.
	ARN *string

	// The part of a web request that you want AWS WAF to inspect. For more
	// information, see FieldToMatch.
	//
	// This member is required.
	FieldToMatch *FieldToMatch

	// Text transformations eliminate some of the unusual formatting that attackers use
	// in web requests in an effort to bypass detection. If you specify one or more
	// transformations in a rule statement, AWS WAF performs all transformations on the
	// content of the request component identified by FieldToMatch, starting from the
	// lowest priority setting, before inspecting the content for a match.
	//
	// This member is required.
	TextTransformations []TextTransformation
}

type RegexPatternSetSummary struct {

	// The Amazon Resource Name (ARN) of the entity.
	ARN *string

	// A description of the set that helps with identification.
	Description *string

	// A unique identifier for the set. This ID is returned in the responses to create
	// and list commands. You provide it to operations like update and delete.
	Id *string

	// A token used for optimistic locking. AWS WAF returns a token to your get and
	// list requests, to mark the state of the entity at the time of the request. To
	// make changes to the entity associated with the token, you provide the token to
	// operations like update and delete. AWS WAF uses the token to ensure that no
	// changes have been made to the entity since you last retrieved it. If a change
	// has been made, the update fails with a WAFOptimisticLockException. If this
	// happens, perform another get, and use the new token returned by that operation.
	LockToken *string

	// The name of the data type instance. You cannot change the name after you create
	// the instance.
	Name *string
}

type ResourceType string

const (
	ResourceTypeApplicationLoadBalancer ResourceType = "APPLICATION_LOAD_BALANCER"
	ResourceTypeApiGateway              ResourceType = "API_GATEWAY"
	ResourceTypeAppsync                 ResourceType = "APPSYNC"
)

type ResponseContentType string

const (
	ResponseContentTypeTextPlain       ResponseContentType = "TEXT_PLAIN"
	ResponseContentTypeTextHtml        ResponseContentType = "TEXT_HTML"
	ResponseContentTypeApplicationJson ResponseContentType = "APPLICATION_JSON"
)

type Rule struct {

	// The name of the rule. You can't change the name of a Rule after you create it.
	//
	// This member is required.
	Name *string

	// If you define more than one Rule in a WebACL, AWS WAF evaluates each request
	// against the Rules in order based on the value of Priority. AWS WAF processes
	// rules with lower priority first. The priorities don't need to be consecutive,
	// but they must all be different.
	//
	// This member is required.
	Priority int32

	// The AWS WAF processing statement for the rule, for example ByteMatchStatement or
	// SizeConstraintStatement.
	//
	// This member is required.
	Statement *Statement

	// Defines and enables Amazon CloudWatch metrics and web request sample collection.
	//
	// This member is required.
	VisibilityConfig *VisibilityConfig

	// The action that AWS WAF should take on a web request when it matches the rule
	// statement. Settings at the web ACL level can override the rule action setting.
	// This is used only for rules whose statements do not reference a rule group. Rule
	// statements that reference a rule group include RuleGroupReferenceStatement and
	// ManagedRuleGroupStatement. You must specify either this Action setting or the
	// rule OverrideAction setting, but not both:
	//
	// * If the rule statement does not
	// reference a rule group, use this rule action setting and not the rule override
	// action setting.
	//
	// * If the rule statement references a rule group, use the
	// override action setting and not this action setting.
	Action *RuleAction

	// The override action to apply to the rules in a rule group. Used only for rule
	// statements that reference a rule group, like RuleGroupReferenceStatement and
	// ManagedRuleGroupStatement. Set the override action to none to leave the rule
	// actions in effect. Set it to count to only count matches, regardless of the rule
	// action settings. In a Rule, you must specify either this OverrideAction setting
	// or the rule Action setting, but not both:
	//
	// * If the rule statement references a
	// rule group, use this override action setting and not the action setting.
	//
	// * If
	// the rule statement does not reference a rule group, use the rule action setting
	// and not this rule override action setting.
	OverrideAction *OverrideAction

	// Labels to apply to web requests that match the rule match statement. AWS WAF
	// applies fully qualified labels to matching web requests. A fully qualified label
	// is the concatenation of a label namespace and a rule label. The rule's rule
	// group or web ACL defines the label namespace. Rules that run after this rule in
	// the web ACL can match against these labels using a LabelMatchStatement. For each
	// label, provide a case-sensitive string containing optional namespaces and a
	// label name, according to the following guidelines:
	//
	// * Separate each component of
	// the label with a colon.
	//
	// * Each namespace or name can have up to 128
	// characters.
	//
	// * You can specify up to 5 namespaces in a label.
	//
	// * Don't use the
	// following reserved words in your label specification: aws, waf, managed,
	// rulegroup, webacl, regexpatternset, or ipset.
	//
	// For example, myLabelName or
	// nameSpace1:nameSpace2:myLabelName.
	RuleLabels []Label
}

type RuleAction struct {

	// Instructs AWS WAF to allow the web request.
	Allow *AllowAction

	// Instructs AWS WAF to block the web request.
	Block *BlockAction

	// Instructs AWS WAF to count the web request and allow it.
	Count *CountAction
}

type RuleGroup struct {

	// The Amazon Resource Name (ARN) of the entity.
	//
	// This member is required.
	ARN *string

	// The web ACL capacity units (WCUs) required for this rule group. When you create
	// your own rule group, you define this, and you cannot change it after creation.
	// When you add or modify the rules in a rule group, AWS WAF enforces this limit.
	// You can check the capacity for a set of rules using CheckCapacity. AWS WAF uses
	// WCUs to calculate and control the operating resources that are used to run your
	// rules, rule groups, and web ACLs. AWS WAF calculates capacity differently for
	// each rule type, to reflect the relative cost of each rule. Simple rules that
	// cost little to run use fewer WCUs than more complex rules that use more
	// processing power. Rule group capacity is fixed at creation, which helps users
	// plan their web ACL WCU usage when they use a rule group. The WCU limit for web
	// ACLs is 1,500.
	//
	// This member is required.
	Capacity int64

	// A unique identifier for the rule group. This ID is returned in the responses to
	// create and list commands. You provide it to operations like update and delete.
	//
	// This member is required.
	Id *string

	// The name of the rule group. You cannot change the name of a rule group after you
	// create it.
	//
	// This member is required.
	Name *string

	// Defines and enables Amazon CloudWatch metrics and web request sample collection.
	//
	// This member is required.
	VisibilityConfig *VisibilityConfig

	// The labels that one or more rules in this rule group add to matching web ACLs.
	// These labels are defined in the RuleLabels for a Rule.
	AvailableLabels []LabelSummary

	// The labels that one or more rules in this rule group match against in label
	// match statements. These labels are defined in a LabelMatchStatement
	// specification, in the Statement definition of a rule.
	ConsumedLabels []LabelSummary

	// A map of custom response keys and content bodies. When you create a rule with a
	// block action, you can send a custom response to the web request. You define
	// these for the rule group, and then use them in the rules that you define in the
	// rule group. For information about customizing web requests and responses, see
	// Customizing web requests and responses in AWS WAF
	// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
	// in the AWS WAF Developer Guide
	// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). For
	// information about the limits on count and size for custom request and response
	// settings, see AWS WAF quotas
	// (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html) in the AWS
	// WAF Developer Guide
	// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
	CustomResponseBodies map[string]CustomResponseBody

	// A description of the rule group that helps with identification.
	Description *string

	// The label namespace prefix for this rule group. All labels added by rules in
	// this rule group have this prefix.
	//
	// * The syntax for the label namespace prefix
	// for your rule groups is the following: awswaf::rulegroup::
	//
	// * When a rule with a
	// label matches a web request, AWS WAF adds the fully qualified label to the
	// request. A fully qualified label is made up of the label namespace from the rule
	// group or web ACL where the rule is defined and the label from the rule,
	// separated by a colon: :
	LabelNamespace *string

	// The Rule statements used to identify the web requests that you want to allow,
	// block, or count. Each rule includes one top-level statement that AWS WAF uses to
	// identify matching web requests, and parameters that govern how AWS WAF handles
	// them.
	Rules []Rule
}

type RuleGroupReferenceStatement struct {

	// The Amazon Resource Name (ARN) of the entity.
	//
	// This member is required.
	ARN *string

	// The names of rules that are in the referenced rule group, but that you want AWS
	// WAF to exclude from processing for this rule statement.
	ExcludedRules []ExcludedRule
}

type RuleGroupSummary struct {

	// The Amazon Resource Name (ARN) of the entity.
	ARN *string

	// A description of the rule group that helps with identification.
	Description *string

	// A unique identifier for the rule group. This ID is returned in the responses to
	// create and list commands. You provide it to operations like update and delete.
	Id *string

	// A token used for optimistic locking. AWS WAF returns a token to your get and
	// list requests, to mark the state of the entity at the time of the request. To
	// make changes to the entity associated with the token, you provide the token to
	// operations like update and delete. AWS WAF uses the token to ensure that no
	// changes have been made to the entity since you last retrieved it. If a change
	// has been made, the update fails with a WAFOptimisticLockException. If this
	// happens, perform another get, and use the new token returned by that operation.
	LockToken *string

	// The name of the data type instance. You cannot change the name after you create
	// the instance.
	Name *string
}

type RuleSummary struct {

	// The action that AWS WAF should take on a web request when it matches a rule's
	// statement. Settings at the web ACL level can override the rule action setting.
	Action *RuleAction

	// The name of the rule.
	Name *string
}

type SampledHTTPRequest struct {

	// A complex type that contains detailed information about the request.
	//
	// This member is required.
	Request *HTTPRequest

	// A value that indicates how one result in the response relates proportionally to
	// other results in the response. For example, a result that has a weight of 2
	// represents roughly twice as many web requests as a result that has a weight of
	// 1.
	//
	// This member is required.
	Weight int64

	// The action for the Rule that the request matched: ALLOW, BLOCK, or COUNT.
	Action *string

	// Labels applied to the web request by matching rules. AWS WAF applies fully
	// qualified labels to matching web requests. A fully qualified label is the
	// concatenation of a label namespace and a rule label. The rule's rule group or
	// web ACL defines the label namespace. For example,
	// awswaf:111122223333:myRuleGroup:testRules:testNS1:testNS2:labelNameA or
	// awswaf:managed:aws:managed-rule-set:header:encoding:utf8.
	Labels []Label

	// Custom request headers inserted by AWS WAF into the request, according to the
	// custom request configuration for the matching rule action.
	RequestHeadersInserted []HTTPHeader

	// The response code that was sent for the request.
	ResponseCodeSent *int32

	// The name of the Rule that the request matched. For managed rule groups, the
	// format for this name is ##. For your own rule groups, the format for this name
	// is #. If the rule is not in a rule group, this field is absent.
	RuleNameWithinRuleGroup *string

	// The time at which AWS WAF received the request from your AWS resource, in Unix
	// time format (in seconds).
	Timestamp *time.Time
}

type Scope string

const (
	ScopeCloudfront Scope = "CLOUDFRONT"
	ScopeRegional   Scope = "REGIONAL"
)

type SingleHeader struct {

	// The name of the query header to inspect.
	//
	// This member is required.
	Name *string
}

type SingleQueryArgument struct {

	// The name of the query argument to inspect.
	//
	// This member is required.
	Name *string
}

type SizeConstraintStatement struct {

	// The operator to use to compare the request part to the size setting.
	//
	// This member is required.
	ComparisonOperator ComparisonOperator

	// The part of a web request that you want AWS WAF to inspect. For more
	// information, see FieldToMatch.
	//
	// This member is required.
	FieldToMatch *FieldToMatch

	// The size, in byte, to compare to the request part, after any transformations.
	//
	// This member is required.
	Size int64

	// Text transformations eliminate some of the unusual formatting that attackers use
	// in web requests in an effort to bypass detection. If you specify one or more
	// transformations in a rule statement, AWS WAF performs all transformations on the
	// content of the request component identified by FieldToMatch, starting from the
	// lowest priority setting, before inspecting the content for a match.
	//
	// This member is required.
	TextTransformations []TextTransformation
}

type SqliMatchStatement struct {

	// The part of a web request that you want AWS WAF to inspect. For more
	// information, see FieldToMatch.
	//
	// This member is required.
	FieldToMatch *FieldToMatch

	// Text transformations eliminate some of the unusual formatting that attackers use
	// in web requests in an effort to bypass detection. If you specify one or more
	// transformations in a rule statement, AWS WAF performs all transformations on the
	// content of the request component identified by FieldToMatch, starting from the
	// lowest priority setting, before inspecting the content for a match.
	//
	// This member is required.
	TextTransformations []TextTransformation
}

type Statement struct {

	// A logical rule statement used to combine other rule statements with AND logic.
	// You provide more than one Statement within the AndStatement.
	AndStatement *AndStatement

	// A rule statement that defines a string match search for AWS WAF to apply to web
	// requests. The byte match statement provides the bytes to search for, the
	// location in requests that you want AWS WAF to search, and other settings. The
	// bytes to search for are typically a string that corresponds with ASCII
	// characters. In the AWS WAF console and the developer guide, this is refered to
	// as a string match statement.
	ByteMatchStatement *ByteMatchStatement

	// A rule statement used to identify web requests based on country of origin.
	GeoMatchStatement *GeoMatchStatement

	// A rule statement used to detect web requests coming from particular IP addresses
	// or address ranges. To use this, create an IPSet that specifies the addresses you
	// want to detect, then use the ARN of that set in this statement. To create an IP
	// set, see CreateIPSet. Each IP set rule statement references an IP set. You
	// create and maintain the set independent of your rules. This allows you to use
	// the single set in multiple rules. When you update the referenced set, AWS WAF
	// automatically updates all rules that reference it.
	IPSetReferenceStatement *IPSetReferenceStatement

	// A rule statement that defines a string match search against labels that have
	// been added to the web request by rules that have already run in the web ACL. The
	// label match statement provides the label or namespace string to search for. The
	// label string can represent a part or all of the fully qualified label name that
	// had been added to the web request. Fully qualified labels have a prefix,
	// optional namespaces, and label name. The prefix identifies the rule group or web
	// ACL context of the rule that added the label. If you do not provide the fully
	// qualified name in your label match string, AWS WAF performs the search for
	// labels that were added in the same context as the label match statement.
	LabelMatchStatement *LabelMatchStatement

	// A rule statement used to run the rules that are defined in a managed rule group.
	// To use this, provide the vendor name and the name of the rule group in this
	// statement. You can retrieve the required names by calling
	// ListAvailableManagedRuleGroups. You can't nest a ManagedRuleGroupStatement, for
	// example for use inside a NotStatement or OrStatement. It can only be referenced
	// as a top-level statement within a rule.
	ManagedRuleGroupStatement *ManagedRuleGroupStatement

	// A logical rule statement used to negate the results of another rule statement.
	// You provide one Statement within the NotStatement.
	NotStatement *NotStatement

	// A logical rule statement used to combine other rule statements with OR logic.
	// You provide more than one Statement within the OrStatement.
	OrStatement *OrStatement

	// A rate-based rule tracks the rate of requests for each originating IP address,
	// and triggers the rule action when the rate exceeds a limit that you specify on
	// the number of requests in any 5-minute time span. You can use this to put a
	// temporary block on requests from an IP address that is sending excessive
	// requests. When the rule action triggers, AWS WAF blocks additional requests from
	// the IP address until the request rate falls below the limit. You can optionally
	// nest another statement inside the rate-based statement, to narrow the scope of
	// the rule so that it only counts requests that match the nested statement. For
	// example, based on recent requests that you have seen from an attacker, you might
	// create a rate-based rule with a nested AND rule statement that contains the
	// following nested statements:
	//
	// * An IP match statement with an IP set that
	// specified the address 192.0.2.44.
	//
	// * A string match statement that searches in
	// the User-Agent header for the string BadBot.
	//
	// In this rate-based rule, you also
	// define a rate limit. For this example, the rate limit is 1,000. Requests that
	// meet both of the conditions in the statements are counted. If the count exceeds
	// 1,000 requests per five minutes, the rule action triggers. Requests that do not
	// meet both conditions are not counted towards the rate limit and are not affected
	// by this rule. You cannot nest a RateBasedStatement, for example for use inside a
	// NotStatement or OrStatement. It can only be referenced as a top-level statement
	// within a rule.
	RateBasedStatement *RateBasedStatement

	// A rule statement used to search web request components for matches with regular
	// expressions. To use this, create a RegexPatternSet that specifies the
	// expressions that you want to detect, then use the ARN of that set in this
	// statement. A web request matches the pattern set rule statement if the request
	// component matches any of the patterns in the set. To create a regex pattern set,
	// see CreateRegexPatternSet. Each regex pattern set rule statement references a
	// regex pattern set. You create and maintain the set independent of your rules.
	// This allows you to use the single set in multiple rules. When you update the
	// referenced set, AWS WAF automatically updates all rules that reference it.
	RegexPatternSetReferenceStatement *RegexPatternSetReferenceStatement

	// A rule statement used to run the rules that are defined in a RuleGroup. To use
	// this, create a rule group with your rules, then provide the ARN of the rule
	// group in this statement. You cannot nest a RuleGroupReferenceStatement, for
	// example for use inside a NotStatement or OrStatement. It can only be referenced
	// as a top-level statement within a rule.
	RuleGroupReferenceStatement *RuleGroupReferenceStatement

	// A rule statement that compares a number of bytes against the size of a request
	// component, using a comparison operator, such as greater than (>) or less than
	// (<). For example, you can use a size constraint statement to look for query
	// strings that are longer than 100 bytes. If you configure AWS WAF to inspect the
	// request body, AWS WAF inspects only the first 8192 bytes (8 KB). If the request
	// body for your web requests never exceeds 8192 bytes, you can create a size
	// constraint condition and block requests that have a request body greater than
	// 8192 bytes. If you choose URI for the value of Part of the request to filter on,
	// the slash (/) in the URI counts as one character. For example, the URI /logo.jpg
	// is nine characters long.
	SizeConstraintStatement *SizeConstraintStatement

	// Attackers sometimes insert malicious SQL code into web requests in an effort to
	// extract data from your database. To allow or block web requests that appear to
	// contain malicious SQL code, create one or more SQL injection match conditions.
	// An SQL injection match condition identifies the part of web requests, such as
	// the URI or the query string, that you want AWS WAF to inspect. Later in the
	// process, when you create a web ACL, you specify whether to allow or block
	// requests that appear to contain malicious SQL code.
	SqliMatchStatement *SqliMatchStatement

	// A rule statement that defines a cross-site scripting (XSS) match search for AWS
	// WAF to apply to web requests. XSS attacks are those where the attacker uses
	// vulnerabilities in a benign website as a vehicle to inject malicious client-site
	// scripts into other legitimate web browsers. The XSS match statement provides the
	// location in requests that you want AWS WAF to search and text transformations to
	// use on the search area before AWS WAF searches for character sequences that are
	// likely to be malicious strings.
	XssMatchStatement *XssMatchStatement
}

type Tag struct {

	// Part of the key:value pair that defines a tag. You can use a tag key to describe
	// a category of information, such as "customer." Tag keys are case-sensitive.
	//
	// This member is required.
	Key *string

	// Part of the key:value pair that defines a tag. You can use a tag value to
	// describe a specific value within a category, such as "companyA" or "companyB."
	// Tag values are case-sensitive.
	//
	// This member is required.
	Value *string
}

type TagInfoForResource struct {

	// The Amazon Resource Name (ARN) of the resource.
	ResourceARN *string

	// The array of Tag objects defined for the resource.
	TagList []Tag
}

type TextTransformation struct {

	// Sets the relative processing order for multiple transformations that are defined
	// for a rule statement. AWS WAF processes all transformations, from lowest
	// priority to highest, before inspecting the transformed content. The priorities
	// don't need to be consecutive, but they must all be different.
	//
	// This member is required.
	Priority int32

	// You can specify the following transformation types: CMD_LINE When you're
	// concerned that attackers are injecting an operating system command line command
	// and using unusual formatting to disguise some or all of the command, use this
	// option to perform the following transformations:
	//
	// * Delete the following
	// characters: \ " ' ^
	//
	// * Delete spaces before the following characters: / (
	//
	// *
	// Replace the following characters with a space: , ;
	//
	// * Replace multiple spaces
	// with one space
	//
	// * Convert uppercase letters (A-Z) to lowercase
	// (a-z)
	//
	// COMPRESS_WHITE_SPACE Use this option to replace the following characters
	// with a space character (decimal 32):
	//
	// * \f, formfeed, decimal 12
	//
	// * \t, tab,
	// decimal 9
	//
	// * \n, newline, decimal 10
	//
	// * \r, carriage return, decimal 13
	//
	// * \v,
	// vertical tab, decimal 11
	//
	// * non-breaking space, decimal
	// 160
	//
	// COMPRESS_WHITE_SPACE also replaces multiple spaces with one space.
	// HTML_ENTITY_DECODE Use this option to replace HTML-encoded characters with
	// unencoded characters. HTML_ENTITY_DECODE performs the following operations:
	//
	// *
	// Replaces (ampersand)quot; with "
	//
	// * Replaces (ampersand)nbsp; with a
	// non-breaking space, decimal 160
	//
	// * Replaces (ampersand)lt; with a "less than"
	// symbol
	//
	// * Replaces (ampersand)gt; with >
	//
	// * Replaces characters that are
	// represented in hexadecimal format, (ampersand)#xhhhh;, with the corresponding
	// characters
	//
	// * Replaces characters that are represented in decimal format,
	// (ampersand)#nnnn;, with the corresponding characters
	//
	// LOWERCASE Use this option
	// to convert uppercase letters (A-Z) to lowercase (a-z). URL_DECODE Use this
	// option to decode a URL-encoded value. NONE Specify NONE if you don't want any
	// text transformations.
	//
	// This member is required.
	Type TextTransformationType
}

type TextTransformationType string

const (
	TextTransformationTypeNone               TextTransformationType = "NONE"
	TextTransformationTypeCompressWhiteSpace TextTransformationType = "COMPRESS_WHITE_SPACE"
	TextTransformationTypeHtmlEntityDecode   TextTransformationType = "HTML_ENTITY_DECODE"
	TextTransformationTypeLowercase          TextTransformationType = "LOWERCASE"
	TextTransformationTypeCmdLine            TextTransformationType = "CMD_LINE"
	TextTransformationTypeUrlDecode          TextTransformationType = "URL_DECODE"
)

type TimeWindow struct {

	// The end of the time range from which you want GetSampledRequests to return a
	// sample of the requests that your AWS resource received. You must specify the
	// times in Coordinated Universal Time (UTC) format. UTC format includes the
	// special designator, Z. For example, "2016-09-27T14:50Z". You can specify any
	// time range in the previous three hours.
	//
	// This member is required.
	EndTime *time.Time

	// The beginning of the time range from which you want GetSampledRequests to return
	// a sample of the requests that your AWS resource received. You must specify the
	// times in Coordinated Universal Time (UTC) format. UTC format includes the
	// special designator, Z. For example, "2016-09-27T14:50Z". You can specify any
	// time range in the previous three hours.
	//
	// This member is required.
	StartTime *time.Time
}

type UriPath struct {
}

type VisibilityConfig struct {

	// A boolean indicating whether the associated resource sends metrics to
	// CloudWatch. For the list of available metrics, see AWS WAF Metrics
	// (https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics).
	//
	// This member is required.
	CloudWatchMetricsEnabled bool

	// A name of the CloudWatch metric. The name can contain only the characters: A-Z,
	// a-z, 0-9, - (hyphen), and _ (underscore). The name can be from one to 128
	// characters long. It can't contain whitespace or metric names reserved for AWS
	// WAF, for example "All" and "Default_Action."
	//
	// This member is required.
	MetricName *string

	// A boolean indicating whether AWS WAF should store a sampling of the web requests
	// that match the rules. You can view the sampled requests through the AWS WAF
	// console.
	//
	// This member is required.
	SampledRequestsEnabled bool
}

type WAFAssociatedItemException struct {
	Message *string
}

type WAFDuplicateItemException struct {
	Message *string
}

type WAFInternalErrorException struct {
	Message *string
}

type WAFInvalidOperationException struct {
	Message *string
}

type WAFInvalidParameterException struct {
	Message *string

	Field     ParameterExceptionField
	Parameter *string
	Reason    *string
}

type WAFInvalidPermissionPolicyException struct {
	Message *string
}

type WAFInvalidResourceException struct {
	Message *string
}

type WAFLimitsExceededException struct {
	Message *string
}

type WAFNonexistentItemException struct {
	Message *string
}

type WAFOptimisticLockException struct {
	Message *string
}

type WAFServiceLinkedRoleErrorException struct {
	Message *string
}

type WAFSubscriptionNotFoundException struct {
	Message *string
}

type WAFTagOperationException struct {
	Message *string
}

type WAFTagOperationInternalErrorException struct {
	Message *string
}

type WAFUnavailableEntityException struct {
	Message *string
}

type WebACL struct {

	// The Amazon Resource Name (ARN) of the Web ACL that you want to associate with
	// the resource.
	//
	// This member is required.
	ARN *string

	// The action to perform if none of the Rules contained in the WebACL match.
	//
	// This member is required.
	DefaultAction *DefaultAction

	// A unique identifier for the WebACL. This ID is returned in the responses to
	// create and list commands. You use this ID to do things like get, update, and
	// delete a WebACL.
	//
	// This member is required.
	Id *string

	// The name of the Web ACL. You cannot change the name of a Web ACL after you
	// create it.
	//
	// This member is required.
	Name *string

	// Defines and enables Amazon CloudWatch metrics and web request sample collection.
	//
	// This member is required.
	VisibilityConfig *VisibilityConfig

	// The web ACL capacity units (WCUs) currently being used by this web ACL. AWS WAF
	// uses WCUs to calculate and control the operating resources that are used to run
	// your rules, rule groups, and web ACLs. AWS WAF calculates capacity differently
	// for each rule type, to reflect the relative cost of each rule. Simple rules that
	// cost little to run use fewer WCUs than more complex rules that use more
	// processing power. Rule group capacity is fixed at creation, which helps users
	// plan their web ACL WCU usage when they use a rule group. The WCU limit for web
	// ACLs is 1,500.
	Capacity int64

	// A map of custom response keys and content bodies. When you create a rule with a
	// block action, you can send a custom response to the web request. You define
	// these for the web ACL, and then use them in the rules and default actions that
	// you define in the web ACL. For information about customizing web requests and
	// responses, see Customizing web requests and responses in AWS WAF
	// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html)
	// in the AWS WAF Developer Guide
	// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html). For
	// information about the limits on count and size for custom request and response
	// settings, see AWS WAF quotas
	// (https://docs.aws.amazon.com/waf/latest/developerguide/limits.html) in the AWS
	// WAF Developer Guide
	// (https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html).
	CustomResponseBodies map[string]CustomResponseBody

	// A description of the Web ACL that helps with identification.
	Description *string

	// The label namespace prefix for this web ACL. All labels added by rules in this
	// web ACL have this prefix.
	//
	// * The syntax for the label namespace prefix for a web
	// ACL is the following: awswaf::webacl::
	//
	// * When a rule with a label matches a web
	// request, AWS WAF adds the fully qualified label to the request. A fully
	// qualified label is made up of the label namespace from the rule group or web ACL
	// where the rule is defined and the label from the rule, separated by a colon: :
	LabelNamespace *string

	// Indicates whether this web ACL is managed by AWS Firewall Manager. If true, then
	// only AWS Firewall Manager can delete the web ACL or any Firewall Manager rule
	// groups in the web ACL.
	ManagedByFirewallManager bool

	// The last set of rules for AWS WAF to process in the web ACL. This is defined in
	// an AWS Firewall Manager WAF policy and contains only rule group references. You
	// can't alter these. Any rules and rule groups that you define for the web ACL are
	// prioritized before these. In the Firewall Manager WAF policy, the Firewall
	// Manager administrator can define a set of rule groups to run first in the web
	// ACL and a set of rule groups to run last. Within each set, the administrator
	// prioritizes the rule groups, to determine their relative processing order.
	PostProcessFirewallManagerRuleGroups []FirewallManagerRuleGroup

	// The first set of rules for AWS WAF to process in the web ACL. This is defined in
	// an AWS Firewall Manager WAF policy and contains only rule group references. You
	// can't alter these. Any rules and rule groups that you define for the web ACL are
	// prioritized after these. In the Firewall Manager WAF policy, the Firewall
	// Manager administrator can define a set of rule groups to run first in the web
	// ACL and a set of rule groups to run last. Within each set, the administrator
	// prioritizes the rule groups, to determine their relative processing order.
	PreProcessFirewallManagerRuleGroups []FirewallManagerRuleGroup

	// The Rule statements used to identify the web requests that you want to allow,
	// block, or count. Each rule includes one top-level statement that AWS WAF uses to
	// identify matching web requests, and parameters that govern how AWS WAF handles
	// them.
	Rules []Rule
}

type WebACLSummary struct {

	// The Amazon Resource Name (ARN) of the entity.
	ARN *string

	// A description of the Web ACL that helps with identification.
	Description *string

	// The unique identifier for the Web ACL. This ID is returned in the responses to
	// create and list commands. You provide it to operations like update and delete.
	Id *string

	// A token used for optimistic locking. AWS WAF returns a token to your get and
	// list requests, to mark the state of the entity at the time of the request. To
	// make changes to the entity associated with the token, you provide the token to
	// operations like update and delete. AWS WAF uses the token to ensure that no
	// changes have been made to the entity since you last retrieved it. If a change
	// has been made, the update fails with a WAFOptimisticLockException. If this
	// happens, perform another get, and use the new token returned by that operation.
	LockToken *string

	// The name of the Web ACL. You cannot change the name of a Web ACL after you
	// create it.
	Name *string
}

type XssMatchStatement struct {

	// The part of a web request that you want AWS WAF to inspect. For more
	// information, see FieldToMatch.
	//
	// This member is required.
	FieldToMatch *FieldToMatch

	// Text transformations eliminate some of the unusual formatting that attackers use
	// in web requests in an effort to bypass detection. If you specify one or more
	// transformations in a rule statement, AWS WAF performs all transformations on the
	// content of the request component identified by FieldToMatch, starting from the
	// lowest priority setting, before inspecting the content for a match.
	//
	// This member is required.
	TextTransformations []TextTransformation
}