feat(client-wafv2): AWS WAF now supports configurable time windows for request aggregation with rate-based rules. Customers can now select time windows of 1 minute, 2 minutes or 10 minutes, in addition to the previously supported 5 minutes.

awstools · awstools · commit 4528e88c9315 · 2024-02-28T19:13:07.000Z
diff --git a/clients/client-wafv2/src/commands/CheckCapacityCommand.ts b/clients/client-wafv2/src/commands/CheckCapacityCommand.ts
@@ -455,6 +455,7 @@ export interface CheckCapacityCommandOutput extends CheckCapacityResponse, __Met
  *         },
  *         RateBasedStatement: { // RateBasedStatement
  *           Limit: Number("long"), // required
+ *           EvaluationWindowSec: Number("long"),
  *           AggregateKeyType: "IP" || "FORWARDED_IP" || "CUSTOM_KEYS" || "CONSTANT", // required
  *           ScopeDownStatement: {
  *             ByteMatchStatement: {
@@ -538,6 +539,7 @@ export interface CheckCapacityCommandOutput extends CheckCapacityResponse, __Met
  *             },
  *             RateBasedStatement: {
  *               Limit: Number("long"), // required
+ *               EvaluationWindowSec: Number("long"),
  *               AggregateKeyType: "IP" || "FORWARDED_IP" || "CUSTOM_KEYS" || "CONSTANT", // required
  *               ScopeDownStatement: "<Statement>",
  *               ForwardedIPConfig: {
diff --git a/clients/client-wafv2/src/commands/CreateRuleGroupCommand.ts b/clients/client-wafv2/src/commands/CreateRuleGroupCommand.ts
@@ -448,6 +448,7 @@ export interface CreateRuleGroupCommandOutput extends CreateRuleGroupResponse, _
  *         },
  *         RateBasedStatement: { // RateBasedStatement
  *           Limit: Number("long"), // required
+ *           EvaluationWindowSec: Number("long"),
  *           AggregateKeyType: "IP" || "FORWARDED_IP" || "CUSTOM_KEYS" || "CONSTANT", // required
  *           ScopeDownStatement: {
  *             ByteMatchStatement: {
@@ -531,6 +532,7 @@ export interface CreateRuleGroupCommandOutput extends CreateRuleGroupResponse, _
  *             },
  *             RateBasedStatement: {
  *               Limit: Number("long"), // required
+ *               EvaluationWindowSec: Number("long"),
  *               AggregateKeyType: "IP" || "FORWARDED_IP" || "CUSTOM_KEYS" || "CONSTANT", // required
  *               ScopeDownStatement: "<Statement>",
  *               ForwardedIPConfig: {
diff --git a/clients/client-wafv2/src/commands/CreateWebACLCommand.ts b/clients/client-wafv2/src/commands/CreateWebACLCommand.ts
@@ -461,6 +461,7 @@ export interface CreateWebACLCommandOutput extends CreateWebACLResponse, __Metad
  *         },
  *         RateBasedStatement: { // RateBasedStatement
  *           Limit: Number("long"), // required
+ *           EvaluationWindowSec: Number("long"),
  *           AggregateKeyType: "IP" || "FORWARDED_IP" || "CUSTOM_KEYS" || "CONSTANT", // required
  *           ScopeDownStatement: {
  *             ByteMatchStatement: {
@@ -534,6 +535,7 @@ export interface CreateWebACLCommandOutput extends CreateWebACLResponse, __Metad
  *             },
  *             RateBasedStatement: {
  *               Limit: Number("long"), // required
+ *               EvaluationWindowSec: Number("long"),
  *               AggregateKeyType: "IP" || "FORWARDED_IP" || "CUSTOM_KEYS" || "CONSTANT", // required
  *               ScopeDownStatement: "<Statement>",
  *               ForwardedIPConfig: {
diff --git a/clients/client-wafv2/src/commands/GetRuleGroupCommand.ts b/clients/client-wafv2/src/commands/GetRuleGroupCommand.ts
@@ -457,6 +457,7 @@ export interface GetRuleGroupCommandOutput extends GetRuleGroupResponse, __Metad
  * //           },
  * //           RateBasedStatement: { // RateBasedStatement
  * //             Limit: Number("long"), // required
+ * //             EvaluationWindowSec: Number("long"),
  * //             AggregateKeyType: "IP" || "FORWARDED_IP" || "CUSTOM_KEYS" || "CONSTANT", // required
  * //             ScopeDownStatement: {
  * //               ByteMatchStatement: {
@@ -540,6 +541,7 @@ export interface GetRuleGroupCommandOutput extends GetRuleGroupResponse, __Metad
  * //               },
  * //               RateBasedStatement: {
  * //                 Limit: Number("long"), // required
+ * //                 EvaluationWindowSec: Number("long"),
  * //                 AggregateKeyType: "IP" || "FORWARDED_IP" || "CUSTOM_KEYS" || "CONSTANT", // required
  * //                 ScopeDownStatement: "<Statement>",
  * //                 ForwardedIPConfig: {
diff --git a/clients/client-wafv2/src/commands/GetWebACLCommand.ts b/clients/client-wafv2/src/commands/GetWebACLCommand.ts
@@ -469,6 +469,7 @@ export interface GetWebACLCommandOutput extends GetWebACLResponse, __MetadataBea
  * //           },
  * //           RateBasedStatement: { // RateBasedStatement
  * //             Limit: Number("long"), // required
+ * //             EvaluationWindowSec: Number("long"),
  * //             AggregateKeyType: "IP" || "FORWARDED_IP" || "CUSTOM_KEYS" || "CONSTANT", // required
  * //             ScopeDownStatement: {
  * //               ByteMatchStatement: {
@@ -542,6 +543,7 @@ export interface GetWebACLCommandOutput extends GetWebACLResponse, __MetadataBea
  * //               },
  * //               RateBasedStatement: {
  * //                 Limit: Number("long"), // required
+ * //                 EvaluationWindowSec: Number("long"),
  * //                 AggregateKeyType: "IP" || "FORWARDED_IP" || "CUSTOM_KEYS" || "CONSTANT", // required
  * //                 ScopeDownStatement: "<Statement>",
  * //                 ForwardedIPConfig: {
diff --git a/clients/client-wafv2/src/commands/GetWebACLForResourceCommand.ts b/clients/client-wafv2/src/commands/GetWebACLForResourceCommand.ts
@@ -477,6 +477,7 @@ export interface GetWebACLForResourceCommandOutput extends GetWebACLForResourceR
  * //           },
  * //           RateBasedStatement: { // RateBasedStatement
  * //             Limit: Number("long"), // required
+ * //             EvaluationWindowSec: Number("long"),
  * //             AggregateKeyType: "IP" || "FORWARDED_IP" || "CUSTOM_KEYS" || "CONSTANT", // required
  * //             ScopeDownStatement: {
  * //               ByteMatchStatement: {
@@ -550,6 +551,7 @@ export interface GetWebACLForResourceCommandOutput extends GetWebACLForResourceR
  * //               },
  * //               RateBasedStatement: {
  * //                 Limit: Number("long"), // required
+ * //                 EvaluationWindowSec: Number("long"),
  * //                 AggregateKeyType: "IP" || "FORWARDED_IP" || "CUSTOM_KEYS" || "CONSTANT", // required
  * //                 ScopeDownStatement: "<Statement>",
  * //                 ForwardedIPConfig: {
diff --git a/clients/client-wafv2/src/commands/UpdateRuleGroupCommand.ts b/clients/client-wafv2/src/commands/UpdateRuleGroupCommand.ts
@@ -483,6 +483,7 @@ export interface UpdateRuleGroupCommandOutput extends UpdateRuleGroupResponse, _
  *         },
  *         RateBasedStatement: { // RateBasedStatement
  *           Limit: Number("long"), // required
+ *           EvaluationWindowSec: Number("long"),
  *           AggregateKeyType: "IP" || "FORWARDED_IP" || "CUSTOM_KEYS" || "CONSTANT", // required
  *           ScopeDownStatement: {
  *             ByteMatchStatement: {
@@ -566,6 +567,7 @@ export interface UpdateRuleGroupCommandOutput extends UpdateRuleGroupResponse, _
  *             },
  *             RateBasedStatement: {
  *               Limit: Number("long"), // required
+ *               EvaluationWindowSec: Number("long"),
  *               AggregateKeyType: "IP" || "FORWARDED_IP" || "CUSTOM_KEYS" || "CONSTANT", // required
  *               ScopeDownStatement: "<Statement>",
  *               ForwardedIPConfig: {
diff --git a/clients/client-wafv2/src/commands/UpdateWebACLCommand.ts b/clients/client-wafv2/src/commands/UpdateWebACLCommand.ts
@@ -498,6 +498,7 @@ export interface UpdateWebACLCommandOutput extends UpdateWebACLResponse, __Metad
  *         },
  *         RateBasedStatement: { // RateBasedStatement
  *           Limit: Number("long"), // required
+ *           EvaluationWindowSec: Number("long"),
  *           AggregateKeyType: "IP" || "FORWARDED_IP" || "CUSTOM_KEYS" || "CONSTANT", // required
  *           ScopeDownStatement: {
  *             ByteMatchStatement: {
@@ -571,6 +572,7 @@ export interface UpdateWebACLCommandOutput extends UpdateWebACLResponse, __Metad
  *             },
  *             RateBasedStatement: {
  *               Limit: Number("long"), // required
+ *               EvaluationWindowSec: Number("long"),
  *               AggregateKeyType: "IP" || "FORWARDED_IP" || "CUSTOM_KEYS" || "CONSTANT", // required
  *               ScopeDownStatement: "<Statement>",
  *               ForwardedIPConfig: {
diff --git a/clients/client-wafv2/src/models/models_0.ts b/clients/client-wafv2/src/models/models_0.ts
@@ -7890,6 +7890,18 @@ export interface RateBasedStatement {
    */
   Limit: number | undefined;
 
+  /**
+   * @public
+   * <p>The amount of time, in seconds, that WAF
+   *             should include in its request counts, looking back from the current time. For example,
+   *             for a setting of 120, when WAF checks the rate, it counts the requests for the 2 minutes immediately preceding
+   *             the current time. Valid settings are 60, 120, 300, and 600. </p>
+   *          <p>This setting doesn't determine how often WAF checks the rate, but how far back it looks each
+   *             time it checks. WAF checks the rate about every 10 seconds.</p>
+   *          <p>Default: <code>300</code> (5 minutes)</p>
+   */
+  EvaluationWindowSec?: number;
+
   /**
    * @public
    * <p>Setting that indicates how to aggregate the request counts. </p>
diff --git a/clients/client-wafv2/src/protocols/Aws_json1_1.ts b/clients/client-wafv2/src/protocols/Aws_json1_1.ts
@@ -2855,6 +2855,7 @@ const se_RateBasedStatement = (input: RateBasedStatement, context: __SerdeContex
   return take(input, {
     AggregateKeyType: [],
     CustomKeys: _json,
+    EvaluationWindowSec: [],
     ForwardedIPConfig: _json,
     Limit: [],
     ScopeDownStatement: (_) => se_Statement(_, context),
@@ -3642,6 +3643,7 @@ const de_RateBasedStatement = (output: any, context: __SerdeContext): RateBasedS
   return take(output, {
     AggregateKeyType: __expectString,
     CustomKeys: _json,
+    EvaluationWindowSec: __expectLong,
     ForwardedIPConfig: _json,
     Limit: __expectLong,
     ScopeDownStatement: (_: any) => de_Statement(_, context),
diff --git a/codegen/sdk-codegen/aws-models/wafv2.json b/codegen/sdk-codegen/aws-models/wafv2.json
@@ -5343,6 +5343,12 @@
     "com.amazonaws.wafv2#ErrorReason": {
       "type": "string"
     },
+    "com.amazonaws.wafv2#EvaluationWindowSec": {
+      "type": "long",
+      "traits": {
+        "smithy.api#default": 0
+      }
+    },
     "com.amazonaws.wafv2#ExcludedRule": {
       "type": "structure",
       "members": {
@@ -9682,6 +9688,13 @@
             "smithy.api#required": {}
           }
         },
+        "EvaluationWindowSec": {
+          "target": "com.amazonaws.wafv2#EvaluationWindowSec",
+          "traits": {
+            "smithy.api#default": 0,
+            "smithy.api#documentation": "<p>The amount of time, in seconds, that WAF\n            should include in its request counts, looking back from the current time. For example, \n            for a setting of 120, when WAF checks the rate, it counts the requests for the 2 minutes immediately preceding \n            the current time. Valid settings are 60, 120, 300, and 600. </p>\n         <p>This setting doesn't determine how often WAF checks the rate, but how far back it looks each \n            time it checks. WAF checks the rate about every 10 seconds.</p>\n         <p>Default: <code>300</code> (5 minutes)</p>"
+          }
+        },
         "AggregateKeyType": {
           "target": "com.amazonaws.wafv2#RateBasedStatementAggregateKeyType",
           "traits": {
