Wafv2Client
WAF
This is the latest version of the WAF API, released in November, 2019. The names of the entities that you use to access this API, like endpoints and namespaces, all have the versioning information added, like "V2" or "v2", to distinguish from the prior version. We recommend migrating your resources to this version, because it has a number of significant improvements.
If you used WAF prior to this release, you can't use this WAFV2 API to access any WAF resources that you created before. WAF Classic support will end on September 30, 2025.
For information about WAF, including how to migrate your WAF Classic resources to this version, see the WAF Developer Guide.
WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to a protected resource. Protected resource types include Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync GraphQL API, Amazon Cognito user pool, App Runner service, Amplify application, and Amazon Web Services Verified Access instance. WAF also lets you control access to your content, to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that you specify, such as the IP addresses that requests originate from or the values of query strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code (Forbidden), or with a custom response.
This API guide is for developers who need detailed information about WAF API actions, data types, and errors. For detailed information about WAF features and guidance for configuring and using WAF, see the WAF Developer Guide.
You can make calls using the endpoints listed in WAF endpoints and quotas.
For regional resources, you can use any of the endpoints in the list. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, an App Runner service, or an Amazon Web Services Verified Access instance.
For Amazon CloudFront and Amplify, you must use the API endpoint listed for US East (N. Virginia): us-east-1.
Alternatively, you can use one of the Amazon Web Services SDKs to access an API that's tailored to the programming language or platform that you're using. For more information, see Amazon Web Services SDKs.
Functions
Associates a web ACL with a resource, to protect the resource.
Returns the web ACL capacity unit (WCU) requirements for a specified scope and set of rules. You can use this to check the capacity requirements for the rules you want to use in a RuleGroup or WebACL.
Creates an API key that contains a set of token domains.
Creates an IPSet, which you use to identify web requests that originate from specific IP addresses or ranges of IP addresses. For example, if you're receiving a lot of requests from a ranges of IP addresses, you can configure WAF to block them using an IPSet that lists those IP addresses.
Creates a RegexPatternSet, which you reference in a RegexPatternSetReferenceStatement, to have WAF inspect a web request component for the specified patterns.
Creates a RuleGroup per the specifications provided.
Creates a WebACL per the specifications provided.
Deletes the specified API key.
Deletes all rule groups that are managed by Firewall Manager from the specified WebACL.
Deletes the specified IPSet.
Deletes the LoggingConfiguration from the specified web ACL.
Permanently deletes an IAM policy from the specified rule group.
Deletes the specified RegexPatternSet.
Deletes the specified RuleGroup.
Deletes the specified WebACL.
Provides high-level information for the Amazon Web Services Managed Rules rule groups and Amazon Web Services Marketplace managed rule groups.
Provides high-level information for the managed rule groups owned by a specific vendor.
Provides high-level information for a managed rule group, including descriptions of the rules.
Disassociates the specified resource from its web ACL association, if it has one.
Generates a presigned download URL for the specified release of the mobile SDK.
Returns your API key in decrypted form. Use this to check the token domains that you have defined for the key.
Retrieves the specified IPSet.
Returns the LoggingConfiguration for the specified web ACL.
Retrieves the specified managed rule set.
Retrieves information for the specified mobile SDK release, including release notes and tags.
Returns the IAM policy that is attached to the specified rule group.
Retrieves the IP addresses that are currently blocked by a rate-based rule instance. This is only available for rate-based rules that aggregate solely on the IP address or on the forwarded IP address.
Retrieves the specified RegexPatternSet.
Retrieves the specified RuleGroup.
Gets detailed information about a specified number of requests--a sample--that WAF randomly selects from among the first 5,000 requests that your Amazon Web Services resource received during a time range that you choose. You can specify a sample size of up to 500 requests, and you can specify any time range in the previous three hours.
Retrieves the specified WebACL.
Retrieves the WebACL for the specified resource.
Retrieves a list of the API keys that you've defined for the specified scope.
Retrieves an array of managed rule groups that are available for you to use. This list includes all Amazon Web Services Managed Rules rule groups and all of the Amazon Web Services Marketplace managed rule groups that you're subscribed to.
Returns a list of the available versions for the specified managed rule group.
Retrieves an array of IPSetSummary objects for the IP sets that you manage.
Retrieves an array of your LoggingConfiguration objects.
Retrieves the managed rule sets that you own.
Retrieves a list of the available releases for the mobile SDK and the specified device platform.
Retrieves an array of RegexPatternSetSummary objects for the regex pattern sets that you manage.
Retrieves an array of the Amazon Resource Names (ARNs) for the resources that are associated with the specified web ACL.
Retrieves an array of RuleGroupSummary objects for the rule groups that you manage.
Retrieves the TagInfoForResource for the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.
Retrieves an array of WebACLSummary objects for the web ACLs that you manage.
Enables the specified LoggingConfiguration, to start logging from a web ACL, according to the configuration provided.
Defines the versions of your managed rule set that you are offering to the customers. Customers see your offerings as managed rule groups with versioning.
Use this to share a rule group with other accounts.
Associates tags with the specified Amazon Web Services resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.
Disassociates tags from an Amazon Web Services resource. Tags are key:value pairs that you can associate with Amazon Web Services resources. For example, the tag key might be "customer" and the tag value might be "companyA." You can specify one or more tags to add to each container. You can add up to 50 tags to each Amazon Web Services resource.
Updates the specified IPSet.
Updates the expiration information for your managed rule set. Use this to initiate the expiration of a managed rule group version. After you initiate expiration for a version, WAF excludes it from the response to ListAvailableManagedRuleGroupVersions for the managed rule group.
Updates the specified RegexPatternSet.
Updates the specified RuleGroup.
Updates the specified WebACL. While updating a web ACL, WAF provides continuous coverage to the resources that you have associated with the web ACL.
Inherited functions
Associates a web ACL with a resource, to protect the resource.
Returns the web ACL capacity unit (WCU) requirements for a specified scope and set of rules. You can use this to check the capacity requirements for the rules you want to use in a RuleGroup or WebACL.
Creates an API key that contains a set of token domains.
Creates an IPSet, which you use to identify web requests that originate from specific IP addresses or ranges of IP addresses. For example, if you're receiving a lot of requests from a ranges of IP addresses, you can configure WAF to block them using an IPSet that lists those IP addresses.
Creates a RegexPatternSet, which you reference in a RegexPatternSetReferenceStatement, to have WAF inspect a web request component for the specified patterns.
Creates a RuleGroup per the specifications provided.
Creates a WebACL per the specifications provided.
Deletes the specified API key.
Deletes all rule groups that are managed by Firewall Manager from the specified WebACL.
Deletes the specified IPSet.
Deletes the LoggingConfiguration from the specified web ACL.
Permanently deletes an IAM policy from the specified rule group.
Deletes the specified RegexPatternSet.
Deletes the specified RuleGroup.
Deletes the specified WebACL.
Provides high-level information for the Amazon Web Services Managed Rules rule groups and Amazon Web Services Marketplace managed rule groups.
Provides high-level information for the managed rule groups owned by a specific vendor.
Provides high-level information for a managed rule group, including descriptions of the rules.
Disassociates the specified resource from its web ACL association, if it has one.
Generates a presigned download URL for the specified release of the mobile SDK.
Returns your API key in decrypted form. Use this to check the token domains that you have defined for the key.
Retrieves the specified IPSet.
Returns the LoggingConfiguration for the specified web ACL.
Retrieves the specified managed rule set.
Retrieves information for the specified mobile SDK release, including release notes and tags.
Returns the IAM policy that is attached to the specified rule group.
Retrieves the IP addresses that are currently blocked by a rate-based rule instance. This is only available for rate-based rules that aggregate solely on the IP address or on the forwarded IP address.
Retrieves the specified RegexPatternSet.
Retrieves the specified RuleGroup.
Gets detailed information about a specified number of requests--a sample--that WAF randomly selects from among the first 5,000 requests that your Amazon Web Services resource received during a time range that you choose. You can specify a sample size of up to 500 requests, and you can specify any time range in the previous three hours.
Retrieves the specified WebACL.
Retrieves the WebACL for the specified resource.
Retrieves a list of the API keys that you've defined for the specified scope.
Retrieves an array of managed rule groups that are available for you to use. This list includes all Amazon Web Services Managed Rules rule groups and all of the Amazon Web Services Marketplace managed rule groups that you're subscribed to.
Returns a list of the available versions for the specified managed rule group.
Retrieves an array of IPSetSummary objects for the IP sets that you manage.
Retrieves an array of your LoggingConfiguration objects.
Retrieves the managed rule sets that you own.
Retrieves a list of the available releases for the mobile SDK and the specified device platform.
Retrieves an array of RegexPatternSetSummary objects for the regex pattern sets that you manage.
Retrieves an array of the Amazon Resource Names (ARNs) for the resources that are associated with the specified web ACL.
Retrieves an array of RuleGroupSummary objects for the rule groups that you manage.
Retrieves the TagInfoForResource for the specified resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.
Retrieves an array of WebACLSummary objects for the web ACLs that you manage.
Enables the specified LoggingConfiguration, to start logging from a web ACL, according to the configuration provided.
Defines the versions of your managed rule set that you are offering to the customers. Customers see your offerings as managed rule groups with versioning.
Use this to share a rule group with other accounts.
Associates tags with the specified Amazon Web Services resource. Tags are key:value pairs that you can use to categorize and manage your resources, for purposes like billing. For example, you might set the tag key to "customer" and the value to the customer name or ID. You can specify one or more tags to add to each Amazon Web Services resource, up to 50 tags for a resource.
Disassociates tags from an Amazon Web Services resource. Tags are key:value pairs that you can associate with Amazon Web Services resources. For example, the tag key might be "customer" and the tag value might be "companyA." You can specify one or more tags to add to each container. You can add up to 50 tags to each Amazon Web Services resource.
Updates the specified IPSet.
Updates the expiration information for your managed rule set. Use this to initiate the expiration of a managed rule group version. After you initiate expiration for a version, WAF excludes it from the response to ListAvailableManagedRuleGroupVersions for the managed rule group.
Updates the specified RegexPatternSet.
Updates the specified RuleGroup.
Updates the specified WebACL. While updating a web ACL, WAF provides continuous coverage to the resources that you have associated with the web ACL.
Create a copy of the client with one or more configuration values overridden. This method allows the caller to perform scoped config overrides for one or more client operations.