WAF now provides two DDoS protection options: resource-level monitoring for Application Load Balancers and the AWSManagedRulesAntiDDoSRuleSet managed rule group for CloudFront distributions.

Author: aws-sdk-dotnet-automation

generator/ServiceModels/wafv2/wafv2-2019-07-29.api.json

@@ -960,6 +960,14 @@
         "EnableRegexInPath":{"shape":"Boolean"}
       }
     },
+    "AWSManagedRulesAntiDDoSRuleSet":{
+      "type":"structure",
+      "required":["ClientSideActionConfig"],
+      "members":{
+        "ClientSideActionConfig":{"shape":"ClientSideActionConfig"},
+        "SensitivityToBlock":{"shape":"SensitivityToAct"}
+      }
+    },
     "AWSManagedRulesBotControlRuleSet":{
       "type":"structure",
       "required":["InspectionLevel"],
@@ -1161,6 +1169,22 @@
         "Capacity":{"shape":"ConsumedCapacity"}
       }
     },
+    "ClientSideAction":{
+      "type":"structure",
+      "required":["UsageOfAction"],
+      "members":{
+        "UsageOfAction":{"shape":"UsageOfAction"},
+        "Sensitivity":{"shape":"SensitivityToAct"},
+        "ExemptUriRegularExpressions":{"shape":"RegularExpressionList"}
+      }
+    },
+    "ClientSideActionConfig":{
+      "type":"structure",
+      "required":["Challenge"],
+      "members":{
+        "Challenge":{"shape":"ClientSideAction"}
+      }
+    },
     "ComparisonOperator":{
       "type":"string",
       "enum":[
@@ -1589,7 +1613,8 @@
         "CaptchaConfig":{"shape":"CaptchaConfig"},
         "ChallengeConfig":{"shape":"ChallengeConfig"},
         "TokenDomains":{"shape":"TokenDomains"},
-        "AssociationConfig":{"shape":"AssociationConfig"}
+        "AssociationConfig":{"shape":"AssociationConfig"},
+        "OnSourceDDoSProtectionConfig":{"shape":"OnSourceDDoSProtectionConfig"}
       }
     },
     "CreateWebACLResponse":{
@@ -2885,6 +2910,13 @@
       "min":1,
       "pattern":".*\\S.*"
     },
+    "LowReputationMode":{
+      "type":"string",
+      "enum":[
+        "ACTIVE_UNDER_DDOS",
+        "ALWAYS_ON"
+      ]
+    },
     "ManagedProductDescriptor":{
       "type":"structure",
       "members":{
@@ -2928,7 +2960,8 @@
         },
         "AWSManagedRulesBotControlRuleSet":{"shape":"AWSManagedRulesBotControlRuleSet"},
         "AWSManagedRulesATPRuleSet":{"shape":"AWSManagedRulesATPRuleSet"},
-        "AWSManagedRulesACFPRuleSet":{"shape":"AWSManagedRulesACFPRuleSet"}
+        "AWSManagedRulesACFPRuleSet":{"shape":"AWSManagedRulesACFPRuleSet"},
+        "AWSManagedRulesAntiDDoSRuleSet":{"shape":"AWSManagedRulesAntiDDoSRuleSet"}
       }
     },
     "ManagedRuleGroupConfigs":{
@@ -3062,6 +3095,13 @@
         "Statement":{"shape":"Statement"}
       }
     },
+    "OnSourceDDoSProtectionConfig":{
+      "type":"structure",
+      "required":["ALBLowReputationMode"],
+      "members":{
+        "ALBLowReputationMode":{"shape":"LowReputationMode"}
+      }
+    },
     "OrStatement":{
       "type":"structure",
       "required":["Statements"],
@@ -3163,7 +3203,8 @@
         "SCOPE_DOWN",
         "CUSTOM_KEYS",
         "ACP_RULE_SET_RESPONSE_INSPECTION",
-        "DATA_PROTECTION_CONFIG"
+        "DATA_PROTECTION_CONFIG",
+        "LOW_REPUTATION_MODE"
       ]
     },
     "ParameterExceptionParameter":{
@@ -3876,6 +3917,14 @@
         "HIGH"
       ]
     },
+    "SensitivityToAct":{
+      "type":"string",
+      "enum":[
+        "LOW",
+        "MEDIUM",
+        "HIGH"
+      ]
+    },
     "SingleCookieName":{
       "type":"string",
       "max":60,
@@ -4249,7 +4298,8 @@
         "CaptchaConfig":{"shape":"CaptchaConfig"},
         "ChallengeConfig":{"shape":"ChallengeConfig"},
         "TokenDomains":{"shape":"TokenDomains"},
-        "AssociationConfig":{"shape":"AssociationConfig"}
+        "AssociationConfig":{"shape":"AssociationConfig"},
+        "OnSourceDDoSProtectionConfig":{"shape":"OnSourceDDoSProtectionConfig"}
       }
     },
     "UpdateWebACLResponse":{
@@ -4268,6 +4318,13 @@
       "type":"structure",
       "members":{}
     },
+    "UsageOfAction":{
+      "type":"string",
+      "enum":[
+        "ENABLED",
+        "DISABLED"
+      ]
+    },
     "UsernameField":{
       "type":"structure",
       "required":["Identifier"],
@@ -4479,7 +4536,8 @@
         "ChallengeConfig":{"shape":"ChallengeConfig"},
         "TokenDomains":{"shape":"TokenDomains"},
         "AssociationConfig":{"shape":"AssociationConfig"},
-        "RetrofittedByFirewallManager":{"shape":"Boolean"}
+        "RetrofittedByFirewallManager":{"shape":"Boolean"},
+        "OnSourceDDoSProtectionConfig":{"shape":"OnSourceDDoSProtectionConfig"}
       }
     },
     "WebACLSummaries":{

generator/ServiceModels/wafv2/wafv2-2019-07-29.docs.json

@@ -32,6 +32,16 @@ namespace Amazon.WAFV2.Model
     /// <summary>
     /// Details for your use of the account creation fraud prevention managed rule group,
     /// <c>AWSManagedRulesACFPRuleSet</c>. This configuration is used in <c>ManagedRuleGroupConfig</c>.
+    /// 
+    /// 
+    ///  
+    /// <para>
+    /// For additional information about this and the other intelligent threat mitigation
+    /// rule groups, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-protections">Intelligent
+    /// threat mitigation in WAF</a> and <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list">Amazon
+    /// Web Services Managed Rules rule groups list</a> in the <i>WAF Developer Guide</i>.
+    /// 
+    /// </para>
     /// </summary>
     public partial class AWSManagedRulesACFPRuleSet
     {

generator/ServiceModels/wafv2/wafv2-2019-07-29.normal.json

@@ -31,7 +31,16 @@ namespace Amazon.WAFV2.Model
 {
     /// <summary>
     /// Details for your use of the account takeover prevention managed rule group, <c>AWSManagedRulesATPRuleSet</c>.
-    /// This configuration is used in <c>ManagedRuleGroupConfig</c>.
+    /// This configuration is used in <c>ManagedRuleGroupConfig</c>. 
+    /// 
+    ///  
+    /// <para>
+    /// For additional information about this and the other intelligent threat mitigation
+    /// rule groups, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-protections">Intelligent
+    /// threat mitigation in WAF</a> and <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list">Amazon
+    /// Web Services Managed Rules rule groups list</a> in the <i>WAF Developer Guide</i>.
+    /// 
+    /// </para>
     /// </summary>
     public partial class AWSManagedRulesATPRuleSet
     {

sdk/src/Services/WAFV2/Generated/Model/AWSManagedRulesACFPRuleSet.cs

@@ -0,0 +1,118 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ * 
+ *  http://aws.amazon.com/apache2.0
+ * 
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+/*
+ * Do not modify this file. This file is generated from the wafv2-2019-07-29.normal.json service model.
+ */
+using System;
+using System.Collections.Generic;
+using System.Xml.Serialization;
+using System.Text;
+using System.IO;
+using System.Net;
+
+using Amazon.Runtime;
+using Amazon.Runtime.Internal;
+
+#pragma warning disable CS0612,CS0618,CS1570
+namespace Amazon.WAFV2.Model
+{
+    /// <summary>
+    /// Configures the use of the anti-DDoS managed rule group, <c>AWSManagedRulesAntiDDoSRuleSet</c>.
+    /// This configuration is used in <c>ManagedRuleGroupConfig</c>. 
+    /// 
+    ///  
+    /// <para>
+    /// The configuration that you provide here determines whether and how the rules in the
+    /// rule group are used. 
+    /// </para>
+    ///  
+    /// <para>
+    /// For additional information about this and the other intelligent threat mitigation
+    /// rule groups, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-protections">Intelligent
+    /// threat mitigation in WAF</a> and <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list">Amazon
+    /// Web Services Managed Rules rule groups list</a> in the <i>WAF Developer Guide</i>.
+    /// 
+    /// </para>
+    /// </summary>
+    public partial class AWSManagedRulesAntiDDoSRuleSet
+    {
+        private ClientSideActionConfig _clientSideActionConfig;
+        private SensitivityToAct _sensitivityToBlock;
+
+        /// <summary>
+        /// Gets and sets the property ClientSideActionConfig. 
+        /// <para>
+        /// Configures the request handling that's applied by the managed rule group rules <c>ChallengeAllDuringEvent</c>
+        /// and <c>ChallengeDDoSRequests</c> during a distributed denial of service (DDoS) attack.
+        /// </para>
+        /// </summary>
+        [AWSProperty(Required=true)]
+        public ClientSideActionConfig ClientSideActionConfig
+        {
+            get { return this._clientSideActionConfig; }
+            set { this._clientSideActionConfig = value; }
+        }
+
+        // Check to see if ClientSideActionConfig property is set
+        internal bool IsSetClientSideActionConfig()
+        {
+            return this._clientSideActionConfig != null;
+        }
+
+        /// <summary>
+        /// Gets and sets the property SensitivityToBlock. 
+        /// <para>
+        /// The sensitivity that the rule group rule <c>DDoSRequests</c> uses when matching against
+        /// the DDoS suspicion labeling on a request. The managed rule group adds the labeling
+        /// during DDoS events, before the <c>DDoSRequests</c> rule runs. 
+        /// </para>
+        ///  
+        /// <para>
+        /// The higher the sensitivity, the more levels of labeling that the rule matches: 
+        /// </para>
+        ///  <ul> <li> 
+        /// <para>
+        /// Low sensitivity is less sensitive, causing the rule to match only on the most likely
+        /// participants in an attack, which are the requests with the high suspicion label <c>awswaf:managed:aws:anti-ddos:high-suspicion-ddos-request</c>.
+        /// </para>
+        ///  </li> <li> 
+        /// <para>
+        /// Medium sensitivity causes the rule to match on the medium and high suspicion labels.
+        /// </para>
+        ///  </li> <li> 
+        /// <para>
+        /// High sensitivity causes the rule to match on all of the suspicion labels: low, medium,
+        /// and high.
+        /// </para>
+        ///  </li> </ul> 
+        /// <para>
+        /// Default: <c>LOW</c> 
+        /// </para>
+        /// </summary>
+        public SensitivityToAct SensitivityToBlock
+        {
+            get { return this._sensitivityToBlock; }
+            set { this._sensitivityToBlock = value; }
+        }
+
+        // Check to see if SensitivityToBlock property is set
+        internal bool IsSetSensitivityToBlock()
+        {
+            return this._sensitivityToBlock != null;
+        }
+
+    }
+}

sdk/src/Services/WAFV2/Generated/Model/AWSManagedRulesATPRuleSet.cs

@@ -31,7 +31,16 @@ namespace Amazon.WAFV2.Model
 {
     /// <summary>
     /// Details for your use of the Bot Control managed rule group, <c>AWSManagedRulesBotControlRuleSet</c>.
-    /// This configuration is used in <c>ManagedRuleGroupConfig</c>.
+    /// This configuration is used in <c>ManagedRuleGroupConfig</c>. 
+    /// 
+    ///  
+    /// <para>
+    /// For additional information about this and the other intelligent threat mitigation
+    /// rule groups, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-managed-protections">Intelligent
+    /// threat mitigation in WAF</a> and <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-list">Amazon
+    /// Web Services Managed Rules rule groups list</a> in the <i>WAF Developer Guide</i>.
+    /// 
+    /// </para>
     /// </summary>
     public partial class AWSManagedRulesBotControlRuleSet
     {