updateWebACL method
- required DefaultAction defaultAction,
- required String id,
- required String lockToken,
- required String name,
- required Scope scope,
- required VisibilityConfig visibilityConfig,
- ApplicationConfig? applicationConfig,
- AssociationConfig? associationConfig,
- CaptchaConfig? captchaConfig,
- ChallengeConfig? challengeConfig,
- Map<
String, CustomResponseBody> ? customResponseBodies, - DataProtectionConfig? dataProtectionConfig,
- String? description,
- OnSourceDDoSProtectionConfig? onSourceDDoSProtectionConfig,
- List<
Rule> ? rules, - List<
String> ? tokenDomains,
Updates the specified WebACL. While updating a web ACL, WAF provides continuous coverage to the resources that you have associated with the web ACL.
To modify a web ACL, do the following:
- Retrieve it by calling GetWebACL
- Update its settings as needed
- Provide the complete web ACL specification to this call
Temporary inconsistencies during updates
When you create or change a web ACL or other WAF resources, the changes take a small amount of time to propagate to all areas where the resources are stored. The propagation time can be from a few seconds to a number of minutes.
The following are examples of the temporary inconsistencies that you might notice during change propagation:
- After you create a web ACL, if you try to associate it with a resource, you might get an exception indicating that the web ACL is unavailable.
- After you add a rule group to a web ACL, the new rule group rules might be in effect in one area where the web ACL is used and not in another.
- After you change a rule action setting, you might see the old action in some places and the new action in others.
- After you add an IP address to an IP set that is in use in a blocking rule, the new address might be blocked in one area while still allowed in another.
May throw WAFConfigurationWarningException.
May throw WAFDuplicateItemException.
May throw WAFExpiredManagedRuleGroupVersionException.
May throw WAFFeatureNotIncludedInPricingPlanException.
May throw WAFInternalErrorException.
May throw WAFInvalidOperationException.
May throw WAFInvalidParameterException.
May throw WAFInvalidResourceException.
May throw WAFLimitsExceededException.
May throw WAFNonexistentItemException.
May throw WAFOptimisticLockException.
May throw WAFSubscriptionNotFoundException.
May throw WAFUnavailableEntityException.
Parameter defaultAction :
The action to perform if none of the Rules contained in the
WebACL match.
Parameter id :
The unique identifier for the web ACL. This ID is returned in the
responses to create and list commands. You provide it to operations like
update and delete.
Parameter lockToken :
A token used for optimistic locking. WAF returns a token to your
get and list requests, to mark the state of the
entity at the time of the request. To make changes to the entity
associated with the token, you provide the token to operations like
update and delete. WAF uses the token to ensure
that no changes have been made to the entity since you last retrieved it.
If a change has been made, the update fails with a
WAFOptimisticLockException. If this happens, perform another
get, and use the new token returned by that operation.
Parameter name :
The name of the web ACL. You cannot change the name of a web ACL after you
create it.
Parameter scope :
Specifies whether this is for a global resource type, such as a Amazon
CloudFront distribution. For an Amplify application, use
CLOUDFRONT.
To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows:
-
CLI - Specify the Region when you use the CloudFront scope:
--scope=CLOUDFRONT --region=us-east-1. - API and SDKs - For all calls, use the Region endpoint us-east-1.
Parameter visibilityConfig :
Defines and enables Amazon CloudWatch metrics and web request sample
collection.
Parameter applicationConfig :
Configures the ability for the WAF console to store and retrieve
application attributes. Application attributes help WAF give
recommendations for protection packs.
When using UpdateWebACL, ApplicationConfig
follows these rules:
-
If you omit
ApplicationConfigfrom the request, all existing entries in the web ACL are retained. -
If you include
ApplicationConfig, entries must match the existing values exactly. Any attempt to modify existing entries will result in an error.
Parameter associationConfig :
Specifies custom configurations for the associations between the web ACL
and protected resources.
Use this to customize the maximum size of the request body that your protected resources forward to WAF for inspection. You can customize this setting for CloudFront, API Gateway, Amazon Cognito, App Runner, or Verified Access resources. The default setting is 16 KB (16,384 bytes). For Application Load Balancer and AppSync, the limit is fixed at 8 KB (8,192 bytes).
Parameter captchaConfig :
Specifies how WAF should handle CAPTCHA evaluations for rules
that don't have their own CaptchaConfig settings. If you
don't specify this, WAF uses its default settings for
CaptchaConfig.
Parameter challengeConfig :
Specifies how WAF should handle challenge evaluations for rules that don't
have their own ChallengeConfig settings. If you don't specify
this, WAF uses its default settings for ChallengeConfig.
Parameter customResponseBodies :
A map of custom response keys and content bodies. When you create a rule
with a block action, you can send a custom response to the web request.
You define these for the web ACL, and then use them in the rules and
default actions that you define in the web ACL.
For information about customizing web requests and responses, see Customizing web requests and responses in WAF in the WAF Developer Guide.
For information about the limits on count and size for custom request and response settings, see WAF quotas in the WAF Developer Guide.
Parameter dataProtectionConfig :
Specifies data protection to apply to the web request data for the web
ACL. This is a web ACL level data protection option.
The data protection that you configure for the web ACL alters the data that's available for any other data collection activity, including your WAF logging destinations, web ACL request sampling, and Amazon Security Lake data collection and management. Your other option for data protection is in the logging configuration, which only affects logging.
Parameter description :
A description of the web ACL that helps with identification.
Parameter onSourceDDoSProtectionConfig :
Specifies the type of DDoS protection to apply to web request data for a
web ACL. For most scenarios, it is recommended to use the default
protection level, ACTIVE_UNDER_DDOS. If a web ACL is
associated with multiple Application Load Balancers, the changes you make
to DDoS protection in that web ACL will apply to all associated
Application Load Balancers.
Parameter rules :
The Rule statements used to identify the web requests that you want
to manage. Each rule includes one top-level statement that WAF uses to
identify matching web requests, and parameters that govern how WAF handles
them.
Parameter tokenDomains :
Specifies the domains that WAF should accept in a web request token. This
enables the use of tokens across multiple protected websites. When WAF
provides a token, it uses the domain of the Amazon Web Services resource
that the web ACL is protecting. If you don't specify a list of token
domains, WAF accepts tokens only for the domain of the protected resource.
With a token domain list, WAF accepts the resource's host domain plus all
domains in the token domain list, including their prefixed subdomains.
Example JSON: "TokenDomains": { "mywebsite.com",
"myotherwebsite.com" }
Public suffixes aren't allowed. For example, you can't use
gov.au or co.uk as token domains.
Implementation
Future<UpdateWebACLResponse> updateWebACL({
required DefaultAction defaultAction,
required String id,
required String lockToken,
required String name,
required Scope scope,
required VisibilityConfig visibilityConfig,
ApplicationConfig? applicationConfig,
AssociationConfig? associationConfig,
CaptchaConfig? captchaConfig,
ChallengeConfig? challengeConfig,
Map<String, CustomResponseBody>? customResponseBodies,
DataProtectionConfig? dataProtectionConfig,
String? description,
OnSourceDDoSProtectionConfig? onSourceDDoSProtectionConfig,
List<Rule>? rules,
List<String>? tokenDomains,
}) async {
final headers = <String, String>{
'Content-Type': 'application/x-amz-json-1.1',
'X-Amz-Target': 'AWSWAF_20190729.UpdateWebACL'
};
final jsonResponse = await _protocol.send(
method: 'POST',
requestUri: '/',
exceptionFnMap: _exceptionFns,
// TODO queryParams
headers: headers,
payload: {
'DefaultAction': defaultAction,
'Id': id,
'LockToken': lockToken,
'Name': name,
'Scope': scope.value,
'VisibilityConfig': visibilityConfig,
if (applicationConfig != null) 'ApplicationConfig': applicationConfig,
if (associationConfig != null) 'AssociationConfig': associationConfig,
if (captchaConfig != null) 'CaptchaConfig': captchaConfig,
if (challengeConfig != null) 'ChallengeConfig': challengeConfig,
if (customResponseBodies != null)
'CustomResponseBodies': customResponseBodies,
if (dataProtectionConfig != null)
'DataProtectionConfig': dataProtectionConfig,
if (description != null) 'Description': description,
if (onSourceDDoSProtectionConfig != null)
'OnSourceDDoSProtectionConfig': onSourceDDoSProtectionConfig,
if (rules != null) 'Rules': rules,
if (tokenDomains != null) 'TokenDomains': tokenDomains,
},
);
return UpdateWebACLResponse.fromJson(jsonResponse.body);
}