From e11d2f95c0c12c79b08c3cbbcf28836d4d60c9e3 Mon Sep 17 00:00:00 2001
From: awstools <awstools@amazon.com>
Date: Mon, 3 Apr 2023 18:12:58 +0000
Subject: [PATCH] feat(client-wafv2): For web ACLs that protect CloudFront
 protections, the default request body inspection size is now 16 KB, and you
 can use the new association configuration to increase the inspection size
 further, up to 64 KB. Sizes over 16 KB can incur additional costs.

---
 clients/client-wafv2/README.md                |    2 +-
 clients/client-wafv2/src/WAFV2.ts             |   24 +-
 clients/client-wafv2/src/WAFV2Client.ts       |    2 +-
 .../src/commands/AssociateWebACLCommand.ts    |    4 +-
 .../src/commands/CheckCapacityCommand.ts      |    4 +-
 .../src/commands/CreateWebACLCommand.ts       |    9 +-
 .../src/commands/DeleteWebACLCommand.ts       |    6 +-
 .../src/commands/DisassociateWebACLCommand.ts |    4 +-
 .../commands/PutPermissionPolicyCommand.ts    |    2 +-
 .../src/commands/UpdateWebACLCommand.ts       |    9 +-
 clients/client-wafv2/src/endpoint/ruleset.ts  |   34 +-
 clients/client-wafv2/src/models/models_0.ts   |  384 +++---
 .../client-wafv2/src/protocols/Aws_json1_1.ts |   79 ++
 codegen/sdk-codegen/aws-models/wafv2.json     | 1060 ++++++-----------
 14 files changed, 744 insertions(+), 879 deletions(-)

diff --git a/clients/client-wafv2/README.md b/clients/client-wafv2/README.md
index 9e7890568fe3..9c5cbb9b69d8 100644
--- a/clients/client-wafv2/README.md
+++ b/clients/client-wafv2/README.md
@@ -39,7 +39,7 @@ Guide</a>.</p>
 <ul>
 <li>
 <p>For regional applications, you can use any of the endpoints in the list.
-A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service. </p>
+A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. </p>
 </li>
 <li>
 <p>For Amazon CloudFront applications, you must use the API endpoint listed for
diff --git a/clients/client-wafv2/src/WAFV2.ts b/clients/client-wafv2/src/WAFV2.ts
index bd008d124853..d7783e61b1a5 100644
--- a/clients/client-wafv2/src/WAFV2.ts
+++ b/clients/client-wafv2/src/WAFV2.ts
@@ -242,7 +242,7 @@ import { WAFV2Client } from "./WAFV2Client";
  *          <ul>
  *             <li>
  *                <p>For regional applications, you can use any of the endpoints in the list.
- *                A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service. </p>
+ *                A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. </p>
  *             </li>
  *             <li>
  *                <p>For Amazon CloudFront applications, you must use the API endpoint listed for
@@ -276,10 +276,10 @@ export class WAFV2 extends WAFV2Client {
   /**
    * @public
    * <p>Associates a web ACL with a regional application resource, to protect the resource.
-   *          A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   *          A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To
    *          associate a web ACL, in the CloudFront call <code>UpdateDistribution</code>, set the web ACL ID
-   *          to the Amazon Resource Name (ARN) of the web ACL. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>.</p>
+   *          to the Amazon Resource Name (ARN) of the web ACL. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a> in the <i>Amazon CloudFront Developer Guide</i>. </p>
    *          <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>
    */
   public associateWebACL(
@@ -323,8 +323,8 @@ export class WAFV2 extends WAFV2Client {
    *          Simple rules that cost little to run use fewer WCUs than more complex rules
    * 				that use more processing power.
    * 				Rule group capacity is fixed at creation, which helps users plan their
-   *          web ACL WCU usage when they use a rule group.
-   *          The WCU limit for web ACLs is 1,500.  </p>
+   *          web ACL WCU usage when they use a rule group. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html">WAF web ACL capacity units (WCU)</a>
+   *     in the <i>WAF Developer Guide</i>. </p>
    */
   public checkCapacity(
     args: CheckCapacityCommandInput,
@@ -456,7 +456,7 @@ export class WAFV2 extends WAFV2Client {
   /**
    * @public
    * <p>Creates a <a>WebACL</a> per the specifications provided.</p>
-   *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.  </p>
+   *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    */
   public createWebACL(
     args: CreateWebACLCommandInput,
@@ -696,7 +696,8 @@ export class WAFV2 extends WAFV2Client {
    *                      </li>
    *                      <li>
    *                         <p>For Amazon CloudFront distributions, use the CloudFront call
-   *                            <code>ListDistributionsByWebACLId</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributionsByWebACLId.html">ListDistributionsByWebACLId</a>.</p>
+   *                            <code>ListDistributionsByWebACLId</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributionsByWebACLId.html">ListDistributionsByWebACLId</a>
+   *                                in the <i>Amazon CloudFront API Reference</i>. </p>
    *                      </li>
    *                   </ul>
    *                </li>
@@ -708,7 +709,8 @@ export class WAFV2 extends WAFV2Client {
    *                      </li>
    *                      <li>
    *                         <p>For Amazon CloudFront distributions, provide an empty web ACL ID in the CloudFront call
-   *                            <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>.</p>
+   *                            <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>
+   *                                in the <i>Amazon CloudFront API Reference</i>. </p>
    *                      </li>
    *                   </ul>
    *                </li>
@@ -778,10 +780,10 @@ export class WAFV2 extends WAFV2Client {
   /**
    * @public
    * <p>Disassociates the specified regional application resource from any existing web ACL
-   *          association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   *          association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To
    *          disassociate a web ACL, provide an empty web ACL ID in the CloudFront call
-   *             <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>.</p>
+   *             <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a> in the <i>Amazon CloudFront API Reference</i>. </p>
    */
   public disassociateWebACL(
     args: DisassociateWebACLCommandInput,
@@ -2045,7 +2047,7 @@ export class WAFV2 extends WAFV2Client {
    *             </ol>
    *          </note>
    *          <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>
-   *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.  </p>
+   *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    */
   public updateWebACL(
     args: UpdateWebACLCommandInput,
diff --git a/clients/client-wafv2/src/WAFV2Client.ts b/clients/client-wafv2/src/WAFV2Client.ts
index 0a8cdc80c00b..8b1b2e672ee1 100644
--- a/clients/client-wafv2/src/WAFV2Client.ts
+++ b/clients/client-wafv2/src/WAFV2Client.ts
@@ -479,7 +479,7 @@ export interface WAFV2ClientResolvedConfig extends WAFV2ClientResolvedConfigType
  *          <ul>
  *             <li>
  *                <p>For regional applications, you can use any of the endpoints in the list.
- *                A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service. </p>
+ *                A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. </p>
  *             </li>
  *             <li>
  *                <p>For Amazon CloudFront applications, you must use the API endpoint listed for
diff --git a/clients/client-wafv2/src/commands/AssociateWebACLCommand.ts b/clients/client-wafv2/src/commands/AssociateWebACLCommand.ts
index 432490854b72..af1c41e299f5 100644
--- a/clients/client-wafv2/src/commands/AssociateWebACLCommand.ts
+++ b/clients/client-wafv2/src/commands/AssociateWebACLCommand.ts
@@ -36,10 +36,10 @@ export interface AssociateWebACLCommandOutput extends AssociateWebACLResponse, _
 /**
  * @public
  * <p>Associates a web ACL with a regional application resource, to protect the resource.
- *          A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+ *          A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
  *          <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To
  *          associate a web ACL, in the CloudFront call <code>UpdateDistribution</code>, set the web ACL ID
- *          to the Amazon Resource Name (ARN) of the web ACL. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>.</p>
+ *          to the Amazon Resource Name (ARN) of the web ACL. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a> in the <i>Amazon CloudFront Developer Guide</i>. </p>
  *          <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
diff --git a/clients/client-wafv2/src/commands/CheckCapacityCommand.ts b/clients/client-wafv2/src/commands/CheckCapacityCommand.ts
index 5810ed668630..398f4c574d2a 100644
--- a/clients/client-wafv2/src/commands/CheckCapacityCommand.ts
+++ b/clients/client-wafv2/src/commands/CheckCapacityCommand.ts
@@ -45,8 +45,8 @@ export interface CheckCapacityCommandOutput extends CheckCapacityResponse, __Met
  *          Simple rules that cost little to run use fewer WCUs than more complex rules
  * 				that use more processing power.
  * 				Rule group capacity is fixed at creation, which helps users plan their
- *          web ACL WCU usage when they use a rule group.
- *          The WCU limit for web ACLs is 1,500.  </p>
+ *          web ACL WCU usage when they use a rule group. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html">WAF web ACL capacity units (WCU)</a>
+ *     in the <i>WAF Developer Guide</i>. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
diff --git a/clients/client-wafv2/src/commands/CreateWebACLCommand.ts b/clients/client-wafv2/src/commands/CreateWebACLCommand.ts
index 20b9351a4ba6..22c76a6b8b37 100644
--- a/clients/client-wafv2/src/commands/CreateWebACLCommand.ts
+++ b/clients/client-wafv2/src/commands/CreateWebACLCommand.ts
@@ -36,7 +36,7 @@ export interface CreateWebACLCommandOutput extends CreateWebACLResponse, __Metad
 /**
  * @public
  * <p>Creates a <a>WebACL</a> per the specifications provided.</p>
- *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.  </p>
+ *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -802,6 +802,13 @@ export interface CreateWebACLCommandOutput extends CreateWebACLResponse, __Metad
  *   TokenDomains: [ // TokenDomains
  *     "STRING_VALUE",
  *   ],
+ *   AssociationConfig: { // AssociationConfig
+ *     RequestBody: { // RequestBody
+ *       "<keys>": { // RequestBodyAssociatedResourceTypeConfig
+ *         DefaultSizeInspectionLimit: "KB_16" || "KB_32" || "KB_48" || "KB_64", // required
+ *       },
+ *     },
+ *   },
  * };
  * const command = new CreateWebACLCommand(input);
  * const response = await client.send(command);
diff --git a/clients/client-wafv2/src/commands/DeleteWebACLCommand.ts b/clients/client-wafv2/src/commands/DeleteWebACLCommand.ts
index e7f925d074a1..56f7190e5d8d 100644
--- a/clients/client-wafv2/src/commands/DeleteWebACLCommand.ts
+++ b/clients/client-wafv2/src/commands/DeleteWebACLCommand.ts
@@ -50,7 +50,8 @@ export interface DeleteWebACLCommandOutput extends DeleteWebACLResponse, __Metad
  *                      </li>
  *                      <li>
  *                         <p>For Amazon CloudFront distributions, use the CloudFront call
- *                            <code>ListDistributionsByWebACLId</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributionsByWebACLId.html">ListDistributionsByWebACLId</a>.</p>
+ *                            <code>ListDistributionsByWebACLId</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributionsByWebACLId.html">ListDistributionsByWebACLId</a>
+ *                                in the <i>Amazon CloudFront API Reference</i>. </p>
  *                      </li>
  *                   </ul>
  *                </li>
@@ -62,7 +63,8 @@ export interface DeleteWebACLCommandOutput extends DeleteWebACLResponse, __Metad
  *                      </li>
  *                      <li>
  *                         <p>For Amazon CloudFront distributions, provide an empty web ACL ID in the CloudFront call
- *                            <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>.</p>
+ *                            <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>
+ *                                in the <i>Amazon CloudFront API Reference</i>. </p>
  *                      </li>
  *                   </ul>
  *                </li>
diff --git a/clients/client-wafv2/src/commands/DisassociateWebACLCommand.ts b/clients/client-wafv2/src/commands/DisassociateWebACLCommand.ts
index 8df16415ac22..de735a7bac36 100644
--- a/clients/client-wafv2/src/commands/DisassociateWebACLCommand.ts
+++ b/clients/client-wafv2/src/commands/DisassociateWebACLCommand.ts
@@ -36,10 +36,10 @@ export interface DisassociateWebACLCommandOutput extends DisassociateWebACLRespo
 /**
  * @public
  * <p>Disassociates the specified regional application resource from any existing web ACL
- *          association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+ *          association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
  *          <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To
  *          disassociate a web ACL, provide an empty web ACL ID in the CloudFront call
- *             <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a>.</p>
+ *             <code>UpdateDistribution</code>. For information, see <a href="https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html">UpdateDistribution</a> in the <i>Amazon CloudFront API Reference</i>. </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
diff --git a/clients/client-wafv2/src/commands/PutPermissionPolicyCommand.ts b/clients/client-wafv2/src/commands/PutPermissionPolicyCommand.ts
index 40cb1bf84b46..cdd588d2265c 100644
--- a/clients/client-wafv2/src/commands/PutPermissionPolicyCommand.ts
+++ b/clients/client-wafv2/src/commands/PutPermissionPolicyCommand.ts
@@ -102,7 +102,7 @@ export interface PutPermissionPolicyCommandOutput extends PutPermissionPolicyRes
  *          <p>The policy specifications must conform to the following:</p>
  *          <ul>
  *             <li>
- *                <p>The policy must be composed using IAM Policy version 2012-10-17 or version 2015-01-01.</p>
+ *                <p>The policy must be composed using IAM Policy version 2012-10-17.</p>
  *             </li>
  *             <li>
  *                <p>The policy must include specifications for <code>Effect</code>, <code>Action</code>, and <code>Principal</code>.</p>
diff --git a/clients/client-wafv2/src/commands/UpdateWebACLCommand.ts b/clients/client-wafv2/src/commands/UpdateWebACLCommand.ts
index 00061427eab0..32a467b4e3dc 100644
--- a/clients/client-wafv2/src/commands/UpdateWebACLCommand.ts
+++ b/clients/client-wafv2/src/commands/UpdateWebACLCommand.ts
@@ -54,7 +54,7 @@ export interface UpdateWebACLCommandOutput extends UpdateWebACLResponse, __Metad
  *             </ol>
  *          </note>
  *          <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>
- *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.  </p>
+ *          <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -816,6 +816,13 @@ export interface UpdateWebACLCommandOutput extends UpdateWebACLResponse, __Metad
  *   TokenDomains: [ // TokenDomains
  *     "STRING_VALUE",
  *   ],
+ *   AssociationConfig: { // AssociationConfig
+ *     RequestBody: { // RequestBody
+ *       "<keys>": { // RequestBodyAssociatedResourceTypeConfig
+ *         DefaultSizeInspectionLimit: "KB_16" || "KB_32" || "KB_48" || "KB_64", // required
+ *       },
+ *     },
+ *   },
  * };
  * const command = new UpdateWebACLCommand(input);
  * const response = await client.send(command);
diff --git a/clients/client-wafv2/src/endpoint/ruleset.ts b/clients/client-wafv2/src/endpoint/ruleset.ts
index 86b50c354c4a..a9f3ae0d0cec 100644
--- a/clients/client-wafv2/src/endpoint/ruleset.ts
+++ b/clients/client-wafv2/src/endpoint/ruleset.ts
@@ -6,27 +6,25 @@ import { RuleSetObject } from "@aws-sdk/util-endpoints";
    or see "smithy.rules#endpointRuleSet"
    in codegen/sdk-codegen/aws-models/wafv2.json */
 
-const s="required",
-t="fn",
-u="argv",
-v="ref";
+const q="required",
+r="fn",
+s="argv",
+t="ref";
 const a="isSet",
 b="tree",
 c="error",
 d="endpoint",
 e="PartitionResult",
-f="stringEquals",
-g={[s]:false,"type":"String"},
-h={[s]:true,"default":false,"type":"Boolean"},
-i={[v]:"Endpoint"},
-j={[t]:"booleanEquals",[u]:[{[v]:"UseFIPS"},true]},
-k={[t]:"booleanEquals",[u]:[{[v]:"UseDualStack"},true]},
-l={},
-m={[v]:"Region"},
-n={[t]:"booleanEquals",[u]:[true,{[t]:"getAttr",[u]:[{[v]:e},"supportsFIPS"]}]},
-o={[t]:"booleanEquals",[u]:[true,{[t]:"getAttr",[u]:[{[v]:e},"supportsDualStack"]}]},
-p=[j],
-q=[k],
-r=[m];
-const _data={version:"1.0",parameters:{Region:g,UseDualStack:h,UseFIPS:h,Endpoint:g},rules:[{conditions:[{[t]:a,[u]:[i]}],type:b,rules:[{conditions:p,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:c},{type:b,rules:[{conditions:q,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:c},{endpoint:{url:i,properties:l,headers:l},type:d}]}]},{type:b,rules:[{conditions:[{[t]:a,[u]:r}],type:b,rules:[{conditions:[{[t]:"aws.partition",[u]:r,assign:e}],type:b,rules:[{conditions:[j,k],type:b,rules:[{conditions:[n,o],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://wafv2-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:l,headers:l},type:d}]}]},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:c}]},{conditions:p,type:b,rules:[{conditions:[n],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://wafv2-fips.{Region}.{PartitionResult#dnsSuffix}",properties:l,headers:l},type:d}]}]},{error:"FIPS is enabled but this partition does not support FIPS",type:c}]},{conditions:q,type:b,rules:[{conditions:[o],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://wafv2.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:l,headers:l},type:d}]}]},{error:"DualStack is enabled but this partition does not support DualStack",type:c}]},{type:b,rules:[{conditions:[{[t]:f,[u]:[m,"af-south-1"]}],endpoint:{url:"https://wafv2.af-south-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-east-1"]}],endpoint:{url:"https://wafv2.ap-east-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-northeast-1"]}],endpoint:{url:"https://wafv2.ap-northeast-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-northeast-2"]}],endpoint:{url:"https://wafv2.ap-northeast-2.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-northeast-3"]}],endpoint:{url:"https://wafv2.ap-northeast-3.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-south-1"]}],endpoint:{url:"https://wafv2.ap-south-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-southeast-1"]}],endpoint:{url:"https://wafv2.ap-southeast-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-southeast-2"]}],endpoint:{url:"https://wafv2.ap-southeast-2.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ap-southeast-3"]}],endpoint:{url:"https://wafv2.ap-southeast-3.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"ca-central-1"]}],endpoint:{url:"https://wafv2.ca-central-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"eu-central-1"]}],endpoint:{url:"https://wafv2.eu-central-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"eu-north-1"]}],endpoint:{url:"https://wafv2.eu-north-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"eu-south-1"]}],endpoint:{url:"https://wafv2.eu-south-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"eu-west-1"]}],endpoint:{url:"https://wafv2.eu-west-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"eu-west-2"]}],endpoint:{url:"https://wafv2.eu-west-2.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"eu-west-3"]}],endpoint:{url:"https://wafv2.eu-west-3.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"me-south-1"]}],endpoint:{url:"https://wafv2.me-south-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"sa-east-1"]}],endpoint:{url:"https://wafv2.sa-east-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"us-east-1"]}],endpoint:{url:"https://wafv2.us-east-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"us-east-2"]}],endpoint:{url:"https://wafv2.us-east-2.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"us-west-1"]}],endpoint:{url:"https://wafv2.us-west-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"us-west-2"]}],endpoint:{url:"https://wafv2.us-west-2.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"cn-north-1"]}],endpoint:{url:"https://wafv2.cn-north-1.amazonaws.com.cn",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"cn-northwest-1"]}],endpoint:{url:"https://wafv2.cn-northwest-1.amazonaws.com.cn",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"us-gov-east-1"]}],endpoint:{url:"https://wafv2.us-gov-east-1.amazonaws.com",properties:l,headers:l},type:d},{conditions:[{[t]:f,[u]:[m,"us-gov-west-1"]}],endpoint:{url:"https://wafv2.us-gov-west-1.amazonaws.com",properties:l,headers:l},type:d},{endpoint:{url:"https://wafv2.{Region}.{PartitionResult#dnsSuffix}",properties:l,headers:l},type:d}]}]}]},{error:"Invalid Configuration: Missing Region",type:c}]}]};
+f={[q]:false,"type":"String"},
+g={[q]:true,"default":false,"type":"Boolean"},
+h={[t]:"Endpoint"},
+i={[r]:"booleanEquals",[s]:[{[t]:"UseFIPS"},true]},
+j={[r]:"booleanEquals",[s]:[{[t]:"UseDualStack"},true]},
+k={},
+l={[r]:"booleanEquals",[s]:[true,{[r]:"getAttr",[s]:[{[t]:e},"supportsFIPS"]}]},
+m={[r]:"booleanEquals",[s]:[true,{[r]:"getAttr",[s]:[{[t]:e},"supportsDualStack"]}]},
+n=[i],
+o=[j],
+p=[{[t]:"Region"}];
+const _data={version:"1.0",parameters:{Region:f,UseDualStack:g,UseFIPS:g,Endpoint:f},rules:[{conditions:[{[r]:a,[s]:[h]}],type:b,rules:[{conditions:n,error:"Invalid Configuration: FIPS and custom endpoint are not supported",type:c},{type:b,rules:[{conditions:o,error:"Invalid Configuration: Dualstack and custom endpoint are not supported",type:c},{endpoint:{url:h,properties:k,headers:k},type:d}]}]},{type:b,rules:[{conditions:[{[r]:a,[s]:p}],type:b,rules:[{conditions:[{[r]:"aws.partition",[s]:p,assign:e}],type:b,rules:[{conditions:[i,j],type:b,rules:[{conditions:[l,m],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://wafv2-fips.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:k,headers:k},type:d}]}]},{error:"FIPS and DualStack are enabled, but this partition does not support one or both",type:c}]},{conditions:n,type:b,rules:[{conditions:[l],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://wafv2-fips.{Region}.{PartitionResult#dnsSuffix}",properties:k,headers:k},type:d}]}]},{error:"FIPS is enabled but this partition does not support FIPS",type:c}]},{conditions:o,type:b,rules:[{conditions:[m],type:b,rules:[{type:b,rules:[{endpoint:{url:"https://wafv2.{Region}.{PartitionResult#dualStackDnsSuffix}",properties:k,headers:k},type:d}]}]},{error:"DualStack is enabled but this partition does not support DualStack",type:c}]},{type:b,rules:[{endpoint:{url:"https://wafv2.{Region}.{PartitionResult#dnsSuffix}",properties:k,headers:k},type:d}]}]}]},{error:"Invalid Configuration: Missing Region",type:c}]}]};
 export const ruleSet: RuleSetObject = _data;
diff --git a/clients/client-wafv2/src/models/models_0.ts b/clients/client-wafv2/src/models/models_0.ts
index 8cf06a4d2cef..add7ffde1d1f 100644
--- a/clients/client-wafv2/src/models/models_0.ts
+++ b/clients/client-wafv2/src/models/models_0.ts
@@ -70,14 +70,15 @@ export interface CustomHTTPHeader {
  * <p>Custom request handling behavior that inserts custom headers into a web request. You can
  *       add custom request handling for WAF to use when the rule action doesn't block the request.
  *           For example, <code>CaptchaAction</code> for requests with valid t okens, and <code>AllowAction</code>. </p>
- *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
- *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+ *          <p>For information about customizing web requests and responses,
+ *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+ *     in the <i>WAF Developer Guide</i>. </p>
  */
 export interface CustomRequestHandling {
   /**
    * <p>The HTTP headers to insert into the request. Duplicate header names are not allowed. </p>
-   *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a> in the
-   *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+   *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a>
+   *      in the <i>WAF Developer Guide</i>. </p>
    */
   InsertHeaders: CustomHTTPHeader[] | undefined;
 }
@@ -91,8 +92,9 @@ export interface CustomRequestHandling {
 export interface AllowAction {
   /**
    * <p>Defines custom handling for the web request.</p>
-   *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
-   *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+   *          <p>For information about customizing web requests and responses,
+   *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+   *     in the <i>WAF Developer Guide</i>. </p>
    */
   CustomRequestHandling?: CustomRequestHandling;
 }
@@ -130,9 +132,11 @@ export type OversizeHandling = (typeof OversizeHandling)[keyof typeof OversizeHa
 export interface Body {
   /**
    * <p>What WAF should do if the body is larger than WAF can inspect.
-   *     WAF does not support inspecting the entire contents of the body of a web request
-   *       when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to
-   *     WAF by the underlying host service. </p>
+   *     WAF does not support inspecting the entire contents of the web request body if the body
+   *     exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service
+   *     only forwards the contents that are below the limit to WAF for inspection. </p>
+   *          <p>The default limit is 8 KB (8,192 kilobytes) for regional resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions,
+   *     you can increase the limit in the web ACL <code>AssociationConfig</code>, for additional processing fees. </p>
    *          <p>The options for oversize handling are the following:</p>
    *          <ul>
    *             <li>
@@ -151,7 +155,7 @@ export interface Body {
    *             </li>
    *          </ul>
    *          <p>You can combine the <code>MATCH</code> or <code>NO_MATCH</code>
-   *       settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over 8 KB. </p>
+   *       settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit. </p>
    *          <p>Default: <code>CONTINUE</code>
    *          </p>
    */
@@ -466,9 +470,11 @@ export interface JsonBody {
 
   /**
    * <p>What WAF should do if the body is larger than WAF can inspect.
-   *     WAF does not support inspecting the entire contents of the body of a web request
-   *       when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to
-   *     WAF by the underlying host service. </p>
+   *     WAF does not support inspecting the entire contents of the web request body if the body
+   *     exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service
+   *     only forwards the contents that are below the limit to WAF for inspection. </p>
+   *          <p>The default limit is 8 KB (8,192 kilobytes) for regional resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions,
+   *     you can increase the limit in the web ACL <code>AssociationConfig</code>, for additional processing fees. </p>
    *          <p>The options for oversize handling are the following:</p>
    *          <ul>
    *             <li>
@@ -487,7 +493,7 @@ export interface JsonBody {
    *             </li>
    *          </ul>
    *          <p>You can combine the <code>MATCH</code> or <code>NO_MATCH</code>
-   *       settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over 8 KB. </p>
+   *       settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit. </p>
    *          <p>Default: <code>CONTINUE</code>
    *          </p>
    */
@@ -616,8 +622,10 @@ export interface FieldToMatch {
    * <p>Inspect the request body as plain text. The request body immediately follows the request
    *          headers. This is the part of a request that contains any additional data that you want to
    *          send to your web server as the HTTP request body, such as data from a form. </p>
-   *          <p>Only the first 8 KB (8192 bytes) of the request body are forwarded to WAF for
-   *          inspection by the underlying host service. For information about how to handle oversized
+   *          <p>A limited amount of the request body is forwarded to WAF for
+   *       inspection by the underlying host service. For regional resources, the limit is 8 KB (8,192 kilobytes) and for CloudFront distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront distributions,
+   *     you can increase the limit in the web ACL's <code>AssociationConfig</code>, for additional processing fees. </p>
+   *          <p>For information about how to handle oversized
    *          request bodies, see the <code>Body</code> object configuration. </p>
    */
   Body?: Body;
@@ -632,8 +640,10 @@ export interface FieldToMatch {
    * <p>Inspect the request body as JSON. The request body immediately follows the request
    *          headers. This is the part of a request that contains any additional data that you want to
    *          send to your web server as the HTTP request body, such as data from a form. </p>
-   *          <p>Only the first 8 KB (8192 bytes) of the request body are forwarded to WAF for
-   *          inspection by the underlying host service. For information about how to handle oversized
+   *          <p>A limited amount of the request body is forwarded to WAF for
+   *       inspection by the underlying host service. For regional resources, the limit is 8 KB (8,192 kilobytes) and for CloudFront distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront distributions,
+   *     you can increase the limit in the web ACL's <code>AssociationConfig</code>, for additional processing fees. </p>
+   *          <p>For information about how to handle oversized
    *          request bodies, see the <code>JsonBody</code> object configuration. </p>
    */
   JsonBody?: JsonBody;
@@ -1798,7 +1808,8 @@ export interface AWSManagedRulesBotControlRuleSet {
   /**
    * <p>The inspection level to use for the Bot Control rule group. The common level is the least expensive. The
    *            targeted level includes all common level rules and adds rules with more advanced inspection criteria. For
-   *    details, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html">WAF Bot Control rule group</a>.</p>
+   *    details, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html">WAF Bot Control rule group</a>
+   *                in the <i>WAF Developer Guide</i>.</p>
    */
   InspectionLevel: InspectionLevel | string | undefined;
 }
@@ -1877,14 +1888,15 @@ export interface ManagedRuleGroupConfig {
  * @public
  * <p>A custom response to send to the client. You can define a custom response for rule
  *          actions and default web ACL actions that are set to <a>BlockAction</a>. </p>
- *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
- *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+ *          <p>For information about customizing web requests and responses,
+ *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+ *     in the <i>WAF Developer Guide</i>. </p>
  */
 export interface CustomResponse {
   /**
    * <p>The HTTP status code to return to the client. </p>
-   *          <p>For a list of status codes that you can use in your custom responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html">Supported status codes for custom response</a> in the
-   *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+   *          <p>For a list of status codes that you can use in your custom responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html">Supported status codes for custom response</a>
+   *      in the <i>WAF Developer Guide</i>. </p>
    */
   ResponseCode: number | undefined;
 
@@ -1900,8 +1912,8 @@ export interface CustomResponse {
 
   /**
    * <p>The HTTP headers to use in the response. Duplicate header names are not allowed. </p>
-   *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a> in the
-   *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+   *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a>
+   *      in the <i>WAF Developer Guide</i>. </p>
    */
   ResponseHeaders?: CustomHTTPHeader[];
 }
@@ -1915,8 +1927,9 @@ export interface CustomResponse {
 export interface BlockAction {
   /**
    * <p>Defines a custom response for the web request.</p>
-   *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
-   *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+   *          <p>For information about customizing web requests and responses,
+   *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+   *     in the <i>WAF Developer Guide</i>. </p>
    */
   CustomResponse?: CustomResponse;
 }
@@ -1955,8 +1968,9 @@ export interface BlockAction {
 export interface CaptchaAction {
   /**
    * <p>Defines custom handling for the web request, used when the <code>CAPTCHA</code> inspection determines that the request's token is valid and unexpired.</p>
-   *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
-   *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+   *          <p>For information about customizing web requests and responses,
+   *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+   *     in the <i>WAF Developer Guide</i>. </p>
    */
   CustomRequestHandling?: CustomRequestHandling;
 }
@@ -1999,8 +2013,9 @@ export interface CaptchaAction {
 export interface ChallengeAction {
   /**
    * <p>Defines custom handling for the web request, used when the challenge inspection determines that the request's token is valid and unexpired.</p>
-   *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
-   *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+   *          <p>For information about customizing web requests and responses,
+   *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+   *     in the <i>WAF Developer Guide</i>. </p>
    */
   CustomRequestHandling?: CustomRequestHandling;
 }
@@ -2014,8 +2029,9 @@ export interface ChallengeAction {
 export interface CountAction {
   /**
    * <p>Defines custom handling for the web request.</p>
-   *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
-   *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+   *          <p>For information about customizing web requests and responses,
+   *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+   *     in the <i>WAF Developer Guide</i>. </p>
    */
   CustomRequestHandling?: CustomRequestHandling;
 }
@@ -2180,7 +2196,7 @@ export type ComparisonOperator = (typeof ComparisonOperator)[keyof typeof Compar
 /**
  * @public
  * <p>A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes. </p>
- *          <p>If you configure WAF to inspect the request body, WAF inspects only the first 8192 bytes (8 KB). If the request body for your web requests never exceeds 8192 bytes, you could use a size constraint statement to block requests that have a request body greater than 8192 bytes.</p>
+ *          <p>If you configure WAF to inspect the request body, WAF inspects only the number of bytes of the body up to the limit for the web ACL. By default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes) and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes). For CloudFront web ACLs, you can increase the limit in the web ACL <code>AssociationConfig</code>, for additional fees. If you know that the request body for your web requests should never exceed the inspection limit, you could use a size constraint statement to block requests that have a larger request body size.</p>
  *          <p>If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI <code>/logo.jpg</code> is nine characters long.</p>
  */
 export interface SizeConstraintStatement {
@@ -2274,6 +2290,19 @@ export interface XssMatchStatement {
   TextTransformations: TextTransformation[] | undefined;
 }
 
+/**
+ * @public
+ * @enum
+ */
+export const AssociatedResourceType = {
+  CLOUDFRONT: "CLOUDFRONT",
+} as const;
+
+/**
+ * @public
+ */
+export type AssociatedResourceType = (typeof AssociatedResourceType)[keyof typeof AssociatedResourceType];
+
 /**
  * @public
  */
@@ -2289,27 +2318,27 @@ export interface AssociateWebACLRequest {
    *          <p>The ARN must be in one of the following formats:</p>
    *          <ul>
    *             <li>
-   *                <p>For an Application Load Balancer: <code>arn:aws:elasticloadbalancing:<i>region</i>:<i>account-id</i>:loadbalancer/app/<i>load-balancer-name</i>/<i>load-balancer-id</i>
+   *                <p>For an Application Load Balancer: <code>arn:<i>partition</i>:elasticloadbalancing:<i>region</i>:<i>account-id</i>:loadbalancer/app/<i>load-balancer-name</i>/<i>load-balancer-id</i>
    *                   </code>
    *                </p>
    *             </li>
    *             <li>
-   *                <p>For an Amazon API Gateway REST API: <code>arn:aws:apigateway:<i>region</i>::/restapis/<i>api-id</i>/stages/<i>stage-name</i>
+   *                <p>For an Amazon API Gateway REST API: <code>arn:<i>partition</i>:apigateway:<i>region</i>::/restapis/<i>api-id</i>/stages/<i>stage-name</i>
    *                   </code>
    *                </p>
    *             </li>
    *             <li>
-   *                <p>For an AppSync GraphQL API: <code>arn:aws:appsync:<i>region</i>:<i>account-id</i>:apis/<i>GraphQLApiId</i>
+   *                <p>For an AppSync GraphQL API: <code>arn:<i>partition</i>:appsync:<i>region</i>:<i>account-id</i>:apis/<i>GraphQLApiId</i>
    *                   </code>
    *                </p>
    *             </li>
    *             <li>
-   *                <p>For an Amazon Cognito user pool: <code>arn:aws:cognito-idp:<i>region</i>:<i>account-id</i>:userpool/<i>user-pool-id</i>
+   *                <p>For an Amazon Cognito user pool: <code>arn:<i>partition</i>:cognito-idp:<i>region</i>:<i>account-id</i>:userpool/<i>user-pool-id</i>
    *                   </code>
    *                </p>
    *             </li>
    *             <li>
-   *                <p>For an App Runner service: <code>arn:aws:apprunner:<i>region</i>:<i>account-id</i>:service/<i>apprunner-service-name</i>/<i>apprunner-service-id</i>
+   *                <p>For an App Runner service: <code>arn:<i>partition</i>:apprunner:<i>region</i>:<i>account-id</i>:service/<i>apprunner-service-name</i>/<i>apprunner-service-id</i>
    *                   </code>
    *                </p>
    *             </li>
@@ -2375,6 +2404,7 @@ export class WAFInvalidOperationException extends __BaseException {
 export const ParameterExceptionField = {
   AND_STATEMENT: "AND_STATEMENT",
   ASSOCIABLE_RESOURCE: "ASSOCIABLE_RESOURCE",
+  ASSOCIATED_RESOURCE_TYPE: "ASSOCIATED_RESOURCE_TYPE",
   ATP_RULE_SET_RESPONSE_INSPECTION: "ATP_RULE_SET_RESPONSE_INSPECTION",
   BODY_PARSING_FALLBACK_BEHAVIOR: "BODY_PARSING_FALLBACK_BEHAVIOR",
   BYTE_MATCH_STATEMENT: "BYTE_MATCH_STATEMENT",
@@ -2553,6 +2583,57 @@ export class WAFUnavailableEntityException extends __BaseException {
   }
 }
 
+/**
+ * @public
+ * @enum
+ */
+export const SizeInspectionLimit = {
+  KB_16: "KB_16",
+  KB_32: "KB_32",
+  KB_48: "KB_48",
+  KB_64: "KB_64",
+} as const;
+
+/**
+ * @public
+ */
+export type SizeInspectionLimit = (typeof SizeInspectionLimit)[keyof typeof SizeInspectionLimit];
+
+/**
+ * @public
+ * <p>Customizes the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default size is 16 KB (16,384 kilobytes). </p>
+ *          <note>
+ *             <p>You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see <a href="http://aws.amazon.com/waf/pricing/">WAF Pricing</a>.</p>
+ *          </note>
+ *          <p>This is used in the <code>AssociationConfig</code> of the web ACL. </p>
+ */
+export interface RequestBodyAssociatedResourceTypeConfig {
+  /**
+   * <p>Specifies the maximum size of the web request body component that an associated CloudFront distribution should send to WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. </p>
+   *          <p>Default: <code>16 KB (16,384 kilobytes)</code>
+   *          </p>
+   */
+  DefaultSizeInspectionLimit: SizeInspectionLimit | string | undefined;
+}
+
+/**
+ * @public
+ * <p>Specifies custom configurations for the associations between the web ACL and protected resources.  </p>
+ *          <p>Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes). </p>
+ *          <note>
+ *             <p>You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see <a href="http://aws.amazon.com/waf/pricing/">WAF Pricing</a>.</p>
+ *          </note>
+ */
+export interface AssociationConfig {
+  /**
+   * <p>Customizes the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default size is 16 KB (16,384 kilobytes). </p>
+   *          <note>
+   *             <p>You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see <a href="http://aws.amazon.com/waf/pricing/">WAF Pricing</a>.</p>
+   *          </note>
+   */
+  RequestBody?: Record<string, RequestBodyAssociatedResourceTypeConfig>;
+}
+
 /**
  * @public
  * <p>Used for CAPTCHA and challenge token settings. Determines
@@ -2656,7 +2737,7 @@ export interface VisibilityConfig {
   /**
    * <p>A boolean indicating whether the associated resource sends metrics to Amazon CloudWatch. For the
    *          list of available metrics, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics">WAF
-   *             Metrics</a>.</p>
+   *             Metrics</a> in the <i>WAF Developer Guide</i>.</p>
    */
   CloudWatchMetricsEnabled: boolean | undefined;
 
@@ -2840,7 +2921,7 @@ export interface CreateIPSetRequest {
   Name: string | undefined;
 
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -3063,7 +3144,7 @@ export interface CreateRegexPatternSetRequest {
   Name: string | undefined;
 
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -3165,8 +3246,8 @@ export interface CustomResponseBody {
    * <p>The payload of the custom response. </p>
    *          <p>You can use JSON escape strings in JSON content. To do this, you must specify JSON
    *          content in the <code>ContentType</code> setting. </p>
-   *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a> in the
-   *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+   *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a>
+   *      in the <i>WAF Developer Guide</i>. </p>
    */
   Content: string | undefined;
 }
@@ -3338,7 +3419,7 @@ export interface DeleteIPSetRequest {
   Name: string | undefined;
 
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -3432,7 +3513,7 @@ export interface DeleteRegexPatternSetRequest {
   Name: string | undefined;
 
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -3471,7 +3552,7 @@ export interface DeleteRuleGroupRequest {
   Name: string | undefined;
 
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -3510,7 +3591,7 @@ export interface DeleteWebACLRequest {
   Name: string | undefined;
 
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -3554,7 +3635,7 @@ export interface DescribeManagedRuleGroupRequest {
   Name: string | undefined;
 
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -3633,12 +3714,15 @@ export interface DescribeManagedRuleGroupResponse {
   SnsTopicArn?: string;
 
   /**
-   * <p>The web ACL capacity units (WCUs) required for this rule group. WAF uses web ACL
-   *          capacity units (WCU) to calculate and control the operating resources that are used to run
-   *          your rules, rule groups, and web ACLs. WAF calculates capacity differently for each rule
-   *          type, to reflect each rule's relative cost. Rule group capacity is fixed at creation, so
-   *          users can plan their web ACL WCU usage when they use a rule group. The WCU limit for web
-   *          ACLs is 1,500. </p>
+   * <p>The web ACL capacity units (WCUs) required for this rule group.</p>
+   *          <p>WAF uses WCUs to calculate and control the operating
+   *          resources that are used to run your rules, rule groups, and web ACLs. WAF
+   *          calculates capacity differently for each rule type, to reflect the relative cost of each rule.
+   *          Simple rules that cost little to run use fewer WCUs than more complex rules
+   * 				that use more processing power.
+   * 				Rule group capacity is fixed at creation, which helps users plan their
+   *          web ACL WCU usage when they use a rule group. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html">WAF web ACL capacity units (WCU)</a>
+   *     in the <i>WAF Developer Guide</i>. </p>
    */
   Capacity?: number;
 
@@ -3685,27 +3769,27 @@ export interface DisassociateWebACLRequest {
    *          <p>The ARN must be in one of the following formats:</p>
    *          <ul>
    *             <li>
-   *                <p>For an Application Load Balancer: <code>arn:aws:elasticloadbalancing:<i>region</i>:<i>account-id</i>:loadbalancer/app/<i>load-balancer-name</i>/<i>load-balancer-id</i>
+   *                <p>For an Application Load Balancer: <code>arn:<i>partition</i>:elasticloadbalancing:<i>region</i>:<i>account-id</i>:loadbalancer/app/<i>load-balancer-name</i>/<i>load-balancer-id</i>
    *                   </code>
    *                </p>
    *             </li>
    *             <li>
-   *                <p>For an Amazon API Gateway REST API: <code>arn:aws:apigateway:<i>region</i>::/restapis/<i>api-id</i>/stages/<i>stage-name</i>
+   *                <p>For an Amazon API Gateway REST API: <code>arn:<i>partition</i>:apigateway:<i>region</i>::/restapis/<i>api-id</i>/stages/<i>stage-name</i>
    *                   </code>
    *                </p>
    *             </li>
    *             <li>
-   *                <p>For an AppSync GraphQL API: <code>arn:aws:appsync:<i>region</i>:<i>account-id</i>:apis/<i>GraphQLApiId</i>
+   *                <p>For an AppSync GraphQL API: <code>arn:<i>partition</i>:appsync:<i>region</i>:<i>account-id</i>:apis/<i>GraphQLApiId</i>
    *                   </code>
    *                </p>
    *             </li>
    *             <li>
-   *                <p>For an Amazon Cognito user pool: <code>arn:aws:cognito-idp:<i>region</i>:<i>account-id</i>:userpool/<i>user-pool-id</i>
+   *                <p>For an Amazon Cognito user pool: <code>arn:<i>partition</i>:cognito-idp:<i>region</i>:<i>account-id</i>:userpool/<i>user-pool-id</i>
    *                   </code>
    *                </p>
    *             </li>
    *             <li>
-   *                <p>For an App Runner service: <code>arn:aws:apprunner:<i>region</i>:<i>account-id</i>:service/<i>apprunner-service-name</i>/<i>apprunner-service-id</i>
+   *                <p>For an App Runner service: <code>arn:<i>partition</i>:apprunner:<i>region</i>:<i>account-id</i>:service/<i>apprunner-service-name</i>/<i>apprunner-service-id</i>
    *                   </code>
    *                </p>
    *             </li>
@@ -3769,7 +3853,7 @@ export interface GetIPSetRequest {
   Name: string | undefined;
 
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -4085,7 +4169,7 @@ export interface GetManagedRuleSetRequest {
   Name: string | undefined;
 
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -4127,8 +4211,8 @@ export interface ManagedRuleSetVersion {
    *          Simple rules that cost little to run use fewer WCUs than more complex rules
    * 				that use more processing power.
    * 				Rule group capacity is fixed at creation, which helps users plan their
-   *          web ACL WCU usage when they use a rule group.
-   *          The WCU limit for web ACLs is 1,500.  </p>
+   *          web ACL WCU usage when they use a rule group. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html">WAF web ACL capacity units (WCU)</a>
+   *     in the <i>WAF Developer Guide</i>. </p>
    */
   Capacity?: number;
 
@@ -4312,7 +4396,7 @@ export interface GetPermissionPolicyResponse {
  */
 export interface GetRateBasedStatementManagedKeysRequest {
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -4390,7 +4474,7 @@ export interface GetRegexPatternSetRequest {
   Name: string | undefined;
 
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -4467,7 +4551,7 @@ export interface GetRuleGroupRequest {
   Name?: string;
 
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -4545,7 +4629,7 @@ export interface GetSampledRequestsRequest {
   RuleMetricName: string | undefined;
 
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -4830,7 +4914,7 @@ export interface GetWebACLRequest {
   Name: string | undefined;
 
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -4858,27 +4942,27 @@ export interface GetWebACLForResourceRequest {
    *          <p>The ARN must be in one of the following formats:</p>
    *          <ul>
    *             <li>
-   *                <p>For an Application Load Balancer: <code>arn:aws:elasticloadbalancing:<i>region</i>:<i>account-id</i>:loadbalancer/app/<i>load-balancer-name</i>/<i>load-balancer-id</i>
+   *                <p>For an Application Load Balancer: <code>arn:<i>partition</i>:elasticloadbalancing:<i>region</i>:<i>account-id</i>:loadbalancer/app/<i>load-balancer-name</i>/<i>load-balancer-id</i>
    *                   </code>
    *                </p>
    *             </li>
    *             <li>
-   *                <p>For an Amazon API Gateway REST API: <code>arn:aws:apigateway:<i>region</i>::/restapis/<i>api-id</i>/stages/<i>stage-name</i>
+   *                <p>For an Amazon API Gateway REST API: <code>arn:<i>partition</i>:apigateway:<i>region</i>::/restapis/<i>api-id</i>/stages/<i>stage-name</i>
    *                   </code>
    *                </p>
    *             </li>
    *             <li>
-   *                <p>For an AppSync GraphQL API: <code>arn:aws:appsync:<i>region</i>:<i>account-id</i>:apis/<i>GraphQLApiId</i>
+   *                <p>For an AppSync GraphQL API: <code>arn:<i>partition</i>:appsync:<i>region</i>:<i>account-id</i>:apis/<i>GraphQLApiId</i>
    *                   </code>
    *                </p>
    *             </li>
    *             <li>
-   *                <p>For an Amazon Cognito user pool: <code>arn:aws:cognito-idp:<i>region</i>:<i>account-id</i>:userpool/<i>user-pool-id</i>
+   *                <p>For an Amazon Cognito user pool: <code>arn:<i>partition</i>:cognito-idp:<i>region</i>:<i>account-id</i>:userpool/<i>user-pool-id</i>
    *                   </code>
    *                </p>
    *             </li>
    *             <li>
-   *                <p>For an App Runner service: <code>arn:aws:apprunner:<i>region</i>:<i>account-id</i>:service/<i>apprunner-service-name</i>/<i>apprunner-service-id</i>
+   *                <p>For an App Runner service: <code>arn:<i>partition</i>:apprunner:<i>region</i>:<i>account-id</i>:service/<i>apprunner-service-name</i>/<i>apprunner-service-id</i>
    *                   </code>
    *                </p>
    *             </li>
@@ -4892,7 +4976,7 @@ export interface GetWebACLForResourceRequest {
  */
 export interface ListAvailableManagedRuleGroupsRequest {
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -4979,7 +5063,7 @@ export interface ListAvailableManagedRuleGroupVersionsRequest {
   Name: string | undefined;
 
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -5051,7 +5135,7 @@ export interface ListAvailableManagedRuleGroupVersionsResponse {
  */
 export interface ListIPSetsRequest {
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -5102,7 +5186,7 @@ export interface ListIPSetsResponse {
  */
 export interface ListLoggingConfigurationsRequest {
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -5152,7 +5236,7 @@ export interface ListLoggingConfigurationsResponse {
  */
 export interface ListManagedRuleSetsRequest {
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -5313,7 +5397,7 @@ export interface ListMobileSdkReleasesResponse {
  */
 export interface ListRegexPatternSetsRequest {
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -5386,7 +5470,7 @@ export interface ListResourcesForWebACLRequest {
 
   /**
    * <p>Used for web ACLs that are scoped for regional applications.
-   *          A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service. </p>
+   *          A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. </p>
    *          <note>
    *             <p>If you don't provide a resource type, the call uses the resource type <code>APPLICATION_LOAD_BALANCER</code>. </p>
    *          </note>
@@ -5411,7 +5495,7 @@ export interface ListResourcesForWebACLResponse {
  */
 export interface ListRuleGroupsRequest {
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -5527,7 +5611,7 @@ export interface ListTagsForResourceResponse {
  */
 export interface ListWebACLsRequest {
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -5677,7 +5761,7 @@ export interface PutManagedRuleSetVersionsRequest {
   Name: string | undefined;
 
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -5738,7 +5822,7 @@ export interface PutPermissionPolicyRequest {
    *          <p>The policy specifications must conform to the following:</p>
    *          <ul>
    *             <li>
-   *                <p>The policy must be composed using IAM Policy version 2012-10-17 or version 2015-01-01.</p>
+   *                <p>The policy must be composed using IAM Policy version 2012-10-17.</p>
    *             </li>
    *             <li>
    *                <p>The policy must include specifications for <code>Effect</code>, <code>Action</code>, and <code>Principal</code>.</p>
@@ -5773,7 +5857,7 @@ export interface PutPermissionPolicyResponse {}
  *          <p>The policy specifications must conform to the following:</p>
  *          <ul>
  *             <li>
- *                <p>The policy must be composed using IAM Policy version 2012-10-17 or version 2015-01-01.</p>
+ *                <p>The policy must be composed using IAM Policy version 2012-10-17.</p>
  *             </li>
  *             <li>
  *                <p>The policy must include specifications for <code>Effect</code>, <code>Action</code>, and <code>Principal</code>.</p>
@@ -5862,7 +5946,7 @@ export interface UpdateIPSetRequest {
   Name: string | undefined;
 
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -5952,7 +6036,7 @@ export interface UpdateManagedRuleSetVersionExpiryDateRequest {
   Name: string | undefined;
 
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -6019,7 +6103,7 @@ export interface UpdateRegexPatternSetRequest {
   Name: string | undefined;
 
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -6108,7 +6192,7 @@ export interface Statement {
 
   /**
    * <p>A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes. </p>
-   *          <p>If you configure WAF to inspect the request body, WAF inspects only the first 8192 bytes (8 KB). If the request body for your web requests never exceeds 8192 bytes, you could use a size constraint statement to block requests that have a request body greater than 8192 bytes.</p>
+   *          <p>If you configure WAF to inspect the request body, WAF inspects only the number of bytes of the body up to the limit for the web ACL. By default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes) and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes). For CloudFront web ACLs, you can increase the limit in the web ACL <code>AssociationConfig</code>, for additional fees. If you know that the request body for your web requests should never exceed the inspection limit, you could use a size constraint statement to block requests that have a larger request body size.</p>
    *          <p>If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI <code>/logo.jpg</code> is nine characters long.</p>
    */
   SizeConstraintStatement?: SizeConstraintStatement;
@@ -6457,22 +6541,16 @@ export interface OrStatement {
 
 /**
  * @public
- * <p>The processing guidance for an Firewall Manager rule. This is like a regular rule <a>Statement</a>, but it can only contain a rule group reference.</p>
+ * <p>The processing guidance for an Firewall Manager rule. This is like a regular rule <a>Statement</a>, but it can only contain a single rule group reference.</p>
  */
 export interface FirewallManagerStatement {
   /**
-   * <p>A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling <a>ListAvailableManagedRuleGroups</a>.</p>
-   *          <p>You cannot nest a <code>ManagedRuleGroupStatement</code>, for example for use inside a <code>NotStatement</code> or <code>OrStatement</code>. It can only be referenced as a top-level statement within a rule.</p>
-   *          <note>
-   *             <p>You are charged additional fees when you use the WAF Bot Control managed rule group <code>AWSManagedRulesBotControlRuleSet</code> or the WAF Fraud Control account takeover prevention (ATP) managed rule group <code>AWSManagedRulesATPRuleSet</code>. For more information, see <a href="http://aws.amazon.com/waf/pricing/">WAF Pricing</a>.</p>
-   *          </note>
+   * <p>A statement used by Firewall Manager to run the rules that are defined in a managed rule group. This is managed by Firewall Manager for an Firewall Manager WAF policy.</p>
    */
   ManagedRuleGroupStatement?: ManagedRuleGroupStatement;
 
   /**
-   * <p>A rule statement used to run the rules that are defined in a <a>RuleGroup</a>. To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.</p>
-   *          <p>You cannot nest a <code>RuleGroupReferenceStatement</code>, for example for use inside a <code>NotStatement</code> or <code>OrStatement</code>. You
-   *       can only use a rule group reference statement at the top level inside a web ACL. </p>
+   * <p>A statement used by Firewall Manager to run the rules that are defined in a rule group. This is managed by Firewall Manager for an Firewall Manager WAF policy.</p>
    */
   RuleGroupReferenceStatement?: RuleGroupReferenceStatement;
 }
@@ -6521,7 +6599,7 @@ export interface FirewallManagerRuleGroup {
  */
 export interface CheckCapacityRequest {
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -6551,7 +6629,7 @@ export interface CreateRuleGroupRequest {
   Name: string | undefined;
 
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -6575,8 +6653,8 @@ export interface CreateRuleGroupRequest {
    *          Simple rules that cost little to run use fewer WCUs than more complex rules
    * 				that use more processing power.
    * 				Rule group capacity is fixed at creation, which helps users plan their
-   *          web ACL WCU usage when they use a rule group.
-   *          The WCU limit for web ACLs is 1,500.  </p>
+   *          web ACL WCU usage when they use a rule group. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html">WAF web ACL capacity units (WCU)</a>
+   *     in the <i>WAF Developer Guide</i>. </p>
    */
   Capacity: number | undefined;
 
@@ -6605,10 +6683,11 @@ export interface CreateRuleGroupRequest {
 
   /**
    * <p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the rule group, and then use them in the rules that you define in the rule group. </p>
-   *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
-   *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
-   *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a> in the
-   *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+   *          <p>For information about customizing web requests and responses,
+   *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+   *     in the <i>WAF Developer Guide</i>. </p>
+   *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a>
+   *      in the <i>WAF Developer Guide</i>. </p>
    */
   CustomResponseBodies?: Record<string, CustomResponseBody>;
 }
@@ -6623,7 +6702,7 @@ export interface CreateWebACLRequest {
   Name: string | undefined;
 
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -6666,10 +6745,11 @@ export interface CreateWebACLRequest {
 
   /**
    * <p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL. </p>
-   *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
-   *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
-   *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a> in the
-   *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+   *          <p>For information about customizing web requests and responses,
+   *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+   *     in the <i>WAF Developer Guide</i>. </p>
+   *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a>
+   *      in the <i>WAF Developer Guide</i>. </p>
    */
   CustomResponseBodies?: Record<string, CustomResponseBody>;
 
@@ -6691,6 +6771,15 @@ export interface CreateWebACLRequest {
    *          <p>Public suffixes aren't allowed. For example, you can't use <code>usa.gov</code> or <code>co.uk</code> as token domains.</p>
    */
   TokenDomains?: string[];
+
+  /**
+   * <p>Specifies custom configurations for the associations between the web ACL and protected resources.  </p>
+   *          <p>Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes). </p>
+   *          <note>
+   *             <p>You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see <a href="http://aws.amazon.com/waf/pricing/">WAF Pricing</a>.</p>
+   *          </note>
+   */
+  AssociationConfig?: AssociationConfig;
 }
 
 /**
@@ -6719,8 +6808,8 @@ export interface RuleGroup {
    *          Simple rules that cost little to run use fewer WCUs than more complex rules
    * 				that use more processing power.
    * 				Rule group capacity is fixed at creation, which helps users plan their
-   *          web ACL WCU usage when they use a rule group.
-   *          The WCU limit for web ACLs is 1,500.  </p>
+   *          web ACL WCU usage when they use a rule group. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html">WAF web ACL capacity units (WCU)</a>
+   *     in the <i>WAF Developer Guide</i>. </p>
    */
   Capacity: number | undefined;
 
@@ -6768,10 +6857,11 @@ export interface RuleGroup {
 
   /**
    * <p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the rule group, and then use them in the rules that you define in the rule group. </p>
-   *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
-   *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
-   *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a> in the
-   *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+   *          <p>For information about customizing web requests and responses,
+   *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+   *     in the <i>WAF Developer Guide</i>. </p>
+   *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a>
+   *      in the <i>WAF Developer Guide</i>. </p>
    */
   CustomResponseBodies?: Record<string, CustomResponseBody>;
 
@@ -6796,7 +6886,7 @@ export interface UpdateRuleGroupRequest {
   Name: string | undefined;
 
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -6839,10 +6929,11 @@ export interface UpdateRuleGroupRequest {
 
   /**
    * <p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the rule group, and then use them in the rules that you define in the rule group. </p>
-   *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
-   *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
-   *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a> in the
-   *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+   *          <p>For information about customizing web requests and responses,
+   *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+   *     in the <i>WAF Developer Guide</i>. </p>
+   *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a>
+   *      in the <i>WAF Developer Guide</i>. </p>
    */
   CustomResponseBodies?: Record<string, CustomResponseBody>;
 }
@@ -6857,7 +6948,7 @@ export interface UpdateWebACLRequest {
   Name: string | undefined;
 
   /**
-   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>
+   * <p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
    *          <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>
    *          <ul>
    *             <li>
@@ -6905,10 +6996,11 @@ export interface UpdateWebACLRequest {
 
   /**
    * <p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL. </p>
-   *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
-   *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
-   *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a> in the
-   *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+   *          <p>For information about customizing web requests and responses,
+   *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+   *     in the <i>WAF Developer Guide</i>. </p>
+   *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a>
+   *      in the <i>WAF Developer Guide</i>. </p>
    */
   CustomResponseBodies?: Record<string, CustomResponseBody>;
 
@@ -6930,6 +7022,15 @@ export interface UpdateWebACLRequest {
    *          <p>Public suffixes aren't allowed. For example, you can't use <code>usa.gov</code> or <code>co.uk</code> as token domains.</p>
    */
   TokenDomains?: string[];
+
+  /**
+   * <p>Specifies custom configurations for the associations between the web ACL and protected resources.  </p>
+   *          <p>Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes). </p>
+   *          <note>
+   *             <p>You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see <a href="http://aws.amazon.com/waf/pricing/">WAF Pricing</a>.</p>
+   *          </note>
+   */
+  AssociationConfig?: AssociationConfig;
 }
 
 /**
@@ -6949,7 +7050,7 @@ export interface GetRuleGroupResponse {
 
 /**
  * @public
- * <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.  </p>
+ * <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>
  */
 export interface WebACL {
   /**
@@ -7001,8 +7102,8 @@ export interface WebACL {
    *          Simple rules that cost little to run use fewer WCUs than more complex rules
    * 				that use more processing power.
    * 				Rule group capacity is fixed at creation, which helps users plan their
-   *          web ACL WCU usage when they use a rule group.
-   *          The WCU limit for web ACLs is 1,500.  </p>
+   *          web ACL WCU usage when they use a rule group. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html">WAF web ACL capacity units (WCU)</a>
+   *     in the <i>WAF Developer Guide</i>. </p>
    */
   Capacity?: number;
 
@@ -7055,10 +7156,11 @@ export interface WebACL {
 
   /**
    * <p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL. </p>
-   *          <p>For information about customizing web requests and responses, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a> in the
-   *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
-   *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a> in the
-   *          <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html">WAF Developer Guide</a>. </p>
+   *          <p>For information about customizing web requests and responses,
+   *            see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html">Customizing web requests and responses in WAF</a>
+   *     in the <i>WAF Developer Guide</i>. </p>
+   *          <p>For information about the limits on count and size for custom request and response settings, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/limits.html">WAF quotas</a>
+   *      in the <i>WAF Developer Guide</i>. </p>
    */
   CustomResponseBodies?: Record<string, CustomResponseBody>;
 
@@ -7077,6 +7179,15 @@ export interface WebACL {
    * <p>Specifies the domains that WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When WAF provides a token, it uses the domain of the Amazon Web Services resource that the web ACL is protecting. If you don't specify a list of token domains, WAF accepts tokens only for the domain of the protected resource. With a token domain list, WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.</p>
    */
   TokenDomains?: string[];
+
+  /**
+   * <p>Specifies custom configurations for the associations between the web ACL and protected resources.  </p>
+   *          <p>Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes). </p>
+   *          <note>
+   *             <p>You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see <a href="http://aws.amazon.com/waf/pricing/">WAF Pricing</a>.</p>
+   *          </note>
+   */
+  AssociationConfig?: AssociationConfig;
 }
 
 /**
@@ -7106,7 +7217,8 @@ export interface GetWebACLResponse {
   LockToken?: string;
 
   /**
-   * <p>The URL to use in SDK integrations with Amazon Web Services managed rule groups. For example, you can use the integration SDKs with the account takeover prevention managed rule group <code>AWSManagedRulesATPRuleSet</code>. This is only populated if you are using a rule group in your web ACL that integrates with your applications in this way. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html">WAF client application integration</a> in the <i>WAF Developer Guide</i>.</p>
+   * <p>The URL to use in SDK integrations with Amazon Web Services managed rule groups. For example, you can use the integration SDKs with the account takeover prevention managed rule group <code>AWSManagedRulesATPRuleSet</code>. This is only populated if you are using a rule group in your web ACL that integrates with your applications in this way. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html">WAF client application integration</a>
+   * in the <i>WAF Developer Guide</i>.</p>
    */
   ApplicationIntegrationURL?: string;
 }
diff --git a/clients/client-wafv2/src/protocols/Aws_json1_1.ts b/clients/client-wafv2/src/protocols/Aws_json1_1.ts
index f9078a1d4b8f..b4d5488d56de 100644
--- a/clients/client-wafv2/src/protocols/Aws_json1_1.ts
+++ b/clients/client-wafv2/src/protocols/Aws_json1_1.ts
@@ -147,8 +147,10 @@ import {
   AllowAction,
   AllQueryArguments,
   AndStatement,
+  AssociatedResourceType,
   AssociateWebACLRequest,
   AssociateWebACLResponse,
+  AssociationConfig,
   AWSManagedRulesATPRuleSet,
   AWSManagedRulesBotControlRuleSet,
   BlockAction,
@@ -297,6 +299,7 @@ import {
   RegexPatternSetReferenceStatement,
   RegexPatternSetSummary,
   ReleaseSummary,
+  RequestBodyAssociatedResourceTypeConfig,
   RequestInspection,
   ResponseInspection,
   ResponseInspectionBodyContains,
@@ -3877,6 +3880,12 @@ const serializeAws_json1_1AssociateWebACLRequest = (input: AssociateWebACLReques
   };
 };
 
+const serializeAws_json1_1AssociationConfig = (input: AssociationConfig, context: __SerdeContext): any => {
+  return {
+    ...(input.RequestBody != null && { RequestBody: serializeAws_json1_1RequestBody(input.RequestBody, context) }),
+  };
+};
+
 const serializeAws_json1_1AWSManagedRulesATPRuleSet = (
   input: AWSManagedRulesATPRuleSet,
   context: __SerdeContext
@@ -4075,6 +4084,9 @@ const serializeAws_json1_1CreateRuleGroupRequest = (input: CreateRuleGroupReques
 
 const serializeAws_json1_1CreateWebACLRequest = (input: CreateWebACLRequest, context: __SerdeContext): any => {
   return {
+    ...(input.AssociationConfig != null && {
+      AssociationConfig: serializeAws_json1_1AssociationConfig(input.AssociationConfig, context),
+    }),
     ...(input.CaptchaConfig != null && {
       CaptchaConfig: serializeAws_json1_1CaptchaConfig(input.CaptchaConfig, context),
     }),
@@ -4880,6 +4892,31 @@ const serializeAws_json1_1RegularExpressionList = (input: Regex[], context: __Se
     });
 };
 
+const serializeAws_json1_1RequestBody = (
+  input: Record<string, RequestBodyAssociatedResourceTypeConfig>,
+  context: __SerdeContext
+): any => {
+  return Object.entries(input).reduce(
+    (acc: Record<string, any>, [key, value]: [AssociatedResourceType | string, any]) => {
+      if (value === null) {
+        return acc;
+      }
+      acc[key] = serializeAws_json1_1RequestBodyAssociatedResourceTypeConfig(value, context);
+      return acc;
+    },
+    {}
+  );
+};
+
+const serializeAws_json1_1RequestBodyAssociatedResourceTypeConfig = (
+  input: RequestBodyAssociatedResourceTypeConfig,
+  context: __SerdeContext
+): any => {
+  return {
+    ...(input.DefaultSizeInspectionLimit != null && { DefaultSizeInspectionLimit: input.DefaultSizeInspectionLimit }),
+  };
+};
+
 const serializeAws_json1_1RequestInspection = (input: RequestInspection, context: __SerdeContext): any => {
   return {
     ...(input.PasswordField != null && {
@@ -5327,6 +5364,9 @@ const serializeAws_json1_1UpdateRuleGroupRequest = (input: UpdateRuleGroupReques
 
 const serializeAws_json1_1UpdateWebACLRequest = (input: UpdateWebACLRequest, context: __SerdeContext): any => {
   return {
+    ...(input.AssociationConfig != null && {
+      AssociationConfig: serializeAws_json1_1AssociationConfig(input.AssociationConfig, context),
+    }),
     ...(input.CaptchaConfig != null && {
       CaptchaConfig: serializeAws_json1_1CaptchaConfig(input.CaptchaConfig, context),
     }),
@@ -5435,6 +5475,13 @@ const deserializeAws_json1_1AssociateWebACLResponse = (
   return {} as any;
 };
 
+const deserializeAws_json1_1AssociationConfig = (output: any, context: __SerdeContext): AssociationConfig => {
+  return {
+    RequestBody:
+      output.RequestBody != null ? deserializeAws_json1_1RequestBody(output.RequestBody, context) : undefined,
+  } as any;
+};
+
 const deserializeAws_json1_1AWSManagedRulesATPRuleSet = (
   output: any,
   context: __SerdeContext
@@ -6827,6 +6874,34 @@ const deserializeAws_json1_1ReleaseSummary = (output: any, context: __SerdeConte
   } as any;
 };
 
+const deserializeAws_json1_1RequestBody = (
+  output: any,
+  context: __SerdeContext
+): Record<string, RequestBodyAssociatedResourceTypeConfig> => {
+  return Object.entries(output).reduce(
+    (
+      acc: Record<string, RequestBodyAssociatedResourceTypeConfig>,
+      [key, value]: [AssociatedResourceType | string, any]
+    ) => {
+      if (value === null) {
+        return acc;
+      }
+      acc[key] = deserializeAws_json1_1RequestBodyAssociatedResourceTypeConfig(value, context);
+      return acc;
+    },
+    {}
+  );
+};
+
+const deserializeAws_json1_1RequestBodyAssociatedResourceTypeConfig = (
+  output: any,
+  context: __SerdeContext
+): RequestBodyAssociatedResourceTypeConfig => {
+  return {
+    DefaultSizeInspectionLimit: __expectString(output.DefaultSizeInspectionLimit),
+  } as any;
+};
+
 const deserializeAws_json1_1RequestInspection = (output: any, context: __SerdeContext): RequestInspection => {
   return {
     PasswordField:
@@ -7639,6 +7714,10 @@ const deserializeAws_json1_1WAFUnavailableEntityException = (
 const deserializeAws_json1_1WebACL = (output: any, context: __SerdeContext): WebACL => {
   return {
     ARN: __expectString(output.ARN),
+    AssociationConfig:
+      output.AssociationConfig != null
+        ? deserializeAws_json1_1AssociationConfig(output.AssociationConfig, context)
+        : undefined,
     Capacity: __expectLong(output.Capacity),
     CaptchaConfig:
       output.CaptchaConfig != null ? deserializeAws_json1_1CaptchaConfig(output.CaptchaConfig, context) : undefined,
diff --git a/codegen/sdk-codegen/aws-models/wafv2.json b/codegen/sdk-codegen/aws-models/wafv2.json
index b322d42fc4cd..cf853fda3ae0 100644
--- a/codegen/sdk-codegen/aws-models/wafv2.json
+++ b/codegen/sdk-codegen/aws-models/wafv2.json
@@ -62,7 +62,7 @@
         "InspectionLevel": {
           "target": "com.amazonaws.wafv2#InspectionLevel",
           "traits": {
-            "smithy.api#documentation": "<p>The inspection level to use for the Bot Control rule group. The common level is the least expensive. The \n           targeted level includes all common level rules and adds rules with more advanced inspection criteria. For \n   details, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html\">WAF Bot Control rule group</a>.</p>",
+            "smithy.api#documentation": "<p>The inspection level to use for the Bot Control rule group. The common level is the least expensive. The \n           targeted level includes all common level rules and adds rules with more advanced inspection criteria. For \n   details, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html\">WAF Bot Control rule group</a>\n               in the <i>WAF Developer Guide</i>.</p>",
             "smithy.api#required": {}
           }
         }
@@ -232,7 +232,7 @@
           "name": "wafv2"
         },
         "aws.protocols#awsJson1_1": {},
-        "smithy.api#documentation": "<fullname>WAF</fullname>\n         <note>\n            <p>This is the latest version of the <b>WAF</b> API,\n            released in November, 2019. The names of the entities that you use to access this API,\n            like endpoints and namespaces, all have the versioning information added, like \"V2\" or\n            \"v2\", to distinguish from the prior version. We recommend migrating your resources to\n            this version, because it has a number of significant improvements.</p>\n            <p>If you used WAF prior to this release, you can't use this WAFV2 API to access any\n            WAF resources that you created before. You can access your old rules, web ACLs, and\n            other WAF resources only through the WAF Classic APIs. The WAF Classic APIs\n            have retained the prior names, endpoints, and namespaces. </p>\n            <p>For information, including how to migrate your WAF resources to this version,\n            see the <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>\n         </note>\n         <p>WAF is a web application firewall that lets you monitor the HTTP and HTTPS\n         requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync\n      GraphQL API, Amazon Cognito user pool, or App Runner service. WAF also lets you control access to your content,\n      to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that\n         you specify, such as the IP addresses that requests originate from or the values of query\n         strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code\n         (Forbidden), or with a custom response. </p>\n         <p>This API guide is for developers who need detailed information about WAF API actions,\n         data types, and errors. For detailed information about WAF features and guidance for configuring and using \n         WAF, see the <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html\">WAF Developer\n         Guide</a>.</p>\n         <p>You can make calls using the endpoints listed in <a href=\"https://docs.aws.amazon.com/general/latest/gr/waf.html\">WAF endpoints and quotas</a>. </p>\n         <ul>\n            <li>\n               <p>For regional applications, you can use any of the endpoints in the list.\n               A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service. </p>\n            </li>\n            <li>\n               <p>For Amazon CloudFront applications, you must use the API endpoint listed for\n               US East (N. Virginia): us-east-1.</p>\n            </li>\n         </ul>\n         <p>Alternatively, you can use one of the Amazon Web Services SDKs to access an API that's tailored to the\n         programming language or platform that you're using. For more information, see <a href=\"http://aws.amazon.com/tools/#SDKs\">Amazon Web Services SDKs</a>.</p>\n         <p>We currently provide two versions of the WAF API: this API and the prior versions,\n         the classic WAF APIs. This new API provides the same functionality as the older versions,\n         with the following major improvements:</p>\n         <ul>\n            <li>\n               <p>You use one API for both global and regional applications. Where you need to\n               distinguish the scope, you specify a <code>Scope</code> parameter and set it to\n                  <code>CLOUDFRONT</code> or <code>REGIONAL</code>. </p>\n            </li>\n            <li>\n               <p>You can define a web ACL or rule group with a single call, and update it with a\n               single call. You define all rule specifications in JSON format, and pass them to your\n               rule group or web ACL calls.</p>\n            </li>\n            <li>\n               <p>The limits WAF places on the use of rules more closely reflects the cost of\n               running each type of rule. Rule groups include capacity settings, so you know the\n               maximum cost of a rule group when you use it.</p>\n            </li>\n         </ul>",
+        "smithy.api#documentation": "<fullname>WAF</fullname>\n         <note>\n            <p>This is the latest version of the <b>WAF</b> API,\n            released in November, 2019. The names of the entities that you use to access this API,\n            like endpoints and namespaces, all have the versioning information added, like \"V2\" or\n            \"v2\", to distinguish from the prior version. We recommend migrating your resources to\n            this version, because it has a number of significant improvements.</p>\n            <p>If you used WAF prior to this release, you can't use this WAFV2 API to access any\n            WAF resources that you created before. You can access your old rules, web ACLs, and\n            other WAF resources only through the WAF Classic APIs. The WAF Classic APIs\n            have retained the prior names, endpoints, and namespaces. </p>\n            <p>For information, including how to migrate your WAF resources to this version,\n            see the <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>\n         </note>\n         <p>WAF is a web application firewall that lets you monitor the HTTP and HTTPS\n         requests that are forwarded to an Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync\n      GraphQL API, Amazon Cognito user pool, or App Runner service. WAF also lets you control access to your content,\n      to protect the Amazon Web Services resource that WAF is monitoring. Based on conditions that\n         you specify, such as the IP addresses that requests originate from or the values of query\n         strings, the protected resource responds to requests with either the requested content, an HTTP 403 status code\n         (Forbidden), or with a custom response. </p>\n         <p>This API guide is for developers who need detailed information about WAF API actions,\n         data types, and errors. For detailed information about WAF features and guidance for configuring and using \n         WAF, see the <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html\">WAF Developer\n         Guide</a>.</p>\n         <p>You can make calls using the endpoints listed in <a href=\"https://docs.aws.amazon.com/general/latest/gr/waf.html\">WAF endpoints and quotas</a>. </p>\n         <ul>\n            <li>\n               <p>For regional applications, you can use any of the endpoints in the list.\n               A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. </p>\n            </li>\n            <li>\n               <p>For Amazon CloudFront applications, you must use the API endpoint listed for\n               US East (N. Virginia): us-east-1.</p>\n            </li>\n         </ul>\n         <p>Alternatively, you can use one of the Amazon Web Services SDKs to access an API that's tailored to the\n         programming language or platform that you're using. For more information, see <a href=\"http://aws.amazon.com/tools/#SDKs\">Amazon Web Services SDKs</a>.</p>\n         <p>We currently provide two versions of the WAF API: this API and the prior versions,\n         the classic WAF APIs. This new API provides the same functionality as the older versions,\n         with the following major improvements:</p>\n         <ul>\n            <li>\n               <p>You use one API for both global and regional applications. Where you need to\n               distinguish the scope, you specify a <code>Scope</code> parameter and set it to\n                  <code>CLOUDFRONT</code> or <code>REGIONAL</code>. </p>\n            </li>\n            <li>\n               <p>You can define a web ACL or rule group with a single call, and update it with a\n               single call. You define all rule specifications in JSON format, and pass them to your\n               rule group or web ACL calls.</p>\n            </li>\n            <li>\n               <p>The limits WAF places on the use of rules more closely reflects the cost of\n               running each type of rule. Rule groups include capacity settings, so you know the\n               maximum cost of a rule group when you use it.</p>\n            </li>\n         </ul>",
         "smithy.api#title": "AWS WAFV2",
         "smithy.api#xmlNamespace": {
           "uri": "http://waf.amazonaws.com/doc/2019-07-29/"
@@ -563,500 +563,6 @@
                           "conditions": [],
                           "type": "tree",
                           "rules": [
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "af-south-1"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.af-south-1.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "ap-east-1"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.ap-east-1.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "ap-northeast-1"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.ap-northeast-1.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "ap-northeast-2"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.ap-northeast-2.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "ap-northeast-3"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.ap-northeast-3.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "ap-south-1"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.ap-south-1.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "ap-southeast-1"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.ap-southeast-1.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "ap-southeast-2"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.ap-southeast-2.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "ap-southeast-3"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.ap-southeast-3.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "ca-central-1"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.ca-central-1.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "eu-central-1"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.eu-central-1.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "eu-north-1"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.eu-north-1.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "eu-south-1"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.eu-south-1.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "eu-west-1"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.eu-west-1.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "eu-west-2"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.eu-west-2.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "eu-west-3"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.eu-west-3.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "me-south-1"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.me-south-1.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "sa-east-1"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.sa-east-1.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "us-east-1"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.us-east-1.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "us-east-2"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.us-east-2.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "us-west-1"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.us-west-1.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "us-west-2"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.us-west-2.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "cn-north-1"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.cn-north-1.amazonaws.com.cn",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "cn-northwest-1"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.cn-northwest-1.amazonaws.com.cn",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "us-gov-east-1"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.us-gov-east-1.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
-                            {
-                              "conditions": [
-                                {
-                                  "fn": "stringEquals",
-                                  "argv": [
-                                    {
-                                      "ref": "Region"
-                                    },
-                                    "us-gov-west-1"
-                                  ]
-                                }
-                              ],
-                              "endpoint": {
-                                "url": "https://wafv2.us-gov-west-1.amazonaws.com",
-                                "properties": {},
-                                "headers": {}
-                              },
-                              "type": "endpoint"
-                            },
                             {
                               "conditions": [],
                               "endpoint": {
@@ -1091,9 +597,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "af-south-1"
+                "Region": "af-south-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1104,9 +610,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "af-south-1"
+                "Region": "af-south-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1117,9 +623,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "ap-east-1"
+                "Region": "ap-east-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1130,9 +636,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "ap-east-1"
+                "Region": "ap-east-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1143,9 +649,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "ap-northeast-1"
+                "Region": "ap-northeast-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1156,9 +662,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "ap-northeast-1"
+                "Region": "ap-northeast-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1169,9 +675,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "ap-northeast-2"
+                "Region": "ap-northeast-2",
+                "UseDualStack": false
               }
             },
             {
@@ -1182,9 +688,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "ap-northeast-2"
+                "Region": "ap-northeast-2",
+                "UseDualStack": false
               }
             },
             {
@@ -1195,9 +701,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "ap-northeast-3"
+                "Region": "ap-northeast-3",
+                "UseDualStack": false
               }
             },
             {
@@ -1208,9 +714,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "ap-northeast-3"
+                "Region": "ap-northeast-3",
+                "UseDualStack": false
               }
             },
             {
@@ -1221,9 +727,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "ap-south-1"
+                "Region": "ap-south-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1234,9 +740,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "ap-south-1"
+                "Region": "ap-south-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1247,9 +753,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "ap-southeast-1"
+                "Region": "ap-southeast-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1260,9 +766,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "ap-southeast-1"
+                "Region": "ap-southeast-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1273,9 +779,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "ap-southeast-2"
+                "Region": "ap-southeast-2",
+                "UseDualStack": false
               }
             },
             {
@@ -1286,9 +792,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "ap-southeast-2"
+                "Region": "ap-southeast-2",
+                "UseDualStack": false
               }
             },
             {
@@ -1299,9 +805,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "ap-southeast-3"
+                "Region": "ap-southeast-3",
+                "UseDualStack": false
               }
             },
             {
@@ -1312,9 +818,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "ap-southeast-3"
+                "Region": "ap-southeast-3",
+                "UseDualStack": false
               }
             },
             {
@@ -1325,9 +831,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "ca-central-1"
+                "Region": "ca-central-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1338,9 +844,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "ca-central-1"
+                "Region": "ca-central-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1351,9 +857,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "eu-central-1"
+                "Region": "eu-central-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1364,9 +870,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "eu-central-1"
+                "Region": "eu-central-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1377,9 +883,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "eu-north-1"
+                "Region": "eu-north-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1390,9 +896,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "eu-north-1"
+                "Region": "eu-north-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1403,9 +909,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "eu-south-1"
+                "Region": "eu-south-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1416,9 +922,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "eu-south-1"
+                "Region": "eu-south-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1429,9 +935,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "eu-west-1"
+                "Region": "eu-west-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1442,9 +948,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "eu-west-1"
+                "Region": "eu-west-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1455,9 +961,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "eu-west-2"
+                "Region": "eu-west-2",
+                "UseDualStack": false
               }
             },
             {
@@ -1468,9 +974,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "eu-west-2"
+                "Region": "eu-west-2",
+                "UseDualStack": false
               }
             },
             {
@@ -1481,9 +987,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "eu-west-3"
+                "Region": "eu-west-3",
+                "UseDualStack": false
               }
             },
             {
@@ -1494,9 +1000,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "eu-west-3"
+                "Region": "eu-west-3",
+                "UseDualStack": false
               }
             },
             {
@@ -1507,9 +1013,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "me-south-1"
+                "Region": "me-south-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1520,9 +1026,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "me-south-1"
+                "Region": "me-south-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1533,9 +1039,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "sa-east-1"
+                "Region": "sa-east-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1546,9 +1052,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "sa-east-1"
+                "Region": "sa-east-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1559,9 +1065,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "us-east-1"
+                "Region": "us-east-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1572,9 +1078,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "us-east-1"
+                "Region": "us-east-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1585,9 +1091,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "us-east-2"
+                "Region": "us-east-2",
+                "UseDualStack": false
               }
             },
             {
@@ -1598,9 +1104,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "us-east-2"
+                "Region": "us-east-2",
+                "UseDualStack": false
               }
             },
             {
@@ -1611,9 +1117,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "us-west-1"
+                "Region": "us-west-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1624,9 +1130,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "us-west-1"
+                "Region": "us-west-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1637,9 +1143,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "us-west-2"
+                "Region": "us-west-2",
+                "UseDualStack": false
               }
             },
             {
@@ -1650,9 +1156,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "us-west-2"
+                "Region": "us-west-2",
+                "UseDualStack": false
               }
             },
             {
@@ -1663,9 +1169,9 @@
                 }
               },
               "params": {
-                "UseDualStack": true,
                 "UseFIPS": true,
-                "Region": "us-east-1"
+                "Region": "us-east-1",
+                "UseDualStack": true
               }
             },
             {
@@ -1676,9 +1182,9 @@
                 }
               },
               "params": {
-                "UseDualStack": true,
                 "UseFIPS": false,
-                "Region": "us-east-1"
+                "Region": "us-east-1",
+                "UseDualStack": true
               }
             },
             {
@@ -1689,9 +1195,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "cn-north-1"
+                "Region": "cn-north-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1702,9 +1208,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "cn-north-1"
+                "Region": "cn-north-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1715,9 +1221,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "cn-northwest-1"
+                "Region": "cn-northwest-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1728,9 +1234,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "cn-northwest-1"
+                "Region": "cn-northwest-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1741,9 +1247,9 @@
                 }
               },
               "params": {
-                "UseDualStack": true,
                 "UseFIPS": true,
-                "Region": "cn-north-1"
+                "Region": "cn-north-1",
+                "UseDualStack": true
               }
             },
             {
@@ -1754,9 +1260,9 @@
                 }
               },
               "params": {
-                "UseDualStack": true,
                 "UseFIPS": false,
-                "Region": "cn-north-1"
+                "Region": "cn-north-1",
+                "UseDualStack": true
               }
             },
             {
@@ -1767,9 +1273,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "us-gov-east-1"
+                "Region": "us-gov-east-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1780,9 +1286,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "us-gov-east-1"
+                "Region": "us-gov-east-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1793,9 +1299,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "us-gov-west-1"
+                "Region": "us-gov-west-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1806,9 +1312,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "us-gov-west-1"
+                "Region": "us-gov-west-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1819,9 +1325,9 @@
                 }
               },
               "params": {
-                "UseDualStack": true,
                 "UseFIPS": true,
-                "Region": "us-gov-east-1"
+                "Region": "us-gov-east-1",
+                "UseDualStack": true
               }
             },
             {
@@ -1832,9 +1338,20 @@
                 }
               },
               "params": {
-                "UseDualStack": true,
                 "UseFIPS": false,
-                "Region": "us-gov-east-1"
+                "Region": "us-gov-east-1",
+                "UseDualStack": true
+              }
+            },
+            {
+              "documentation": "For region us-iso-east-1 with FIPS enabled and DualStack enabled",
+              "expect": {
+                "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+              },
+              "params": {
+                "UseFIPS": true,
+                "Region": "us-iso-east-1",
+                "UseDualStack": true
               }
             },
             {
@@ -1845,9 +1362,20 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "us-iso-east-1"
+                "Region": "us-iso-east-1",
+                "UseDualStack": false
+              }
+            },
+            {
+              "documentation": "For region us-iso-east-1 with FIPS disabled and DualStack enabled",
+              "expect": {
+                "error": "DualStack is enabled but this partition does not support DualStack"
+              },
+              "params": {
+                "UseFIPS": false,
+                "Region": "us-iso-east-1",
+                "UseDualStack": true
               }
             },
             {
@@ -1858,9 +1386,20 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "us-iso-east-1"
+                "Region": "us-iso-east-1",
+                "UseDualStack": false
+              }
+            },
+            {
+              "documentation": "For region us-isob-east-1 with FIPS enabled and DualStack enabled",
+              "expect": {
+                "error": "FIPS and DualStack are enabled, but this partition does not support one or both"
+              },
+              "params": {
+                "UseFIPS": true,
+                "Region": "us-isob-east-1",
+                "UseDualStack": true
               }
             },
             {
@@ -1871,9 +1410,20 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
-                "Region": "us-isob-east-1"
+                "Region": "us-isob-east-1",
+                "UseDualStack": false
+              }
+            },
+            {
+              "documentation": "For region us-isob-east-1 with FIPS disabled and DualStack enabled",
+              "expect": {
+                "error": "DualStack is enabled but this partition does not support DualStack"
+              },
+              "params": {
+                "UseFIPS": false,
+                "Region": "us-isob-east-1",
+                "UseDualStack": true
               }
             },
             {
@@ -1884,9 +1434,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
-                "Region": "us-isob-east-1"
+                "Region": "us-isob-east-1",
+                "UseDualStack": false
               }
             },
             {
@@ -1897,9 +1447,9 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
                 "Region": "us-east-1",
+                "UseDualStack": false,
                 "Endpoint": "https://example.com"
               }
             },
@@ -1911,8 +1461,8 @@
                 }
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": false,
+                "UseDualStack": false,
                 "Endpoint": "https://example.com"
               }
             },
@@ -1922,9 +1472,9 @@
                 "error": "Invalid Configuration: FIPS and custom endpoint are not supported"
               },
               "params": {
-                "UseDualStack": false,
                 "UseFIPS": true,
                 "Region": "us-east-1",
+                "UseDualStack": false,
                 "Endpoint": "https://example.com"
               }
             },
@@ -1934,11 +1484,17 @@
                 "error": "Invalid Configuration: Dualstack and custom endpoint are not supported"
               },
               "params": {
-                "UseDualStack": true,
                 "UseFIPS": false,
                 "Region": "us-east-1",
+                "UseDualStack": true,
                 "Endpoint": "https://example.com"
               }
+            },
+            {
+              "documentation": "Missing region",
+              "expect": {
+                "error": "Invalid Configuration: Missing Region"
+              }
             }
           ],
           "version": "1.0"
@@ -2024,7 +1580,7 @@
         "CustomRequestHandling": {
           "target": "com.amazonaws.wafv2#CustomRequestHandling",
           "traits": {
-            "smithy.api#documentation": "<p>Defines custom handling for the web request.</p>\n         <p>For information about customizing web requests and responses, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>"
+            "smithy.api#documentation": "<p>Defines custom handling for the web request.</p>\n         <p>For information about customizing web requests and responses, \n           see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> \n    in the <i>WAF Developer Guide</i>. </p>"
           }
         }
       },
@@ -2073,7 +1629,7 @@
         }
       ],
       "traits": {
-        "smithy.api#documentation": "<p>Associates a web ACL with a regional application resource, to protect the resource.\n         A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To\n         associate a web ACL, in the CloudFront call <code>UpdateDistribution</code>, set the web ACL ID\n         to the Amazon Resource Name (ARN) of the web ACL. For information, see <a href=\"https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html\">UpdateDistribution</a>.</p>\n         <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>"
+        "smithy.api#documentation": "<p>Associates a web ACL with a regional application resource, to protect the resource.\n         A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To\n         associate a web ACL, in the CloudFront call <code>UpdateDistribution</code>, set the web ACL ID\n         to the Amazon Resource Name (ARN) of the web ACL. For information, see <a href=\"https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html\">UpdateDistribution</a> in the <i>Amazon CloudFront Developer Guide</i>. </p>\n         <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>"
       }
     },
     "com.amazonaws.wafv2#AssociateWebACLRequest": {
@@ -2089,7 +1645,7 @@
         "ResourceArn": {
           "target": "com.amazonaws.wafv2#ResourceArn",
           "traits": {
-            "smithy.api#documentation": "<p>The Amazon Resource Name (ARN) of the resource to associate with the web ACL. </p>\n         <p>The ARN must be in one of the following formats:</p>\n         <ul>\n            <li>\n               <p>For an Application Load Balancer: <code>arn:aws:elasticloadbalancing:<i>region</i>:<i>account-id</i>:loadbalancer/app/<i>load-balancer-name</i>/<i>load-balancer-id</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an Amazon API Gateway REST API: <code>arn:aws:apigateway:<i>region</i>::/restapis/<i>api-id</i>/stages/<i>stage-name</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an AppSync GraphQL API: <code>arn:aws:appsync:<i>region</i>:<i>account-id</i>:apis/<i>GraphQLApiId</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an Amazon Cognito user pool: <code>arn:aws:cognito-idp:<i>region</i>:<i>account-id</i>:userpool/<i>user-pool-id</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an App Runner service: <code>arn:aws:apprunner:<i>region</i>:<i>account-id</i>:service/<i>apprunner-service-name</i>/<i>apprunner-service-id</i>\n                  </code>\n               </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>The Amazon Resource Name (ARN) of the resource to associate with the web ACL. </p>\n         <p>The ARN must be in one of the following formats:</p>\n         <ul>\n            <li>\n               <p>For an Application Load Balancer: <code>arn:<i>partition</i>:elasticloadbalancing:<i>region</i>:<i>account-id</i>:loadbalancer/app/<i>load-balancer-name</i>/<i>load-balancer-id</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an Amazon API Gateway REST API: <code>arn:<i>partition</i>:apigateway:<i>region</i>::/restapis/<i>api-id</i>/stages/<i>stage-name</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an AppSync GraphQL API: <code>arn:<i>partition</i>:appsync:<i>region</i>:<i>account-id</i>:apis/<i>GraphQLApiId</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an Amazon Cognito user pool: <code>arn:<i>partition</i>:cognito-idp:<i>region</i>:<i>account-id</i>:userpool/<i>user-pool-id</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an App Runner service: <code>arn:<i>partition</i>:apprunner:<i>region</i>:<i>account-id</i>:service/<i>apprunner-service-name</i>/<i>apprunner-service-id</i>\n                  </code>\n               </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         }
@@ -2105,13 +1661,38 @@
         "smithy.api#output": {}
       }
     },
+    "com.amazonaws.wafv2#AssociatedResourceType": {
+      "type": "enum",
+      "members": {
+        "CLOUDFRONT": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "CLOUDFRONT"
+          }
+        }
+      }
+    },
+    "com.amazonaws.wafv2#AssociationConfig": {
+      "type": "structure",
+      "members": {
+        "RequestBody": {
+          "target": "com.amazonaws.wafv2#RequestBody",
+          "traits": {
+            "smithy.api#documentation": "<p>Customizes the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default size is 16 KB (16,384 kilobytes). </p>\n         <note>\n            <p>You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see <a href=\"http://aws.amazon.com/waf/pricing/\">WAF Pricing</a>.</p>\n         </note>"
+          }
+        }
+      },
+      "traits": {
+        "smithy.api#documentation": "<p>Specifies custom configurations for the associations between the web ACL and protected resources.  </p>\n         <p>Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes). </p>\n         <note>\n            <p>You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see <a href=\"http://aws.amazon.com/waf/pricing/\">WAF Pricing</a>.</p>\n         </note>"
+      }
+    },
     "com.amazonaws.wafv2#BlockAction": {
       "type": "structure",
       "members": {
         "CustomResponse": {
           "target": "com.amazonaws.wafv2#CustomResponse",
           "traits": {
-            "smithy.api#documentation": "<p>Defines a custom response for the web request.</p>\n         <p>For information about customizing web requests and responses, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>"
+            "smithy.api#documentation": "<p>Defines a custom response for the web request.</p>\n         <p>For information about customizing web requests and responses, \n           see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> \n    in the <i>WAF Developer Guide</i>. </p>"
           }
         }
       },
@@ -2125,7 +1706,7 @@
         "OversizeHandling": {
           "target": "com.amazonaws.wafv2#OversizeHandling",
           "traits": {
-            "smithy.api#documentation": "<p>What WAF should do if the body is larger than WAF can inspect. \n    WAF does not support inspecting the entire contents of the body of a web request\n      when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to\n    WAF by the underlying host service. </p>\n         <p>The options for oversize handling are the following:</p>\n         <ul>\n            <li>\n               <p>\n                  <code>CONTINUE</code> - Inspect the body normally, according to the rule inspection criteria. </p>\n            </li>\n            <li>\n               <p>\n                  <code>MATCH</code> - Treat the web request as matching the rule statement. WAF\n               applies the rule action to the request.</p>\n            </li>\n            <li>\n               <p>\n                  <code>NO_MATCH</code> - Treat the web request as not matching the rule\n               statement.</p>\n            </li>\n         </ul>\n         <p>You can combine the <code>MATCH</code> or <code>NO_MATCH</code>\n      settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over 8 KB. </p>\n         <p>Default: <code>CONTINUE</code>\n         </p>"
+            "smithy.api#documentation": "<p>What WAF should do if the body is larger than WAF can inspect. \n    WAF does not support inspecting the entire contents of the web request body if the body \n    exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service \n    only forwards the contents that are below the limit to WAF for inspection. </p>\n         <p>The default limit is 8 KB (8,192 kilobytes) for regional resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions, \n    you can increase the limit in the web ACL <code>AssociationConfig</code>, for additional processing fees. </p>\n         <p>The options for oversize handling are the following:</p>\n         <ul>\n            <li>\n               <p>\n                  <code>CONTINUE</code> - Inspect the body normally, according to the rule inspection criteria. </p>\n            </li>\n            <li>\n               <p>\n                  <code>MATCH</code> - Treat the web request as matching the rule statement. WAF\n               applies the rule action to the request.</p>\n            </li>\n            <li>\n               <p>\n                  <code>NO_MATCH</code> - Treat the web request as not matching the rule\n               statement.</p>\n            </li>\n         </ul>\n         <p>You can combine the <code>MATCH</code> or <code>NO_MATCH</code>\n      settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit. </p>\n         <p>Default: <code>CONTINUE</code>\n         </p>"
           }
         }
       },
@@ -2213,7 +1794,7 @@
         "CustomRequestHandling": {
           "target": "com.amazonaws.wafv2#CustomRequestHandling",
           "traits": {
-            "smithy.api#documentation": "<p>Defines custom handling for the web request, used when the <code>CAPTCHA</code> inspection determines that the request's token is valid and unexpired.</p>\n         <p>For information about customizing web requests and responses, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>"
+            "smithy.api#documentation": "<p>Defines custom handling for the web request, used when the <code>CAPTCHA</code> inspection determines that the request's token is valid and unexpired.</p>\n         <p>For information about customizing web requests and responses, \n           see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> \n    in the <i>WAF Developer Guide</i>. </p>"
           }
         }
       },
@@ -2267,7 +1848,7 @@
         "CustomRequestHandling": {
           "target": "com.amazonaws.wafv2#CustomRequestHandling",
           "traits": {
-            "smithy.api#documentation": "<p>Defines custom handling for the web request, used when the challenge inspection determines that the request's token is valid and unexpired.</p>\n         <p>For information about customizing web requests and responses, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>"
+            "smithy.api#documentation": "<p>Defines custom handling for the web request, used when the challenge inspection determines that the request's token is valid and unexpired.</p>\n         <p>For information about customizing web requests and responses, \n           see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> \n    in the <i>WAF Developer Guide</i>. </p>"
           }
         }
       },
@@ -2353,7 +1934,7 @@
         }
       ],
       "traits": {
-        "smithy.api#documentation": "<p>Returns the web ACL capacity unit (WCU) requirements for a specified scope and set of rules. \n         You can use this to check the capacity requirements for the rules you want to use in a \n         <a>RuleGroup</a> or <a>WebACL</a>. \n         </p>\n         <p>WAF uses WCUs to calculate and control the operating\n         resources that are used to run your rules, rule groups, and web ACLs. WAF\n         calculates capacity differently for each rule type, to reflect the relative cost of each rule. \n         Simple rules that cost little to run use fewer WCUs than more complex rules\n\t\t\t\tthat use more processing power. \n\t\t\t\tRule group capacity is fixed at creation, which helps users plan their  \n         web ACL WCU usage when they use a rule group. \n         The WCU limit for web ACLs is 1,500.  </p>"
+        "smithy.api#documentation": "<p>Returns the web ACL capacity unit (WCU) requirements for a specified scope and set of rules. \n         You can use this to check the capacity requirements for the rules you want to use in a \n         <a>RuleGroup</a> or <a>WebACL</a>. \n         </p>\n         <p>WAF uses WCUs to calculate and control the operating\n         resources that are used to run your rules, rule groups, and web ACLs. WAF\n         calculates capacity differently for each rule type, to reflect the relative cost of each rule. \n         Simple rules that cost little to run use fewer WCUs than more complex rules\n\t\t\t\tthat use more processing power. \n\t\t\t\tRule group capacity is fixed at creation, which helps users plan their  \n         web ACL WCU usage when they use a rule group. For more information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html\">WAF web ACL capacity units (WCU)</a> \n    in the <i>WAF Developer Guide</i>. </p>"
       }
     },
     "com.amazonaws.wafv2#CheckCapacityRequest": {
@@ -2362,7 +1943,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -2547,7 +2128,7 @@
         "CustomRequestHandling": {
           "target": "com.amazonaws.wafv2#CustomRequestHandling",
           "traits": {
-            "smithy.api#documentation": "<p>Defines custom handling for the web request.</p>\n         <p>For information about customizing web requests and responses, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>"
+            "smithy.api#documentation": "<p>Defines custom handling for the web request.</p>\n         <p>For information about customizing web requests and responses, \n           see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> \n    in the <i>WAF Developer Guide</i>. </p>"
           }
         }
       },
@@ -4125,7 +3706,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -4225,7 +3806,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -4327,7 +3908,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -4335,7 +3916,7 @@
           "target": "com.amazonaws.wafv2#CapacityUnit",
           "traits": {
             "smithy.api#default": 0,
-            "smithy.api#documentation": "<p>The web ACL capacity units (WCUs) required for this rule group.</p>\n         <p>When you create your own rule group, you define this, and you cannot change it after creation. \n          When you add or modify the rules in a rule group, WAF enforces this limit. You can check the capacity \n          for a set of rules using <a>CheckCapacity</a>.</p>\n         <p>WAF uses WCUs to calculate and control the operating\n         resources that are used to run your rules, rule groups, and web ACLs. WAF\n         calculates capacity differently for each rule type, to reflect the relative cost of each rule. \n         Simple rules that cost little to run use fewer WCUs than more complex rules\n\t\t\t\tthat use more processing power. \n\t\t\t\tRule group capacity is fixed at creation, which helps users plan their  \n         web ACL WCU usage when they use a rule group. \n         The WCU limit for web ACLs is 1,500.  </p>",
+            "smithy.api#documentation": "<p>The web ACL capacity units (WCUs) required for this rule group.</p>\n         <p>When you create your own rule group, you define this, and you cannot change it after creation. \n          When you add or modify the rules in a rule group, WAF enforces this limit. You can check the capacity \n          for a set of rules using <a>CheckCapacity</a>.</p>\n         <p>WAF uses WCUs to calculate and control the operating\n         resources that are used to run your rules, rule groups, and web ACLs. WAF\n         calculates capacity differently for each rule type, to reflect the relative cost of each rule. \n         Simple rules that cost little to run use fewer WCUs than more complex rules\n\t\t\t\tthat use more processing power. \n\t\t\t\tRule group capacity is fixed at creation, which helps users plan their  \n         web ACL WCU usage when they use a rule group. For more information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html\">WAF web ACL capacity units (WCU)</a> \n    in the <i>WAF Developer Guide</i>. </p>",
             "smithy.api#required": {}
           }
         },
@@ -4367,7 +3948,7 @@
         "CustomResponseBodies": {
           "target": "com.amazonaws.wafv2#CustomResponseBodies",
           "traits": {
-            "smithy.api#documentation": "<p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the rule group, and then use them in the rules that you define in the rule group. </p>\n         <p>For information about customizing web requests and responses, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>\n         <p>For information about the limits on count and size for custom request and response settings, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/limits.html\">WAF quotas</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>"
+            "smithy.api#documentation": "<p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the rule group, and then use them in the rules that you define in the rule group. </p>\n         <p>For information about customizing web requests and responses, \n           see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> \n    in the <i>WAF Developer Guide</i>. </p>\n         <p>For information about the limits on count and size for custom request and response settings, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/limits.html\">WAF quotas</a> \n     in the <i>WAF Developer Guide</i>. </p>"
           }
         }
       },
@@ -4442,7 +4023,7 @@
         }
       ],
       "traits": {
-        "smithy.api#documentation": "<p>Creates a <a>WebACL</a> per the specifications provided.</p>\n         <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.  </p>"
+        "smithy.api#documentation": "<p>Creates a <a>WebACL</a> per the specifications provided.</p>\n         <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>"
       }
     },
     "com.amazonaws.wafv2#CreateWebACLRequest": {
@@ -4458,7 +4039,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -4497,7 +4078,7 @@
         "CustomResponseBodies": {
           "target": "com.amazonaws.wafv2#CustomResponseBodies",
           "traits": {
-            "smithy.api#documentation": "<p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL. </p>\n         <p>For information about customizing web requests and responses, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>\n         <p>For information about the limits on count and size for custom request and response settings, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/limits.html\">WAF quotas</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>"
+            "smithy.api#documentation": "<p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL. </p>\n         <p>For information about customizing web requests and responses, \n           see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> \n    in the <i>WAF Developer Guide</i>. </p>\n         <p>For information about the limits on count and size for custom request and response settings, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/limits.html\">WAF quotas</a> \n     in the <i>WAF Developer Guide</i>. </p>"
           }
         },
         "CaptchaConfig": {
@@ -4517,6 +4098,12 @@
           "traits": {
             "smithy.api#documentation": "<p>Specifies the domains that WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When WAF provides a token, it uses the domain of the Amazon Web Services resource that the web ACL is protecting. If you don't specify a list of token domains, WAF accepts tokens only for the domain of the protected resource. With a token domain list, WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.</p>\n         <p>Example JSON: <code>\"TokenDomains\": { \"mywebsite.com\", \"myotherwebsite.com\" }</code>\n         </p>\n         <p>Public suffixes aren't allowed. For example, you can't use <code>usa.gov</code> or <code>co.uk</code> as token domains.</p>"
           }
+        },
+        "AssociationConfig": {
+          "target": "com.amazonaws.wafv2#AssociationConfig",
+          "traits": {
+            "smithy.api#documentation": "<p>Specifies custom configurations for the associations between the web ACL and protected resources.  </p>\n         <p>Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes). </p>\n         <note>\n            <p>You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see <a href=\"http://aws.amazon.com/waf/pricing/\">WAF Pricing</a>.</p>\n         </note>"
+          }
         }
       },
       "traits": {
@@ -4596,13 +4183,13 @@
         "InsertHeaders": {
           "target": "com.amazonaws.wafv2#CustomHTTPHeaders",
           "traits": {
-            "smithy.api#documentation": "<p>The HTTP headers to insert into the request. Duplicate header names are not allowed. </p>\n         <p>For information about the limits on count and size for custom request and response settings, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/limits.html\">WAF quotas</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>",
+            "smithy.api#documentation": "<p>The HTTP headers to insert into the request. Duplicate header names are not allowed. </p>\n         <p>For information about the limits on count and size for custom request and response settings, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/limits.html\">WAF quotas</a> \n     in the <i>WAF Developer Guide</i>. </p>",
             "smithy.api#required": {}
           }
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p>Custom request handling behavior that inserts custom headers into a web request. You can\n      add custom request handling for WAF to use when the rule action doesn't block the request. \n          For example, <code>CaptchaAction</code> for requests with valid t okens, and <code>AllowAction</code>. </p>\n         <p>For information about customizing web requests and responses, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>"
+        "smithy.api#documentation": "<p>Custom request handling behavior that inserts custom headers into a web request. You can\n      add custom request handling for WAF to use when the rule action doesn't block the request. \n          For example, <code>CaptchaAction</code> for requests with valid t okens, and <code>AllowAction</code>. </p>\n         <p>For information about customizing web requests and responses, \n           see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> \n    in the <i>WAF Developer Guide</i>. </p>"
       }
     },
     "com.amazonaws.wafv2#CustomResponse": {
@@ -4611,7 +4198,7 @@
         "ResponseCode": {
           "target": "com.amazonaws.wafv2#ResponseStatusCode",
           "traits": {
-            "smithy.api#documentation": "<p>The HTTP status code to return to the client. </p>\n         <p>For a list of status codes that you can use in your custom responses, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html\">Supported status codes for custom response</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>",
+            "smithy.api#documentation": "<p>The HTTP status code to return to the client. </p>\n         <p>For a list of status codes that you can use in your custom responses, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html\">Supported status codes for custom response</a> \n     in the <i>WAF Developer Guide</i>. </p>",
             "smithy.api#required": {}
           }
         },
@@ -4624,12 +4211,12 @@
         "ResponseHeaders": {
           "target": "com.amazonaws.wafv2#CustomHTTPHeaders",
           "traits": {
-            "smithy.api#documentation": "<p>The HTTP headers to use in the response. Duplicate header names are not allowed. </p>\n         <p>For information about the limits on count and size for custom request and response settings, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/limits.html\">WAF quotas</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>"
+            "smithy.api#documentation": "<p>The HTTP headers to use in the response. Duplicate header names are not allowed. </p>\n         <p>For information about the limits on count and size for custom request and response settings, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/limits.html\">WAF quotas</a> \n     in the <i>WAF Developer Guide</i>. </p>"
           }
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p>A custom response to send to the client. You can define a custom response for rule\n         actions and default web ACL actions that are set to <a>BlockAction</a>. </p>\n         <p>For information about customizing web requests and responses, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>"
+        "smithy.api#documentation": "<p>A custom response to send to the client. You can define a custom response for rule\n         actions and default web ACL actions that are set to <a>BlockAction</a>. </p>\n         <p>For information about customizing web requests and responses, \n           see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> \n    in the <i>WAF Developer Guide</i>. </p>"
       }
     },
     "com.amazonaws.wafv2#CustomResponseBodies": {
@@ -4659,7 +4246,7 @@
         "Content": {
           "target": "com.amazonaws.wafv2#ResponseContent",
           "traits": {
-            "smithy.api#documentation": "<p>The payload of the custom response. </p>\n         <p>You can use JSON escape strings in JSON content. To do this, you must specify JSON\n         content in the <code>ContentType</code> setting. </p>\n         <p>For information about the limits on count and size for custom request and response settings, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/limits.html\">WAF quotas</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>",
+            "smithy.api#documentation": "<p>The payload of the custom response. </p>\n         <p>You can use JSON escape strings in JSON content. To do this, you must specify JSON\n         content in the <code>ContentType</code> setting. </p>\n         <p>For information about the limits on count and size for custom request and response settings, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/limits.html\">WAF quotas</a> \n     in the <i>WAF Developer Guide</i>. </p>",
             "smithy.api#required": {}
           }
         }
@@ -4804,7 +4391,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -4981,7 +4568,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -5062,7 +4649,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -5127,7 +4714,7 @@
         }
       ],
       "traits": {
-        "smithy.api#documentation": "<p>Deletes the specified <a>WebACL</a>. </p>\n         <p>You can only use this if <code>ManagedByFirewallManager</code> is false in the specified\n            <a>WebACL</a>. </p>\n         <note>\n            <p>Before deleting any web ACL, first disassociate it from all resources.</p>\n            <ul>\n               <li>\n                  <p>To retrieve a list of the resources that are associated with a web ACL, use the\n                  following calls:</p>\n                  <ul>\n                     <li>\n                        <p>For regional resources, call <a>ListResourcesForWebACL</a>.</p>\n                     </li>\n                     <li>\n                        <p>For Amazon CloudFront distributions, use the CloudFront call\n                           <code>ListDistributionsByWebACLId</code>. For information, see <a href=\"https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributionsByWebACLId.html\">ListDistributionsByWebACLId</a>.</p>\n                     </li>\n                  </ul>\n               </li>\n               <li>\n                  <p>To disassociate a resource from a web ACL, use the following calls:</p>\n                  <ul>\n                     <li>\n                        <p>For regional resources, call <a>DisassociateWebACL</a>.</p>\n                     </li>\n                     <li>\n                        <p>For Amazon CloudFront distributions, provide an empty web ACL ID in the CloudFront call\n                           <code>UpdateDistribution</code>. For information, see <a href=\"https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html\">UpdateDistribution</a>.</p>\n                     </li>\n                  </ul>\n               </li>\n            </ul>\n         </note>"
+        "smithy.api#documentation": "<p>Deletes the specified <a>WebACL</a>. </p>\n         <p>You can only use this if <code>ManagedByFirewallManager</code> is false in the specified\n            <a>WebACL</a>. </p>\n         <note>\n            <p>Before deleting any web ACL, first disassociate it from all resources.</p>\n            <ul>\n               <li>\n                  <p>To retrieve a list of the resources that are associated with a web ACL, use the\n                  following calls:</p>\n                  <ul>\n                     <li>\n                        <p>For regional resources, call <a>ListResourcesForWebACL</a>.</p>\n                     </li>\n                     <li>\n                        <p>For Amazon CloudFront distributions, use the CloudFront call\n                           <code>ListDistributionsByWebACLId</code>. For information, see <a href=\"https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributionsByWebACLId.html\">ListDistributionsByWebACLId</a> \n                               in the <i>Amazon CloudFront API Reference</i>. </p>\n                     </li>\n                  </ul>\n               </li>\n               <li>\n                  <p>To disassociate a resource from a web ACL, use the following calls:</p>\n                  <ul>\n                     <li>\n                        <p>For regional resources, call <a>DisassociateWebACL</a>.</p>\n                     </li>\n                     <li>\n                        <p>For Amazon CloudFront distributions, provide an empty web ACL ID in the CloudFront call\n                           <code>UpdateDistribution</code>. For information, see <a href=\"https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html\">UpdateDistribution</a>\n                               in the <i>Amazon CloudFront API Reference</i>. </p>\n                     </li>\n                  </ul>\n               </li>\n            </ul>\n         </note>"
       }
     },
     "com.amazonaws.wafv2#DeleteWebACLRequest": {
@@ -5143,7 +4730,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -5225,7 +4812,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -5259,7 +4846,7 @@
           "target": "com.amazonaws.wafv2#CapacityUnit",
           "traits": {
             "smithy.api#default": 0,
-            "smithy.api#documentation": "<p>The web ACL capacity units (WCUs) required for this rule group. WAF uses web ACL\n         capacity units (WCU) to calculate and control the operating resources that are used to run\n         your rules, rule groups, and web ACLs. WAF calculates capacity differently for each rule\n         type, to reflect each rule's relative cost. Rule group capacity is fixed at creation, so\n         users can plan their web ACL WCU usage when they use a rule group. The WCU limit for web\n         ACLs is 1,500. </p>"
+            "smithy.api#documentation": "<p>The web ACL capacity units (WCUs) required for this rule group.</p>\n         <p>WAF uses WCUs to calculate and control the operating\n         resources that are used to run your rules, rule groups, and web ACLs. WAF\n         calculates capacity differently for each rule type, to reflect the relative cost of each rule. \n         Simple rules that cost little to run use fewer WCUs than more complex rules\n\t\t\t\tthat use more processing power. \n\t\t\t\tRule group capacity is fixed at creation, which helps users plan their  \n         web ACL WCU usage when they use a rule group. For more information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html\">WAF web ACL capacity units (WCU)</a> \n    in the <i>WAF Developer Guide</i>. </p>"
           }
         },
         "Rules": {
@@ -5314,7 +4901,7 @@
         }
       ],
       "traits": {
-        "smithy.api#documentation": "<p>Disassociates the specified regional application resource from any existing web ACL\n         association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To\n         disassociate a web ACL, provide an empty web ACL ID in the CloudFront call\n            <code>UpdateDistribution</code>. For information, see <a href=\"https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html\">UpdateDistribution</a>.</p>"
+        "smithy.api#documentation": "<p>Disassociates the specified regional application resource from any existing web ACL\n         association. A resource can have at most one web ACL association. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>For Amazon CloudFront, don't use this call. Instead, use your CloudFront distribution configuration. To\n         disassociate a web ACL, provide an empty web ACL ID in the CloudFront call\n            <code>UpdateDistribution</code>. For information, see <a href=\"https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html\">UpdateDistribution</a> in the <i>Amazon CloudFront API Reference</i>. </p>"
       }
     },
     "com.amazonaws.wafv2#DisassociateWebACLRequest": {
@@ -5323,7 +4910,7 @@
         "ResourceArn": {
           "target": "com.amazonaws.wafv2#ResourceArn",
           "traits": {
-            "smithy.api#documentation": "<p>The Amazon Resource Name (ARN) of the resource to disassociate from the web ACL. </p>\n         <p>The ARN must be in one of the following formats:</p>\n         <ul>\n            <li>\n               <p>For an Application Load Balancer: <code>arn:aws:elasticloadbalancing:<i>region</i>:<i>account-id</i>:loadbalancer/app/<i>load-balancer-name</i>/<i>load-balancer-id</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an Amazon API Gateway REST API: <code>arn:aws:apigateway:<i>region</i>::/restapis/<i>api-id</i>/stages/<i>stage-name</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an AppSync GraphQL API: <code>arn:aws:appsync:<i>region</i>:<i>account-id</i>:apis/<i>GraphQLApiId</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an Amazon Cognito user pool: <code>arn:aws:cognito-idp:<i>region</i>:<i>account-id</i>:userpool/<i>user-pool-id</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an App Runner service: <code>arn:aws:apprunner:<i>region</i>:<i>account-id</i>:service/<i>apprunner-service-name</i>/<i>apprunner-service-id</i>\n                  </code>\n               </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>The Amazon Resource Name (ARN) of the resource to disassociate from the web ACL. </p>\n         <p>The ARN must be in one of the following formats:</p>\n         <ul>\n            <li>\n               <p>For an Application Load Balancer: <code>arn:<i>partition</i>:elasticloadbalancing:<i>region</i>:<i>account-id</i>:loadbalancer/app/<i>load-balancer-name</i>/<i>load-balancer-id</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an Amazon API Gateway REST API: <code>arn:<i>partition</i>:apigateway:<i>region</i>::/restapis/<i>api-id</i>/stages/<i>stage-name</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an AppSync GraphQL API: <code>arn:<i>partition</i>:appsync:<i>region</i>:<i>account-id</i>:apis/<i>GraphQLApiId</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an Amazon Cognito user pool: <code>arn:<i>partition</i>:cognito-idp:<i>region</i>:<i>account-id</i>:userpool/<i>user-pool-id</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an App Runner service: <code>arn:<i>partition</i>:apprunner:<i>region</i>:<i>account-id</i>:service/<i>apprunner-service-name</i>/<i>apprunner-service-id</i>\n                  </code>\n               </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         }
@@ -5517,7 +5104,7 @@
         "Body": {
           "target": "com.amazonaws.wafv2#Body",
           "traits": {
-            "smithy.api#documentation": "<p>Inspect the request body as plain text. The request body immediately follows the request\n         headers. This is the part of a request that contains any additional data that you want to\n         send to your web server as the HTTP request body, such as data from a form. </p>\n         <p>Only the first 8 KB (8192 bytes) of the request body are forwarded to WAF for\n         inspection by the underlying host service. For information about how to handle oversized\n         request bodies, see the <code>Body</code> object configuration. </p>"
+            "smithy.api#documentation": "<p>Inspect the request body as plain text. The request body immediately follows the request\n         headers. This is the part of a request that contains any additional data that you want to\n         send to your web server as the HTTP request body, such as data from a form. </p>\n         <p>A limited amount of the request body is forwarded to WAF for\n      inspection by the underlying host service. For regional resources, the limit is 8 KB (8,192 kilobytes) and for CloudFront distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront distributions,\n    you can increase the limit in the web ACL's <code>AssociationConfig</code>, for additional processing fees. </p>\n         <p>For information about how to handle oversized\n         request bodies, see the <code>Body</code> object configuration. </p>"
           }
         },
         "Method": {
@@ -5529,7 +5116,7 @@
         "JsonBody": {
           "target": "com.amazonaws.wafv2#JsonBody",
           "traits": {
-            "smithy.api#documentation": "<p>Inspect the request body as JSON. The request body immediately follows the request\n         headers. This is the part of a request that contains any additional data that you want to\n         send to your web server as the HTTP request body, such as data from a form. </p>\n         <p>Only the first 8 KB (8192 bytes) of the request body are forwarded to WAF for\n         inspection by the underlying host service. For information about how to handle oversized\n         request bodies, see the <code>JsonBody</code> object configuration. </p>"
+            "smithy.api#documentation": "<p>Inspect the request body as JSON. The request body immediately follows the request\n         headers. This is the part of a request that contains any additional data that you want to\n         send to your web server as the HTTP request body, such as data from a form. </p>\n         <p>A limited amount of the request body is forwarded to WAF for\n      inspection by the underlying host service. For regional resources, the limit is 8 KB (8,192 kilobytes) and for CloudFront distributions, the limit is 16 KB (16,384 kilobytes). For CloudFront distributions,\n    you can increase the limit in the web ACL's <code>AssociationConfig</code>, for additional processing fees. </p>\n         <p>For information about how to handle oversized\n         request bodies, see the <code>JsonBody</code> object configuration. </p>"
           }
         },
         "Headers": {
@@ -5689,18 +5276,18 @@
         "ManagedRuleGroupStatement": {
           "target": "com.amazonaws.wafv2#ManagedRuleGroupStatement",
           "traits": {
-            "smithy.api#documentation": "<p>A rule statement used to run the rules that are defined in a managed rule group. To use this, provide the vendor name and the name of the rule group in this statement. You can retrieve the required names by calling <a>ListAvailableManagedRuleGroups</a>.</p>\n         <p>You cannot nest a <code>ManagedRuleGroupStatement</code>, for example for use inside a <code>NotStatement</code> or <code>OrStatement</code>. It can only be referenced as a top-level statement within a rule.</p>\n         <note>\n            <p>You are charged additional fees when you use the WAF Bot Control managed rule group <code>AWSManagedRulesBotControlRuleSet</code> or the WAF Fraud Control account takeover prevention (ATP) managed rule group <code>AWSManagedRulesATPRuleSet</code>. For more information, see <a href=\"http://aws.amazon.com/waf/pricing/\">WAF Pricing</a>.</p>\n         </note>"
+            "smithy.api#documentation": "<p>A statement used by Firewall Manager to run the rules that are defined in a managed rule group. This is managed by Firewall Manager for an Firewall Manager WAF policy.</p>"
           }
         },
         "RuleGroupReferenceStatement": {
           "target": "com.amazonaws.wafv2#RuleGroupReferenceStatement",
           "traits": {
-            "smithy.api#documentation": "<p>A rule statement used to run the rules that are defined in a <a>RuleGroup</a>. To use this, create a rule group with your rules, then provide the ARN of the rule group in this statement.</p>\n         <p>You cannot nest a <code>RuleGroupReferenceStatement</code>, for example for use inside a <code>NotStatement</code> or <code>OrStatement</code>. You \n      can only use a rule group reference statement at the top level inside a web ACL. </p>"
+            "smithy.api#documentation": "<p>A statement used by Firewall Manager to run the rules that are defined in a rule group. This is managed by Firewall Manager for an Firewall Manager WAF policy.</p>"
           }
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p>The processing guidance for an Firewall Manager rule. This is like a regular rule <a>Statement</a>, but it can only contain a rule group reference.</p>"
+        "smithy.api#documentation": "<p>The processing guidance for an Firewall Manager rule. This is like a regular rule <a>Statement</a>, but it can only contain a single rule group reference.</p>"
       }
     },
     "com.amazonaws.wafv2#ForwardedIPConfig": {
@@ -5879,7 +5466,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -6009,7 +5596,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -6191,7 +5778,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -6286,7 +5873,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -6360,7 +5947,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>"
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>"
           }
         },
         "Id": {
@@ -6443,7 +6030,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -6555,7 +6142,7 @@
         "ResourceArn": {
           "target": "com.amazonaws.wafv2#ResourceArn",
           "traits": {
-            "smithy.api#documentation": "<p>The Amazon Resource Name (ARN) of the resource whose web ACL you want to retrieve. </p>\n         <p>The ARN must be in one of the following formats:</p>\n         <ul>\n            <li>\n               <p>For an Application Load Balancer: <code>arn:aws:elasticloadbalancing:<i>region</i>:<i>account-id</i>:loadbalancer/app/<i>load-balancer-name</i>/<i>load-balancer-id</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an Amazon API Gateway REST API: <code>arn:aws:apigateway:<i>region</i>::/restapis/<i>api-id</i>/stages/<i>stage-name</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an AppSync GraphQL API: <code>arn:aws:appsync:<i>region</i>:<i>account-id</i>:apis/<i>GraphQLApiId</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an Amazon Cognito user pool: <code>arn:aws:cognito-idp:<i>region</i>:<i>account-id</i>:userpool/<i>user-pool-id</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an App Runner service: <code>arn:aws:apprunner:<i>region</i>:<i>account-id</i>:service/<i>apprunner-service-name</i>/<i>apprunner-service-id</i>\n                  </code>\n               </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>The Amazon Resource Name (ARN) of the resource whose web ACL you want to retrieve. </p>\n         <p>The ARN must be in one of the following formats:</p>\n         <ul>\n            <li>\n               <p>For an Application Load Balancer: <code>arn:<i>partition</i>:elasticloadbalancing:<i>region</i>:<i>account-id</i>:loadbalancer/app/<i>load-balancer-name</i>/<i>load-balancer-id</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an Amazon API Gateway REST API: <code>arn:<i>partition</i>:apigateway:<i>region</i>::/restapis/<i>api-id</i>/stages/<i>stage-name</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an AppSync GraphQL API: <code>arn:<i>partition</i>:appsync:<i>region</i>:<i>account-id</i>:apis/<i>GraphQLApiId</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an Amazon Cognito user pool: <code>arn:<i>partition</i>:cognito-idp:<i>region</i>:<i>account-id</i>:userpool/<i>user-pool-id</i>\n                  </code>\n               </p>\n            </li>\n            <li>\n               <p>For an App Runner service: <code>arn:<i>partition</i>:apprunner:<i>region</i>:<i>account-id</i>:service/<i>apprunner-service-name</i>/<i>apprunner-service-id</i>\n                  </code>\n               </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         }
@@ -6591,7 +6178,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -6625,7 +6212,7 @@
         "ApplicationIntegrationURL": {
           "target": "com.amazonaws.wafv2#OutputUrl",
           "traits": {
-            "smithy.api#documentation": "<p>The URL to use in SDK integrations with Amazon Web Services managed rule groups. For example, you can use the integration SDKs with the account takeover prevention managed rule group <code>AWSManagedRulesATPRuleSet</code>. This is only populated if you are using a rule group in your web ACL that integrates with your applications in this way. For more information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html\">WAF client application integration</a> in the <i>WAF Developer Guide</i>.</p>"
+            "smithy.api#documentation": "<p>The URL to use in SDK integrations with Amazon Web Services managed rule groups. For example, you can use the integration SDKs with the account takeover prevention managed rule group <code>AWSManagedRulesATPRuleSet</code>. This is only populated if you are using a rule group in your web ACL that integrates with your applications in this way. For more information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html\">WAF client application integration</a> \nin the <i>WAF Developer Guide</i>.</p>"
           }
         }
       },
@@ -7019,7 +6606,7 @@
         "OversizeHandling": {
           "target": "com.amazonaws.wafv2#OversizeHandling",
           "traits": {
-            "smithy.api#documentation": "<p>What WAF should do if the body is larger than WAF can inspect. \n    WAF does not support inspecting the entire contents of the body of a web request\n      when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the request body are forwarded to\n    WAF by the underlying host service. </p>\n         <p>The options for oversize handling are the following:</p>\n         <ul>\n            <li>\n               <p>\n                  <code>CONTINUE</code> - Inspect the body normally, according to the rule inspection criteria. </p>\n            </li>\n            <li>\n               <p>\n                  <code>MATCH</code> - Treat the web request as matching the rule statement. WAF\n               applies the rule action to the request.</p>\n            </li>\n            <li>\n               <p>\n                  <code>NO_MATCH</code> - Treat the web request as not matching the rule\n               statement.</p>\n            </li>\n         </ul>\n         <p>You can combine the <code>MATCH</code> or <code>NO_MATCH</code>\n      settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over 8 KB. </p>\n         <p>Default: <code>CONTINUE</code>\n         </p>"
+            "smithy.api#documentation": "<p>What WAF should do if the body is larger than WAF can inspect. \n    WAF does not support inspecting the entire contents of the web request body if the body \n    exceeds the limit for the resource type. If the body is larger than the limit, the underlying host service \n    only forwards the contents that are below the limit to WAF for inspection. </p>\n         <p>The default limit is 8 KB (8,192 kilobytes) for regional resources and 16 KB (16,384 kilobytes) for CloudFront distributions. For CloudFront distributions, \n    you can increase the limit in the web ACL <code>AssociationConfig</code>, for additional processing fees. </p>\n         <p>The options for oversize handling are the following:</p>\n         <ul>\n            <li>\n               <p>\n                  <code>CONTINUE</code> - Inspect the body normally, according to the rule inspection criteria. </p>\n            </li>\n            <li>\n               <p>\n                  <code>MATCH</code> - Treat the web request as matching the rule statement. WAF\n               applies the rule action to the request.</p>\n            </li>\n            <li>\n               <p>\n                  <code>NO_MATCH</code> - Treat the web request as not matching the rule\n               statement.</p>\n            </li>\n         </ul>\n         <p>You can combine the <code>MATCH</code> or <code>NO_MATCH</code>\n      settings for oversize handling with your rule and web ACL action settings, so that you block any request whose body is over the limit. </p>\n         <p>Default: <code>CONTINUE</code>\n         </p>"
           }
         }
       },
@@ -7252,7 +6839,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -7328,7 +6915,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -7398,7 +6985,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -7468,7 +7055,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -7538,7 +7125,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -7688,7 +7275,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -7768,7 +7355,7 @@
         "ResourceType": {
           "target": "com.amazonaws.wafv2#ResourceType",
           "traits": {
-            "smithy.api#documentation": "<p>Used for web ACLs that are scoped for regional applications.\n         A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service. </p>\n         <note>\n            <p>If you don't provide a resource type, the call uses the resource type <code>APPLICATION_LOAD_BALANCER</code>. </p>\n         </note>\n         <p>Default: <code>APPLICATION_LOAD_BALANCER</code>\n         </p>"
+            "smithy.api#documentation": "<p>Used for web ACLs that are scoped for regional applications.\n         A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service. </p>\n         <note>\n            <p>If you don't provide a resource type, the call uses the resource type <code>APPLICATION_LOAD_BALANCER</code>. </p>\n         </note>\n         <p>Default: <code>APPLICATION_LOAD_BALANCER</code>\n         </p>"
           }
         }
       },
@@ -7819,7 +7406,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -7968,7 +7555,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -8405,7 +7992,7 @@
           "target": "com.amazonaws.wafv2#CapacityUnit",
           "traits": {
             "smithy.api#default": 0,
-            "smithy.api#documentation": "<p>The web ACL capacity units (WCUs) required for this rule group.</p>\n         <p>WAF uses WCUs to calculate and control the operating\n         resources that are used to run your rules, rule groups, and web ACLs. WAF\n         calculates capacity differently for each rule type, to reflect the relative cost of each rule. \n         Simple rules that cost little to run use fewer WCUs than more complex rules\n\t\t\t\tthat use more processing power. \n\t\t\t\tRule group capacity is fixed at creation, which helps users plan their  \n         web ACL WCU usage when they use a rule group. \n         The WCU limit for web ACLs is 1,500.  </p>"
+            "smithy.api#documentation": "<p>The web ACL capacity units (WCUs) required for this rule group.</p>\n         <p>WAF uses WCUs to calculate and control the operating\n         resources that are used to run your rules, rule groups, and web ACLs. WAF\n         calculates capacity differently for each rule type, to reflect the relative cost of each rule. \n         Simple rules that cost little to run use fewer WCUs than more complex rules\n\t\t\t\tthat use more processing power. \n\t\t\t\tRule group capacity is fixed at creation, which helps users plan their  \n         web ACL WCU usage when they use a rule group. For more information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html\">WAF web ACL capacity units (WCU)</a> \n    in the <i>WAF Developer Guide</i>. </p>"
           }
         },
         "ForecastedLifetime": {
@@ -9009,6 +8596,12 @@
           "traits": {
             "smithy.api#enumValue": "ATP_RULE_SET_RESPONSE_INSPECTION"
           }
+        },
+        "ASSOCIATED_RESOURCE_TYPE": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "ASSOCIATED_RESOURCE_TYPE"
+          }
         }
       }
     },
@@ -9238,7 +8831,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -9326,7 +8919,7 @@
         "Policy": {
           "target": "com.amazonaws.wafv2#PolicyString",
           "traits": {
-            "smithy.api#documentation": "<p>The policy to attach to the specified rule group. </p>\n         <p>The policy specifications must conform to the following:</p>\n         <ul>\n            <li>\n               <p>The policy must be composed using IAM Policy version 2012-10-17 or version 2015-01-01.</p>\n            </li>\n            <li>\n               <p>The policy must include specifications for <code>Effect</code>, <code>Action</code>, and <code>Principal</code>.</p>\n            </li>\n            <li>\n               <p>\n                  <code>Effect</code> must specify <code>Allow</code>.</p>\n            </li>\n            <li>\n               <p>\n                  <code>Action</code> must specify <code>wafv2:CreateWebACL</code>, <code>wafv2:UpdateWebACL</code>, and \n             <code>wafv2:PutFirewallManagerRuleGroups</code> and may optionally specify <code>wafv2:GetRuleGroup</code>. \n                 WAF rejects any extra actions or wildcard actions in the policy.</p>\n            </li>\n            <li>\n               <p>The policy must not include a <code>Resource</code> parameter.</p>\n            </li>\n         </ul>\n         <p>For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html\">IAM Policies</a>.  </p>",
+            "smithy.api#documentation": "<p>The policy to attach to the specified rule group. </p>\n         <p>The policy specifications must conform to the following:</p>\n         <ul>\n            <li>\n               <p>The policy must be composed using IAM Policy version 2012-10-17.</p>\n            </li>\n            <li>\n               <p>The policy must include specifications for <code>Effect</code>, <code>Action</code>, and <code>Principal</code>.</p>\n            </li>\n            <li>\n               <p>\n                  <code>Effect</code> must specify <code>Allow</code>.</p>\n            </li>\n            <li>\n               <p>\n                  <code>Action</code> must specify <code>wafv2:CreateWebACL</code>, <code>wafv2:UpdateWebACL</code>, and \n             <code>wafv2:PutFirewallManagerRuleGroups</code> and may optionally specify <code>wafv2:GetRuleGroup</code>. \n                 WAF rejects any extra actions or wildcard actions in the policy.</p>\n            </li>\n            <li>\n               <p>The policy must not include a <code>Resource</code> parameter.</p>\n            </li>\n         </ul>\n         <p>For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html\">IAM Policies</a>.  </p>",
             "smithy.api#required": {}
           }
         }
@@ -9642,6 +9235,30 @@
         "smithy.api#documentation": "<p>High level information for an SDK release. </p>"
       }
     },
+    "com.amazonaws.wafv2#RequestBody": {
+      "type": "map",
+      "key": {
+        "target": "com.amazonaws.wafv2#AssociatedResourceType"
+      },
+      "value": {
+        "target": "com.amazonaws.wafv2#RequestBodyAssociatedResourceTypeConfig"
+      }
+    },
+    "com.amazonaws.wafv2#RequestBodyAssociatedResourceTypeConfig": {
+      "type": "structure",
+      "members": {
+        "DefaultSizeInspectionLimit": {
+          "target": "com.amazonaws.wafv2#SizeInspectionLimit",
+          "traits": {
+            "smithy.api#documentation": "<p>Specifies the maximum size of the web request body component that an associated CloudFront distribution should send to WAF for inspection. This applies to statements in the web ACL that inspect the body or JSON body. </p>\n         <p>Default: <code>16 KB (16,384 kilobytes)</code>\n         </p>",
+            "smithy.api#required": {}
+          }
+        }
+      },
+      "traits": {
+        "smithy.api#documentation": "<p>Customizes the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default size is 16 KB (16,384 kilobytes). </p>\n         <note>\n            <p>You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see <a href=\"http://aws.amazon.com/waf/pricing/\">WAF Pricing</a>.</p>\n         </note>\n         <p>This is used in the <code>AssociationConfig</code> of the web ACL. </p>"
+      }
+    },
     "com.amazonaws.wafv2#RequestInspection": {
       "type": "structure",
       "members": {
@@ -10167,7 +9784,7 @@
           "target": "com.amazonaws.wafv2#CapacityUnit",
           "traits": {
             "smithy.api#default": 0,
-            "smithy.api#documentation": "<p>The web ACL capacity units (WCUs) required for this rule group.</p>\n         <p>When you create your own rule group, you define this, and you cannot change it after creation. \n          When you add or modify the rules in a rule group, WAF enforces this limit. You can check the capacity \n          for a set of rules using <a>CheckCapacity</a>.</p>\n         <p>WAF uses WCUs to calculate and control the operating\n         resources that are used to run your rules, rule groups, and web ACLs. WAF\n         calculates capacity differently for each rule type, to reflect the relative cost of each rule. \n         Simple rules that cost little to run use fewer WCUs than more complex rules\n\t\t\t\tthat use more processing power. \n\t\t\t\tRule group capacity is fixed at creation, which helps users plan their  \n         web ACL WCU usage when they use a rule group. \n         The WCU limit for web ACLs is 1,500.  </p>",
+            "smithy.api#documentation": "<p>The web ACL capacity units (WCUs) required for this rule group.</p>\n         <p>When you create your own rule group, you define this, and you cannot change it after creation. \n          When you add or modify the rules in a rule group, WAF enforces this limit. You can check the capacity \n          for a set of rules using <a>CheckCapacity</a>.</p>\n         <p>WAF uses WCUs to calculate and control the operating\n         resources that are used to run your rules, rule groups, and web ACLs. WAF\n         calculates capacity differently for each rule type, to reflect the relative cost of each rule. \n         Simple rules that cost little to run use fewer WCUs than more complex rules\n\t\t\t\tthat use more processing power. \n\t\t\t\tRule group capacity is fixed at creation, which helps users plan their  \n         web ACL WCU usage when they use a rule group. For more information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html\">WAF web ACL capacity units (WCU)</a> \n    in the <i>WAF Developer Guide</i>. </p>",
             "smithy.api#required": {}
           }
         },
@@ -10206,7 +9823,7 @@
         "CustomResponseBodies": {
           "target": "com.amazonaws.wafv2#CustomResponseBodies",
           "traits": {
-            "smithy.api#documentation": "<p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the rule group, and then use them in the rules that you define in the rule group. </p>\n         <p>For information about customizing web requests and responses, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>\n         <p>For information about the limits on count and size for custom request and response settings, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/limits.html\">WAF quotas</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>"
+            "smithy.api#documentation": "<p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the rule group, and then use them in the rules that you define in the rule group. </p>\n         <p>For information about customizing web requests and responses, \n           see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> \n    in the <i>WAF Developer Guide</i>. </p>\n         <p>For information about the limits on count and size for custom request and response settings, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/limits.html\">WAF quotas</a> \n     in the <i>WAF Developer Guide</i>. </p>"
           }
         },
         "AvailableLabels": {
@@ -10551,7 +10168,36 @@
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p>A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes. </p>\n         <p>If you configure WAF to inspect the request body, WAF inspects only the first 8192 bytes (8 KB). If the request body for your web requests never exceeds 8192 bytes, you could use a size constraint statement to block requests that have a request body greater than 8192 bytes.</p>\n         <p>If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI <code>/logo.jpg</code> is nine characters long.</p>"
+        "smithy.api#documentation": "<p>A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes. </p>\n         <p>If you configure WAF to inspect the request body, WAF inspects only the number of bytes of the body up to the limit for the web ACL. By default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes) and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes). For CloudFront web ACLs, you can increase the limit in the web ACL <code>AssociationConfig</code>, for additional fees. If you know that the request body for your web requests should never exceed the inspection limit, you could use a size constraint statement to block requests that have a larger request body size.</p>\n         <p>If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI <code>/logo.jpg</code> is nine characters long.</p>"
+      }
+    },
+    "com.amazonaws.wafv2#SizeInspectionLimit": {
+      "type": "enum",
+      "members": {
+        "KB_16": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "KB_16"
+          }
+        },
+        "KB_32": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "KB_32"
+          }
+        },
+        "KB_48": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "KB_48"
+          }
+        },
+        "KB_64": {
+          "target": "smithy.api#Unit",
+          "traits": {
+            "smithy.api#enumValue": "KB_64"
+          }
+        }
       }
     },
     "com.amazonaws.wafv2#SolveTimestamp": {
@@ -10609,7 +10255,7 @@
         "SizeConstraintStatement": {
           "target": "com.amazonaws.wafv2#SizeConstraintStatement",
           "traits": {
-            "smithy.api#documentation": "<p>A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes. </p>\n         <p>If you configure WAF to inspect the request body, WAF inspects only the first 8192 bytes (8 KB). If the request body for your web requests never exceeds 8192 bytes, you could use a size constraint statement to block requests that have a request body greater than 8192 bytes.</p>\n         <p>If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI <code>/logo.jpg</code> is nine characters long.</p>"
+            "smithy.api#documentation": "<p>A rule statement that compares a number of bytes against the size of a request component, using a comparison operator, such as greater than (>) or less than (<). For example, you can use a size constraint statement to look for query strings that are longer than 100 bytes. </p>\n         <p>If you configure WAF to inspect the request body, WAF inspects only the number of bytes of the body up to the limit for the web ACL. By default, for regional web ACLs, this limit is 8 KB (8,192 kilobytes) and for CloudFront web ACLs, this limit is 16 KB (16,384 kilobytes). For CloudFront web ACLs, you can increase the limit in the web ACL <code>AssociationConfig</code>, for additional fees. If you know that the request body for your web requests should never exceed the inspection limit, you could use a size constraint statement to block requests that have a larger request body size.</p>\n         <p>If you choose URI for the value of Part of the request to filter on, the slash (/) in the URI counts as one character. For example, the URI <code>/logo.jpg</code> is nine characters long.</p>"
           }
         },
         "GeoMatchStatement": {
@@ -11204,7 +10850,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -11296,7 +10942,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -11407,7 +11053,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -11514,7 +11160,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -11554,7 +11200,7 @@
         "CustomResponseBodies": {
           "target": "com.amazonaws.wafv2#CustomResponseBodies",
           "traits": {
-            "smithy.api#documentation": "<p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the rule group, and then use them in the rules that you define in the rule group. </p>\n         <p>For information about customizing web requests and responses, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>\n         <p>For information about the limits on count and size for custom request and response settings, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/limits.html\">WAF quotas</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>"
+            "smithy.api#documentation": "<p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the rule group, and then use them in the rules that you define in the rule group. </p>\n         <p>For information about customizing web requests and responses, \n           see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> \n    in the <i>WAF Developer Guide</i>. </p>\n         <p>For information about the limits on count and size for custom request and response settings, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/limits.html\">WAF quotas</a> \n     in the <i>WAF Developer Guide</i>. </p>"
           }
         }
       },
@@ -11623,7 +11269,7 @@
         }
       ],
       "traits": {
-        "smithy.api#documentation": "<p>Updates the specified <a>WebACL</a>. While updating a web ACL, WAF provides\n         continuous coverage to the resources that you have associated with the web ACL. </p>\n         <note>\n            <p>This operation completely replaces the mutable specifications that you already have for the web ACL with the ones that you provide to this call. </p>\n            <p>To modify a web ACL, do the following: </p>\n            <ol>\n               <li>\n                  <p>Retrieve it by calling <a>GetWebACL</a>\n                  </p>\n               </li>\n               <li>\n                  <p>Update its settings as needed</p>\n               </li>\n               <li>\n                  <p>Provide the complete web ACL specification to this call</p>\n               </li>\n            </ol>\n         </note>\n         <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>\n         <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.  </p>"
+        "smithy.api#documentation": "<p>Updates the specified <a>WebACL</a>. While updating a web ACL, WAF provides\n         continuous coverage to the resources that you have associated with the web ACL. </p>\n         <note>\n            <p>This operation completely replaces the mutable specifications that you already have for the web ACL with the ones that you provide to this call. </p>\n            <p>To modify a web ACL, do the following: </p>\n            <ol>\n               <li>\n                  <p>Retrieve it by calling <a>GetWebACL</a>\n                  </p>\n               </li>\n               <li>\n                  <p>Update its settings as needed</p>\n               </li>\n               <li>\n                  <p>Provide the complete web ACL specification to this call</p>\n               </li>\n            </ol>\n         </note>\n         <p>When you make changes to web ACLs or web ACL components, like rules and rule groups, WAF propagates the changes everywhere that the web ACL and its components are stored and used. Your changes are applied within seconds, but there might be a brief period of inconsistency when the changes have arrived in some places and not in others. So, for example, if you change a rule action setting, the action might be the old action in one area and the new action in another area. Or if you add an IP address to an IP set used in a blocking rule, the new address might briefly be blocked in one area while still allowed in another. This temporary inconsistency can occur when you first associate a web ACL with an Amazon Web Services resource and when you change a web ACL that is already associated with a resource. Generally, any inconsistencies of this type last only a few seconds.</p>\n         <p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>"
       }
     },
     "com.amazonaws.wafv2#UpdateWebACLRequest": {
@@ -11639,7 +11285,7 @@
         "Scope": {
           "target": "com.amazonaws.wafv2#Scope",
           "traits": {
-            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, a Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
+            "smithy.api#documentation": "<p>Specifies whether this is for an Amazon CloudFront distribution or for a regional application. A regional application can be an Application Load Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>\n         <p>To work with CloudFront, you must also specify the Region US East (N. Virginia) as follows: </p>\n         <ul>\n            <li>\n               <p>CLI - Specify the Region when you use the CloudFront scope: <code>--scope=CLOUDFRONT --region=us-east-1</code>. </p>\n            </li>\n            <li>\n               <p>API and SDKs - For all calls, use the Region endpoint us-east-1. </p>\n            </li>\n         </ul>",
             "smithy.api#required": {}
           }
         },
@@ -11686,7 +11332,7 @@
         "CustomResponseBodies": {
           "target": "com.amazonaws.wafv2#CustomResponseBodies",
           "traits": {
-            "smithy.api#documentation": "<p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL. </p>\n         <p>For information about customizing web requests and responses, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>\n         <p>For information about the limits on count and size for custom request and response settings, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/limits.html\">WAF quotas</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>"
+            "smithy.api#documentation": "<p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL. </p>\n         <p>For information about customizing web requests and responses, \n           see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> \n    in the <i>WAF Developer Guide</i>. </p>\n         <p>For information about the limits on count and size for custom request and response settings, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/limits.html\">WAF quotas</a> \n     in the <i>WAF Developer Guide</i>. </p>"
           }
         },
         "CaptchaConfig": {
@@ -11706,6 +11352,12 @@
           "traits": {
             "smithy.api#documentation": "<p>Specifies the domains that WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When WAF provides a token, it uses the domain of the Amazon Web Services resource that the web ACL is protecting. If you don't specify a list of token domains, WAF accepts tokens only for the domain of the protected resource. With a token domain list, WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.</p>\n         <p>Example JSON: <code>\"TokenDomains\": { \"mywebsite.com\", \"myotherwebsite.com\" }</code>\n         </p>\n         <p>Public suffixes aren't allowed. For example, you can't use <code>usa.gov</code> or <code>co.uk</code> as token domains.</p>"
           }
+        },
+        "AssociationConfig": {
+          "target": "com.amazonaws.wafv2#AssociationConfig",
+          "traits": {
+            "smithy.api#documentation": "<p>Specifies custom configurations for the associations between the web ACL and protected resources.  </p>\n         <p>Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes). </p>\n         <note>\n            <p>You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see <a href=\"http://aws.amazon.com/waf/pricing/\">WAF Pricing</a>.</p>\n         </note>"
+          }
         }
       },
       "traits": {
@@ -11812,7 +11464,7 @@
           "target": "com.amazonaws.wafv2#Boolean",
           "traits": {
             "smithy.api#default": false,
-            "smithy.api#documentation": "<p>A boolean indicating whether the associated resource sends metrics to Amazon CloudWatch. For the\n         list of available metrics, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics\">WAF\n            Metrics</a>.</p>",
+            "smithy.api#documentation": "<p>A boolean indicating whether the associated resource sends metrics to Amazon CloudWatch. For the\n         list of available metrics, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics\">WAF\n            Metrics</a> in the <i>WAF Developer Guide</i>.</p>",
             "smithy.api#required": {}
           }
         },
@@ -11938,7 +11590,7 @@
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p>The operation failed because the specified policy isn't in the proper format. </p>\n         <p>The policy specifications must conform to the following:</p>\n         <ul>\n            <li>\n               <p>The policy must be composed using IAM Policy version 2012-10-17 or version 2015-01-01.</p>\n            </li>\n            <li>\n               <p>The policy must include specifications for <code>Effect</code>, <code>Action</code>, and <code>Principal</code>.</p>\n            </li>\n            <li>\n               <p>\n                  <code>Effect</code> must specify <code>Allow</code>.</p>\n            </li>\n            <li>\n               <p>\n                  <code>Action</code> must specify <code>wafv2:CreateWebACL</code>, <code>wafv2:UpdateWebACL</code>, and \n             <code>wafv2:PutFirewallManagerRuleGroups</code> and may optionally specify <code>wafv2:GetRuleGroup</code>. \n                 WAF rejects any extra actions or wildcard actions in the policy.</p>\n            </li>\n            <li>\n               <p>The policy must not include a <code>Resource</code> parameter.</p>\n            </li>\n         </ul>\n         <p>For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html\">IAM Policies</a>.  </p>",
+        "smithy.api#documentation": "<p>The operation failed because the specified policy isn't in the proper format. </p>\n         <p>The policy specifications must conform to the following:</p>\n         <ul>\n            <li>\n               <p>The policy must be composed using IAM Policy version 2012-10-17.</p>\n            </li>\n            <li>\n               <p>The policy must include specifications for <code>Effect</code>, <code>Action</code>, and <code>Principal</code>.</p>\n            </li>\n            <li>\n               <p>\n                  <code>Effect</code> must specify <code>Allow</code>.</p>\n            </li>\n            <li>\n               <p>\n                  <code>Action</code> must specify <code>wafv2:CreateWebACL</code>, <code>wafv2:UpdateWebACL</code>, and \n             <code>wafv2:PutFirewallManagerRuleGroups</code> and may optionally specify <code>wafv2:GetRuleGroup</code>. \n                 WAF rejects any extra actions or wildcard actions in the policy.</p>\n            </li>\n            <li>\n               <p>The policy must not include a <code>Resource</code> parameter.</p>\n            </li>\n         </ul>\n         <p>For more information, see <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html\">IAM Policies</a>.  </p>",
         "smithy.api#error": "client"
       }
     },
@@ -12116,7 +11768,7 @@
           "target": "com.amazonaws.wafv2#ConsumedCapacity",
           "traits": {
             "smithy.api#default": 0,
-            "smithy.api#documentation": "<p>The web ACL capacity units (WCUs) currently being used by this web ACL. </p>\n         <p>WAF uses WCUs to calculate and control the operating\n         resources that are used to run your rules, rule groups, and web ACLs. WAF\n         calculates capacity differently for each rule type, to reflect the relative cost of each rule. \n         Simple rules that cost little to run use fewer WCUs than more complex rules\n\t\t\t\tthat use more processing power. \n\t\t\t\tRule group capacity is fixed at creation, which helps users plan their  \n         web ACL WCU usage when they use a rule group. \n         The WCU limit for web ACLs is 1,500.  </p>"
+            "smithy.api#documentation": "<p>The web ACL capacity units (WCUs) currently being used by this web ACL. </p>\n         <p>WAF uses WCUs to calculate and control the operating\n         resources that are used to run your rules, rule groups, and web ACLs. WAF\n         calculates capacity differently for each rule type, to reflect the relative cost of each rule. \n         Simple rules that cost little to run use fewer WCUs than more complex rules\n\t\t\t\tthat use more processing power. \n\t\t\t\tRule group capacity is fixed at creation, which helps users plan their  \n         web ACL WCU usage when they use a rule group. For more information, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/aws-waf-capacity-units.html\">WAF web ACL capacity units (WCU)</a> \n    in the <i>WAF Developer Guide</i>. </p>"
           }
         },
         "PreProcessFirewallManagerRuleGroups": {
@@ -12147,7 +11799,7 @@
         "CustomResponseBodies": {
           "target": "com.amazonaws.wafv2#CustomResponseBodies",
           "traits": {
-            "smithy.api#documentation": "<p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL. </p>\n         <p>For information about customizing web requests and responses, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>\n         <p>For information about the limits on count and size for custom request and response settings, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/limits.html\">WAF quotas</a> in the \n         <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html\">WAF Developer Guide</a>. </p>"
+            "smithy.api#documentation": "<p>A map of custom response keys and content bodies. When you create a rule with a block action, you can send a custom response to the web request. You define these for the web ACL, and then use them in the rules and default actions that you define in the web ACL. </p>\n         <p>For information about customizing web requests and responses, \n           see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html\">Customizing web requests and responses in WAF</a> \n    in the <i>WAF Developer Guide</i>. </p>\n         <p>For information about the limits on count and size for custom request and response settings, see <a href=\"https://docs.aws.amazon.com/waf/latest/developerguide/limits.html\">WAF quotas</a> \n     in the <i>WAF Developer Guide</i>. </p>"
           }
         },
         "CaptchaConfig": {
@@ -12167,10 +11819,16 @@
           "traits": {
             "smithy.api#documentation": "<p>Specifies the domains that WAF should accept in a web request token. This enables the use of tokens across multiple protected websites. When WAF provides a token, it uses the domain of the Amazon Web Services resource that the web ACL is protecting. If you don't specify a list of token domains, WAF accepts tokens only for the domain of the protected resource. With a token domain list, WAF accepts the resource's host domain plus all domains in the token domain list, including their prefixed subdomains.</p>"
           }
+        },
+        "AssociationConfig": {
+          "target": "com.amazonaws.wafv2#AssociationConfig",
+          "traits": {
+            "smithy.api#documentation": "<p>Specifies custom configurations for the associations between the web ACL and protected resources.  </p>\n         <p>Use this to customize the maximum size of the request body that your protected CloudFront distributions forward to WAF for inspection. The default is 16 KB (16,384 kilobytes). </p>\n         <note>\n            <p>You are charged additional fees when your protected resources forward body sizes that are larger than the default. For more information, see <a href=\"http://aws.amazon.com/waf/pricing/\">WAF Pricing</a>.</p>\n         </note>"
+          }
         }
       },
       "traits": {
-        "smithy.api#documentation": "<p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, Amazon Cognito user pool, or an App Runner service.  </p>"
+        "smithy.api#documentation": "<p> A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has an action defined (allow, block, or count) for requests that match the statement of the rule. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types <a>Rule</a>, <a>RuleGroup</a>, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resources can be an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, an AppSync GraphQL API, an Amazon Cognito user pool, or an App Runner service.  </p>"
       }
     },
     "com.amazonaws.wafv2#WebACLSummaries": {