UpdateWebACL (smaws-clients.Smaws_Client

Module Smaws_Client_WAFV2.UpdateWebACL

Updates the specified WebACL. While updating a web ACL, WAF provides continuous coverage to the resources that you have associated with the web ACL.

This operation completely replaces the mutable specifications that you already have for the web ACL with the ones that you provide to this call.

To modify a web ACL, do the following:

Retrieve it by calling GetWebACL

Update its settings as needed

Provide the complete web ACL specification to this call

A web ACL defines a collection of rules to use to inspect and control web requests. Each rule has a statement that defines what to look for in web requests and an action that WAF applies to requests that match the statement. In the web ACL, you assign a default action to take (allow, block) for any request that does not match any of the rules. The rules in a web ACL can be a combination of the types Rule, RuleGroup, and managed rule group. You can associate a web ACL with one or more Amazon Web Services resources to protect. The resource types include Amazon CloudFront distribution, Amazon API Gateway REST API, Application Load Balancer, AppSync GraphQL API, Amazon Cognito user pool, App Runner service, Amplify application, and Amazon Web Services Verified Access instance.

Temporary inconsistencies during updates

When you create or change a web ACL or other WAF resources, the changes take a small amount of time to propagate to all areas where the resources are stored. The propagation time can be from a few seconds to a number of minutes.

The following are examples of the temporary inconsistencies that you might notice during change propagation:

After you create a web ACL, if you try to associate it with a resource, you might get an exception indicating that the web ACL is unavailable.

After you add a rule group to a web ACL, the new rule group rules might be in effect in one area where the web ACL is used and not in another.

After you change a rule action setting, you might see the old action in some places and the new action in others.

After you add an IP address to an IP set that is in use in a blocking rule, the new address might be blocked in one area while still allowed in another.

and Deserialization

val request : 
  Smaws_Lib.Context.t ->
  Types.update_web_acl_request ->
  (Types.update_web_acl_response,
    [> Smaws_Lib.Protocols.AwsJson.error
    | `WAFConfigurationWarningException of
      Types.waf_configuration_warning_exception
    | `WAFDuplicateItemException of Types.waf_duplicate_item_exception
    | `WAFExpiredManagedRuleGroupVersionException of
      Types.waf_expired_managed_rule_group_version_exception
    | `WAFInternalErrorException of Types.waf_internal_error_exception
    | `WAFInvalidOperationException of Types.waf_invalid_operation_exception
    | `WAFInvalidParameterException of Types.waf_invalid_parameter_exception
    | `WAFInvalidResourceException of Types.waf_invalid_resource_exception
    | `WAFLimitsExceededException of Types.waf_limits_exceeded_exception
    | `WAFNonexistentItemException of Types.waf_nonexistent_item_exception
    | `WAFOptimisticLockException of Types.waf_optimistic_lock_exception
    | `WAFSubscriptionNotFoundException of
      Types.waf_subscription_not_found_exception
    | `WAFUnavailableEntityException of Types.waf_unavailable_entity_exception ])
    Stdlib.result