WAF-REGIONAL

AssociateWebACL

valid {
    input.Body.WebACLId == STRING
    input.Body.ResourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateByteMatchSet

valid {
    input.Body.Name == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateGeoMatchSet

valid {
    input.Body.Name == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateIPSet

valid {
    input.Body.Name == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateRateBasedRule

enum_RateKey := [ "IP" ]

valid {
    input.Body.Name == STRING
    input.Body.MetricName == STRING
    input.Body.RateKey == enum_RateKey[_]
    input.Body.RateLimit == LONG
    input.Body.ChangeToken == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateRegexMatchSet

valid {
    input.Body.Name == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateRegexPatternSet

valid {
    input.Body.Name == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateRule

valid {
    input.Body.Name == STRING
    input.Body.MetricName == STRING
    input.Body.ChangeToken == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateRuleGroup

valid {
    input.Body.Name == STRING
    input.Body.MetricName == STRING
    input.Body.ChangeToken == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateSizeConstraintSet

valid {
    input.Body.Name == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateSqlInjectionMatchSet

valid {
    input.Body.Name == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateWebACL

enum_WafActionType := [ "BLOCK", "ALLOW", "COUNT" ]

valid {
    input.Body.Name == STRING
    input.Body.MetricName == STRING
    input.Body.DefaultAction.Type == enum_WafActionType[_]
    input.Body.ChangeToken == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateWebACLMigrationStack

valid {
    input.Body.WebACLId == STRING
    input.Body.S3BucketName == STRING
    input.Body.IgnoreUnsupportedType == BOOLEAN
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateXssMatchSet

valid {
    input.Body.Name == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteByteMatchSet

valid {
    input.Body.ByteMatchSetId == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteGeoMatchSet

valid {
    input.Body.GeoMatchSetId == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteIPSet

valid {
    input.Body.IPSetId == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteLoggingConfiguration

valid {
    input.Body.ResourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeletePermissionPolicy

valid {
    input.Body.ResourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteRateBasedRule

valid {
    input.Body.RuleId == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteRegexMatchSet

valid {
    input.Body.RegexMatchSetId == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteRegexPatternSet

valid {
    input.Body.RegexPatternSetId == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteRule

valid {
    input.Body.RuleId == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteRuleGroup

valid {
    input.Body.RuleGroupId == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteSizeConstraintSet

valid {
    input.Body.SizeConstraintSetId == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteSqlInjectionMatchSet

valid {
    input.Body.SqlInjectionMatchSetId == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteWebACL

valid {
    input.Body.WebACLId == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteXssMatchSet

valid {
    input.Body.XssMatchSetId == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DisassociateWebACL

valid {
    input.Body.ResourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetByteMatchSet

valid {
    input.Body.ByteMatchSetId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetChangeToken

valid {
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetChangeTokenStatus

valid {
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetGeoMatchSet

valid {
    input.Body.GeoMatchSetId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetIPSet

valid {
    input.Body.IPSetId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetLoggingConfiguration

valid {
    input.Body.ResourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetPermissionPolicy

valid {
    input.Body.ResourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRateBasedRule

valid {
    input.Body.RuleId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRateBasedRuleManagedKeys

valid {
    input.Body.RuleId == STRING
    input.Body.NextMarker == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRegexMatchSet

valid {
    input.Body.RegexMatchSetId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRegexPatternSet

valid {
    input.Body.RegexPatternSetId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRule

valid {
    input.Body.RuleId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetRuleGroup

valid {
    input.Body.RuleGroupId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetSampledRequests

valid {
    input.Body.WebAclId == STRING
    input.Body.RuleId == STRING
    input.Body.TimeWindow.StartTime == TIMESTAMP
    input.Body.TimeWindow.EndTime == TIMESTAMP
    input.Body.MaxItems == LONG
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetSizeConstraintSet

valid {
    input.Body.SizeConstraintSetId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetSqlInjectionMatchSet

valid {
    input.Body.SqlInjectionMatchSetId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetWebACL

valid {
    input.Body.WebACLId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetWebACLForResource

valid {
    input.Body.ResourceArn == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetXssMatchSet

valid {
    input.Body.XssMatchSetId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListActivatedRulesInRuleGroup

valid {
    input.Body.RuleGroupId == STRING
    input.Body.NextMarker == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListByteMatchSets

valid {
    input.Body.NextMarker == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListGeoMatchSets

valid {
    input.Body.NextMarker == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListIPSets

valid {
    input.Body.NextMarker == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListLoggingConfigurations

valid {
    input.Body.NextMarker == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListRateBasedRules

valid {
    input.Body.NextMarker == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListRegexMatchSets

valid {
    input.Body.NextMarker == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListRegexPatternSets

valid {
    input.Body.NextMarker == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListResourcesForWebACL

enum_ResourceType := [ "APPLICATION_LOAD_BALANCER", "API_GATEWAY" ]

valid {
    input.Body.WebACLId == STRING
    input.Body.ResourceType == enum_ResourceType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListRuleGroups

valid {
    input.Body.NextMarker == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListRules

valid {
    input.Body.NextMarker == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListSizeConstraintSets

valid {
    input.Body.NextMarker == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListSqlInjectionMatchSets

valid {
    input.Body.NextMarker == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListSubscribedRuleGroups

valid {
    input.Body.NextMarker == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListTagsForResource

valid {
    input.Body.NextMarker == STRING
    input.Body.Limit == INTEGER
    input.Body.ResourceARN == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListWebACLs

valid {
    input.Body.NextMarker == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListXssMatchSets

valid {
    input.Body.NextMarker == STRING
    input.Body.Limit == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PutLoggingConfiguration

enum_MatchFieldType := [ "URI", "QUERY_STRING", "HEADER", "METHOD", "BODY", "SINGLE_QUERY_ARG", "ALL_QUERY_ARGS" ]

valid {
    input.Body.LoggingConfiguration.ResourceArn == STRING
    input.Body.LoggingConfiguration.LogDestinationConfigs[_] == STRING
    input.Body.LoggingConfiguration.RedactedFields[_].Type == enum_MatchFieldType[_]
    input.Body.LoggingConfiguration.RedactedFields[_].Data == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PutPermissionPolicy

valid {
    input.Body.ResourceArn == STRING
    input.Body.Policy == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

TagResource

valid {
    input.Body.ResourceARN == STRING
    input.Body.Tags[_].Key == STRING
    input.Body.Tags[_].Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UntagResource

valid {
    input.Body.ResourceARN == STRING
    input.Body.TagKeys[_] == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateByteMatchSet

enum_ChangeAction := [ "INSERT", "DELETE" ]
enum_MatchFieldType := [ "URI", "QUERY_STRING", "HEADER", "METHOD", "BODY", "SINGLE_QUERY_ARG", "ALL_QUERY_ARGS" ]
enum_PositionalConstraint := [ "EXACTLY", "STARTS_WITH", "ENDS_WITH", "CONTAINS", "CONTAINS_WORD" ]
enum_TextTransformation := [ "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE" ]

valid {
    input.Body.ByteMatchSetId == STRING
    input.Body.ChangeToken == STRING
    input.Body.Updates[_].Action == enum_ChangeAction[_]
    input.Body.Updates[_].ByteMatchTuple.FieldToMatch.Type == enum_MatchFieldType[_]
    input.Body.Updates[_].ByteMatchTuple.FieldToMatch.Data == STRING
    input.Body.Updates[_].ByteMatchTuple.TargetString == BLOB
    input.Body.Updates[_].ByteMatchTuple.TextTransformation == enum_TextTransformation[_]
    input.Body.Updates[_].ByteMatchTuple.PositionalConstraint == enum_PositionalConstraint[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateGeoMatchSet

enum_ChangeAction := [ "INSERT", "DELETE" ]
enum_GeoMatchConstraintType := [ "Country" ]
enum_GeoMatchConstraintValue := [ "AF", "AX", "AL", "DZ", "AS", "AD", "AO", "AI", "AQ", "AG", "AR", "AM", "AW", "AU", "AT", "AZ", "BS", "BH", "BD", "BB", "BY", "BE", "BZ", "BJ", "BM", "BT", "BO", "BQ", "BA", "BW", "BV", "BR", "IO", "BN", "BG", "BF", "BI", "KH", "CM", "CA", "CV", "KY", "CF", "TD", "CL", "CN", "CX", "CC", "CO", "KM", "CG", "CD", "CK", "CR", "CI", "HR", "CU", "CW", "CY", "CZ", "DK", "DJ", "DM", "DO", "EC", "EG", "SV", "GQ", "ER", "EE", "ET", "FK", "FO", "FJ", "FI", "FR", "GF", "PF", "TF", "GA", "GM", "GE", "DE", "GH", "GI", "GR", "GL", "GD", "GP", "GU", "GT", "GG", "GN", "GW", "GY", "HT", "HM", "VA", "HN", "HK", "HU", "IS", "IN", "ID", "IR", "IQ", "IE", "IM", "IL", "IT", "JM", "JP", "JE", "JO", "KZ", "KE", "KI", "KP", "KR", "KW", "KG", "LA", "LV", "LB", "LS", "LR", "LY", "LI", "LT", "LU", "MO", "MK", "MG", "MW", "MY", "MV", "ML", "MT", "MH", "MQ", "MR", "MU", "YT", "MX", "FM", "MD", "MC", "MN", "ME", "MS", "MA", "MZ", "MM", "NA", "NR", "NP", "NL", "NC", "NZ", "NI", "NE", "NG", "NU", "NF", "MP", "NO", "OM", "PK", "PW", "PS", "PA", "PG", "PY", "PE", "PH", "PN", "PL", "PT", "PR", "QA", "RE", "RO", "RU", "RW", "BL", "SH", "KN", "LC", "MF", "PM", "VC", "WS", "SM", "ST", "SA", "SN", "RS", "SC", "SL", "SG", "SX", "SK", "SI", "SB", "SO", "ZA", "GS", "SS", "ES", "LK", "SD", "SR", "SJ", "SZ", "SE", "CH", "SY", "TW", "TJ", "TZ", "TH", "TL", "TG", "TK", "TO", "TT", "TN", "TR", "TM", "TC", "TV", "UG", "UA", "AE", "GB", "US", "UM", "UY", "UZ", "VU", "VE", "VN", "VG", "VI", "WF", "EH", "YE", "ZM", "ZW" ]

valid {
    input.Body.GeoMatchSetId == STRING
    input.Body.ChangeToken == STRING
    input.Body.Updates[_].Action == enum_ChangeAction[_]
    input.Body.Updates[_].GeoMatchConstraint.Type == enum_GeoMatchConstraintType[_]
    input.Body.Updates[_].GeoMatchConstraint.Value == enum_GeoMatchConstraintValue[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateIPSet

enum_ChangeAction := [ "INSERT", "DELETE" ]
enum_IPSetDescriptorType := [ "IPV4", "IPV6" ]

valid {
    input.Body.IPSetId == STRING
    input.Body.ChangeToken == STRING
    input.Body.Updates[_].Action == enum_ChangeAction[_]
    input.Body.Updates[_].IPSetDescriptor.Type == enum_IPSetDescriptorType[_]
    input.Body.Updates[_].IPSetDescriptor.Value == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateRateBasedRule

enum_ChangeAction := [ "INSERT", "DELETE" ]
enum_PredicateType := [ "IPMatch", "ByteMatch", "SqlInjectionMatch", "GeoMatch", "SizeConstraint", "XssMatch", "RegexMatch" ]

valid {
    input.Body.RuleId == STRING
    input.Body.ChangeToken == STRING
    input.Body.Updates[_].Action == enum_ChangeAction[_]
    input.Body.Updates[_].Predicate.Negated == BOOLEAN
    input.Body.Updates[_].Predicate.Type == enum_PredicateType[_]
    input.Body.Updates[_].Predicate.DataId == STRING
    input.Body.RateLimit == LONG
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateRegexMatchSet

enum_ChangeAction := [ "INSERT", "DELETE" ]
enum_MatchFieldType := [ "URI", "QUERY_STRING", "HEADER", "METHOD", "BODY", "SINGLE_QUERY_ARG", "ALL_QUERY_ARGS" ]
enum_TextTransformation := [ "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE" ]

valid {
    input.Body.RegexMatchSetId == STRING
    input.Body.Updates[_].Action == enum_ChangeAction[_]
    input.Body.Updates[_].RegexMatchTuple.FieldToMatch.Type == enum_MatchFieldType[_]
    input.Body.Updates[_].RegexMatchTuple.FieldToMatch.Data == STRING
    input.Body.Updates[_].RegexMatchTuple.TextTransformation == enum_TextTransformation[_]
    input.Body.Updates[_].RegexMatchTuple.RegexPatternSetId == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateRegexPatternSet

enum_ChangeAction := [ "INSERT", "DELETE" ]

valid {
    input.Body.RegexPatternSetId == STRING
    input.Body.Updates[_].Action == enum_ChangeAction[_]
    input.Body.Updates[_].RegexPatternString == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateRule

enum_ChangeAction := [ "INSERT", "DELETE" ]
enum_PredicateType := [ "IPMatch", "ByteMatch", "SqlInjectionMatch", "GeoMatch", "SizeConstraint", "XssMatch", "RegexMatch" ]

valid {
    input.Body.RuleId == STRING
    input.Body.ChangeToken == STRING
    input.Body.Updates[_].Action == enum_ChangeAction[_]
    input.Body.Updates[_].Predicate.Negated == BOOLEAN
    input.Body.Updates[_].Predicate.Type == enum_PredicateType[_]
    input.Body.Updates[_].Predicate.DataId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateRuleGroup

enum_ChangeAction := [ "INSERT", "DELETE" ]
enum_WafActionType := [ "BLOCK", "ALLOW", "COUNT" ]
enum_WafOverrideActionType := [ "NONE", "COUNT" ]
enum_WafRuleType := [ "REGULAR", "RATE_BASED", "GROUP" ]

valid {
    input.Body.RuleGroupId == STRING
    input.Body.Updates[_].Action == enum_ChangeAction[_]
    input.Body.Updates[_].ActivatedRule.Priority == INTEGER
    input.Body.Updates[_].ActivatedRule.RuleId == STRING
    input.Body.Updates[_].ActivatedRule.Action.Type == enum_WafActionType[_]
    input.Body.Updates[_].ActivatedRule.OverrideAction.Type == enum_WafOverrideActionType[_]
    input.Body.Updates[_].ActivatedRule.Type == enum_WafRuleType[_]
    input.Body.Updates[_].ActivatedRule.ExcludedRules[_].RuleId == STRING
    input.Body.ChangeToken == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateSizeConstraintSet

enum_ChangeAction := [ "INSERT", "DELETE" ]
enum_ComparisonOperator := [ "EQ", "NE", "LE", "LT", "GE", "GT" ]
enum_MatchFieldType := [ "URI", "QUERY_STRING", "HEADER", "METHOD", "BODY", "SINGLE_QUERY_ARG", "ALL_QUERY_ARGS" ]
enum_TextTransformation := [ "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE" ]

valid {
    input.Body.SizeConstraintSetId == STRING
    input.Body.ChangeToken == STRING
    input.Body.Updates[_].Action == enum_ChangeAction[_]
    input.Body.Updates[_].SizeConstraint.FieldToMatch.Type == enum_MatchFieldType[_]
    input.Body.Updates[_].SizeConstraint.FieldToMatch.Data == STRING
    input.Body.Updates[_].SizeConstraint.TextTransformation == enum_TextTransformation[_]
    input.Body.Updates[_].SizeConstraint.ComparisonOperator == enum_ComparisonOperator[_]
    input.Body.Updates[_].SizeConstraint.Size == LONG
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateSqlInjectionMatchSet

enum_ChangeAction := [ "INSERT", "DELETE" ]
enum_MatchFieldType := [ "URI", "QUERY_STRING", "HEADER", "METHOD", "BODY", "SINGLE_QUERY_ARG", "ALL_QUERY_ARGS" ]
enum_TextTransformation := [ "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE" ]

valid {
    input.Body.SqlInjectionMatchSetId == STRING
    input.Body.ChangeToken == STRING
    input.Body.Updates[_].Action == enum_ChangeAction[_]
    input.Body.Updates[_].SqlInjectionMatchTuple.FieldToMatch.Type == enum_MatchFieldType[_]
    input.Body.Updates[_].SqlInjectionMatchTuple.FieldToMatch.Data == STRING
    input.Body.Updates[_].SqlInjectionMatchTuple.TextTransformation == enum_TextTransformation[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateWebACL

enum_ChangeAction := [ "INSERT", "DELETE" ]
enum_WafActionType := [ "BLOCK", "ALLOW", "COUNT" ]
enum_WafOverrideActionType := [ "NONE", "COUNT" ]
enum_WafRuleType := [ "REGULAR", "RATE_BASED", "GROUP" ]

valid {
    input.Body.WebACLId == STRING
    input.Body.ChangeToken == STRING
    input.Body.Updates[_].Action == enum_ChangeAction[_]
    input.Body.Updates[_].ActivatedRule.Priority == INTEGER
    input.Body.Updates[_].ActivatedRule.RuleId == STRING
    input.Body.Updates[_].ActivatedRule.Action.Type == enum_WafActionType[_]
    input.Body.Updates[_].ActivatedRule.OverrideAction.Type == enum_WafOverrideActionType[_]
    input.Body.Updates[_].ActivatedRule.Type == enum_WafRuleType[_]
    input.Body.Updates[_].ActivatedRule.ExcludedRules[_].RuleId == STRING
    input.Body.DefaultAction.Type == enum_WafActionType[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateXssMatchSet

enum_ChangeAction := [ "INSERT", "DELETE" ]
enum_MatchFieldType := [ "URI", "QUERY_STRING", "HEADER", "METHOD", "BODY", "SINGLE_QUERY_ARG", "ALL_QUERY_ARGS" ]
enum_TextTransformation := [ "NONE", "COMPRESS_WHITE_SPACE", "HTML_ENTITY_DECODE", "LOWERCASE", "CMD_LINE", "URL_DECODE" ]

valid {
    input.Body.XssMatchSetId == STRING
    input.Body.ChangeToken == STRING
    input.Body.Updates[_].Action == enum_ChangeAction[_]
    input.Body.Updates[_].XssMatchTuple.FieldToMatch.Type == enum_MatchFieldType[_]
    input.Body.Updates[_].XssMatchTuple.FieldToMatch.Data == STRING
    input.Body.Updates[_].XssMatchTuple.TextTransformation == enum_TextTransformation[_]
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}