feat(client-wafv2): AssociateWebACL, UpdateWebACL and PutLoggingConfiguration will now throw WAFFeatureNotIncludedInPricingPlanException when the request contains a feature that is not included in the CloudFront pricing plan of the WebACL.

awstools · awstools · commit 6da7a3dbfa7d · 2025-11-18T19:10:46.000Z
diff --git a/clients/client-wafv2/src/commands/AssociateWebACLCommand.ts b/clients/client-wafv2/src/commands/AssociateWebACLCommand.ts
@@ -77,6 +77,9 @@ export interface AssociateWebACLCommandOutput extends AssociateWebACLResponse, _
  * @see {@link AssociateWebACLCommandOutput} for command's `response` shape.
  * @see {@link WAFV2ClientResolvedConfig | config} for WAFV2Client's `config` shape.
  *
+ * @throws {@link WAFFeatureNotIncludedInPricingPlanException} (client fault)
+ *  <p>The operation failed because the specified WAF feature isn't supported by the CloudFront pricing plan associated with the web ACL.</p>
+ *
  * @throws {@link WAFInternalErrorException} (server fault)
  *  <p>Your request is valid, but WAF couldn’t perform the operation because of a system
  *          problem. Retry your request. </p>
diff --git a/clients/client-wafv2/src/commands/GetWebACLCommand.ts b/clients/client-wafv2/src/commands/GetWebACLCommand.ts
@@ -4,7 +4,8 @@ import { Command as $Command } from "@smithy/smithy-client";
 import { MetadataBearer as __MetadataBearer } from "@smithy/types";
 
 import { commonParams } from "../endpoint/EndpointParameters";
-import { GetWebACLRequest, GetWebACLResponse } from "../models/models_0";
+import { GetWebACLRequest } from "../models/models_0";
+import { GetWebACLResponse } from "../models/models_1";
 import { GetWebACL } from "../schemas/schemas_0";
 import { ServiceInputTypes, ServiceOutputTypes, WAFV2ClientResolvedConfig } from "../WAFV2Client";
 
diff --git a/clients/client-wafv2/src/commands/PutLoggingConfigurationCommand.ts b/clients/client-wafv2/src/commands/PutLoggingConfigurationCommand.ts
@@ -282,6 +282,9 @@ export interface PutLoggingConfigurationCommandOutput extends PutLoggingConfigur
  * @see {@link PutLoggingConfigurationCommandOutput} for command's `response` shape.
  * @see {@link WAFV2ClientResolvedConfig | config} for WAFV2Client's `config` shape.
  *
+ * @throws {@link WAFFeatureNotIncludedInPricingPlanException} (client fault)
+ *  <p>The operation failed because the specified WAF feature isn't supported by the CloudFront pricing plan associated with the web ACL.</p>
+ *
  * @throws {@link WAFInternalErrorException} (server fault)
  *  <p>Your request is valid, but WAF couldn’t perform the operation because of a system
  *          problem. Retry your request. </p>
diff --git a/clients/client-wafv2/src/commands/UpdateWebACLCommand.ts b/clients/client-wafv2/src/commands/UpdateWebACLCommand.ts
@@ -1201,6 +1201,9 @@ export interface UpdateWebACLCommandOutput extends UpdateWebACLResponse, __Metad
  *          expired. You can retrieve the available versions for the managed rule group by calling
  *             <a>ListAvailableManagedRuleGroupVersions</a>.</p>
  *
+ * @throws {@link WAFFeatureNotIncludedInPricingPlanException} (client fault)
+ *  <p>The operation failed because the specified WAF feature isn't supported by the CloudFront pricing plan associated with the web ACL.</p>
+ *
  * @throws {@link WAFInternalErrorException} (server fault)
  *  <p>Your request is valid, but WAF couldn’t perform the operation because of a system
  *          problem. Retry your request. </p>
diff --git a/clients/client-wafv2/src/models/index.ts b/clients/client-wafv2/src/models/index.ts
@@ -1,2 +1,3 @@
 // smithy-typescript generated code
 export * from "./models_0";
+export * from "./models_1";
diff --git a/clients/client-wafv2/src/models/models_0.ts b/clients/client-wafv2/src/models/models_0.ts
@@ -3570,6 +3570,52 @@ export interface AssociateWebACLRequest {
  */
 export interface AssociateWebACLResponse {}
 
+/**
+ * <p>A WAF feature that is not supported by the CloudFront pricing plan associated with the web ACL.</p>
+ * @public
+ */
+export interface DisallowedFeature {
+  /**
+   * <p>The name of the disallowed WAF feature.</p>
+   * @public
+   */
+  Feature?: string | undefined;
+
+  /**
+   * <p>The name of the CloudFront pricing plan required to use the WAF feature.</p>
+   * @public
+   */
+  RequiredPricingPlan?: string | undefined;
+}
+
+/**
+ * <p>The operation failed because the specified WAF feature isn't supported by the CloudFront pricing plan associated with the web ACL.</p>
+ * @public
+ */
+export class WAFFeatureNotIncludedInPricingPlanException extends __BaseException {
+  readonly name: "WAFFeatureNotIncludedInPricingPlanException" = "WAFFeatureNotIncludedInPricingPlanException";
+  readonly $fault: "client" = "client";
+  Message?: string | undefined;
+  /**
+   * <p>The names of the disallowed WAF features.</p>
+   * @public
+   */
+  DisallowedFeatures?: DisallowedFeature[] | undefined;
+  /**
+   * @internal
+   */
+  constructor(opts: __ExceptionOptionType<WAFFeatureNotIncludedInPricingPlanException, __BaseException>) {
+    super({
+      name: "WAFFeatureNotIncludedInPricingPlanException",
+      $fault: "client",
+      ...opts,
+    });
+    Object.setPrototypeOf(this, WAFFeatureNotIncludedInPricingPlanException.prototype);
+    this.Message = opts.Message;
+    this.DisallowedFeatures = opts.DisallowedFeatures;
+  }
+}
+
 /**
  * <p>Your request is valid, but WAF couldn’t perform the operation because of a system
  *          problem. Retry your request. </p>
@@ -9791,28 +9837,3 @@ export interface GetWebACLForResourceResponse {
    */
   WebACL?: WebACL | undefined;
 }
-
-/**
- * @public
- */
-export interface GetWebACLResponse {
-  /**
-   * <p>The web ACL specification. You can modify the settings in this web ACL and use it to
-   *          update this web ACL or create a new one.</p>
-   * @public
-   */
-  WebACL?: WebACL | undefined;
-
-  /**
-   * <p>A token used for optimistic locking. WAF returns a token to your <code>get</code> and <code>list</code> requests, to mark the state of the entity at the time of the request. To make changes to the entity associated with the token, you provide the token to operations like <code>update</code> and <code>delete</code>. WAF uses the token to ensure that no changes have been made to the entity since you last retrieved it. If a change has been made, the update fails with a <code>WAFOptimisticLockException</code>. If this happens, perform another <code>get</code>, and use the new token returned by that operation. </p>
-   * @public
-   */
-  LockToken?: string | undefined;
-
-  /**
-   * <p>The URL to use in SDK integrations with Amazon Web Services managed rule groups. For example, you can use the integration SDKs with the account takeover prevention managed rule group <code>AWSManagedRulesATPRuleSet</code> and the account creation fraud prevention managed rule group <code>AWSManagedRulesACFPRuleSet</code>. This is only populated if you are using a rule group in your web ACL that integrates with your applications in this way. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html">WAF client application integration</a>
-   * in the <i>WAF Developer Guide</i>.</p>
-   * @public
-   */
-  ApplicationIntegrationURL?: string | undefined;
-}
diff --git a/clients/client-wafv2/src/models/models_1.ts b/clients/client-wafv2/src/models/models_1.ts
@@ -0,0 +1,27 @@
+// smithy-typescript generated code
+import { WebACL } from "./models_0";
+
+/**
+ * @public
+ */
+export interface GetWebACLResponse {
+  /**
+   * <p>The web ACL specification. You can modify the settings in this web ACL and use it to
+   *          update this web ACL or create a new one.</p>
+   * @public
+   */
+  WebACL?: WebACL | undefined;
+
+  /**
+   * <p>A token used for optimistic locking. WAF returns a token to your <code>get</code> and <code>list</code> requests, to mark the state of the entity at the time of the request. To make changes to the entity associated with the token, you provide the token to operations like <code>update</code> and <code>delete</code>. WAF uses the token to ensure that no changes have been made to the entity since you last retrieved it. If a change has been made, the update fails with a <code>WAFOptimisticLockException</code>. If this happens, perform another <code>get</code>, and use the new token returned by that operation. </p>
+   * @public
+   */
+  LockToken?: string | undefined;
+
+  /**
+   * <p>The URL to use in SDK integrations with Amazon Web Services managed rule groups. For example, you can use the integration SDKs with the account takeover prevention managed rule group <code>AWSManagedRulesATPRuleSet</code> and the account creation fraud prevention managed rule group <code>AWSManagedRulesACFPRuleSet</code>. This is only populated if you are using a rule group in your web ACL that integrates with your applications in this way. For more information, see <a href="https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html">WAF client application integration</a>
+   * in the <i>WAF Developer Guide</i>.</p>
+   * @public
+   */
+  ApplicationIntegrationURL?: string | undefined;
+}
diff --git a/clients/client-wafv2/src/schemas/schemas_0.ts b/clients/client-wafv2/src/schemas/schemas_0.ts
@@ -103,9 +103,11 @@ const _DAPIK = "DeleteAPIKey";
 const _DAPIKR = "DeleteAPIKeyRequest";
 const _DAPIKRe = "DeleteAPIKeyResponse";
 const _DB = "DefaultBehavior";
+const _DF = "DisallowedFeature";
 const _DFMRG = "DeleteFirewallManagerRuleGroups";
 const _DFMRGR = "DeleteFirewallManagerRuleGroupsRequest";
 const _DFMRGRe = "DeleteFirewallManagerRuleGroupsResponse";
+const _DFi = "DisallowedFeatures";
 const _DIPS = "DeleteIPSet";
 const _DIPSR = "DeleteIPSetRequest";
 const _DIPSRe = "DeleteIPSetResponse";
@@ -167,6 +169,7 @@ const _FT = "FieldType";
 const _FTM = "FieldToMatch";
 const _FTP = "FieldToProtect";
 const _FV = "FailureValues";
+const _Fe = "Feature";
 const _Fi = "Filter";
 const _Fil = "Filters";
 const _GDAPIK = "GetDecryptedAPIKey";
@@ -421,6 +424,7 @@ const _RN = "RuleName";
 const _RNWRG = "RuleNameWithinRuleGroup";
 const _RNe = "ReleaseNotes";
 const _RPP = "RegistrationPagePath";
+const _RPPe = "RequiredPricingPlan";
 const _RPS = "RegexPatternSet";
 const _RPSRS = "RegexPatternSetReferenceStatement";
 const _RPSS = "RegexPatternSetSummary";
@@ -528,6 +532,7 @@ const _WAFAIE = "WAFAssociatedItemException";
 const _WAFCWE = "WAFConfigurationWarningException";
 const _WAFDIE = "WAFDuplicateItemException";
 const _WAFEMRGVE = "WAFExpiredManagedRuleGroupVersionException";
+const _WAFFNIIPPE = "WAFFeatureNotIncludedInPricingPlanException";
 const _WAFIEE = "WAFInternalErrorException";
 const _WAFIOE = "WAFInvalidOperationException";
 const _WAFIPE = "WAFInvalidParameterException";
@@ -566,6 +571,7 @@ import {
   WAFConfigurationWarningException as __WAFConfigurationWarningException,
   WAFDuplicateItemException as __WAFDuplicateItemException,
   WAFExpiredManagedRuleGroupVersionException as __WAFExpiredManagedRuleGroupVersionException,
+  WAFFeatureNotIncludedInPricingPlanException as __WAFFeatureNotIncludedInPricingPlanException,
   WAFInternalErrorException as __WAFInternalErrorException,
   WAFInvalidOperationException as __WAFInvalidOperationException,
   WAFInvalidParameterException as __WAFInvalidParameterException,
@@ -794,6 +800,7 @@ export var DescribeManagedRuleGroupResponse: StaticStructureSchema = [
   [_VNe, _STA, _C, _R, _LN, _ALv, _CL],
   [0, 0, 1, () => RuleSummaries, 0, () => LabelSummaries, () => LabelSummaries],
 ];
+export var DisallowedFeature: StaticStructureSchema = [3, n0, _DF, 0, [_Fe, _RPPe], [0, 0]];
 export var DisassociateWebACLRequest: StaticStructureSchema = [3, n0, _DWACLRi, 0, [_RA], [0]];
 export var DisassociateWebACLResponse: StaticStructureSchema = [3, n0, _DWACLRis, 0, [], []];
 export var EmailField: StaticStructureSchema = [3, n0, _EF, 0, [_I], [0]];
@@ -1524,6 +1531,21 @@ TypeRegistry.for(n0).registerError(
   __WAFExpiredManagedRuleGroupVersionException
 );
 
+export var WAFFeatureNotIncludedInPricingPlanException: StaticErrorSchema = [
+  -3,
+  n0,
+  _WAFFNIIPPE,
+  {
+    [_e]: _c,
+  },
+  [_Me, _DFi],
+  [0, () => DisallowedFeatures],
+];
+TypeRegistry.for(n0).registerError(
+  WAFFeatureNotIncludedInPricingPlanException,
+  __WAFFeatureNotIncludedInPricingPlanException
+);
+
 export var WAFInternalErrorException: StaticErrorSchema = [
   -3,
   n0,
@@ -1789,6 +1811,7 @@ export var CountryCodes = 64 | 0;
 
 export var CustomHTTPHeaders: StaticListSchema = [1, n0, _CHTTPHu, 0, () => CustomHTTPHeader];
 export var DataProtections: StaticListSchema = [1, n0, _DPa, 0, () => DataProtection];
+export var DisallowedFeatures: StaticListSchema = [1, n0, _DFi, 0, () => DisallowedFeature];
 export var ExcludedRules: StaticListSchema = [1, n0, _ERx, 0, () => ExcludedRule];
 export var FieldToProtectKeys = 64 | 0;
 
diff --git a/codegen/sdk-codegen/aws-models/wafv2.json b/codegen/sdk-codegen/aws-models/wafv2.json
@@ -1806,6 +1806,9 @@
         "target": "com.amazonaws.wafv2#AssociateWebACLResponse"
       },
       "errors": [
+        {
+          "target": "com.amazonaws.wafv2#WAFFeatureNotIncludedInPricingPlanException"
+        },
         {
           "target": "com.amazonaws.wafv2#WAFInternalErrorException"
         },
@@ -5520,6 +5523,37 @@
         "smithy.api#output": {}
       }
     },
+    "com.amazonaws.wafv2#DisallowedFeature": {
+      "type": "structure",
+      "members": {
+        "Feature": {
+          "target": "com.amazonaws.wafv2#PricingPlanFeatureName",
+          "traits": {
+            "smithy.api#documentation": "<p>The name of the disallowed WAF feature.</p>"
+          }
+        },
+        "RequiredPricingPlan": {
+          "target": "com.amazonaws.wafv2#RequiredPricingPlanName",
+          "traits": {
+            "smithy.api#documentation": "<p>The name of the CloudFront pricing plan required to use the WAF feature.</p>"
+          }
+        }
+      },
+      "traits": {
+        "smithy.api#documentation": "<p>A WAF feature that is not supported by the CloudFront pricing plan associated with the web ACL.</p>"
+      }
+    },
+    "com.amazonaws.wafv2#DisallowedFeatures": {
+      "type": "list",
+      "member": {
+        "target": "com.amazonaws.wafv2#DisallowedFeature"
+      },
+      "traits": {
+        "smithy.api#length": {
+          "min": 1
+        }
+      }
+    },
     "com.amazonaws.wafv2#DisassociateWebACL": {
       "type": "operation",
       "input": {
@@ -9934,6 +9968,16 @@
         }
       }
     },
+    "com.amazonaws.wafv2#PricingPlanFeatureName": {
+      "type": "string",
+      "traits": {
+        "smithy.api#length": {
+          "min": 1,
+          "max": 128
+        },
+        "smithy.api#pattern": "^[\\w\\-]+$"
+      }
+    },
     "com.amazonaws.wafv2#ProductDescription": {
       "type": "string",
       "traits": {
@@ -9990,6 +10034,9 @@
         "target": "com.amazonaws.wafv2#PutLoggingConfigurationResponse"
       },
       "errors": [
+        {
+          "target": "com.amazonaws.wafv2#WAFFeatureNotIncludedInPricingPlanException"
+        },
         {
           "target": "com.amazonaws.wafv2#WAFInternalErrorException"
         },
@@ -10886,6 +10933,16 @@
         "smithy.api#documentation": "<p>The criteria for inspecting account creation requests, used by the ACFP rule group to validate and track account creation attempts.  </p>\n         <p>This is part of the <code>AWSManagedRulesACFPRuleSet</code> configuration in <code>ManagedRuleGroupConfig</code>.</p>\n         <p>In these settings, you specify how your application accepts account creation attempts\n           by providing the request payload type and the names of the fields \n           within the request body where the username, password, email, and primary address and phone number fields are provided. </p>"
       }
     },
+    "com.amazonaws.wafv2#RequiredPricingPlanName": {
+      "type": "string",
+      "traits": {
+        "smithy.api#length": {
+          "min": 1,
+          "max": 64
+        },
+        "smithy.api#pattern": "^[\\w\\-]+$"
+      }
+    },
     "com.amazonaws.wafv2#ResourceArn": {
       "type": "string",
       "traits": {
@@ -12881,6 +12938,9 @@
         {
           "target": "com.amazonaws.wafv2#WAFExpiredManagedRuleGroupVersionException"
         },
+        {
+          "target": "com.amazonaws.wafv2#WAFFeatureNotIncludedInPricingPlanException"
+        },
         {
           "target": "com.amazonaws.wafv2#WAFInternalErrorException"
         },
@@ -13218,6 +13278,24 @@
         "smithy.api#error": "client"
       }
     },
+    "com.amazonaws.wafv2#WAFFeatureNotIncludedInPricingPlanException": {
+      "type": "structure",
+      "members": {
+        "Message": {
+          "target": "com.amazonaws.wafv2#ErrorMessage"
+        },
+        "DisallowedFeatures": {
+          "target": "com.amazonaws.wafv2#DisallowedFeatures",
+          "traits": {
+            "smithy.api#documentation": "<p>The names of the disallowed WAF features.</p>"
+          }
+        }
+      },
+      "traits": {
+        "smithy.api#documentation": "<p>The operation failed because the specified WAF feature isn't supported by the CloudFront pricing plan associated with the web ACL.</p>",
+        "smithy.api#error": "client"
+      }
+    },
     "com.amazonaws.wafv2#WAFInternalErrorException": {
       "type": "structure",
       "members": {

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,3 @@`
`1`	`1`	`// smithy-typescript generated code`
`2`	`2`	`export * from "./models_0";`
	`3`	`+export * from "./models_1";`