AWS cli documentation change
Summary
Added documentation for a new 'Monetize' action in WAF rules which returns HTTP 402 Payment Required responses and requires payment verification before granting access.
Security assessment
The change introduces a monetization feature rather than addressing a security vulnerability. While it involves blocking unpaid requests, this is business logic for access control via payment verification, not a security fix or threat mitigation. No CVE, vulnerability reference, or security advisory is mentioned.
Diff
diff --git a/cli/latest/reference/wafv2/describe-managed-rule-group.md b/cli/latest/reference/wafv2/describe-managed-rule-group.md index 16eb26eba..a91654869 100644 --- a//cli/latest/reference/wafv2/describe-managed-rule-group.md +++ b//cli/latest/reference/wafv2/describe-managed-rule-group.md @@ -15 +15 @@ - * [AWS CLI 2.35.3 Command Reference](../../index.html) » + * [AWS CLI 2.35.5 Command Reference](../../index.html) » @@ -769,0 +770,16 @@ Rules -> (list) +>>> +>>> Monetize -> (structure) +>>> +>>>> Instructs WAF to return an HTTP 402 Payment Required response with a price manifest. The requesting client can complete payment and resubmit the request to gain access. This is a terminating action-requests that do not complete payment are blocked. This action is available only for web ACLs associated with Amazon CloudFront distributions and requires a `MonetizationConfig` on the web ACL. +>>>> +>>>> PriceMultiplier -> (string) +>>>> +>>>>> An integer multiplier applied to the base price defined in the web ACL’s `MonetizationConfig` . The effective price for the request is the base price multiplied by this value. Specify as a string. Valid values: 1 to 100. +>>>>> +>>>>> Constraints: +>>>>> +>>>>> * min: `1` +>>>>> * max: `3` +>>>>> * pattern: `^([1-9][0-9]?|100)$` +>>>>> + @@ -848 +864 @@ ConsumedLabels -> (list) - * [AWS CLI 2.35.3 Command Reference](../../index.html) » + * [AWS CLI 2.35.5 Command Reference](../../index.html) »