diff --git a/LICENSE b/LICENSE
new file mode 100644
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,367 @@
+Mozilla Public License Version 2.0
+==================================
+
+1. Definitions
+--------------
+
+1.1. "Contributor"
+    means each individual or legal entity that creates, contributes to
+    the creation of, or owns Covered Software.
+
+1.2. "Contributor Version"
+    means the combination of the Contributions of others (if any) used
+    by a Contributor and that particular Contributor's Contribution.
+
+1.3. "Contribution"
+    means Covered Software of a particular Contributor.
+
+1.4. "Covered Software"
+    means Source Code Form to which the initial Contributor has attached
+    the notice in Exhibit A, the Executable Form of such Source Code
+    Form, and Modifications of such Source Code Form, in each case
+    including portions thereof.
+
+1.5. "Incompatible With Secondary Licenses"
+    means
+
+    (a) that the initial Contributor has attached the notice described
+        in Exhibit B to the Covered Software; or
+
+    (b) that the Covered Software was made available under the terms of
+        version 1.1 or earlier of the License, but not also under the
+        terms of a Secondary License.
+
+1.6. "Executable Form"
+    means any form of the work other than Source Code Form.
+
+1.7. "Larger Work"
+    means a work that combines Covered Software with other material, in
+    a separate file or files, that is not Covered Software.
+
+1.8. "License"
+    means this document.
+
+1.9. "Licensable"
+    means having the right to grant, to the maximum extent possible,
+    whether at the time of the initial grant or subsequently, any and
+    all of the rights conveyed by this License.
+
+1.10. "Modifications"
+    means any of the following:
+
+    (a) any file in Source Code Form that results from an addition to,
+        deletion from, or modification of the contents of Covered
+        Software; or
+
+    (b) any new file in Source Code Form that contains any Covered
+        Software.
+
+1.11. "Patent Claims" of a Contributor
+    means any patent claim(s), including without limitation, method,
+    process, and apparatus claims, in any patent Licensable by such
+    Contributor that would be infringed, but for the grant of the
+    License, by the making, using, selling, offering for sale, having
+    made, import, or transfer of either its Contributions or its
+    Contributor Version.
+
+1.12. "Secondary License"
+    means either the GNU General Public License, Version 2.0, the GNU
+    Lesser General Public License, Version 2.1, the GNU Affero General
+    Public License, Version 3.0, or any later versions of those
+    licenses.
+
+1.13. "Source Code Form"
+    means the form of the work preferred for making modifications.
+
+1.14. "You" (or "Your")
+    means an individual or a legal entity exercising rights under this
+    License. For legal entities, "You" includes any entity that
+    controls, is controlled by, or is under common control with You. For
+    purposes of this definition, "control" means (a) the power, direct
+    or indirect, to cause the direction or management of such entity,
+    whether by contract or otherwise, or (b) ownership of more than
+    fifty percent (50%) of the outstanding shares or beneficial
+    ownership of such entity.
+
+2. License Grants and Conditions
+--------------------------------
+
+2.1. Grants
+
+Each Contributor hereby grants You a world-wide, royalty-free,
+non-exclusive license:
+
+(a) under intellectual property rights (other than patent or trademark)
+    Licensable by such Contributor to use, reproduce, make available,
+    modify, display, perform, distribute, and otherwise exploit its
+    Contributions, either on an unmodified basis, with Modifications, or
+    as part of a Larger Work; and
+
+(b) under Patent Claims of such Contributor to make, use, sell, offer
+    for sale, have made, import, and otherwise transfer either its
+    Contributions or its Contributor Version.
+
+2.2. Effective Date
+
+The licenses granted in Section 2.1 with respect to any Contribution
+become effective for each Contribution on the date the Contributor first
+distributes such Contribution.
+
+2.3. Limitations on Grant Scope
+
+The licenses granted in this Section 2 are the only rights granted under
+this License. No additional rights or licenses will be implied from the
+distribution or licensing of Covered Software under this License.
+Notwithstanding Section 2.1(b) above, no patent license is granted by a
+Contributor:
+
+(a) for any code that a Contributor has removed from Covered Software;
+    or
+
+(b) for infringements caused by: (i) Your and any other third party's
+    modifications of Covered Software, or (ii) the combination of its
+    Contributions with other software (except as part of its Contributor
+    Version); or
+
+(c) under Patent Claims infringed by Covered Software in the absence of
+    its Contributions.
+
+This License does not grant any rights in the trademarks, service marks,
+or logos of any Contributor (except as may be necessary to comply with
+the notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+No Contributor makes additional grants as a result of Your choice to
+distribute the Covered Software under a subsequent version of this
+License (see Section 10.2) or under the terms of a Secondary License (if
+permitted under the terms of Section 3.3).
+
+2.5. Representation
+
+Each Contributor represents that the Contributor believes its
+Contributions are its original creation(s) or it has sufficient rights
+to grant the rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+This License is not intended to limit any rights You have under
+applicable copyright doctrines of fair use, fair dealing, or other
+equivalents.
+
+2.7. Conditions
+
+Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted
+in Section 2.1.
+
+3. Responsibilities
+-------------------
+
+3.1. Distribution of Source Form
+
+All distribution of Covered Software in Source Code Form, including any
+Modifications that You create or to which You contribute, must be under
+the terms of this License. You must inform recipients that the Source
+Code Form of the Covered Software is governed by the terms of this
+License, and how they can obtain a copy of this License. You may not
+attempt to alter or restrict the recipients' rights in the Source Code
+Form.
+
+3.2. Distribution of Executable Form
+
+If You distribute Covered Software in Executable Form then:
+
+(a) such Covered Software must also be made available in Source Code
+    Form, as described in Section 3.1, and You must inform recipients of
+    the Executable Form how they can obtain a copy of such Source Code
+    Form by reasonable means in a timely manner, at a charge no more
+    than the cost of distribution to the recipient; and
+
+(b) You may distribute such Executable Form under the terms of this
+    License, or sublicense it under different terms, provided that the
+    license for the Executable Form does not attempt to limit or alter
+    the recipients' rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+You may create and distribute a Larger Work under terms of Your choice,
+provided that You also comply with the requirements of this License for
+the Covered Software. If the Larger Work is a combination of Covered
+Software with a work governed by one or more Secondary Licenses, and the
+Covered Software is not Incompatible With Secondary Licenses, this
+License permits You to additionally distribute such Covered Software
+under the terms of such Secondary License(s), so that the recipient of
+the Larger Work may, at their option, further distribute the Covered
+Software under the terms of either this License or such Secondary
+License(s).
+
+3.4. Notices
+
+You may not remove or alter the substance of any license notices
+(including copyright notices, patent notices, disclaimers of warranty,
+or limitations of liability) contained within the Source Code Form of
+the Covered Software, except that You may alter any license notices to
+the extent required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+You may choose to offer, and to charge a fee for, warranty, support,
+indemnity or liability obligations to one or more recipients of Covered
+Software. However, You may do so only on Your own behalf, and not on
+behalf of any Contributor. You must make it absolutely clear that any
+such warranty, support, indemnity, or liability obligation is offered by
+You alone, and You hereby agree to indemnify every Contributor for any
+liability incurred by such Contributor as a result of warranty, support,
+indemnity or liability terms You offer. You may include additional
+disclaimers of warranty and limitations of liability specific to any
+jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+---------------------------------------------------
+
+If it is impossible for You to comply with any of the terms of this
+License with respect to some or all of the Covered Software due to
+statute, judicial order, or regulation then You must: (a) comply with
+the terms of this License to the maximum extent possible; and (b)
+describe the limitations and the code they affect. Such description must
+be placed in a text file included with all distributions of the Covered
+Software under this License. Except to the extent prohibited by statute
+or regulation, such description must be sufficiently detailed for a
+recipient of ordinary skill to be able to understand it.
+
+5. Termination
+--------------
+
+5.1. The rights granted under this License will terminate automatically
+if You fail to comply with any of its terms. However, if You become
+compliant, then the rights granted under this License from a particular
+Contributor are reinstated (a) provisionally, unless and until such
+Contributor explicitly and finally terminates Your grants, and (b) on an
+ongoing basis, if such Contributor fails to notify You of the
+non-compliance by some reasonable means prior to 60 days after You have
+come back into compliance. Moreover, Your grants from a particular
+Contributor are reinstated on an ongoing basis if such Contributor
+notifies You of the non-compliance by some reasonable means, this is the
+first time You have received notice of non-compliance with this License
+from such Contributor, and You become compliant prior to 30 days after
+Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+infringement claim (excluding declaratory judgment actions,
+counter-claims, and cross-claims) alleging that a Contributor Version
+directly or indirectly infringes any patent, then the rights granted to
+You by any and all Contributors for the Covered Software under Section
+2.1 of this License shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all
+end user license agreements (excluding distributors and resellers) which
+have been validly granted by You or Your distributors under this License
+prior to termination shall survive termination.
+
+************************************************************************
+*                                                                      *
+*  6. Disclaimer of Warranty                                           *
+*  -------------------------                                           *
+*                                                                      *
+*  Covered Software is provided under this License on an "as is"       *
+*  basis, without warranty of any kind, either expressed, implied, or  *
+*  statutory, including, without limitation, warranties that the       *
+*  Covered Software is free of defects, merchantable, fit for a        *
+*  particular purpose or non-infringing. The entire risk as to the     *
+*  quality and performance of the Covered Software is with You.        *
+*  Should any Covered Software prove defective in any respect, You     *
+*  (not any Contributor) assume the cost of any necessary servicing,   *
+*  repair, or correction. This disclaimer of warranty constitutes an   *
+*  essential part of this License. No use of any Covered Software is   *
+*  authorized under this License except under this disclaimer.         *
+*                                                                      *
+************************************************************************
+
+************************************************************************
+*                                                                      *
+*  7. Limitation of Liability                                          *
+*  --------------------------                                          *
+*                                                                      *
+*  Under no circumstances and under no legal theory, whether tort      *
+*  (including negligence), contract, or otherwise, shall any           *
+*  Contributor, or anyone who distributes Covered Software as          *
+*  permitted above, be liable to You for any direct, indirect,         *
+*  special, incidental, or consequential damages of any character      *
+*  including, without limitation, damages for lost profits, loss of    *
+*  goodwill, work stoppage, computer failure or malfunction, or any    *
+*  and all other commercial damages or losses, even if such party      *
+*  shall have been informed of the possibility of such damages. This   *
+*  limitation of liability shall not apply to liability for death or   *
+*  personal injury resulting from such party's negligence to the       *
+*  extent applicable law prohibits such limitation. Some               *
+*  jurisdictions do not allow the exclusion or limitation of           *
+*  incidental or consequential damages, so this exclusion and          *
+*  limitation may not apply to You.                                    *
+*                                                                      *
+************************************************************************
+
+8. Litigation
+-------------
+
+Any litigation relating to this License may be brought only in the
+courts of a jurisdiction where the defendant maintains its principal
+place of business and such litigation shall be governed by laws of that
+jurisdiction, without reference to its conflict-of-law provisions.
+Nothing in this Section shall prevent a party's ability to bring
+cross-claims or counter-claims.
+
+9. Miscellaneous
+----------------
+
+This License represents the complete agreement concerning the subject
+matter hereof. If any provision of this License is held to be
+unenforceable, such provision shall be reformed only to the extent
+necessary to make it enforceable. Any law or regulation which provides
+that the language of a contract shall be construed against the drafter
+shall not be used to construe this License against a Contributor.
+
+10. Versions of the License
+---------------------------
+
+10.1. New Versions
+
+Mozilla Foundation is the license steward. Except as provided in Section
+10.3, no one other than the license steward has the right to modify or
+publish new versions of this License. Each version will be given a
+distinguishing version number.
+
+10.2. Effect of New Versions
+
+You may distribute the Covered Software under the terms of the version
+of the License under which You originally received the Covered Software,
+or under the terms of any subsequent version published by the license
+steward.
+
+10.3. Modified Versions
+
+If you create software not governed by this License, and you want to
+create a new license for such software, you may create and use a
+modified version of this License if you rename the license and remove
+any references to the name of the license steward (except to note that
+such modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary
+Licenses
+
+If You choose to distribute Source Code Form that is Incompatible With
+Secondary Licenses under the terms of this version of the License, the
+notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+-------------------------------------------
+
+  This Source Code Form is subject to the terms of the Mozilla Public
+  License, v. 2.0. If a copy of the MPL was not distributed with this
+  file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular
+file, then You may include the notice in a location (such as a LICENSE
+file in a relevant directory) where a recipient would be likely to look
+for such a notice.
+
+You may add additional accurate notices of copyright ownership.
diff --git a/README.md b/README.md
new file mode 100644
--- /dev/null
+++ b/README.md
@@ -0,0 +1,44 @@
+# Amazon WAFV2 SDK
+
+* [Version](#version)
+* [Description](#description)
+* [Contribute](#contribute)
+* [Licence](#licence)
+
+
+## Version
+ 
+`2.0` - Derived from API version @2019-07-29@ of the AWS service descriptions, licensed under Apache 2.0.
+
+## Description
+
+Documentation is available via [Hackage](http://hackage.haskell.org/package/amazonka-wafv2)
+and the [AWS API Reference](https://aws.amazon.com/documentation/).
+
+The types from this library are intended to be used with [amazonka](http://hackage.haskell.org/package/amazonka),
+which provides mechanisms for specifying AuthN/AuthZ information, sending requests,
+and receiving responses.
+
+Lenses are used for constructing and manipulating types,
+due to the depth of nesting of AWS types and transparency regarding
+de/serialisation into more palatable Haskell values.
+The provided lenses should be compatible with any of the major lens libraries
+[lens](http://hackage.haskell.org/package/lens) or [lens-family-core](http://hackage.haskell.org/package/lens-family-core).
+
+See [Amazonka.WAFV2](http://hackage.haskell.org/package/amazonka-wafv2/docs/Amazonka-WAFV2.html)
+or [the AWS documentation](https://aws.amazon.com/documentation/) to get started.
+
+
+## Contribute
+
+For any problems, comments, or feedback please create an issue [here on GitHub](https://github.com/brendanhay/amazonka/issues).
+
+> _Note:_ this library is an auto-generated Haskell package. Please see `amazonka-gen` for more information.
+
+
+## Licence
+
+`amazonka-wafv2` is released under the [Mozilla Public License Version 2.0](http://www.mozilla.org/MPL/).
+
+Parts of the code are derived from AWS service descriptions, licensed under Apache 2.0.
+Source files subject to this contain an additional licensing clause in their header.
diff --git a/amazonka-wafv2.cabal b/amazonka-wafv2.cabal
new file mode 100644
--- /dev/null
+++ b/amazonka-wafv2.cabal
@@ -0,0 +1,250 @@
+cabal-version:      2.2
+name:               amazonka-wafv2
+version:            2.0
+synopsis:           Amazon WAFV2 SDK.
+homepage:           https://github.com/brendanhay/amazonka
+bug-reports:        https://github.com/brendanhay/amazonka/issues
+license:            MPL-2.0
+license-file:       LICENSE
+author:             Brendan Hay
+maintainer:
+  Brendan Hay <brendan.g.hay+amazonka@gmail.com>, Jack Kelly <jack@jackkelly.name>
+
+copyright:          Copyright (c) 2013-2023 Brendan Hay
+category:           AWS
+build-type:         Simple
+extra-source-files:
+  fixture/*.proto
+  fixture/*.yaml
+  README.md
+  src/.gitkeep
+
+description:
+  Derived from API version @2019-07-29@ of the AWS service descriptions, licensed under Apache 2.0.
+  .
+  The types from this library are intended to be used with <http://hackage.haskell.org/package/amazonka amazonka>,
+  which provides mechanisms for specifying AuthN/AuthZ information, sending requests, and receiving responses.
+  .
+  It is recommended to use generic lenses or optics from packages such as <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify optional fields and deconstruct responses.
+  .
+  Generated lenses can be found in "Amazonka.WAFV2.Lens" and are
+  suitable for use with a lens package such as <http://hackage.haskell.org/package/lens lens> or <http://hackage.haskell.org/package/lens-family-core lens-family-core>.
+  .
+  See "Amazonka.WAFV2" and the <https://aws.amazon.com/documentation/ AWS documentation> to get started.
+
+source-repository head
+  type:     git
+  location: git://github.com/brendanhay/amazonka.git
+  subdir:   amazonka-wafv2
+
+library
+  default-language: Haskell2010
+  hs-source-dirs:   src gen
+  ghc-options:
+    -Wall -fwarn-incomplete-uni-patterns
+    -fwarn-incomplete-record-updates -funbox-strict-fields
+
+  exposed-modules:
+    Amazonka.WAFV2
+    Amazonka.WAFV2.AssociateWebACL
+    Amazonka.WAFV2.CheckCapacity
+    Amazonka.WAFV2.CreateIPSet
+    Amazonka.WAFV2.CreateRegexPatternSet
+    Amazonka.WAFV2.CreateRuleGroup
+    Amazonka.WAFV2.CreateWebACL
+    Amazonka.WAFV2.DeleteFirewallManagerRuleGroups
+    Amazonka.WAFV2.DeleteIPSet
+    Amazonka.WAFV2.DeleteLoggingConfiguration
+    Amazonka.WAFV2.DeletePermissionPolicy
+    Amazonka.WAFV2.DeleteRegexPatternSet
+    Amazonka.WAFV2.DeleteRuleGroup
+    Amazonka.WAFV2.DeleteWebACL
+    Amazonka.WAFV2.DescribeManagedRuleGroup
+    Amazonka.WAFV2.DisassociateWebACL
+    Amazonka.WAFV2.GenerateMobileSdkReleaseUrl
+    Amazonka.WAFV2.GetIPSet
+    Amazonka.WAFV2.GetLoggingConfiguration
+    Amazonka.WAFV2.GetManagedRuleSet
+    Amazonka.WAFV2.GetMobileSdkRelease
+    Amazonka.WAFV2.GetPermissionPolicy
+    Amazonka.WAFV2.GetRateBasedStatementManagedKeys
+    Amazonka.WAFV2.GetRegexPatternSet
+    Amazonka.WAFV2.GetRuleGroup
+    Amazonka.WAFV2.GetSampledRequests
+    Amazonka.WAFV2.GetWebACL
+    Amazonka.WAFV2.GetWebACLForResource
+    Amazonka.WAFV2.Lens
+    Amazonka.WAFV2.ListAvailableManagedRuleGroups
+    Amazonka.WAFV2.ListAvailableManagedRuleGroupVersions
+    Amazonka.WAFV2.ListIPSets
+    Amazonka.WAFV2.ListLoggingConfigurations
+    Amazonka.WAFV2.ListManagedRuleSets
+    Amazonka.WAFV2.ListMobileSdkReleases
+    Amazonka.WAFV2.ListRegexPatternSets
+    Amazonka.WAFV2.ListResourcesForWebACL
+    Amazonka.WAFV2.ListRuleGroups
+    Amazonka.WAFV2.ListTagsForResource
+    Amazonka.WAFV2.ListWebACLs
+    Amazonka.WAFV2.PutLoggingConfiguration
+    Amazonka.WAFV2.PutManagedRuleSetVersions
+    Amazonka.WAFV2.PutPermissionPolicy
+    Amazonka.WAFV2.TagResource
+    Amazonka.WAFV2.Types
+    Amazonka.WAFV2.Types.ActionCondition
+    Amazonka.WAFV2.Types.ActionValue
+    Amazonka.WAFV2.Types.All
+    Amazonka.WAFV2.Types.AllowAction
+    Amazonka.WAFV2.Types.AllQueryArguments
+    Amazonka.WAFV2.Types.AndStatement
+    Amazonka.WAFV2.Types.AWSManagedRulesBotControlRuleSet
+    Amazonka.WAFV2.Types.BlockAction
+    Amazonka.WAFV2.Types.Body
+    Amazonka.WAFV2.Types.BodyParsingFallbackBehavior
+    Amazonka.WAFV2.Types.ByteMatchStatement
+    Amazonka.WAFV2.Types.CaptchaAction
+    Amazonka.WAFV2.Types.CaptchaConfig
+    Amazonka.WAFV2.Types.CaptchaResponse
+    Amazonka.WAFV2.Types.ChallengeAction
+    Amazonka.WAFV2.Types.ChallengeConfig
+    Amazonka.WAFV2.Types.ChallengeResponse
+    Amazonka.WAFV2.Types.ComparisonOperator
+    Amazonka.WAFV2.Types.Condition
+    Amazonka.WAFV2.Types.CookieMatchPattern
+    Amazonka.WAFV2.Types.Cookies
+    Amazonka.WAFV2.Types.CountAction
+    Amazonka.WAFV2.Types.CountryCode
+    Amazonka.WAFV2.Types.CustomHTTPHeader
+    Amazonka.WAFV2.Types.CustomRequestHandling
+    Amazonka.WAFV2.Types.CustomResponse
+    Amazonka.WAFV2.Types.CustomResponseBody
+    Amazonka.WAFV2.Types.DefaultAction
+    Amazonka.WAFV2.Types.ExcludedRule
+    Amazonka.WAFV2.Types.FailureReason
+    Amazonka.WAFV2.Types.FallbackBehavior
+    Amazonka.WAFV2.Types.FieldToMatch
+    Amazonka.WAFV2.Types.Filter
+    Amazonka.WAFV2.Types.FilterBehavior
+    Amazonka.WAFV2.Types.FilterRequirement
+    Amazonka.WAFV2.Types.FirewallManagerRuleGroup
+    Amazonka.WAFV2.Types.FirewallManagerStatement
+    Amazonka.WAFV2.Types.ForwardedIPConfig
+    Amazonka.WAFV2.Types.ForwardedIPPosition
+    Amazonka.WAFV2.Types.GeoMatchStatement
+    Amazonka.WAFV2.Types.HeaderMatchPattern
+    Amazonka.WAFV2.Types.Headers
+    Amazonka.WAFV2.Types.HTTPHeader
+    Amazonka.WAFV2.Types.HTTPRequest
+    Amazonka.WAFV2.Types.ImmunityTimeProperty
+    Amazonka.WAFV2.Types.InspectionLevel
+    Amazonka.WAFV2.Types.IPAddressVersion
+    Amazonka.WAFV2.Types.IPSet
+    Amazonka.WAFV2.Types.IPSetForwardedIPConfig
+    Amazonka.WAFV2.Types.IPSetReferenceStatement
+    Amazonka.WAFV2.Types.IPSetSummary
+    Amazonka.WAFV2.Types.JsonBody
+    Amazonka.WAFV2.Types.JsonMatchPattern
+    Amazonka.WAFV2.Types.JsonMatchScope
+    Amazonka.WAFV2.Types.Label
+    Amazonka.WAFV2.Types.LabelMatchScope
+    Amazonka.WAFV2.Types.LabelMatchStatement
+    Amazonka.WAFV2.Types.LabelNameCondition
+    Amazonka.WAFV2.Types.LabelSummary
+    Amazonka.WAFV2.Types.LoggingConfiguration
+    Amazonka.WAFV2.Types.LoggingFilter
+    Amazonka.WAFV2.Types.ManagedRuleGroupConfig
+    Amazonka.WAFV2.Types.ManagedRuleGroupStatement
+    Amazonka.WAFV2.Types.ManagedRuleGroupSummary
+    Amazonka.WAFV2.Types.ManagedRuleGroupVersion
+    Amazonka.WAFV2.Types.ManagedRuleSet
+    Amazonka.WAFV2.Types.ManagedRuleSetSummary
+    Amazonka.WAFV2.Types.ManagedRuleSetVersion
+    Amazonka.WAFV2.Types.MapMatchScope
+    Amazonka.WAFV2.Types.Method
+    Amazonka.WAFV2.Types.MobileSdkRelease
+    Amazonka.WAFV2.Types.NoneAction
+    Amazonka.WAFV2.Types.NotStatement
+    Amazonka.WAFV2.Types.OrStatement
+    Amazonka.WAFV2.Types.OverrideAction
+    Amazonka.WAFV2.Types.OversizeHandling
+    Amazonka.WAFV2.Types.PasswordField
+    Amazonka.WAFV2.Types.PayloadType
+    Amazonka.WAFV2.Types.Platform
+    Amazonka.WAFV2.Types.PositionalConstraint
+    Amazonka.WAFV2.Types.QueryString
+    Amazonka.WAFV2.Types.RateBasedStatement
+    Amazonka.WAFV2.Types.RateBasedStatementAggregateKeyType
+    Amazonka.WAFV2.Types.RateBasedStatementManagedKeysIPSet
+    Amazonka.WAFV2.Types.Regex
+    Amazonka.WAFV2.Types.RegexMatchStatement
+    Amazonka.WAFV2.Types.RegexPatternSet
+    Amazonka.WAFV2.Types.RegexPatternSetReferenceStatement
+    Amazonka.WAFV2.Types.RegexPatternSetSummary
+    Amazonka.WAFV2.Types.ReleaseSummary
+    Amazonka.WAFV2.Types.ResourceType
+    Amazonka.WAFV2.Types.ResponseContentType
+    Amazonka.WAFV2.Types.Rule
+    Amazonka.WAFV2.Types.RuleAction
+    Amazonka.WAFV2.Types.RuleActionOverride
+    Amazonka.WAFV2.Types.RuleGroup
+    Amazonka.WAFV2.Types.RuleGroupReferenceStatement
+    Amazonka.WAFV2.Types.RuleGroupSummary
+    Amazonka.WAFV2.Types.RuleSummary
+    Amazonka.WAFV2.Types.SampledHTTPRequest
+    Amazonka.WAFV2.Types.Scope
+    Amazonka.WAFV2.Types.SensitivityLevel
+    Amazonka.WAFV2.Types.SingleHeader
+    Amazonka.WAFV2.Types.SingleQueryArgument
+    Amazonka.WAFV2.Types.SizeConstraintStatement
+    Amazonka.WAFV2.Types.SqliMatchStatement
+    Amazonka.WAFV2.Types.Statement
+    Amazonka.WAFV2.Types.Tag
+    Amazonka.WAFV2.Types.TagInfoForResource
+    Amazonka.WAFV2.Types.TextTransformation
+    Amazonka.WAFV2.Types.TextTransformationType
+    Amazonka.WAFV2.Types.TimeWindow
+    Amazonka.WAFV2.Types.UriPath
+    Amazonka.WAFV2.Types.UsernameField
+    Amazonka.WAFV2.Types.VersionToPublish
+    Amazonka.WAFV2.Types.VisibilityConfig
+    Amazonka.WAFV2.Types.WebACL
+    Amazonka.WAFV2.Types.WebACLSummary
+    Amazonka.WAFV2.Types.XssMatchStatement
+    Amazonka.WAFV2.UntagResource
+    Amazonka.WAFV2.UpdateIPSet
+    Amazonka.WAFV2.UpdateManagedRuleSetVersionExpiryDate
+    Amazonka.WAFV2.UpdateRegexPatternSet
+    Amazonka.WAFV2.UpdateRuleGroup
+    Amazonka.WAFV2.UpdateWebACL
+    Amazonka.WAFV2.Waiters
+
+  build-depends:
+    , amazonka-core  >=2.0  && <2.1
+    , base           >=4.12 && <5
+
+test-suite amazonka-wafv2-test
+  type:             exitcode-stdio-1.0
+  default-language: Haskell2010
+  hs-source-dirs:   test
+  main-is:          Main.hs
+  ghc-options:      -Wall -threaded
+
+  -- This section is encoded by the template and any modules added by
+  -- hand outside these namespaces will not correctly be added to the
+  -- distribution package.
+  other-modules:
+    Test.Amazonka.Gen.WAFV2
+    Test.Amazonka.WAFV2
+    Test.Amazonka.WAFV2.Internal
+
+  build-depends:
+    , amazonka-core         >=2.0 && <2.1
+    , amazonka-test         >=2.0 && <2.1
+    , amazonka-wafv2
+    , base
+    , bytestring
+    , case-insensitive
+    , tasty
+    , tasty-hunit
+    , text
+    , time
+    , unordered-containers
diff --git a/fixture/AssociateWebACL.yaml b/fixture/AssociateWebACL.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/AssociateWebACL.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/AssociateWebACLResponse.proto b/fixture/AssociateWebACLResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/AssociateWebACLResponse.proto
diff --git a/fixture/CheckCapacity.yaml b/fixture/CheckCapacity.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CheckCapacity.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CheckCapacityResponse.proto b/fixture/CheckCapacityResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CheckCapacityResponse.proto
diff --git a/fixture/CreateIPSet.yaml b/fixture/CreateIPSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateIPSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateIPSetResponse.proto b/fixture/CreateIPSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateIPSetResponse.proto
diff --git a/fixture/CreateRegexPatternSet.yaml b/fixture/CreateRegexPatternSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateRegexPatternSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateRegexPatternSetResponse.proto b/fixture/CreateRegexPatternSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateRegexPatternSetResponse.proto
diff --git a/fixture/CreateRuleGroup.yaml b/fixture/CreateRuleGroup.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateRuleGroup.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateRuleGroupResponse.proto b/fixture/CreateRuleGroupResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateRuleGroupResponse.proto
diff --git a/fixture/CreateWebACL.yaml b/fixture/CreateWebACL.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/CreateWebACL.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/CreateWebACLResponse.proto b/fixture/CreateWebACLResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/CreateWebACLResponse.proto
diff --git a/fixture/DeleteFirewallManagerRuleGroups.yaml b/fixture/DeleteFirewallManagerRuleGroups.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteFirewallManagerRuleGroups.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteFirewallManagerRuleGroupsResponse.proto b/fixture/DeleteFirewallManagerRuleGroupsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteFirewallManagerRuleGroupsResponse.proto
diff --git a/fixture/DeleteIPSet.yaml b/fixture/DeleteIPSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteIPSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteIPSetResponse.proto b/fixture/DeleteIPSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteIPSetResponse.proto
diff --git a/fixture/DeleteLoggingConfiguration.yaml b/fixture/DeleteLoggingConfiguration.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteLoggingConfiguration.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteLoggingConfigurationResponse.proto b/fixture/DeleteLoggingConfigurationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteLoggingConfigurationResponse.proto
diff --git a/fixture/DeletePermissionPolicy.yaml b/fixture/DeletePermissionPolicy.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeletePermissionPolicy.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeletePermissionPolicyResponse.proto b/fixture/DeletePermissionPolicyResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeletePermissionPolicyResponse.proto
diff --git a/fixture/DeleteRegexPatternSet.yaml b/fixture/DeleteRegexPatternSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteRegexPatternSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteRegexPatternSetResponse.proto b/fixture/DeleteRegexPatternSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteRegexPatternSetResponse.proto
diff --git a/fixture/DeleteRuleGroup.yaml b/fixture/DeleteRuleGroup.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteRuleGroup.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteRuleGroupResponse.proto b/fixture/DeleteRuleGroupResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteRuleGroupResponse.proto
diff --git a/fixture/DeleteWebACL.yaml b/fixture/DeleteWebACL.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteWebACL.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DeleteWebACLResponse.proto b/fixture/DeleteWebACLResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DeleteWebACLResponse.proto
diff --git a/fixture/DescribeManagedRuleGroup.yaml b/fixture/DescribeManagedRuleGroup.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeManagedRuleGroup.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DescribeManagedRuleGroupResponse.proto b/fixture/DescribeManagedRuleGroupResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DescribeManagedRuleGroupResponse.proto
diff --git a/fixture/DisassociateWebACL.yaml b/fixture/DisassociateWebACL.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateWebACL.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/DisassociateWebACLResponse.proto b/fixture/DisassociateWebACLResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/DisassociateWebACLResponse.proto
diff --git a/fixture/GenerateMobileSdkReleaseUrl.yaml b/fixture/GenerateMobileSdkReleaseUrl.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GenerateMobileSdkReleaseUrl.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GenerateMobileSdkReleaseUrlResponse.proto b/fixture/GenerateMobileSdkReleaseUrlResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GenerateMobileSdkReleaseUrlResponse.proto
diff --git a/fixture/GetIPSet.yaml b/fixture/GetIPSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetIPSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetIPSetResponse.proto b/fixture/GetIPSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetIPSetResponse.proto
diff --git a/fixture/GetLoggingConfiguration.yaml b/fixture/GetLoggingConfiguration.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetLoggingConfiguration.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetLoggingConfigurationResponse.proto b/fixture/GetLoggingConfigurationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetLoggingConfigurationResponse.proto
diff --git a/fixture/GetManagedRuleSet.yaml b/fixture/GetManagedRuleSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetManagedRuleSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetManagedRuleSetResponse.proto b/fixture/GetManagedRuleSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetManagedRuleSetResponse.proto
diff --git a/fixture/GetMobileSdkRelease.yaml b/fixture/GetMobileSdkRelease.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetMobileSdkRelease.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetMobileSdkReleaseResponse.proto b/fixture/GetMobileSdkReleaseResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetMobileSdkReleaseResponse.proto
diff --git a/fixture/GetPermissionPolicy.yaml b/fixture/GetPermissionPolicy.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetPermissionPolicy.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetPermissionPolicyResponse.proto b/fixture/GetPermissionPolicyResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetPermissionPolicyResponse.proto
diff --git a/fixture/GetRateBasedStatementManagedKeys.yaml b/fixture/GetRateBasedStatementManagedKeys.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetRateBasedStatementManagedKeys.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetRateBasedStatementManagedKeysResponse.proto b/fixture/GetRateBasedStatementManagedKeysResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetRateBasedStatementManagedKeysResponse.proto
diff --git a/fixture/GetRegexPatternSet.yaml b/fixture/GetRegexPatternSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetRegexPatternSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetRegexPatternSetResponse.proto b/fixture/GetRegexPatternSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetRegexPatternSetResponse.proto
diff --git a/fixture/GetRuleGroup.yaml b/fixture/GetRuleGroup.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetRuleGroup.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetRuleGroupResponse.proto b/fixture/GetRuleGroupResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetRuleGroupResponse.proto
diff --git a/fixture/GetSampledRequests.yaml b/fixture/GetSampledRequests.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetSampledRequests.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetSampledRequestsResponse.proto b/fixture/GetSampledRequestsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetSampledRequestsResponse.proto
diff --git a/fixture/GetWebACL.yaml b/fixture/GetWebACL.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetWebACL.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetWebACLForResource.yaml b/fixture/GetWebACLForResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/GetWebACLForResource.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/GetWebACLForResourceResponse.proto b/fixture/GetWebACLForResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetWebACLForResourceResponse.proto
diff --git a/fixture/GetWebACLResponse.proto b/fixture/GetWebACLResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/GetWebACLResponse.proto
diff --git a/fixture/ListAvailableManagedRuleGroupVersions.yaml b/fixture/ListAvailableManagedRuleGroupVersions.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListAvailableManagedRuleGroupVersions.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListAvailableManagedRuleGroupVersionsResponse.proto b/fixture/ListAvailableManagedRuleGroupVersionsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListAvailableManagedRuleGroupVersionsResponse.proto
diff --git a/fixture/ListAvailableManagedRuleGroups.yaml b/fixture/ListAvailableManagedRuleGroups.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListAvailableManagedRuleGroups.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListAvailableManagedRuleGroupsResponse.proto b/fixture/ListAvailableManagedRuleGroupsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListAvailableManagedRuleGroupsResponse.proto
diff --git a/fixture/ListIPSets.yaml b/fixture/ListIPSets.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListIPSets.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListIPSetsResponse.proto b/fixture/ListIPSetsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListIPSetsResponse.proto
diff --git a/fixture/ListLoggingConfigurations.yaml b/fixture/ListLoggingConfigurations.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListLoggingConfigurations.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListLoggingConfigurationsResponse.proto b/fixture/ListLoggingConfigurationsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListLoggingConfigurationsResponse.proto
diff --git a/fixture/ListManagedRuleSets.yaml b/fixture/ListManagedRuleSets.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListManagedRuleSets.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListManagedRuleSetsResponse.proto b/fixture/ListManagedRuleSetsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListManagedRuleSetsResponse.proto
diff --git a/fixture/ListMobileSdkReleases.yaml b/fixture/ListMobileSdkReleases.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListMobileSdkReleases.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListMobileSdkReleasesResponse.proto b/fixture/ListMobileSdkReleasesResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListMobileSdkReleasesResponse.proto
diff --git a/fixture/ListRegexPatternSets.yaml b/fixture/ListRegexPatternSets.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListRegexPatternSets.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListRegexPatternSetsResponse.proto b/fixture/ListRegexPatternSetsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListRegexPatternSetsResponse.proto
diff --git a/fixture/ListResourcesForWebACL.yaml b/fixture/ListResourcesForWebACL.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListResourcesForWebACL.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListResourcesForWebACLResponse.proto b/fixture/ListResourcesForWebACLResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListResourcesForWebACLResponse.proto
diff --git a/fixture/ListRuleGroups.yaml b/fixture/ListRuleGroups.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListRuleGroups.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListRuleGroupsResponse.proto b/fixture/ListRuleGroupsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListRuleGroupsResponse.proto
diff --git a/fixture/ListTagsForResource.yaml b/fixture/ListTagsForResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListTagsForResource.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListTagsForResourceResponse.proto b/fixture/ListTagsForResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListTagsForResourceResponse.proto
diff --git a/fixture/ListWebACLs.yaml b/fixture/ListWebACLs.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/ListWebACLs.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/ListWebACLsResponse.proto b/fixture/ListWebACLsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/ListWebACLsResponse.proto
diff --git a/fixture/PutLoggingConfiguration.yaml b/fixture/PutLoggingConfiguration.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/PutLoggingConfiguration.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/PutLoggingConfigurationResponse.proto b/fixture/PutLoggingConfigurationResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/PutLoggingConfigurationResponse.proto
diff --git a/fixture/PutManagedRuleSetVersions.yaml b/fixture/PutManagedRuleSetVersions.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/PutManagedRuleSetVersions.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/PutManagedRuleSetVersionsResponse.proto b/fixture/PutManagedRuleSetVersionsResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/PutManagedRuleSetVersionsResponse.proto
diff --git a/fixture/PutPermissionPolicy.yaml b/fixture/PutPermissionPolicy.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/PutPermissionPolicy.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/PutPermissionPolicyResponse.proto b/fixture/PutPermissionPolicyResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/PutPermissionPolicyResponse.proto
diff --git a/fixture/TagResource.yaml b/fixture/TagResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/TagResource.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/TagResourceResponse.proto b/fixture/TagResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/TagResourceResponse.proto
diff --git a/fixture/UntagResource.yaml b/fixture/UntagResource.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UntagResource.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UntagResourceResponse.proto b/fixture/UntagResourceResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UntagResourceResponse.proto
diff --git a/fixture/UpdateIPSet.yaml b/fixture/UpdateIPSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateIPSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateIPSetResponse.proto b/fixture/UpdateIPSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateIPSetResponse.proto
diff --git a/fixture/UpdateManagedRuleSetVersionExpiryDate.yaml b/fixture/UpdateManagedRuleSetVersionExpiryDate.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateManagedRuleSetVersionExpiryDate.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateManagedRuleSetVersionExpiryDateResponse.proto b/fixture/UpdateManagedRuleSetVersionExpiryDateResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateManagedRuleSetVersionExpiryDateResponse.proto
diff --git a/fixture/UpdateRegexPatternSet.yaml b/fixture/UpdateRegexPatternSet.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateRegexPatternSet.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateRegexPatternSetResponse.proto b/fixture/UpdateRegexPatternSetResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateRegexPatternSetResponse.proto
diff --git a/fixture/UpdateRuleGroup.yaml b/fixture/UpdateRuleGroup.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateRuleGroup.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateRuleGroupResponse.proto b/fixture/UpdateRuleGroupResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateRuleGroupResponse.proto
diff --git a/fixture/UpdateWebACL.yaml b/fixture/UpdateWebACL.yaml
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateWebACL.yaml
@@ -0,0 +1,10 @@
+---
+method: POST
+headers:
+  Authorization:         AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/wafv2/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?
+  Host:                  wafv2.us-east-1.amazonaws.com
+  Content-Type:          application/x-www-form-urlencoded; charset=utf-8
+  X-Amz-Content-SHA256:  abcdef
+  X-Amz-Date:            20091028T223200Z
+body:
+  ''
diff --git a/fixture/UpdateWebACLResponse.proto b/fixture/UpdateWebACLResponse.proto
new file mode 100644
--- /dev/null
+++ b/fixture/UpdateWebACLResponse.proto
diff --git a/gen/Amazonka/WAFV2.hs b/gen/Amazonka/WAFV2.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2.hs
@@ -0,0 +1,971 @@
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Amazonka.WAFV2
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Derived from API version @2019-07-29@ of the AWS service descriptions, licensed under Apache 2.0.
+--
+-- WAF
+--
+-- This is the latest version of the __WAF__ API, released in November,
+-- 2019. The names of the entities that you use to access this API, like
+-- endpoints and namespaces, all have the versioning information added,
+-- like \"V2\" or \"v2\", to distinguish from the prior version. We
+-- recommend migrating your resources to this version, because it has a
+-- number of significant improvements.
+--
+-- If you used WAF prior to this release, you can\'t use this WAFV2 API to
+-- access any WAF resources that you created before. You can access your
+-- old rules, web ACLs, and other WAF resources only through the WAF
+-- Classic APIs. The WAF Classic APIs have retained the prior names,
+-- endpoints, and namespaces.
+--
+-- For information, including how to migrate your WAF resources to this
+-- version, see the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- WAF is a web application firewall that lets you monitor the HTTP and
+-- HTTPS requests that are forwarded to Amazon CloudFront, an Amazon API
+-- Gateway REST API, an Application Load Balancer, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool. WAF also lets you control access to your
+-- content. Based on conditions that you specify, such as the IP addresses
+-- that requests originate from or the values of query strings, the Amazon
+-- API Gateway REST API, CloudFront distribution, the Application Load
+-- Balancer, the AppSync GraphQL API, or the Amazon Cognito user pool
+-- responds to requests either with the requested content or with an HTTP
+-- 403 status code (Forbidden). You also can configure CloudFront to return
+-- a custom error page when a request is blocked.
+--
+-- This API guide is for developers who need detailed information about WAF
+-- API actions, data types, and errors. For detailed information about WAF
+-- features and an overview of how to use WAF, see the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html WAF Developer Guide>.
+--
+-- You can make calls using the endpoints listed in
+-- <https://docs.aws.amazon.com/general/latest/gr/waf.html WAF endpoints and quotas>.
+--
+-- -   For regional applications, you can use any of the endpoints in the
+--     list. A regional application can be an Application Load Balancer
+--     (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an
+--     Amazon Cognito user pool.
+--
+-- -   For Amazon CloudFront applications, you must use the API endpoint
+--     listed for US East (N. Virginia): us-east-1.
+--
+-- Alternatively, you can use one of the Amazon Web Services SDKs to access
+-- an API that\'s tailored to the programming language or platform that
+-- you\'re using. For more information, see
+-- <http://aws.amazon.com/tools/#SDKs Amazon Web Services SDKs>.
+--
+-- We currently provide two versions of the WAF API: this API and the prior
+-- versions, the classic WAF APIs. This new API provides the same
+-- functionality as the older versions, with the following major
+-- improvements:
+--
+-- -   You use one API for both global and regional applications. Where you
+--     need to distinguish the scope, you specify a @Scope@ parameter and
+--     set it to @CLOUDFRONT@ or @REGIONAL@.
+--
+-- -   You can define a web ACL or rule group with a single call, and
+--     update it with a single call. You define all rule specifications in
+--     JSON format, and pass them to your rule group or web ACL calls.
+--
+-- -   The limits WAF places on the use of rules more closely reflects the
+--     cost of running each type of rule. Rule groups include capacity
+--     settings, so you know the maximum cost of a rule group when you use
+--     it.
+module Amazonka.WAFV2
+  ( -- * Service Configuration
+    defaultService,
+
+    -- * Errors
+    -- $errors
+
+    -- ** WAFAssociatedItemException
+    _WAFAssociatedItemException,
+
+    -- ** WAFConfigurationWarningException
+    _WAFConfigurationWarningException,
+
+    -- ** WAFDuplicateItemException
+    _WAFDuplicateItemException,
+
+    -- ** WAFExpiredManagedRuleGroupVersionException
+    _WAFExpiredManagedRuleGroupVersionException,
+
+    -- ** WAFInternalErrorException
+    _WAFInternalErrorException,
+
+    -- ** WAFInvalidOperationException
+    _WAFInvalidOperationException,
+
+    -- ** WAFInvalidParameterException
+    _WAFInvalidParameterException,
+
+    -- ** WAFInvalidPermissionPolicyException
+    _WAFInvalidPermissionPolicyException,
+
+    -- ** WAFInvalidResourceException
+    _WAFInvalidResourceException,
+
+    -- ** WAFLimitsExceededException
+    _WAFLimitsExceededException,
+
+    -- ** WAFLogDestinationPermissionIssueException
+    _WAFLogDestinationPermissionIssueException,
+
+    -- ** WAFNonexistentItemException
+    _WAFNonexistentItemException,
+
+    -- ** WAFOptimisticLockException
+    _WAFOptimisticLockException,
+
+    -- ** WAFServiceLinkedRoleErrorException
+    _WAFServiceLinkedRoleErrorException,
+
+    -- ** WAFSubscriptionNotFoundException
+    _WAFSubscriptionNotFoundException,
+
+    -- ** WAFTagOperationException
+    _WAFTagOperationException,
+
+    -- ** WAFTagOperationInternalErrorException
+    _WAFTagOperationInternalErrorException,
+
+    -- ** WAFUnavailableEntityException
+    _WAFUnavailableEntityException,
+
+    -- * Waiters
+    -- $waiters
+
+    -- * Operations
+    -- $operations
+
+    -- ** AssociateWebACL
+    AssociateWebACL (AssociateWebACL'),
+    newAssociateWebACL,
+    AssociateWebACLResponse (AssociateWebACLResponse'),
+    newAssociateWebACLResponse,
+
+    -- ** CheckCapacity
+    CheckCapacity (CheckCapacity'),
+    newCheckCapacity,
+    CheckCapacityResponse (CheckCapacityResponse'),
+    newCheckCapacityResponse,
+
+    -- ** CreateIPSet
+    CreateIPSet (CreateIPSet'),
+    newCreateIPSet,
+    CreateIPSetResponse (CreateIPSetResponse'),
+    newCreateIPSetResponse,
+
+    -- ** CreateRegexPatternSet
+    CreateRegexPatternSet (CreateRegexPatternSet'),
+    newCreateRegexPatternSet,
+    CreateRegexPatternSetResponse (CreateRegexPatternSetResponse'),
+    newCreateRegexPatternSetResponse,
+
+    -- ** CreateRuleGroup
+    CreateRuleGroup (CreateRuleGroup'),
+    newCreateRuleGroup,
+    CreateRuleGroupResponse (CreateRuleGroupResponse'),
+    newCreateRuleGroupResponse,
+
+    -- ** CreateWebACL
+    CreateWebACL (CreateWebACL'),
+    newCreateWebACL,
+    CreateWebACLResponse (CreateWebACLResponse'),
+    newCreateWebACLResponse,
+
+    -- ** DeleteFirewallManagerRuleGroups
+    DeleteFirewallManagerRuleGroups (DeleteFirewallManagerRuleGroups'),
+    newDeleteFirewallManagerRuleGroups,
+    DeleteFirewallManagerRuleGroupsResponse (DeleteFirewallManagerRuleGroupsResponse'),
+    newDeleteFirewallManagerRuleGroupsResponse,
+
+    -- ** DeleteIPSet
+    DeleteIPSet (DeleteIPSet'),
+    newDeleteIPSet,
+    DeleteIPSetResponse (DeleteIPSetResponse'),
+    newDeleteIPSetResponse,
+
+    -- ** DeleteLoggingConfiguration
+    DeleteLoggingConfiguration (DeleteLoggingConfiguration'),
+    newDeleteLoggingConfiguration,
+    DeleteLoggingConfigurationResponse (DeleteLoggingConfigurationResponse'),
+    newDeleteLoggingConfigurationResponse,
+
+    -- ** DeletePermissionPolicy
+    DeletePermissionPolicy (DeletePermissionPolicy'),
+    newDeletePermissionPolicy,
+    DeletePermissionPolicyResponse (DeletePermissionPolicyResponse'),
+    newDeletePermissionPolicyResponse,
+
+    -- ** DeleteRegexPatternSet
+    DeleteRegexPatternSet (DeleteRegexPatternSet'),
+    newDeleteRegexPatternSet,
+    DeleteRegexPatternSetResponse (DeleteRegexPatternSetResponse'),
+    newDeleteRegexPatternSetResponse,
+
+    -- ** DeleteRuleGroup
+    DeleteRuleGroup (DeleteRuleGroup'),
+    newDeleteRuleGroup,
+    DeleteRuleGroupResponse (DeleteRuleGroupResponse'),
+    newDeleteRuleGroupResponse,
+
+    -- ** DeleteWebACL
+    DeleteWebACL (DeleteWebACL'),
+    newDeleteWebACL,
+    DeleteWebACLResponse (DeleteWebACLResponse'),
+    newDeleteWebACLResponse,
+
+    -- ** DescribeManagedRuleGroup
+    DescribeManagedRuleGroup (DescribeManagedRuleGroup'),
+    newDescribeManagedRuleGroup,
+    DescribeManagedRuleGroupResponse (DescribeManagedRuleGroupResponse'),
+    newDescribeManagedRuleGroupResponse,
+
+    -- ** DisassociateWebACL
+    DisassociateWebACL (DisassociateWebACL'),
+    newDisassociateWebACL,
+    DisassociateWebACLResponse (DisassociateWebACLResponse'),
+    newDisassociateWebACLResponse,
+
+    -- ** GenerateMobileSdkReleaseUrl
+    GenerateMobileSdkReleaseUrl (GenerateMobileSdkReleaseUrl'),
+    newGenerateMobileSdkReleaseUrl,
+    GenerateMobileSdkReleaseUrlResponse (GenerateMobileSdkReleaseUrlResponse'),
+    newGenerateMobileSdkReleaseUrlResponse,
+
+    -- ** GetIPSet
+    GetIPSet (GetIPSet'),
+    newGetIPSet,
+    GetIPSetResponse (GetIPSetResponse'),
+    newGetIPSetResponse,
+
+    -- ** GetLoggingConfiguration
+    GetLoggingConfiguration (GetLoggingConfiguration'),
+    newGetLoggingConfiguration,
+    GetLoggingConfigurationResponse (GetLoggingConfigurationResponse'),
+    newGetLoggingConfigurationResponse,
+
+    -- ** GetManagedRuleSet
+    GetManagedRuleSet (GetManagedRuleSet'),
+    newGetManagedRuleSet,
+    GetManagedRuleSetResponse (GetManagedRuleSetResponse'),
+    newGetManagedRuleSetResponse,
+
+    -- ** GetMobileSdkRelease
+    GetMobileSdkRelease (GetMobileSdkRelease'),
+    newGetMobileSdkRelease,
+    GetMobileSdkReleaseResponse (GetMobileSdkReleaseResponse'),
+    newGetMobileSdkReleaseResponse,
+
+    -- ** GetPermissionPolicy
+    GetPermissionPolicy (GetPermissionPolicy'),
+    newGetPermissionPolicy,
+    GetPermissionPolicyResponse (GetPermissionPolicyResponse'),
+    newGetPermissionPolicyResponse,
+
+    -- ** GetRateBasedStatementManagedKeys
+    GetRateBasedStatementManagedKeys (GetRateBasedStatementManagedKeys'),
+    newGetRateBasedStatementManagedKeys,
+    GetRateBasedStatementManagedKeysResponse (GetRateBasedStatementManagedKeysResponse'),
+    newGetRateBasedStatementManagedKeysResponse,
+
+    -- ** GetRegexPatternSet
+    GetRegexPatternSet (GetRegexPatternSet'),
+    newGetRegexPatternSet,
+    GetRegexPatternSetResponse (GetRegexPatternSetResponse'),
+    newGetRegexPatternSetResponse,
+
+    -- ** GetRuleGroup
+    GetRuleGroup (GetRuleGroup'),
+    newGetRuleGroup,
+    GetRuleGroupResponse (GetRuleGroupResponse'),
+    newGetRuleGroupResponse,
+
+    -- ** GetSampledRequests
+    GetSampledRequests (GetSampledRequests'),
+    newGetSampledRequests,
+    GetSampledRequestsResponse (GetSampledRequestsResponse'),
+    newGetSampledRequestsResponse,
+
+    -- ** GetWebACL
+    GetWebACL (GetWebACL'),
+    newGetWebACL,
+    GetWebACLResponse (GetWebACLResponse'),
+    newGetWebACLResponse,
+
+    -- ** GetWebACLForResource
+    GetWebACLForResource (GetWebACLForResource'),
+    newGetWebACLForResource,
+    GetWebACLForResourceResponse (GetWebACLForResourceResponse'),
+    newGetWebACLForResourceResponse,
+
+    -- ** ListAvailableManagedRuleGroupVersions
+    ListAvailableManagedRuleGroupVersions (ListAvailableManagedRuleGroupVersions'),
+    newListAvailableManagedRuleGroupVersions,
+    ListAvailableManagedRuleGroupVersionsResponse (ListAvailableManagedRuleGroupVersionsResponse'),
+    newListAvailableManagedRuleGroupVersionsResponse,
+
+    -- ** ListAvailableManagedRuleGroups
+    ListAvailableManagedRuleGroups (ListAvailableManagedRuleGroups'),
+    newListAvailableManagedRuleGroups,
+    ListAvailableManagedRuleGroupsResponse (ListAvailableManagedRuleGroupsResponse'),
+    newListAvailableManagedRuleGroupsResponse,
+
+    -- ** ListIPSets
+    ListIPSets (ListIPSets'),
+    newListIPSets,
+    ListIPSetsResponse (ListIPSetsResponse'),
+    newListIPSetsResponse,
+
+    -- ** ListLoggingConfigurations
+    ListLoggingConfigurations (ListLoggingConfigurations'),
+    newListLoggingConfigurations,
+    ListLoggingConfigurationsResponse (ListLoggingConfigurationsResponse'),
+    newListLoggingConfigurationsResponse,
+
+    -- ** ListManagedRuleSets
+    ListManagedRuleSets (ListManagedRuleSets'),
+    newListManagedRuleSets,
+    ListManagedRuleSetsResponse (ListManagedRuleSetsResponse'),
+    newListManagedRuleSetsResponse,
+
+    -- ** ListMobileSdkReleases
+    ListMobileSdkReleases (ListMobileSdkReleases'),
+    newListMobileSdkReleases,
+    ListMobileSdkReleasesResponse (ListMobileSdkReleasesResponse'),
+    newListMobileSdkReleasesResponse,
+
+    -- ** ListRegexPatternSets
+    ListRegexPatternSets (ListRegexPatternSets'),
+    newListRegexPatternSets,
+    ListRegexPatternSetsResponse (ListRegexPatternSetsResponse'),
+    newListRegexPatternSetsResponse,
+
+    -- ** ListResourcesForWebACL
+    ListResourcesForWebACL (ListResourcesForWebACL'),
+    newListResourcesForWebACL,
+    ListResourcesForWebACLResponse (ListResourcesForWebACLResponse'),
+    newListResourcesForWebACLResponse,
+
+    -- ** ListRuleGroups
+    ListRuleGroups (ListRuleGroups'),
+    newListRuleGroups,
+    ListRuleGroupsResponse (ListRuleGroupsResponse'),
+    newListRuleGroupsResponse,
+
+    -- ** ListTagsForResource
+    ListTagsForResource (ListTagsForResource'),
+    newListTagsForResource,
+    ListTagsForResourceResponse (ListTagsForResourceResponse'),
+    newListTagsForResourceResponse,
+
+    -- ** ListWebACLs
+    ListWebACLs (ListWebACLs'),
+    newListWebACLs,
+    ListWebACLsResponse (ListWebACLsResponse'),
+    newListWebACLsResponse,
+
+    -- ** PutLoggingConfiguration
+    PutLoggingConfiguration (PutLoggingConfiguration'),
+    newPutLoggingConfiguration,
+    PutLoggingConfigurationResponse (PutLoggingConfigurationResponse'),
+    newPutLoggingConfigurationResponse,
+
+    -- ** PutManagedRuleSetVersions
+    PutManagedRuleSetVersions (PutManagedRuleSetVersions'),
+    newPutManagedRuleSetVersions,
+    PutManagedRuleSetVersionsResponse (PutManagedRuleSetVersionsResponse'),
+    newPutManagedRuleSetVersionsResponse,
+
+    -- ** PutPermissionPolicy
+    PutPermissionPolicy (PutPermissionPolicy'),
+    newPutPermissionPolicy,
+    PutPermissionPolicyResponse (PutPermissionPolicyResponse'),
+    newPutPermissionPolicyResponse,
+
+    -- ** TagResource
+    TagResource (TagResource'),
+    newTagResource,
+    TagResourceResponse (TagResourceResponse'),
+    newTagResourceResponse,
+
+    -- ** UntagResource
+    UntagResource (UntagResource'),
+    newUntagResource,
+    UntagResourceResponse (UntagResourceResponse'),
+    newUntagResourceResponse,
+
+    -- ** UpdateIPSet
+    UpdateIPSet (UpdateIPSet'),
+    newUpdateIPSet,
+    UpdateIPSetResponse (UpdateIPSetResponse'),
+    newUpdateIPSetResponse,
+
+    -- ** UpdateManagedRuleSetVersionExpiryDate
+    UpdateManagedRuleSetVersionExpiryDate (UpdateManagedRuleSetVersionExpiryDate'),
+    newUpdateManagedRuleSetVersionExpiryDate,
+    UpdateManagedRuleSetVersionExpiryDateResponse (UpdateManagedRuleSetVersionExpiryDateResponse'),
+    newUpdateManagedRuleSetVersionExpiryDateResponse,
+
+    -- ** UpdateRegexPatternSet
+    UpdateRegexPatternSet (UpdateRegexPatternSet'),
+    newUpdateRegexPatternSet,
+    UpdateRegexPatternSetResponse (UpdateRegexPatternSetResponse'),
+    newUpdateRegexPatternSetResponse,
+
+    -- ** UpdateRuleGroup
+    UpdateRuleGroup (UpdateRuleGroup'),
+    newUpdateRuleGroup,
+    UpdateRuleGroupResponse (UpdateRuleGroupResponse'),
+    newUpdateRuleGroupResponse,
+
+    -- ** UpdateWebACL
+    UpdateWebACL (UpdateWebACL'),
+    newUpdateWebACL,
+    UpdateWebACLResponse (UpdateWebACLResponse'),
+    newUpdateWebACLResponse,
+
+    -- * Types
+
+    -- ** ActionValue
+    ActionValue (..),
+
+    -- ** BodyParsingFallbackBehavior
+    BodyParsingFallbackBehavior (..),
+
+    -- ** ComparisonOperator
+    ComparisonOperator (..),
+
+    -- ** CountryCode
+    CountryCode (..),
+
+    -- ** FailureReason
+    FailureReason (..),
+
+    -- ** FallbackBehavior
+    FallbackBehavior (..),
+
+    -- ** FilterBehavior
+    FilterBehavior (..),
+
+    -- ** FilterRequirement
+    FilterRequirement (..),
+
+    -- ** ForwardedIPPosition
+    ForwardedIPPosition (..),
+
+    -- ** IPAddressVersion
+    IPAddressVersion (..),
+
+    -- ** InspectionLevel
+    InspectionLevel (..),
+
+    -- ** JsonMatchScope
+    JsonMatchScope (..),
+
+    -- ** LabelMatchScope
+    LabelMatchScope (..),
+
+    -- ** MapMatchScope
+    MapMatchScope (..),
+
+    -- ** OversizeHandling
+    OversizeHandling (..),
+
+    -- ** PayloadType
+    PayloadType (..),
+
+    -- ** Platform
+    Platform (..),
+
+    -- ** PositionalConstraint
+    PositionalConstraint (..),
+
+    -- ** RateBasedStatementAggregateKeyType
+    RateBasedStatementAggregateKeyType (..),
+
+    -- ** ResourceType
+    ResourceType (..),
+
+    -- ** ResponseContentType
+    ResponseContentType (..),
+
+    -- ** Scope
+    Scope (..),
+
+    -- ** SensitivityLevel
+    SensitivityLevel (..),
+
+    -- ** TextTransformationType
+    TextTransformationType (..),
+
+    -- ** AWSManagedRulesBotControlRuleSet
+    AWSManagedRulesBotControlRuleSet (AWSManagedRulesBotControlRuleSet'),
+    newAWSManagedRulesBotControlRuleSet,
+
+    -- ** ActionCondition
+    ActionCondition (ActionCondition'),
+    newActionCondition,
+
+    -- ** All
+    All (All'),
+    newAll,
+
+    -- ** AllQueryArguments
+    AllQueryArguments (AllQueryArguments'),
+    newAllQueryArguments,
+
+    -- ** AllowAction
+    AllowAction (AllowAction'),
+    newAllowAction,
+
+    -- ** AndStatement
+    AndStatement (AndStatement'),
+    newAndStatement,
+
+    -- ** BlockAction
+    BlockAction (BlockAction'),
+    newBlockAction,
+
+    -- ** Body
+    Body (Body'),
+    newBody,
+
+    -- ** ByteMatchStatement
+    ByteMatchStatement (ByteMatchStatement'),
+    newByteMatchStatement,
+
+    -- ** CaptchaAction
+    CaptchaAction (CaptchaAction'),
+    newCaptchaAction,
+
+    -- ** CaptchaConfig
+    CaptchaConfig (CaptchaConfig'),
+    newCaptchaConfig,
+
+    -- ** CaptchaResponse
+    CaptchaResponse (CaptchaResponse'),
+    newCaptchaResponse,
+
+    -- ** ChallengeAction
+    ChallengeAction (ChallengeAction'),
+    newChallengeAction,
+
+    -- ** ChallengeConfig
+    ChallengeConfig (ChallengeConfig'),
+    newChallengeConfig,
+
+    -- ** ChallengeResponse
+    ChallengeResponse (ChallengeResponse'),
+    newChallengeResponse,
+
+    -- ** Condition
+    Condition (Condition'),
+    newCondition,
+
+    -- ** CookieMatchPattern
+    CookieMatchPattern (CookieMatchPattern'),
+    newCookieMatchPattern,
+
+    -- ** Cookies
+    Cookies (Cookies'),
+    newCookies,
+
+    -- ** CountAction
+    CountAction (CountAction'),
+    newCountAction,
+
+    -- ** CustomHTTPHeader
+    CustomHTTPHeader (CustomHTTPHeader'),
+    newCustomHTTPHeader,
+
+    -- ** CustomRequestHandling
+    CustomRequestHandling (CustomRequestHandling'),
+    newCustomRequestHandling,
+
+    -- ** CustomResponse
+    CustomResponse (CustomResponse'),
+    newCustomResponse,
+
+    -- ** CustomResponseBody
+    CustomResponseBody (CustomResponseBody'),
+    newCustomResponseBody,
+
+    -- ** DefaultAction
+    DefaultAction (DefaultAction'),
+    newDefaultAction,
+
+    -- ** ExcludedRule
+    ExcludedRule (ExcludedRule'),
+    newExcludedRule,
+
+    -- ** FieldToMatch
+    FieldToMatch (FieldToMatch'),
+    newFieldToMatch,
+
+    -- ** Filter
+    Filter (Filter'),
+    newFilter,
+
+    -- ** FirewallManagerRuleGroup
+    FirewallManagerRuleGroup (FirewallManagerRuleGroup'),
+    newFirewallManagerRuleGroup,
+
+    -- ** FirewallManagerStatement
+    FirewallManagerStatement (FirewallManagerStatement'),
+    newFirewallManagerStatement,
+
+    -- ** ForwardedIPConfig
+    ForwardedIPConfig (ForwardedIPConfig'),
+    newForwardedIPConfig,
+
+    -- ** GeoMatchStatement
+    GeoMatchStatement (GeoMatchStatement'),
+    newGeoMatchStatement,
+
+    -- ** HTTPHeader
+    HTTPHeader (HTTPHeader'),
+    newHTTPHeader,
+
+    -- ** HTTPRequest
+    HTTPRequest (HTTPRequest'),
+    newHTTPRequest,
+
+    -- ** HeaderMatchPattern
+    HeaderMatchPattern (HeaderMatchPattern'),
+    newHeaderMatchPattern,
+
+    -- ** Headers
+    Headers (Headers'),
+    newHeaders,
+
+    -- ** IPSet
+    IPSet (IPSet'),
+    newIPSet,
+
+    -- ** IPSetForwardedIPConfig
+    IPSetForwardedIPConfig (IPSetForwardedIPConfig'),
+    newIPSetForwardedIPConfig,
+
+    -- ** IPSetReferenceStatement
+    IPSetReferenceStatement (IPSetReferenceStatement'),
+    newIPSetReferenceStatement,
+
+    -- ** IPSetSummary
+    IPSetSummary (IPSetSummary'),
+    newIPSetSummary,
+
+    -- ** ImmunityTimeProperty
+    ImmunityTimeProperty (ImmunityTimeProperty'),
+    newImmunityTimeProperty,
+
+    -- ** JsonBody
+    JsonBody (JsonBody'),
+    newJsonBody,
+
+    -- ** JsonMatchPattern
+    JsonMatchPattern (JsonMatchPattern'),
+    newJsonMatchPattern,
+
+    -- ** Label
+    Label (Label'),
+    newLabel,
+
+    -- ** LabelMatchStatement
+    LabelMatchStatement (LabelMatchStatement'),
+    newLabelMatchStatement,
+
+    -- ** LabelNameCondition
+    LabelNameCondition (LabelNameCondition'),
+    newLabelNameCondition,
+
+    -- ** LabelSummary
+    LabelSummary (LabelSummary'),
+    newLabelSummary,
+
+    -- ** LoggingConfiguration
+    LoggingConfiguration (LoggingConfiguration'),
+    newLoggingConfiguration,
+
+    -- ** LoggingFilter
+    LoggingFilter (LoggingFilter'),
+    newLoggingFilter,
+
+    -- ** ManagedRuleGroupConfig
+    ManagedRuleGroupConfig (ManagedRuleGroupConfig'),
+    newManagedRuleGroupConfig,
+
+    -- ** ManagedRuleGroupStatement
+    ManagedRuleGroupStatement (ManagedRuleGroupStatement'),
+    newManagedRuleGroupStatement,
+
+    -- ** ManagedRuleGroupSummary
+    ManagedRuleGroupSummary (ManagedRuleGroupSummary'),
+    newManagedRuleGroupSummary,
+
+    -- ** ManagedRuleGroupVersion
+    ManagedRuleGroupVersion (ManagedRuleGroupVersion'),
+    newManagedRuleGroupVersion,
+
+    -- ** ManagedRuleSet
+    ManagedRuleSet (ManagedRuleSet'),
+    newManagedRuleSet,
+
+    -- ** ManagedRuleSetSummary
+    ManagedRuleSetSummary (ManagedRuleSetSummary'),
+    newManagedRuleSetSummary,
+
+    -- ** ManagedRuleSetVersion
+    ManagedRuleSetVersion (ManagedRuleSetVersion'),
+    newManagedRuleSetVersion,
+
+    -- ** Method
+    Method (Method'),
+    newMethod,
+
+    -- ** MobileSdkRelease
+    MobileSdkRelease (MobileSdkRelease'),
+    newMobileSdkRelease,
+
+    -- ** NoneAction
+    NoneAction (NoneAction'),
+    newNoneAction,
+
+    -- ** NotStatement
+    NotStatement (NotStatement'),
+    newNotStatement,
+
+    -- ** OrStatement
+    OrStatement (OrStatement'),
+    newOrStatement,
+
+    -- ** OverrideAction
+    OverrideAction (OverrideAction'),
+    newOverrideAction,
+
+    -- ** PasswordField
+    PasswordField (PasswordField'),
+    newPasswordField,
+
+    -- ** QueryString
+    QueryString (QueryString'),
+    newQueryString,
+
+    -- ** RateBasedStatement
+    RateBasedStatement (RateBasedStatement'),
+    newRateBasedStatement,
+
+    -- ** RateBasedStatementManagedKeysIPSet
+    RateBasedStatementManagedKeysIPSet (RateBasedStatementManagedKeysIPSet'),
+    newRateBasedStatementManagedKeysIPSet,
+
+    -- ** Regex
+    Regex (Regex'),
+    newRegex,
+
+    -- ** RegexMatchStatement
+    RegexMatchStatement (RegexMatchStatement'),
+    newRegexMatchStatement,
+
+    -- ** RegexPatternSet
+    RegexPatternSet (RegexPatternSet'),
+    newRegexPatternSet,
+
+    -- ** RegexPatternSetReferenceStatement
+    RegexPatternSetReferenceStatement (RegexPatternSetReferenceStatement'),
+    newRegexPatternSetReferenceStatement,
+
+    -- ** RegexPatternSetSummary
+    RegexPatternSetSummary (RegexPatternSetSummary'),
+    newRegexPatternSetSummary,
+
+    -- ** ReleaseSummary
+    ReleaseSummary (ReleaseSummary'),
+    newReleaseSummary,
+
+    -- ** Rule
+    Rule (Rule'),
+    newRule,
+
+    -- ** RuleAction
+    RuleAction (RuleAction'),
+    newRuleAction,
+
+    -- ** RuleActionOverride
+    RuleActionOverride (RuleActionOverride'),
+    newRuleActionOverride,
+
+    -- ** RuleGroup
+    RuleGroup (RuleGroup'),
+    newRuleGroup,
+
+    -- ** RuleGroupReferenceStatement
+    RuleGroupReferenceStatement (RuleGroupReferenceStatement'),
+    newRuleGroupReferenceStatement,
+
+    -- ** RuleGroupSummary
+    RuleGroupSummary (RuleGroupSummary'),
+    newRuleGroupSummary,
+
+    -- ** RuleSummary
+    RuleSummary (RuleSummary'),
+    newRuleSummary,
+
+    -- ** SampledHTTPRequest
+    SampledHTTPRequest (SampledHTTPRequest'),
+    newSampledHTTPRequest,
+
+    -- ** SingleHeader
+    SingleHeader (SingleHeader'),
+    newSingleHeader,
+
+    -- ** SingleQueryArgument
+    SingleQueryArgument (SingleQueryArgument'),
+    newSingleQueryArgument,
+
+    -- ** SizeConstraintStatement
+    SizeConstraintStatement (SizeConstraintStatement'),
+    newSizeConstraintStatement,
+
+    -- ** SqliMatchStatement
+    SqliMatchStatement (SqliMatchStatement'),
+    newSqliMatchStatement,
+
+    -- ** Statement
+    Statement (Statement'),
+    newStatement,
+
+    -- ** Tag
+    Tag (Tag'),
+    newTag,
+
+    -- ** TagInfoForResource
+    TagInfoForResource (TagInfoForResource'),
+    newTagInfoForResource,
+
+    -- ** TextTransformation
+    TextTransformation (TextTransformation'),
+    newTextTransformation,
+
+    -- ** TimeWindow
+    TimeWindow (TimeWindow'),
+    newTimeWindow,
+
+    -- ** UriPath
+    UriPath (UriPath'),
+    newUriPath,
+
+    -- ** UsernameField
+    UsernameField (UsernameField'),
+    newUsernameField,
+
+    -- ** VersionToPublish
+    VersionToPublish (VersionToPublish'),
+    newVersionToPublish,
+
+    -- ** VisibilityConfig
+    VisibilityConfig (VisibilityConfig'),
+    newVisibilityConfig,
+
+    -- ** WebACL
+    WebACL (WebACL'),
+    newWebACL,
+
+    -- ** WebACLSummary
+    WebACLSummary (WebACLSummary'),
+    newWebACLSummary,
+
+    -- ** XssMatchStatement
+    XssMatchStatement (XssMatchStatement'),
+    newXssMatchStatement,
+  )
+where
+
+import Amazonka.WAFV2.AssociateWebACL
+import Amazonka.WAFV2.CheckCapacity
+import Amazonka.WAFV2.CreateIPSet
+import Amazonka.WAFV2.CreateRegexPatternSet
+import Amazonka.WAFV2.CreateRuleGroup
+import Amazonka.WAFV2.CreateWebACL
+import Amazonka.WAFV2.DeleteFirewallManagerRuleGroups
+import Amazonka.WAFV2.DeleteIPSet
+import Amazonka.WAFV2.DeleteLoggingConfiguration
+import Amazonka.WAFV2.DeletePermissionPolicy
+import Amazonka.WAFV2.DeleteRegexPatternSet
+import Amazonka.WAFV2.DeleteRuleGroup
+import Amazonka.WAFV2.DeleteWebACL
+import Amazonka.WAFV2.DescribeManagedRuleGroup
+import Amazonka.WAFV2.DisassociateWebACL
+import Amazonka.WAFV2.GenerateMobileSdkReleaseUrl
+import Amazonka.WAFV2.GetIPSet
+import Amazonka.WAFV2.GetLoggingConfiguration
+import Amazonka.WAFV2.GetManagedRuleSet
+import Amazonka.WAFV2.GetMobileSdkRelease
+import Amazonka.WAFV2.GetPermissionPolicy
+import Amazonka.WAFV2.GetRateBasedStatementManagedKeys
+import Amazonka.WAFV2.GetRegexPatternSet
+import Amazonka.WAFV2.GetRuleGroup
+import Amazonka.WAFV2.GetSampledRequests
+import Amazonka.WAFV2.GetWebACL
+import Amazonka.WAFV2.GetWebACLForResource
+import Amazonka.WAFV2.Lens
+import Amazonka.WAFV2.ListAvailableManagedRuleGroupVersions
+import Amazonka.WAFV2.ListAvailableManagedRuleGroups
+import Amazonka.WAFV2.ListIPSets
+import Amazonka.WAFV2.ListLoggingConfigurations
+import Amazonka.WAFV2.ListManagedRuleSets
+import Amazonka.WAFV2.ListMobileSdkReleases
+import Amazonka.WAFV2.ListRegexPatternSets
+import Amazonka.WAFV2.ListResourcesForWebACL
+import Amazonka.WAFV2.ListRuleGroups
+import Amazonka.WAFV2.ListTagsForResource
+import Amazonka.WAFV2.ListWebACLs
+import Amazonka.WAFV2.PutLoggingConfiguration
+import Amazonka.WAFV2.PutManagedRuleSetVersions
+import Amazonka.WAFV2.PutPermissionPolicy
+import Amazonka.WAFV2.TagResource
+import Amazonka.WAFV2.Types
+import Amazonka.WAFV2.UntagResource
+import Amazonka.WAFV2.UpdateIPSet
+import Amazonka.WAFV2.UpdateManagedRuleSetVersionExpiryDate
+import Amazonka.WAFV2.UpdateRegexPatternSet
+import Amazonka.WAFV2.UpdateRuleGroup
+import Amazonka.WAFV2.UpdateWebACL
+import Amazonka.WAFV2.Waiters
+
+-- $errors
+-- Error matchers are designed for use with the functions provided by
+-- <http://hackage.haskell.org/package/lens/docs/Control-Exception-Lens.html Control.Exception.Lens>.
+-- This allows catching (and rethrowing) service specific errors returned
+-- by 'WAFV2'.
+
+-- $operations
+-- Some AWS operations return results that are incomplete and require subsequent
+-- requests in order to obtain the entire result set. The process of sending
+-- subsequent requests to continue where a previous request left off is called
+-- pagination. For example, the 'ListObjects' operation of Amazon S3 returns up to
+-- 1000 objects at a time, and you must send subsequent requests with the
+-- appropriate Marker in order to retrieve the next page of results.
+--
+-- Operations that have an 'AWSPager' instance can transparently perform subsequent
+-- requests, correctly setting Markers and other request facets to iterate through
+-- the entire result set of a truncated API operation. Operations which support
+-- this have an additional note in the documentation.
+--
+-- Many operations have the ability to filter results on the server side. See the
+-- individual operation parameters for details.
+
+-- $waiters
+-- Waiters poll by repeatedly sending a request until some remote success condition
+-- configured by the 'Wait' specification is fulfilled. The 'Wait' specification
+-- determines how many attempts should be made, in addition to delay and retry strategies.
diff --git a/gen/Amazonka/WAFV2/AssociateWebACL.hs b/gen/Amazonka/WAFV2/AssociateWebACL.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/AssociateWebACL.hs
@@ -0,0 +1,244 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.AssociateWebACL
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Associates a web ACL with a regional application resource, to protect
+-- the resource. A regional application can be an Application Load Balancer
+-- (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an
+-- Amazon Cognito user pool.
+--
+-- For Amazon CloudFront, don\'t use this call. Instead, use your
+-- CloudFront distribution configuration. To associate a web ACL, in the
+-- CloudFront call @UpdateDistribution@, set the web ACL ID to the Amazon
+-- Resource Name (ARN) of the web ACL. For information, see
+-- <https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html UpdateDistribution>.
+--
+-- When you make changes to web ACLs or web ACL components, like rules and
+-- rule groups, WAF propagates the changes everywhere that the web ACL and
+-- its components are stored and used. Your changes are applied within
+-- seconds, but there might be a brief period of inconsistency when the
+-- changes have arrived in some places and not in others. So, for example,
+-- if you change a rule action setting, the action might be the old action
+-- in one area and the new action in another area. Or if you add an IP
+-- address to an IP set used in a blocking rule, the new address might
+-- briefly be blocked in one area while still allowed in another. This
+-- temporary inconsistency can occur when you first associate a web ACL
+-- with an Amazon Web Services resource and when you change a web ACL that
+-- is already associated with a resource. Generally, any inconsistencies of
+-- this type last only a few seconds.
+module Amazonka.WAFV2.AssociateWebACL
+  ( -- * Creating a Request
+    AssociateWebACL (..),
+    newAssociateWebACL,
+
+    -- * Request Lenses
+    associateWebACL_webACLArn,
+    associateWebACL_resourceArn,
+
+    -- * Destructuring the Response
+    AssociateWebACLResponse (..),
+    newAssociateWebACLResponse,
+
+    -- * Response Lenses
+    associateWebACLResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newAssociateWebACL' smart constructor.
+data AssociateWebACL = AssociateWebACL'
+  { -- | The Amazon Resource Name (ARN) of the web ACL that you want to associate
+    -- with the resource.
+    webACLArn :: Prelude.Text,
+    -- | The Amazon Resource Name (ARN) of the resource to associate with the web
+    -- ACL.
+    --
+    -- The ARN must be in one of the following formats:
+    --
+    -- -   For an Application Load Balancer:
+    --     @arn:aws:elasticloadbalancing:@/@region@/@:@/@account-id@/@:loadbalancer\/app\/@/@load-balancer-name@/@\/@/@load-balancer-id@/@ @
+    --
+    -- -   For an Amazon API Gateway REST API:
+    --     @arn:aws:apigateway:@/@region@/@::\/restapis\/@/@api-id@/@\/stages\/@/@stage-name@/@ @
+    --
+    -- -   For an AppSync GraphQL API:
+    --     @arn:aws:appsync:@/@region@/@:@/@account-id@/@:apis\/@/@GraphQLApiId@/@ @
+    --
+    -- -   For an Amazon Cognito user pool:
+    --     @arn:aws:cognito-idp:@/@region@/@:@/@account-id@/@:userpool\/@/@user-pool-id@/@ @
+    resourceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AssociateWebACL' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'webACLArn', 'associateWebACL_webACLArn' - The Amazon Resource Name (ARN) of the web ACL that you want to associate
+-- with the resource.
+--
+-- 'resourceArn', 'associateWebACL_resourceArn' - The Amazon Resource Name (ARN) of the resource to associate with the web
+-- ACL.
+--
+-- The ARN must be in one of the following formats:
+--
+-- -   For an Application Load Balancer:
+--     @arn:aws:elasticloadbalancing:@/@region@/@:@/@account-id@/@:loadbalancer\/app\/@/@load-balancer-name@/@\/@/@load-balancer-id@/@ @
+--
+-- -   For an Amazon API Gateway REST API:
+--     @arn:aws:apigateway:@/@region@/@::\/restapis\/@/@api-id@/@\/stages\/@/@stage-name@/@ @
+--
+-- -   For an AppSync GraphQL API:
+--     @arn:aws:appsync:@/@region@/@:@/@account-id@/@:apis\/@/@GraphQLApiId@/@ @
+--
+-- -   For an Amazon Cognito user pool:
+--     @arn:aws:cognito-idp:@/@region@/@:@/@account-id@/@:userpool\/@/@user-pool-id@/@ @
+newAssociateWebACL ::
+  -- | 'webACLArn'
+  Prelude.Text ->
+  -- | 'resourceArn'
+  Prelude.Text ->
+  AssociateWebACL
+newAssociateWebACL pWebACLArn_ pResourceArn_ =
+  AssociateWebACL'
+    { webACLArn = pWebACLArn_,
+      resourceArn = pResourceArn_
+    }
+
+-- | The Amazon Resource Name (ARN) of the web ACL that you want to associate
+-- with the resource.
+associateWebACL_webACLArn :: Lens.Lens' AssociateWebACL Prelude.Text
+associateWebACL_webACLArn = Lens.lens (\AssociateWebACL' {webACLArn} -> webACLArn) (\s@AssociateWebACL' {} a -> s {webACLArn = a} :: AssociateWebACL)
+
+-- | The Amazon Resource Name (ARN) of the resource to associate with the web
+-- ACL.
+--
+-- The ARN must be in one of the following formats:
+--
+-- -   For an Application Load Balancer:
+--     @arn:aws:elasticloadbalancing:@/@region@/@:@/@account-id@/@:loadbalancer\/app\/@/@load-balancer-name@/@\/@/@load-balancer-id@/@ @
+--
+-- -   For an Amazon API Gateway REST API:
+--     @arn:aws:apigateway:@/@region@/@::\/restapis\/@/@api-id@/@\/stages\/@/@stage-name@/@ @
+--
+-- -   For an AppSync GraphQL API:
+--     @arn:aws:appsync:@/@region@/@:@/@account-id@/@:apis\/@/@GraphQLApiId@/@ @
+--
+-- -   For an Amazon Cognito user pool:
+--     @arn:aws:cognito-idp:@/@region@/@:@/@account-id@/@:userpool\/@/@user-pool-id@/@ @
+associateWebACL_resourceArn :: Lens.Lens' AssociateWebACL Prelude.Text
+associateWebACL_resourceArn = Lens.lens (\AssociateWebACL' {resourceArn} -> resourceArn) (\s@AssociateWebACL' {} a -> s {resourceArn = a} :: AssociateWebACL)
+
+instance Core.AWSRequest AssociateWebACL where
+  type
+    AWSResponse AssociateWebACL =
+      AssociateWebACLResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          AssociateWebACLResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable AssociateWebACL where
+  hashWithSalt _salt AssociateWebACL' {..} =
+    _salt
+      `Prelude.hashWithSalt` webACLArn
+      `Prelude.hashWithSalt` resourceArn
+
+instance Prelude.NFData AssociateWebACL where
+  rnf AssociateWebACL' {..} =
+    Prelude.rnf webACLArn
+      `Prelude.seq` Prelude.rnf resourceArn
+
+instance Data.ToHeaders AssociateWebACL where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.AssociateWebACL" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON AssociateWebACL where
+  toJSON AssociateWebACL' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("WebACLArn" Data..= webACLArn),
+            Prelude.Just ("ResourceArn" Data..= resourceArn)
+          ]
+      )
+
+instance Data.ToPath AssociateWebACL where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery AssociateWebACL where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newAssociateWebACLResponse' smart constructor.
+data AssociateWebACLResponse = AssociateWebACLResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AssociateWebACLResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'associateWebACLResponse_httpStatus' - The response's http status code.
+newAssociateWebACLResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  AssociateWebACLResponse
+newAssociateWebACLResponse pHttpStatus_ =
+  AssociateWebACLResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+associateWebACLResponse_httpStatus :: Lens.Lens' AssociateWebACLResponse Prelude.Int
+associateWebACLResponse_httpStatus = Lens.lens (\AssociateWebACLResponse' {httpStatus} -> httpStatus) (\s@AssociateWebACLResponse' {} a -> s {httpStatus = a} :: AssociateWebACLResponse)
+
+instance Prelude.NFData AssociateWebACLResponse where
+  rnf AssociateWebACLResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/CheckCapacity.hs b/gen/Amazonka/WAFV2/CheckCapacity.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/CheckCapacity.hs
@@ -0,0 +1,230 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.CheckCapacity
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns the web ACL capacity unit (WCU) requirements for a specified
+-- scope and set of rules. You can use this to check the capacity
+-- requirements for the rules you want to use in a RuleGroup or WebACL.
+--
+-- WAF uses WCUs to calculate and control the operating resources that are
+-- used to run your rules, rule groups, and web ACLs. WAF calculates
+-- capacity differently for each rule type, to reflect the relative cost of
+-- each rule. Simple rules that cost little to run use fewer WCUs than more
+-- complex rules that use more processing power. Rule group capacity is
+-- fixed at creation, which helps users plan their web ACL WCU usage when
+-- they use a rule group. The WCU limit for web ACLs is 1,500.
+module Amazonka.WAFV2.CheckCapacity
+  ( -- * Creating a Request
+    CheckCapacity (..),
+    newCheckCapacity,
+
+    -- * Request Lenses
+    checkCapacity_scope,
+    checkCapacity_rules,
+
+    -- * Destructuring the Response
+    CheckCapacityResponse (..),
+    newCheckCapacityResponse,
+
+    -- * Response Lenses
+    checkCapacityResponse_capacity,
+    checkCapacityResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newCheckCapacity' smart constructor.
+data CheckCapacity = CheckCapacity'
+  { -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope,
+    -- | An array of Rule that you\'re configuring to use in a rule group or web
+    -- ACL.
+    rules :: [Rule]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CheckCapacity' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'scope', 'checkCapacity_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+--
+-- 'rules', 'checkCapacity_rules' - An array of Rule that you\'re configuring to use in a rule group or web
+-- ACL.
+newCheckCapacity ::
+  -- | 'scope'
+  Scope ->
+  CheckCapacity
+newCheckCapacity pScope_ =
+  CheckCapacity'
+    { scope = pScope_,
+      rules = Prelude.mempty
+    }
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+checkCapacity_scope :: Lens.Lens' CheckCapacity Scope
+checkCapacity_scope = Lens.lens (\CheckCapacity' {scope} -> scope) (\s@CheckCapacity' {} a -> s {scope = a} :: CheckCapacity)
+
+-- | An array of Rule that you\'re configuring to use in a rule group or web
+-- ACL.
+checkCapacity_rules :: Lens.Lens' CheckCapacity [Rule]
+checkCapacity_rules = Lens.lens (\CheckCapacity' {rules} -> rules) (\s@CheckCapacity' {} a -> s {rules = a} :: CheckCapacity) Prelude.. Lens.coerced
+
+instance Core.AWSRequest CheckCapacity where
+  type
+    AWSResponse CheckCapacity =
+      CheckCapacityResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CheckCapacityResponse'
+            Prelude.<$> (x Data..?> "Capacity")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable CheckCapacity where
+  hashWithSalt _salt CheckCapacity' {..} =
+    _salt
+      `Prelude.hashWithSalt` scope
+      `Prelude.hashWithSalt` rules
+
+instance Prelude.NFData CheckCapacity where
+  rnf CheckCapacity' {..} =
+    Prelude.rnf scope `Prelude.seq` Prelude.rnf rules
+
+instance Data.ToHeaders CheckCapacity where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.CheckCapacity" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CheckCapacity where
+  toJSON CheckCapacity' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Scope" Data..= scope),
+            Prelude.Just ("Rules" Data..= rules)
+          ]
+      )
+
+instance Data.ToPath CheckCapacity where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery CheckCapacity where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCheckCapacityResponse' smart constructor.
+data CheckCapacityResponse = CheckCapacityResponse'
+  { -- | The capacity required by the rules and scope.
+    capacity :: Prelude.Maybe Prelude.Natural,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CheckCapacityResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'capacity', 'checkCapacityResponse_capacity' - The capacity required by the rules and scope.
+--
+-- 'httpStatus', 'checkCapacityResponse_httpStatus' - The response's http status code.
+newCheckCapacityResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CheckCapacityResponse
+newCheckCapacityResponse pHttpStatus_ =
+  CheckCapacityResponse'
+    { capacity = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The capacity required by the rules and scope.
+checkCapacityResponse_capacity :: Lens.Lens' CheckCapacityResponse (Prelude.Maybe Prelude.Natural)
+checkCapacityResponse_capacity = Lens.lens (\CheckCapacityResponse' {capacity} -> capacity) (\s@CheckCapacityResponse' {} a -> s {capacity = a} :: CheckCapacityResponse)
+
+-- | The response's http status code.
+checkCapacityResponse_httpStatus :: Lens.Lens' CheckCapacityResponse Prelude.Int
+checkCapacityResponse_httpStatus = Lens.lens (\CheckCapacityResponse' {httpStatus} -> httpStatus) (\s@CheckCapacityResponse' {} a -> s {httpStatus = a} :: CheckCapacityResponse)
+
+instance Prelude.NFData CheckCapacityResponse where
+  rnf CheckCapacityResponse' {..} =
+    Prelude.rnf capacity
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/CreateIPSet.hs b/gen/Amazonka/WAFV2/CreateIPSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/CreateIPSet.hs
@@ -0,0 +1,394 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.CreateIPSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates an IPSet, which you use to identify web requests that originate
+-- from specific IP addresses or ranges of IP addresses. For example, if
+-- you\'re receiving a lot of requests from a ranges of IP addresses, you
+-- can configure WAF to block them using an IPSet that lists those IP
+-- addresses.
+module Amazonka.WAFV2.CreateIPSet
+  ( -- * Creating a Request
+    CreateIPSet (..),
+    newCreateIPSet,
+
+    -- * Request Lenses
+    createIPSet_description,
+    createIPSet_tags,
+    createIPSet_name,
+    createIPSet_scope,
+    createIPSet_iPAddressVersion,
+    createIPSet_addresses,
+
+    -- * Destructuring the Response
+    CreateIPSetResponse (..),
+    newCreateIPSetResponse,
+
+    -- * Response Lenses
+    createIPSetResponse_summary,
+    createIPSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newCreateIPSet' smart constructor.
+data CreateIPSet = CreateIPSet'
+  { -- | A description of the IP set that helps with identification.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | An array of key:value pairs to associate with the resource.
+    tags :: Prelude.Maybe (Prelude.NonEmpty Tag),
+    -- | The name of the IP set. You cannot change the name of an @IPSet@ after
+    -- you create it.
+    name :: Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope,
+    -- | The version of the IP addresses, either @IPV4@ or @IPV6@.
+    iPAddressVersion :: IPAddressVersion,
+    -- | Contains an array of strings that specifies zero or more IP addresses or
+    -- blocks of IP addresses. All addresses must be specified using Classless
+    -- Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6
+    -- CIDR ranges except for @\/0@.
+    --
+    -- Example address strings:
+    --
+    -- -   To configure WAF to allow, block, or count requests that originated
+    --     from the IP address 192.0.2.44, specify @192.0.2.44\/32@.
+    --
+    -- -   To configure WAF to allow, block, or count requests that originated
+    --     from IP addresses from 192.0.2.0 to 192.0.2.255, specify
+    --     @192.0.2.0\/24@.
+    --
+    -- -   To configure WAF to allow, block, or count requests that originated
+    --     from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify
+    --     @1111:0000:0000:0000:0000:0000:0000:0111\/128@.
+    --
+    -- -   To configure WAF to allow, block, or count requests that originated
+    --     from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to
+    --     1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
+    --     @1111:0000:0000:0000:0000:0000:0000:0000\/64@.
+    --
+    -- For more information about CIDR notation, see the Wikipedia entry
+    -- <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing Classless Inter-Domain Routing>.
+    --
+    -- Example JSON @Addresses@ specifications:
+    --
+    -- -   Empty array: @\"Addresses\": []@
+    --
+    -- -   Array with one address: @\"Addresses\": [\"192.0.2.44\/32\"]@
+    --
+    -- -   Array with three addresses:
+    --     @\"Addresses\": [\"192.0.2.44\/32\", \"192.0.2.0\/24\", \"192.0.0.0\/16\"]@
+    --
+    -- -   INVALID specification: @\"Addresses\": [\"\"]@ INVALID
+    addresses :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateIPSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'description', 'createIPSet_description' - A description of the IP set that helps with identification.
+--
+-- 'tags', 'createIPSet_tags' - An array of key:value pairs to associate with the resource.
+--
+-- 'name', 'createIPSet_name' - The name of the IP set. You cannot change the name of an @IPSet@ after
+-- you create it.
+--
+-- 'scope', 'createIPSet_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+--
+-- 'iPAddressVersion', 'createIPSet_iPAddressVersion' - The version of the IP addresses, either @IPV4@ or @IPV6@.
+--
+-- 'addresses', 'createIPSet_addresses' - Contains an array of strings that specifies zero or more IP addresses or
+-- blocks of IP addresses. All addresses must be specified using Classless
+-- Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6
+-- CIDR ranges except for @\/0@.
+--
+-- Example address strings:
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from the IP address 192.0.2.44, specify @192.0.2.44\/32@.
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from IP addresses from 192.0.2.0 to 192.0.2.255, specify
+--     @192.0.2.0\/24@.
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify
+--     @1111:0000:0000:0000:0000:0000:0000:0111\/128@.
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to
+--     1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
+--     @1111:0000:0000:0000:0000:0000:0000:0000\/64@.
+--
+-- For more information about CIDR notation, see the Wikipedia entry
+-- <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing Classless Inter-Domain Routing>.
+--
+-- Example JSON @Addresses@ specifications:
+--
+-- -   Empty array: @\"Addresses\": []@
+--
+-- -   Array with one address: @\"Addresses\": [\"192.0.2.44\/32\"]@
+--
+-- -   Array with three addresses:
+--     @\"Addresses\": [\"192.0.2.44\/32\", \"192.0.2.0\/24\", \"192.0.0.0\/16\"]@
+--
+-- -   INVALID specification: @\"Addresses\": [\"\"]@ INVALID
+newCreateIPSet ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'scope'
+  Scope ->
+  -- | 'iPAddressVersion'
+  IPAddressVersion ->
+  CreateIPSet
+newCreateIPSet pName_ pScope_ pIPAddressVersion_ =
+  CreateIPSet'
+    { description = Prelude.Nothing,
+      tags = Prelude.Nothing,
+      name = pName_,
+      scope = pScope_,
+      iPAddressVersion = pIPAddressVersion_,
+      addresses = Prelude.mempty
+    }
+
+-- | A description of the IP set that helps with identification.
+createIPSet_description :: Lens.Lens' CreateIPSet (Prelude.Maybe Prelude.Text)
+createIPSet_description = Lens.lens (\CreateIPSet' {description} -> description) (\s@CreateIPSet' {} a -> s {description = a} :: CreateIPSet)
+
+-- | An array of key:value pairs to associate with the resource.
+createIPSet_tags :: Lens.Lens' CreateIPSet (Prelude.Maybe (Prelude.NonEmpty Tag))
+createIPSet_tags = Lens.lens (\CreateIPSet' {tags} -> tags) (\s@CreateIPSet' {} a -> s {tags = a} :: CreateIPSet) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the IP set. You cannot change the name of an @IPSet@ after
+-- you create it.
+createIPSet_name :: Lens.Lens' CreateIPSet Prelude.Text
+createIPSet_name = Lens.lens (\CreateIPSet' {name} -> name) (\s@CreateIPSet' {} a -> s {name = a} :: CreateIPSet)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+createIPSet_scope :: Lens.Lens' CreateIPSet Scope
+createIPSet_scope = Lens.lens (\CreateIPSet' {scope} -> scope) (\s@CreateIPSet' {} a -> s {scope = a} :: CreateIPSet)
+
+-- | The version of the IP addresses, either @IPV4@ or @IPV6@.
+createIPSet_iPAddressVersion :: Lens.Lens' CreateIPSet IPAddressVersion
+createIPSet_iPAddressVersion = Lens.lens (\CreateIPSet' {iPAddressVersion} -> iPAddressVersion) (\s@CreateIPSet' {} a -> s {iPAddressVersion = a} :: CreateIPSet)
+
+-- | Contains an array of strings that specifies zero or more IP addresses or
+-- blocks of IP addresses. All addresses must be specified using Classless
+-- Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6
+-- CIDR ranges except for @\/0@.
+--
+-- Example address strings:
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from the IP address 192.0.2.44, specify @192.0.2.44\/32@.
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from IP addresses from 192.0.2.0 to 192.0.2.255, specify
+--     @192.0.2.0\/24@.
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify
+--     @1111:0000:0000:0000:0000:0000:0000:0111\/128@.
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to
+--     1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
+--     @1111:0000:0000:0000:0000:0000:0000:0000\/64@.
+--
+-- For more information about CIDR notation, see the Wikipedia entry
+-- <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing Classless Inter-Domain Routing>.
+--
+-- Example JSON @Addresses@ specifications:
+--
+-- -   Empty array: @\"Addresses\": []@
+--
+-- -   Array with one address: @\"Addresses\": [\"192.0.2.44\/32\"]@
+--
+-- -   Array with three addresses:
+--     @\"Addresses\": [\"192.0.2.44\/32\", \"192.0.2.0\/24\", \"192.0.0.0\/16\"]@
+--
+-- -   INVALID specification: @\"Addresses\": [\"\"]@ INVALID
+createIPSet_addresses :: Lens.Lens' CreateIPSet [Prelude.Text]
+createIPSet_addresses = Lens.lens (\CreateIPSet' {addresses} -> addresses) (\s@CreateIPSet' {} a -> s {addresses = a} :: CreateIPSet) Prelude.. Lens.coerced
+
+instance Core.AWSRequest CreateIPSet where
+  type AWSResponse CreateIPSet = CreateIPSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateIPSetResponse'
+            Prelude.<$> (x Data..?> "Summary")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable CreateIPSet where
+  hashWithSalt _salt CreateIPSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` scope
+      `Prelude.hashWithSalt` iPAddressVersion
+      `Prelude.hashWithSalt` addresses
+
+instance Prelude.NFData CreateIPSet where
+  rnf CreateIPSet' {..} =
+    Prelude.rnf description
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf scope
+      `Prelude.seq` Prelude.rnf iPAddressVersion
+      `Prelude.seq` Prelude.rnf addresses
+
+instance Data.ToHeaders CreateIPSet where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.CreateIPSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateIPSet where
+  toJSON CreateIPSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Description" Data..=) Prelude.<$> description,
+            ("Tags" Data..=) Prelude.<$> tags,
+            Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Scope" Data..= scope),
+            Prelude.Just
+              ("IPAddressVersion" Data..= iPAddressVersion),
+            Prelude.Just ("Addresses" Data..= addresses)
+          ]
+      )
+
+instance Data.ToPath CreateIPSet where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery CreateIPSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateIPSetResponse' smart constructor.
+data CreateIPSetResponse = CreateIPSetResponse'
+  { -- | High-level information about an IPSet, returned by operations like
+    -- create and list. This provides information like the ID, that you can use
+    -- to retrieve and manage an @IPSet@, and the ARN, that you provide to the
+    -- IPSetReferenceStatement to use the address set in a Rule.
+    summary :: Prelude.Maybe IPSetSummary,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateIPSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'summary', 'createIPSetResponse_summary' - High-level information about an IPSet, returned by operations like
+-- create and list. This provides information like the ID, that you can use
+-- to retrieve and manage an @IPSet@, and the ARN, that you provide to the
+-- IPSetReferenceStatement to use the address set in a Rule.
+--
+-- 'httpStatus', 'createIPSetResponse_httpStatus' - The response's http status code.
+newCreateIPSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreateIPSetResponse
+newCreateIPSetResponse pHttpStatus_ =
+  CreateIPSetResponse'
+    { summary = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | High-level information about an IPSet, returned by operations like
+-- create and list. This provides information like the ID, that you can use
+-- to retrieve and manage an @IPSet@, and the ARN, that you provide to the
+-- IPSetReferenceStatement to use the address set in a Rule.
+createIPSetResponse_summary :: Lens.Lens' CreateIPSetResponse (Prelude.Maybe IPSetSummary)
+createIPSetResponse_summary = Lens.lens (\CreateIPSetResponse' {summary} -> summary) (\s@CreateIPSetResponse' {} a -> s {summary = a} :: CreateIPSetResponse)
+
+-- | The response's http status code.
+createIPSetResponse_httpStatus :: Lens.Lens' CreateIPSetResponse Prelude.Int
+createIPSetResponse_httpStatus = Lens.lens (\CreateIPSetResponse' {httpStatus} -> httpStatus) (\s@CreateIPSetResponse' {} a -> s {httpStatus = a} :: CreateIPSetResponse)
+
+instance Prelude.NFData CreateIPSetResponse where
+  rnf CreateIPSetResponse' {..} =
+    Prelude.rnf summary
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/CreateRegexPatternSet.hs b/gen/Amazonka/WAFV2/CreateRegexPatternSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/CreateRegexPatternSet.hs
@@ -0,0 +1,281 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.CreateRegexPatternSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates a RegexPatternSet, which you reference in a
+-- RegexPatternSetReferenceStatement, to have WAF inspect a web request
+-- component for the specified patterns.
+module Amazonka.WAFV2.CreateRegexPatternSet
+  ( -- * Creating a Request
+    CreateRegexPatternSet (..),
+    newCreateRegexPatternSet,
+
+    -- * Request Lenses
+    createRegexPatternSet_description,
+    createRegexPatternSet_tags,
+    createRegexPatternSet_name,
+    createRegexPatternSet_scope,
+    createRegexPatternSet_regularExpressionList,
+
+    -- * Destructuring the Response
+    CreateRegexPatternSetResponse (..),
+    newCreateRegexPatternSetResponse,
+
+    -- * Response Lenses
+    createRegexPatternSetResponse_summary,
+    createRegexPatternSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newCreateRegexPatternSet' smart constructor.
+data CreateRegexPatternSet = CreateRegexPatternSet'
+  { -- | A description of the set that helps with identification.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | An array of key:value pairs to associate with the resource.
+    tags :: Prelude.Maybe (Prelude.NonEmpty Tag),
+    -- | The name of the set. You cannot change the name after you create the
+    -- set.
+    name :: Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope,
+    -- | Array of regular expression strings.
+    regularExpressionList :: [Regex]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateRegexPatternSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'description', 'createRegexPatternSet_description' - A description of the set that helps with identification.
+--
+-- 'tags', 'createRegexPatternSet_tags' - An array of key:value pairs to associate with the resource.
+--
+-- 'name', 'createRegexPatternSet_name' - The name of the set. You cannot change the name after you create the
+-- set.
+--
+-- 'scope', 'createRegexPatternSet_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+--
+-- 'regularExpressionList', 'createRegexPatternSet_regularExpressionList' - Array of regular expression strings.
+newCreateRegexPatternSet ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'scope'
+  Scope ->
+  CreateRegexPatternSet
+newCreateRegexPatternSet pName_ pScope_ =
+  CreateRegexPatternSet'
+    { description =
+        Prelude.Nothing,
+      tags = Prelude.Nothing,
+      name = pName_,
+      scope = pScope_,
+      regularExpressionList = Prelude.mempty
+    }
+
+-- | A description of the set that helps with identification.
+createRegexPatternSet_description :: Lens.Lens' CreateRegexPatternSet (Prelude.Maybe Prelude.Text)
+createRegexPatternSet_description = Lens.lens (\CreateRegexPatternSet' {description} -> description) (\s@CreateRegexPatternSet' {} a -> s {description = a} :: CreateRegexPatternSet)
+
+-- | An array of key:value pairs to associate with the resource.
+createRegexPatternSet_tags :: Lens.Lens' CreateRegexPatternSet (Prelude.Maybe (Prelude.NonEmpty Tag))
+createRegexPatternSet_tags = Lens.lens (\CreateRegexPatternSet' {tags} -> tags) (\s@CreateRegexPatternSet' {} a -> s {tags = a} :: CreateRegexPatternSet) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the set. You cannot change the name after you create the
+-- set.
+createRegexPatternSet_name :: Lens.Lens' CreateRegexPatternSet Prelude.Text
+createRegexPatternSet_name = Lens.lens (\CreateRegexPatternSet' {name} -> name) (\s@CreateRegexPatternSet' {} a -> s {name = a} :: CreateRegexPatternSet)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+createRegexPatternSet_scope :: Lens.Lens' CreateRegexPatternSet Scope
+createRegexPatternSet_scope = Lens.lens (\CreateRegexPatternSet' {scope} -> scope) (\s@CreateRegexPatternSet' {} a -> s {scope = a} :: CreateRegexPatternSet)
+
+-- | Array of regular expression strings.
+createRegexPatternSet_regularExpressionList :: Lens.Lens' CreateRegexPatternSet [Regex]
+createRegexPatternSet_regularExpressionList = Lens.lens (\CreateRegexPatternSet' {regularExpressionList} -> regularExpressionList) (\s@CreateRegexPatternSet' {} a -> s {regularExpressionList = a} :: CreateRegexPatternSet) Prelude.. Lens.coerced
+
+instance Core.AWSRequest CreateRegexPatternSet where
+  type
+    AWSResponse CreateRegexPatternSet =
+      CreateRegexPatternSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateRegexPatternSetResponse'
+            Prelude.<$> (x Data..?> "Summary")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable CreateRegexPatternSet where
+  hashWithSalt _salt CreateRegexPatternSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` scope
+      `Prelude.hashWithSalt` regularExpressionList
+
+instance Prelude.NFData CreateRegexPatternSet where
+  rnf CreateRegexPatternSet' {..} =
+    Prelude.rnf description
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf scope
+      `Prelude.seq` Prelude.rnf regularExpressionList
+
+instance Data.ToHeaders CreateRegexPatternSet where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.CreateRegexPatternSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateRegexPatternSet where
+  toJSON CreateRegexPatternSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Description" Data..=) Prelude.<$> description,
+            ("Tags" Data..=) Prelude.<$> tags,
+            Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Scope" Data..= scope),
+            Prelude.Just
+              ( "RegularExpressionList"
+                  Data..= regularExpressionList
+              )
+          ]
+      )
+
+instance Data.ToPath CreateRegexPatternSet where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery CreateRegexPatternSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateRegexPatternSetResponse' smart constructor.
+data CreateRegexPatternSetResponse = CreateRegexPatternSetResponse'
+  { -- | High-level information about a RegexPatternSet, returned by operations
+    -- like create and list. This provides information like the ID, that you
+    -- can use to retrieve and manage a @RegexPatternSet@, and the ARN, that
+    -- you provide to the RegexPatternSetReferenceStatement to use the pattern
+    -- set in a Rule.
+    summary :: Prelude.Maybe RegexPatternSetSummary,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateRegexPatternSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'summary', 'createRegexPatternSetResponse_summary' - High-level information about a RegexPatternSet, returned by operations
+-- like create and list. This provides information like the ID, that you
+-- can use to retrieve and manage a @RegexPatternSet@, and the ARN, that
+-- you provide to the RegexPatternSetReferenceStatement to use the pattern
+-- set in a Rule.
+--
+-- 'httpStatus', 'createRegexPatternSetResponse_httpStatus' - The response's http status code.
+newCreateRegexPatternSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreateRegexPatternSetResponse
+newCreateRegexPatternSetResponse pHttpStatus_ =
+  CreateRegexPatternSetResponse'
+    { summary =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | High-level information about a RegexPatternSet, returned by operations
+-- like create and list. This provides information like the ID, that you
+-- can use to retrieve and manage a @RegexPatternSet@, and the ARN, that
+-- you provide to the RegexPatternSetReferenceStatement to use the pattern
+-- set in a Rule.
+createRegexPatternSetResponse_summary :: Lens.Lens' CreateRegexPatternSetResponse (Prelude.Maybe RegexPatternSetSummary)
+createRegexPatternSetResponse_summary = Lens.lens (\CreateRegexPatternSetResponse' {summary} -> summary) (\s@CreateRegexPatternSetResponse' {} a -> s {summary = a} :: CreateRegexPatternSetResponse)
+
+-- | The response's http status code.
+createRegexPatternSetResponse_httpStatus :: Lens.Lens' CreateRegexPatternSetResponse Prelude.Int
+createRegexPatternSetResponse_httpStatus = Lens.lens (\CreateRegexPatternSetResponse' {httpStatus} -> httpStatus) (\s@CreateRegexPatternSetResponse' {} a -> s {httpStatus = a} :: CreateRegexPatternSetResponse)
+
+instance Prelude.NFData CreateRegexPatternSetResponse where
+  rnf CreateRegexPatternSetResponse' {..} =
+    Prelude.rnf summary
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/CreateRuleGroup.hs b/gen/Amazonka/WAFV2/CreateRuleGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/CreateRuleGroup.hs
@@ -0,0 +1,420 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.CreateRuleGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates a RuleGroup per the specifications provided.
+--
+-- A rule group defines a collection of rules to inspect and control web
+-- requests that you can use in a WebACL. When you create a rule group, you
+-- define an immutable capacity limit. If you update a rule group, you must
+-- stay within the capacity. This allows others to reuse the rule group
+-- with confidence in its capacity requirements.
+module Amazonka.WAFV2.CreateRuleGroup
+  ( -- * Creating a Request
+    CreateRuleGroup (..),
+    newCreateRuleGroup,
+
+    -- * Request Lenses
+    createRuleGroup_customResponseBodies,
+    createRuleGroup_description,
+    createRuleGroup_rules,
+    createRuleGroup_tags,
+    createRuleGroup_name,
+    createRuleGroup_scope,
+    createRuleGroup_capacity,
+    createRuleGroup_visibilityConfig,
+
+    -- * Destructuring the Response
+    CreateRuleGroupResponse (..),
+    newCreateRuleGroupResponse,
+
+    -- * Response Lenses
+    createRuleGroupResponse_summary,
+    createRuleGroupResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newCreateRuleGroup' smart constructor.
+data CreateRuleGroup = CreateRuleGroup'
+  { -- | A map of custom response keys and content bodies. When you create a rule
+    -- with a block action, you can send a custom response to the web request.
+    -- You define these for the rule group, and then use them in the rules that
+    -- you define in the rule group.
+    --
+    -- For information about customizing web requests and responses, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+    -- in the
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+    --
+    -- For information about the limits on count and size for custom request
+    -- and response settings, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+    -- in the
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+    customResponseBodies :: Prelude.Maybe (Prelude.HashMap Prelude.Text CustomResponseBody),
+    -- | A description of the rule group that helps with identification.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The Rule statements used to identify the web requests that you want to
+    -- allow, block, or count. Each rule includes one top-level statement that
+    -- WAF uses to identify matching web requests, and parameters that govern
+    -- how WAF handles them.
+    rules :: Prelude.Maybe [Rule],
+    -- | An array of key:value pairs to associate with the resource.
+    tags :: Prelude.Maybe (Prelude.NonEmpty Tag),
+    -- | The name of the rule group. You cannot change the name of a rule group
+    -- after you create it.
+    name :: Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope,
+    -- | The web ACL capacity units (WCUs) required for this rule group.
+    --
+    -- When you create your own rule group, you define this, and you cannot
+    -- change it after creation. When you add or modify the rules in a rule
+    -- group, WAF enforces this limit. You can check the capacity for a set of
+    -- rules using CheckCapacity.
+    --
+    -- WAF uses WCUs to calculate and control the operating resources that are
+    -- used to run your rules, rule groups, and web ACLs. WAF calculates
+    -- capacity differently for each rule type, to reflect the relative cost of
+    -- each rule. Simple rules that cost little to run use fewer WCUs than more
+    -- complex rules that use more processing power. Rule group capacity is
+    -- fixed at creation, which helps users plan their web ACL WCU usage when
+    -- they use a rule group. The WCU limit for web ACLs is 1,500.
+    capacity :: Prelude.Natural,
+    -- | Defines and enables Amazon CloudWatch metrics and web request sample
+    -- collection.
+    visibilityConfig :: VisibilityConfig
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateRuleGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'customResponseBodies', 'createRuleGroup_customResponseBodies' - A map of custom response keys and content bodies. When you create a rule
+-- with a block action, you can send a custom response to the web request.
+-- You define these for the rule group, and then use them in the rules that
+-- you define in the rule group.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- For information about the limits on count and size for custom request
+-- and response settings, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- 'description', 'createRuleGroup_description' - A description of the rule group that helps with identification.
+--
+-- 'rules', 'createRuleGroup_rules' - The Rule statements used to identify the web requests that you want to
+-- allow, block, or count. Each rule includes one top-level statement that
+-- WAF uses to identify matching web requests, and parameters that govern
+-- how WAF handles them.
+--
+-- 'tags', 'createRuleGroup_tags' - An array of key:value pairs to associate with the resource.
+--
+-- 'name', 'createRuleGroup_name' - The name of the rule group. You cannot change the name of a rule group
+-- after you create it.
+--
+-- 'scope', 'createRuleGroup_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+--
+-- 'capacity', 'createRuleGroup_capacity' - The web ACL capacity units (WCUs) required for this rule group.
+--
+-- When you create your own rule group, you define this, and you cannot
+-- change it after creation. When you add or modify the rules in a rule
+-- group, WAF enforces this limit. You can check the capacity for a set of
+-- rules using CheckCapacity.
+--
+-- WAF uses WCUs to calculate and control the operating resources that are
+-- used to run your rules, rule groups, and web ACLs. WAF calculates
+-- capacity differently for each rule type, to reflect the relative cost of
+-- each rule. Simple rules that cost little to run use fewer WCUs than more
+-- complex rules that use more processing power. Rule group capacity is
+-- fixed at creation, which helps users plan their web ACL WCU usage when
+-- they use a rule group. The WCU limit for web ACLs is 1,500.
+--
+-- 'visibilityConfig', 'createRuleGroup_visibilityConfig' - Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+newCreateRuleGroup ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'scope'
+  Scope ->
+  -- | 'capacity'
+  Prelude.Natural ->
+  -- | 'visibilityConfig'
+  VisibilityConfig ->
+  CreateRuleGroup
+newCreateRuleGroup
+  pName_
+  pScope_
+  pCapacity_
+  pVisibilityConfig_ =
+    CreateRuleGroup'
+      { customResponseBodies =
+          Prelude.Nothing,
+        description = Prelude.Nothing,
+        rules = Prelude.Nothing,
+        tags = Prelude.Nothing,
+        name = pName_,
+        scope = pScope_,
+        capacity = pCapacity_,
+        visibilityConfig = pVisibilityConfig_
+      }
+
+-- | A map of custom response keys and content bodies. When you create a rule
+-- with a block action, you can send a custom response to the web request.
+-- You define these for the rule group, and then use them in the rules that
+-- you define in the rule group.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- For information about the limits on count and size for custom request
+-- and response settings, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+createRuleGroup_customResponseBodies :: Lens.Lens' CreateRuleGroup (Prelude.Maybe (Prelude.HashMap Prelude.Text CustomResponseBody))
+createRuleGroup_customResponseBodies = Lens.lens (\CreateRuleGroup' {customResponseBodies} -> customResponseBodies) (\s@CreateRuleGroup' {} a -> s {customResponseBodies = a} :: CreateRuleGroup) Prelude.. Lens.mapping Lens.coerced
+
+-- | A description of the rule group that helps with identification.
+createRuleGroup_description :: Lens.Lens' CreateRuleGroup (Prelude.Maybe Prelude.Text)
+createRuleGroup_description = Lens.lens (\CreateRuleGroup' {description} -> description) (\s@CreateRuleGroup' {} a -> s {description = a} :: CreateRuleGroup)
+
+-- | The Rule statements used to identify the web requests that you want to
+-- allow, block, or count. Each rule includes one top-level statement that
+-- WAF uses to identify matching web requests, and parameters that govern
+-- how WAF handles them.
+createRuleGroup_rules :: Lens.Lens' CreateRuleGroup (Prelude.Maybe [Rule])
+createRuleGroup_rules = Lens.lens (\CreateRuleGroup' {rules} -> rules) (\s@CreateRuleGroup' {} a -> s {rules = a} :: CreateRuleGroup) Prelude.. Lens.mapping Lens.coerced
+
+-- | An array of key:value pairs to associate with the resource.
+createRuleGroup_tags :: Lens.Lens' CreateRuleGroup (Prelude.Maybe (Prelude.NonEmpty Tag))
+createRuleGroup_tags = Lens.lens (\CreateRuleGroup' {tags} -> tags) (\s@CreateRuleGroup' {} a -> s {tags = a} :: CreateRuleGroup) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the rule group. You cannot change the name of a rule group
+-- after you create it.
+createRuleGroup_name :: Lens.Lens' CreateRuleGroup Prelude.Text
+createRuleGroup_name = Lens.lens (\CreateRuleGroup' {name} -> name) (\s@CreateRuleGroup' {} a -> s {name = a} :: CreateRuleGroup)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+createRuleGroup_scope :: Lens.Lens' CreateRuleGroup Scope
+createRuleGroup_scope = Lens.lens (\CreateRuleGroup' {scope} -> scope) (\s@CreateRuleGroup' {} a -> s {scope = a} :: CreateRuleGroup)
+
+-- | The web ACL capacity units (WCUs) required for this rule group.
+--
+-- When you create your own rule group, you define this, and you cannot
+-- change it after creation. When you add or modify the rules in a rule
+-- group, WAF enforces this limit. You can check the capacity for a set of
+-- rules using CheckCapacity.
+--
+-- WAF uses WCUs to calculate and control the operating resources that are
+-- used to run your rules, rule groups, and web ACLs. WAF calculates
+-- capacity differently for each rule type, to reflect the relative cost of
+-- each rule. Simple rules that cost little to run use fewer WCUs than more
+-- complex rules that use more processing power. Rule group capacity is
+-- fixed at creation, which helps users plan their web ACL WCU usage when
+-- they use a rule group. The WCU limit for web ACLs is 1,500.
+createRuleGroup_capacity :: Lens.Lens' CreateRuleGroup Prelude.Natural
+createRuleGroup_capacity = Lens.lens (\CreateRuleGroup' {capacity} -> capacity) (\s@CreateRuleGroup' {} a -> s {capacity = a} :: CreateRuleGroup)
+
+-- | Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+createRuleGroup_visibilityConfig :: Lens.Lens' CreateRuleGroup VisibilityConfig
+createRuleGroup_visibilityConfig = Lens.lens (\CreateRuleGroup' {visibilityConfig} -> visibilityConfig) (\s@CreateRuleGroup' {} a -> s {visibilityConfig = a} :: CreateRuleGroup)
+
+instance Core.AWSRequest CreateRuleGroup where
+  type
+    AWSResponse CreateRuleGroup =
+      CreateRuleGroupResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateRuleGroupResponse'
+            Prelude.<$> (x Data..?> "Summary")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable CreateRuleGroup where
+  hashWithSalt _salt CreateRuleGroup' {..} =
+    _salt
+      `Prelude.hashWithSalt` customResponseBodies
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` rules
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` scope
+      `Prelude.hashWithSalt` capacity
+      `Prelude.hashWithSalt` visibilityConfig
+
+instance Prelude.NFData CreateRuleGroup where
+  rnf CreateRuleGroup' {..} =
+    Prelude.rnf customResponseBodies
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf rules
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf scope
+      `Prelude.seq` Prelude.rnf capacity
+      `Prelude.seq` Prelude.rnf visibilityConfig
+
+instance Data.ToHeaders CreateRuleGroup where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.CreateRuleGroup" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateRuleGroup where
+  toJSON CreateRuleGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CustomResponseBodies" Data..=)
+              Prelude.<$> customResponseBodies,
+            ("Description" Data..=) Prelude.<$> description,
+            ("Rules" Data..=) Prelude.<$> rules,
+            ("Tags" Data..=) Prelude.<$> tags,
+            Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Scope" Data..= scope),
+            Prelude.Just ("Capacity" Data..= capacity),
+            Prelude.Just
+              ("VisibilityConfig" Data..= visibilityConfig)
+          ]
+      )
+
+instance Data.ToPath CreateRuleGroup where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery CreateRuleGroup where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateRuleGroupResponse' smart constructor.
+data CreateRuleGroupResponse = CreateRuleGroupResponse'
+  { -- | High-level information about a RuleGroup, returned by operations like
+    -- create and list. This provides information like the ID, that you can use
+    -- to retrieve and manage a @RuleGroup@, and the ARN, that you provide to
+    -- the RuleGroupReferenceStatement to use the rule group in a Rule.
+    summary :: Prelude.Maybe RuleGroupSummary,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateRuleGroupResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'summary', 'createRuleGroupResponse_summary' - High-level information about a RuleGroup, returned by operations like
+-- create and list. This provides information like the ID, that you can use
+-- to retrieve and manage a @RuleGroup@, and the ARN, that you provide to
+-- the RuleGroupReferenceStatement to use the rule group in a Rule.
+--
+-- 'httpStatus', 'createRuleGroupResponse_httpStatus' - The response's http status code.
+newCreateRuleGroupResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreateRuleGroupResponse
+newCreateRuleGroupResponse pHttpStatus_ =
+  CreateRuleGroupResponse'
+    { summary = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | High-level information about a RuleGroup, returned by operations like
+-- create and list. This provides information like the ID, that you can use
+-- to retrieve and manage a @RuleGroup@, and the ARN, that you provide to
+-- the RuleGroupReferenceStatement to use the rule group in a Rule.
+createRuleGroupResponse_summary :: Lens.Lens' CreateRuleGroupResponse (Prelude.Maybe RuleGroupSummary)
+createRuleGroupResponse_summary = Lens.lens (\CreateRuleGroupResponse' {summary} -> summary) (\s@CreateRuleGroupResponse' {} a -> s {summary = a} :: CreateRuleGroupResponse)
+
+-- | The response's http status code.
+createRuleGroupResponse_httpStatus :: Lens.Lens' CreateRuleGroupResponse Prelude.Int
+createRuleGroupResponse_httpStatus = Lens.lens (\CreateRuleGroupResponse' {httpStatus} -> httpStatus) (\s@CreateRuleGroupResponse' {} a -> s {httpStatus = a} :: CreateRuleGroupResponse)
+
+instance Prelude.NFData CreateRuleGroupResponse where
+  rnf CreateRuleGroupResponse' {..} =
+    Prelude.rnf summary
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/CreateWebACL.hs b/gen/Amazonka/WAFV2/CreateWebACL.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/CreateWebACL.hs
@@ -0,0 +1,477 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.CreateWebACL
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Creates a WebACL per the specifications provided.
+--
+-- A web ACL defines a collection of rules to use to inspect and control
+-- web requests. Each rule has an action defined (allow, block, or count)
+-- for requests that match the statement of the rule. In the web ACL, you
+-- assign a default action to take (allow, block) for any request that does
+-- not match any of the rules. The rules in a web ACL can be a combination
+-- of the types Rule, RuleGroup, and managed rule group. You can associate
+-- a web ACL with one or more Amazon Web Services resources to protect. The
+-- resources can be an Amazon CloudFront distribution, an Amazon API
+-- Gateway REST API, an Application Load Balancer, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+module Amazonka.WAFV2.CreateWebACL
+  ( -- * Creating a Request
+    CreateWebACL (..),
+    newCreateWebACL,
+
+    -- * Request Lenses
+    createWebACL_captchaConfig,
+    createWebACL_challengeConfig,
+    createWebACL_customResponseBodies,
+    createWebACL_description,
+    createWebACL_rules,
+    createWebACL_tags,
+    createWebACL_tokenDomains,
+    createWebACL_name,
+    createWebACL_scope,
+    createWebACL_defaultAction,
+    createWebACL_visibilityConfig,
+
+    -- * Destructuring the Response
+    CreateWebACLResponse (..),
+    newCreateWebACLResponse,
+
+    -- * Response Lenses
+    createWebACLResponse_summary,
+    createWebACLResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newCreateWebACL' smart constructor.
+data CreateWebACL = CreateWebACL'
+  { -- | Specifies how WAF should handle @CAPTCHA@ evaluations for rules that
+    -- don\'t have their own @CaptchaConfig@ settings. If you don\'t specify
+    -- this, WAF uses its default settings for @CaptchaConfig@.
+    captchaConfig :: Prelude.Maybe CaptchaConfig,
+    -- | Specifies how WAF should handle challenge evaluations for rules that
+    -- don\'t have their own @ChallengeConfig@ settings. If you don\'t specify
+    -- this, WAF uses its default settings for @ChallengeConfig@.
+    challengeConfig :: Prelude.Maybe ChallengeConfig,
+    -- | A map of custom response keys and content bodies. When you create a rule
+    -- with a block action, you can send a custom response to the web request.
+    -- You define these for the web ACL, and then use them in the rules and
+    -- default actions that you define in the web ACL.
+    --
+    -- For information about customizing web requests and responses, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+    -- in the
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+    --
+    -- For information about the limits on count and size for custom request
+    -- and response settings, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+    -- in the
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+    customResponseBodies :: Prelude.Maybe (Prelude.HashMap Prelude.Text CustomResponseBody),
+    -- | A description of the web ACL that helps with identification.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The Rule statements used to identify the web requests that you want to
+    -- allow, block, or count. Each rule includes one top-level statement that
+    -- WAF uses to identify matching web requests, and parameters that govern
+    -- how WAF handles them.
+    rules :: Prelude.Maybe [Rule],
+    -- | An array of key:value pairs to associate with the resource.
+    tags :: Prelude.Maybe (Prelude.NonEmpty Tag),
+    -- | Specifies the domains that WAF should accept in a web request token.
+    -- This enables the use of tokens across multiple protected websites. When
+    -- WAF provides a token, it uses the domain of the Amazon Web Services
+    -- resource that the web ACL is protecting. If you don\'t specify a list of
+    -- token domains, WAF accepts tokens only for the domain of the protected
+    -- resource. With a token domain list, WAF accepts the resource\'s host
+    -- domain plus all domains in the token domain list, including their
+    -- prefixed subdomains.
+    --
+    -- Example JSON:
+    -- @\"TokenDomains\": { \"mywebsite.com\", \"myotherwebsite.com\" }@
+    --
+    -- Public suffixes aren\'t allowed. For example, you can\'t use @usa.gov@
+    -- or @co.uk@ as token domains.
+    tokenDomains :: Prelude.Maybe (Prelude.NonEmpty Prelude.Text),
+    -- | The name of the web ACL. You cannot change the name of a web ACL after
+    -- you create it.
+    name :: Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope,
+    -- | The action to perform if none of the @Rules@ contained in the @WebACL@
+    -- match.
+    defaultAction :: DefaultAction,
+    -- | Defines and enables Amazon CloudWatch metrics and web request sample
+    -- collection.
+    visibilityConfig :: VisibilityConfig
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateWebACL' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'captchaConfig', 'createWebACL_captchaConfig' - Specifies how WAF should handle @CAPTCHA@ evaluations for rules that
+-- don\'t have their own @CaptchaConfig@ settings. If you don\'t specify
+-- this, WAF uses its default settings for @CaptchaConfig@.
+--
+-- 'challengeConfig', 'createWebACL_challengeConfig' - Specifies how WAF should handle challenge evaluations for rules that
+-- don\'t have their own @ChallengeConfig@ settings. If you don\'t specify
+-- this, WAF uses its default settings for @ChallengeConfig@.
+--
+-- 'customResponseBodies', 'createWebACL_customResponseBodies' - A map of custom response keys and content bodies. When you create a rule
+-- with a block action, you can send a custom response to the web request.
+-- You define these for the web ACL, and then use them in the rules and
+-- default actions that you define in the web ACL.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- For information about the limits on count and size for custom request
+-- and response settings, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- 'description', 'createWebACL_description' - A description of the web ACL that helps with identification.
+--
+-- 'rules', 'createWebACL_rules' - The Rule statements used to identify the web requests that you want to
+-- allow, block, or count. Each rule includes one top-level statement that
+-- WAF uses to identify matching web requests, and parameters that govern
+-- how WAF handles them.
+--
+-- 'tags', 'createWebACL_tags' - An array of key:value pairs to associate with the resource.
+--
+-- 'tokenDomains', 'createWebACL_tokenDomains' - Specifies the domains that WAF should accept in a web request token.
+-- This enables the use of tokens across multiple protected websites. When
+-- WAF provides a token, it uses the domain of the Amazon Web Services
+-- resource that the web ACL is protecting. If you don\'t specify a list of
+-- token domains, WAF accepts tokens only for the domain of the protected
+-- resource. With a token domain list, WAF accepts the resource\'s host
+-- domain plus all domains in the token domain list, including their
+-- prefixed subdomains.
+--
+-- Example JSON:
+-- @\"TokenDomains\": { \"mywebsite.com\", \"myotherwebsite.com\" }@
+--
+-- Public suffixes aren\'t allowed. For example, you can\'t use @usa.gov@
+-- or @co.uk@ as token domains.
+--
+-- 'name', 'createWebACL_name' - The name of the web ACL. You cannot change the name of a web ACL after
+-- you create it.
+--
+-- 'scope', 'createWebACL_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+--
+-- 'defaultAction', 'createWebACL_defaultAction' - The action to perform if none of the @Rules@ contained in the @WebACL@
+-- match.
+--
+-- 'visibilityConfig', 'createWebACL_visibilityConfig' - Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+newCreateWebACL ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'scope'
+  Scope ->
+  -- | 'defaultAction'
+  DefaultAction ->
+  -- | 'visibilityConfig'
+  VisibilityConfig ->
+  CreateWebACL
+newCreateWebACL
+  pName_
+  pScope_
+  pDefaultAction_
+  pVisibilityConfig_ =
+    CreateWebACL'
+      { captchaConfig = Prelude.Nothing,
+        challengeConfig = Prelude.Nothing,
+        customResponseBodies = Prelude.Nothing,
+        description = Prelude.Nothing,
+        rules = Prelude.Nothing,
+        tags = Prelude.Nothing,
+        tokenDomains = Prelude.Nothing,
+        name = pName_,
+        scope = pScope_,
+        defaultAction = pDefaultAction_,
+        visibilityConfig = pVisibilityConfig_
+      }
+
+-- | Specifies how WAF should handle @CAPTCHA@ evaluations for rules that
+-- don\'t have their own @CaptchaConfig@ settings. If you don\'t specify
+-- this, WAF uses its default settings for @CaptchaConfig@.
+createWebACL_captchaConfig :: Lens.Lens' CreateWebACL (Prelude.Maybe CaptchaConfig)
+createWebACL_captchaConfig = Lens.lens (\CreateWebACL' {captchaConfig} -> captchaConfig) (\s@CreateWebACL' {} a -> s {captchaConfig = a} :: CreateWebACL)
+
+-- | Specifies how WAF should handle challenge evaluations for rules that
+-- don\'t have their own @ChallengeConfig@ settings. If you don\'t specify
+-- this, WAF uses its default settings for @ChallengeConfig@.
+createWebACL_challengeConfig :: Lens.Lens' CreateWebACL (Prelude.Maybe ChallengeConfig)
+createWebACL_challengeConfig = Lens.lens (\CreateWebACL' {challengeConfig} -> challengeConfig) (\s@CreateWebACL' {} a -> s {challengeConfig = a} :: CreateWebACL)
+
+-- | A map of custom response keys and content bodies. When you create a rule
+-- with a block action, you can send a custom response to the web request.
+-- You define these for the web ACL, and then use them in the rules and
+-- default actions that you define in the web ACL.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- For information about the limits on count and size for custom request
+-- and response settings, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+createWebACL_customResponseBodies :: Lens.Lens' CreateWebACL (Prelude.Maybe (Prelude.HashMap Prelude.Text CustomResponseBody))
+createWebACL_customResponseBodies = Lens.lens (\CreateWebACL' {customResponseBodies} -> customResponseBodies) (\s@CreateWebACL' {} a -> s {customResponseBodies = a} :: CreateWebACL) Prelude.. Lens.mapping Lens.coerced
+
+-- | A description of the web ACL that helps with identification.
+createWebACL_description :: Lens.Lens' CreateWebACL (Prelude.Maybe Prelude.Text)
+createWebACL_description = Lens.lens (\CreateWebACL' {description} -> description) (\s@CreateWebACL' {} a -> s {description = a} :: CreateWebACL)
+
+-- | The Rule statements used to identify the web requests that you want to
+-- allow, block, or count. Each rule includes one top-level statement that
+-- WAF uses to identify matching web requests, and parameters that govern
+-- how WAF handles them.
+createWebACL_rules :: Lens.Lens' CreateWebACL (Prelude.Maybe [Rule])
+createWebACL_rules = Lens.lens (\CreateWebACL' {rules} -> rules) (\s@CreateWebACL' {} a -> s {rules = a} :: CreateWebACL) Prelude.. Lens.mapping Lens.coerced
+
+-- | An array of key:value pairs to associate with the resource.
+createWebACL_tags :: Lens.Lens' CreateWebACL (Prelude.Maybe (Prelude.NonEmpty Tag))
+createWebACL_tags = Lens.lens (\CreateWebACL' {tags} -> tags) (\s@CreateWebACL' {} a -> s {tags = a} :: CreateWebACL) Prelude.. Lens.mapping Lens.coerced
+
+-- | Specifies the domains that WAF should accept in a web request token.
+-- This enables the use of tokens across multiple protected websites. When
+-- WAF provides a token, it uses the domain of the Amazon Web Services
+-- resource that the web ACL is protecting. If you don\'t specify a list of
+-- token domains, WAF accepts tokens only for the domain of the protected
+-- resource. With a token domain list, WAF accepts the resource\'s host
+-- domain plus all domains in the token domain list, including their
+-- prefixed subdomains.
+--
+-- Example JSON:
+-- @\"TokenDomains\": { \"mywebsite.com\", \"myotherwebsite.com\" }@
+--
+-- Public suffixes aren\'t allowed. For example, you can\'t use @usa.gov@
+-- or @co.uk@ as token domains.
+createWebACL_tokenDomains :: Lens.Lens' CreateWebACL (Prelude.Maybe (Prelude.NonEmpty Prelude.Text))
+createWebACL_tokenDomains = Lens.lens (\CreateWebACL' {tokenDomains} -> tokenDomains) (\s@CreateWebACL' {} a -> s {tokenDomains = a} :: CreateWebACL) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the web ACL. You cannot change the name of a web ACL after
+-- you create it.
+createWebACL_name :: Lens.Lens' CreateWebACL Prelude.Text
+createWebACL_name = Lens.lens (\CreateWebACL' {name} -> name) (\s@CreateWebACL' {} a -> s {name = a} :: CreateWebACL)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+createWebACL_scope :: Lens.Lens' CreateWebACL Scope
+createWebACL_scope = Lens.lens (\CreateWebACL' {scope} -> scope) (\s@CreateWebACL' {} a -> s {scope = a} :: CreateWebACL)
+
+-- | The action to perform if none of the @Rules@ contained in the @WebACL@
+-- match.
+createWebACL_defaultAction :: Lens.Lens' CreateWebACL DefaultAction
+createWebACL_defaultAction = Lens.lens (\CreateWebACL' {defaultAction} -> defaultAction) (\s@CreateWebACL' {} a -> s {defaultAction = a} :: CreateWebACL)
+
+-- | Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+createWebACL_visibilityConfig :: Lens.Lens' CreateWebACL VisibilityConfig
+createWebACL_visibilityConfig = Lens.lens (\CreateWebACL' {visibilityConfig} -> visibilityConfig) (\s@CreateWebACL' {} a -> s {visibilityConfig = a} :: CreateWebACL)
+
+instance Core.AWSRequest CreateWebACL where
+  type AWSResponse CreateWebACL = CreateWebACLResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          CreateWebACLResponse'
+            Prelude.<$> (x Data..?> "Summary")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable CreateWebACL where
+  hashWithSalt _salt CreateWebACL' {..} =
+    _salt
+      `Prelude.hashWithSalt` captchaConfig
+      `Prelude.hashWithSalt` challengeConfig
+      `Prelude.hashWithSalt` customResponseBodies
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` rules
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` tokenDomains
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` scope
+      `Prelude.hashWithSalt` defaultAction
+      `Prelude.hashWithSalt` visibilityConfig
+
+instance Prelude.NFData CreateWebACL where
+  rnf CreateWebACL' {..} =
+    Prelude.rnf captchaConfig
+      `Prelude.seq` Prelude.rnf challengeConfig
+      `Prelude.seq` Prelude.rnf customResponseBodies
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf rules
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf tokenDomains
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf scope
+      `Prelude.seq` Prelude.rnf defaultAction
+      `Prelude.seq` Prelude.rnf visibilityConfig
+
+instance Data.ToHeaders CreateWebACL where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.CreateWebACL" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON CreateWebACL where
+  toJSON CreateWebACL' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CaptchaConfig" Data..=) Prelude.<$> captchaConfig,
+            ("ChallengeConfig" Data..=)
+              Prelude.<$> challengeConfig,
+            ("CustomResponseBodies" Data..=)
+              Prelude.<$> customResponseBodies,
+            ("Description" Data..=) Prelude.<$> description,
+            ("Rules" Data..=) Prelude.<$> rules,
+            ("Tags" Data..=) Prelude.<$> tags,
+            ("TokenDomains" Data..=) Prelude.<$> tokenDomains,
+            Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Scope" Data..= scope),
+            Prelude.Just ("DefaultAction" Data..= defaultAction),
+            Prelude.Just
+              ("VisibilityConfig" Data..= visibilityConfig)
+          ]
+      )
+
+instance Data.ToPath CreateWebACL where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery CreateWebACL where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newCreateWebACLResponse' smart constructor.
+data CreateWebACLResponse = CreateWebACLResponse'
+  { -- | High-level information about a WebACL, returned by operations like
+    -- create and list. This provides information like the ID, that you can use
+    -- to retrieve and manage a @WebACL@, and the ARN, that you provide to
+    -- operations like AssociateWebACL.
+    summary :: Prelude.Maybe WebACLSummary,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CreateWebACLResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'summary', 'createWebACLResponse_summary' - High-level information about a WebACL, returned by operations like
+-- create and list. This provides information like the ID, that you can use
+-- to retrieve and manage a @WebACL@, and the ARN, that you provide to
+-- operations like AssociateWebACL.
+--
+-- 'httpStatus', 'createWebACLResponse_httpStatus' - The response's http status code.
+newCreateWebACLResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  CreateWebACLResponse
+newCreateWebACLResponse pHttpStatus_ =
+  CreateWebACLResponse'
+    { summary = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | High-level information about a WebACL, returned by operations like
+-- create and list. This provides information like the ID, that you can use
+-- to retrieve and manage a @WebACL@, and the ARN, that you provide to
+-- operations like AssociateWebACL.
+createWebACLResponse_summary :: Lens.Lens' CreateWebACLResponse (Prelude.Maybe WebACLSummary)
+createWebACLResponse_summary = Lens.lens (\CreateWebACLResponse' {summary} -> summary) (\s@CreateWebACLResponse' {} a -> s {summary = a} :: CreateWebACLResponse)
+
+-- | The response's http status code.
+createWebACLResponse_httpStatus :: Lens.Lens' CreateWebACLResponse Prelude.Int
+createWebACLResponse_httpStatus = Lens.lens (\CreateWebACLResponse' {httpStatus} -> httpStatus) (\s@CreateWebACLResponse' {} a -> s {httpStatus = a} :: CreateWebACLResponse)
+
+instance Prelude.NFData CreateWebACLResponse where
+  rnf CreateWebACLResponse' {..} =
+    Prelude.rnf summary
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/DeleteFirewallManagerRuleGroups.hs b/gen/Amazonka/WAFV2/DeleteFirewallManagerRuleGroups.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/DeleteFirewallManagerRuleGroups.hs
@@ -0,0 +1,256 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.DeleteFirewallManagerRuleGroups
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes all rule groups that are managed by Firewall Manager for the
+-- specified web ACL.
+--
+-- You can only use this if @ManagedByFirewallManager@ is false in the
+-- specified WebACL.
+module Amazonka.WAFV2.DeleteFirewallManagerRuleGroups
+  ( -- * Creating a Request
+    DeleteFirewallManagerRuleGroups (..),
+    newDeleteFirewallManagerRuleGroups,
+
+    -- * Request Lenses
+    deleteFirewallManagerRuleGroups_webACLArn,
+    deleteFirewallManagerRuleGroups_webACLLockToken,
+
+    -- * Destructuring the Response
+    DeleteFirewallManagerRuleGroupsResponse (..),
+    newDeleteFirewallManagerRuleGroupsResponse,
+
+    -- * Response Lenses
+    deleteFirewallManagerRuleGroupsResponse_nextWebACLLockToken,
+    deleteFirewallManagerRuleGroupsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newDeleteFirewallManagerRuleGroups' smart constructor.
+data DeleteFirewallManagerRuleGroups = DeleteFirewallManagerRuleGroups'
+  { -- | The Amazon Resource Name (ARN) of the web ACL.
+    webACLArn :: Prelude.Text,
+    -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    webACLLockToken :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteFirewallManagerRuleGroups' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'webACLArn', 'deleteFirewallManagerRuleGroups_webACLArn' - The Amazon Resource Name (ARN) of the web ACL.
+--
+-- 'webACLLockToken', 'deleteFirewallManagerRuleGroups_webACLLockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+newDeleteFirewallManagerRuleGroups ::
+  -- | 'webACLArn'
+  Prelude.Text ->
+  -- | 'webACLLockToken'
+  Prelude.Text ->
+  DeleteFirewallManagerRuleGroups
+newDeleteFirewallManagerRuleGroups
+  pWebACLArn_
+  pWebACLLockToken_ =
+    DeleteFirewallManagerRuleGroups'
+      { webACLArn =
+          pWebACLArn_,
+        webACLLockToken = pWebACLLockToken_
+      }
+
+-- | The Amazon Resource Name (ARN) of the web ACL.
+deleteFirewallManagerRuleGroups_webACLArn :: Lens.Lens' DeleteFirewallManagerRuleGroups Prelude.Text
+deleteFirewallManagerRuleGroups_webACLArn = Lens.lens (\DeleteFirewallManagerRuleGroups' {webACLArn} -> webACLArn) (\s@DeleteFirewallManagerRuleGroups' {} a -> s {webACLArn = a} :: DeleteFirewallManagerRuleGroups)
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+deleteFirewallManagerRuleGroups_webACLLockToken :: Lens.Lens' DeleteFirewallManagerRuleGroups Prelude.Text
+deleteFirewallManagerRuleGroups_webACLLockToken = Lens.lens (\DeleteFirewallManagerRuleGroups' {webACLLockToken} -> webACLLockToken) (\s@DeleteFirewallManagerRuleGroups' {} a -> s {webACLLockToken = a} :: DeleteFirewallManagerRuleGroups)
+
+instance
+  Core.AWSRequest
+    DeleteFirewallManagerRuleGroups
+  where
+  type
+    AWSResponse DeleteFirewallManagerRuleGroups =
+      DeleteFirewallManagerRuleGroupsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DeleteFirewallManagerRuleGroupsResponse'
+            Prelude.<$> (x Data..?> "NextWebACLLockToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    DeleteFirewallManagerRuleGroups
+  where
+  hashWithSalt
+    _salt
+    DeleteFirewallManagerRuleGroups' {..} =
+      _salt
+        `Prelude.hashWithSalt` webACLArn
+        `Prelude.hashWithSalt` webACLLockToken
+
+instance
+  Prelude.NFData
+    DeleteFirewallManagerRuleGroups
+  where
+  rnf DeleteFirewallManagerRuleGroups' {..} =
+    Prelude.rnf webACLArn
+      `Prelude.seq` Prelude.rnf webACLLockToken
+
+instance
+  Data.ToHeaders
+    DeleteFirewallManagerRuleGroups
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.DeleteFirewallManagerRuleGroups" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeleteFirewallManagerRuleGroups where
+  toJSON DeleteFirewallManagerRuleGroups' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("WebACLArn" Data..= webACLArn),
+            Prelude.Just
+              ("WebACLLockToken" Data..= webACLLockToken)
+          ]
+      )
+
+instance Data.ToPath DeleteFirewallManagerRuleGroups where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DeleteFirewallManagerRuleGroups where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteFirewallManagerRuleGroupsResponse' smart constructor.
+data DeleteFirewallManagerRuleGroupsResponse = DeleteFirewallManagerRuleGroupsResponse'
+  { -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    nextWebACLLockToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteFirewallManagerRuleGroupsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextWebACLLockToken', 'deleteFirewallManagerRuleGroupsResponse_nextWebACLLockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+--
+-- 'httpStatus', 'deleteFirewallManagerRuleGroupsResponse_httpStatus' - The response's http status code.
+newDeleteFirewallManagerRuleGroupsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteFirewallManagerRuleGroupsResponse
+newDeleteFirewallManagerRuleGroupsResponse
+  pHttpStatus_ =
+    DeleteFirewallManagerRuleGroupsResponse'
+      { nextWebACLLockToken =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+deleteFirewallManagerRuleGroupsResponse_nextWebACLLockToken :: Lens.Lens' DeleteFirewallManagerRuleGroupsResponse (Prelude.Maybe Prelude.Text)
+deleteFirewallManagerRuleGroupsResponse_nextWebACLLockToken = Lens.lens (\DeleteFirewallManagerRuleGroupsResponse' {nextWebACLLockToken} -> nextWebACLLockToken) (\s@DeleteFirewallManagerRuleGroupsResponse' {} a -> s {nextWebACLLockToken = a} :: DeleteFirewallManagerRuleGroupsResponse)
+
+-- | The response's http status code.
+deleteFirewallManagerRuleGroupsResponse_httpStatus :: Lens.Lens' DeleteFirewallManagerRuleGroupsResponse Prelude.Int
+deleteFirewallManagerRuleGroupsResponse_httpStatus = Lens.lens (\DeleteFirewallManagerRuleGroupsResponse' {httpStatus} -> httpStatus) (\s@DeleteFirewallManagerRuleGroupsResponse' {} a -> s {httpStatus = a} :: DeleteFirewallManagerRuleGroupsResponse)
+
+instance
+  Prelude.NFData
+    DeleteFirewallManagerRuleGroupsResponse
+  where
+  rnf DeleteFirewallManagerRuleGroupsResponse' {..} =
+    Prelude.rnf nextWebACLLockToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/DeleteIPSet.hs b/gen/Amazonka/WAFV2/DeleteIPSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/DeleteIPSet.hs
@@ -0,0 +1,263 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.DeleteIPSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes the specified IPSet.
+module Amazonka.WAFV2.DeleteIPSet
+  ( -- * Creating a Request
+    DeleteIPSet (..),
+    newDeleteIPSet,
+
+    -- * Request Lenses
+    deleteIPSet_name,
+    deleteIPSet_scope,
+    deleteIPSet_id,
+    deleteIPSet_lockToken,
+
+    -- * Destructuring the Response
+    DeleteIPSetResponse (..),
+    newDeleteIPSetResponse,
+
+    -- * Response Lenses
+    deleteIPSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newDeleteIPSet' smart constructor.
+data DeleteIPSet = DeleteIPSet'
+  { -- | The name of the IP set. You cannot change the name of an @IPSet@ after
+    -- you create it.
+    name :: Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope,
+    -- | A unique identifier for the set. This ID is returned in the responses to
+    -- create and list commands. You provide it to operations like update and
+    -- delete.
+    id :: Prelude.Text,
+    -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    lockToken :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteIPSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'deleteIPSet_name' - The name of the IP set. You cannot change the name of an @IPSet@ after
+-- you create it.
+--
+-- 'scope', 'deleteIPSet_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+--
+-- 'id', 'deleteIPSet_id' - A unique identifier for the set. This ID is returned in the responses to
+-- create and list commands. You provide it to operations like update and
+-- delete.
+--
+-- 'lockToken', 'deleteIPSet_lockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+newDeleteIPSet ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'scope'
+  Scope ->
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'lockToken'
+  Prelude.Text ->
+  DeleteIPSet
+newDeleteIPSet pName_ pScope_ pId_ pLockToken_ =
+  DeleteIPSet'
+    { name = pName_,
+      scope = pScope_,
+      id = pId_,
+      lockToken = pLockToken_
+    }
+
+-- | The name of the IP set. You cannot change the name of an @IPSet@ after
+-- you create it.
+deleteIPSet_name :: Lens.Lens' DeleteIPSet Prelude.Text
+deleteIPSet_name = Lens.lens (\DeleteIPSet' {name} -> name) (\s@DeleteIPSet' {} a -> s {name = a} :: DeleteIPSet)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+deleteIPSet_scope :: Lens.Lens' DeleteIPSet Scope
+deleteIPSet_scope = Lens.lens (\DeleteIPSet' {scope} -> scope) (\s@DeleteIPSet' {} a -> s {scope = a} :: DeleteIPSet)
+
+-- | A unique identifier for the set. This ID is returned in the responses to
+-- create and list commands. You provide it to operations like update and
+-- delete.
+deleteIPSet_id :: Lens.Lens' DeleteIPSet Prelude.Text
+deleteIPSet_id = Lens.lens (\DeleteIPSet' {id} -> id) (\s@DeleteIPSet' {} a -> s {id = a} :: DeleteIPSet)
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+deleteIPSet_lockToken :: Lens.Lens' DeleteIPSet Prelude.Text
+deleteIPSet_lockToken = Lens.lens (\DeleteIPSet' {lockToken} -> lockToken) (\s@DeleteIPSet' {} a -> s {lockToken = a} :: DeleteIPSet)
+
+instance Core.AWSRequest DeleteIPSet where
+  type AWSResponse DeleteIPSet = DeleteIPSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DeleteIPSetResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeleteIPSet where
+  hashWithSalt _salt DeleteIPSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` scope
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` lockToken
+
+instance Prelude.NFData DeleteIPSet where
+  rnf DeleteIPSet' {..} =
+    Prelude.rnf name
+      `Prelude.seq` Prelude.rnf scope
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf lockToken
+
+instance Data.ToHeaders DeleteIPSet where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.DeleteIPSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeleteIPSet where
+  toJSON DeleteIPSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Scope" Data..= scope),
+            Prelude.Just ("Id" Data..= id),
+            Prelude.Just ("LockToken" Data..= lockToken)
+          ]
+      )
+
+instance Data.ToPath DeleteIPSet where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DeleteIPSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteIPSetResponse' smart constructor.
+data DeleteIPSetResponse = DeleteIPSetResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteIPSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deleteIPSetResponse_httpStatus' - The response's http status code.
+newDeleteIPSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteIPSetResponse
+newDeleteIPSetResponse pHttpStatus_ =
+  DeleteIPSetResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+deleteIPSetResponse_httpStatus :: Lens.Lens' DeleteIPSetResponse Prelude.Int
+deleteIPSetResponse_httpStatus = Lens.lens (\DeleteIPSetResponse' {httpStatus} -> httpStatus) (\s@DeleteIPSetResponse' {} a -> s {httpStatus = a} :: DeleteIPSetResponse)
+
+instance Prelude.NFData DeleteIPSetResponse where
+  rnf DeleteIPSetResponse' {..} = Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/DeleteLoggingConfiguration.hs b/gen/Amazonka/WAFV2/DeleteLoggingConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/DeleteLoggingConfiguration.hs
@@ -0,0 +1,166 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.DeleteLoggingConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes the LoggingConfiguration from the specified web ACL.
+module Amazonka.WAFV2.DeleteLoggingConfiguration
+  ( -- * Creating a Request
+    DeleteLoggingConfiguration (..),
+    newDeleteLoggingConfiguration,
+
+    -- * Request Lenses
+    deleteLoggingConfiguration_resourceArn,
+
+    -- * Destructuring the Response
+    DeleteLoggingConfigurationResponse (..),
+    newDeleteLoggingConfigurationResponse,
+
+    -- * Response Lenses
+    deleteLoggingConfigurationResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newDeleteLoggingConfiguration' smart constructor.
+data DeleteLoggingConfiguration = DeleteLoggingConfiguration'
+  { -- | The Amazon Resource Name (ARN) of the web ACL from which you want to
+    -- delete the LoggingConfiguration.
+    resourceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteLoggingConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'deleteLoggingConfiguration_resourceArn' - The Amazon Resource Name (ARN) of the web ACL from which you want to
+-- delete the LoggingConfiguration.
+newDeleteLoggingConfiguration ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  DeleteLoggingConfiguration
+newDeleteLoggingConfiguration pResourceArn_ =
+  DeleteLoggingConfiguration'
+    { resourceArn =
+        pResourceArn_
+    }
+
+-- | The Amazon Resource Name (ARN) of the web ACL from which you want to
+-- delete the LoggingConfiguration.
+deleteLoggingConfiguration_resourceArn :: Lens.Lens' DeleteLoggingConfiguration Prelude.Text
+deleteLoggingConfiguration_resourceArn = Lens.lens (\DeleteLoggingConfiguration' {resourceArn} -> resourceArn) (\s@DeleteLoggingConfiguration' {} a -> s {resourceArn = a} :: DeleteLoggingConfiguration)
+
+instance Core.AWSRequest DeleteLoggingConfiguration where
+  type
+    AWSResponse DeleteLoggingConfiguration =
+      DeleteLoggingConfigurationResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DeleteLoggingConfigurationResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeleteLoggingConfiguration where
+  hashWithSalt _salt DeleteLoggingConfiguration' {..} =
+    _salt `Prelude.hashWithSalt` resourceArn
+
+instance Prelude.NFData DeleteLoggingConfiguration where
+  rnf DeleteLoggingConfiguration' {..} =
+    Prelude.rnf resourceArn
+
+instance Data.ToHeaders DeleteLoggingConfiguration where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.DeleteLoggingConfiguration" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeleteLoggingConfiguration where
+  toJSON DeleteLoggingConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("ResourceArn" Data..= resourceArn)]
+      )
+
+instance Data.ToPath DeleteLoggingConfiguration where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DeleteLoggingConfiguration where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteLoggingConfigurationResponse' smart constructor.
+data DeleteLoggingConfigurationResponse = DeleteLoggingConfigurationResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteLoggingConfigurationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deleteLoggingConfigurationResponse_httpStatus' - The response's http status code.
+newDeleteLoggingConfigurationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteLoggingConfigurationResponse
+newDeleteLoggingConfigurationResponse pHttpStatus_ =
+  DeleteLoggingConfigurationResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+deleteLoggingConfigurationResponse_httpStatus :: Lens.Lens' DeleteLoggingConfigurationResponse Prelude.Int
+deleteLoggingConfigurationResponse_httpStatus = Lens.lens (\DeleteLoggingConfigurationResponse' {httpStatus} -> httpStatus) (\s@DeleteLoggingConfigurationResponse' {} a -> s {httpStatus = a} :: DeleteLoggingConfigurationResponse)
+
+instance
+  Prelude.NFData
+    DeleteLoggingConfigurationResponse
+  where
+  rnf DeleteLoggingConfigurationResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/DeletePermissionPolicy.hs b/gen/Amazonka/WAFV2/DeletePermissionPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/DeletePermissionPolicy.hs
@@ -0,0 +1,174 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.DeletePermissionPolicy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Permanently deletes an IAM policy from the specified rule group.
+--
+-- You must be the owner of the rule group to perform this operation.
+module Amazonka.WAFV2.DeletePermissionPolicy
+  ( -- * Creating a Request
+    DeletePermissionPolicy (..),
+    newDeletePermissionPolicy,
+
+    -- * Request Lenses
+    deletePermissionPolicy_resourceArn,
+
+    -- * Destructuring the Response
+    DeletePermissionPolicyResponse (..),
+    newDeletePermissionPolicyResponse,
+
+    -- * Response Lenses
+    deletePermissionPolicyResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newDeletePermissionPolicy' smart constructor.
+data DeletePermissionPolicy = DeletePermissionPolicy'
+  { -- | The Amazon Resource Name (ARN) of the rule group from which you want to
+    -- delete the policy.
+    --
+    -- You must be the owner of the rule group to perform this operation.
+    resourceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeletePermissionPolicy' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'deletePermissionPolicy_resourceArn' - The Amazon Resource Name (ARN) of the rule group from which you want to
+-- delete the policy.
+--
+-- You must be the owner of the rule group to perform this operation.
+newDeletePermissionPolicy ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  DeletePermissionPolicy
+newDeletePermissionPolicy pResourceArn_ =
+  DeletePermissionPolicy'
+    { resourceArn =
+        pResourceArn_
+    }
+
+-- | The Amazon Resource Name (ARN) of the rule group from which you want to
+-- delete the policy.
+--
+-- You must be the owner of the rule group to perform this operation.
+deletePermissionPolicy_resourceArn :: Lens.Lens' DeletePermissionPolicy Prelude.Text
+deletePermissionPolicy_resourceArn = Lens.lens (\DeletePermissionPolicy' {resourceArn} -> resourceArn) (\s@DeletePermissionPolicy' {} a -> s {resourceArn = a} :: DeletePermissionPolicy)
+
+instance Core.AWSRequest DeletePermissionPolicy where
+  type
+    AWSResponse DeletePermissionPolicy =
+      DeletePermissionPolicyResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DeletePermissionPolicyResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeletePermissionPolicy where
+  hashWithSalt _salt DeletePermissionPolicy' {..} =
+    _salt `Prelude.hashWithSalt` resourceArn
+
+instance Prelude.NFData DeletePermissionPolicy where
+  rnf DeletePermissionPolicy' {..} =
+    Prelude.rnf resourceArn
+
+instance Data.ToHeaders DeletePermissionPolicy where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.DeletePermissionPolicy" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeletePermissionPolicy where
+  toJSON DeletePermissionPolicy' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("ResourceArn" Data..= resourceArn)]
+      )
+
+instance Data.ToPath DeletePermissionPolicy where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DeletePermissionPolicy where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeletePermissionPolicyResponse' smart constructor.
+data DeletePermissionPolicyResponse = DeletePermissionPolicyResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeletePermissionPolicyResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deletePermissionPolicyResponse_httpStatus' - The response's http status code.
+newDeletePermissionPolicyResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeletePermissionPolicyResponse
+newDeletePermissionPolicyResponse pHttpStatus_ =
+  DeletePermissionPolicyResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+deletePermissionPolicyResponse_httpStatus :: Lens.Lens' DeletePermissionPolicyResponse Prelude.Int
+deletePermissionPolicyResponse_httpStatus = Lens.lens (\DeletePermissionPolicyResponse' {httpStatus} -> httpStatus) (\s@DeletePermissionPolicyResponse' {} a -> s {httpStatus = a} :: DeletePermissionPolicyResponse)
+
+instance
+  Prelude.NFData
+    DeletePermissionPolicyResponse
+  where
+  rnf DeletePermissionPolicyResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/DeleteRegexPatternSet.hs b/gen/Amazonka/WAFV2/DeleteRegexPatternSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/DeleteRegexPatternSet.hs
@@ -0,0 +1,273 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.DeleteRegexPatternSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes the specified RegexPatternSet.
+module Amazonka.WAFV2.DeleteRegexPatternSet
+  ( -- * Creating a Request
+    DeleteRegexPatternSet (..),
+    newDeleteRegexPatternSet,
+
+    -- * Request Lenses
+    deleteRegexPatternSet_name,
+    deleteRegexPatternSet_scope,
+    deleteRegexPatternSet_id,
+    deleteRegexPatternSet_lockToken,
+
+    -- * Destructuring the Response
+    DeleteRegexPatternSetResponse (..),
+    newDeleteRegexPatternSetResponse,
+
+    -- * Response Lenses
+    deleteRegexPatternSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newDeleteRegexPatternSet' smart constructor.
+data DeleteRegexPatternSet = DeleteRegexPatternSet'
+  { -- | The name of the set. You cannot change the name after you create the
+    -- set.
+    name :: Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope,
+    -- | A unique identifier for the set. This ID is returned in the responses to
+    -- create and list commands. You provide it to operations like update and
+    -- delete.
+    id :: Prelude.Text,
+    -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    lockToken :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteRegexPatternSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'deleteRegexPatternSet_name' - The name of the set. You cannot change the name after you create the
+-- set.
+--
+-- 'scope', 'deleteRegexPatternSet_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+--
+-- 'id', 'deleteRegexPatternSet_id' - A unique identifier for the set. This ID is returned in the responses to
+-- create and list commands. You provide it to operations like update and
+-- delete.
+--
+-- 'lockToken', 'deleteRegexPatternSet_lockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+newDeleteRegexPatternSet ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'scope'
+  Scope ->
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'lockToken'
+  Prelude.Text ->
+  DeleteRegexPatternSet
+newDeleteRegexPatternSet
+  pName_
+  pScope_
+  pId_
+  pLockToken_ =
+    DeleteRegexPatternSet'
+      { name = pName_,
+        scope = pScope_,
+        id = pId_,
+        lockToken = pLockToken_
+      }
+
+-- | The name of the set. You cannot change the name after you create the
+-- set.
+deleteRegexPatternSet_name :: Lens.Lens' DeleteRegexPatternSet Prelude.Text
+deleteRegexPatternSet_name = Lens.lens (\DeleteRegexPatternSet' {name} -> name) (\s@DeleteRegexPatternSet' {} a -> s {name = a} :: DeleteRegexPatternSet)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+deleteRegexPatternSet_scope :: Lens.Lens' DeleteRegexPatternSet Scope
+deleteRegexPatternSet_scope = Lens.lens (\DeleteRegexPatternSet' {scope} -> scope) (\s@DeleteRegexPatternSet' {} a -> s {scope = a} :: DeleteRegexPatternSet)
+
+-- | A unique identifier for the set. This ID is returned in the responses to
+-- create and list commands. You provide it to operations like update and
+-- delete.
+deleteRegexPatternSet_id :: Lens.Lens' DeleteRegexPatternSet Prelude.Text
+deleteRegexPatternSet_id = Lens.lens (\DeleteRegexPatternSet' {id} -> id) (\s@DeleteRegexPatternSet' {} a -> s {id = a} :: DeleteRegexPatternSet)
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+deleteRegexPatternSet_lockToken :: Lens.Lens' DeleteRegexPatternSet Prelude.Text
+deleteRegexPatternSet_lockToken = Lens.lens (\DeleteRegexPatternSet' {lockToken} -> lockToken) (\s@DeleteRegexPatternSet' {} a -> s {lockToken = a} :: DeleteRegexPatternSet)
+
+instance Core.AWSRequest DeleteRegexPatternSet where
+  type
+    AWSResponse DeleteRegexPatternSet =
+      DeleteRegexPatternSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DeleteRegexPatternSetResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeleteRegexPatternSet where
+  hashWithSalt _salt DeleteRegexPatternSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` scope
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` lockToken
+
+instance Prelude.NFData DeleteRegexPatternSet where
+  rnf DeleteRegexPatternSet' {..} =
+    Prelude.rnf name
+      `Prelude.seq` Prelude.rnf scope
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf lockToken
+
+instance Data.ToHeaders DeleteRegexPatternSet where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.DeleteRegexPatternSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeleteRegexPatternSet where
+  toJSON DeleteRegexPatternSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Scope" Data..= scope),
+            Prelude.Just ("Id" Data..= id),
+            Prelude.Just ("LockToken" Data..= lockToken)
+          ]
+      )
+
+instance Data.ToPath DeleteRegexPatternSet where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DeleteRegexPatternSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteRegexPatternSetResponse' smart constructor.
+data DeleteRegexPatternSetResponse = DeleteRegexPatternSetResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteRegexPatternSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deleteRegexPatternSetResponse_httpStatus' - The response's http status code.
+newDeleteRegexPatternSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteRegexPatternSetResponse
+newDeleteRegexPatternSetResponse pHttpStatus_ =
+  DeleteRegexPatternSetResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+deleteRegexPatternSetResponse_httpStatus :: Lens.Lens' DeleteRegexPatternSetResponse Prelude.Int
+deleteRegexPatternSetResponse_httpStatus = Lens.lens (\DeleteRegexPatternSetResponse' {httpStatus} -> httpStatus) (\s@DeleteRegexPatternSetResponse' {} a -> s {httpStatus = a} :: DeleteRegexPatternSetResponse)
+
+instance Prelude.NFData DeleteRegexPatternSetResponse where
+  rnf DeleteRegexPatternSetResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/DeleteRuleGroup.hs b/gen/Amazonka/WAFV2/DeleteRuleGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/DeleteRuleGroup.hs
@@ -0,0 +1,266 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.DeleteRuleGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes the specified RuleGroup.
+module Amazonka.WAFV2.DeleteRuleGroup
+  ( -- * Creating a Request
+    DeleteRuleGroup (..),
+    newDeleteRuleGroup,
+
+    -- * Request Lenses
+    deleteRuleGroup_name,
+    deleteRuleGroup_scope,
+    deleteRuleGroup_id,
+    deleteRuleGroup_lockToken,
+
+    -- * Destructuring the Response
+    DeleteRuleGroupResponse (..),
+    newDeleteRuleGroupResponse,
+
+    -- * Response Lenses
+    deleteRuleGroupResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newDeleteRuleGroup' smart constructor.
+data DeleteRuleGroup = DeleteRuleGroup'
+  { -- | The name of the rule group. You cannot change the name of a rule group
+    -- after you create it.
+    name :: Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope,
+    -- | A unique identifier for the rule group. This ID is returned in the
+    -- responses to create and list commands. You provide it to operations like
+    -- update and delete.
+    id :: Prelude.Text,
+    -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    lockToken :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteRuleGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'deleteRuleGroup_name' - The name of the rule group. You cannot change the name of a rule group
+-- after you create it.
+--
+-- 'scope', 'deleteRuleGroup_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+--
+-- 'id', 'deleteRuleGroup_id' - A unique identifier for the rule group. This ID is returned in the
+-- responses to create and list commands. You provide it to operations like
+-- update and delete.
+--
+-- 'lockToken', 'deleteRuleGroup_lockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+newDeleteRuleGroup ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'scope'
+  Scope ->
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'lockToken'
+  Prelude.Text ->
+  DeleteRuleGroup
+newDeleteRuleGroup pName_ pScope_ pId_ pLockToken_ =
+  DeleteRuleGroup'
+    { name = pName_,
+      scope = pScope_,
+      id = pId_,
+      lockToken = pLockToken_
+    }
+
+-- | The name of the rule group. You cannot change the name of a rule group
+-- after you create it.
+deleteRuleGroup_name :: Lens.Lens' DeleteRuleGroup Prelude.Text
+deleteRuleGroup_name = Lens.lens (\DeleteRuleGroup' {name} -> name) (\s@DeleteRuleGroup' {} a -> s {name = a} :: DeleteRuleGroup)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+deleteRuleGroup_scope :: Lens.Lens' DeleteRuleGroup Scope
+deleteRuleGroup_scope = Lens.lens (\DeleteRuleGroup' {scope} -> scope) (\s@DeleteRuleGroup' {} a -> s {scope = a} :: DeleteRuleGroup)
+
+-- | A unique identifier for the rule group. This ID is returned in the
+-- responses to create and list commands. You provide it to operations like
+-- update and delete.
+deleteRuleGroup_id :: Lens.Lens' DeleteRuleGroup Prelude.Text
+deleteRuleGroup_id = Lens.lens (\DeleteRuleGroup' {id} -> id) (\s@DeleteRuleGroup' {} a -> s {id = a} :: DeleteRuleGroup)
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+deleteRuleGroup_lockToken :: Lens.Lens' DeleteRuleGroup Prelude.Text
+deleteRuleGroup_lockToken = Lens.lens (\DeleteRuleGroup' {lockToken} -> lockToken) (\s@DeleteRuleGroup' {} a -> s {lockToken = a} :: DeleteRuleGroup)
+
+instance Core.AWSRequest DeleteRuleGroup where
+  type
+    AWSResponse DeleteRuleGroup =
+      DeleteRuleGroupResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DeleteRuleGroupResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeleteRuleGroup where
+  hashWithSalt _salt DeleteRuleGroup' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` scope
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` lockToken
+
+instance Prelude.NFData DeleteRuleGroup where
+  rnf DeleteRuleGroup' {..} =
+    Prelude.rnf name
+      `Prelude.seq` Prelude.rnf scope
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf lockToken
+
+instance Data.ToHeaders DeleteRuleGroup where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.DeleteRuleGroup" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeleteRuleGroup where
+  toJSON DeleteRuleGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Scope" Data..= scope),
+            Prelude.Just ("Id" Data..= id),
+            Prelude.Just ("LockToken" Data..= lockToken)
+          ]
+      )
+
+instance Data.ToPath DeleteRuleGroup where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DeleteRuleGroup where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteRuleGroupResponse' smart constructor.
+data DeleteRuleGroupResponse = DeleteRuleGroupResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteRuleGroupResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deleteRuleGroupResponse_httpStatus' - The response's http status code.
+newDeleteRuleGroupResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteRuleGroupResponse
+newDeleteRuleGroupResponse pHttpStatus_ =
+  DeleteRuleGroupResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+deleteRuleGroupResponse_httpStatus :: Lens.Lens' DeleteRuleGroupResponse Prelude.Int
+deleteRuleGroupResponse_httpStatus = Lens.lens (\DeleteRuleGroupResponse' {httpStatus} -> httpStatus) (\s@DeleteRuleGroupResponse' {} a -> s {httpStatus = a} :: DeleteRuleGroupResponse)
+
+instance Prelude.NFData DeleteRuleGroupResponse where
+  rnf DeleteRuleGroupResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/DeleteWebACL.hs b/gen/Amazonka/WAFV2/DeleteWebACL.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/DeleteWebACL.hs
@@ -0,0 +1,287 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.DeleteWebACL
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Deletes the specified WebACL.
+--
+-- You can only use this if @ManagedByFirewallManager@ is false in the
+-- specified WebACL.
+--
+-- Before deleting any web ACL, first disassociate it from all resources.
+--
+-- -   To retrieve a list of the resources that are associated with a web
+--     ACL, use the following calls:
+--
+--     -   For regional resources, call ListResourcesForWebACL.
+--
+--     -   For Amazon CloudFront distributions, use the CloudFront call
+--         @ListDistributionsByWebACLId@. For information, see
+--         <https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_ListDistributionsByWebACLId.html ListDistributionsByWebACLId>.
+--
+-- -   To disassociate a resource from a web ACL, use the following calls:
+--
+--     -   For regional resources, call DisassociateWebACL.
+--
+--     -   For Amazon CloudFront distributions, provide an empty web ACL ID
+--         in the CloudFront call @UpdateDistribution@. For information,
+--         see
+--         <https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html UpdateDistribution>.
+module Amazonka.WAFV2.DeleteWebACL
+  ( -- * Creating a Request
+    DeleteWebACL (..),
+    newDeleteWebACL,
+
+    -- * Request Lenses
+    deleteWebACL_name,
+    deleteWebACL_scope,
+    deleteWebACL_id,
+    deleteWebACL_lockToken,
+
+    -- * Destructuring the Response
+    DeleteWebACLResponse (..),
+    newDeleteWebACLResponse,
+
+    -- * Response Lenses
+    deleteWebACLResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newDeleteWebACL' smart constructor.
+data DeleteWebACL = DeleteWebACL'
+  { -- | The name of the web ACL. You cannot change the name of a web ACL after
+    -- you create it.
+    name :: Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope,
+    -- | The unique identifier for the web ACL. This ID is returned in the
+    -- responses to create and list commands. You provide it to operations like
+    -- update and delete.
+    id :: Prelude.Text,
+    -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    lockToken :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteWebACL' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'deleteWebACL_name' - The name of the web ACL. You cannot change the name of a web ACL after
+-- you create it.
+--
+-- 'scope', 'deleteWebACL_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+--
+-- 'id', 'deleteWebACL_id' - The unique identifier for the web ACL. This ID is returned in the
+-- responses to create and list commands. You provide it to operations like
+-- update and delete.
+--
+-- 'lockToken', 'deleteWebACL_lockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+newDeleteWebACL ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'scope'
+  Scope ->
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'lockToken'
+  Prelude.Text ->
+  DeleteWebACL
+newDeleteWebACL pName_ pScope_ pId_ pLockToken_ =
+  DeleteWebACL'
+    { name = pName_,
+      scope = pScope_,
+      id = pId_,
+      lockToken = pLockToken_
+    }
+
+-- | The name of the web ACL. You cannot change the name of a web ACL after
+-- you create it.
+deleteWebACL_name :: Lens.Lens' DeleteWebACL Prelude.Text
+deleteWebACL_name = Lens.lens (\DeleteWebACL' {name} -> name) (\s@DeleteWebACL' {} a -> s {name = a} :: DeleteWebACL)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+deleteWebACL_scope :: Lens.Lens' DeleteWebACL Scope
+deleteWebACL_scope = Lens.lens (\DeleteWebACL' {scope} -> scope) (\s@DeleteWebACL' {} a -> s {scope = a} :: DeleteWebACL)
+
+-- | The unique identifier for the web ACL. This ID is returned in the
+-- responses to create and list commands. You provide it to operations like
+-- update and delete.
+deleteWebACL_id :: Lens.Lens' DeleteWebACL Prelude.Text
+deleteWebACL_id = Lens.lens (\DeleteWebACL' {id} -> id) (\s@DeleteWebACL' {} a -> s {id = a} :: DeleteWebACL)
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+deleteWebACL_lockToken :: Lens.Lens' DeleteWebACL Prelude.Text
+deleteWebACL_lockToken = Lens.lens (\DeleteWebACL' {lockToken} -> lockToken) (\s@DeleteWebACL' {} a -> s {lockToken = a} :: DeleteWebACL)
+
+instance Core.AWSRequest DeleteWebACL where
+  type AWSResponse DeleteWebACL = DeleteWebACLResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DeleteWebACLResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DeleteWebACL where
+  hashWithSalt _salt DeleteWebACL' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` scope
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` lockToken
+
+instance Prelude.NFData DeleteWebACL where
+  rnf DeleteWebACL' {..} =
+    Prelude.rnf name
+      `Prelude.seq` Prelude.rnf scope
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf lockToken
+
+instance Data.ToHeaders DeleteWebACL where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.DeleteWebACL" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DeleteWebACL where
+  toJSON DeleteWebACL' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Scope" Data..= scope),
+            Prelude.Just ("Id" Data..= id),
+            Prelude.Just ("LockToken" Data..= lockToken)
+          ]
+      )
+
+instance Data.ToPath DeleteWebACL where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DeleteWebACL where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDeleteWebACLResponse' smart constructor.
+data DeleteWebACLResponse = DeleteWebACLResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DeleteWebACLResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'deleteWebACLResponse_httpStatus' - The response's http status code.
+newDeleteWebACLResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DeleteWebACLResponse
+newDeleteWebACLResponse pHttpStatus_ =
+  DeleteWebACLResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+deleteWebACLResponse_httpStatus :: Lens.Lens' DeleteWebACLResponse Prelude.Int
+deleteWebACLResponse_httpStatus = Lens.lens (\DeleteWebACLResponse' {httpStatus} -> httpStatus) (\s@DeleteWebACLResponse' {} a -> s {httpStatus = a} :: DeleteWebACLResponse)
+
+instance Prelude.NFData DeleteWebACLResponse where
+  rnf DeleteWebACLResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/DescribeManagedRuleGroup.hs b/gen/Amazonka/WAFV2/DescribeManagedRuleGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/DescribeManagedRuleGroup.hs
@@ -0,0 +1,426 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.DescribeManagedRuleGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Provides high-level information for a managed rule group, including
+-- descriptions of the rules.
+module Amazonka.WAFV2.DescribeManagedRuleGroup
+  ( -- * Creating a Request
+    DescribeManagedRuleGroup (..),
+    newDescribeManagedRuleGroup,
+
+    -- * Request Lenses
+    describeManagedRuleGroup_versionName,
+    describeManagedRuleGroup_vendorName,
+    describeManagedRuleGroup_name,
+    describeManagedRuleGroup_scope,
+
+    -- * Destructuring the Response
+    DescribeManagedRuleGroupResponse (..),
+    newDescribeManagedRuleGroupResponse,
+
+    -- * Response Lenses
+    describeManagedRuleGroupResponse_availableLabels,
+    describeManagedRuleGroupResponse_capacity,
+    describeManagedRuleGroupResponse_consumedLabels,
+    describeManagedRuleGroupResponse_labelNamespace,
+    describeManagedRuleGroupResponse_rules,
+    describeManagedRuleGroupResponse_snsTopicArn,
+    describeManagedRuleGroupResponse_versionName,
+    describeManagedRuleGroupResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newDescribeManagedRuleGroup' smart constructor.
+data DescribeManagedRuleGroup = DescribeManagedRuleGroup'
+  { -- | The version of the rule group. You can only use a version that is not
+    -- scheduled for expiration. If you don\'t provide this, WAF uses the
+    -- vendor\'s default version.
+    versionName :: Prelude.Maybe Prelude.Text,
+    -- | The name of the managed rule group vendor. You use this, along with the
+    -- rule group name, to identify the rule group.
+    vendorName :: Prelude.Text,
+    -- | The name of the managed rule group. You use this, along with the vendor
+    -- name, to identify the rule group.
+    name :: Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeManagedRuleGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'versionName', 'describeManagedRuleGroup_versionName' - The version of the rule group. You can only use a version that is not
+-- scheduled for expiration. If you don\'t provide this, WAF uses the
+-- vendor\'s default version.
+--
+-- 'vendorName', 'describeManagedRuleGroup_vendorName' - The name of the managed rule group vendor. You use this, along with the
+-- rule group name, to identify the rule group.
+--
+-- 'name', 'describeManagedRuleGroup_name' - The name of the managed rule group. You use this, along with the vendor
+-- name, to identify the rule group.
+--
+-- 'scope', 'describeManagedRuleGroup_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+newDescribeManagedRuleGroup ::
+  -- | 'vendorName'
+  Prelude.Text ->
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'scope'
+  Scope ->
+  DescribeManagedRuleGroup
+newDescribeManagedRuleGroup
+  pVendorName_
+  pName_
+  pScope_ =
+    DescribeManagedRuleGroup'
+      { versionName =
+          Prelude.Nothing,
+        vendorName = pVendorName_,
+        name = pName_,
+        scope = pScope_
+      }
+
+-- | The version of the rule group. You can only use a version that is not
+-- scheduled for expiration. If you don\'t provide this, WAF uses the
+-- vendor\'s default version.
+describeManagedRuleGroup_versionName :: Lens.Lens' DescribeManagedRuleGroup (Prelude.Maybe Prelude.Text)
+describeManagedRuleGroup_versionName = Lens.lens (\DescribeManagedRuleGroup' {versionName} -> versionName) (\s@DescribeManagedRuleGroup' {} a -> s {versionName = a} :: DescribeManagedRuleGroup)
+
+-- | The name of the managed rule group vendor. You use this, along with the
+-- rule group name, to identify the rule group.
+describeManagedRuleGroup_vendorName :: Lens.Lens' DescribeManagedRuleGroup Prelude.Text
+describeManagedRuleGroup_vendorName = Lens.lens (\DescribeManagedRuleGroup' {vendorName} -> vendorName) (\s@DescribeManagedRuleGroup' {} a -> s {vendorName = a} :: DescribeManagedRuleGroup)
+
+-- | The name of the managed rule group. You use this, along with the vendor
+-- name, to identify the rule group.
+describeManagedRuleGroup_name :: Lens.Lens' DescribeManagedRuleGroup Prelude.Text
+describeManagedRuleGroup_name = Lens.lens (\DescribeManagedRuleGroup' {name} -> name) (\s@DescribeManagedRuleGroup' {} a -> s {name = a} :: DescribeManagedRuleGroup)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+describeManagedRuleGroup_scope :: Lens.Lens' DescribeManagedRuleGroup Scope
+describeManagedRuleGroup_scope = Lens.lens (\DescribeManagedRuleGroup' {scope} -> scope) (\s@DescribeManagedRuleGroup' {} a -> s {scope = a} :: DescribeManagedRuleGroup)
+
+instance Core.AWSRequest DescribeManagedRuleGroup where
+  type
+    AWSResponse DescribeManagedRuleGroup =
+      DescribeManagedRuleGroupResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          DescribeManagedRuleGroupResponse'
+            Prelude.<$> ( x
+                            Data..?> "AvailableLabels"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (x Data..?> "Capacity")
+            Prelude.<*> (x Data..?> "ConsumedLabels" Core..!@ Prelude.mempty)
+            Prelude.<*> (x Data..?> "LabelNamespace")
+            Prelude.<*> (x Data..?> "Rules" Core..!@ Prelude.mempty)
+            Prelude.<*> (x Data..?> "SnsTopicArn")
+            Prelude.<*> (x Data..?> "VersionName")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DescribeManagedRuleGroup where
+  hashWithSalt _salt DescribeManagedRuleGroup' {..} =
+    _salt
+      `Prelude.hashWithSalt` versionName
+      `Prelude.hashWithSalt` vendorName
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` scope
+
+instance Prelude.NFData DescribeManagedRuleGroup where
+  rnf DescribeManagedRuleGroup' {..} =
+    Prelude.rnf versionName
+      `Prelude.seq` Prelude.rnf vendorName
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf scope
+
+instance Data.ToHeaders DescribeManagedRuleGroup where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.DescribeManagedRuleGroup" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DescribeManagedRuleGroup where
+  toJSON DescribeManagedRuleGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("VersionName" Data..=) Prelude.<$> versionName,
+            Prelude.Just ("VendorName" Data..= vendorName),
+            Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Scope" Data..= scope)
+          ]
+      )
+
+instance Data.ToPath DescribeManagedRuleGroup where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DescribeManagedRuleGroup where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDescribeManagedRuleGroupResponse' smart constructor.
+data DescribeManagedRuleGroupResponse = DescribeManagedRuleGroupResponse'
+  { -- | The labels that one or more rules in this rule group add to matching web
+    -- requests. These labels are defined in the @RuleLabels@ for a Rule.
+    availableLabels :: Prelude.Maybe [LabelSummary],
+    -- | The web ACL capacity units (WCUs) required for this rule group. WAF uses
+    -- web ACL capacity units (WCU) to calculate and control the operating
+    -- resources that are used to run your rules, rule groups, and web ACLs.
+    -- WAF calculates capacity differently for each rule type, to reflect each
+    -- rule\'s relative cost. Rule group capacity is fixed at creation, so
+    -- users can plan their web ACL WCU usage when they use a rule group. The
+    -- WCU limit for web ACLs is 1,500.
+    capacity :: Prelude.Maybe Prelude.Natural,
+    -- | The labels that one or more rules in this rule group match against in
+    -- label match statements. These labels are defined in a
+    -- @LabelMatchStatement@ specification, in the Statement definition of a
+    -- rule.
+    consumedLabels :: Prelude.Maybe [LabelSummary],
+    -- | The label namespace prefix for this rule group. All labels added by
+    -- rules in this rule group have this prefix.
+    --
+    -- -   The syntax for the label namespace prefix for a managed rule group
+    --     is the following:
+    --
+    --     @awswaf:managed:\<vendor>:\<rule group name>@:
+    --
+    -- -   When a rule with a label matches a web request, WAF adds the fully
+    --     qualified label to the request. A fully qualified label is made up
+    --     of the label namespace from the rule group or web ACL where the rule
+    --     is defined and the label from the rule, separated by a colon:
+    --
+    --     @\<label namespace>:\<label from rule>@
+    labelNamespace :: Prelude.Maybe Prelude.Text,
+    rules :: Prelude.Maybe [RuleSummary],
+    -- | The Amazon resource name (ARN) of the Amazon Simple Notification Service
+    -- SNS topic that\'s used to record changes to the managed rule group. You
+    -- can subscribe to the SNS topic to receive notifications when the managed
+    -- rule group is modified, such as for new versions and for version
+    -- expiration. For more information, see the
+    -- <https://docs.aws.amazon.com/sns/latest/dg/welcome.html Amazon Simple Notification Service Developer Guide>.
+    snsTopicArn :: Prelude.Maybe Prelude.Text,
+    -- | The managed rule group\'s version.
+    versionName :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DescribeManagedRuleGroupResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'availableLabels', 'describeManagedRuleGroupResponse_availableLabels' - The labels that one or more rules in this rule group add to matching web
+-- requests. These labels are defined in the @RuleLabels@ for a Rule.
+--
+-- 'capacity', 'describeManagedRuleGroupResponse_capacity' - The web ACL capacity units (WCUs) required for this rule group. WAF uses
+-- web ACL capacity units (WCU) to calculate and control the operating
+-- resources that are used to run your rules, rule groups, and web ACLs.
+-- WAF calculates capacity differently for each rule type, to reflect each
+-- rule\'s relative cost. Rule group capacity is fixed at creation, so
+-- users can plan their web ACL WCU usage when they use a rule group. The
+-- WCU limit for web ACLs is 1,500.
+--
+-- 'consumedLabels', 'describeManagedRuleGroupResponse_consumedLabels' - The labels that one or more rules in this rule group match against in
+-- label match statements. These labels are defined in a
+-- @LabelMatchStatement@ specification, in the Statement definition of a
+-- rule.
+--
+-- 'labelNamespace', 'describeManagedRuleGroupResponse_labelNamespace' - The label namespace prefix for this rule group. All labels added by
+-- rules in this rule group have this prefix.
+--
+-- -   The syntax for the label namespace prefix for a managed rule group
+--     is the following:
+--
+--     @awswaf:managed:\<vendor>:\<rule group name>@:
+--
+-- -   When a rule with a label matches a web request, WAF adds the fully
+--     qualified label to the request. A fully qualified label is made up
+--     of the label namespace from the rule group or web ACL where the rule
+--     is defined and the label from the rule, separated by a colon:
+--
+--     @\<label namespace>:\<label from rule>@
+--
+-- 'rules', 'describeManagedRuleGroupResponse_rules' -
+--
+-- 'snsTopicArn', 'describeManagedRuleGroupResponse_snsTopicArn' - The Amazon resource name (ARN) of the Amazon Simple Notification Service
+-- SNS topic that\'s used to record changes to the managed rule group. You
+-- can subscribe to the SNS topic to receive notifications when the managed
+-- rule group is modified, such as for new versions and for version
+-- expiration. For more information, see the
+-- <https://docs.aws.amazon.com/sns/latest/dg/welcome.html Amazon Simple Notification Service Developer Guide>.
+--
+-- 'versionName', 'describeManagedRuleGroupResponse_versionName' - The managed rule group\'s version.
+--
+-- 'httpStatus', 'describeManagedRuleGroupResponse_httpStatus' - The response's http status code.
+newDescribeManagedRuleGroupResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DescribeManagedRuleGroupResponse
+newDescribeManagedRuleGroupResponse pHttpStatus_ =
+  DescribeManagedRuleGroupResponse'
+    { availableLabels =
+        Prelude.Nothing,
+      capacity = Prelude.Nothing,
+      consumedLabels = Prelude.Nothing,
+      labelNamespace = Prelude.Nothing,
+      rules = Prelude.Nothing,
+      snsTopicArn = Prelude.Nothing,
+      versionName = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The labels that one or more rules in this rule group add to matching web
+-- requests. These labels are defined in the @RuleLabels@ for a Rule.
+describeManagedRuleGroupResponse_availableLabels :: Lens.Lens' DescribeManagedRuleGroupResponse (Prelude.Maybe [LabelSummary])
+describeManagedRuleGroupResponse_availableLabels = Lens.lens (\DescribeManagedRuleGroupResponse' {availableLabels} -> availableLabels) (\s@DescribeManagedRuleGroupResponse' {} a -> s {availableLabels = a} :: DescribeManagedRuleGroupResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The web ACL capacity units (WCUs) required for this rule group. WAF uses
+-- web ACL capacity units (WCU) to calculate and control the operating
+-- resources that are used to run your rules, rule groups, and web ACLs.
+-- WAF calculates capacity differently for each rule type, to reflect each
+-- rule\'s relative cost. Rule group capacity is fixed at creation, so
+-- users can plan their web ACL WCU usage when they use a rule group. The
+-- WCU limit for web ACLs is 1,500.
+describeManagedRuleGroupResponse_capacity :: Lens.Lens' DescribeManagedRuleGroupResponse (Prelude.Maybe Prelude.Natural)
+describeManagedRuleGroupResponse_capacity = Lens.lens (\DescribeManagedRuleGroupResponse' {capacity} -> capacity) (\s@DescribeManagedRuleGroupResponse' {} a -> s {capacity = a} :: DescribeManagedRuleGroupResponse)
+
+-- | The labels that one or more rules in this rule group match against in
+-- label match statements. These labels are defined in a
+-- @LabelMatchStatement@ specification, in the Statement definition of a
+-- rule.
+describeManagedRuleGroupResponse_consumedLabels :: Lens.Lens' DescribeManagedRuleGroupResponse (Prelude.Maybe [LabelSummary])
+describeManagedRuleGroupResponse_consumedLabels = Lens.lens (\DescribeManagedRuleGroupResponse' {consumedLabels} -> consumedLabels) (\s@DescribeManagedRuleGroupResponse' {} a -> s {consumedLabels = a} :: DescribeManagedRuleGroupResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The label namespace prefix for this rule group. All labels added by
+-- rules in this rule group have this prefix.
+--
+-- -   The syntax for the label namespace prefix for a managed rule group
+--     is the following:
+--
+--     @awswaf:managed:\<vendor>:\<rule group name>@:
+--
+-- -   When a rule with a label matches a web request, WAF adds the fully
+--     qualified label to the request. A fully qualified label is made up
+--     of the label namespace from the rule group or web ACL where the rule
+--     is defined and the label from the rule, separated by a colon:
+--
+--     @\<label namespace>:\<label from rule>@
+describeManagedRuleGroupResponse_labelNamespace :: Lens.Lens' DescribeManagedRuleGroupResponse (Prelude.Maybe Prelude.Text)
+describeManagedRuleGroupResponse_labelNamespace = Lens.lens (\DescribeManagedRuleGroupResponse' {labelNamespace} -> labelNamespace) (\s@DescribeManagedRuleGroupResponse' {} a -> s {labelNamespace = a} :: DescribeManagedRuleGroupResponse)
+
+describeManagedRuleGroupResponse_rules :: Lens.Lens' DescribeManagedRuleGroupResponse (Prelude.Maybe [RuleSummary])
+describeManagedRuleGroupResponse_rules = Lens.lens (\DescribeManagedRuleGroupResponse' {rules} -> rules) (\s@DescribeManagedRuleGroupResponse' {} a -> s {rules = a} :: DescribeManagedRuleGroupResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The Amazon resource name (ARN) of the Amazon Simple Notification Service
+-- SNS topic that\'s used to record changes to the managed rule group. You
+-- can subscribe to the SNS topic to receive notifications when the managed
+-- rule group is modified, such as for new versions and for version
+-- expiration. For more information, see the
+-- <https://docs.aws.amazon.com/sns/latest/dg/welcome.html Amazon Simple Notification Service Developer Guide>.
+describeManagedRuleGroupResponse_snsTopicArn :: Lens.Lens' DescribeManagedRuleGroupResponse (Prelude.Maybe Prelude.Text)
+describeManagedRuleGroupResponse_snsTopicArn = Lens.lens (\DescribeManagedRuleGroupResponse' {snsTopicArn} -> snsTopicArn) (\s@DescribeManagedRuleGroupResponse' {} a -> s {snsTopicArn = a} :: DescribeManagedRuleGroupResponse)
+
+-- | The managed rule group\'s version.
+describeManagedRuleGroupResponse_versionName :: Lens.Lens' DescribeManagedRuleGroupResponse (Prelude.Maybe Prelude.Text)
+describeManagedRuleGroupResponse_versionName = Lens.lens (\DescribeManagedRuleGroupResponse' {versionName} -> versionName) (\s@DescribeManagedRuleGroupResponse' {} a -> s {versionName = a} :: DescribeManagedRuleGroupResponse)
+
+-- | The response's http status code.
+describeManagedRuleGroupResponse_httpStatus :: Lens.Lens' DescribeManagedRuleGroupResponse Prelude.Int
+describeManagedRuleGroupResponse_httpStatus = Lens.lens (\DescribeManagedRuleGroupResponse' {httpStatus} -> httpStatus) (\s@DescribeManagedRuleGroupResponse' {} a -> s {httpStatus = a} :: DescribeManagedRuleGroupResponse)
+
+instance
+  Prelude.NFData
+    DescribeManagedRuleGroupResponse
+  where
+  rnf DescribeManagedRuleGroupResponse' {..} =
+    Prelude.rnf availableLabels
+      `Prelude.seq` Prelude.rnf capacity
+      `Prelude.seq` Prelude.rnf consumedLabels
+      `Prelude.seq` Prelude.rnf labelNamespace
+      `Prelude.seq` Prelude.rnf rules
+      `Prelude.seq` Prelude.rnf snsTopicArn
+      `Prelude.seq` Prelude.rnf versionName
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/DisassociateWebACL.hs b/gen/Amazonka/WAFV2/DisassociateWebACL.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/DisassociateWebACL.hs
@@ -0,0 +1,211 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.DisassociateWebACL
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Disassociates the specified regional application resource from any
+-- existing web ACL association. A resource can have at most one web ACL
+-- association. A regional application can be an Application Load Balancer
+-- (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API, or an
+-- Amazon Cognito user pool.
+--
+-- For Amazon CloudFront, don\'t use this call. Instead, use your
+-- CloudFront distribution configuration. To disassociate a web ACL,
+-- provide an empty web ACL ID in the CloudFront call @UpdateDistribution@.
+-- For information, see
+-- <https://docs.aws.amazon.com/cloudfront/latest/APIReference/API_UpdateDistribution.html UpdateDistribution>.
+module Amazonka.WAFV2.DisassociateWebACL
+  ( -- * Creating a Request
+    DisassociateWebACL (..),
+    newDisassociateWebACL,
+
+    -- * Request Lenses
+    disassociateWebACL_resourceArn,
+
+    -- * Destructuring the Response
+    DisassociateWebACLResponse (..),
+    newDisassociateWebACLResponse,
+
+    -- * Response Lenses
+    disassociateWebACLResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newDisassociateWebACL' smart constructor.
+data DisassociateWebACL = DisassociateWebACL'
+  { -- | The Amazon Resource Name (ARN) of the resource to disassociate from the
+    -- web ACL.
+    --
+    -- The ARN must be in one of the following formats:
+    --
+    -- -   For an Application Load Balancer:
+    --     @arn:aws:elasticloadbalancing:@/@region@/@:@/@account-id@/@:loadbalancer\/app\/@/@load-balancer-name@/@\/@/@load-balancer-id@/@ @
+    --
+    -- -   For an Amazon API Gateway REST API:
+    --     @arn:aws:apigateway:@/@region@/@::\/restapis\/@/@api-id@/@\/stages\/@/@stage-name@/@ @
+    --
+    -- -   For an AppSync GraphQL API:
+    --     @arn:aws:appsync:@/@region@/@:@/@account-id@/@:apis\/@/@GraphQLApiId@/@ @
+    --
+    -- -   For an Amazon Cognito user pool:
+    --     @arn:aws:cognito-idp:@/@region@/@:@/@account-id@/@:userpool\/@/@user-pool-id@/@ @
+    resourceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateWebACL' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'disassociateWebACL_resourceArn' - The Amazon Resource Name (ARN) of the resource to disassociate from the
+-- web ACL.
+--
+-- The ARN must be in one of the following formats:
+--
+-- -   For an Application Load Balancer:
+--     @arn:aws:elasticloadbalancing:@/@region@/@:@/@account-id@/@:loadbalancer\/app\/@/@load-balancer-name@/@\/@/@load-balancer-id@/@ @
+--
+-- -   For an Amazon API Gateway REST API:
+--     @arn:aws:apigateway:@/@region@/@::\/restapis\/@/@api-id@/@\/stages\/@/@stage-name@/@ @
+--
+-- -   For an AppSync GraphQL API:
+--     @arn:aws:appsync:@/@region@/@:@/@account-id@/@:apis\/@/@GraphQLApiId@/@ @
+--
+-- -   For an Amazon Cognito user pool:
+--     @arn:aws:cognito-idp:@/@region@/@:@/@account-id@/@:userpool\/@/@user-pool-id@/@ @
+newDisassociateWebACL ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  DisassociateWebACL
+newDisassociateWebACL pResourceArn_ =
+  DisassociateWebACL' {resourceArn = pResourceArn_}
+
+-- | The Amazon Resource Name (ARN) of the resource to disassociate from the
+-- web ACL.
+--
+-- The ARN must be in one of the following formats:
+--
+-- -   For an Application Load Balancer:
+--     @arn:aws:elasticloadbalancing:@/@region@/@:@/@account-id@/@:loadbalancer\/app\/@/@load-balancer-name@/@\/@/@load-balancer-id@/@ @
+--
+-- -   For an Amazon API Gateway REST API:
+--     @arn:aws:apigateway:@/@region@/@::\/restapis\/@/@api-id@/@\/stages\/@/@stage-name@/@ @
+--
+-- -   For an AppSync GraphQL API:
+--     @arn:aws:appsync:@/@region@/@:@/@account-id@/@:apis\/@/@GraphQLApiId@/@ @
+--
+-- -   For an Amazon Cognito user pool:
+--     @arn:aws:cognito-idp:@/@region@/@:@/@account-id@/@:userpool\/@/@user-pool-id@/@ @
+disassociateWebACL_resourceArn :: Lens.Lens' DisassociateWebACL Prelude.Text
+disassociateWebACL_resourceArn = Lens.lens (\DisassociateWebACL' {resourceArn} -> resourceArn) (\s@DisassociateWebACL' {} a -> s {resourceArn = a} :: DisassociateWebACL)
+
+instance Core.AWSRequest DisassociateWebACL where
+  type
+    AWSResponse DisassociateWebACL =
+      DisassociateWebACLResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          DisassociateWebACLResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable DisassociateWebACL where
+  hashWithSalt _salt DisassociateWebACL' {..} =
+    _salt `Prelude.hashWithSalt` resourceArn
+
+instance Prelude.NFData DisassociateWebACL where
+  rnf DisassociateWebACL' {..} = Prelude.rnf resourceArn
+
+instance Data.ToHeaders DisassociateWebACL where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.DisassociateWebACL" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON DisassociateWebACL where
+  toJSON DisassociateWebACL' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("ResourceArn" Data..= resourceArn)]
+      )
+
+instance Data.ToPath DisassociateWebACL where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery DisassociateWebACL where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newDisassociateWebACLResponse' smart constructor.
+data DisassociateWebACLResponse = DisassociateWebACLResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DisassociateWebACLResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'disassociateWebACLResponse_httpStatus' - The response's http status code.
+newDisassociateWebACLResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  DisassociateWebACLResponse
+newDisassociateWebACLResponse pHttpStatus_ =
+  DisassociateWebACLResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+disassociateWebACLResponse_httpStatus :: Lens.Lens' DisassociateWebACLResponse Prelude.Int
+disassociateWebACLResponse_httpStatus = Lens.lens (\DisassociateWebACLResponse' {httpStatus} -> httpStatus) (\s@DisassociateWebACLResponse' {} a -> s {httpStatus = a} :: DisassociateWebACLResponse)
+
+instance Prelude.NFData DisassociateWebACLResponse where
+  rnf DisassociateWebACLResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/GenerateMobileSdkReleaseUrl.hs b/gen/Amazonka/WAFV2/GenerateMobileSdkReleaseUrl.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/GenerateMobileSdkReleaseUrl.hs
@@ -0,0 +1,201 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.GenerateMobileSdkReleaseUrl
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Generates a presigned download URL for the specified release of the
+-- mobile SDK.
+--
+-- The mobile SDK is not generally available. Customers who have access to
+-- the mobile SDK can use it to establish and manage WAF tokens for use in
+-- HTTP(S) requests from a mobile device to WAF. For more information, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html WAF client application integration>
+-- in the /WAF Developer Guide/.
+module Amazonka.WAFV2.GenerateMobileSdkReleaseUrl
+  ( -- * Creating a Request
+    GenerateMobileSdkReleaseUrl (..),
+    newGenerateMobileSdkReleaseUrl,
+
+    -- * Request Lenses
+    generateMobileSdkReleaseUrl_platform,
+    generateMobileSdkReleaseUrl_releaseVersion,
+
+    -- * Destructuring the Response
+    GenerateMobileSdkReleaseUrlResponse (..),
+    newGenerateMobileSdkReleaseUrlResponse,
+
+    -- * Response Lenses
+    generateMobileSdkReleaseUrlResponse_url,
+    generateMobileSdkReleaseUrlResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newGenerateMobileSdkReleaseUrl' smart constructor.
+data GenerateMobileSdkReleaseUrl = GenerateMobileSdkReleaseUrl'
+  { -- | The device platform.
+    platform :: Platform,
+    -- | The release version. For the latest available version, specify @LATEST@.
+    releaseVersion :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GenerateMobileSdkReleaseUrl' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'platform', 'generateMobileSdkReleaseUrl_platform' - The device platform.
+--
+-- 'releaseVersion', 'generateMobileSdkReleaseUrl_releaseVersion' - The release version. For the latest available version, specify @LATEST@.
+newGenerateMobileSdkReleaseUrl ::
+  -- | 'platform'
+  Platform ->
+  -- | 'releaseVersion'
+  Prelude.Text ->
+  GenerateMobileSdkReleaseUrl
+newGenerateMobileSdkReleaseUrl
+  pPlatform_
+  pReleaseVersion_ =
+    GenerateMobileSdkReleaseUrl'
+      { platform = pPlatform_,
+        releaseVersion = pReleaseVersion_
+      }
+
+-- | The device platform.
+generateMobileSdkReleaseUrl_platform :: Lens.Lens' GenerateMobileSdkReleaseUrl Platform
+generateMobileSdkReleaseUrl_platform = Lens.lens (\GenerateMobileSdkReleaseUrl' {platform} -> platform) (\s@GenerateMobileSdkReleaseUrl' {} a -> s {platform = a} :: GenerateMobileSdkReleaseUrl)
+
+-- | The release version. For the latest available version, specify @LATEST@.
+generateMobileSdkReleaseUrl_releaseVersion :: Lens.Lens' GenerateMobileSdkReleaseUrl Prelude.Text
+generateMobileSdkReleaseUrl_releaseVersion = Lens.lens (\GenerateMobileSdkReleaseUrl' {releaseVersion} -> releaseVersion) (\s@GenerateMobileSdkReleaseUrl' {} a -> s {releaseVersion = a} :: GenerateMobileSdkReleaseUrl)
+
+instance Core.AWSRequest GenerateMobileSdkReleaseUrl where
+  type
+    AWSResponse GenerateMobileSdkReleaseUrl =
+      GenerateMobileSdkReleaseUrlResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GenerateMobileSdkReleaseUrlResponse'
+            Prelude.<$> (x Data..?> "Url")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GenerateMobileSdkReleaseUrl where
+  hashWithSalt _salt GenerateMobileSdkReleaseUrl' {..} =
+    _salt
+      `Prelude.hashWithSalt` platform
+      `Prelude.hashWithSalt` releaseVersion
+
+instance Prelude.NFData GenerateMobileSdkReleaseUrl where
+  rnf GenerateMobileSdkReleaseUrl' {..} =
+    Prelude.rnf platform
+      `Prelude.seq` Prelude.rnf releaseVersion
+
+instance Data.ToHeaders GenerateMobileSdkReleaseUrl where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.GenerateMobileSdkReleaseUrl" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GenerateMobileSdkReleaseUrl where
+  toJSON GenerateMobileSdkReleaseUrl' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Platform" Data..= platform),
+            Prelude.Just
+              ("ReleaseVersion" Data..= releaseVersion)
+          ]
+      )
+
+instance Data.ToPath GenerateMobileSdkReleaseUrl where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GenerateMobileSdkReleaseUrl where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGenerateMobileSdkReleaseUrlResponse' smart constructor.
+data GenerateMobileSdkReleaseUrlResponse = GenerateMobileSdkReleaseUrlResponse'
+  { -- | The presigned download URL for the specified SDK release.
+    url :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GenerateMobileSdkReleaseUrlResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'url', 'generateMobileSdkReleaseUrlResponse_url' - The presigned download URL for the specified SDK release.
+--
+-- 'httpStatus', 'generateMobileSdkReleaseUrlResponse_httpStatus' - The response's http status code.
+newGenerateMobileSdkReleaseUrlResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GenerateMobileSdkReleaseUrlResponse
+newGenerateMobileSdkReleaseUrlResponse pHttpStatus_ =
+  GenerateMobileSdkReleaseUrlResponse'
+    { url =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The presigned download URL for the specified SDK release.
+generateMobileSdkReleaseUrlResponse_url :: Lens.Lens' GenerateMobileSdkReleaseUrlResponse (Prelude.Maybe Prelude.Text)
+generateMobileSdkReleaseUrlResponse_url = Lens.lens (\GenerateMobileSdkReleaseUrlResponse' {url} -> url) (\s@GenerateMobileSdkReleaseUrlResponse' {} a -> s {url = a} :: GenerateMobileSdkReleaseUrlResponse)
+
+-- | The response's http status code.
+generateMobileSdkReleaseUrlResponse_httpStatus :: Lens.Lens' GenerateMobileSdkReleaseUrlResponse Prelude.Int
+generateMobileSdkReleaseUrlResponse_httpStatus = Lens.lens (\GenerateMobileSdkReleaseUrlResponse' {httpStatus} -> httpStatus) (\s@GenerateMobileSdkReleaseUrlResponse' {} a -> s {httpStatus = a} :: GenerateMobileSdkReleaseUrlResponse)
+
+instance
+  Prelude.NFData
+    GenerateMobileSdkReleaseUrlResponse
+  where
+  rnf GenerateMobileSdkReleaseUrlResponse' {..} =
+    Prelude.rnf url
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/GetIPSet.hs b/gen/Amazonka/WAFV2/GetIPSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/GetIPSet.hs
@@ -0,0 +1,271 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.GetIPSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the specified IPSet.
+module Amazonka.WAFV2.GetIPSet
+  ( -- * Creating a Request
+    GetIPSet (..),
+    newGetIPSet,
+
+    -- * Request Lenses
+    getIPSet_name,
+    getIPSet_scope,
+    getIPSet_id,
+
+    -- * Destructuring the Response
+    GetIPSetResponse (..),
+    newGetIPSetResponse,
+
+    -- * Response Lenses
+    getIPSetResponse_iPSet,
+    getIPSetResponse_lockToken,
+    getIPSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newGetIPSet' smart constructor.
+data GetIPSet = GetIPSet'
+  { -- | The name of the IP set. You cannot change the name of an @IPSet@ after
+    -- you create it.
+    name :: Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope,
+    -- | A unique identifier for the set. This ID is returned in the responses to
+    -- create and list commands. You provide it to operations like update and
+    -- delete.
+    id :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetIPSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'getIPSet_name' - The name of the IP set. You cannot change the name of an @IPSet@ after
+-- you create it.
+--
+-- 'scope', 'getIPSet_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+--
+-- 'id', 'getIPSet_id' - A unique identifier for the set. This ID is returned in the responses to
+-- create and list commands. You provide it to operations like update and
+-- delete.
+newGetIPSet ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'scope'
+  Scope ->
+  -- | 'id'
+  Prelude.Text ->
+  GetIPSet
+newGetIPSet pName_ pScope_ pId_ =
+  GetIPSet'
+    { name = pName_,
+      scope = pScope_,
+      id = pId_
+    }
+
+-- | The name of the IP set. You cannot change the name of an @IPSet@ after
+-- you create it.
+getIPSet_name :: Lens.Lens' GetIPSet Prelude.Text
+getIPSet_name = Lens.lens (\GetIPSet' {name} -> name) (\s@GetIPSet' {} a -> s {name = a} :: GetIPSet)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+getIPSet_scope :: Lens.Lens' GetIPSet Scope
+getIPSet_scope = Lens.lens (\GetIPSet' {scope} -> scope) (\s@GetIPSet' {} a -> s {scope = a} :: GetIPSet)
+
+-- | A unique identifier for the set. This ID is returned in the responses to
+-- create and list commands. You provide it to operations like update and
+-- delete.
+getIPSet_id :: Lens.Lens' GetIPSet Prelude.Text
+getIPSet_id = Lens.lens (\GetIPSet' {id} -> id) (\s@GetIPSet' {} a -> s {id = a} :: GetIPSet)
+
+instance Core.AWSRequest GetIPSet where
+  type AWSResponse GetIPSet = GetIPSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetIPSetResponse'
+            Prelude.<$> (x Data..?> "IPSet")
+            Prelude.<*> (x Data..?> "LockToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetIPSet where
+  hashWithSalt _salt GetIPSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` scope
+      `Prelude.hashWithSalt` id
+
+instance Prelude.NFData GetIPSet where
+  rnf GetIPSet' {..} =
+    Prelude.rnf name
+      `Prelude.seq` Prelude.rnf scope
+      `Prelude.seq` Prelude.rnf id
+
+instance Data.ToHeaders GetIPSet where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ("AWSWAF_20190729.GetIPSet" :: Prelude.ByteString),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetIPSet where
+  toJSON GetIPSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Scope" Data..= scope),
+            Prelude.Just ("Id" Data..= id)
+          ]
+      )
+
+instance Data.ToPath GetIPSet where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetIPSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetIPSetResponse' smart constructor.
+data GetIPSetResponse = GetIPSetResponse'
+  { iPSet :: Prelude.Maybe IPSet,
+    -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    lockToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetIPSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'iPSet', 'getIPSetResponse_iPSet' -
+--
+-- 'lockToken', 'getIPSetResponse_lockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+--
+-- 'httpStatus', 'getIPSetResponse_httpStatus' - The response's http status code.
+newGetIPSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetIPSetResponse
+newGetIPSetResponse pHttpStatus_ =
+  GetIPSetResponse'
+    { iPSet = Prelude.Nothing,
+      lockToken = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+getIPSetResponse_iPSet :: Lens.Lens' GetIPSetResponse (Prelude.Maybe IPSet)
+getIPSetResponse_iPSet = Lens.lens (\GetIPSetResponse' {iPSet} -> iPSet) (\s@GetIPSetResponse' {} a -> s {iPSet = a} :: GetIPSetResponse)
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+getIPSetResponse_lockToken :: Lens.Lens' GetIPSetResponse (Prelude.Maybe Prelude.Text)
+getIPSetResponse_lockToken = Lens.lens (\GetIPSetResponse' {lockToken} -> lockToken) (\s@GetIPSetResponse' {} a -> s {lockToken = a} :: GetIPSetResponse)
+
+-- | The response's http status code.
+getIPSetResponse_httpStatus :: Lens.Lens' GetIPSetResponse Prelude.Int
+getIPSetResponse_httpStatus = Lens.lens (\GetIPSetResponse' {httpStatus} -> httpStatus) (\s@GetIPSetResponse' {} a -> s {httpStatus = a} :: GetIPSetResponse)
+
+instance Prelude.NFData GetIPSetResponse where
+  rnf GetIPSetResponse' {..} =
+    Prelude.rnf iPSet
+      `Prelude.seq` Prelude.rnf lockToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/GetLoggingConfiguration.hs b/gen/Amazonka/WAFV2/GetLoggingConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/GetLoggingConfiguration.hs
@@ -0,0 +1,178 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.GetLoggingConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns the LoggingConfiguration for the specified web ACL.
+module Amazonka.WAFV2.GetLoggingConfiguration
+  ( -- * Creating a Request
+    GetLoggingConfiguration (..),
+    newGetLoggingConfiguration,
+
+    -- * Request Lenses
+    getLoggingConfiguration_resourceArn,
+
+    -- * Destructuring the Response
+    GetLoggingConfigurationResponse (..),
+    newGetLoggingConfigurationResponse,
+
+    -- * Response Lenses
+    getLoggingConfigurationResponse_loggingConfiguration,
+    getLoggingConfigurationResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newGetLoggingConfiguration' smart constructor.
+data GetLoggingConfiguration = GetLoggingConfiguration'
+  { -- | The Amazon Resource Name (ARN) of the web ACL for which you want to get
+    -- the LoggingConfiguration.
+    resourceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetLoggingConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'getLoggingConfiguration_resourceArn' - The Amazon Resource Name (ARN) of the web ACL for which you want to get
+-- the LoggingConfiguration.
+newGetLoggingConfiguration ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  GetLoggingConfiguration
+newGetLoggingConfiguration pResourceArn_ =
+  GetLoggingConfiguration'
+    { resourceArn =
+        pResourceArn_
+    }
+
+-- | The Amazon Resource Name (ARN) of the web ACL for which you want to get
+-- the LoggingConfiguration.
+getLoggingConfiguration_resourceArn :: Lens.Lens' GetLoggingConfiguration Prelude.Text
+getLoggingConfiguration_resourceArn = Lens.lens (\GetLoggingConfiguration' {resourceArn} -> resourceArn) (\s@GetLoggingConfiguration' {} a -> s {resourceArn = a} :: GetLoggingConfiguration)
+
+instance Core.AWSRequest GetLoggingConfiguration where
+  type
+    AWSResponse GetLoggingConfiguration =
+      GetLoggingConfigurationResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetLoggingConfigurationResponse'
+            Prelude.<$> (x Data..?> "LoggingConfiguration")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetLoggingConfiguration where
+  hashWithSalt _salt GetLoggingConfiguration' {..} =
+    _salt `Prelude.hashWithSalt` resourceArn
+
+instance Prelude.NFData GetLoggingConfiguration where
+  rnf GetLoggingConfiguration' {..} =
+    Prelude.rnf resourceArn
+
+instance Data.ToHeaders GetLoggingConfiguration where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.GetLoggingConfiguration" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetLoggingConfiguration where
+  toJSON GetLoggingConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("ResourceArn" Data..= resourceArn)]
+      )
+
+instance Data.ToPath GetLoggingConfiguration where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetLoggingConfiguration where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetLoggingConfigurationResponse' smart constructor.
+data GetLoggingConfigurationResponse = GetLoggingConfigurationResponse'
+  { -- | The LoggingConfiguration for the specified web ACL.
+    loggingConfiguration :: Prelude.Maybe LoggingConfiguration,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetLoggingConfigurationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'loggingConfiguration', 'getLoggingConfigurationResponse_loggingConfiguration' - The LoggingConfiguration for the specified web ACL.
+--
+-- 'httpStatus', 'getLoggingConfigurationResponse_httpStatus' - The response's http status code.
+newGetLoggingConfigurationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetLoggingConfigurationResponse
+newGetLoggingConfigurationResponse pHttpStatus_ =
+  GetLoggingConfigurationResponse'
+    { loggingConfiguration =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The LoggingConfiguration for the specified web ACL.
+getLoggingConfigurationResponse_loggingConfiguration :: Lens.Lens' GetLoggingConfigurationResponse (Prelude.Maybe LoggingConfiguration)
+getLoggingConfigurationResponse_loggingConfiguration = Lens.lens (\GetLoggingConfigurationResponse' {loggingConfiguration} -> loggingConfiguration) (\s@GetLoggingConfigurationResponse' {} a -> s {loggingConfiguration = a} :: GetLoggingConfigurationResponse)
+
+-- | The response's http status code.
+getLoggingConfigurationResponse_httpStatus :: Lens.Lens' GetLoggingConfigurationResponse Prelude.Int
+getLoggingConfigurationResponse_httpStatus = Lens.lens (\GetLoggingConfigurationResponse' {httpStatus} -> httpStatus) (\s@GetLoggingConfigurationResponse' {} a -> s {httpStatus = a} :: GetLoggingConfigurationResponse)
+
+instance
+  Prelude.NFData
+    GetLoggingConfigurationResponse
+  where
+  rnf GetLoggingConfigurationResponse' {..} =
+    Prelude.rnf loggingConfiguration
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/GetManagedRuleSet.hs b/gen/Amazonka/WAFV2/GetManagedRuleSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/GetManagedRuleSet.hs
@@ -0,0 +1,296 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.GetManagedRuleSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the specified managed rule set.
+--
+-- This is intended for use only by vendors of managed rule sets. Vendors
+-- are Amazon Web Services and Amazon Web Services Marketplace sellers.
+--
+-- Vendors, you can use the managed rule set APIs to provide controlled
+-- rollout of your versioned managed rule group offerings for your
+-- customers. The APIs are @ListManagedRuleSets@, @GetManagedRuleSet@,
+-- @PutManagedRuleSetVersions@, and
+-- @UpdateManagedRuleSetVersionExpiryDate@.
+module Amazonka.WAFV2.GetManagedRuleSet
+  ( -- * Creating a Request
+    GetManagedRuleSet (..),
+    newGetManagedRuleSet,
+
+    -- * Request Lenses
+    getManagedRuleSet_name,
+    getManagedRuleSet_scope,
+    getManagedRuleSet_id,
+
+    -- * Destructuring the Response
+    GetManagedRuleSetResponse (..),
+    newGetManagedRuleSetResponse,
+
+    -- * Response Lenses
+    getManagedRuleSetResponse_lockToken,
+    getManagedRuleSetResponse_managedRuleSet,
+    getManagedRuleSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newGetManagedRuleSet' smart constructor.
+data GetManagedRuleSet = GetManagedRuleSet'
+  { -- | The name of the managed rule set. You use this, along with the rule set
+    -- ID, to identify the rule set.
+    --
+    -- This name is assigned to the corresponding managed rule group, which
+    -- your customers can access and use.
+    name :: Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope,
+    -- | A unique identifier for the managed rule set. The ID is returned in the
+    -- responses to commands like @list@. You provide it to operations like
+    -- @get@ and @update@.
+    id :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetManagedRuleSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'getManagedRuleSet_name' - The name of the managed rule set. You use this, along with the rule set
+-- ID, to identify the rule set.
+--
+-- This name is assigned to the corresponding managed rule group, which
+-- your customers can access and use.
+--
+-- 'scope', 'getManagedRuleSet_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+--
+-- 'id', 'getManagedRuleSet_id' - A unique identifier for the managed rule set. The ID is returned in the
+-- responses to commands like @list@. You provide it to operations like
+-- @get@ and @update@.
+newGetManagedRuleSet ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'scope'
+  Scope ->
+  -- | 'id'
+  Prelude.Text ->
+  GetManagedRuleSet
+newGetManagedRuleSet pName_ pScope_ pId_ =
+  GetManagedRuleSet'
+    { name = pName_,
+      scope = pScope_,
+      id = pId_
+    }
+
+-- | The name of the managed rule set. You use this, along with the rule set
+-- ID, to identify the rule set.
+--
+-- This name is assigned to the corresponding managed rule group, which
+-- your customers can access and use.
+getManagedRuleSet_name :: Lens.Lens' GetManagedRuleSet Prelude.Text
+getManagedRuleSet_name = Lens.lens (\GetManagedRuleSet' {name} -> name) (\s@GetManagedRuleSet' {} a -> s {name = a} :: GetManagedRuleSet)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+getManagedRuleSet_scope :: Lens.Lens' GetManagedRuleSet Scope
+getManagedRuleSet_scope = Lens.lens (\GetManagedRuleSet' {scope} -> scope) (\s@GetManagedRuleSet' {} a -> s {scope = a} :: GetManagedRuleSet)
+
+-- | A unique identifier for the managed rule set. The ID is returned in the
+-- responses to commands like @list@. You provide it to operations like
+-- @get@ and @update@.
+getManagedRuleSet_id :: Lens.Lens' GetManagedRuleSet Prelude.Text
+getManagedRuleSet_id = Lens.lens (\GetManagedRuleSet' {id} -> id) (\s@GetManagedRuleSet' {} a -> s {id = a} :: GetManagedRuleSet)
+
+instance Core.AWSRequest GetManagedRuleSet where
+  type
+    AWSResponse GetManagedRuleSet =
+      GetManagedRuleSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetManagedRuleSetResponse'
+            Prelude.<$> (x Data..?> "LockToken")
+            Prelude.<*> (x Data..?> "ManagedRuleSet")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetManagedRuleSet where
+  hashWithSalt _salt GetManagedRuleSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` scope
+      `Prelude.hashWithSalt` id
+
+instance Prelude.NFData GetManagedRuleSet where
+  rnf GetManagedRuleSet' {..} =
+    Prelude.rnf name
+      `Prelude.seq` Prelude.rnf scope
+      `Prelude.seq` Prelude.rnf id
+
+instance Data.ToHeaders GetManagedRuleSet where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.GetManagedRuleSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetManagedRuleSet where
+  toJSON GetManagedRuleSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Scope" Data..= scope),
+            Prelude.Just ("Id" Data..= id)
+          ]
+      )
+
+instance Data.ToPath GetManagedRuleSet where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetManagedRuleSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetManagedRuleSetResponse' smart constructor.
+data GetManagedRuleSetResponse = GetManagedRuleSetResponse'
+  { -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    lockToken :: Prelude.Maybe Prelude.Text,
+    -- | The managed rule set that you requested.
+    managedRuleSet :: Prelude.Maybe ManagedRuleSet,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetManagedRuleSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'lockToken', 'getManagedRuleSetResponse_lockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+--
+-- 'managedRuleSet', 'getManagedRuleSetResponse_managedRuleSet' - The managed rule set that you requested.
+--
+-- 'httpStatus', 'getManagedRuleSetResponse_httpStatus' - The response's http status code.
+newGetManagedRuleSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetManagedRuleSetResponse
+newGetManagedRuleSetResponse pHttpStatus_ =
+  GetManagedRuleSetResponse'
+    { lockToken =
+        Prelude.Nothing,
+      managedRuleSet = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+getManagedRuleSetResponse_lockToken :: Lens.Lens' GetManagedRuleSetResponse (Prelude.Maybe Prelude.Text)
+getManagedRuleSetResponse_lockToken = Lens.lens (\GetManagedRuleSetResponse' {lockToken} -> lockToken) (\s@GetManagedRuleSetResponse' {} a -> s {lockToken = a} :: GetManagedRuleSetResponse)
+
+-- | The managed rule set that you requested.
+getManagedRuleSetResponse_managedRuleSet :: Lens.Lens' GetManagedRuleSetResponse (Prelude.Maybe ManagedRuleSet)
+getManagedRuleSetResponse_managedRuleSet = Lens.lens (\GetManagedRuleSetResponse' {managedRuleSet} -> managedRuleSet) (\s@GetManagedRuleSetResponse' {} a -> s {managedRuleSet = a} :: GetManagedRuleSetResponse)
+
+-- | The response's http status code.
+getManagedRuleSetResponse_httpStatus :: Lens.Lens' GetManagedRuleSetResponse Prelude.Int
+getManagedRuleSetResponse_httpStatus = Lens.lens (\GetManagedRuleSetResponse' {httpStatus} -> httpStatus) (\s@GetManagedRuleSetResponse' {} a -> s {httpStatus = a} :: GetManagedRuleSetResponse)
+
+instance Prelude.NFData GetManagedRuleSetResponse where
+  rnf GetManagedRuleSetResponse' {..} =
+    Prelude.rnf lockToken
+      `Prelude.seq` Prelude.rnf managedRuleSet
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/GetMobileSdkRelease.hs b/gen/Amazonka/WAFV2/GetMobileSdkRelease.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/GetMobileSdkRelease.hs
@@ -0,0 +1,199 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.GetMobileSdkRelease
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves information for the specified mobile SDK release, including
+-- release notes and tags.
+--
+-- The mobile SDK is not generally available. Customers who have access to
+-- the mobile SDK can use it to establish and manage WAF tokens for use in
+-- HTTP(S) requests from a mobile device to WAF. For more information, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html WAF client application integration>
+-- in the /WAF Developer Guide/.
+module Amazonka.WAFV2.GetMobileSdkRelease
+  ( -- * Creating a Request
+    GetMobileSdkRelease (..),
+    newGetMobileSdkRelease,
+
+    -- * Request Lenses
+    getMobileSdkRelease_platform,
+    getMobileSdkRelease_releaseVersion,
+
+    -- * Destructuring the Response
+    GetMobileSdkReleaseResponse (..),
+    newGetMobileSdkReleaseResponse,
+
+    -- * Response Lenses
+    getMobileSdkReleaseResponse_mobileSdkRelease,
+    getMobileSdkReleaseResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newGetMobileSdkRelease' smart constructor.
+data GetMobileSdkRelease = GetMobileSdkRelease'
+  { -- | The device platform.
+    platform :: Platform,
+    -- | The release version. For the latest available version, specify @LATEST@.
+    releaseVersion :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetMobileSdkRelease' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'platform', 'getMobileSdkRelease_platform' - The device platform.
+--
+-- 'releaseVersion', 'getMobileSdkRelease_releaseVersion' - The release version. For the latest available version, specify @LATEST@.
+newGetMobileSdkRelease ::
+  -- | 'platform'
+  Platform ->
+  -- | 'releaseVersion'
+  Prelude.Text ->
+  GetMobileSdkRelease
+newGetMobileSdkRelease pPlatform_ pReleaseVersion_ =
+  GetMobileSdkRelease'
+    { platform = pPlatform_,
+      releaseVersion = pReleaseVersion_
+    }
+
+-- | The device platform.
+getMobileSdkRelease_platform :: Lens.Lens' GetMobileSdkRelease Platform
+getMobileSdkRelease_platform = Lens.lens (\GetMobileSdkRelease' {platform} -> platform) (\s@GetMobileSdkRelease' {} a -> s {platform = a} :: GetMobileSdkRelease)
+
+-- | The release version. For the latest available version, specify @LATEST@.
+getMobileSdkRelease_releaseVersion :: Lens.Lens' GetMobileSdkRelease Prelude.Text
+getMobileSdkRelease_releaseVersion = Lens.lens (\GetMobileSdkRelease' {releaseVersion} -> releaseVersion) (\s@GetMobileSdkRelease' {} a -> s {releaseVersion = a} :: GetMobileSdkRelease)
+
+instance Core.AWSRequest GetMobileSdkRelease where
+  type
+    AWSResponse GetMobileSdkRelease =
+      GetMobileSdkReleaseResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetMobileSdkReleaseResponse'
+            Prelude.<$> (x Data..?> "MobileSdkRelease")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetMobileSdkRelease where
+  hashWithSalt _salt GetMobileSdkRelease' {..} =
+    _salt
+      `Prelude.hashWithSalt` platform
+      `Prelude.hashWithSalt` releaseVersion
+
+instance Prelude.NFData GetMobileSdkRelease where
+  rnf GetMobileSdkRelease' {..} =
+    Prelude.rnf platform
+      `Prelude.seq` Prelude.rnf releaseVersion
+
+instance Data.ToHeaders GetMobileSdkRelease where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.GetMobileSdkRelease" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetMobileSdkRelease where
+  toJSON GetMobileSdkRelease' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Platform" Data..= platform),
+            Prelude.Just
+              ("ReleaseVersion" Data..= releaseVersion)
+          ]
+      )
+
+instance Data.ToPath GetMobileSdkRelease where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetMobileSdkRelease where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetMobileSdkReleaseResponse' smart constructor.
+data GetMobileSdkReleaseResponse = GetMobileSdkReleaseResponse'
+  { -- | Information for a specified SDK release, including release notes and
+    -- tags.
+    mobileSdkRelease :: Prelude.Maybe MobileSdkRelease,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetMobileSdkReleaseResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'mobileSdkRelease', 'getMobileSdkReleaseResponse_mobileSdkRelease' - Information for a specified SDK release, including release notes and
+-- tags.
+--
+-- 'httpStatus', 'getMobileSdkReleaseResponse_httpStatus' - The response's http status code.
+newGetMobileSdkReleaseResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetMobileSdkReleaseResponse
+newGetMobileSdkReleaseResponse pHttpStatus_ =
+  GetMobileSdkReleaseResponse'
+    { mobileSdkRelease =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Information for a specified SDK release, including release notes and
+-- tags.
+getMobileSdkReleaseResponse_mobileSdkRelease :: Lens.Lens' GetMobileSdkReleaseResponse (Prelude.Maybe MobileSdkRelease)
+getMobileSdkReleaseResponse_mobileSdkRelease = Lens.lens (\GetMobileSdkReleaseResponse' {mobileSdkRelease} -> mobileSdkRelease) (\s@GetMobileSdkReleaseResponse' {} a -> s {mobileSdkRelease = a} :: GetMobileSdkReleaseResponse)
+
+-- | The response's http status code.
+getMobileSdkReleaseResponse_httpStatus :: Lens.Lens' GetMobileSdkReleaseResponse Prelude.Int
+getMobileSdkReleaseResponse_httpStatus = Lens.lens (\GetMobileSdkReleaseResponse' {httpStatus} -> httpStatus) (\s@GetMobileSdkReleaseResponse' {} a -> s {httpStatus = a} :: GetMobileSdkReleaseResponse)
+
+instance Prelude.NFData GetMobileSdkReleaseResponse where
+  rnf GetMobileSdkReleaseResponse' {..} =
+    Prelude.rnf mobileSdkRelease
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/GetPermissionPolicy.hs b/gen/Amazonka/WAFV2/GetPermissionPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/GetPermissionPolicy.hs
@@ -0,0 +1,174 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.GetPermissionPolicy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns the IAM policy that is attached to the specified rule group.
+--
+-- You must be the owner of the rule group to perform this operation.
+module Amazonka.WAFV2.GetPermissionPolicy
+  ( -- * Creating a Request
+    GetPermissionPolicy (..),
+    newGetPermissionPolicy,
+
+    -- * Request Lenses
+    getPermissionPolicy_resourceArn,
+
+    -- * Destructuring the Response
+    GetPermissionPolicyResponse (..),
+    newGetPermissionPolicyResponse,
+
+    -- * Response Lenses
+    getPermissionPolicyResponse_policy,
+    getPermissionPolicyResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newGetPermissionPolicy' smart constructor.
+data GetPermissionPolicy = GetPermissionPolicy'
+  { -- | The Amazon Resource Name (ARN) of the rule group for which you want to
+    -- get the policy.
+    resourceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetPermissionPolicy' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'getPermissionPolicy_resourceArn' - The Amazon Resource Name (ARN) of the rule group for which you want to
+-- get the policy.
+newGetPermissionPolicy ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  GetPermissionPolicy
+newGetPermissionPolicy pResourceArn_ =
+  GetPermissionPolicy' {resourceArn = pResourceArn_}
+
+-- | The Amazon Resource Name (ARN) of the rule group for which you want to
+-- get the policy.
+getPermissionPolicy_resourceArn :: Lens.Lens' GetPermissionPolicy Prelude.Text
+getPermissionPolicy_resourceArn = Lens.lens (\GetPermissionPolicy' {resourceArn} -> resourceArn) (\s@GetPermissionPolicy' {} a -> s {resourceArn = a} :: GetPermissionPolicy)
+
+instance Core.AWSRequest GetPermissionPolicy where
+  type
+    AWSResponse GetPermissionPolicy =
+      GetPermissionPolicyResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetPermissionPolicyResponse'
+            Prelude.<$> (x Data..?> "Policy")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetPermissionPolicy where
+  hashWithSalt _salt GetPermissionPolicy' {..} =
+    _salt `Prelude.hashWithSalt` resourceArn
+
+instance Prelude.NFData GetPermissionPolicy where
+  rnf GetPermissionPolicy' {..} =
+    Prelude.rnf resourceArn
+
+instance Data.ToHeaders GetPermissionPolicy where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.GetPermissionPolicy" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetPermissionPolicy where
+  toJSON GetPermissionPolicy' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("ResourceArn" Data..= resourceArn)]
+      )
+
+instance Data.ToPath GetPermissionPolicy where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetPermissionPolicy where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetPermissionPolicyResponse' smart constructor.
+data GetPermissionPolicyResponse = GetPermissionPolicyResponse'
+  { -- | The IAM policy that is attached to the specified rule group.
+    policy :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetPermissionPolicyResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'policy', 'getPermissionPolicyResponse_policy' - The IAM policy that is attached to the specified rule group.
+--
+-- 'httpStatus', 'getPermissionPolicyResponse_httpStatus' - The response's http status code.
+newGetPermissionPolicyResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetPermissionPolicyResponse
+newGetPermissionPolicyResponse pHttpStatus_ =
+  GetPermissionPolicyResponse'
+    { policy =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The IAM policy that is attached to the specified rule group.
+getPermissionPolicyResponse_policy :: Lens.Lens' GetPermissionPolicyResponse (Prelude.Maybe Prelude.Text)
+getPermissionPolicyResponse_policy = Lens.lens (\GetPermissionPolicyResponse' {policy} -> policy) (\s@GetPermissionPolicyResponse' {} a -> s {policy = a} :: GetPermissionPolicyResponse)
+
+-- | The response's http status code.
+getPermissionPolicyResponse_httpStatus :: Lens.Lens' GetPermissionPolicyResponse Prelude.Int
+getPermissionPolicyResponse_httpStatus = Lens.lens (\GetPermissionPolicyResponse' {httpStatus} -> httpStatus) (\s@GetPermissionPolicyResponse' {} a -> s {httpStatus = a} :: GetPermissionPolicyResponse)
+
+instance Prelude.NFData GetPermissionPolicyResponse where
+  rnf GetPermissionPolicyResponse' {..} =
+    Prelude.rnf policy
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/GetRateBasedStatementManagedKeys.hs b/gen/Amazonka/WAFV2/GetRateBasedStatementManagedKeys.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/GetRateBasedStatementManagedKeys.hs
@@ -0,0 +1,343 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.GetRateBasedStatementManagedKeys
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the keys that are currently blocked by a rate-based rule
+-- instance. The maximum number of managed keys that can be blocked for a
+-- single rate-based rule instance is 10,000. If more than 10,000 addresses
+-- exceed the rate limit, those with the highest rates are blocked.
+--
+-- For a rate-based rule that you\'ve defined inside a rule group, provide
+-- the name of the rule group reference statement in your request, in
+-- addition to the rate-based rule name and the web ACL name.
+--
+-- WAF monitors web requests and manages keys independently for each unique
+-- combination of web ACL, optional rule group, and rate-based rule. For
+-- example, if you define a rate-based rule inside a rule group, and then
+-- use the rule group in a web ACL, WAF monitors web requests and manages
+-- keys for that web ACL, rule group reference statement, and rate-based
+-- rule instance. If you use the same rule group in a second web ACL, WAF
+-- monitors web requests and manages keys for this second usage completely
+-- independent of your first.
+module Amazonka.WAFV2.GetRateBasedStatementManagedKeys
+  ( -- * Creating a Request
+    GetRateBasedStatementManagedKeys (..),
+    newGetRateBasedStatementManagedKeys,
+
+    -- * Request Lenses
+    getRateBasedStatementManagedKeys_ruleGroupRuleName,
+    getRateBasedStatementManagedKeys_scope,
+    getRateBasedStatementManagedKeys_webACLName,
+    getRateBasedStatementManagedKeys_webACLId,
+    getRateBasedStatementManagedKeys_ruleName,
+
+    -- * Destructuring the Response
+    GetRateBasedStatementManagedKeysResponse (..),
+    newGetRateBasedStatementManagedKeysResponse,
+
+    -- * Response Lenses
+    getRateBasedStatementManagedKeysResponse_managedKeysIPV4,
+    getRateBasedStatementManagedKeysResponse_managedKeysIPV6,
+    getRateBasedStatementManagedKeysResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newGetRateBasedStatementManagedKeys' smart constructor.
+data GetRateBasedStatementManagedKeys = GetRateBasedStatementManagedKeys'
+  { -- | The name of the rule group reference statement in your web ACL. This is
+    -- required only when you have the rate-based rule nested inside a rule
+    -- group.
+    ruleGroupRuleName :: Prelude.Maybe Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope,
+    -- | The name of the web ACL. You cannot change the name of a web ACL after
+    -- you create it.
+    webACLName :: Prelude.Text,
+    -- | The unique identifier for the web ACL. This ID is returned in the
+    -- responses to create and list commands. You provide it to operations like
+    -- update and delete.
+    webACLId :: Prelude.Text,
+    -- | The name of the rate-based rule to get the keys for. If you have the
+    -- rule defined inside a rule group that you\'re using in your web ACL,
+    -- also provide the name of the rule group reference statement in the
+    -- request parameter @RuleGroupRuleName@.
+    ruleName :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetRateBasedStatementManagedKeys' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'ruleGroupRuleName', 'getRateBasedStatementManagedKeys_ruleGroupRuleName' - The name of the rule group reference statement in your web ACL. This is
+-- required only when you have the rate-based rule nested inside a rule
+-- group.
+--
+-- 'scope', 'getRateBasedStatementManagedKeys_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+--
+-- 'webACLName', 'getRateBasedStatementManagedKeys_webACLName' - The name of the web ACL. You cannot change the name of a web ACL after
+-- you create it.
+--
+-- 'webACLId', 'getRateBasedStatementManagedKeys_webACLId' - The unique identifier for the web ACL. This ID is returned in the
+-- responses to create and list commands. You provide it to operations like
+-- update and delete.
+--
+-- 'ruleName', 'getRateBasedStatementManagedKeys_ruleName' - The name of the rate-based rule to get the keys for. If you have the
+-- rule defined inside a rule group that you\'re using in your web ACL,
+-- also provide the name of the rule group reference statement in the
+-- request parameter @RuleGroupRuleName@.
+newGetRateBasedStatementManagedKeys ::
+  -- | 'scope'
+  Scope ->
+  -- | 'webACLName'
+  Prelude.Text ->
+  -- | 'webACLId'
+  Prelude.Text ->
+  -- | 'ruleName'
+  Prelude.Text ->
+  GetRateBasedStatementManagedKeys
+newGetRateBasedStatementManagedKeys
+  pScope_
+  pWebACLName_
+  pWebACLId_
+  pRuleName_ =
+    GetRateBasedStatementManagedKeys'
+      { ruleGroupRuleName =
+          Prelude.Nothing,
+        scope = pScope_,
+        webACLName = pWebACLName_,
+        webACLId = pWebACLId_,
+        ruleName = pRuleName_
+      }
+
+-- | The name of the rule group reference statement in your web ACL. This is
+-- required only when you have the rate-based rule nested inside a rule
+-- group.
+getRateBasedStatementManagedKeys_ruleGroupRuleName :: Lens.Lens' GetRateBasedStatementManagedKeys (Prelude.Maybe Prelude.Text)
+getRateBasedStatementManagedKeys_ruleGroupRuleName = Lens.lens (\GetRateBasedStatementManagedKeys' {ruleGroupRuleName} -> ruleGroupRuleName) (\s@GetRateBasedStatementManagedKeys' {} a -> s {ruleGroupRuleName = a} :: GetRateBasedStatementManagedKeys)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+getRateBasedStatementManagedKeys_scope :: Lens.Lens' GetRateBasedStatementManagedKeys Scope
+getRateBasedStatementManagedKeys_scope = Lens.lens (\GetRateBasedStatementManagedKeys' {scope} -> scope) (\s@GetRateBasedStatementManagedKeys' {} a -> s {scope = a} :: GetRateBasedStatementManagedKeys)
+
+-- | The name of the web ACL. You cannot change the name of a web ACL after
+-- you create it.
+getRateBasedStatementManagedKeys_webACLName :: Lens.Lens' GetRateBasedStatementManagedKeys Prelude.Text
+getRateBasedStatementManagedKeys_webACLName = Lens.lens (\GetRateBasedStatementManagedKeys' {webACLName} -> webACLName) (\s@GetRateBasedStatementManagedKeys' {} a -> s {webACLName = a} :: GetRateBasedStatementManagedKeys)
+
+-- | The unique identifier for the web ACL. This ID is returned in the
+-- responses to create and list commands. You provide it to operations like
+-- update and delete.
+getRateBasedStatementManagedKeys_webACLId :: Lens.Lens' GetRateBasedStatementManagedKeys Prelude.Text
+getRateBasedStatementManagedKeys_webACLId = Lens.lens (\GetRateBasedStatementManagedKeys' {webACLId} -> webACLId) (\s@GetRateBasedStatementManagedKeys' {} a -> s {webACLId = a} :: GetRateBasedStatementManagedKeys)
+
+-- | The name of the rate-based rule to get the keys for. If you have the
+-- rule defined inside a rule group that you\'re using in your web ACL,
+-- also provide the name of the rule group reference statement in the
+-- request parameter @RuleGroupRuleName@.
+getRateBasedStatementManagedKeys_ruleName :: Lens.Lens' GetRateBasedStatementManagedKeys Prelude.Text
+getRateBasedStatementManagedKeys_ruleName = Lens.lens (\GetRateBasedStatementManagedKeys' {ruleName} -> ruleName) (\s@GetRateBasedStatementManagedKeys' {} a -> s {ruleName = a} :: GetRateBasedStatementManagedKeys)
+
+instance
+  Core.AWSRequest
+    GetRateBasedStatementManagedKeys
+  where
+  type
+    AWSResponse GetRateBasedStatementManagedKeys =
+      GetRateBasedStatementManagedKeysResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetRateBasedStatementManagedKeysResponse'
+            Prelude.<$> (x Data..?> "ManagedKeysIPV4")
+            Prelude.<*> (x Data..?> "ManagedKeysIPV6")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    GetRateBasedStatementManagedKeys
+  where
+  hashWithSalt
+    _salt
+    GetRateBasedStatementManagedKeys' {..} =
+      _salt
+        `Prelude.hashWithSalt` ruleGroupRuleName
+        `Prelude.hashWithSalt` scope
+        `Prelude.hashWithSalt` webACLName
+        `Prelude.hashWithSalt` webACLId
+        `Prelude.hashWithSalt` ruleName
+
+instance
+  Prelude.NFData
+    GetRateBasedStatementManagedKeys
+  where
+  rnf GetRateBasedStatementManagedKeys' {..} =
+    Prelude.rnf ruleGroupRuleName
+      `Prelude.seq` Prelude.rnf scope
+      `Prelude.seq` Prelude.rnf webACLName
+      `Prelude.seq` Prelude.rnf webACLId
+      `Prelude.seq` Prelude.rnf ruleName
+
+instance
+  Data.ToHeaders
+    GetRateBasedStatementManagedKeys
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.GetRateBasedStatementManagedKeys" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetRateBasedStatementManagedKeys where
+  toJSON GetRateBasedStatementManagedKeys' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("RuleGroupRuleName" Data..=)
+              Prelude.<$> ruleGroupRuleName,
+            Prelude.Just ("Scope" Data..= scope),
+            Prelude.Just ("WebACLName" Data..= webACLName),
+            Prelude.Just ("WebACLId" Data..= webACLId),
+            Prelude.Just ("RuleName" Data..= ruleName)
+          ]
+      )
+
+instance Data.ToPath GetRateBasedStatementManagedKeys where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    GetRateBasedStatementManagedKeys
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetRateBasedStatementManagedKeysResponse' smart constructor.
+data GetRateBasedStatementManagedKeysResponse = GetRateBasedStatementManagedKeysResponse'
+  { -- | The keys that are of Internet Protocol version 4 (IPv4).
+    managedKeysIPV4 :: Prelude.Maybe RateBasedStatementManagedKeysIPSet,
+    -- | The keys that are of Internet Protocol version 6 (IPv6).
+    managedKeysIPV6 :: Prelude.Maybe RateBasedStatementManagedKeysIPSet,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetRateBasedStatementManagedKeysResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'managedKeysIPV4', 'getRateBasedStatementManagedKeysResponse_managedKeysIPV4' - The keys that are of Internet Protocol version 4 (IPv4).
+--
+-- 'managedKeysIPV6', 'getRateBasedStatementManagedKeysResponse_managedKeysIPV6' - The keys that are of Internet Protocol version 6 (IPv6).
+--
+-- 'httpStatus', 'getRateBasedStatementManagedKeysResponse_httpStatus' - The response's http status code.
+newGetRateBasedStatementManagedKeysResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetRateBasedStatementManagedKeysResponse
+newGetRateBasedStatementManagedKeysResponse
+  pHttpStatus_ =
+    GetRateBasedStatementManagedKeysResponse'
+      { managedKeysIPV4 =
+          Prelude.Nothing,
+        managedKeysIPV6 = Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | The keys that are of Internet Protocol version 4 (IPv4).
+getRateBasedStatementManagedKeysResponse_managedKeysIPV4 :: Lens.Lens' GetRateBasedStatementManagedKeysResponse (Prelude.Maybe RateBasedStatementManagedKeysIPSet)
+getRateBasedStatementManagedKeysResponse_managedKeysIPV4 = Lens.lens (\GetRateBasedStatementManagedKeysResponse' {managedKeysIPV4} -> managedKeysIPV4) (\s@GetRateBasedStatementManagedKeysResponse' {} a -> s {managedKeysIPV4 = a} :: GetRateBasedStatementManagedKeysResponse)
+
+-- | The keys that are of Internet Protocol version 6 (IPv6).
+getRateBasedStatementManagedKeysResponse_managedKeysIPV6 :: Lens.Lens' GetRateBasedStatementManagedKeysResponse (Prelude.Maybe RateBasedStatementManagedKeysIPSet)
+getRateBasedStatementManagedKeysResponse_managedKeysIPV6 = Lens.lens (\GetRateBasedStatementManagedKeysResponse' {managedKeysIPV6} -> managedKeysIPV6) (\s@GetRateBasedStatementManagedKeysResponse' {} a -> s {managedKeysIPV6 = a} :: GetRateBasedStatementManagedKeysResponse)
+
+-- | The response's http status code.
+getRateBasedStatementManagedKeysResponse_httpStatus :: Lens.Lens' GetRateBasedStatementManagedKeysResponse Prelude.Int
+getRateBasedStatementManagedKeysResponse_httpStatus = Lens.lens (\GetRateBasedStatementManagedKeysResponse' {httpStatus} -> httpStatus) (\s@GetRateBasedStatementManagedKeysResponse' {} a -> s {httpStatus = a} :: GetRateBasedStatementManagedKeysResponse)
+
+instance
+  Prelude.NFData
+    GetRateBasedStatementManagedKeysResponse
+  where
+  rnf GetRateBasedStatementManagedKeysResponse' {..} =
+    Prelude.rnf managedKeysIPV4
+      `Prelude.seq` Prelude.rnf managedKeysIPV6
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/GetRegexPatternSet.hs b/gen/Amazonka/WAFV2/GetRegexPatternSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/GetRegexPatternSet.hs
@@ -0,0 +1,276 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.GetRegexPatternSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the specified RegexPatternSet.
+module Amazonka.WAFV2.GetRegexPatternSet
+  ( -- * Creating a Request
+    GetRegexPatternSet (..),
+    newGetRegexPatternSet,
+
+    -- * Request Lenses
+    getRegexPatternSet_name,
+    getRegexPatternSet_scope,
+    getRegexPatternSet_id,
+
+    -- * Destructuring the Response
+    GetRegexPatternSetResponse (..),
+    newGetRegexPatternSetResponse,
+
+    -- * Response Lenses
+    getRegexPatternSetResponse_lockToken,
+    getRegexPatternSetResponse_regexPatternSet,
+    getRegexPatternSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newGetRegexPatternSet' smart constructor.
+data GetRegexPatternSet = GetRegexPatternSet'
+  { -- | The name of the set. You cannot change the name after you create the
+    -- set.
+    name :: Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope,
+    -- | A unique identifier for the set. This ID is returned in the responses to
+    -- create and list commands. You provide it to operations like update and
+    -- delete.
+    id :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetRegexPatternSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'getRegexPatternSet_name' - The name of the set. You cannot change the name after you create the
+-- set.
+--
+-- 'scope', 'getRegexPatternSet_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+--
+-- 'id', 'getRegexPatternSet_id' - A unique identifier for the set. This ID is returned in the responses to
+-- create and list commands. You provide it to operations like update and
+-- delete.
+newGetRegexPatternSet ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'scope'
+  Scope ->
+  -- | 'id'
+  Prelude.Text ->
+  GetRegexPatternSet
+newGetRegexPatternSet pName_ pScope_ pId_ =
+  GetRegexPatternSet'
+    { name = pName_,
+      scope = pScope_,
+      id = pId_
+    }
+
+-- | The name of the set. You cannot change the name after you create the
+-- set.
+getRegexPatternSet_name :: Lens.Lens' GetRegexPatternSet Prelude.Text
+getRegexPatternSet_name = Lens.lens (\GetRegexPatternSet' {name} -> name) (\s@GetRegexPatternSet' {} a -> s {name = a} :: GetRegexPatternSet)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+getRegexPatternSet_scope :: Lens.Lens' GetRegexPatternSet Scope
+getRegexPatternSet_scope = Lens.lens (\GetRegexPatternSet' {scope} -> scope) (\s@GetRegexPatternSet' {} a -> s {scope = a} :: GetRegexPatternSet)
+
+-- | A unique identifier for the set. This ID is returned in the responses to
+-- create and list commands. You provide it to operations like update and
+-- delete.
+getRegexPatternSet_id :: Lens.Lens' GetRegexPatternSet Prelude.Text
+getRegexPatternSet_id = Lens.lens (\GetRegexPatternSet' {id} -> id) (\s@GetRegexPatternSet' {} a -> s {id = a} :: GetRegexPatternSet)
+
+instance Core.AWSRequest GetRegexPatternSet where
+  type
+    AWSResponse GetRegexPatternSet =
+      GetRegexPatternSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetRegexPatternSetResponse'
+            Prelude.<$> (x Data..?> "LockToken")
+            Prelude.<*> (x Data..?> "RegexPatternSet")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetRegexPatternSet where
+  hashWithSalt _salt GetRegexPatternSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` scope
+      `Prelude.hashWithSalt` id
+
+instance Prelude.NFData GetRegexPatternSet where
+  rnf GetRegexPatternSet' {..} =
+    Prelude.rnf name
+      `Prelude.seq` Prelude.rnf scope
+      `Prelude.seq` Prelude.rnf id
+
+instance Data.ToHeaders GetRegexPatternSet where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.GetRegexPatternSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetRegexPatternSet where
+  toJSON GetRegexPatternSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Scope" Data..= scope),
+            Prelude.Just ("Id" Data..= id)
+          ]
+      )
+
+instance Data.ToPath GetRegexPatternSet where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetRegexPatternSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetRegexPatternSetResponse' smart constructor.
+data GetRegexPatternSetResponse = GetRegexPatternSetResponse'
+  { -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    lockToken :: Prelude.Maybe Prelude.Text,
+    regexPatternSet :: Prelude.Maybe RegexPatternSet,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetRegexPatternSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'lockToken', 'getRegexPatternSetResponse_lockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+--
+-- 'regexPatternSet', 'getRegexPatternSetResponse_regexPatternSet' -
+--
+-- 'httpStatus', 'getRegexPatternSetResponse_httpStatus' - The response's http status code.
+newGetRegexPatternSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetRegexPatternSetResponse
+newGetRegexPatternSetResponse pHttpStatus_ =
+  GetRegexPatternSetResponse'
+    { lockToken =
+        Prelude.Nothing,
+      regexPatternSet = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+getRegexPatternSetResponse_lockToken :: Lens.Lens' GetRegexPatternSetResponse (Prelude.Maybe Prelude.Text)
+getRegexPatternSetResponse_lockToken = Lens.lens (\GetRegexPatternSetResponse' {lockToken} -> lockToken) (\s@GetRegexPatternSetResponse' {} a -> s {lockToken = a} :: GetRegexPatternSetResponse)
+
+getRegexPatternSetResponse_regexPatternSet :: Lens.Lens' GetRegexPatternSetResponse (Prelude.Maybe RegexPatternSet)
+getRegexPatternSetResponse_regexPatternSet = Lens.lens (\GetRegexPatternSetResponse' {regexPatternSet} -> regexPatternSet) (\s@GetRegexPatternSetResponse' {} a -> s {regexPatternSet = a} :: GetRegexPatternSetResponse)
+
+-- | The response's http status code.
+getRegexPatternSetResponse_httpStatus :: Lens.Lens' GetRegexPatternSetResponse Prelude.Int
+getRegexPatternSetResponse_httpStatus = Lens.lens (\GetRegexPatternSetResponse' {httpStatus} -> httpStatus) (\s@GetRegexPatternSetResponse' {} a -> s {httpStatus = a} :: GetRegexPatternSetResponse)
+
+instance Prelude.NFData GetRegexPatternSetResponse where
+  rnf GetRegexPatternSetResponse' {..} =
+    Prelude.rnf lockToken
+      `Prelude.seq` Prelude.rnf regexPatternSet
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/GetRuleGroup.hs b/gen/Amazonka/WAFV2/GetRuleGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/GetRuleGroup.hs
@@ -0,0 +1,280 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.GetRuleGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the specified RuleGroup.
+module Amazonka.WAFV2.GetRuleGroup
+  ( -- * Creating a Request
+    GetRuleGroup (..),
+    newGetRuleGroup,
+
+    -- * Request Lenses
+    getRuleGroup_arn,
+    getRuleGroup_id,
+    getRuleGroup_name,
+    getRuleGroup_scope,
+
+    -- * Destructuring the Response
+    GetRuleGroupResponse (..),
+    newGetRuleGroupResponse,
+
+    -- * Response Lenses
+    getRuleGroupResponse_lockToken,
+    getRuleGroupResponse_ruleGroup,
+    getRuleGroupResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newGetRuleGroup' smart constructor.
+data GetRuleGroup = GetRuleGroup'
+  { -- | The Amazon Resource Name (ARN) of the entity.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | A unique identifier for the rule group. This ID is returned in the
+    -- responses to create and list commands. You provide it to operations like
+    -- update and delete.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The name of the rule group. You cannot change the name of a rule group
+    -- after you create it.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Prelude.Maybe Scope
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetRuleGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'getRuleGroup_arn' - The Amazon Resource Name (ARN) of the entity.
+--
+-- 'id', 'getRuleGroup_id' - A unique identifier for the rule group. This ID is returned in the
+-- responses to create and list commands. You provide it to operations like
+-- update and delete.
+--
+-- 'name', 'getRuleGroup_name' - The name of the rule group. You cannot change the name of a rule group
+-- after you create it.
+--
+-- 'scope', 'getRuleGroup_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+newGetRuleGroup ::
+  GetRuleGroup
+newGetRuleGroup =
+  GetRuleGroup'
+    { arn = Prelude.Nothing,
+      id = Prelude.Nothing,
+      name = Prelude.Nothing,
+      scope = Prelude.Nothing
+    }
+
+-- | The Amazon Resource Name (ARN) of the entity.
+getRuleGroup_arn :: Lens.Lens' GetRuleGroup (Prelude.Maybe Prelude.Text)
+getRuleGroup_arn = Lens.lens (\GetRuleGroup' {arn} -> arn) (\s@GetRuleGroup' {} a -> s {arn = a} :: GetRuleGroup)
+
+-- | A unique identifier for the rule group. This ID is returned in the
+-- responses to create and list commands. You provide it to operations like
+-- update and delete.
+getRuleGroup_id :: Lens.Lens' GetRuleGroup (Prelude.Maybe Prelude.Text)
+getRuleGroup_id = Lens.lens (\GetRuleGroup' {id} -> id) (\s@GetRuleGroup' {} a -> s {id = a} :: GetRuleGroup)
+
+-- | The name of the rule group. You cannot change the name of a rule group
+-- after you create it.
+getRuleGroup_name :: Lens.Lens' GetRuleGroup (Prelude.Maybe Prelude.Text)
+getRuleGroup_name = Lens.lens (\GetRuleGroup' {name} -> name) (\s@GetRuleGroup' {} a -> s {name = a} :: GetRuleGroup)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+getRuleGroup_scope :: Lens.Lens' GetRuleGroup (Prelude.Maybe Scope)
+getRuleGroup_scope = Lens.lens (\GetRuleGroup' {scope} -> scope) (\s@GetRuleGroup' {} a -> s {scope = a} :: GetRuleGroup)
+
+instance Core.AWSRequest GetRuleGroup where
+  type AWSResponse GetRuleGroup = GetRuleGroupResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetRuleGroupResponse'
+            Prelude.<$> (x Data..?> "LockToken")
+            Prelude.<*> (x Data..?> "RuleGroup")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetRuleGroup where
+  hashWithSalt _salt GetRuleGroup' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` scope
+
+instance Prelude.NFData GetRuleGroup where
+  rnf GetRuleGroup' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf scope
+
+instance Data.ToHeaders GetRuleGroup where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.GetRuleGroup" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetRuleGroup where
+  toJSON GetRuleGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ARN" Data..=) Prelude.<$> arn,
+            ("Id" Data..=) Prelude.<$> id,
+            ("Name" Data..=) Prelude.<$> name,
+            ("Scope" Data..=) Prelude.<$> scope
+          ]
+      )
+
+instance Data.ToPath GetRuleGroup where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetRuleGroup where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetRuleGroupResponse' smart constructor.
+data GetRuleGroupResponse = GetRuleGroupResponse'
+  { -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    lockToken :: Prelude.Maybe Prelude.Text,
+    ruleGroup :: Prelude.Maybe RuleGroup,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetRuleGroupResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'lockToken', 'getRuleGroupResponse_lockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+--
+-- 'ruleGroup', 'getRuleGroupResponse_ruleGroup' -
+--
+-- 'httpStatus', 'getRuleGroupResponse_httpStatus' - The response's http status code.
+newGetRuleGroupResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetRuleGroupResponse
+newGetRuleGroupResponse pHttpStatus_ =
+  GetRuleGroupResponse'
+    { lockToken = Prelude.Nothing,
+      ruleGroup = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+getRuleGroupResponse_lockToken :: Lens.Lens' GetRuleGroupResponse (Prelude.Maybe Prelude.Text)
+getRuleGroupResponse_lockToken = Lens.lens (\GetRuleGroupResponse' {lockToken} -> lockToken) (\s@GetRuleGroupResponse' {} a -> s {lockToken = a} :: GetRuleGroupResponse)
+
+getRuleGroupResponse_ruleGroup :: Lens.Lens' GetRuleGroupResponse (Prelude.Maybe RuleGroup)
+getRuleGroupResponse_ruleGroup = Lens.lens (\GetRuleGroupResponse' {ruleGroup} -> ruleGroup) (\s@GetRuleGroupResponse' {} a -> s {ruleGroup = a} :: GetRuleGroupResponse)
+
+-- | The response's http status code.
+getRuleGroupResponse_httpStatus :: Lens.Lens' GetRuleGroupResponse Prelude.Int
+getRuleGroupResponse_httpStatus = Lens.lens (\GetRuleGroupResponse' {httpStatus} -> httpStatus) (\s@GetRuleGroupResponse' {} a -> s {httpStatus = a} :: GetRuleGroupResponse)
+
+instance Prelude.NFData GetRuleGroupResponse where
+  rnf GetRuleGroupResponse' {..} =
+    Prelude.rnf lockToken
+      `Prelude.seq` Prelude.rnf ruleGroup
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/GetSampledRequests.hs b/gen/Amazonka/WAFV2/GetSampledRequests.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/GetSampledRequests.hs
@@ -0,0 +1,373 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.GetSampledRequests
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Gets detailed information about a specified number of requests--a
+-- sample--that WAF randomly selects from among the first 5,000 requests
+-- that your Amazon Web Services resource received during a time range that
+-- you choose. You can specify a sample size of up to 500 requests, and you
+-- can specify any time range in the previous three hours.
+--
+-- @GetSampledRequests@ returns a time range, which is usually the time
+-- range that you specified. However, if your resource (such as a
+-- CloudFront distribution) received 5,000 requests before the specified
+-- time range elapsed, @GetSampledRequests@ returns an updated time range.
+-- This new time range indicates the actual period during which WAF
+-- selected the requests in the sample.
+module Amazonka.WAFV2.GetSampledRequests
+  ( -- * Creating a Request
+    GetSampledRequests (..),
+    newGetSampledRequests,
+
+    -- * Request Lenses
+    getSampledRequests_webAclArn,
+    getSampledRequests_ruleMetricName,
+    getSampledRequests_scope,
+    getSampledRequests_timeWindow,
+    getSampledRequests_maxItems,
+
+    -- * Destructuring the Response
+    GetSampledRequestsResponse (..),
+    newGetSampledRequestsResponse,
+
+    -- * Response Lenses
+    getSampledRequestsResponse_populationSize,
+    getSampledRequestsResponse_sampledRequests,
+    getSampledRequestsResponse_timeWindow,
+    getSampledRequestsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newGetSampledRequests' smart constructor.
+data GetSampledRequests = GetSampledRequests'
+  { -- | The Amazon resource name (ARN) of the @WebACL@ for which you want a
+    -- sample of requests.
+    webAclArn :: Prelude.Text,
+    -- | The metric name assigned to the @Rule@ or @RuleGroup@ for which you want
+    -- a sample of requests.
+    ruleMetricName :: Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope,
+    -- | The start date and time and the end date and time of the range for which
+    -- you want @GetSampledRequests@ to return a sample of requests. You must
+    -- specify the times in Coordinated Universal Time (UTC) format. UTC format
+    -- includes the special designator, @Z@. For example,
+    -- @\"2016-09-27T14:50Z\"@. You can specify any time range in the previous
+    -- three hours. If you specify a start time that\'s earlier than three
+    -- hours ago, WAF sets it to three hours ago.
+    timeWindow :: TimeWindow,
+    -- | The number of requests that you want WAF to return from among the first
+    -- 5,000 requests that your Amazon Web Services resource received during
+    -- the time range. If your resource received fewer requests than the value
+    -- of @MaxItems@, @GetSampledRequests@ returns information about all of
+    -- them.
+    maxItems :: Prelude.Natural
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetSampledRequests' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'webAclArn', 'getSampledRequests_webAclArn' - The Amazon resource name (ARN) of the @WebACL@ for which you want a
+-- sample of requests.
+--
+-- 'ruleMetricName', 'getSampledRequests_ruleMetricName' - The metric name assigned to the @Rule@ or @RuleGroup@ for which you want
+-- a sample of requests.
+--
+-- 'scope', 'getSampledRequests_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+--
+-- 'timeWindow', 'getSampledRequests_timeWindow' - The start date and time and the end date and time of the range for which
+-- you want @GetSampledRequests@ to return a sample of requests. You must
+-- specify the times in Coordinated Universal Time (UTC) format. UTC format
+-- includes the special designator, @Z@. For example,
+-- @\"2016-09-27T14:50Z\"@. You can specify any time range in the previous
+-- three hours. If you specify a start time that\'s earlier than three
+-- hours ago, WAF sets it to three hours ago.
+--
+-- 'maxItems', 'getSampledRequests_maxItems' - The number of requests that you want WAF to return from among the first
+-- 5,000 requests that your Amazon Web Services resource received during
+-- the time range. If your resource received fewer requests than the value
+-- of @MaxItems@, @GetSampledRequests@ returns information about all of
+-- them.
+newGetSampledRequests ::
+  -- | 'webAclArn'
+  Prelude.Text ->
+  -- | 'ruleMetricName'
+  Prelude.Text ->
+  -- | 'scope'
+  Scope ->
+  -- | 'timeWindow'
+  TimeWindow ->
+  -- | 'maxItems'
+  Prelude.Natural ->
+  GetSampledRequests
+newGetSampledRequests
+  pWebAclArn_
+  pRuleMetricName_
+  pScope_
+  pTimeWindow_
+  pMaxItems_ =
+    GetSampledRequests'
+      { webAclArn = pWebAclArn_,
+        ruleMetricName = pRuleMetricName_,
+        scope = pScope_,
+        timeWindow = pTimeWindow_,
+        maxItems = pMaxItems_
+      }
+
+-- | The Amazon resource name (ARN) of the @WebACL@ for which you want a
+-- sample of requests.
+getSampledRequests_webAclArn :: Lens.Lens' GetSampledRequests Prelude.Text
+getSampledRequests_webAclArn = Lens.lens (\GetSampledRequests' {webAclArn} -> webAclArn) (\s@GetSampledRequests' {} a -> s {webAclArn = a} :: GetSampledRequests)
+
+-- | The metric name assigned to the @Rule@ or @RuleGroup@ for which you want
+-- a sample of requests.
+getSampledRequests_ruleMetricName :: Lens.Lens' GetSampledRequests Prelude.Text
+getSampledRequests_ruleMetricName = Lens.lens (\GetSampledRequests' {ruleMetricName} -> ruleMetricName) (\s@GetSampledRequests' {} a -> s {ruleMetricName = a} :: GetSampledRequests)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+getSampledRequests_scope :: Lens.Lens' GetSampledRequests Scope
+getSampledRequests_scope = Lens.lens (\GetSampledRequests' {scope} -> scope) (\s@GetSampledRequests' {} a -> s {scope = a} :: GetSampledRequests)
+
+-- | The start date and time and the end date and time of the range for which
+-- you want @GetSampledRequests@ to return a sample of requests. You must
+-- specify the times in Coordinated Universal Time (UTC) format. UTC format
+-- includes the special designator, @Z@. For example,
+-- @\"2016-09-27T14:50Z\"@. You can specify any time range in the previous
+-- three hours. If you specify a start time that\'s earlier than three
+-- hours ago, WAF sets it to three hours ago.
+getSampledRequests_timeWindow :: Lens.Lens' GetSampledRequests TimeWindow
+getSampledRequests_timeWindow = Lens.lens (\GetSampledRequests' {timeWindow} -> timeWindow) (\s@GetSampledRequests' {} a -> s {timeWindow = a} :: GetSampledRequests)
+
+-- | The number of requests that you want WAF to return from among the first
+-- 5,000 requests that your Amazon Web Services resource received during
+-- the time range. If your resource received fewer requests than the value
+-- of @MaxItems@, @GetSampledRequests@ returns information about all of
+-- them.
+getSampledRequests_maxItems :: Lens.Lens' GetSampledRequests Prelude.Natural
+getSampledRequests_maxItems = Lens.lens (\GetSampledRequests' {maxItems} -> maxItems) (\s@GetSampledRequests' {} a -> s {maxItems = a} :: GetSampledRequests)
+
+instance Core.AWSRequest GetSampledRequests where
+  type
+    AWSResponse GetSampledRequests =
+      GetSampledRequestsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetSampledRequestsResponse'
+            Prelude.<$> (x Data..?> "PopulationSize")
+            Prelude.<*> ( x
+                            Data..?> "SampledRequests"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (x Data..?> "TimeWindow")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetSampledRequests where
+  hashWithSalt _salt GetSampledRequests' {..} =
+    _salt
+      `Prelude.hashWithSalt` webAclArn
+      `Prelude.hashWithSalt` ruleMetricName
+      `Prelude.hashWithSalt` scope
+      `Prelude.hashWithSalt` timeWindow
+      `Prelude.hashWithSalt` maxItems
+
+instance Prelude.NFData GetSampledRequests where
+  rnf GetSampledRequests' {..} =
+    Prelude.rnf webAclArn
+      `Prelude.seq` Prelude.rnf ruleMetricName
+      `Prelude.seq` Prelude.rnf scope
+      `Prelude.seq` Prelude.rnf timeWindow
+      `Prelude.seq` Prelude.rnf maxItems
+
+instance Data.ToHeaders GetSampledRequests where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.GetSampledRequests" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetSampledRequests where
+  toJSON GetSampledRequests' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("WebAclArn" Data..= webAclArn),
+            Prelude.Just
+              ("RuleMetricName" Data..= ruleMetricName),
+            Prelude.Just ("Scope" Data..= scope),
+            Prelude.Just ("TimeWindow" Data..= timeWindow),
+            Prelude.Just ("MaxItems" Data..= maxItems)
+          ]
+      )
+
+instance Data.ToPath GetSampledRequests where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetSampledRequests where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetSampledRequestsResponse' smart constructor.
+data GetSampledRequestsResponse = GetSampledRequestsResponse'
+  { -- | The total number of requests from which @GetSampledRequests@ got a
+    -- sample of @MaxItems@ requests. If @PopulationSize@ is less than
+    -- @MaxItems@, the sample includes every request that your Amazon Web
+    -- Services resource received during the specified time range.
+    populationSize :: Prelude.Maybe Prelude.Integer,
+    -- | A complex type that contains detailed information about each of the
+    -- requests in the sample.
+    sampledRequests :: Prelude.Maybe [SampledHTTPRequest],
+    -- | Usually, @TimeWindow@ is the time range that you specified in the
+    -- @GetSampledRequests@ request. However, if your Amazon Web Services
+    -- resource received more than 5,000 requests during the time range that
+    -- you specified in the request, @GetSampledRequests@ returns the time
+    -- range for the first 5,000 requests. Times are in Coordinated Universal
+    -- Time (UTC) format.
+    timeWindow :: Prelude.Maybe TimeWindow,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetSampledRequestsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'populationSize', 'getSampledRequestsResponse_populationSize' - The total number of requests from which @GetSampledRequests@ got a
+-- sample of @MaxItems@ requests. If @PopulationSize@ is less than
+-- @MaxItems@, the sample includes every request that your Amazon Web
+-- Services resource received during the specified time range.
+--
+-- 'sampledRequests', 'getSampledRequestsResponse_sampledRequests' - A complex type that contains detailed information about each of the
+-- requests in the sample.
+--
+-- 'timeWindow', 'getSampledRequestsResponse_timeWindow' - Usually, @TimeWindow@ is the time range that you specified in the
+-- @GetSampledRequests@ request. However, if your Amazon Web Services
+-- resource received more than 5,000 requests during the time range that
+-- you specified in the request, @GetSampledRequests@ returns the time
+-- range for the first 5,000 requests. Times are in Coordinated Universal
+-- Time (UTC) format.
+--
+-- 'httpStatus', 'getSampledRequestsResponse_httpStatus' - The response's http status code.
+newGetSampledRequestsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetSampledRequestsResponse
+newGetSampledRequestsResponse pHttpStatus_ =
+  GetSampledRequestsResponse'
+    { populationSize =
+        Prelude.Nothing,
+      sampledRequests = Prelude.Nothing,
+      timeWindow = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The total number of requests from which @GetSampledRequests@ got a
+-- sample of @MaxItems@ requests. If @PopulationSize@ is less than
+-- @MaxItems@, the sample includes every request that your Amazon Web
+-- Services resource received during the specified time range.
+getSampledRequestsResponse_populationSize :: Lens.Lens' GetSampledRequestsResponse (Prelude.Maybe Prelude.Integer)
+getSampledRequestsResponse_populationSize = Lens.lens (\GetSampledRequestsResponse' {populationSize} -> populationSize) (\s@GetSampledRequestsResponse' {} a -> s {populationSize = a} :: GetSampledRequestsResponse)
+
+-- | A complex type that contains detailed information about each of the
+-- requests in the sample.
+getSampledRequestsResponse_sampledRequests :: Lens.Lens' GetSampledRequestsResponse (Prelude.Maybe [SampledHTTPRequest])
+getSampledRequestsResponse_sampledRequests = Lens.lens (\GetSampledRequestsResponse' {sampledRequests} -> sampledRequests) (\s@GetSampledRequestsResponse' {} a -> s {sampledRequests = a} :: GetSampledRequestsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | Usually, @TimeWindow@ is the time range that you specified in the
+-- @GetSampledRequests@ request. However, if your Amazon Web Services
+-- resource received more than 5,000 requests during the time range that
+-- you specified in the request, @GetSampledRequests@ returns the time
+-- range for the first 5,000 requests. Times are in Coordinated Universal
+-- Time (UTC) format.
+getSampledRequestsResponse_timeWindow :: Lens.Lens' GetSampledRequestsResponse (Prelude.Maybe TimeWindow)
+getSampledRequestsResponse_timeWindow = Lens.lens (\GetSampledRequestsResponse' {timeWindow} -> timeWindow) (\s@GetSampledRequestsResponse' {} a -> s {timeWindow = a} :: GetSampledRequestsResponse)
+
+-- | The response's http status code.
+getSampledRequestsResponse_httpStatus :: Lens.Lens' GetSampledRequestsResponse Prelude.Int
+getSampledRequestsResponse_httpStatus = Lens.lens (\GetSampledRequestsResponse' {httpStatus} -> httpStatus) (\s@GetSampledRequestsResponse' {} a -> s {httpStatus = a} :: GetSampledRequestsResponse)
+
+instance Prelude.NFData GetSampledRequestsResponse where
+  rnf GetSampledRequestsResponse' {..} =
+    Prelude.rnf populationSize
+      `Prelude.seq` Prelude.rnf sampledRequests
+      `Prelude.seq` Prelude.rnf timeWindow
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/GetWebACL.hs b/gen/Amazonka/WAFV2/GetWebACL.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/GetWebACL.hs
@@ -0,0 +1,307 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.GetWebACL
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the specified WebACL.
+module Amazonka.WAFV2.GetWebACL
+  ( -- * Creating a Request
+    GetWebACL (..),
+    newGetWebACL,
+
+    -- * Request Lenses
+    getWebACL_name,
+    getWebACL_scope,
+    getWebACL_id,
+
+    -- * Destructuring the Response
+    GetWebACLResponse (..),
+    newGetWebACLResponse,
+
+    -- * Response Lenses
+    getWebACLResponse_applicationIntegrationURL,
+    getWebACLResponse_lockToken,
+    getWebACLResponse_webACL,
+    getWebACLResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newGetWebACL' smart constructor.
+data GetWebACL = GetWebACL'
+  { -- | The name of the web ACL. You cannot change the name of a web ACL after
+    -- you create it.
+    name :: Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope,
+    -- | The unique identifier for the web ACL. This ID is returned in the
+    -- responses to create and list commands. You provide it to operations like
+    -- update and delete.
+    id :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetWebACL' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'getWebACL_name' - The name of the web ACL. You cannot change the name of a web ACL after
+-- you create it.
+--
+-- 'scope', 'getWebACL_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+--
+-- 'id', 'getWebACL_id' - The unique identifier for the web ACL. This ID is returned in the
+-- responses to create and list commands. You provide it to operations like
+-- update and delete.
+newGetWebACL ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'scope'
+  Scope ->
+  -- | 'id'
+  Prelude.Text ->
+  GetWebACL
+newGetWebACL pName_ pScope_ pId_ =
+  GetWebACL'
+    { name = pName_,
+      scope = pScope_,
+      id = pId_
+    }
+
+-- | The name of the web ACL. You cannot change the name of a web ACL after
+-- you create it.
+getWebACL_name :: Lens.Lens' GetWebACL Prelude.Text
+getWebACL_name = Lens.lens (\GetWebACL' {name} -> name) (\s@GetWebACL' {} a -> s {name = a} :: GetWebACL)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+getWebACL_scope :: Lens.Lens' GetWebACL Scope
+getWebACL_scope = Lens.lens (\GetWebACL' {scope} -> scope) (\s@GetWebACL' {} a -> s {scope = a} :: GetWebACL)
+
+-- | The unique identifier for the web ACL. This ID is returned in the
+-- responses to create and list commands. You provide it to operations like
+-- update and delete.
+getWebACL_id :: Lens.Lens' GetWebACL Prelude.Text
+getWebACL_id = Lens.lens (\GetWebACL' {id} -> id) (\s@GetWebACL' {} a -> s {id = a} :: GetWebACL)
+
+instance Core.AWSRequest GetWebACL where
+  type AWSResponse GetWebACL = GetWebACLResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetWebACLResponse'
+            Prelude.<$> (x Data..?> "ApplicationIntegrationURL")
+            Prelude.<*> (x Data..?> "LockToken")
+            Prelude.<*> (x Data..?> "WebACL")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetWebACL where
+  hashWithSalt _salt GetWebACL' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` scope
+      `Prelude.hashWithSalt` id
+
+instance Prelude.NFData GetWebACL where
+  rnf GetWebACL' {..} =
+    Prelude.rnf name
+      `Prelude.seq` Prelude.rnf scope
+      `Prelude.seq` Prelude.rnf id
+
+instance Data.ToHeaders GetWebACL where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ("AWSWAF_20190729.GetWebACL" :: Prelude.ByteString),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetWebACL where
+  toJSON GetWebACL' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Scope" Data..= scope),
+            Prelude.Just ("Id" Data..= id)
+          ]
+      )
+
+instance Data.ToPath GetWebACL where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetWebACL where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetWebACLResponse' smart constructor.
+data GetWebACLResponse = GetWebACLResponse'
+  { -- | The URL to use in SDK integrations with Amazon Web Services managed rule
+    -- groups. For example, you can use the integration SDKs with the account
+    -- takeover prevention managed rule group @AWSManagedRulesATPRuleSet@. This
+    -- is only populated if you are using a rule group in your web ACL that
+    -- integrates with your applications in this way. For more information, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html WAF client application integration>
+    -- in the /WAF Developer Guide/.
+    applicationIntegrationURL :: Prelude.Maybe Prelude.Text,
+    -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    lockToken :: Prelude.Maybe Prelude.Text,
+    -- | The web ACL specification. You can modify the settings in this web ACL
+    -- and use it to update this web ACL or create a new one.
+    webACL :: Prelude.Maybe WebACL,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetWebACLResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'applicationIntegrationURL', 'getWebACLResponse_applicationIntegrationURL' - The URL to use in SDK integrations with Amazon Web Services managed rule
+-- groups. For example, you can use the integration SDKs with the account
+-- takeover prevention managed rule group @AWSManagedRulesATPRuleSet@. This
+-- is only populated if you are using a rule group in your web ACL that
+-- integrates with your applications in this way. For more information, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html WAF client application integration>
+-- in the /WAF Developer Guide/.
+--
+-- 'lockToken', 'getWebACLResponse_lockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+--
+-- 'webACL', 'getWebACLResponse_webACL' - The web ACL specification. You can modify the settings in this web ACL
+-- and use it to update this web ACL or create a new one.
+--
+-- 'httpStatus', 'getWebACLResponse_httpStatus' - The response's http status code.
+newGetWebACLResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetWebACLResponse
+newGetWebACLResponse pHttpStatus_ =
+  GetWebACLResponse'
+    { applicationIntegrationURL =
+        Prelude.Nothing,
+      lockToken = Prelude.Nothing,
+      webACL = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The URL to use in SDK integrations with Amazon Web Services managed rule
+-- groups. For example, you can use the integration SDKs with the account
+-- takeover prevention managed rule group @AWSManagedRulesATPRuleSet@. This
+-- is only populated if you are using a rule group in your web ACL that
+-- integrates with your applications in this way. For more information, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html WAF client application integration>
+-- in the /WAF Developer Guide/.
+getWebACLResponse_applicationIntegrationURL :: Lens.Lens' GetWebACLResponse (Prelude.Maybe Prelude.Text)
+getWebACLResponse_applicationIntegrationURL = Lens.lens (\GetWebACLResponse' {applicationIntegrationURL} -> applicationIntegrationURL) (\s@GetWebACLResponse' {} a -> s {applicationIntegrationURL = a} :: GetWebACLResponse)
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+getWebACLResponse_lockToken :: Lens.Lens' GetWebACLResponse (Prelude.Maybe Prelude.Text)
+getWebACLResponse_lockToken = Lens.lens (\GetWebACLResponse' {lockToken} -> lockToken) (\s@GetWebACLResponse' {} a -> s {lockToken = a} :: GetWebACLResponse)
+
+-- | The web ACL specification. You can modify the settings in this web ACL
+-- and use it to update this web ACL or create a new one.
+getWebACLResponse_webACL :: Lens.Lens' GetWebACLResponse (Prelude.Maybe WebACL)
+getWebACLResponse_webACL = Lens.lens (\GetWebACLResponse' {webACL} -> webACL) (\s@GetWebACLResponse' {} a -> s {webACL = a} :: GetWebACLResponse)
+
+-- | The response's http status code.
+getWebACLResponse_httpStatus :: Lens.Lens' GetWebACLResponse Prelude.Int
+getWebACLResponse_httpStatus = Lens.lens (\GetWebACLResponse' {httpStatus} -> httpStatus) (\s@GetWebACLResponse' {} a -> s {httpStatus = a} :: GetWebACLResponse)
+
+instance Prelude.NFData GetWebACLResponse where
+  rnf GetWebACLResponse' {..} =
+    Prelude.rnf applicationIntegrationURL
+      `Prelude.seq` Prelude.rnf lockToken
+      `Prelude.seq` Prelude.rnf webACL
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/GetWebACLForResource.hs b/gen/Amazonka/WAFV2/GetWebACLForResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/GetWebACLForResource.hs
@@ -0,0 +1,217 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.GetWebACLForResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the WebACL for the specified resource.
+module Amazonka.WAFV2.GetWebACLForResource
+  ( -- * Creating a Request
+    GetWebACLForResource (..),
+    newGetWebACLForResource,
+
+    -- * Request Lenses
+    getWebACLForResource_resourceArn,
+
+    -- * Destructuring the Response
+    GetWebACLForResourceResponse (..),
+    newGetWebACLForResourceResponse,
+
+    -- * Response Lenses
+    getWebACLForResourceResponse_webACL,
+    getWebACLForResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newGetWebACLForResource' smart constructor.
+data GetWebACLForResource = GetWebACLForResource'
+  { -- | The Amazon Resource Name (ARN) of the resource whose web ACL you want to
+    -- retrieve.
+    --
+    -- The ARN must be in one of the following formats:
+    --
+    -- -   For an Application Load Balancer:
+    --     @arn:aws:elasticloadbalancing:@/@region@/@:@/@account-id@/@:loadbalancer\/app\/@/@load-balancer-name@/@\/@/@load-balancer-id@/@ @
+    --
+    -- -   For an Amazon API Gateway REST API:
+    --     @arn:aws:apigateway:@/@region@/@::\/restapis\/@/@api-id@/@\/stages\/@/@stage-name@/@ @
+    --
+    -- -   For an AppSync GraphQL API:
+    --     @arn:aws:appsync:@/@region@/@:@/@account-id@/@:apis\/@/@GraphQLApiId@/@ @
+    --
+    -- -   For an Amazon Cognito user pool:
+    --     @arn:aws:cognito-idp:@/@region@/@:@/@account-id@/@:userpool\/@/@user-pool-id@/@ @
+    resourceArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetWebACLForResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'getWebACLForResource_resourceArn' - The Amazon Resource Name (ARN) of the resource whose web ACL you want to
+-- retrieve.
+--
+-- The ARN must be in one of the following formats:
+--
+-- -   For an Application Load Balancer:
+--     @arn:aws:elasticloadbalancing:@/@region@/@:@/@account-id@/@:loadbalancer\/app\/@/@load-balancer-name@/@\/@/@load-balancer-id@/@ @
+--
+-- -   For an Amazon API Gateway REST API:
+--     @arn:aws:apigateway:@/@region@/@::\/restapis\/@/@api-id@/@\/stages\/@/@stage-name@/@ @
+--
+-- -   For an AppSync GraphQL API:
+--     @arn:aws:appsync:@/@region@/@:@/@account-id@/@:apis\/@/@GraphQLApiId@/@ @
+--
+-- -   For an Amazon Cognito user pool:
+--     @arn:aws:cognito-idp:@/@region@/@:@/@account-id@/@:userpool\/@/@user-pool-id@/@ @
+newGetWebACLForResource ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  GetWebACLForResource
+newGetWebACLForResource pResourceArn_ =
+  GetWebACLForResource' {resourceArn = pResourceArn_}
+
+-- | The Amazon Resource Name (ARN) of the resource whose web ACL you want to
+-- retrieve.
+--
+-- The ARN must be in one of the following formats:
+--
+-- -   For an Application Load Balancer:
+--     @arn:aws:elasticloadbalancing:@/@region@/@:@/@account-id@/@:loadbalancer\/app\/@/@load-balancer-name@/@\/@/@load-balancer-id@/@ @
+--
+-- -   For an Amazon API Gateway REST API:
+--     @arn:aws:apigateway:@/@region@/@::\/restapis\/@/@api-id@/@\/stages\/@/@stage-name@/@ @
+--
+-- -   For an AppSync GraphQL API:
+--     @arn:aws:appsync:@/@region@/@:@/@account-id@/@:apis\/@/@GraphQLApiId@/@ @
+--
+-- -   For an Amazon Cognito user pool:
+--     @arn:aws:cognito-idp:@/@region@/@:@/@account-id@/@:userpool\/@/@user-pool-id@/@ @
+getWebACLForResource_resourceArn :: Lens.Lens' GetWebACLForResource Prelude.Text
+getWebACLForResource_resourceArn = Lens.lens (\GetWebACLForResource' {resourceArn} -> resourceArn) (\s@GetWebACLForResource' {} a -> s {resourceArn = a} :: GetWebACLForResource)
+
+instance Core.AWSRequest GetWebACLForResource where
+  type
+    AWSResponse GetWebACLForResource =
+      GetWebACLForResourceResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          GetWebACLForResourceResponse'
+            Prelude.<$> (x Data..?> "WebACL")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable GetWebACLForResource where
+  hashWithSalt _salt GetWebACLForResource' {..} =
+    _salt `Prelude.hashWithSalt` resourceArn
+
+instance Prelude.NFData GetWebACLForResource where
+  rnf GetWebACLForResource' {..} =
+    Prelude.rnf resourceArn
+
+instance Data.ToHeaders GetWebACLForResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.GetWebACLForResource" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON GetWebACLForResource where
+  toJSON GetWebACLForResource' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("ResourceArn" Data..= resourceArn)]
+      )
+
+instance Data.ToPath GetWebACLForResource where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery GetWebACLForResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newGetWebACLForResourceResponse' smart constructor.
+data GetWebACLForResourceResponse = GetWebACLForResourceResponse'
+  { -- | The web ACL that is associated with the resource. If there is no
+    -- associated resource, WAF returns a null web ACL.
+    webACL :: Prelude.Maybe WebACL,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GetWebACLForResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'webACL', 'getWebACLForResourceResponse_webACL' - The web ACL that is associated with the resource. If there is no
+-- associated resource, WAF returns a null web ACL.
+--
+-- 'httpStatus', 'getWebACLForResourceResponse_httpStatus' - The response's http status code.
+newGetWebACLForResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  GetWebACLForResourceResponse
+newGetWebACLForResourceResponse pHttpStatus_ =
+  GetWebACLForResourceResponse'
+    { webACL =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The web ACL that is associated with the resource. If there is no
+-- associated resource, WAF returns a null web ACL.
+getWebACLForResourceResponse_webACL :: Lens.Lens' GetWebACLForResourceResponse (Prelude.Maybe WebACL)
+getWebACLForResourceResponse_webACL = Lens.lens (\GetWebACLForResourceResponse' {webACL} -> webACL) (\s@GetWebACLForResourceResponse' {} a -> s {webACL = a} :: GetWebACLForResourceResponse)
+
+-- | The response's http status code.
+getWebACLForResourceResponse_httpStatus :: Lens.Lens' GetWebACLForResourceResponse Prelude.Int
+getWebACLForResourceResponse_httpStatus = Lens.lens (\GetWebACLForResourceResponse' {httpStatus} -> httpStatus) (\s@GetWebACLForResourceResponse' {} a -> s {httpStatus = a} :: GetWebACLForResourceResponse)
+
+instance Prelude.NFData GetWebACLForResourceResponse where
+  rnf GetWebACLForResourceResponse' {..} =
+    Prelude.rnf webACL
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/Lens.hs b/gen/Amazonka/WAFV2/Lens.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Lens.hs
@@ -0,0 +1,1032 @@
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Lens
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Lens
+  ( -- * Operations
+
+    -- ** AssociateWebACL
+    associateWebACL_webACLArn,
+    associateWebACL_resourceArn,
+    associateWebACLResponse_httpStatus,
+
+    -- ** CheckCapacity
+    checkCapacity_scope,
+    checkCapacity_rules,
+    checkCapacityResponse_capacity,
+    checkCapacityResponse_httpStatus,
+
+    -- ** CreateIPSet
+    createIPSet_description,
+    createIPSet_tags,
+    createIPSet_name,
+    createIPSet_scope,
+    createIPSet_iPAddressVersion,
+    createIPSet_addresses,
+    createIPSetResponse_summary,
+    createIPSetResponse_httpStatus,
+
+    -- ** CreateRegexPatternSet
+    createRegexPatternSet_description,
+    createRegexPatternSet_tags,
+    createRegexPatternSet_name,
+    createRegexPatternSet_scope,
+    createRegexPatternSet_regularExpressionList,
+    createRegexPatternSetResponse_summary,
+    createRegexPatternSetResponse_httpStatus,
+
+    -- ** CreateRuleGroup
+    createRuleGroup_customResponseBodies,
+    createRuleGroup_description,
+    createRuleGroup_rules,
+    createRuleGroup_tags,
+    createRuleGroup_name,
+    createRuleGroup_scope,
+    createRuleGroup_capacity,
+    createRuleGroup_visibilityConfig,
+    createRuleGroupResponse_summary,
+    createRuleGroupResponse_httpStatus,
+
+    -- ** CreateWebACL
+    createWebACL_captchaConfig,
+    createWebACL_challengeConfig,
+    createWebACL_customResponseBodies,
+    createWebACL_description,
+    createWebACL_rules,
+    createWebACL_tags,
+    createWebACL_tokenDomains,
+    createWebACL_name,
+    createWebACL_scope,
+    createWebACL_defaultAction,
+    createWebACL_visibilityConfig,
+    createWebACLResponse_summary,
+    createWebACLResponse_httpStatus,
+
+    -- ** DeleteFirewallManagerRuleGroups
+    deleteFirewallManagerRuleGroups_webACLArn,
+    deleteFirewallManagerRuleGroups_webACLLockToken,
+    deleteFirewallManagerRuleGroupsResponse_nextWebACLLockToken,
+    deleteFirewallManagerRuleGroupsResponse_httpStatus,
+
+    -- ** DeleteIPSet
+    deleteIPSet_name,
+    deleteIPSet_scope,
+    deleteIPSet_id,
+    deleteIPSet_lockToken,
+    deleteIPSetResponse_httpStatus,
+
+    -- ** DeleteLoggingConfiguration
+    deleteLoggingConfiguration_resourceArn,
+    deleteLoggingConfigurationResponse_httpStatus,
+
+    -- ** DeletePermissionPolicy
+    deletePermissionPolicy_resourceArn,
+    deletePermissionPolicyResponse_httpStatus,
+
+    -- ** DeleteRegexPatternSet
+    deleteRegexPatternSet_name,
+    deleteRegexPatternSet_scope,
+    deleteRegexPatternSet_id,
+    deleteRegexPatternSet_lockToken,
+    deleteRegexPatternSetResponse_httpStatus,
+
+    -- ** DeleteRuleGroup
+    deleteRuleGroup_name,
+    deleteRuleGroup_scope,
+    deleteRuleGroup_id,
+    deleteRuleGroup_lockToken,
+    deleteRuleGroupResponse_httpStatus,
+
+    -- ** DeleteWebACL
+    deleteWebACL_name,
+    deleteWebACL_scope,
+    deleteWebACL_id,
+    deleteWebACL_lockToken,
+    deleteWebACLResponse_httpStatus,
+
+    -- ** DescribeManagedRuleGroup
+    describeManagedRuleGroup_versionName,
+    describeManagedRuleGroup_vendorName,
+    describeManagedRuleGroup_name,
+    describeManagedRuleGroup_scope,
+    describeManagedRuleGroupResponse_availableLabels,
+    describeManagedRuleGroupResponse_capacity,
+    describeManagedRuleGroupResponse_consumedLabels,
+    describeManagedRuleGroupResponse_labelNamespace,
+    describeManagedRuleGroupResponse_rules,
+    describeManagedRuleGroupResponse_snsTopicArn,
+    describeManagedRuleGroupResponse_versionName,
+    describeManagedRuleGroupResponse_httpStatus,
+
+    -- ** DisassociateWebACL
+    disassociateWebACL_resourceArn,
+    disassociateWebACLResponse_httpStatus,
+
+    -- ** GenerateMobileSdkReleaseUrl
+    generateMobileSdkReleaseUrl_platform,
+    generateMobileSdkReleaseUrl_releaseVersion,
+    generateMobileSdkReleaseUrlResponse_url,
+    generateMobileSdkReleaseUrlResponse_httpStatus,
+
+    -- ** GetIPSet
+    getIPSet_name,
+    getIPSet_scope,
+    getIPSet_id,
+    getIPSetResponse_iPSet,
+    getIPSetResponse_lockToken,
+    getIPSetResponse_httpStatus,
+
+    -- ** GetLoggingConfiguration
+    getLoggingConfiguration_resourceArn,
+    getLoggingConfigurationResponse_loggingConfiguration,
+    getLoggingConfigurationResponse_httpStatus,
+
+    -- ** GetManagedRuleSet
+    getManagedRuleSet_name,
+    getManagedRuleSet_scope,
+    getManagedRuleSet_id,
+    getManagedRuleSetResponse_lockToken,
+    getManagedRuleSetResponse_managedRuleSet,
+    getManagedRuleSetResponse_httpStatus,
+
+    -- ** GetMobileSdkRelease
+    getMobileSdkRelease_platform,
+    getMobileSdkRelease_releaseVersion,
+    getMobileSdkReleaseResponse_mobileSdkRelease,
+    getMobileSdkReleaseResponse_httpStatus,
+
+    -- ** GetPermissionPolicy
+    getPermissionPolicy_resourceArn,
+    getPermissionPolicyResponse_policy,
+    getPermissionPolicyResponse_httpStatus,
+
+    -- ** GetRateBasedStatementManagedKeys
+    getRateBasedStatementManagedKeys_ruleGroupRuleName,
+    getRateBasedStatementManagedKeys_scope,
+    getRateBasedStatementManagedKeys_webACLName,
+    getRateBasedStatementManagedKeys_webACLId,
+    getRateBasedStatementManagedKeys_ruleName,
+    getRateBasedStatementManagedKeysResponse_managedKeysIPV4,
+    getRateBasedStatementManagedKeysResponse_managedKeysIPV6,
+    getRateBasedStatementManagedKeysResponse_httpStatus,
+
+    -- ** GetRegexPatternSet
+    getRegexPatternSet_name,
+    getRegexPatternSet_scope,
+    getRegexPatternSet_id,
+    getRegexPatternSetResponse_lockToken,
+    getRegexPatternSetResponse_regexPatternSet,
+    getRegexPatternSetResponse_httpStatus,
+
+    -- ** GetRuleGroup
+    getRuleGroup_arn,
+    getRuleGroup_id,
+    getRuleGroup_name,
+    getRuleGroup_scope,
+    getRuleGroupResponse_lockToken,
+    getRuleGroupResponse_ruleGroup,
+    getRuleGroupResponse_httpStatus,
+
+    -- ** GetSampledRequests
+    getSampledRequests_webAclArn,
+    getSampledRequests_ruleMetricName,
+    getSampledRequests_scope,
+    getSampledRequests_timeWindow,
+    getSampledRequests_maxItems,
+    getSampledRequestsResponse_populationSize,
+    getSampledRequestsResponse_sampledRequests,
+    getSampledRequestsResponse_timeWindow,
+    getSampledRequestsResponse_httpStatus,
+
+    -- ** GetWebACL
+    getWebACL_name,
+    getWebACL_scope,
+    getWebACL_id,
+    getWebACLResponse_applicationIntegrationURL,
+    getWebACLResponse_lockToken,
+    getWebACLResponse_webACL,
+    getWebACLResponse_httpStatus,
+
+    -- ** GetWebACLForResource
+    getWebACLForResource_resourceArn,
+    getWebACLForResourceResponse_webACL,
+    getWebACLForResourceResponse_httpStatus,
+
+    -- ** ListAvailableManagedRuleGroupVersions
+    listAvailableManagedRuleGroupVersions_limit,
+    listAvailableManagedRuleGroupVersions_nextMarker,
+    listAvailableManagedRuleGroupVersions_vendorName,
+    listAvailableManagedRuleGroupVersions_name,
+    listAvailableManagedRuleGroupVersions_scope,
+    listAvailableManagedRuleGroupVersionsResponse_currentDefaultVersion,
+    listAvailableManagedRuleGroupVersionsResponse_nextMarker,
+    listAvailableManagedRuleGroupVersionsResponse_versions,
+    listAvailableManagedRuleGroupVersionsResponse_httpStatus,
+
+    -- ** ListAvailableManagedRuleGroups
+    listAvailableManagedRuleGroups_limit,
+    listAvailableManagedRuleGroups_nextMarker,
+    listAvailableManagedRuleGroups_scope,
+    listAvailableManagedRuleGroupsResponse_managedRuleGroups,
+    listAvailableManagedRuleGroupsResponse_nextMarker,
+    listAvailableManagedRuleGroupsResponse_httpStatus,
+
+    -- ** ListIPSets
+    listIPSets_limit,
+    listIPSets_nextMarker,
+    listIPSets_scope,
+    listIPSetsResponse_iPSets,
+    listIPSetsResponse_nextMarker,
+    listIPSetsResponse_httpStatus,
+
+    -- ** ListLoggingConfigurations
+    listLoggingConfigurations_limit,
+    listLoggingConfigurations_nextMarker,
+    listLoggingConfigurations_scope,
+    listLoggingConfigurationsResponse_loggingConfigurations,
+    listLoggingConfigurationsResponse_nextMarker,
+    listLoggingConfigurationsResponse_httpStatus,
+
+    -- ** ListManagedRuleSets
+    listManagedRuleSets_limit,
+    listManagedRuleSets_nextMarker,
+    listManagedRuleSets_scope,
+    listManagedRuleSetsResponse_managedRuleSets,
+    listManagedRuleSetsResponse_nextMarker,
+    listManagedRuleSetsResponse_httpStatus,
+
+    -- ** ListMobileSdkReleases
+    listMobileSdkReleases_limit,
+    listMobileSdkReleases_nextMarker,
+    listMobileSdkReleases_platform,
+    listMobileSdkReleasesResponse_nextMarker,
+    listMobileSdkReleasesResponse_releaseSummaries,
+    listMobileSdkReleasesResponse_httpStatus,
+
+    -- ** ListRegexPatternSets
+    listRegexPatternSets_limit,
+    listRegexPatternSets_nextMarker,
+    listRegexPatternSets_scope,
+    listRegexPatternSetsResponse_nextMarker,
+    listRegexPatternSetsResponse_regexPatternSets,
+    listRegexPatternSetsResponse_httpStatus,
+
+    -- ** ListResourcesForWebACL
+    listResourcesForWebACL_resourceType,
+    listResourcesForWebACL_webACLArn,
+    listResourcesForWebACLResponse_resourceArns,
+    listResourcesForWebACLResponse_httpStatus,
+
+    -- ** ListRuleGroups
+    listRuleGroups_limit,
+    listRuleGroups_nextMarker,
+    listRuleGroups_scope,
+    listRuleGroupsResponse_nextMarker,
+    listRuleGroupsResponse_ruleGroups,
+    listRuleGroupsResponse_httpStatus,
+
+    -- ** ListTagsForResource
+    listTagsForResource_limit,
+    listTagsForResource_nextMarker,
+    listTagsForResource_resourceARN,
+    listTagsForResourceResponse_nextMarker,
+    listTagsForResourceResponse_tagInfoForResource,
+    listTagsForResourceResponse_httpStatus,
+
+    -- ** ListWebACLs
+    listWebACLs_limit,
+    listWebACLs_nextMarker,
+    listWebACLs_scope,
+    listWebACLsResponse_nextMarker,
+    listWebACLsResponse_webACLs,
+    listWebACLsResponse_httpStatus,
+
+    -- ** PutLoggingConfiguration
+    putLoggingConfiguration_loggingConfiguration,
+    putLoggingConfigurationResponse_loggingConfiguration,
+    putLoggingConfigurationResponse_httpStatus,
+
+    -- ** PutManagedRuleSetVersions
+    putManagedRuleSetVersions_recommendedVersion,
+    putManagedRuleSetVersions_versionsToPublish,
+    putManagedRuleSetVersions_name,
+    putManagedRuleSetVersions_scope,
+    putManagedRuleSetVersions_id,
+    putManagedRuleSetVersions_lockToken,
+    putManagedRuleSetVersionsResponse_nextLockToken,
+    putManagedRuleSetVersionsResponse_httpStatus,
+
+    -- ** PutPermissionPolicy
+    putPermissionPolicy_resourceArn,
+    putPermissionPolicy_policy,
+    putPermissionPolicyResponse_httpStatus,
+
+    -- ** TagResource
+    tagResource_resourceARN,
+    tagResource_tags,
+    tagResourceResponse_httpStatus,
+
+    -- ** UntagResource
+    untagResource_resourceARN,
+    untagResource_tagKeys,
+    untagResourceResponse_httpStatus,
+
+    -- ** UpdateIPSet
+    updateIPSet_description,
+    updateIPSet_name,
+    updateIPSet_scope,
+    updateIPSet_id,
+    updateIPSet_addresses,
+    updateIPSet_lockToken,
+    updateIPSetResponse_nextLockToken,
+    updateIPSetResponse_httpStatus,
+
+    -- ** UpdateManagedRuleSetVersionExpiryDate
+    updateManagedRuleSetVersionExpiryDate_name,
+    updateManagedRuleSetVersionExpiryDate_scope,
+    updateManagedRuleSetVersionExpiryDate_id,
+    updateManagedRuleSetVersionExpiryDate_lockToken,
+    updateManagedRuleSetVersionExpiryDate_versionToExpire,
+    updateManagedRuleSetVersionExpiryDate_expiryTimestamp,
+    updateManagedRuleSetVersionExpiryDateResponse_expiringVersion,
+    updateManagedRuleSetVersionExpiryDateResponse_expiryTimestamp,
+    updateManagedRuleSetVersionExpiryDateResponse_nextLockToken,
+    updateManagedRuleSetVersionExpiryDateResponse_httpStatus,
+
+    -- ** UpdateRegexPatternSet
+    updateRegexPatternSet_description,
+    updateRegexPatternSet_name,
+    updateRegexPatternSet_scope,
+    updateRegexPatternSet_id,
+    updateRegexPatternSet_regularExpressionList,
+    updateRegexPatternSet_lockToken,
+    updateRegexPatternSetResponse_nextLockToken,
+    updateRegexPatternSetResponse_httpStatus,
+
+    -- ** UpdateRuleGroup
+    updateRuleGroup_customResponseBodies,
+    updateRuleGroup_description,
+    updateRuleGroup_rules,
+    updateRuleGroup_name,
+    updateRuleGroup_scope,
+    updateRuleGroup_id,
+    updateRuleGroup_visibilityConfig,
+    updateRuleGroup_lockToken,
+    updateRuleGroupResponse_nextLockToken,
+    updateRuleGroupResponse_httpStatus,
+
+    -- ** UpdateWebACL
+    updateWebACL_captchaConfig,
+    updateWebACL_challengeConfig,
+    updateWebACL_customResponseBodies,
+    updateWebACL_description,
+    updateWebACL_rules,
+    updateWebACL_tokenDomains,
+    updateWebACL_name,
+    updateWebACL_scope,
+    updateWebACL_id,
+    updateWebACL_defaultAction,
+    updateWebACL_visibilityConfig,
+    updateWebACL_lockToken,
+    updateWebACLResponse_nextLockToken,
+    updateWebACLResponse_httpStatus,
+
+    -- * Types
+
+    -- ** AWSManagedRulesBotControlRuleSet
+    aWSManagedRulesBotControlRuleSet_inspectionLevel,
+
+    -- ** ActionCondition
+    actionCondition_action,
+
+    -- ** All
+
+    -- ** AllQueryArguments
+
+    -- ** AllowAction
+    allowAction_customRequestHandling,
+
+    -- ** AndStatement
+    andStatement_statements,
+
+    -- ** BlockAction
+    blockAction_customResponse,
+
+    -- ** Body
+    body_oversizeHandling,
+
+    -- ** ByteMatchStatement
+    byteMatchStatement_searchString,
+    byteMatchStatement_fieldToMatch,
+    byteMatchStatement_textTransformations,
+    byteMatchStatement_positionalConstraint,
+
+    -- ** CaptchaAction
+    captchaAction_customRequestHandling,
+
+    -- ** CaptchaConfig
+    captchaConfig_immunityTimeProperty,
+
+    -- ** CaptchaResponse
+    captchaResponse_failureReason,
+    captchaResponse_responseCode,
+    captchaResponse_solveTimestamp,
+
+    -- ** ChallengeAction
+    challengeAction_customRequestHandling,
+
+    -- ** ChallengeConfig
+    challengeConfig_immunityTimeProperty,
+
+    -- ** ChallengeResponse
+    challengeResponse_failureReason,
+    challengeResponse_responseCode,
+    challengeResponse_solveTimestamp,
+
+    -- ** Condition
+    condition_actionCondition,
+    condition_labelNameCondition,
+
+    -- ** CookieMatchPattern
+    cookieMatchPattern_all,
+    cookieMatchPattern_excludedCookies,
+    cookieMatchPattern_includedCookies,
+
+    -- ** Cookies
+    cookies_matchPattern,
+    cookies_matchScope,
+    cookies_oversizeHandling,
+
+    -- ** CountAction
+    countAction_customRequestHandling,
+
+    -- ** CustomHTTPHeader
+    customHTTPHeader_name,
+    customHTTPHeader_value,
+
+    -- ** CustomRequestHandling
+    customRequestHandling_insertHeaders,
+
+    -- ** CustomResponse
+    customResponse_customResponseBodyKey,
+    customResponse_responseHeaders,
+    customResponse_responseCode,
+
+    -- ** CustomResponseBody
+    customResponseBody_contentType,
+    customResponseBody_content,
+
+    -- ** DefaultAction
+    defaultAction_allow,
+    defaultAction_block,
+
+    -- ** ExcludedRule
+    excludedRule_name,
+
+    -- ** FieldToMatch
+    fieldToMatch_allQueryArguments,
+    fieldToMatch_body,
+    fieldToMatch_cookies,
+    fieldToMatch_headers,
+    fieldToMatch_jsonBody,
+    fieldToMatch_method,
+    fieldToMatch_queryString,
+    fieldToMatch_singleHeader,
+    fieldToMatch_singleQueryArgument,
+    fieldToMatch_uriPath,
+
+    -- ** Filter
+    filter_behavior,
+    filter_requirement,
+    filter_conditions,
+
+    -- ** FirewallManagerRuleGroup
+    firewallManagerRuleGroup_name,
+    firewallManagerRuleGroup_priority,
+    firewallManagerRuleGroup_firewallManagerStatement,
+    firewallManagerRuleGroup_overrideAction,
+    firewallManagerRuleGroup_visibilityConfig,
+
+    -- ** FirewallManagerStatement
+    firewallManagerStatement_managedRuleGroupStatement,
+    firewallManagerStatement_ruleGroupReferenceStatement,
+
+    -- ** ForwardedIPConfig
+    forwardedIPConfig_headerName,
+    forwardedIPConfig_fallbackBehavior,
+
+    -- ** GeoMatchStatement
+    geoMatchStatement_countryCodes,
+    geoMatchStatement_forwardedIPConfig,
+
+    -- ** HTTPHeader
+    hTTPHeader_name,
+    hTTPHeader_value,
+
+    -- ** HTTPRequest
+    hTTPRequest_clientIP,
+    hTTPRequest_country,
+    hTTPRequest_hTTPVersion,
+    hTTPRequest_headers,
+    hTTPRequest_method,
+    hTTPRequest_uri,
+
+    -- ** HeaderMatchPattern
+    headerMatchPattern_all,
+    headerMatchPattern_excludedHeaders,
+    headerMatchPattern_includedHeaders,
+
+    -- ** Headers
+    headers_matchPattern,
+    headers_matchScope,
+    headers_oversizeHandling,
+
+    -- ** IPSet
+    iPSet_description,
+    iPSet_name,
+    iPSet_id,
+    iPSet_arn,
+    iPSet_iPAddressVersion,
+    iPSet_addresses,
+
+    -- ** IPSetForwardedIPConfig
+    iPSetForwardedIPConfig_headerName,
+    iPSetForwardedIPConfig_fallbackBehavior,
+    iPSetForwardedIPConfig_position,
+
+    -- ** IPSetReferenceStatement
+    iPSetReferenceStatement_iPSetForwardedIPConfig,
+    iPSetReferenceStatement_arn,
+
+    -- ** IPSetSummary
+    iPSetSummary_arn,
+    iPSetSummary_description,
+    iPSetSummary_id,
+    iPSetSummary_lockToken,
+    iPSetSummary_name,
+
+    -- ** ImmunityTimeProperty
+    immunityTimeProperty_immunityTime,
+
+    -- ** JsonBody
+    jsonBody_invalidFallbackBehavior,
+    jsonBody_oversizeHandling,
+    jsonBody_matchPattern,
+    jsonBody_matchScope,
+
+    -- ** JsonMatchPattern
+    jsonMatchPattern_all,
+    jsonMatchPattern_includedPaths,
+
+    -- ** Label
+    label_name,
+
+    -- ** LabelMatchStatement
+    labelMatchStatement_scope,
+    labelMatchStatement_key,
+
+    -- ** LabelNameCondition
+    labelNameCondition_labelName,
+
+    -- ** LabelSummary
+    labelSummary_name,
+
+    -- ** LoggingConfiguration
+    loggingConfiguration_loggingFilter,
+    loggingConfiguration_managedByFirewallManager,
+    loggingConfiguration_redactedFields,
+    loggingConfiguration_resourceArn,
+    loggingConfiguration_logDestinationConfigs,
+
+    -- ** LoggingFilter
+    loggingFilter_filters,
+    loggingFilter_defaultBehavior,
+
+    -- ** ManagedRuleGroupConfig
+    managedRuleGroupConfig_aWSManagedRulesBotControlRuleSet,
+    managedRuleGroupConfig_loginPath,
+    managedRuleGroupConfig_passwordField,
+    managedRuleGroupConfig_payloadType,
+    managedRuleGroupConfig_usernameField,
+
+    -- ** ManagedRuleGroupStatement
+    managedRuleGroupStatement_excludedRules,
+    managedRuleGroupStatement_managedRuleGroupConfigs,
+    managedRuleGroupStatement_ruleActionOverrides,
+    managedRuleGroupStatement_scopeDownStatement,
+    managedRuleGroupStatement_version,
+    managedRuleGroupStatement_vendorName,
+    managedRuleGroupStatement_name,
+
+    -- ** ManagedRuleGroupSummary
+    managedRuleGroupSummary_description,
+    managedRuleGroupSummary_name,
+    managedRuleGroupSummary_vendorName,
+    managedRuleGroupSummary_versioningSupported,
+
+    -- ** ManagedRuleGroupVersion
+    managedRuleGroupVersion_lastUpdateTimestamp,
+    managedRuleGroupVersion_name,
+
+    -- ** ManagedRuleSet
+    managedRuleSet_description,
+    managedRuleSet_labelNamespace,
+    managedRuleSet_publishedVersions,
+    managedRuleSet_recommendedVersion,
+    managedRuleSet_name,
+    managedRuleSet_id,
+    managedRuleSet_arn,
+
+    -- ** ManagedRuleSetSummary
+    managedRuleSetSummary_arn,
+    managedRuleSetSummary_description,
+    managedRuleSetSummary_id,
+    managedRuleSetSummary_labelNamespace,
+    managedRuleSetSummary_lockToken,
+    managedRuleSetSummary_name,
+
+    -- ** ManagedRuleSetVersion
+    managedRuleSetVersion_associatedRuleGroupArn,
+    managedRuleSetVersion_capacity,
+    managedRuleSetVersion_expiryTimestamp,
+    managedRuleSetVersion_forecastedLifetime,
+    managedRuleSetVersion_lastUpdateTimestamp,
+    managedRuleSetVersion_publishTimestamp,
+
+    -- ** Method
+
+    -- ** MobileSdkRelease
+    mobileSdkRelease_releaseNotes,
+    mobileSdkRelease_releaseVersion,
+    mobileSdkRelease_tags,
+    mobileSdkRelease_timestamp,
+
+    -- ** NoneAction
+
+    -- ** NotStatement
+    notStatement_statement,
+
+    -- ** OrStatement
+    orStatement_statements,
+
+    -- ** OverrideAction
+    overrideAction_count,
+    overrideAction_none,
+
+    -- ** PasswordField
+    passwordField_identifier,
+
+    -- ** QueryString
+
+    -- ** RateBasedStatement
+    rateBasedStatement_forwardedIPConfig,
+    rateBasedStatement_scopeDownStatement,
+    rateBasedStatement_limit,
+    rateBasedStatement_aggregateKeyType,
+
+    -- ** RateBasedStatementManagedKeysIPSet
+    rateBasedStatementManagedKeysIPSet_addresses,
+    rateBasedStatementManagedKeysIPSet_iPAddressVersion,
+
+    -- ** Regex
+    regex_regexString,
+
+    -- ** RegexMatchStatement
+    regexMatchStatement_regexString,
+    regexMatchStatement_fieldToMatch,
+    regexMatchStatement_textTransformations,
+
+    -- ** RegexPatternSet
+    regexPatternSet_arn,
+    regexPatternSet_description,
+    regexPatternSet_id,
+    regexPatternSet_name,
+    regexPatternSet_regularExpressionList,
+
+    -- ** RegexPatternSetReferenceStatement
+    regexPatternSetReferenceStatement_arn,
+    regexPatternSetReferenceStatement_fieldToMatch,
+    regexPatternSetReferenceStatement_textTransformations,
+
+    -- ** RegexPatternSetSummary
+    regexPatternSetSummary_arn,
+    regexPatternSetSummary_description,
+    regexPatternSetSummary_id,
+    regexPatternSetSummary_lockToken,
+    regexPatternSetSummary_name,
+
+    -- ** ReleaseSummary
+    releaseSummary_releaseVersion,
+    releaseSummary_timestamp,
+
+    -- ** Rule
+    rule_action,
+    rule_captchaConfig,
+    rule_challengeConfig,
+    rule_overrideAction,
+    rule_ruleLabels,
+    rule_name,
+    rule_priority,
+    rule_statement,
+    rule_visibilityConfig,
+
+    -- ** RuleAction
+    ruleAction_allow,
+    ruleAction_block,
+    ruleAction_captcha,
+    ruleAction_challenge,
+    ruleAction_count,
+
+    -- ** RuleActionOverride
+    ruleActionOverride_name,
+    ruleActionOverride_actionToUse,
+
+    -- ** RuleGroup
+    ruleGroup_availableLabels,
+    ruleGroup_consumedLabels,
+    ruleGroup_customResponseBodies,
+    ruleGroup_description,
+    ruleGroup_labelNamespace,
+    ruleGroup_rules,
+    ruleGroup_name,
+    ruleGroup_id,
+    ruleGroup_capacity,
+    ruleGroup_arn,
+    ruleGroup_visibilityConfig,
+
+    -- ** RuleGroupReferenceStatement
+    ruleGroupReferenceStatement_excludedRules,
+    ruleGroupReferenceStatement_ruleActionOverrides,
+    ruleGroupReferenceStatement_arn,
+
+    -- ** RuleGroupSummary
+    ruleGroupSummary_arn,
+    ruleGroupSummary_description,
+    ruleGroupSummary_id,
+    ruleGroupSummary_lockToken,
+    ruleGroupSummary_name,
+
+    -- ** RuleSummary
+    ruleSummary_action,
+    ruleSummary_name,
+
+    -- ** SampledHTTPRequest
+    sampledHTTPRequest_action,
+    sampledHTTPRequest_captchaResponse,
+    sampledHTTPRequest_challengeResponse,
+    sampledHTTPRequest_labels,
+    sampledHTTPRequest_overriddenAction,
+    sampledHTTPRequest_requestHeadersInserted,
+    sampledHTTPRequest_responseCodeSent,
+    sampledHTTPRequest_ruleNameWithinRuleGroup,
+    sampledHTTPRequest_timestamp,
+    sampledHTTPRequest_request,
+    sampledHTTPRequest_weight,
+
+    -- ** SingleHeader
+    singleHeader_name,
+
+    -- ** SingleQueryArgument
+    singleQueryArgument_name,
+
+    -- ** SizeConstraintStatement
+    sizeConstraintStatement_fieldToMatch,
+    sizeConstraintStatement_comparisonOperator,
+    sizeConstraintStatement_size,
+    sizeConstraintStatement_textTransformations,
+
+    -- ** SqliMatchStatement
+    sqliMatchStatement_sensitivityLevel,
+    sqliMatchStatement_fieldToMatch,
+    sqliMatchStatement_textTransformations,
+
+    -- ** Statement
+    statement_andStatement,
+    statement_byteMatchStatement,
+    statement_geoMatchStatement,
+    statement_iPSetReferenceStatement,
+    statement_labelMatchStatement,
+    statement_managedRuleGroupStatement,
+    statement_notStatement,
+    statement_orStatement,
+    statement_rateBasedStatement,
+    statement_regexMatchStatement,
+    statement_regexPatternSetReferenceStatement,
+    statement_ruleGroupReferenceStatement,
+    statement_sizeConstraintStatement,
+    statement_sqliMatchStatement,
+    statement_xssMatchStatement,
+
+    -- ** Tag
+    tag_key,
+    tag_value,
+
+    -- ** TagInfoForResource
+    tagInfoForResource_resourceARN,
+    tagInfoForResource_tagList,
+
+    -- ** TextTransformation
+    textTransformation_priority,
+    textTransformation_type,
+
+    -- ** TimeWindow
+    timeWindow_startTime,
+    timeWindow_endTime,
+
+    -- ** UriPath
+
+    -- ** UsernameField
+    usernameField_identifier,
+
+    -- ** VersionToPublish
+    versionToPublish_associatedRuleGroupArn,
+    versionToPublish_forecastedLifetime,
+
+    -- ** VisibilityConfig
+    visibilityConfig_sampledRequestsEnabled,
+    visibilityConfig_cloudWatchMetricsEnabled,
+    visibilityConfig_metricName,
+
+    -- ** WebACL
+    webACL_capacity,
+    webACL_captchaConfig,
+    webACL_challengeConfig,
+    webACL_customResponseBodies,
+    webACL_description,
+    webACL_labelNamespace,
+    webACL_managedByFirewallManager,
+    webACL_postProcessFirewallManagerRuleGroups,
+    webACL_preProcessFirewallManagerRuleGroups,
+    webACL_rules,
+    webACL_tokenDomains,
+    webACL_name,
+    webACL_id,
+    webACL_arn,
+    webACL_defaultAction,
+    webACL_visibilityConfig,
+
+    -- ** WebACLSummary
+    webACLSummary_arn,
+    webACLSummary_description,
+    webACLSummary_id,
+    webACLSummary_lockToken,
+    webACLSummary_name,
+
+    -- ** XssMatchStatement
+    xssMatchStatement_fieldToMatch,
+    xssMatchStatement_textTransformations,
+  )
+where
+
+import Amazonka.WAFV2.AssociateWebACL
+import Amazonka.WAFV2.CheckCapacity
+import Amazonka.WAFV2.CreateIPSet
+import Amazonka.WAFV2.CreateRegexPatternSet
+import Amazonka.WAFV2.CreateRuleGroup
+import Amazonka.WAFV2.CreateWebACL
+import Amazonka.WAFV2.DeleteFirewallManagerRuleGroups
+import Amazonka.WAFV2.DeleteIPSet
+import Amazonka.WAFV2.DeleteLoggingConfiguration
+import Amazonka.WAFV2.DeletePermissionPolicy
+import Amazonka.WAFV2.DeleteRegexPatternSet
+import Amazonka.WAFV2.DeleteRuleGroup
+import Amazonka.WAFV2.DeleteWebACL
+import Amazonka.WAFV2.DescribeManagedRuleGroup
+import Amazonka.WAFV2.DisassociateWebACL
+import Amazonka.WAFV2.GenerateMobileSdkReleaseUrl
+import Amazonka.WAFV2.GetIPSet
+import Amazonka.WAFV2.GetLoggingConfiguration
+import Amazonka.WAFV2.GetManagedRuleSet
+import Amazonka.WAFV2.GetMobileSdkRelease
+import Amazonka.WAFV2.GetPermissionPolicy
+import Amazonka.WAFV2.GetRateBasedStatementManagedKeys
+import Amazonka.WAFV2.GetRegexPatternSet
+import Amazonka.WAFV2.GetRuleGroup
+import Amazonka.WAFV2.GetSampledRequests
+import Amazonka.WAFV2.GetWebACL
+import Amazonka.WAFV2.GetWebACLForResource
+import Amazonka.WAFV2.ListAvailableManagedRuleGroupVersions
+import Amazonka.WAFV2.ListAvailableManagedRuleGroups
+import Amazonka.WAFV2.ListIPSets
+import Amazonka.WAFV2.ListLoggingConfigurations
+import Amazonka.WAFV2.ListManagedRuleSets
+import Amazonka.WAFV2.ListMobileSdkReleases
+import Amazonka.WAFV2.ListRegexPatternSets
+import Amazonka.WAFV2.ListResourcesForWebACL
+import Amazonka.WAFV2.ListRuleGroups
+import Amazonka.WAFV2.ListTagsForResource
+import Amazonka.WAFV2.ListWebACLs
+import Amazonka.WAFV2.PutLoggingConfiguration
+import Amazonka.WAFV2.PutManagedRuleSetVersions
+import Amazonka.WAFV2.PutPermissionPolicy
+import Amazonka.WAFV2.TagResource
+import Amazonka.WAFV2.Types.AWSManagedRulesBotControlRuleSet
+import Amazonka.WAFV2.Types.ActionCondition
+import Amazonka.WAFV2.Types.All
+import Amazonka.WAFV2.Types.AllQueryArguments
+import Amazonka.WAFV2.Types.AllowAction
+import Amazonka.WAFV2.Types.AndStatement
+import Amazonka.WAFV2.Types.BlockAction
+import Amazonka.WAFV2.Types.Body
+import Amazonka.WAFV2.Types.ByteMatchStatement
+import Amazonka.WAFV2.Types.CaptchaAction
+import Amazonka.WAFV2.Types.CaptchaConfig
+import Amazonka.WAFV2.Types.CaptchaResponse
+import Amazonka.WAFV2.Types.ChallengeAction
+import Amazonka.WAFV2.Types.ChallengeConfig
+import Amazonka.WAFV2.Types.ChallengeResponse
+import Amazonka.WAFV2.Types.Condition
+import Amazonka.WAFV2.Types.CookieMatchPattern
+import Amazonka.WAFV2.Types.Cookies
+import Amazonka.WAFV2.Types.CountAction
+import Amazonka.WAFV2.Types.CustomHTTPHeader
+import Amazonka.WAFV2.Types.CustomRequestHandling
+import Amazonka.WAFV2.Types.CustomResponse
+import Amazonka.WAFV2.Types.CustomResponseBody
+import Amazonka.WAFV2.Types.DefaultAction
+import Amazonka.WAFV2.Types.ExcludedRule
+import Amazonka.WAFV2.Types.FieldToMatch
+import Amazonka.WAFV2.Types.Filter
+import Amazonka.WAFV2.Types.FirewallManagerRuleGroup
+import Amazonka.WAFV2.Types.FirewallManagerStatement
+import Amazonka.WAFV2.Types.ForwardedIPConfig
+import Amazonka.WAFV2.Types.GeoMatchStatement
+import Amazonka.WAFV2.Types.HTTPHeader
+import Amazonka.WAFV2.Types.HTTPRequest
+import Amazonka.WAFV2.Types.HeaderMatchPattern
+import Amazonka.WAFV2.Types.Headers
+import Amazonka.WAFV2.Types.IPSet
+import Amazonka.WAFV2.Types.IPSetForwardedIPConfig
+import Amazonka.WAFV2.Types.IPSetReferenceStatement
+import Amazonka.WAFV2.Types.IPSetSummary
+import Amazonka.WAFV2.Types.ImmunityTimeProperty
+import Amazonka.WAFV2.Types.JsonBody
+import Amazonka.WAFV2.Types.JsonMatchPattern
+import Amazonka.WAFV2.Types.Label
+import Amazonka.WAFV2.Types.LabelMatchStatement
+import Amazonka.WAFV2.Types.LabelNameCondition
+import Amazonka.WAFV2.Types.LabelSummary
+import Amazonka.WAFV2.Types.LoggingConfiguration
+import Amazonka.WAFV2.Types.LoggingFilter
+import Amazonka.WAFV2.Types.ManagedRuleGroupConfig
+import Amazonka.WAFV2.Types.ManagedRuleGroupStatement
+import Amazonka.WAFV2.Types.ManagedRuleGroupSummary
+import Amazonka.WAFV2.Types.ManagedRuleGroupVersion
+import Amazonka.WAFV2.Types.ManagedRuleSet
+import Amazonka.WAFV2.Types.ManagedRuleSetSummary
+import Amazonka.WAFV2.Types.ManagedRuleSetVersion
+import Amazonka.WAFV2.Types.Method
+import Amazonka.WAFV2.Types.MobileSdkRelease
+import Amazonka.WAFV2.Types.NoneAction
+import Amazonka.WAFV2.Types.NotStatement
+import Amazonka.WAFV2.Types.OrStatement
+import Amazonka.WAFV2.Types.OverrideAction
+import Amazonka.WAFV2.Types.PasswordField
+import Amazonka.WAFV2.Types.QueryString
+import Amazonka.WAFV2.Types.RateBasedStatement
+import Amazonka.WAFV2.Types.RateBasedStatementManagedKeysIPSet
+import Amazonka.WAFV2.Types.Regex
+import Amazonka.WAFV2.Types.RegexMatchStatement
+import Amazonka.WAFV2.Types.RegexPatternSet
+import Amazonka.WAFV2.Types.RegexPatternSetReferenceStatement
+import Amazonka.WAFV2.Types.RegexPatternSetSummary
+import Amazonka.WAFV2.Types.ReleaseSummary
+import Amazonka.WAFV2.Types.Rule
+import Amazonka.WAFV2.Types.RuleAction
+import Amazonka.WAFV2.Types.RuleActionOverride
+import Amazonka.WAFV2.Types.RuleGroup
+import Amazonka.WAFV2.Types.RuleGroupReferenceStatement
+import Amazonka.WAFV2.Types.RuleGroupSummary
+import Amazonka.WAFV2.Types.RuleSummary
+import Amazonka.WAFV2.Types.SampledHTTPRequest
+import Amazonka.WAFV2.Types.SingleHeader
+import Amazonka.WAFV2.Types.SingleQueryArgument
+import Amazonka.WAFV2.Types.SizeConstraintStatement
+import Amazonka.WAFV2.Types.SqliMatchStatement
+import Amazonka.WAFV2.Types.Statement
+import Amazonka.WAFV2.Types.Tag
+import Amazonka.WAFV2.Types.TagInfoForResource
+import Amazonka.WAFV2.Types.TextTransformation
+import Amazonka.WAFV2.Types.TimeWindow
+import Amazonka.WAFV2.Types.UriPath
+import Amazonka.WAFV2.Types.UsernameField
+import Amazonka.WAFV2.Types.VersionToPublish
+import Amazonka.WAFV2.Types.VisibilityConfig
+import Amazonka.WAFV2.Types.WebACL
+import Amazonka.WAFV2.Types.WebACLSummary
+import Amazonka.WAFV2.Types.XssMatchStatement
+import Amazonka.WAFV2.UntagResource
+import Amazonka.WAFV2.UpdateIPSet
+import Amazonka.WAFV2.UpdateManagedRuleSetVersionExpiryDate
+import Amazonka.WAFV2.UpdateRegexPatternSet
+import Amazonka.WAFV2.UpdateRuleGroup
+import Amazonka.WAFV2.UpdateWebACL
diff --git a/gen/Amazonka/WAFV2/ListAvailableManagedRuleGroupVersions.hs b/gen/Amazonka/WAFV2/ListAvailableManagedRuleGroupVersions.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/ListAvailableManagedRuleGroupVersions.hs
@@ -0,0 +1,356 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.ListAvailableManagedRuleGroupVersions
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Returns a list of the available versions for the specified managed rule
+-- group.
+module Amazonka.WAFV2.ListAvailableManagedRuleGroupVersions
+  ( -- * Creating a Request
+    ListAvailableManagedRuleGroupVersions (..),
+    newListAvailableManagedRuleGroupVersions,
+
+    -- * Request Lenses
+    listAvailableManagedRuleGroupVersions_limit,
+    listAvailableManagedRuleGroupVersions_nextMarker,
+    listAvailableManagedRuleGroupVersions_vendorName,
+    listAvailableManagedRuleGroupVersions_name,
+    listAvailableManagedRuleGroupVersions_scope,
+
+    -- * Destructuring the Response
+    ListAvailableManagedRuleGroupVersionsResponse (..),
+    newListAvailableManagedRuleGroupVersionsResponse,
+
+    -- * Response Lenses
+    listAvailableManagedRuleGroupVersionsResponse_currentDefaultVersion,
+    listAvailableManagedRuleGroupVersionsResponse_nextMarker,
+    listAvailableManagedRuleGroupVersionsResponse_versions,
+    listAvailableManagedRuleGroupVersionsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newListAvailableManagedRuleGroupVersions' smart constructor.
+data ListAvailableManagedRuleGroupVersions = ListAvailableManagedRuleGroupVersions'
+  { -- | The maximum number of objects that you want WAF to return for this
+    -- request. If more objects are available, in the response, WAF provides a
+    -- @NextMarker@ value that you can use in a subsequent call to get the next
+    -- batch of objects.
+    limit :: Prelude.Maybe Prelude.Natural,
+    -- | When you request a list of objects with a @Limit@ setting, if the number
+    -- of objects that are still available for retrieval exceeds the limit, WAF
+    -- returns a @NextMarker@ value in the response. To retrieve the next batch
+    -- of objects, provide the marker from the prior call in your next request.
+    nextMarker :: Prelude.Maybe Prelude.Text,
+    -- | The name of the managed rule group vendor. You use this, along with the
+    -- rule group name, to identify the rule group.
+    vendorName :: Prelude.Text,
+    -- | The name of the managed rule group. You use this, along with the vendor
+    -- name, to identify the rule group.
+    name :: Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAvailableManagedRuleGroupVersions' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'limit', 'listAvailableManagedRuleGroupVersions_limit' - The maximum number of objects that you want WAF to return for this
+-- request. If more objects are available, in the response, WAF provides a
+-- @NextMarker@ value that you can use in a subsequent call to get the next
+-- batch of objects.
+--
+-- 'nextMarker', 'listAvailableManagedRuleGroupVersions_nextMarker' - When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+--
+-- 'vendorName', 'listAvailableManagedRuleGroupVersions_vendorName' - The name of the managed rule group vendor. You use this, along with the
+-- rule group name, to identify the rule group.
+--
+-- 'name', 'listAvailableManagedRuleGroupVersions_name' - The name of the managed rule group. You use this, along with the vendor
+-- name, to identify the rule group.
+--
+-- 'scope', 'listAvailableManagedRuleGroupVersions_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+newListAvailableManagedRuleGroupVersions ::
+  -- | 'vendorName'
+  Prelude.Text ->
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'scope'
+  Scope ->
+  ListAvailableManagedRuleGroupVersions
+newListAvailableManagedRuleGroupVersions
+  pVendorName_
+  pName_
+  pScope_ =
+    ListAvailableManagedRuleGroupVersions'
+      { limit =
+          Prelude.Nothing,
+        nextMarker = Prelude.Nothing,
+        vendorName = pVendorName_,
+        name = pName_,
+        scope = pScope_
+      }
+
+-- | The maximum number of objects that you want WAF to return for this
+-- request. If more objects are available, in the response, WAF provides a
+-- @NextMarker@ value that you can use in a subsequent call to get the next
+-- batch of objects.
+listAvailableManagedRuleGroupVersions_limit :: Lens.Lens' ListAvailableManagedRuleGroupVersions (Prelude.Maybe Prelude.Natural)
+listAvailableManagedRuleGroupVersions_limit = Lens.lens (\ListAvailableManagedRuleGroupVersions' {limit} -> limit) (\s@ListAvailableManagedRuleGroupVersions' {} a -> s {limit = a} :: ListAvailableManagedRuleGroupVersions)
+
+-- | When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+listAvailableManagedRuleGroupVersions_nextMarker :: Lens.Lens' ListAvailableManagedRuleGroupVersions (Prelude.Maybe Prelude.Text)
+listAvailableManagedRuleGroupVersions_nextMarker = Lens.lens (\ListAvailableManagedRuleGroupVersions' {nextMarker} -> nextMarker) (\s@ListAvailableManagedRuleGroupVersions' {} a -> s {nextMarker = a} :: ListAvailableManagedRuleGroupVersions)
+
+-- | The name of the managed rule group vendor. You use this, along with the
+-- rule group name, to identify the rule group.
+listAvailableManagedRuleGroupVersions_vendorName :: Lens.Lens' ListAvailableManagedRuleGroupVersions Prelude.Text
+listAvailableManagedRuleGroupVersions_vendorName = Lens.lens (\ListAvailableManagedRuleGroupVersions' {vendorName} -> vendorName) (\s@ListAvailableManagedRuleGroupVersions' {} a -> s {vendorName = a} :: ListAvailableManagedRuleGroupVersions)
+
+-- | The name of the managed rule group. You use this, along with the vendor
+-- name, to identify the rule group.
+listAvailableManagedRuleGroupVersions_name :: Lens.Lens' ListAvailableManagedRuleGroupVersions Prelude.Text
+listAvailableManagedRuleGroupVersions_name = Lens.lens (\ListAvailableManagedRuleGroupVersions' {name} -> name) (\s@ListAvailableManagedRuleGroupVersions' {} a -> s {name = a} :: ListAvailableManagedRuleGroupVersions)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+listAvailableManagedRuleGroupVersions_scope :: Lens.Lens' ListAvailableManagedRuleGroupVersions Scope
+listAvailableManagedRuleGroupVersions_scope = Lens.lens (\ListAvailableManagedRuleGroupVersions' {scope} -> scope) (\s@ListAvailableManagedRuleGroupVersions' {} a -> s {scope = a} :: ListAvailableManagedRuleGroupVersions)
+
+instance
+  Core.AWSRequest
+    ListAvailableManagedRuleGroupVersions
+  where
+  type
+    AWSResponse
+      ListAvailableManagedRuleGroupVersions =
+      ListAvailableManagedRuleGroupVersionsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListAvailableManagedRuleGroupVersionsResponse'
+            Prelude.<$> (x Data..?> "CurrentDefaultVersion")
+            Prelude.<*> (x Data..?> "NextMarker")
+            Prelude.<*> (x Data..?> "Versions" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    ListAvailableManagedRuleGroupVersions
+  where
+  hashWithSalt
+    _salt
+    ListAvailableManagedRuleGroupVersions' {..} =
+      _salt
+        `Prelude.hashWithSalt` limit
+        `Prelude.hashWithSalt` nextMarker
+        `Prelude.hashWithSalt` vendorName
+        `Prelude.hashWithSalt` name
+        `Prelude.hashWithSalt` scope
+
+instance
+  Prelude.NFData
+    ListAvailableManagedRuleGroupVersions
+  where
+  rnf ListAvailableManagedRuleGroupVersions' {..} =
+    Prelude.rnf limit
+      `Prelude.seq` Prelude.rnf nextMarker
+      `Prelude.seq` Prelude.rnf vendorName
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf scope
+
+instance
+  Data.ToHeaders
+    ListAvailableManagedRuleGroupVersions
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.ListAvailableManagedRuleGroupVersions" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    ListAvailableManagedRuleGroupVersions
+  where
+  toJSON ListAvailableManagedRuleGroupVersions' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Limit" Data..=) Prelude.<$> limit,
+            ("NextMarker" Data..=) Prelude.<$> nextMarker,
+            Prelude.Just ("VendorName" Data..= vendorName),
+            Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Scope" Data..= scope)
+          ]
+      )
+
+instance
+  Data.ToPath
+    ListAvailableManagedRuleGroupVersions
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    ListAvailableManagedRuleGroupVersions
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListAvailableManagedRuleGroupVersionsResponse' smart constructor.
+data ListAvailableManagedRuleGroupVersionsResponse = ListAvailableManagedRuleGroupVersionsResponse'
+  { -- | The name of the version that\'s currently set as the default.
+    currentDefaultVersion :: Prelude.Maybe Prelude.Text,
+    -- | When you request a list of objects with a @Limit@ setting, if the number
+    -- of objects that are still available for retrieval exceeds the limit, WAF
+    -- returns a @NextMarker@ value in the response. To retrieve the next batch
+    -- of objects, provide the marker from the prior call in your next request.
+    nextMarker :: Prelude.Maybe Prelude.Text,
+    -- | The versions that are currently available for the specified managed rule
+    -- group.
+    versions :: Prelude.Maybe [ManagedRuleGroupVersion],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAvailableManagedRuleGroupVersionsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'currentDefaultVersion', 'listAvailableManagedRuleGroupVersionsResponse_currentDefaultVersion' - The name of the version that\'s currently set as the default.
+--
+-- 'nextMarker', 'listAvailableManagedRuleGroupVersionsResponse_nextMarker' - When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+--
+-- 'versions', 'listAvailableManagedRuleGroupVersionsResponse_versions' - The versions that are currently available for the specified managed rule
+-- group.
+--
+-- 'httpStatus', 'listAvailableManagedRuleGroupVersionsResponse_httpStatus' - The response's http status code.
+newListAvailableManagedRuleGroupVersionsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListAvailableManagedRuleGroupVersionsResponse
+newListAvailableManagedRuleGroupVersionsResponse
+  pHttpStatus_ =
+    ListAvailableManagedRuleGroupVersionsResponse'
+      { currentDefaultVersion =
+          Prelude.Nothing,
+        nextMarker = Prelude.Nothing,
+        versions = Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | The name of the version that\'s currently set as the default.
+listAvailableManagedRuleGroupVersionsResponse_currentDefaultVersion :: Lens.Lens' ListAvailableManagedRuleGroupVersionsResponse (Prelude.Maybe Prelude.Text)
+listAvailableManagedRuleGroupVersionsResponse_currentDefaultVersion = Lens.lens (\ListAvailableManagedRuleGroupVersionsResponse' {currentDefaultVersion} -> currentDefaultVersion) (\s@ListAvailableManagedRuleGroupVersionsResponse' {} a -> s {currentDefaultVersion = a} :: ListAvailableManagedRuleGroupVersionsResponse)
+
+-- | When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+listAvailableManagedRuleGroupVersionsResponse_nextMarker :: Lens.Lens' ListAvailableManagedRuleGroupVersionsResponse (Prelude.Maybe Prelude.Text)
+listAvailableManagedRuleGroupVersionsResponse_nextMarker = Lens.lens (\ListAvailableManagedRuleGroupVersionsResponse' {nextMarker} -> nextMarker) (\s@ListAvailableManagedRuleGroupVersionsResponse' {} a -> s {nextMarker = a} :: ListAvailableManagedRuleGroupVersionsResponse)
+
+-- | The versions that are currently available for the specified managed rule
+-- group.
+listAvailableManagedRuleGroupVersionsResponse_versions :: Lens.Lens' ListAvailableManagedRuleGroupVersionsResponse (Prelude.Maybe [ManagedRuleGroupVersion])
+listAvailableManagedRuleGroupVersionsResponse_versions = Lens.lens (\ListAvailableManagedRuleGroupVersionsResponse' {versions} -> versions) (\s@ListAvailableManagedRuleGroupVersionsResponse' {} a -> s {versions = a} :: ListAvailableManagedRuleGroupVersionsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listAvailableManagedRuleGroupVersionsResponse_httpStatus :: Lens.Lens' ListAvailableManagedRuleGroupVersionsResponse Prelude.Int
+listAvailableManagedRuleGroupVersionsResponse_httpStatus = Lens.lens (\ListAvailableManagedRuleGroupVersionsResponse' {httpStatus} -> httpStatus) (\s@ListAvailableManagedRuleGroupVersionsResponse' {} a -> s {httpStatus = a} :: ListAvailableManagedRuleGroupVersionsResponse)
+
+instance
+  Prelude.NFData
+    ListAvailableManagedRuleGroupVersionsResponse
+  where
+  rnf
+    ListAvailableManagedRuleGroupVersionsResponse' {..} =
+      Prelude.rnf currentDefaultVersion
+        `Prelude.seq` Prelude.rnf nextMarker
+        `Prelude.seq` Prelude.rnf versions
+        `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/ListAvailableManagedRuleGroups.hs b/gen/Amazonka/WAFV2/ListAvailableManagedRuleGroups.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/ListAvailableManagedRuleGroups.hs
@@ -0,0 +1,294 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.ListAvailableManagedRuleGroups
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves an array of managed rule groups that are available for you to
+-- use. This list includes all Amazon Web Services Managed Rules rule
+-- groups and all of the Amazon Web Services Marketplace managed rule
+-- groups that you\'re subscribed to.
+module Amazonka.WAFV2.ListAvailableManagedRuleGroups
+  ( -- * Creating a Request
+    ListAvailableManagedRuleGroups (..),
+    newListAvailableManagedRuleGroups,
+
+    -- * Request Lenses
+    listAvailableManagedRuleGroups_limit,
+    listAvailableManagedRuleGroups_nextMarker,
+    listAvailableManagedRuleGroups_scope,
+
+    -- * Destructuring the Response
+    ListAvailableManagedRuleGroupsResponse (..),
+    newListAvailableManagedRuleGroupsResponse,
+
+    -- * Response Lenses
+    listAvailableManagedRuleGroupsResponse_managedRuleGroups,
+    listAvailableManagedRuleGroupsResponse_nextMarker,
+    listAvailableManagedRuleGroupsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newListAvailableManagedRuleGroups' smart constructor.
+data ListAvailableManagedRuleGroups = ListAvailableManagedRuleGroups'
+  { -- | The maximum number of objects that you want WAF to return for this
+    -- request. If more objects are available, in the response, WAF provides a
+    -- @NextMarker@ value that you can use in a subsequent call to get the next
+    -- batch of objects.
+    limit :: Prelude.Maybe Prelude.Natural,
+    -- | When you request a list of objects with a @Limit@ setting, if the number
+    -- of objects that are still available for retrieval exceeds the limit, WAF
+    -- returns a @NextMarker@ value in the response. To retrieve the next batch
+    -- of objects, provide the marker from the prior call in your next request.
+    nextMarker :: Prelude.Maybe Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAvailableManagedRuleGroups' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'limit', 'listAvailableManagedRuleGroups_limit' - The maximum number of objects that you want WAF to return for this
+-- request. If more objects are available, in the response, WAF provides a
+-- @NextMarker@ value that you can use in a subsequent call to get the next
+-- batch of objects.
+--
+-- 'nextMarker', 'listAvailableManagedRuleGroups_nextMarker' - When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+--
+-- 'scope', 'listAvailableManagedRuleGroups_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+newListAvailableManagedRuleGroups ::
+  -- | 'scope'
+  Scope ->
+  ListAvailableManagedRuleGroups
+newListAvailableManagedRuleGroups pScope_ =
+  ListAvailableManagedRuleGroups'
+    { limit =
+        Prelude.Nothing,
+      nextMarker = Prelude.Nothing,
+      scope = pScope_
+    }
+
+-- | The maximum number of objects that you want WAF to return for this
+-- request. If more objects are available, in the response, WAF provides a
+-- @NextMarker@ value that you can use in a subsequent call to get the next
+-- batch of objects.
+listAvailableManagedRuleGroups_limit :: Lens.Lens' ListAvailableManagedRuleGroups (Prelude.Maybe Prelude.Natural)
+listAvailableManagedRuleGroups_limit = Lens.lens (\ListAvailableManagedRuleGroups' {limit} -> limit) (\s@ListAvailableManagedRuleGroups' {} a -> s {limit = a} :: ListAvailableManagedRuleGroups)
+
+-- | When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+listAvailableManagedRuleGroups_nextMarker :: Lens.Lens' ListAvailableManagedRuleGroups (Prelude.Maybe Prelude.Text)
+listAvailableManagedRuleGroups_nextMarker = Lens.lens (\ListAvailableManagedRuleGroups' {nextMarker} -> nextMarker) (\s@ListAvailableManagedRuleGroups' {} a -> s {nextMarker = a} :: ListAvailableManagedRuleGroups)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+listAvailableManagedRuleGroups_scope :: Lens.Lens' ListAvailableManagedRuleGroups Scope
+listAvailableManagedRuleGroups_scope = Lens.lens (\ListAvailableManagedRuleGroups' {scope} -> scope) (\s@ListAvailableManagedRuleGroups' {} a -> s {scope = a} :: ListAvailableManagedRuleGroups)
+
+instance
+  Core.AWSRequest
+    ListAvailableManagedRuleGroups
+  where
+  type
+    AWSResponse ListAvailableManagedRuleGroups =
+      ListAvailableManagedRuleGroupsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListAvailableManagedRuleGroupsResponse'
+            Prelude.<$> ( x
+                            Data..?> "ManagedRuleGroups"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (x Data..?> "NextMarker")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    ListAvailableManagedRuleGroups
+  where
+  hashWithSalt
+    _salt
+    ListAvailableManagedRuleGroups' {..} =
+      _salt
+        `Prelude.hashWithSalt` limit
+        `Prelude.hashWithSalt` nextMarker
+        `Prelude.hashWithSalt` scope
+
+instance
+  Prelude.NFData
+    ListAvailableManagedRuleGroups
+  where
+  rnf ListAvailableManagedRuleGroups' {..} =
+    Prelude.rnf limit
+      `Prelude.seq` Prelude.rnf nextMarker
+      `Prelude.seq` Prelude.rnf scope
+
+instance
+  Data.ToHeaders
+    ListAvailableManagedRuleGroups
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.ListAvailableManagedRuleGroups" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListAvailableManagedRuleGroups where
+  toJSON ListAvailableManagedRuleGroups' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Limit" Data..=) Prelude.<$> limit,
+            ("NextMarker" Data..=) Prelude.<$> nextMarker,
+            Prelude.Just ("Scope" Data..= scope)
+          ]
+      )
+
+instance Data.ToPath ListAvailableManagedRuleGroups where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListAvailableManagedRuleGroups where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListAvailableManagedRuleGroupsResponse' smart constructor.
+data ListAvailableManagedRuleGroupsResponse = ListAvailableManagedRuleGroupsResponse'
+  { managedRuleGroups :: Prelude.Maybe [ManagedRuleGroupSummary],
+    -- | When you request a list of objects with a @Limit@ setting, if the number
+    -- of objects that are still available for retrieval exceeds the limit, WAF
+    -- returns a @NextMarker@ value in the response. To retrieve the next batch
+    -- of objects, provide the marker from the prior call in your next request.
+    nextMarker :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListAvailableManagedRuleGroupsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'managedRuleGroups', 'listAvailableManagedRuleGroupsResponse_managedRuleGroups' -
+--
+-- 'nextMarker', 'listAvailableManagedRuleGroupsResponse_nextMarker' - When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+--
+-- 'httpStatus', 'listAvailableManagedRuleGroupsResponse_httpStatus' - The response's http status code.
+newListAvailableManagedRuleGroupsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListAvailableManagedRuleGroupsResponse
+newListAvailableManagedRuleGroupsResponse
+  pHttpStatus_ =
+    ListAvailableManagedRuleGroupsResponse'
+      { managedRuleGroups =
+          Prelude.Nothing,
+        nextMarker = Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+listAvailableManagedRuleGroupsResponse_managedRuleGroups :: Lens.Lens' ListAvailableManagedRuleGroupsResponse (Prelude.Maybe [ManagedRuleGroupSummary])
+listAvailableManagedRuleGroupsResponse_managedRuleGroups = Lens.lens (\ListAvailableManagedRuleGroupsResponse' {managedRuleGroups} -> managedRuleGroups) (\s@ListAvailableManagedRuleGroupsResponse' {} a -> s {managedRuleGroups = a} :: ListAvailableManagedRuleGroupsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+listAvailableManagedRuleGroupsResponse_nextMarker :: Lens.Lens' ListAvailableManagedRuleGroupsResponse (Prelude.Maybe Prelude.Text)
+listAvailableManagedRuleGroupsResponse_nextMarker = Lens.lens (\ListAvailableManagedRuleGroupsResponse' {nextMarker} -> nextMarker) (\s@ListAvailableManagedRuleGroupsResponse' {} a -> s {nextMarker = a} :: ListAvailableManagedRuleGroupsResponse)
+
+-- | The response's http status code.
+listAvailableManagedRuleGroupsResponse_httpStatus :: Lens.Lens' ListAvailableManagedRuleGroupsResponse Prelude.Int
+listAvailableManagedRuleGroupsResponse_httpStatus = Lens.lens (\ListAvailableManagedRuleGroupsResponse' {httpStatus} -> httpStatus) (\s@ListAvailableManagedRuleGroupsResponse' {} a -> s {httpStatus = a} :: ListAvailableManagedRuleGroupsResponse)
+
+instance
+  Prelude.NFData
+    ListAvailableManagedRuleGroupsResponse
+  where
+  rnf ListAvailableManagedRuleGroupsResponse' {..} =
+    Prelude.rnf managedRuleGroups
+      `Prelude.seq` Prelude.rnf nextMarker
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/ListIPSets.hs b/gen/Amazonka/WAFV2/ListIPSets.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/ListIPSets.hs
@@ -0,0 +1,270 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.ListIPSets
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves an array of IPSetSummary objects for the IP sets that you
+-- manage.
+module Amazonka.WAFV2.ListIPSets
+  ( -- * Creating a Request
+    ListIPSets (..),
+    newListIPSets,
+
+    -- * Request Lenses
+    listIPSets_limit,
+    listIPSets_nextMarker,
+    listIPSets_scope,
+
+    -- * Destructuring the Response
+    ListIPSetsResponse (..),
+    newListIPSetsResponse,
+
+    -- * Response Lenses
+    listIPSetsResponse_iPSets,
+    listIPSetsResponse_nextMarker,
+    listIPSetsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newListIPSets' smart constructor.
+data ListIPSets = ListIPSets'
+  { -- | The maximum number of objects that you want WAF to return for this
+    -- request. If more objects are available, in the response, WAF provides a
+    -- @NextMarker@ value that you can use in a subsequent call to get the next
+    -- batch of objects.
+    limit :: Prelude.Maybe Prelude.Natural,
+    -- | When you request a list of objects with a @Limit@ setting, if the number
+    -- of objects that are still available for retrieval exceeds the limit, WAF
+    -- returns a @NextMarker@ value in the response. To retrieve the next batch
+    -- of objects, provide the marker from the prior call in your next request.
+    nextMarker :: Prelude.Maybe Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListIPSets' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'limit', 'listIPSets_limit' - The maximum number of objects that you want WAF to return for this
+-- request. If more objects are available, in the response, WAF provides a
+-- @NextMarker@ value that you can use in a subsequent call to get the next
+-- batch of objects.
+--
+-- 'nextMarker', 'listIPSets_nextMarker' - When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+--
+-- 'scope', 'listIPSets_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+newListIPSets ::
+  -- | 'scope'
+  Scope ->
+  ListIPSets
+newListIPSets pScope_ =
+  ListIPSets'
+    { limit = Prelude.Nothing,
+      nextMarker = Prelude.Nothing,
+      scope = pScope_
+    }
+
+-- | The maximum number of objects that you want WAF to return for this
+-- request. If more objects are available, in the response, WAF provides a
+-- @NextMarker@ value that you can use in a subsequent call to get the next
+-- batch of objects.
+listIPSets_limit :: Lens.Lens' ListIPSets (Prelude.Maybe Prelude.Natural)
+listIPSets_limit = Lens.lens (\ListIPSets' {limit} -> limit) (\s@ListIPSets' {} a -> s {limit = a} :: ListIPSets)
+
+-- | When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+listIPSets_nextMarker :: Lens.Lens' ListIPSets (Prelude.Maybe Prelude.Text)
+listIPSets_nextMarker = Lens.lens (\ListIPSets' {nextMarker} -> nextMarker) (\s@ListIPSets' {} a -> s {nextMarker = a} :: ListIPSets)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+listIPSets_scope :: Lens.Lens' ListIPSets Scope
+listIPSets_scope = Lens.lens (\ListIPSets' {scope} -> scope) (\s@ListIPSets' {} a -> s {scope = a} :: ListIPSets)
+
+instance Core.AWSRequest ListIPSets where
+  type AWSResponse ListIPSets = ListIPSetsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListIPSetsResponse'
+            Prelude.<$> (x Data..?> "IPSets" Core..!@ Prelude.mempty)
+            Prelude.<*> (x Data..?> "NextMarker")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListIPSets where
+  hashWithSalt _salt ListIPSets' {..} =
+    _salt
+      `Prelude.hashWithSalt` limit
+      `Prelude.hashWithSalt` nextMarker
+      `Prelude.hashWithSalt` scope
+
+instance Prelude.NFData ListIPSets where
+  rnf ListIPSets' {..} =
+    Prelude.rnf limit
+      `Prelude.seq` Prelude.rnf nextMarker
+      `Prelude.seq` Prelude.rnf scope
+
+instance Data.ToHeaders ListIPSets where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ("AWSWAF_20190729.ListIPSets" :: Prelude.ByteString),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListIPSets where
+  toJSON ListIPSets' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Limit" Data..=) Prelude.<$> limit,
+            ("NextMarker" Data..=) Prelude.<$> nextMarker,
+            Prelude.Just ("Scope" Data..= scope)
+          ]
+      )
+
+instance Data.ToPath ListIPSets where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListIPSets where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListIPSetsResponse' smart constructor.
+data ListIPSetsResponse = ListIPSetsResponse'
+  { -- | Array of IPSets. This may not be the full list of IPSets that you have
+    -- defined. See the @Limit@ specification for this request.
+    iPSets :: Prelude.Maybe [IPSetSummary],
+    -- | When you request a list of objects with a @Limit@ setting, if the number
+    -- of objects that are still available for retrieval exceeds the limit, WAF
+    -- returns a @NextMarker@ value in the response. To retrieve the next batch
+    -- of objects, provide the marker from the prior call in your next request.
+    nextMarker :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListIPSetsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'iPSets', 'listIPSetsResponse_iPSets' - Array of IPSets. This may not be the full list of IPSets that you have
+-- defined. See the @Limit@ specification for this request.
+--
+-- 'nextMarker', 'listIPSetsResponse_nextMarker' - When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+--
+-- 'httpStatus', 'listIPSetsResponse_httpStatus' - The response's http status code.
+newListIPSetsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListIPSetsResponse
+newListIPSetsResponse pHttpStatus_ =
+  ListIPSetsResponse'
+    { iPSets = Prelude.Nothing,
+      nextMarker = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Array of IPSets. This may not be the full list of IPSets that you have
+-- defined. See the @Limit@ specification for this request.
+listIPSetsResponse_iPSets :: Lens.Lens' ListIPSetsResponse (Prelude.Maybe [IPSetSummary])
+listIPSetsResponse_iPSets = Lens.lens (\ListIPSetsResponse' {iPSets} -> iPSets) (\s@ListIPSetsResponse' {} a -> s {iPSets = a} :: ListIPSetsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+listIPSetsResponse_nextMarker :: Lens.Lens' ListIPSetsResponse (Prelude.Maybe Prelude.Text)
+listIPSetsResponse_nextMarker = Lens.lens (\ListIPSetsResponse' {nextMarker} -> nextMarker) (\s@ListIPSetsResponse' {} a -> s {nextMarker = a} :: ListIPSetsResponse)
+
+-- | The response's http status code.
+listIPSetsResponse_httpStatus :: Lens.Lens' ListIPSetsResponse Prelude.Int
+listIPSetsResponse_httpStatus = Lens.lens (\ListIPSetsResponse' {httpStatus} -> httpStatus) (\s@ListIPSetsResponse' {} a -> s {httpStatus = a} :: ListIPSetsResponse)
+
+instance Prelude.NFData ListIPSetsResponse where
+  rnf ListIPSetsResponse' {..} =
+    Prelude.rnf iPSets
+      `Prelude.seq` Prelude.rnf nextMarker
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/ListLoggingConfigurations.hs b/gen/Amazonka/WAFV2/ListLoggingConfigurations.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/ListLoggingConfigurations.hs
@@ -0,0 +1,275 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.ListLoggingConfigurations
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves an array of your LoggingConfiguration objects.
+module Amazonka.WAFV2.ListLoggingConfigurations
+  ( -- * Creating a Request
+    ListLoggingConfigurations (..),
+    newListLoggingConfigurations,
+
+    -- * Request Lenses
+    listLoggingConfigurations_limit,
+    listLoggingConfigurations_nextMarker,
+    listLoggingConfigurations_scope,
+
+    -- * Destructuring the Response
+    ListLoggingConfigurationsResponse (..),
+    newListLoggingConfigurationsResponse,
+
+    -- * Response Lenses
+    listLoggingConfigurationsResponse_loggingConfigurations,
+    listLoggingConfigurationsResponse_nextMarker,
+    listLoggingConfigurationsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newListLoggingConfigurations' smart constructor.
+data ListLoggingConfigurations = ListLoggingConfigurations'
+  { -- | The maximum number of objects that you want WAF to return for this
+    -- request. If more objects are available, in the response, WAF provides a
+    -- @NextMarker@ value that you can use in a subsequent call to get the next
+    -- batch of objects.
+    limit :: Prelude.Maybe Prelude.Natural,
+    -- | When you request a list of objects with a @Limit@ setting, if the number
+    -- of objects that are still available for retrieval exceeds the limit, WAF
+    -- returns a @NextMarker@ value in the response. To retrieve the next batch
+    -- of objects, provide the marker from the prior call in your next request.
+    nextMarker :: Prelude.Maybe Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListLoggingConfigurations' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'limit', 'listLoggingConfigurations_limit' - The maximum number of objects that you want WAF to return for this
+-- request. If more objects are available, in the response, WAF provides a
+-- @NextMarker@ value that you can use in a subsequent call to get the next
+-- batch of objects.
+--
+-- 'nextMarker', 'listLoggingConfigurations_nextMarker' - When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+--
+-- 'scope', 'listLoggingConfigurations_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+newListLoggingConfigurations ::
+  -- | 'scope'
+  Scope ->
+  ListLoggingConfigurations
+newListLoggingConfigurations pScope_ =
+  ListLoggingConfigurations'
+    { limit = Prelude.Nothing,
+      nextMarker = Prelude.Nothing,
+      scope = pScope_
+    }
+
+-- | The maximum number of objects that you want WAF to return for this
+-- request. If more objects are available, in the response, WAF provides a
+-- @NextMarker@ value that you can use in a subsequent call to get the next
+-- batch of objects.
+listLoggingConfigurations_limit :: Lens.Lens' ListLoggingConfigurations (Prelude.Maybe Prelude.Natural)
+listLoggingConfigurations_limit = Lens.lens (\ListLoggingConfigurations' {limit} -> limit) (\s@ListLoggingConfigurations' {} a -> s {limit = a} :: ListLoggingConfigurations)
+
+-- | When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+listLoggingConfigurations_nextMarker :: Lens.Lens' ListLoggingConfigurations (Prelude.Maybe Prelude.Text)
+listLoggingConfigurations_nextMarker = Lens.lens (\ListLoggingConfigurations' {nextMarker} -> nextMarker) (\s@ListLoggingConfigurations' {} a -> s {nextMarker = a} :: ListLoggingConfigurations)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+listLoggingConfigurations_scope :: Lens.Lens' ListLoggingConfigurations Scope
+listLoggingConfigurations_scope = Lens.lens (\ListLoggingConfigurations' {scope} -> scope) (\s@ListLoggingConfigurations' {} a -> s {scope = a} :: ListLoggingConfigurations)
+
+instance Core.AWSRequest ListLoggingConfigurations where
+  type
+    AWSResponse ListLoggingConfigurations =
+      ListLoggingConfigurationsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListLoggingConfigurationsResponse'
+            Prelude.<$> ( x
+                            Data..?> "LoggingConfigurations"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (x Data..?> "NextMarker")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListLoggingConfigurations where
+  hashWithSalt _salt ListLoggingConfigurations' {..} =
+    _salt
+      `Prelude.hashWithSalt` limit
+      `Prelude.hashWithSalt` nextMarker
+      `Prelude.hashWithSalt` scope
+
+instance Prelude.NFData ListLoggingConfigurations where
+  rnf ListLoggingConfigurations' {..} =
+    Prelude.rnf limit
+      `Prelude.seq` Prelude.rnf nextMarker
+      `Prelude.seq` Prelude.rnf scope
+
+instance Data.ToHeaders ListLoggingConfigurations where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.ListLoggingConfigurations" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListLoggingConfigurations where
+  toJSON ListLoggingConfigurations' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Limit" Data..=) Prelude.<$> limit,
+            ("NextMarker" Data..=) Prelude.<$> nextMarker,
+            Prelude.Just ("Scope" Data..= scope)
+          ]
+      )
+
+instance Data.ToPath ListLoggingConfigurations where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListLoggingConfigurations where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListLoggingConfigurationsResponse' smart constructor.
+data ListLoggingConfigurationsResponse = ListLoggingConfigurationsResponse'
+  { loggingConfigurations :: Prelude.Maybe [LoggingConfiguration],
+    -- | When you request a list of objects with a @Limit@ setting, if the number
+    -- of objects that are still available for retrieval exceeds the limit, WAF
+    -- returns a @NextMarker@ value in the response. To retrieve the next batch
+    -- of objects, provide the marker from the prior call in your next request.
+    nextMarker :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListLoggingConfigurationsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'loggingConfigurations', 'listLoggingConfigurationsResponse_loggingConfigurations' -
+--
+-- 'nextMarker', 'listLoggingConfigurationsResponse_nextMarker' - When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+--
+-- 'httpStatus', 'listLoggingConfigurationsResponse_httpStatus' - The response's http status code.
+newListLoggingConfigurationsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListLoggingConfigurationsResponse
+newListLoggingConfigurationsResponse pHttpStatus_ =
+  ListLoggingConfigurationsResponse'
+    { loggingConfigurations =
+        Prelude.Nothing,
+      nextMarker = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+listLoggingConfigurationsResponse_loggingConfigurations :: Lens.Lens' ListLoggingConfigurationsResponse (Prelude.Maybe [LoggingConfiguration])
+listLoggingConfigurationsResponse_loggingConfigurations = Lens.lens (\ListLoggingConfigurationsResponse' {loggingConfigurations} -> loggingConfigurations) (\s@ListLoggingConfigurationsResponse' {} a -> s {loggingConfigurations = a} :: ListLoggingConfigurationsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+listLoggingConfigurationsResponse_nextMarker :: Lens.Lens' ListLoggingConfigurationsResponse (Prelude.Maybe Prelude.Text)
+listLoggingConfigurationsResponse_nextMarker = Lens.lens (\ListLoggingConfigurationsResponse' {nextMarker} -> nextMarker) (\s@ListLoggingConfigurationsResponse' {} a -> s {nextMarker = a} :: ListLoggingConfigurationsResponse)
+
+-- | The response's http status code.
+listLoggingConfigurationsResponse_httpStatus :: Lens.Lens' ListLoggingConfigurationsResponse Prelude.Int
+listLoggingConfigurationsResponse_httpStatus = Lens.lens (\ListLoggingConfigurationsResponse' {httpStatus} -> httpStatus) (\s@ListLoggingConfigurationsResponse' {} a -> s {httpStatus = a} :: ListLoggingConfigurationsResponse)
+
+instance
+  Prelude.NFData
+    ListLoggingConfigurationsResponse
+  where
+  rnf ListLoggingConfigurationsResponse' {..} =
+    Prelude.rnf loggingConfigurations
+      `Prelude.seq` Prelude.rnf nextMarker
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/ListManagedRuleSets.hs b/gen/Amazonka/WAFV2/ListManagedRuleSets.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/ListManagedRuleSets.hs
@@ -0,0 +1,283 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.ListManagedRuleSets
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the managed rule sets that you own.
+--
+-- This is intended for use only by vendors of managed rule sets. Vendors
+-- are Amazon Web Services and Amazon Web Services Marketplace sellers.
+--
+-- Vendors, you can use the managed rule set APIs to provide controlled
+-- rollout of your versioned managed rule group offerings for your
+-- customers. The APIs are @ListManagedRuleSets@, @GetManagedRuleSet@,
+-- @PutManagedRuleSetVersions@, and
+-- @UpdateManagedRuleSetVersionExpiryDate@.
+module Amazonka.WAFV2.ListManagedRuleSets
+  ( -- * Creating a Request
+    ListManagedRuleSets (..),
+    newListManagedRuleSets,
+
+    -- * Request Lenses
+    listManagedRuleSets_limit,
+    listManagedRuleSets_nextMarker,
+    listManagedRuleSets_scope,
+
+    -- * Destructuring the Response
+    ListManagedRuleSetsResponse (..),
+    newListManagedRuleSetsResponse,
+
+    -- * Response Lenses
+    listManagedRuleSetsResponse_managedRuleSets,
+    listManagedRuleSetsResponse_nextMarker,
+    listManagedRuleSetsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newListManagedRuleSets' smart constructor.
+data ListManagedRuleSets = ListManagedRuleSets'
+  { -- | The maximum number of objects that you want WAF to return for this
+    -- request. If more objects are available, in the response, WAF provides a
+    -- @NextMarker@ value that you can use in a subsequent call to get the next
+    -- batch of objects.
+    limit :: Prelude.Maybe Prelude.Natural,
+    -- | When you request a list of objects with a @Limit@ setting, if the number
+    -- of objects that are still available for retrieval exceeds the limit, WAF
+    -- returns a @NextMarker@ value in the response. To retrieve the next batch
+    -- of objects, provide the marker from the prior call in your next request.
+    nextMarker :: Prelude.Maybe Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListManagedRuleSets' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'limit', 'listManagedRuleSets_limit' - The maximum number of objects that you want WAF to return for this
+-- request. If more objects are available, in the response, WAF provides a
+-- @NextMarker@ value that you can use in a subsequent call to get the next
+-- batch of objects.
+--
+-- 'nextMarker', 'listManagedRuleSets_nextMarker' - When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+--
+-- 'scope', 'listManagedRuleSets_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+newListManagedRuleSets ::
+  -- | 'scope'
+  Scope ->
+  ListManagedRuleSets
+newListManagedRuleSets pScope_ =
+  ListManagedRuleSets'
+    { limit = Prelude.Nothing,
+      nextMarker = Prelude.Nothing,
+      scope = pScope_
+    }
+
+-- | The maximum number of objects that you want WAF to return for this
+-- request. If more objects are available, in the response, WAF provides a
+-- @NextMarker@ value that you can use in a subsequent call to get the next
+-- batch of objects.
+listManagedRuleSets_limit :: Lens.Lens' ListManagedRuleSets (Prelude.Maybe Prelude.Natural)
+listManagedRuleSets_limit = Lens.lens (\ListManagedRuleSets' {limit} -> limit) (\s@ListManagedRuleSets' {} a -> s {limit = a} :: ListManagedRuleSets)
+
+-- | When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+listManagedRuleSets_nextMarker :: Lens.Lens' ListManagedRuleSets (Prelude.Maybe Prelude.Text)
+listManagedRuleSets_nextMarker = Lens.lens (\ListManagedRuleSets' {nextMarker} -> nextMarker) (\s@ListManagedRuleSets' {} a -> s {nextMarker = a} :: ListManagedRuleSets)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+listManagedRuleSets_scope :: Lens.Lens' ListManagedRuleSets Scope
+listManagedRuleSets_scope = Lens.lens (\ListManagedRuleSets' {scope} -> scope) (\s@ListManagedRuleSets' {} a -> s {scope = a} :: ListManagedRuleSets)
+
+instance Core.AWSRequest ListManagedRuleSets where
+  type
+    AWSResponse ListManagedRuleSets =
+      ListManagedRuleSetsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListManagedRuleSetsResponse'
+            Prelude.<$> ( x
+                            Data..?> "ManagedRuleSets"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (x Data..?> "NextMarker")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListManagedRuleSets where
+  hashWithSalt _salt ListManagedRuleSets' {..} =
+    _salt
+      `Prelude.hashWithSalt` limit
+      `Prelude.hashWithSalt` nextMarker
+      `Prelude.hashWithSalt` scope
+
+instance Prelude.NFData ListManagedRuleSets where
+  rnf ListManagedRuleSets' {..} =
+    Prelude.rnf limit
+      `Prelude.seq` Prelude.rnf nextMarker
+      `Prelude.seq` Prelude.rnf scope
+
+instance Data.ToHeaders ListManagedRuleSets where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.ListManagedRuleSets" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListManagedRuleSets where
+  toJSON ListManagedRuleSets' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Limit" Data..=) Prelude.<$> limit,
+            ("NextMarker" Data..=) Prelude.<$> nextMarker,
+            Prelude.Just ("Scope" Data..= scope)
+          ]
+      )
+
+instance Data.ToPath ListManagedRuleSets where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListManagedRuleSets where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListManagedRuleSetsResponse' smart constructor.
+data ListManagedRuleSetsResponse = ListManagedRuleSetsResponse'
+  { -- | Your managed rule sets.
+    managedRuleSets :: Prelude.Maybe [ManagedRuleSetSummary],
+    -- | When you request a list of objects with a @Limit@ setting, if the number
+    -- of objects that are still available for retrieval exceeds the limit, WAF
+    -- returns a @NextMarker@ value in the response. To retrieve the next batch
+    -- of objects, provide the marker from the prior call in your next request.
+    nextMarker :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListManagedRuleSetsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'managedRuleSets', 'listManagedRuleSetsResponse_managedRuleSets' - Your managed rule sets.
+--
+-- 'nextMarker', 'listManagedRuleSetsResponse_nextMarker' - When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+--
+-- 'httpStatus', 'listManagedRuleSetsResponse_httpStatus' - The response's http status code.
+newListManagedRuleSetsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListManagedRuleSetsResponse
+newListManagedRuleSetsResponse pHttpStatus_ =
+  ListManagedRuleSetsResponse'
+    { managedRuleSets =
+        Prelude.Nothing,
+      nextMarker = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | Your managed rule sets.
+listManagedRuleSetsResponse_managedRuleSets :: Lens.Lens' ListManagedRuleSetsResponse (Prelude.Maybe [ManagedRuleSetSummary])
+listManagedRuleSetsResponse_managedRuleSets = Lens.lens (\ListManagedRuleSetsResponse' {managedRuleSets} -> managedRuleSets) (\s@ListManagedRuleSetsResponse' {} a -> s {managedRuleSets = a} :: ListManagedRuleSetsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+listManagedRuleSetsResponse_nextMarker :: Lens.Lens' ListManagedRuleSetsResponse (Prelude.Maybe Prelude.Text)
+listManagedRuleSetsResponse_nextMarker = Lens.lens (\ListManagedRuleSetsResponse' {nextMarker} -> nextMarker) (\s@ListManagedRuleSetsResponse' {} a -> s {nextMarker = a} :: ListManagedRuleSetsResponse)
+
+-- | The response's http status code.
+listManagedRuleSetsResponse_httpStatus :: Lens.Lens' ListManagedRuleSetsResponse Prelude.Int
+listManagedRuleSetsResponse_httpStatus = Lens.lens (\ListManagedRuleSetsResponse' {httpStatus} -> httpStatus) (\s@ListManagedRuleSetsResponse' {} a -> s {httpStatus = a} :: ListManagedRuleSetsResponse)
+
+instance Prelude.NFData ListManagedRuleSetsResponse where
+  rnf ListManagedRuleSetsResponse' {..} =
+    Prelude.rnf managedRuleSets
+      `Prelude.seq` Prelude.rnf nextMarker
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/ListMobileSdkReleases.hs b/gen/Amazonka/WAFV2/ListMobileSdkReleases.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/ListMobileSdkReleases.hs
@@ -0,0 +1,248 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.ListMobileSdkReleases
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves a list of the available releases for the mobile SDK and the
+-- specified device platform.
+--
+-- The mobile SDK is not generally available. Customers who have access to
+-- the mobile SDK can use it to establish and manage WAF tokens for use in
+-- HTTP(S) requests from a mobile device to WAF. For more information, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html WAF client application integration>
+-- in the /WAF Developer Guide/.
+module Amazonka.WAFV2.ListMobileSdkReleases
+  ( -- * Creating a Request
+    ListMobileSdkReleases (..),
+    newListMobileSdkReleases,
+
+    -- * Request Lenses
+    listMobileSdkReleases_limit,
+    listMobileSdkReleases_nextMarker,
+    listMobileSdkReleases_platform,
+
+    -- * Destructuring the Response
+    ListMobileSdkReleasesResponse (..),
+    newListMobileSdkReleasesResponse,
+
+    -- * Response Lenses
+    listMobileSdkReleasesResponse_nextMarker,
+    listMobileSdkReleasesResponse_releaseSummaries,
+    listMobileSdkReleasesResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newListMobileSdkReleases' smart constructor.
+data ListMobileSdkReleases = ListMobileSdkReleases'
+  { -- | The maximum number of objects that you want WAF to return for this
+    -- request. If more objects are available, in the response, WAF provides a
+    -- @NextMarker@ value that you can use in a subsequent call to get the next
+    -- batch of objects.
+    limit :: Prelude.Maybe Prelude.Natural,
+    -- | When you request a list of objects with a @Limit@ setting, if the number
+    -- of objects that are still available for retrieval exceeds the limit, WAF
+    -- returns a @NextMarker@ value in the response. To retrieve the next batch
+    -- of objects, provide the marker from the prior call in your next request.
+    nextMarker :: Prelude.Maybe Prelude.Text,
+    -- | The device platform to retrieve the list for.
+    platform :: Platform
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListMobileSdkReleases' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'limit', 'listMobileSdkReleases_limit' - The maximum number of objects that you want WAF to return for this
+-- request. If more objects are available, in the response, WAF provides a
+-- @NextMarker@ value that you can use in a subsequent call to get the next
+-- batch of objects.
+--
+-- 'nextMarker', 'listMobileSdkReleases_nextMarker' - When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+--
+-- 'platform', 'listMobileSdkReleases_platform' - The device platform to retrieve the list for.
+newListMobileSdkReleases ::
+  -- | 'platform'
+  Platform ->
+  ListMobileSdkReleases
+newListMobileSdkReleases pPlatform_ =
+  ListMobileSdkReleases'
+    { limit = Prelude.Nothing,
+      nextMarker = Prelude.Nothing,
+      platform = pPlatform_
+    }
+
+-- | The maximum number of objects that you want WAF to return for this
+-- request. If more objects are available, in the response, WAF provides a
+-- @NextMarker@ value that you can use in a subsequent call to get the next
+-- batch of objects.
+listMobileSdkReleases_limit :: Lens.Lens' ListMobileSdkReleases (Prelude.Maybe Prelude.Natural)
+listMobileSdkReleases_limit = Lens.lens (\ListMobileSdkReleases' {limit} -> limit) (\s@ListMobileSdkReleases' {} a -> s {limit = a} :: ListMobileSdkReleases)
+
+-- | When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+listMobileSdkReleases_nextMarker :: Lens.Lens' ListMobileSdkReleases (Prelude.Maybe Prelude.Text)
+listMobileSdkReleases_nextMarker = Lens.lens (\ListMobileSdkReleases' {nextMarker} -> nextMarker) (\s@ListMobileSdkReleases' {} a -> s {nextMarker = a} :: ListMobileSdkReleases)
+
+-- | The device platform to retrieve the list for.
+listMobileSdkReleases_platform :: Lens.Lens' ListMobileSdkReleases Platform
+listMobileSdkReleases_platform = Lens.lens (\ListMobileSdkReleases' {platform} -> platform) (\s@ListMobileSdkReleases' {} a -> s {platform = a} :: ListMobileSdkReleases)
+
+instance Core.AWSRequest ListMobileSdkReleases where
+  type
+    AWSResponse ListMobileSdkReleases =
+      ListMobileSdkReleasesResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListMobileSdkReleasesResponse'
+            Prelude.<$> (x Data..?> "NextMarker")
+            Prelude.<*> ( x
+                            Data..?> "ReleaseSummaries"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListMobileSdkReleases where
+  hashWithSalt _salt ListMobileSdkReleases' {..} =
+    _salt
+      `Prelude.hashWithSalt` limit
+      `Prelude.hashWithSalt` nextMarker
+      `Prelude.hashWithSalt` platform
+
+instance Prelude.NFData ListMobileSdkReleases where
+  rnf ListMobileSdkReleases' {..} =
+    Prelude.rnf limit
+      `Prelude.seq` Prelude.rnf nextMarker
+      `Prelude.seq` Prelude.rnf platform
+
+instance Data.ToHeaders ListMobileSdkReleases where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.ListMobileSdkReleases" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListMobileSdkReleases where
+  toJSON ListMobileSdkReleases' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Limit" Data..=) Prelude.<$> limit,
+            ("NextMarker" Data..=) Prelude.<$> nextMarker,
+            Prelude.Just ("Platform" Data..= platform)
+          ]
+      )
+
+instance Data.ToPath ListMobileSdkReleases where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListMobileSdkReleases where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListMobileSdkReleasesResponse' smart constructor.
+data ListMobileSdkReleasesResponse = ListMobileSdkReleasesResponse'
+  { -- | When you request a list of objects with a @Limit@ setting, if the number
+    -- of objects that are still available for retrieval exceeds the limit, WAF
+    -- returns a @NextMarker@ value in the response. To retrieve the next batch
+    -- of objects, provide the marker from the prior call in your next request.
+    nextMarker :: Prelude.Maybe Prelude.Text,
+    -- | High level information for the available SDK releases.
+    releaseSummaries :: Prelude.Maybe [ReleaseSummary],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListMobileSdkReleasesResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextMarker', 'listMobileSdkReleasesResponse_nextMarker' - When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+--
+-- 'releaseSummaries', 'listMobileSdkReleasesResponse_releaseSummaries' - High level information for the available SDK releases.
+--
+-- 'httpStatus', 'listMobileSdkReleasesResponse_httpStatus' - The response's http status code.
+newListMobileSdkReleasesResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListMobileSdkReleasesResponse
+newListMobileSdkReleasesResponse pHttpStatus_ =
+  ListMobileSdkReleasesResponse'
+    { nextMarker =
+        Prelude.Nothing,
+      releaseSummaries = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+listMobileSdkReleasesResponse_nextMarker :: Lens.Lens' ListMobileSdkReleasesResponse (Prelude.Maybe Prelude.Text)
+listMobileSdkReleasesResponse_nextMarker = Lens.lens (\ListMobileSdkReleasesResponse' {nextMarker} -> nextMarker) (\s@ListMobileSdkReleasesResponse' {} a -> s {nextMarker = a} :: ListMobileSdkReleasesResponse)
+
+-- | High level information for the available SDK releases.
+listMobileSdkReleasesResponse_releaseSummaries :: Lens.Lens' ListMobileSdkReleasesResponse (Prelude.Maybe [ReleaseSummary])
+listMobileSdkReleasesResponse_releaseSummaries = Lens.lens (\ListMobileSdkReleasesResponse' {releaseSummaries} -> releaseSummaries) (\s@ListMobileSdkReleasesResponse' {} a -> s {releaseSummaries = a} :: ListMobileSdkReleasesResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listMobileSdkReleasesResponse_httpStatus :: Lens.Lens' ListMobileSdkReleasesResponse Prelude.Int
+listMobileSdkReleasesResponse_httpStatus = Lens.lens (\ListMobileSdkReleasesResponse' {httpStatus} -> httpStatus) (\s@ListMobileSdkReleasesResponse' {} a -> s {httpStatus = a} :: ListMobileSdkReleasesResponse)
+
+instance Prelude.NFData ListMobileSdkReleasesResponse where
+  rnf ListMobileSdkReleasesResponse' {..} =
+    Prelude.rnf nextMarker
+      `Prelude.seq` Prelude.rnf releaseSummaries
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/ListRegexPatternSets.hs b/gen/Amazonka/WAFV2/ListRegexPatternSets.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/ListRegexPatternSets.hs
@@ -0,0 +1,273 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.ListRegexPatternSets
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves an array of RegexPatternSetSummary objects for the regex
+-- pattern sets that you manage.
+module Amazonka.WAFV2.ListRegexPatternSets
+  ( -- * Creating a Request
+    ListRegexPatternSets (..),
+    newListRegexPatternSets,
+
+    -- * Request Lenses
+    listRegexPatternSets_limit,
+    listRegexPatternSets_nextMarker,
+    listRegexPatternSets_scope,
+
+    -- * Destructuring the Response
+    ListRegexPatternSetsResponse (..),
+    newListRegexPatternSetsResponse,
+
+    -- * Response Lenses
+    listRegexPatternSetsResponse_nextMarker,
+    listRegexPatternSetsResponse_regexPatternSets,
+    listRegexPatternSetsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newListRegexPatternSets' smart constructor.
+data ListRegexPatternSets = ListRegexPatternSets'
+  { -- | The maximum number of objects that you want WAF to return for this
+    -- request. If more objects are available, in the response, WAF provides a
+    -- @NextMarker@ value that you can use in a subsequent call to get the next
+    -- batch of objects.
+    limit :: Prelude.Maybe Prelude.Natural,
+    -- | When you request a list of objects with a @Limit@ setting, if the number
+    -- of objects that are still available for retrieval exceeds the limit, WAF
+    -- returns a @NextMarker@ value in the response. To retrieve the next batch
+    -- of objects, provide the marker from the prior call in your next request.
+    nextMarker :: Prelude.Maybe Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListRegexPatternSets' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'limit', 'listRegexPatternSets_limit' - The maximum number of objects that you want WAF to return for this
+-- request. If more objects are available, in the response, WAF provides a
+-- @NextMarker@ value that you can use in a subsequent call to get the next
+-- batch of objects.
+--
+-- 'nextMarker', 'listRegexPatternSets_nextMarker' - When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+--
+-- 'scope', 'listRegexPatternSets_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+newListRegexPatternSets ::
+  -- | 'scope'
+  Scope ->
+  ListRegexPatternSets
+newListRegexPatternSets pScope_ =
+  ListRegexPatternSets'
+    { limit = Prelude.Nothing,
+      nextMarker = Prelude.Nothing,
+      scope = pScope_
+    }
+
+-- | The maximum number of objects that you want WAF to return for this
+-- request. If more objects are available, in the response, WAF provides a
+-- @NextMarker@ value that you can use in a subsequent call to get the next
+-- batch of objects.
+listRegexPatternSets_limit :: Lens.Lens' ListRegexPatternSets (Prelude.Maybe Prelude.Natural)
+listRegexPatternSets_limit = Lens.lens (\ListRegexPatternSets' {limit} -> limit) (\s@ListRegexPatternSets' {} a -> s {limit = a} :: ListRegexPatternSets)
+
+-- | When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+listRegexPatternSets_nextMarker :: Lens.Lens' ListRegexPatternSets (Prelude.Maybe Prelude.Text)
+listRegexPatternSets_nextMarker = Lens.lens (\ListRegexPatternSets' {nextMarker} -> nextMarker) (\s@ListRegexPatternSets' {} a -> s {nextMarker = a} :: ListRegexPatternSets)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+listRegexPatternSets_scope :: Lens.Lens' ListRegexPatternSets Scope
+listRegexPatternSets_scope = Lens.lens (\ListRegexPatternSets' {scope} -> scope) (\s@ListRegexPatternSets' {} a -> s {scope = a} :: ListRegexPatternSets)
+
+instance Core.AWSRequest ListRegexPatternSets where
+  type
+    AWSResponse ListRegexPatternSets =
+      ListRegexPatternSetsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListRegexPatternSetsResponse'
+            Prelude.<$> (x Data..?> "NextMarker")
+            Prelude.<*> ( x
+                            Data..?> "RegexPatternSets"
+                            Core..!@ Prelude.mempty
+                        )
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListRegexPatternSets where
+  hashWithSalt _salt ListRegexPatternSets' {..} =
+    _salt
+      `Prelude.hashWithSalt` limit
+      `Prelude.hashWithSalt` nextMarker
+      `Prelude.hashWithSalt` scope
+
+instance Prelude.NFData ListRegexPatternSets where
+  rnf ListRegexPatternSets' {..} =
+    Prelude.rnf limit
+      `Prelude.seq` Prelude.rnf nextMarker
+      `Prelude.seq` Prelude.rnf scope
+
+instance Data.ToHeaders ListRegexPatternSets where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.ListRegexPatternSets" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListRegexPatternSets where
+  toJSON ListRegexPatternSets' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Limit" Data..=) Prelude.<$> limit,
+            ("NextMarker" Data..=) Prelude.<$> nextMarker,
+            Prelude.Just ("Scope" Data..= scope)
+          ]
+      )
+
+instance Data.ToPath ListRegexPatternSets where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListRegexPatternSets where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListRegexPatternSetsResponse' smart constructor.
+data ListRegexPatternSetsResponse = ListRegexPatternSetsResponse'
+  { -- | When you request a list of objects with a @Limit@ setting, if the number
+    -- of objects that are still available for retrieval exceeds the limit, WAF
+    -- returns a @NextMarker@ value in the response. To retrieve the next batch
+    -- of objects, provide the marker from the prior call in your next request.
+    nextMarker :: Prelude.Maybe Prelude.Text,
+    regexPatternSets :: Prelude.Maybe [RegexPatternSetSummary],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListRegexPatternSetsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextMarker', 'listRegexPatternSetsResponse_nextMarker' - When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+--
+-- 'regexPatternSets', 'listRegexPatternSetsResponse_regexPatternSets' -
+--
+-- 'httpStatus', 'listRegexPatternSetsResponse_httpStatus' - The response's http status code.
+newListRegexPatternSetsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListRegexPatternSetsResponse
+newListRegexPatternSetsResponse pHttpStatus_ =
+  ListRegexPatternSetsResponse'
+    { nextMarker =
+        Prelude.Nothing,
+      regexPatternSets = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+listRegexPatternSetsResponse_nextMarker :: Lens.Lens' ListRegexPatternSetsResponse (Prelude.Maybe Prelude.Text)
+listRegexPatternSetsResponse_nextMarker = Lens.lens (\ListRegexPatternSetsResponse' {nextMarker} -> nextMarker) (\s@ListRegexPatternSetsResponse' {} a -> s {nextMarker = a} :: ListRegexPatternSetsResponse)
+
+listRegexPatternSetsResponse_regexPatternSets :: Lens.Lens' ListRegexPatternSetsResponse (Prelude.Maybe [RegexPatternSetSummary])
+listRegexPatternSetsResponse_regexPatternSets = Lens.lens (\ListRegexPatternSetsResponse' {regexPatternSets} -> regexPatternSets) (\s@ListRegexPatternSetsResponse' {} a -> s {regexPatternSets = a} :: ListRegexPatternSetsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listRegexPatternSetsResponse_httpStatus :: Lens.Lens' ListRegexPatternSetsResponse Prelude.Int
+listRegexPatternSetsResponse_httpStatus = Lens.lens (\ListRegexPatternSetsResponse' {httpStatus} -> httpStatus) (\s@ListRegexPatternSetsResponse' {} a -> s {httpStatus = a} :: ListRegexPatternSetsResponse)
+
+instance Prelude.NFData ListRegexPatternSetsResponse where
+  rnf ListRegexPatternSetsResponse' {..} =
+    Prelude.rnf nextMarker
+      `Prelude.seq` Prelude.rnf regexPatternSets
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/ListResourcesForWebACL.hs b/gen/Amazonka/WAFV2/ListResourcesForWebACL.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/ListResourcesForWebACL.hs
@@ -0,0 +1,217 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.ListResourcesForWebACL
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves an array of the Amazon Resource Names (ARNs) for the regional
+-- resources that are associated with the specified web ACL. If you want
+-- the list of Amazon CloudFront resources, use the CloudFront call
+-- @ListDistributionsByWebACLId@.
+module Amazonka.WAFV2.ListResourcesForWebACL
+  ( -- * Creating a Request
+    ListResourcesForWebACL (..),
+    newListResourcesForWebACL,
+
+    -- * Request Lenses
+    listResourcesForWebACL_resourceType,
+    listResourcesForWebACL_webACLArn,
+
+    -- * Destructuring the Response
+    ListResourcesForWebACLResponse (..),
+    newListResourcesForWebACLResponse,
+
+    -- * Response Lenses
+    listResourcesForWebACLResponse_resourceArns,
+    listResourcesForWebACLResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newListResourcesForWebACL' smart constructor.
+data ListResourcesForWebACL = ListResourcesForWebACL'
+  { -- | Used for web ACLs that are scoped for regional applications. A regional
+    -- application can be an Application Load Balancer (ALB), an Amazon API
+    -- Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user
+    -- pool.
+    --
+    -- If you don\'t provide a resource type, the call uses the resource type
+    -- @APPLICATION_LOAD_BALANCER@.
+    --
+    -- Default: @APPLICATION_LOAD_BALANCER@
+    resourceType :: Prelude.Maybe ResourceType,
+    -- | The Amazon Resource Name (ARN) of the web ACL.
+    webACLArn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListResourcesForWebACL' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceType', 'listResourcesForWebACL_resourceType' - Used for web ACLs that are scoped for regional applications. A regional
+-- application can be an Application Load Balancer (ALB), an Amazon API
+-- Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user
+-- pool.
+--
+-- If you don\'t provide a resource type, the call uses the resource type
+-- @APPLICATION_LOAD_BALANCER@.
+--
+-- Default: @APPLICATION_LOAD_BALANCER@
+--
+-- 'webACLArn', 'listResourcesForWebACL_webACLArn' - The Amazon Resource Name (ARN) of the web ACL.
+newListResourcesForWebACL ::
+  -- | 'webACLArn'
+  Prelude.Text ->
+  ListResourcesForWebACL
+newListResourcesForWebACL pWebACLArn_ =
+  ListResourcesForWebACL'
+    { resourceType =
+        Prelude.Nothing,
+      webACLArn = pWebACLArn_
+    }
+
+-- | Used for web ACLs that are scoped for regional applications. A regional
+-- application can be an Application Load Balancer (ALB), an Amazon API
+-- Gateway REST API, an AppSync GraphQL API, or an Amazon Cognito user
+-- pool.
+--
+-- If you don\'t provide a resource type, the call uses the resource type
+-- @APPLICATION_LOAD_BALANCER@.
+--
+-- Default: @APPLICATION_LOAD_BALANCER@
+listResourcesForWebACL_resourceType :: Lens.Lens' ListResourcesForWebACL (Prelude.Maybe ResourceType)
+listResourcesForWebACL_resourceType = Lens.lens (\ListResourcesForWebACL' {resourceType} -> resourceType) (\s@ListResourcesForWebACL' {} a -> s {resourceType = a} :: ListResourcesForWebACL)
+
+-- | The Amazon Resource Name (ARN) of the web ACL.
+listResourcesForWebACL_webACLArn :: Lens.Lens' ListResourcesForWebACL Prelude.Text
+listResourcesForWebACL_webACLArn = Lens.lens (\ListResourcesForWebACL' {webACLArn} -> webACLArn) (\s@ListResourcesForWebACL' {} a -> s {webACLArn = a} :: ListResourcesForWebACL)
+
+instance Core.AWSRequest ListResourcesForWebACL where
+  type
+    AWSResponse ListResourcesForWebACL =
+      ListResourcesForWebACLResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListResourcesForWebACLResponse'
+            Prelude.<$> (x Data..?> "ResourceArns" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListResourcesForWebACL where
+  hashWithSalt _salt ListResourcesForWebACL' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceType
+      `Prelude.hashWithSalt` webACLArn
+
+instance Prelude.NFData ListResourcesForWebACL where
+  rnf ListResourcesForWebACL' {..} =
+    Prelude.rnf resourceType
+      `Prelude.seq` Prelude.rnf webACLArn
+
+instance Data.ToHeaders ListResourcesForWebACL where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.ListResourcesForWebACL" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListResourcesForWebACL where
+  toJSON ListResourcesForWebACL' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ResourceType" Data..=) Prelude.<$> resourceType,
+            Prelude.Just ("WebACLArn" Data..= webACLArn)
+          ]
+      )
+
+instance Data.ToPath ListResourcesForWebACL where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListResourcesForWebACL where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListResourcesForWebACLResponse' smart constructor.
+data ListResourcesForWebACLResponse = ListResourcesForWebACLResponse'
+  { -- | The array of Amazon Resource Names (ARNs) of the associated resources.
+    resourceArns :: Prelude.Maybe [Prelude.Text],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListResourcesForWebACLResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArns', 'listResourcesForWebACLResponse_resourceArns' - The array of Amazon Resource Names (ARNs) of the associated resources.
+--
+-- 'httpStatus', 'listResourcesForWebACLResponse_httpStatus' - The response's http status code.
+newListResourcesForWebACLResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListResourcesForWebACLResponse
+newListResourcesForWebACLResponse pHttpStatus_ =
+  ListResourcesForWebACLResponse'
+    { resourceArns =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | The array of Amazon Resource Names (ARNs) of the associated resources.
+listResourcesForWebACLResponse_resourceArns :: Lens.Lens' ListResourcesForWebACLResponse (Prelude.Maybe [Prelude.Text])
+listResourcesForWebACLResponse_resourceArns = Lens.lens (\ListResourcesForWebACLResponse' {resourceArns} -> resourceArns) (\s@ListResourcesForWebACLResponse' {} a -> s {resourceArns = a} :: ListResourcesForWebACLResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listResourcesForWebACLResponse_httpStatus :: Lens.Lens' ListResourcesForWebACLResponse Prelude.Int
+listResourcesForWebACLResponse_httpStatus = Lens.lens (\ListResourcesForWebACLResponse' {httpStatus} -> httpStatus) (\s@ListResourcesForWebACLResponse' {} a -> s {httpStatus = a} :: ListResourcesForWebACLResponse)
+
+instance
+  Prelude.NFData
+    ListResourcesForWebACLResponse
+  where
+  rnf ListResourcesForWebACLResponse' {..} =
+    Prelude.rnf resourceArns
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/ListRuleGroups.hs b/gen/Amazonka/WAFV2/ListRuleGroups.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/ListRuleGroups.hs
@@ -0,0 +1,270 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.ListRuleGroups
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves an array of RuleGroupSummary objects for the rule groups that
+-- you manage.
+module Amazonka.WAFV2.ListRuleGroups
+  ( -- * Creating a Request
+    ListRuleGroups (..),
+    newListRuleGroups,
+
+    -- * Request Lenses
+    listRuleGroups_limit,
+    listRuleGroups_nextMarker,
+    listRuleGroups_scope,
+
+    -- * Destructuring the Response
+    ListRuleGroupsResponse (..),
+    newListRuleGroupsResponse,
+
+    -- * Response Lenses
+    listRuleGroupsResponse_nextMarker,
+    listRuleGroupsResponse_ruleGroups,
+    listRuleGroupsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newListRuleGroups' smart constructor.
+data ListRuleGroups = ListRuleGroups'
+  { -- | The maximum number of objects that you want WAF to return for this
+    -- request. If more objects are available, in the response, WAF provides a
+    -- @NextMarker@ value that you can use in a subsequent call to get the next
+    -- batch of objects.
+    limit :: Prelude.Maybe Prelude.Natural,
+    -- | When you request a list of objects with a @Limit@ setting, if the number
+    -- of objects that are still available for retrieval exceeds the limit, WAF
+    -- returns a @NextMarker@ value in the response. To retrieve the next batch
+    -- of objects, provide the marker from the prior call in your next request.
+    nextMarker :: Prelude.Maybe Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListRuleGroups' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'limit', 'listRuleGroups_limit' - The maximum number of objects that you want WAF to return for this
+-- request. If more objects are available, in the response, WAF provides a
+-- @NextMarker@ value that you can use in a subsequent call to get the next
+-- batch of objects.
+--
+-- 'nextMarker', 'listRuleGroups_nextMarker' - When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+--
+-- 'scope', 'listRuleGroups_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+newListRuleGroups ::
+  -- | 'scope'
+  Scope ->
+  ListRuleGroups
+newListRuleGroups pScope_ =
+  ListRuleGroups'
+    { limit = Prelude.Nothing,
+      nextMarker = Prelude.Nothing,
+      scope = pScope_
+    }
+
+-- | The maximum number of objects that you want WAF to return for this
+-- request. If more objects are available, in the response, WAF provides a
+-- @NextMarker@ value that you can use in a subsequent call to get the next
+-- batch of objects.
+listRuleGroups_limit :: Lens.Lens' ListRuleGroups (Prelude.Maybe Prelude.Natural)
+listRuleGroups_limit = Lens.lens (\ListRuleGroups' {limit} -> limit) (\s@ListRuleGroups' {} a -> s {limit = a} :: ListRuleGroups)
+
+-- | When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+listRuleGroups_nextMarker :: Lens.Lens' ListRuleGroups (Prelude.Maybe Prelude.Text)
+listRuleGroups_nextMarker = Lens.lens (\ListRuleGroups' {nextMarker} -> nextMarker) (\s@ListRuleGroups' {} a -> s {nextMarker = a} :: ListRuleGroups)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+listRuleGroups_scope :: Lens.Lens' ListRuleGroups Scope
+listRuleGroups_scope = Lens.lens (\ListRuleGroups' {scope} -> scope) (\s@ListRuleGroups' {} a -> s {scope = a} :: ListRuleGroups)
+
+instance Core.AWSRequest ListRuleGroups where
+  type
+    AWSResponse ListRuleGroups =
+      ListRuleGroupsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListRuleGroupsResponse'
+            Prelude.<$> (x Data..?> "NextMarker")
+            Prelude.<*> (x Data..?> "RuleGroups" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListRuleGroups where
+  hashWithSalt _salt ListRuleGroups' {..} =
+    _salt
+      `Prelude.hashWithSalt` limit
+      `Prelude.hashWithSalt` nextMarker
+      `Prelude.hashWithSalt` scope
+
+instance Prelude.NFData ListRuleGroups where
+  rnf ListRuleGroups' {..} =
+    Prelude.rnf limit
+      `Prelude.seq` Prelude.rnf nextMarker
+      `Prelude.seq` Prelude.rnf scope
+
+instance Data.ToHeaders ListRuleGroups where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.ListRuleGroups" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListRuleGroups where
+  toJSON ListRuleGroups' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Limit" Data..=) Prelude.<$> limit,
+            ("NextMarker" Data..=) Prelude.<$> nextMarker,
+            Prelude.Just ("Scope" Data..= scope)
+          ]
+      )
+
+instance Data.ToPath ListRuleGroups where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListRuleGroups where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListRuleGroupsResponse' smart constructor.
+data ListRuleGroupsResponse = ListRuleGroupsResponse'
+  { -- | When you request a list of objects with a @Limit@ setting, if the number
+    -- of objects that are still available for retrieval exceeds the limit, WAF
+    -- returns a @NextMarker@ value in the response. To retrieve the next batch
+    -- of objects, provide the marker from the prior call in your next request.
+    nextMarker :: Prelude.Maybe Prelude.Text,
+    ruleGroups :: Prelude.Maybe [RuleGroupSummary],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListRuleGroupsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextMarker', 'listRuleGroupsResponse_nextMarker' - When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+--
+-- 'ruleGroups', 'listRuleGroupsResponse_ruleGroups' -
+--
+-- 'httpStatus', 'listRuleGroupsResponse_httpStatus' - The response's http status code.
+newListRuleGroupsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListRuleGroupsResponse
+newListRuleGroupsResponse pHttpStatus_ =
+  ListRuleGroupsResponse'
+    { nextMarker =
+        Prelude.Nothing,
+      ruleGroups = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+listRuleGroupsResponse_nextMarker :: Lens.Lens' ListRuleGroupsResponse (Prelude.Maybe Prelude.Text)
+listRuleGroupsResponse_nextMarker = Lens.lens (\ListRuleGroupsResponse' {nextMarker} -> nextMarker) (\s@ListRuleGroupsResponse' {} a -> s {nextMarker = a} :: ListRuleGroupsResponse)
+
+listRuleGroupsResponse_ruleGroups :: Lens.Lens' ListRuleGroupsResponse (Prelude.Maybe [RuleGroupSummary])
+listRuleGroupsResponse_ruleGroups = Lens.lens (\ListRuleGroupsResponse' {ruleGroups} -> ruleGroups) (\s@ListRuleGroupsResponse' {} a -> s {ruleGroups = a} :: ListRuleGroupsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listRuleGroupsResponse_httpStatus :: Lens.Lens' ListRuleGroupsResponse Prelude.Int
+listRuleGroupsResponse_httpStatus = Lens.lens (\ListRuleGroupsResponse' {httpStatus} -> httpStatus) (\s@ListRuleGroupsResponse' {} a -> s {httpStatus = a} :: ListRuleGroupsResponse)
+
+instance Prelude.NFData ListRuleGroupsResponse where
+  rnf ListRuleGroupsResponse' {..} =
+    Prelude.rnf nextMarker
+      `Prelude.seq` Prelude.rnf ruleGroups
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/ListTagsForResource.hs b/gen/Amazonka/WAFV2/ListTagsForResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/ListTagsForResource.hs
@@ -0,0 +1,247 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.ListTagsForResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves the TagInfoForResource for the specified resource. Tags are
+-- key:value pairs that you can use to categorize and manage your
+-- resources, for purposes like billing. For example, you might set the tag
+-- key to \"customer\" and the value to the customer name or ID. You can
+-- specify one or more tags to add to each Amazon Web Services resource, up
+-- to 50 tags for a resource.
+--
+-- You can tag the Amazon Web Services resources that you manage through
+-- WAF: web ACLs, rule groups, IP sets, and regex pattern sets. You can\'t
+-- manage or view tags through the WAF console.
+module Amazonka.WAFV2.ListTagsForResource
+  ( -- * Creating a Request
+    ListTagsForResource (..),
+    newListTagsForResource,
+
+    -- * Request Lenses
+    listTagsForResource_limit,
+    listTagsForResource_nextMarker,
+    listTagsForResource_resourceARN,
+
+    -- * Destructuring the Response
+    ListTagsForResourceResponse (..),
+    newListTagsForResourceResponse,
+
+    -- * Response Lenses
+    listTagsForResourceResponse_nextMarker,
+    listTagsForResourceResponse_tagInfoForResource,
+    listTagsForResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newListTagsForResource' smart constructor.
+data ListTagsForResource = ListTagsForResource'
+  { -- | The maximum number of objects that you want WAF to return for this
+    -- request. If more objects are available, in the response, WAF provides a
+    -- @NextMarker@ value that you can use in a subsequent call to get the next
+    -- batch of objects.
+    limit :: Prelude.Maybe Prelude.Natural,
+    -- | When you request a list of objects with a @Limit@ setting, if the number
+    -- of objects that are still available for retrieval exceeds the limit, WAF
+    -- returns a @NextMarker@ value in the response. To retrieve the next batch
+    -- of objects, provide the marker from the prior call in your next request.
+    nextMarker :: Prelude.Maybe Prelude.Text,
+    -- | The Amazon Resource Name (ARN) of the resource.
+    resourceARN :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListTagsForResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'limit', 'listTagsForResource_limit' - The maximum number of objects that you want WAF to return for this
+-- request. If more objects are available, in the response, WAF provides a
+-- @NextMarker@ value that you can use in a subsequent call to get the next
+-- batch of objects.
+--
+-- 'nextMarker', 'listTagsForResource_nextMarker' - When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+--
+-- 'resourceARN', 'listTagsForResource_resourceARN' - The Amazon Resource Name (ARN) of the resource.
+newListTagsForResource ::
+  -- | 'resourceARN'
+  Prelude.Text ->
+  ListTagsForResource
+newListTagsForResource pResourceARN_ =
+  ListTagsForResource'
+    { limit = Prelude.Nothing,
+      nextMarker = Prelude.Nothing,
+      resourceARN = pResourceARN_
+    }
+
+-- | The maximum number of objects that you want WAF to return for this
+-- request. If more objects are available, in the response, WAF provides a
+-- @NextMarker@ value that you can use in a subsequent call to get the next
+-- batch of objects.
+listTagsForResource_limit :: Lens.Lens' ListTagsForResource (Prelude.Maybe Prelude.Natural)
+listTagsForResource_limit = Lens.lens (\ListTagsForResource' {limit} -> limit) (\s@ListTagsForResource' {} a -> s {limit = a} :: ListTagsForResource)
+
+-- | When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+listTagsForResource_nextMarker :: Lens.Lens' ListTagsForResource (Prelude.Maybe Prelude.Text)
+listTagsForResource_nextMarker = Lens.lens (\ListTagsForResource' {nextMarker} -> nextMarker) (\s@ListTagsForResource' {} a -> s {nextMarker = a} :: ListTagsForResource)
+
+-- | The Amazon Resource Name (ARN) of the resource.
+listTagsForResource_resourceARN :: Lens.Lens' ListTagsForResource Prelude.Text
+listTagsForResource_resourceARN = Lens.lens (\ListTagsForResource' {resourceARN} -> resourceARN) (\s@ListTagsForResource' {} a -> s {resourceARN = a} :: ListTagsForResource)
+
+instance Core.AWSRequest ListTagsForResource where
+  type
+    AWSResponse ListTagsForResource =
+      ListTagsForResourceResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListTagsForResourceResponse'
+            Prelude.<$> (x Data..?> "NextMarker")
+            Prelude.<*> (x Data..?> "TagInfoForResource")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListTagsForResource where
+  hashWithSalt _salt ListTagsForResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` limit
+      `Prelude.hashWithSalt` nextMarker
+      `Prelude.hashWithSalt` resourceARN
+
+instance Prelude.NFData ListTagsForResource where
+  rnf ListTagsForResource' {..} =
+    Prelude.rnf limit
+      `Prelude.seq` Prelude.rnf nextMarker
+      `Prelude.seq` Prelude.rnf resourceARN
+
+instance Data.ToHeaders ListTagsForResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.ListTagsForResource" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListTagsForResource where
+  toJSON ListTagsForResource' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Limit" Data..=) Prelude.<$> limit,
+            ("NextMarker" Data..=) Prelude.<$> nextMarker,
+            Prelude.Just ("ResourceARN" Data..= resourceARN)
+          ]
+      )
+
+instance Data.ToPath ListTagsForResource where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListTagsForResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListTagsForResourceResponse' smart constructor.
+data ListTagsForResourceResponse = ListTagsForResourceResponse'
+  { -- | When you request a list of objects with a @Limit@ setting, if the number
+    -- of objects that are still available for retrieval exceeds the limit, WAF
+    -- returns a @NextMarker@ value in the response. To retrieve the next batch
+    -- of objects, provide the marker from the prior call in your next request.
+    nextMarker :: Prelude.Maybe Prelude.Text,
+    -- | The collection of tagging definitions for the resource.
+    tagInfoForResource :: Prelude.Maybe TagInfoForResource,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListTagsForResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextMarker', 'listTagsForResourceResponse_nextMarker' - When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+--
+-- 'tagInfoForResource', 'listTagsForResourceResponse_tagInfoForResource' - The collection of tagging definitions for the resource.
+--
+-- 'httpStatus', 'listTagsForResourceResponse_httpStatus' - The response's http status code.
+newListTagsForResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListTagsForResourceResponse
+newListTagsForResourceResponse pHttpStatus_ =
+  ListTagsForResourceResponse'
+    { nextMarker =
+        Prelude.Nothing,
+      tagInfoForResource = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+listTagsForResourceResponse_nextMarker :: Lens.Lens' ListTagsForResourceResponse (Prelude.Maybe Prelude.Text)
+listTagsForResourceResponse_nextMarker = Lens.lens (\ListTagsForResourceResponse' {nextMarker} -> nextMarker) (\s@ListTagsForResourceResponse' {} a -> s {nextMarker = a} :: ListTagsForResourceResponse)
+
+-- | The collection of tagging definitions for the resource.
+listTagsForResourceResponse_tagInfoForResource :: Lens.Lens' ListTagsForResourceResponse (Prelude.Maybe TagInfoForResource)
+listTagsForResourceResponse_tagInfoForResource = Lens.lens (\ListTagsForResourceResponse' {tagInfoForResource} -> tagInfoForResource) (\s@ListTagsForResourceResponse' {} a -> s {tagInfoForResource = a} :: ListTagsForResourceResponse)
+
+-- | The response's http status code.
+listTagsForResourceResponse_httpStatus :: Lens.Lens' ListTagsForResourceResponse Prelude.Int
+listTagsForResourceResponse_httpStatus = Lens.lens (\ListTagsForResourceResponse' {httpStatus} -> httpStatus) (\s@ListTagsForResourceResponse' {} a -> s {httpStatus = a} :: ListTagsForResourceResponse)
+
+instance Prelude.NFData ListTagsForResourceResponse where
+  rnf ListTagsForResourceResponse' {..} =
+    Prelude.rnf nextMarker
+      `Prelude.seq` Prelude.rnf tagInfoForResource
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/ListWebACLs.hs b/gen/Amazonka/WAFV2/ListWebACLs.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/ListWebACLs.hs
@@ -0,0 +1,267 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.ListWebACLs
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Retrieves an array of WebACLSummary objects for the web ACLs that you
+-- manage.
+module Amazonka.WAFV2.ListWebACLs
+  ( -- * Creating a Request
+    ListWebACLs (..),
+    newListWebACLs,
+
+    -- * Request Lenses
+    listWebACLs_limit,
+    listWebACLs_nextMarker,
+    listWebACLs_scope,
+
+    -- * Destructuring the Response
+    ListWebACLsResponse (..),
+    newListWebACLsResponse,
+
+    -- * Response Lenses
+    listWebACLsResponse_nextMarker,
+    listWebACLsResponse_webACLs,
+    listWebACLsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newListWebACLs' smart constructor.
+data ListWebACLs = ListWebACLs'
+  { -- | The maximum number of objects that you want WAF to return for this
+    -- request. If more objects are available, in the response, WAF provides a
+    -- @NextMarker@ value that you can use in a subsequent call to get the next
+    -- batch of objects.
+    limit :: Prelude.Maybe Prelude.Natural,
+    -- | When you request a list of objects with a @Limit@ setting, if the number
+    -- of objects that are still available for retrieval exceeds the limit, WAF
+    -- returns a @NextMarker@ value in the response. To retrieve the next batch
+    -- of objects, provide the marker from the prior call in your next request.
+    nextMarker :: Prelude.Maybe Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListWebACLs' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'limit', 'listWebACLs_limit' - The maximum number of objects that you want WAF to return for this
+-- request. If more objects are available, in the response, WAF provides a
+-- @NextMarker@ value that you can use in a subsequent call to get the next
+-- batch of objects.
+--
+-- 'nextMarker', 'listWebACLs_nextMarker' - When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+--
+-- 'scope', 'listWebACLs_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+newListWebACLs ::
+  -- | 'scope'
+  Scope ->
+  ListWebACLs
+newListWebACLs pScope_ =
+  ListWebACLs'
+    { limit = Prelude.Nothing,
+      nextMarker = Prelude.Nothing,
+      scope = pScope_
+    }
+
+-- | The maximum number of objects that you want WAF to return for this
+-- request. If more objects are available, in the response, WAF provides a
+-- @NextMarker@ value that you can use in a subsequent call to get the next
+-- batch of objects.
+listWebACLs_limit :: Lens.Lens' ListWebACLs (Prelude.Maybe Prelude.Natural)
+listWebACLs_limit = Lens.lens (\ListWebACLs' {limit} -> limit) (\s@ListWebACLs' {} a -> s {limit = a} :: ListWebACLs)
+
+-- | When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+listWebACLs_nextMarker :: Lens.Lens' ListWebACLs (Prelude.Maybe Prelude.Text)
+listWebACLs_nextMarker = Lens.lens (\ListWebACLs' {nextMarker} -> nextMarker) (\s@ListWebACLs' {} a -> s {nextMarker = a} :: ListWebACLs)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+listWebACLs_scope :: Lens.Lens' ListWebACLs Scope
+listWebACLs_scope = Lens.lens (\ListWebACLs' {scope} -> scope) (\s@ListWebACLs' {} a -> s {scope = a} :: ListWebACLs)
+
+instance Core.AWSRequest ListWebACLs where
+  type AWSResponse ListWebACLs = ListWebACLsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          ListWebACLsResponse'
+            Prelude.<$> (x Data..?> "NextMarker")
+            Prelude.<*> (x Data..?> "WebACLs" Core..!@ Prelude.mempty)
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable ListWebACLs where
+  hashWithSalt _salt ListWebACLs' {..} =
+    _salt
+      `Prelude.hashWithSalt` limit
+      `Prelude.hashWithSalt` nextMarker
+      `Prelude.hashWithSalt` scope
+
+instance Prelude.NFData ListWebACLs where
+  rnf ListWebACLs' {..} =
+    Prelude.rnf limit
+      `Prelude.seq` Prelude.rnf nextMarker
+      `Prelude.seq` Prelude.rnf scope
+
+instance Data.ToHeaders ListWebACLs where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.ListWebACLs" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON ListWebACLs where
+  toJSON ListWebACLs' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Limit" Data..=) Prelude.<$> limit,
+            ("NextMarker" Data..=) Prelude.<$> nextMarker,
+            Prelude.Just ("Scope" Data..= scope)
+          ]
+      )
+
+instance Data.ToPath ListWebACLs where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery ListWebACLs where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newListWebACLsResponse' smart constructor.
+data ListWebACLsResponse = ListWebACLsResponse'
+  { -- | When you request a list of objects with a @Limit@ setting, if the number
+    -- of objects that are still available for retrieval exceeds the limit, WAF
+    -- returns a @NextMarker@ value in the response. To retrieve the next batch
+    -- of objects, provide the marker from the prior call in your next request.
+    nextMarker :: Prelude.Maybe Prelude.Text,
+    webACLs :: Prelude.Maybe [WebACLSummary],
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ListWebACLsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextMarker', 'listWebACLsResponse_nextMarker' - When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+--
+-- 'webACLs', 'listWebACLsResponse_webACLs' -
+--
+-- 'httpStatus', 'listWebACLsResponse_httpStatus' - The response's http status code.
+newListWebACLsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  ListWebACLsResponse
+newListWebACLsResponse pHttpStatus_ =
+  ListWebACLsResponse'
+    { nextMarker = Prelude.Nothing,
+      webACLs = Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | When you request a list of objects with a @Limit@ setting, if the number
+-- of objects that are still available for retrieval exceeds the limit, WAF
+-- returns a @NextMarker@ value in the response. To retrieve the next batch
+-- of objects, provide the marker from the prior call in your next request.
+listWebACLsResponse_nextMarker :: Lens.Lens' ListWebACLsResponse (Prelude.Maybe Prelude.Text)
+listWebACLsResponse_nextMarker = Lens.lens (\ListWebACLsResponse' {nextMarker} -> nextMarker) (\s@ListWebACLsResponse' {} a -> s {nextMarker = a} :: ListWebACLsResponse)
+
+listWebACLsResponse_webACLs :: Lens.Lens' ListWebACLsResponse (Prelude.Maybe [WebACLSummary])
+listWebACLsResponse_webACLs = Lens.lens (\ListWebACLsResponse' {webACLs} -> webACLs) (\s@ListWebACLsResponse' {} a -> s {webACLs = a} :: ListWebACLsResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response's http status code.
+listWebACLsResponse_httpStatus :: Lens.Lens' ListWebACLsResponse Prelude.Int
+listWebACLsResponse_httpStatus = Lens.lens (\ListWebACLsResponse' {httpStatus} -> httpStatus) (\s@ListWebACLsResponse' {} a -> s {httpStatus = a} :: ListWebACLsResponse)
+
+instance Prelude.NFData ListWebACLsResponse where
+  rnf ListWebACLsResponse' {..} =
+    Prelude.rnf nextMarker
+      `Prelude.seq` Prelude.rnf webACLs
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/PutLoggingConfiguration.hs b/gen/Amazonka/WAFV2/PutLoggingConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/PutLoggingConfiguration.hs
@@ -0,0 +1,215 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.PutLoggingConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Enables the specified LoggingConfiguration, to start logging from a web
+-- ACL, according to the configuration provided.
+--
+-- You can define one logging destination per web ACL.
+--
+-- You can access information about the traffic that WAF inspects using the
+-- following steps:
+--
+-- 1.  Create your logging destination. You can use an Amazon CloudWatch
+--     Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket,
+--     or an Amazon Kinesis Data Firehose.
+--
+--     The name that you give the destination must start with
+--     @aws-waf-logs-@. Depending on the type of destination, you might
+--     need to configure additional settings or permissions.
+--
+--     For configuration requirements and pricing information for each
+--     destination type, see
+--     <https://docs.aws.amazon.com/waf/latest/developerguide/logging.html Logging web ACL traffic>
+--     in the /WAF Developer Guide/.
+--
+-- 2.  Associate your logging destination to your web ACL using a
+--     @PutLoggingConfiguration@ request.
+--
+-- When you successfully enable logging using a @PutLoggingConfiguration@
+-- request, WAF creates an additional role or policy that is required to
+-- write logs to the logging destination. For an Amazon CloudWatch Logs log
+-- group, WAF creates a resource policy on the log group. For an Amazon S3
+-- bucket, WAF creates a bucket policy. For an Amazon Kinesis Data
+-- Firehose, WAF creates a service-linked role.
+--
+-- For additional information about web ACL logging, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/logging.html Logging web ACL traffic information>
+-- in the /WAF Developer Guide/.
+--
+-- This operation completely replaces the mutable specifications that you
+-- already have for the logging configuration with the ones that you
+-- provide to this call. To modify the logging configuration, retrieve it
+-- by calling GetLoggingConfiguration, update the settings as needed, and
+-- then provide the complete logging configuration specification to this
+-- call.
+module Amazonka.WAFV2.PutLoggingConfiguration
+  ( -- * Creating a Request
+    PutLoggingConfiguration (..),
+    newPutLoggingConfiguration,
+
+    -- * Request Lenses
+    putLoggingConfiguration_loggingConfiguration,
+
+    -- * Destructuring the Response
+    PutLoggingConfigurationResponse (..),
+    newPutLoggingConfigurationResponse,
+
+    -- * Response Lenses
+    putLoggingConfigurationResponse_loggingConfiguration,
+    putLoggingConfigurationResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newPutLoggingConfiguration' smart constructor.
+data PutLoggingConfiguration = PutLoggingConfiguration'
+  { loggingConfiguration :: LoggingConfiguration
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PutLoggingConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'loggingConfiguration', 'putLoggingConfiguration_loggingConfiguration' -
+newPutLoggingConfiguration ::
+  -- | 'loggingConfiguration'
+  LoggingConfiguration ->
+  PutLoggingConfiguration
+newPutLoggingConfiguration pLoggingConfiguration_ =
+  PutLoggingConfiguration'
+    { loggingConfiguration =
+        pLoggingConfiguration_
+    }
+
+putLoggingConfiguration_loggingConfiguration :: Lens.Lens' PutLoggingConfiguration LoggingConfiguration
+putLoggingConfiguration_loggingConfiguration = Lens.lens (\PutLoggingConfiguration' {loggingConfiguration} -> loggingConfiguration) (\s@PutLoggingConfiguration' {} a -> s {loggingConfiguration = a} :: PutLoggingConfiguration)
+
+instance Core.AWSRequest PutLoggingConfiguration where
+  type
+    AWSResponse PutLoggingConfiguration =
+      PutLoggingConfigurationResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          PutLoggingConfigurationResponse'
+            Prelude.<$> (x Data..?> "LoggingConfiguration")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable PutLoggingConfiguration where
+  hashWithSalt _salt PutLoggingConfiguration' {..} =
+    _salt `Prelude.hashWithSalt` loggingConfiguration
+
+instance Prelude.NFData PutLoggingConfiguration where
+  rnf PutLoggingConfiguration' {..} =
+    Prelude.rnf loggingConfiguration
+
+instance Data.ToHeaders PutLoggingConfiguration where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.PutLoggingConfiguration" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON PutLoggingConfiguration where
+  toJSON PutLoggingConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ( "LoggingConfiguration"
+                  Data..= loggingConfiguration
+              )
+          ]
+      )
+
+instance Data.ToPath PutLoggingConfiguration where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery PutLoggingConfiguration where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newPutLoggingConfigurationResponse' smart constructor.
+data PutLoggingConfigurationResponse = PutLoggingConfigurationResponse'
+  { loggingConfiguration :: Prelude.Maybe LoggingConfiguration,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PutLoggingConfigurationResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'loggingConfiguration', 'putLoggingConfigurationResponse_loggingConfiguration' -
+--
+-- 'httpStatus', 'putLoggingConfigurationResponse_httpStatus' - The response's http status code.
+newPutLoggingConfigurationResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  PutLoggingConfigurationResponse
+newPutLoggingConfigurationResponse pHttpStatus_ =
+  PutLoggingConfigurationResponse'
+    { loggingConfiguration =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+putLoggingConfigurationResponse_loggingConfiguration :: Lens.Lens' PutLoggingConfigurationResponse (Prelude.Maybe LoggingConfiguration)
+putLoggingConfigurationResponse_loggingConfiguration = Lens.lens (\PutLoggingConfigurationResponse' {loggingConfiguration} -> loggingConfiguration) (\s@PutLoggingConfigurationResponse' {} a -> s {loggingConfiguration = a} :: PutLoggingConfigurationResponse)
+
+-- | The response's http status code.
+putLoggingConfigurationResponse_httpStatus :: Lens.Lens' PutLoggingConfigurationResponse Prelude.Int
+putLoggingConfigurationResponse_httpStatus = Lens.lens (\PutLoggingConfigurationResponse' {httpStatus} -> httpStatus) (\s@PutLoggingConfigurationResponse' {} a -> s {httpStatus = a} :: PutLoggingConfigurationResponse)
+
+instance
+  Prelude.NFData
+    PutLoggingConfigurationResponse
+  where
+  rnf PutLoggingConfigurationResponse' {..} =
+    Prelude.rnf loggingConfiguration
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/PutManagedRuleSetVersions.hs b/gen/Amazonka/WAFV2/PutManagedRuleSetVersions.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/PutManagedRuleSetVersions.hs
@@ -0,0 +1,375 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.PutManagedRuleSetVersions
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Defines the versions of your managed rule set that you are offering to
+-- the customers. Customers see your offerings as managed rule groups with
+-- versioning.
+--
+-- This is intended for use only by vendors of managed rule sets. Vendors
+-- are Amazon Web Services and Amazon Web Services Marketplace sellers.
+--
+-- Vendors, you can use the managed rule set APIs to provide controlled
+-- rollout of your versioned managed rule group offerings for your
+-- customers. The APIs are @ListManagedRuleSets@, @GetManagedRuleSet@,
+-- @PutManagedRuleSetVersions@, and
+-- @UpdateManagedRuleSetVersionExpiryDate@.
+--
+-- Customers retrieve their managed rule group list by calling
+-- ListAvailableManagedRuleGroups. The name that you provide here for your
+-- managed rule set is the name the customer sees for the corresponding
+-- managed rule group. Customers can retrieve the available versions for a
+-- managed rule group by calling ListAvailableManagedRuleGroupVersions. You
+-- provide a rule group specification for each version. For each managed
+-- rule set, you must specify a version that you recommend using.
+--
+-- To initiate the expiration of a managed rule group version, use
+-- UpdateManagedRuleSetVersionExpiryDate.
+module Amazonka.WAFV2.PutManagedRuleSetVersions
+  ( -- * Creating a Request
+    PutManagedRuleSetVersions (..),
+    newPutManagedRuleSetVersions,
+
+    -- * Request Lenses
+    putManagedRuleSetVersions_recommendedVersion,
+    putManagedRuleSetVersions_versionsToPublish,
+    putManagedRuleSetVersions_name,
+    putManagedRuleSetVersions_scope,
+    putManagedRuleSetVersions_id,
+    putManagedRuleSetVersions_lockToken,
+
+    -- * Destructuring the Response
+    PutManagedRuleSetVersionsResponse (..),
+    newPutManagedRuleSetVersionsResponse,
+
+    -- * Response Lenses
+    putManagedRuleSetVersionsResponse_nextLockToken,
+    putManagedRuleSetVersionsResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newPutManagedRuleSetVersions' smart constructor.
+data PutManagedRuleSetVersions = PutManagedRuleSetVersions'
+  { -- | The version of the named managed rule group that you\'d like your
+    -- customers to choose, from among your version offerings.
+    recommendedVersion :: Prelude.Maybe Prelude.Text,
+    -- | The versions of the named managed rule group that you want to offer to
+    -- your customers.
+    versionsToPublish :: Prelude.Maybe (Prelude.HashMap Prelude.Text VersionToPublish),
+    -- | The name of the managed rule set. You use this, along with the rule set
+    -- ID, to identify the rule set.
+    --
+    -- This name is assigned to the corresponding managed rule group, which
+    -- your customers can access and use.
+    name :: Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope,
+    -- | A unique identifier for the managed rule set. The ID is returned in the
+    -- responses to commands like @list@. You provide it to operations like
+    -- @get@ and @update@.
+    id :: Prelude.Text,
+    -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    lockToken :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PutManagedRuleSetVersions' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'recommendedVersion', 'putManagedRuleSetVersions_recommendedVersion' - The version of the named managed rule group that you\'d like your
+-- customers to choose, from among your version offerings.
+--
+-- 'versionsToPublish', 'putManagedRuleSetVersions_versionsToPublish' - The versions of the named managed rule group that you want to offer to
+-- your customers.
+--
+-- 'name', 'putManagedRuleSetVersions_name' - The name of the managed rule set. You use this, along with the rule set
+-- ID, to identify the rule set.
+--
+-- This name is assigned to the corresponding managed rule group, which
+-- your customers can access and use.
+--
+-- 'scope', 'putManagedRuleSetVersions_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+--
+-- 'id', 'putManagedRuleSetVersions_id' - A unique identifier for the managed rule set. The ID is returned in the
+-- responses to commands like @list@. You provide it to operations like
+-- @get@ and @update@.
+--
+-- 'lockToken', 'putManagedRuleSetVersions_lockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+newPutManagedRuleSetVersions ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'scope'
+  Scope ->
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'lockToken'
+  Prelude.Text ->
+  PutManagedRuleSetVersions
+newPutManagedRuleSetVersions
+  pName_
+  pScope_
+  pId_
+  pLockToken_ =
+    PutManagedRuleSetVersions'
+      { recommendedVersion =
+          Prelude.Nothing,
+        versionsToPublish = Prelude.Nothing,
+        name = pName_,
+        scope = pScope_,
+        id = pId_,
+        lockToken = pLockToken_
+      }
+
+-- | The version of the named managed rule group that you\'d like your
+-- customers to choose, from among your version offerings.
+putManagedRuleSetVersions_recommendedVersion :: Lens.Lens' PutManagedRuleSetVersions (Prelude.Maybe Prelude.Text)
+putManagedRuleSetVersions_recommendedVersion = Lens.lens (\PutManagedRuleSetVersions' {recommendedVersion} -> recommendedVersion) (\s@PutManagedRuleSetVersions' {} a -> s {recommendedVersion = a} :: PutManagedRuleSetVersions)
+
+-- | The versions of the named managed rule group that you want to offer to
+-- your customers.
+putManagedRuleSetVersions_versionsToPublish :: Lens.Lens' PutManagedRuleSetVersions (Prelude.Maybe (Prelude.HashMap Prelude.Text VersionToPublish))
+putManagedRuleSetVersions_versionsToPublish = Lens.lens (\PutManagedRuleSetVersions' {versionsToPublish} -> versionsToPublish) (\s@PutManagedRuleSetVersions' {} a -> s {versionsToPublish = a} :: PutManagedRuleSetVersions) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the managed rule set. You use this, along with the rule set
+-- ID, to identify the rule set.
+--
+-- This name is assigned to the corresponding managed rule group, which
+-- your customers can access and use.
+putManagedRuleSetVersions_name :: Lens.Lens' PutManagedRuleSetVersions Prelude.Text
+putManagedRuleSetVersions_name = Lens.lens (\PutManagedRuleSetVersions' {name} -> name) (\s@PutManagedRuleSetVersions' {} a -> s {name = a} :: PutManagedRuleSetVersions)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+putManagedRuleSetVersions_scope :: Lens.Lens' PutManagedRuleSetVersions Scope
+putManagedRuleSetVersions_scope = Lens.lens (\PutManagedRuleSetVersions' {scope} -> scope) (\s@PutManagedRuleSetVersions' {} a -> s {scope = a} :: PutManagedRuleSetVersions)
+
+-- | A unique identifier for the managed rule set. The ID is returned in the
+-- responses to commands like @list@. You provide it to operations like
+-- @get@ and @update@.
+putManagedRuleSetVersions_id :: Lens.Lens' PutManagedRuleSetVersions Prelude.Text
+putManagedRuleSetVersions_id = Lens.lens (\PutManagedRuleSetVersions' {id} -> id) (\s@PutManagedRuleSetVersions' {} a -> s {id = a} :: PutManagedRuleSetVersions)
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+putManagedRuleSetVersions_lockToken :: Lens.Lens' PutManagedRuleSetVersions Prelude.Text
+putManagedRuleSetVersions_lockToken = Lens.lens (\PutManagedRuleSetVersions' {lockToken} -> lockToken) (\s@PutManagedRuleSetVersions' {} a -> s {lockToken = a} :: PutManagedRuleSetVersions)
+
+instance Core.AWSRequest PutManagedRuleSetVersions where
+  type
+    AWSResponse PutManagedRuleSetVersions =
+      PutManagedRuleSetVersionsResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          PutManagedRuleSetVersionsResponse'
+            Prelude.<$> (x Data..?> "NextLockToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable PutManagedRuleSetVersions where
+  hashWithSalt _salt PutManagedRuleSetVersions' {..} =
+    _salt
+      `Prelude.hashWithSalt` recommendedVersion
+      `Prelude.hashWithSalt` versionsToPublish
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` scope
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` lockToken
+
+instance Prelude.NFData PutManagedRuleSetVersions where
+  rnf PutManagedRuleSetVersions' {..} =
+    Prelude.rnf recommendedVersion
+      `Prelude.seq` Prelude.rnf versionsToPublish
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf scope
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf lockToken
+
+instance Data.ToHeaders PutManagedRuleSetVersions where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.PutManagedRuleSetVersions" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON PutManagedRuleSetVersions where
+  toJSON PutManagedRuleSetVersions' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("RecommendedVersion" Data..=)
+              Prelude.<$> recommendedVersion,
+            ("VersionsToPublish" Data..=)
+              Prelude.<$> versionsToPublish,
+            Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Scope" Data..= scope),
+            Prelude.Just ("Id" Data..= id),
+            Prelude.Just ("LockToken" Data..= lockToken)
+          ]
+      )
+
+instance Data.ToPath PutManagedRuleSetVersions where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery PutManagedRuleSetVersions where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newPutManagedRuleSetVersionsResponse' smart constructor.
+data PutManagedRuleSetVersionsResponse = PutManagedRuleSetVersionsResponse'
+  { -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    nextLockToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PutManagedRuleSetVersionsResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextLockToken', 'putManagedRuleSetVersionsResponse_nextLockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+--
+-- 'httpStatus', 'putManagedRuleSetVersionsResponse_httpStatus' - The response's http status code.
+newPutManagedRuleSetVersionsResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  PutManagedRuleSetVersionsResponse
+newPutManagedRuleSetVersionsResponse pHttpStatus_ =
+  PutManagedRuleSetVersionsResponse'
+    { nextLockToken =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+putManagedRuleSetVersionsResponse_nextLockToken :: Lens.Lens' PutManagedRuleSetVersionsResponse (Prelude.Maybe Prelude.Text)
+putManagedRuleSetVersionsResponse_nextLockToken = Lens.lens (\PutManagedRuleSetVersionsResponse' {nextLockToken} -> nextLockToken) (\s@PutManagedRuleSetVersionsResponse' {} a -> s {nextLockToken = a} :: PutManagedRuleSetVersionsResponse)
+
+-- | The response's http status code.
+putManagedRuleSetVersionsResponse_httpStatus :: Lens.Lens' PutManagedRuleSetVersionsResponse Prelude.Int
+putManagedRuleSetVersionsResponse_httpStatus = Lens.lens (\PutManagedRuleSetVersionsResponse' {httpStatus} -> httpStatus) (\s@PutManagedRuleSetVersionsResponse' {} a -> s {httpStatus = a} :: PutManagedRuleSetVersionsResponse)
+
+instance
+  Prelude.NFData
+    PutManagedRuleSetVersionsResponse
+  where
+  rnf PutManagedRuleSetVersionsResponse' {..} =
+    Prelude.rnf nextLockToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/PutPermissionPolicy.hs b/gen/Amazonka/WAFV2/PutPermissionPolicy.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/PutPermissionPolicy.hs
@@ -0,0 +1,252 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.PutPermissionPolicy
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Attaches an IAM policy to the specified resource. Use this to share a
+-- rule group across accounts.
+--
+-- You must be the owner of the rule group to perform this operation.
+--
+-- This action is subject to the following restrictions:
+--
+-- -   You can attach only one policy with each @PutPermissionPolicy@
+--     request.
+--
+-- -   The ARN in the request must be a valid WAF RuleGroup ARN and the
+--     rule group must exist in the same Region.
+--
+-- -   The user making the request must be the owner of the rule group.
+module Amazonka.WAFV2.PutPermissionPolicy
+  ( -- * Creating a Request
+    PutPermissionPolicy (..),
+    newPutPermissionPolicy,
+
+    -- * Request Lenses
+    putPermissionPolicy_resourceArn,
+    putPermissionPolicy_policy,
+
+    -- * Destructuring the Response
+    PutPermissionPolicyResponse (..),
+    newPutPermissionPolicyResponse,
+
+    -- * Response Lenses
+    putPermissionPolicyResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newPutPermissionPolicy' smart constructor.
+data PutPermissionPolicy = PutPermissionPolicy'
+  { -- | The Amazon Resource Name (ARN) of the RuleGroup to which you want to
+    -- attach the policy.
+    resourceArn :: Prelude.Text,
+    -- | The policy to attach to the specified rule group.
+    --
+    -- The policy specifications must conform to the following:
+    --
+    -- -   The policy must be composed using IAM Policy version 2012-10-17 or
+    --     version 2015-01-01.
+    --
+    -- -   The policy must include specifications for @Effect@, @Action@, and
+    --     @Principal@.
+    --
+    -- -   @Effect@ must specify @Allow@.
+    --
+    -- -   @Action@ must specify @wafv2:CreateWebACL@, @wafv2:UpdateWebACL@,
+    --     and @wafv2:PutFirewallManagerRuleGroups@ and may optionally specify
+    --     @wafv2:GetRuleGroup@. WAF rejects any extra actions or wildcard
+    --     actions in the policy.
+    --
+    -- -   The policy must not include a @Resource@ parameter.
+    --
+    -- For more information, see
+    -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html IAM Policies>.
+    policy :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PutPermissionPolicy' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceArn', 'putPermissionPolicy_resourceArn' - The Amazon Resource Name (ARN) of the RuleGroup to which you want to
+-- attach the policy.
+--
+-- 'policy', 'putPermissionPolicy_policy' - The policy to attach to the specified rule group.
+--
+-- The policy specifications must conform to the following:
+--
+-- -   The policy must be composed using IAM Policy version 2012-10-17 or
+--     version 2015-01-01.
+--
+-- -   The policy must include specifications for @Effect@, @Action@, and
+--     @Principal@.
+--
+-- -   @Effect@ must specify @Allow@.
+--
+-- -   @Action@ must specify @wafv2:CreateWebACL@, @wafv2:UpdateWebACL@,
+--     and @wafv2:PutFirewallManagerRuleGroups@ and may optionally specify
+--     @wafv2:GetRuleGroup@. WAF rejects any extra actions or wildcard
+--     actions in the policy.
+--
+-- -   The policy must not include a @Resource@ parameter.
+--
+-- For more information, see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html IAM Policies>.
+newPutPermissionPolicy ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  -- | 'policy'
+  Prelude.Text ->
+  PutPermissionPolicy
+newPutPermissionPolicy pResourceArn_ pPolicy_ =
+  PutPermissionPolicy'
+    { resourceArn = pResourceArn_,
+      policy = pPolicy_
+    }
+
+-- | The Amazon Resource Name (ARN) of the RuleGroup to which you want to
+-- attach the policy.
+putPermissionPolicy_resourceArn :: Lens.Lens' PutPermissionPolicy Prelude.Text
+putPermissionPolicy_resourceArn = Lens.lens (\PutPermissionPolicy' {resourceArn} -> resourceArn) (\s@PutPermissionPolicy' {} a -> s {resourceArn = a} :: PutPermissionPolicy)
+
+-- | The policy to attach to the specified rule group.
+--
+-- The policy specifications must conform to the following:
+--
+-- -   The policy must be composed using IAM Policy version 2012-10-17 or
+--     version 2015-01-01.
+--
+-- -   The policy must include specifications for @Effect@, @Action@, and
+--     @Principal@.
+--
+-- -   @Effect@ must specify @Allow@.
+--
+-- -   @Action@ must specify @wafv2:CreateWebACL@, @wafv2:UpdateWebACL@,
+--     and @wafv2:PutFirewallManagerRuleGroups@ and may optionally specify
+--     @wafv2:GetRuleGroup@. WAF rejects any extra actions or wildcard
+--     actions in the policy.
+--
+-- -   The policy must not include a @Resource@ parameter.
+--
+-- For more information, see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html IAM Policies>.
+putPermissionPolicy_policy :: Lens.Lens' PutPermissionPolicy Prelude.Text
+putPermissionPolicy_policy = Lens.lens (\PutPermissionPolicy' {policy} -> policy) (\s@PutPermissionPolicy' {} a -> s {policy = a} :: PutPermissionPolicy)
+
+instance Core.AWSRequest PutPermissionPolicy where
+  type
+    AWSResponse PutPermissionPolicy =
+      PutPermissionPolicyResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          PutPermissionPolicyResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable PutPermissionPolicy where
+  hashWithSalt _salt PutPermissionPolicy' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceArn
+      `Prelude.hashWithSalt` policy
+
+instance Prelude.NFData PutPermissionPolicy where
+  rnf PutPermissionPolicy' {..} =
+    Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf policy
+
+instance Data.ToHeaders PutPermissionPolicy where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.PutPermissionPolicy" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON PutPermissionPolicy where
+  toJSON PutPermissionPolicy' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("ResourceArn" Data..= resourceArn),
+            Prelude.Just ("Policy" Data..= policy)
+          ]
+      )
+
+instance Data.ToPath PutPermissionPolicy where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery PutPermissionPolicy where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newPutPermissionPolicyResponse' smart constructor.
+data PutPermissionPolicyResponse = PutPermissionPolicyResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PutPermissionPolicyResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'putPermissionPolicyResponse_httpStatus' - The response's http status code.
+newPutPermissionPolicyResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  PutPermissionPolicyResponse
+newPutPermissionPolicyResponse pHttpStatus_ =
+  PutPermissionPolicyResponse'
+    { httpStatus =
+        pHttpStatus_
+    }
+
+-- | The response's http status code.
+putPermissionPolicyResponse_httpStatus :: Lens.Lens' PutPermissionPolicyResponse Prelude.Int
+putPermissionPolicyResponse_httpStatus = Lens.lens (\PutPermissionPolicyResponse' {httpStatus} -> httpStatus) (\s@PutPermissionPolicyResponse' {} a -> s {httpStatus = a} :: PutPermissionPolicyResponse)
+
+instance Prelude.NFData PutPermissionPolicyResponse where
+  rnf PutPermissionPolicyResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/TagResource.hs b/gen/Amazonka/WAFV2/TagResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/TagResource.hs
@@ -0,0 +1,179 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.TagResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Associates tags with the specified Amazon Web Services resource. Tags
+-- are key:value pairs that you can use to categorize and manage your
+-- resources, for purposes like billing. For example, you might set the tag
+-- key to \"customer\" and the value to the customer name or ID. You can
+-- specify one or more tags to add to each Amazon Web Services resource, up
+-- to 50 tags for a resource.
+--
+-- You can tag the Amazon Web Services resources that you manage through
+-- WAF: web ACLs, rule groups, IP sets, and regex pattern sets. You can\'t
+-- manage or view tags through the WAF console.
+module Amazonka.WAFV2.TagResource
+  ( -- * Creating a Request
+    TagResource (..),
+    newTagResource,
+
+    -- * Request Lenses
+    tagResource_resourceARN,
+    tagResource_tags,
+
+    -- * Destructuring the Response
+    TagResourceResponse (..),
+    newTagResourceResponse,
+
+    -- * Response Lenses
+    tagResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newTagResource' smart constructor.
+data TagResource = TagResource'
+  { -- | The Amazon Resource Name (ARN) of the resource.
+    resourceARN :: Prelude.Text,
+    -- | An array of key:value pairs to associate with the resource.
+    tags :: Prelude.NonEmpty Tag
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TagResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceARN', 'tagResource_resourceARN' - The Amazon Resource Name (ARN) of the resource.
+--
+-- 'tags', 'tagResource_tags' - An array of key:value pairs to associate with the resource.
+newTagResource ::
+  -- | 'resourceARN'
+  Prelude.Text ->
+  -- | 'tags'
+  Prelude.NonEmpty Tag ->
+  TagResource
+newTagResource pResourceARN_ pTags_ =
+  TagResource'
+    { resourceARN = pResourceARN_,
+      tags = Lens.coerced Lens.# pTags_
+    }
+
+-- | The Amazon Resource Name (ARN) of the resource.
+tagResource_resourceARN :: Lens.Lens' TagResource Prelude.Text
+tagResource_resourceARN = Lens.lens (\TagResource' {resourceARN} -> resourceARN) (\s@TagResource' {} a -> s {resourceARN = a} :: TagResource)
+
+-- | An array of key:value pairs to associate with the resource.
+tagResource_tags :: Lens.Lens' TagResource (Prelude.NonEmpty Tag)
+tagResource_tags = Lens.lens (\TagResource' {tags} -> tags) (\s@TagResource' {} a -> s {tags = a} :: TagResource) Prelude.. Lens.coerced
+
+instance Core.AWSRequest TagResource where
+  type AWSResponse TagResource = TagResourceResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          TagResourceResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable TagResource where
+  hashWithSalt _salt TagResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceARN
+      `Prelude.hashWithSalt` tags
+
+instance Prelude.NFData TagResource where
+  rnf TagResource' {..} =
+    Prelude.rnf resourceARN
+      `Prelude.seq` Prelude.rnf tags
+
+instance Data.ToHeaders TagResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.TagResource" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON TagResource where
+  toJSON TagResource' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("ResourceARN" Data..= resourceARN),
+            Prelude.Just ("Tags" Data..= tags)
+          ]
+      )
+
+instance Data.ToPath TagResource where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery TagResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newTagResourceResponse' smart constructor.
+data TagResourceResponse = TagResourceResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TagResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'tagResourceResponse_httpStatus' - The response's http status code.
+newTagResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  TagResourceResponse
+newTagResourceResponse pHttpStatus_ =
+  TagResourceResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+tagResourceResponse_httpStatus :: Lens.Lens' TagResourceResponse Prelude.Int
+tagResourceResponse_httpStatus = Lens.lens (\TagResourceResponse' {httpStatus} -> httpStatus) (\s@TagResourceResponse' {} a -> s {httpStatus = a} :: TagResourceResponse)
+
+instance Prelude.NFData TagResourceResponse where
+  rnf TagResourceResponse' {..} = Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/Types.hs b/gen/Amazonka/WAFV2/Types.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types.hs
@@ -0,0 +1,1184 @@
+{-# LANGUAGE DisambiguateRecordFields #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types
+  ( -- * Service Configuration
+    defaultService,
+
+    -- * Errors
+    _WAFAssociatedItemException,
+    _WAFConfigurationWarningException,
+    _WAFDuplicateItemException,
+    _WAFExpiredManagedRuleGroupVersionException,
+    _WAFInternalErrorException,
+    _WAFInvalidOperationException,
+    _WAFInvalidParameterException,
+    _WAFInvalidPermissionPolicyException,
+    _WAFInvalidResourceException,
+    _WAFLimitsExceededException,
+    _WAFLogDestinationPermissionIssueException,
+    _WAFNonexistentItemException,
+    _WAFOptimisticLockException,
+    _WAFServiceLinkedRoleErrorException,
+    _WAFSubscriptionNotFoundException,
+    _WAFTagOperationException,
+    _WAFTagOperationInternalErrorException,
+    _WAFUnavailableEntityException,
+
+    -- * ActionValue
+    ActionValue (..),
+
+    -- * BodyParsingFallbackBehavior
+    BodyParsingFallbackBehavior (..),
+
+    -- * ComparisonOperator
+    ComparisonOperator (..),
+
+    -- * CountryCode
+    CountryCode (..),
+
+    -- * FailureReason
+    FailureReason (..),
+
+    -- * FallbackBehavior
+    FallbackBehavior (..),
+
+    -- * FilterBehavior
+    FilterBehavior (..),
+
+    -- * FilterRequirement
+    FilterRequirement (..),
+
+    -- * ForwardedIPPosition
+    ForwardedIPPosition (..),
+
+    -- * IPAddressVersion
+    IPAddressVersion (..),
+
+    -- * InspectionLevel
+    InspectionLevel (..),
+
+    -- * JsonMatchScope
+    JsonMatchScope (..),
+
+    -- * LabelMatchScope
+    LabelMatchScope (..),
+
+    -- * MapMatchScope
+    MapMatchScope (..),
+
+    -- * OversizeHandling
+    OversizeHandling (..),
+
+    -- * PayloadType
+    PayloadType (..),
+
+    -- * Platform
+    Platform (..),
+
+    -- * PositionalConstraint
+    PositionalConstraint (..),
+
+    -- * RateBasedStatementAggregateKeyType
+    RateBasedStatementAggregateKeyType (..),
+
+    -- * ResourceType
+    ResourceType (..),
+
+    -- * ResponseContentType
+    ResponseContentType (..),
+
+    -- * Scope
+    Scope (..),
+
+    -- * SensitivityLevel
+    SensitivityLevel (..),
+
+    -- * TextTransformationType
+    TextTransformationType (..),
+
+    -- * AWSManagedRulesBotControlRuleSet
+    AWSManagedRulesBotControlRuleSet (..),
+    newAWSManagedRulesBotControlRuleSet,
+    aWSManagedRulesBotControlRuleSet_inspectionLevel,
+
+    -- * ActionCondition
+    ActionCondition (..),
+    newActionCondition,
+    actionCondition_action,
+
+    -- * All
+    All (..),
+    newAll,
+
+    -- * AllQueryArguments
+    AllQueryArguments (..),
+    newAllQueryArguments,
+
+    -- * AllowAction
+    AllowAction (..),
+    newAllowAction,
+    allowAction_customRequestHandling,
+
+    -- * AndStatement
+    AndStatement (..),
+    newAndStatement,
+    andStatement_statements,
+
+    -- * BlockAction
+    BlockAction (..),
+    newBlockAction,
+    blockAction_customResponse,
+
+    -- * Body
+    Body (..),
+    newBody,
+    body_oversizeHandling,
+
+    -- * ByteMatchStatement
+    ByteMatchStatement (..),
+    newByteMatchStatement,
+    byteMatchStatement_searchString,
+    byteMatchStatement_fieldToMatch,
+    byteMatchStatement_textTransformations,
+    byteMatchStatement_positionalConstraint,
+
+    -- * CaptchaAction
+    CaptchaAction (..),
+    newCaptchaAction,
+    captchaAction_customRequestHandling,
+
+    -- * CaptchaConfig
+    CaptchaConfig (..),
+    newCaptchaConfig,
+    captchaConfig_immunityTimeProperty,
+
+    -- * CaptchaResponse
+    CaptchaResponse (..),
+    newCaptchaResponse,
+    captchaResponse_failureReason,
+    captchaResponse_responseCode,
+    captchaResponse_solveTimestamp,
+
+    -- * ChallengeAction
+    ChallengeAction (..),
+    newChallengeAction,
+    challengeAction_customRequestHandling,
+
+    -- * ChallengeConfig
+    ChallengeConfig (..),
+    newChallengeConfig,
+    challengeConfig_immunityTimeProperty,
+
+    -- * ChallengeResponse
+    ChallengeResponse (..),
+    newChallengeResponse,
+    challengeResponse_failureReason,
+    challengeResponse_responseCode,
+    challengeResponse_solveTimestamp,
+
+    -- * Condition
+    Condition (..),
+    newCondition,
+    condition_actionCondition,
+    condition_labelNameCondition,
+
+    -- * CookieMatchPattern
+    CookieMatchPattern (..),
+    newCookieMatchPattern,
+    cookieMatchPattern_all,
+    cookieMatchPattern_excludedCookies,
+    cookieMatchPattern_includedCookies,
+
+    -- * Cookies
+    Cookies (..),
+    newCookies,
+    cookies_matchPattern,
+    cookies_matchScope,
+    cookies_oversizeHandling,
+
+    -- * CountAction
+    CountAction (..),
+    newCountAction,
+    countAction_customRequestHandling,
+
+    -- * CustomHTTPHeader
+    CustomHTTPHeader (..),
+    newCustomHTTPHeader,
+    customHTTPHeader_name,
+    customHTTPHeader_value,
+
+    -- * CustomRequestHandling
+    CustomRequestHandling (..),
+    newCustomRequestHandling,
+    customRequestHandling_insertHeaders,
+
+    -- * CustomResponse
+    CustomResponse (..),
+    newCustomResponse,
+    customResponse_customResponseBodyKey,
+    customResponse_responseHeaders,
+    customResponse_responseCode,
+
+    -- * CustomResponseBody
+    CustomResponseBody (..),
+    newCustomResponseBody,
+    customResponseBody_contentType,
+    customResponseBody_content,
+
+    -- * DefaultAction
+    DefaultAction (..),
+    newDefaultAction,
+    defaultAction_allow,
+    defaultAction_block,
+
+    -- * ExcludedRule
+    ExcludedRule (..),
+    newExcludedRule,
+    excludedRule_name,
+
+    -- * FieldToMatch
+    FieldToMatch (..),
+    newFieldToMatch,
+    fieldToMatch_allQueryArguments,
+    fieldToMatch_body,
+    fieldToMatch_cookies,
+    fieldToMatch_headers,
+    fieldToMatch_jsonBody,
+    fieldToMatch_method,
+    fieldToMatch_queryString,
+    fieldToMatch_singleHeader,
+    fieldToMatch_singleQueryArgument,
+    fieldToMatch_uriPath,
+
+    -- * Filter
+    Filter (..),
+    newFilter,
+    filter_behavior,
+    filter_requirement,
+    filter_conditions,
+
+    -- * FirewallManagerRuleGroup
+    FirewallManagerRuleGroup (..),
+    newFirewallManagerRuleGroup,
+    firewallManagerRuleGroup_name,
+    firewallManagerRuleGroup_priority,
+    firewallManagerRuleGroup_firewallManagerStatement,
+    firewallManagerRuleGroup_overrideAction,
+    firewallManagerRuleGroup_visibilityConfig,
+
+    -- * FirewallManagerStatement
+    FirewallManagerStatement (..),
+    newFirewallManagerStatement,
+    firewallManagerStatement_managedRuleGroupStatement,
+    firewallManagerStatement_ruleGroupReferenceStatement,
+
+    -- * ForwardedIPConfig
+    ForwardedIPConfig (..),
+    newForwardedIPConfig,
+    forwardedIPConfig_headerName,
+    forwardedIPConfig_fallbackBehavior,
+
+    -- * GeoMatchStatement
+    GeoMatchStatement (..),
+    newGeoMatchStatement,
+    geoMatchStatement_countryCodes,
+    geoMatchStatement_forwardedIPConfig,
+
+    -- * HTTPHeader
+    HTTPHeader (..),
+    newHTTPHeader,
+    hTTPHeader_name,
+    hTTPHeader_value,
+
+    -- * HTTPRequest
+    HTTPRequest (..),
+    newHTTPRequest,
+    hTTPRequest_clientIP,
+    hTTPRequest_country,
+    hTTPRequest_hTTPVersion,
+    hTTPRequest_headers,
+    hTTPRequest_method,
+    hTTPRequest_uri,
+
+    -- * HeaderMatchPattern
+    HeaderMatchPattern (..),
+    newHeaderMatchPattern,
+    headerMatchPattern_all,
+    headerMatchPattern_excludedHeaders,
+    headerMatchPattern_includedHeaders,
+
+    -- * Headers
+    Headers (..),
+    newHeaders,
+    headers_matchPattern,
+    headers_matchScope,
+    headers_oversizeHandling,
+
+    -- * IPSet
+    IPSet (..),
+    newIPSet,
+    iPSet_description,
+    iPSet_name,
+    iPSet_id,
+    iPSet_arn,
+    iPSet_iPAddressVersion,
+    iPSet_addresses,
+
+    -- * IPSetForwardedIPConfig
+    IPSetForwardedIPConfig (..),
+    newIPSetForwardedIPConfig,
+    iPSetForwardedIPConfig_headerName,
+    iPSetForwardedIPConfig_fallbackBehavior,
+    iPSetForwardedIPConfig_position,
+
+    -- * IPSetReferenceStatement
+    IPSetReferenceStatement (..),
+    newIPSetReferenceStatement,
+    iPSetReferenceStatement_iPSetForwardedIPConfig,
+    iPSetReferenceStatement_arn,
+
+    -- * IPSetSummary
+    IPSetSummary (..),
+    newIPSetSummary,
+    iPSetSummary_arn,
+    iPSetSummary_description,
+    iPSetSummary_id,
+    iPSetSummary_lockToken,
+    iPSetSummary_name,
+
+    -- * ImmunityTimeProperty
+    ImmunityTimeProperty (..),
+    newImmunityTimeProperty,
+    immunityTimeProperty_immunityTime,
+
+    -- * JsonBody
+    JsonBody (..),
+    newJsonBody,
+    jsonBody_invalidFallbackBehavior,
+    jsonBody_oversizeHandling,
+    jsonBody_matchPattern,
+    jsonBody_matchScope,
+
+    -- * JsonMatchPattern
+    JsonMatchPattern (..),
+    newJsonMatchPattern,
+    jsonMatchPattern_all,
+    jsonMatchPattern_includedPaths,
+
+    -- * Label
+    Label (..),
+    newLabel,
+    label_name,
+
+    -- * LabelMatchStatement
+    LabelMatchStatement (..),
+    newLabelMatchStatement,
+    labelMatchStatement_scope,
+    labelMatchStatement_key,
+
+    -- * LabelNameCondition
+    LabelNameCondition (..),
+    newLabelNameCondition,
+    labelNameCondition_labelName,
+
+    -- * LabelSummary
+    LabelSummary (..),
+    newLabelSummary,
+    labelSummary_name,
+
+    -- * LoggingConfiguration
+    LoggingConfiguration (..),
+    newLoggingConfiguration,
+    loggingConfiguration_loggingFilter,
+    loggingConfiguration_managedByFirewallManager,
+    loggingConfiguration_redactedFields,
+    loggingConfiguration_resourceArn,
+    loggingConfiguration_logDestinationConfigs,
+
+    -- * LoggingFilter
+    LoggingFilter (..),
+    newLoggingFilter,
+    loggingFilter_filters,
+    loggingFilter_defaultBehavior,
+
+    -- * ManagedRuleGroupConfig
+    ManagedRuleGroupConfig (..),
+    newManagedRuleGroupConfig,
+    managedRuleGroupConfig_aWSManagedRulesBotControlRuleSet,
+    managedRuleGroupConfig_loginPath,
+    managedRuleGroupConfig_passwordField,
+    managedRuleGroupConfig_payloadType,
+    managedRuleGroupConfig_usernameField,
+
+    -- * ManagedRuleGroupStatement
+    ManagedRuleGroupStatement (..),
+    newManagedRuleGroupStatement,
+    managedRuleGroupStatement_excludedRules,
+    managedRuleGroupStatement_managedRuleGroupConfigs,
+    managedRuleGroupStatement_ruleActionOverrides,
+    managedRuleGroupStatement_scopeDownStatement,
+    managedRuleGroupStatement_version,
+    managedRuleGroupStatement_vendorName,
+    managedRuleGroupStatement_name,
+
+    -- * ManagedRuleGroupSummary
+    ManagedRuleGroupSummary (..),
+    newManagedRuleGroupSummary,
+    managedRuleGroupSummary_description,
+    managedRuleGroupSummary_name,
+    managedRuleGroupSummary_vendorName,
+    managedRuleGroupSummary_versioningSupported,
+
+    -- * ManagedRuleGroupVersion
+    ManagedRuleGroupVersion (..),
+    newManagedRuleGroupVersion,
+    managedRuleGroupVersion_lastUpdateTimestamp,
+    managedRuleGroupVersion_name,
+
+    -- * ManagedRuleSet
+    ManagedRuleSet (..),
+    newManagedRuleSet,
+    managedRuleSet_description,
+    managedRuleSet_labelNamespace,
+    managedRuleSet_publishedVersions,
+    managedRuleSet_recommendedVersion,
+    managedRuleSet_name,
+    managedRuleSet_id,
+    managedRuleSet_arn,
+
+    -- * ManagedRuleSetSummary
+    ManagedRuleSetSummary (..),
+    newManagedRuleSetSummary,
+    managedRuleSetSummary_arn,
+    managedRuleSetSummary_description,
+    managedRuleSetSummary_id,
+    managedRuleSetSummary_labelNamespace,
+    managedRuleSetSummary_lockToken,
+    managedRuleSetSummary_name,
+
+    -- * ManagedRuleSetVersion
+    ManagedRuleSetVersion (..),
+    newManagedRuleSetVersion,
+    managedRuleSetVersion_associatedRuleGroupArn,
+    managedRuleSetVersion_capacity,
+    managedRuleSetVersion_expiryTimestamp,
+    managedRuleSetVersion_forecastedLifetime,
+    managedRuleSetVersion_lastUpdateTimestamp,
+    managedRuleSetVersion_publishTimestamp,
+
+    -- * Method
+    Method (..),
+    newMethod,
+
+    -- * MobileSdkRelease
+    MobileSdkRelease (..),
+    newMobileSdkRelease,
+    mobileSdkRelease_releaseNotes,
+    mobileSdkRelease_releaseVersion,
+    mobileSdkRelease_tags,
+    mobileSdkRelease_timestamp,
+
+    -- * NoneAction
+    NoneAction (..),
+    newNoneAction,
+
+    -- * NotStatement
+    NotStatement (..),
+    newNotStatement,
+    notStatement_statement,
+
+    -- * OrStatement
+    OrStatement (..),
+    newOrStatement,
+    orStatement_statements,
+
+    -- * OverrideAction
+    OverrideAction (..),
+    newOverrideAction,
+    overrideAction_count,
+    overrideAction_none,
+
+    -- * PasswordField
+    PasswordField (..),
+    newPasswordField,
+    passwordField_identifier,
+
+    -- * QueryString
+    QueryString (..),
+    newQueryString,
+
+    -- * RateBasedStatement
+    RateBasedStatement (..),
+    newRateBasedStatement,
+    rateBasedStatement_forwardedIPConfig,
+    rateBasedStatement_scopeDownStatement,
+    rateBasedStatement_limit,
+    rateBasedStatement_aggregateKeyType,
+
+    -- * RateBasedStatementManagedKeysIPSet
+    RateBasedStatementManagedKeysIPSet (..),
+    newRateBasedStatementManagedKeysIPSet,
+    rateBasedStatementManagedKeysIPSet_addresses,
+    rateBasedStatementManagedKeysIPSet_iPAddressVersion,
+
+    -- * Regex
+    Regex (..),
+    newRegex,
+    regex_regexString,
+
+    -- * RegexMatchStatement
+    RegexMatchStatement (..),
+    newRegexMatchStatement,
+    regexMatchStatement_regexString,
+    regexMatchStatement_fieldToMatch,
+    regexMatchStatement_textTransformations,
+
+    -- * RegexPatternSet
+    RegexPatternSet (..),
+    newRegexPatternSet,
+    regexPatternSet_arn,
+    regexPatternSet_description,
+    regexPatternSet_id,
+    regexPatternSet_name,
+    regexPatternSet_regularExpressionList,
+
+    -- * RegexPatternSetReferenceStatement
+    RegexPatternSetReferenceStatement (..),
+    newRegexPatternSetReferenceStatement,
+    regexPatternSetReferenceStatement_arn,
+    regexPatternSetReferenceStatement_fieldToMatch,
+    regexPatternSetReferenceStatement_textTransformations,
+
+    -- * RegexPatternSetSummary
+    RegexPatternSetSummary (..),
+    newRegexPatternSetSummary,
+    regexPatternSetSummary_arn,
+    regexPatternSetSummary_description,
+    regexPatternSetSummary_id,
+    regexPatternSetSummary_lockToken,
+    regexPatternSetSummary_name,
+
+    -- * ReleaseSummary
+    ReleaseSummary (..),
+    newReleaseSummary,
+    releaseSummary_releaseVersion,
+    releaseSummary_timestamp,
+
+    -- * Rule
+    Rule (..),
+    newRule,
+    rule_action,
+    rule_captchaConfig,
+    rule_challengeConfig,
+    rule_overrideAction,
+    rule_ruleLabels,
+    rule_name,
+    rule_priority,
+    rule_statement,
+    rule_visibilityConfig,
+
+    -- * RuleAction
+    RuleAction (..),
+    newRuleAction,
+    ruleAction_allow,
+    ruleAction_block,
+    ruleAction_captcha,
+    ruleAction_challenge,
+    ruleAction_count,
+
+    -- * RuleActionOverride
+    RuleActionOverride (..),
+    newRuleActionOverride,
+    ruleActionOverride_name,
+    ruleActionOverride_actionToUse,
+
+    -- * RuleGroup
+    RuleGroup (..),
+    newRuleGroup,
+    ruleGroup_availableLabels,
+    ruleGroup_consumedLabels,
+    ruleGroup_customResponseBodies,
+    ruleGroup_description,
+    ruleGroup_labelNamespace,
+    ruleGroup_rules,
+    ruleGroup_name,
+    ruleGroup_id,
+    ruleGroup_capacity,
+    ruleGroup_arn,
+    ruleGroup_visibilityConfig,
+
+    -- * RuleGroupReferenceStatement
+    RuleGroupReferenceStatement (..),
+    newRuleGroupReferenceStatement,
+    ruleGroupReferenceStatement_excludedRules,
+    ruleGroupReferenceStatement_ruleActionOverrides,
+    ruleGroupReferenceStatement_arn,
+
+    -- * RuleGroupSummary
+    RuleGroupSummary (..),
+    newRuleGroupSummary,
+    ruleGroupSummary_arn,
+    ruleGroupSummary_description,
+    ruleGroupSummary_id,
+    ruleGroupSummary_lockToken,
+    ruleGroupSummary_name,
+
+    -- * RuleSummary
+    RuleSummary (..),
+    newRuleSummary,
+    ruleSummary_action,
+    ruleSummary_name,
+
+    -- * SampledHTTPRequest
+    SampledHTTPRequest (..),
+    newSampledHTTPRequest,
+    sampledHTTPRequest_action,
+    sampledHTTPRequest_captchaResponse,
+    sampledHTTPRequest_challengeResponse,
+    sampledHTTPRequest_labels,
+    sampledHTTPRequest_overriddenAction,
+    sampledHTTPRequest_requestHeadersInserted,
+    sampledHTTPRequest_responseCodeSent,
+    sampledHTTPRequest_ruleNameWithinRuleGroup,
+    sampledHTTPRequest_timestamp,
+    sampledHTTPRequest_request,
+    sampledHTTPRequest_weight,
+
+    -- * SingleHeader
+    SingleHeader (..),
+    newSingleHeader,
+    singleHeader_name,
+
+    -- * SingleQueryArgument
+    SingleQueryArgument (..),
+    newSingleQueryArgument,
+    singleQueryArgument_name,
+
+    -- * SizeConstraintStatement
+    SizeConstraintStatement (..),
+    newSizeConstraintStatement,
+    sizeConstraintStatement_fieldToMatch,
+    sizeConstraintStatement_comparisonOperator,
+    sizeConstraintStatement_size,
+    sizeConstraintStatement_textTransformations,
+
+    -- * SqliMatchStatement
+    SqliMatchStatement (..),
+    newSqliMatchStatement,
+    sqliMatchStatement_sensitivityLevel,
+    sqliMatchStatement_fieldToMatch,
+    sqliMatchStatement_textTransformations,
+
+    -- * Statement
+    Statement (..),
+    newStatement,
+    statement_andStatement,
+    statement_byteMatchStatement,
+    statement_geoMatchStatement,
+    statement_iPSetReferenceStatement,
+    statement_labelMatchStatement,
+    statement_managedRuleGroupStatement,
+    statement_notStatement,
+    statement_orStatement,
+    statement_rateBasedStatement,
+    statement_regexMatchStatement,
+    statement_regexPatternSetReferenceStatement,
+    statement_ruleGroupReferenceStatement,
+    statement_sizeConstraintStatement,
+    statement_sqliMatchStatement,
+    statement_xssMatchStatement,
+
+    -- * Tag
+    Tag (..),
+    newTag,
+    tag_key,
+    tag_value,
+
+    -- * TagInfoForResource
+    TagInfoForResource (..),
+    newTagInfoForResource,
+    tagInfoForResource_resourceARN,
+    tagInfoForResource_tagList,
+
+    -- * TextTransformation
+    TextTransformation (..),
+    newTextTransformation,
+    textTransformation_priority,
+    textTransformation_type,
+
+    -- * TimeWindow
+    TimeWindow (..),
+    newTimeWindow,
+    timeWindow_startTime,
+    timeWindow_endTime,
+
+    -- * UriPath
+    UriPath (..),
+    newUriPath,
+
+    -- * UsernameField
+    UsernameField (..),
+    newUsernameField,
+    usernameField_identifier,
+
+    -- * VersionToPublish
+    VersionToPublish (..),
+    newVersionToPublish,
+    versionToPublish_associatedRuleGroupArn,
+    versionToPublish_forecastedLifetime,
+
+    -- * VisibilityConfig
+    VisibilityConfig (..),
+    newVisibilityConfig,
+    visibilityConfig_sampledRequestsEnabled,
+    visibilityConfig_cloudWatchMetricsEnabled,
+    visibilityConfig_metricName,
+
+    -- * WebACL
+    WebACL (..),
+    newWebACL,
+    webACL_capacity,
+    webACL_captchaConfig,
+    webACL_challengeConfig,
+    webACL_customResponseBodies,
+    webACL_description,
+    webACL_labelNamespace,
+    webACL_managedByFirewallManager,
+    webACL_postProcessFirewallManagerRuleGroups,
+    webACL_preProcessFirewallManagerRuleGroups,
+    webACL_rules,
+    webACL_tokenDomains,
+    webACL_name,
+    webACL_id,
+    webACL_arn,
+    webACL_defaultAction,
+    webACL_visibilityConfig,
+
+    -- * WebACLSummary
+    WebACLSummary (..),
+    newWebACLSummary,
+    webACLSummary_arn,
+    webACLSummary_description,
+    webACLSummary_id,
+    webACLSummary_lockToken,
+    webACLSummary_name,
+
+    -- * XssMatchStatement
+    XssMatchStatement (..),
+    newXssMatchStatement,
+    xssMatchStatement_fieldToMatch,
+    xssMatchStatement_textTransformations,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Sign.V4 as Sign
+import Amazonka.WAFV2.Types.AWSManagedRulesBotControlRuleSet
+import Amazonka.WAFV2.Types.ActionCondition
+import Amazonka.WAFV2.Types.ActionValue
+import Amazonka.WAFV2.Types.All
+import Amazonka.WAFV2.Types.AllQueryArguments
+import Amazonka.WAFV2.Types.AllowAction
+import Amazonka.WAFV2.Types.AndStatement
+import Amazonka.WAFV2.Types.BlockAction
+import Amazonka.WAFV2.Types.Body
+import Amazonka.WAFV2.Types.BodyParsingFallbackBehavior
+import Amazonka.WAFV2.Types.ByteMatchStatement
+import Amazonka.WAFV2.Types.CaptchaAction
+import Amazonka.WAFV2.Types.CaptchaConfig
+import Amazonka.WAFV2.Types.CaptchaResponse
+import Amazonka.WAFV2.Types.ChallengeAction
+import Amazonka.WAFV2.Types.ChallengeConfig
+import Amazonka.WAFV2.Types.ChallengeResponse
+import Amazonka.WAFV2.Types.ComparisonOperator
+import Amazonka.WAFV2.Types.Condition
+import Amazonka.WAFV2.Types.CookieMatchPattern
+import Amazonka.WAFV2.Types.Cookies
+import Amazonka.WAFV2.Types.CountAction
+import Amazonka.WAFV2.Types.CountryCode
+import Amazonka.WAFV2.Types.CustomHTTPHeader
+import Amazonka.WAFV2.Types.CustomRequestHandling
+import Amazonka.WAFV2.Types.CustomResponse
+import Amazonka.WAFV2.Types.CustomResponseBody
+import Amazonka.WAFV2.Types.DefaultAction
+import Amazonka.WAFV2.Types.ExcludedRule
+import Amazonka.WAFV2.Types.FailureReason
+import Amazonka.WAFV2.Types.FallbackBehavior
+import Amazonka.WAFV2.Types.FieldToMatch
+import Amazonka.WAFV2.Types.Filter
+import Amazonka.WAFV2.Types.FilterBehavior
+import Amazonka.WAFV2.Types.FilterRequirement
+import Amazonka.WAFV2.Types.FirewallManagerRuleGroup
+import Amazonka.WAFV2.Types.FirewallManagerStatement
+import Amazonka.WAFV2.Types.ForwardedIPConfig
+import Amazonka.WAFV2.Types.ForwardedIPPosition
+import Amazonka.WAFV2.Types.GeoMatchStatement
+import Amazonka.WAFV2.Types.HTTPHeader
+import Amazonka.WAFV2.Types.HTTPRequest
+import Amazonka.WAFV2.Types.HeaderMatchPattern
+import Amazonka.WAFV2.Types.Headers
+import Amazonka.WAFV2.Types.IPAddressVersion
+import Amazonka.WAFV2.Types.IPSet
+import Amazonka.WAFV2.Types.IPSetForwardedIPConfig
+import Amazonka.WAFV2.Types.IPSetReferenceStatement
+import Amazonka.WAFV2.Types.IPSetSummary
+import Amazonka.WAFV2.Types.ImmunityTimeProperty
+import Amazonka.WAFV2.Types.InspectionLevel
+import Amazonka.WAFV2.Types.JsonBody
+import Amazonka.WAFV2.Types.JsonMatchPattern
+import Amazonka.WAFV2.Types.JsonMatchScope
+import Amazonka.WAFV2.Types.Label
+import Amazonka.WAFV2.Types.LabelMatchScope
+import Amazonka.WAFV2.Types.LabelMatchStatement
+import Amazonka.WAFV2.Types.LabelNameCondition
+import Amazonka.WAFV2.Types.LabelSummary
+import Amazonka.WAFV2.Types.LoggingConfiguration
+import Amazonka.WAFV2.Types.LoggingFilter
+import Amazonka.WAFV2.Types.ManagedRuleGroupConfig
+import Amazonka.WAFV2.Types.ManagedRuleGroupStatement
+import Amazonka.WAFV2.Types.ManagedRuleGroupSummary
+import Amazonka.WAFV2.Types.ManagedRuleGroupVersion
+import Amazonka.WAFV2.Types.ManagedRuleSet
+import Amazonka.WAFV2.Types.ManagedRuleSetSummary
+import Amazonka.WAFV2.Types.ManagedRuleSetVersion
+import Amazonka.WAFV2.Types.MapMatchScope
+import Amazonka.WAFV2.Types.Method
+import Amazonka.WAFV2.Types.MobileSdkRelease
+import Amazonka.WAFV2.Types.NoneAction
+import Amazonka.WAFV2.Types.NotStatement
+import Amazonka.WAFV2.Types.OrStatement
+import Amazonka.WAFV2.Types.OverrideAction
+import Amazonka.WAFV2.Types.OversizeHandling
+import Amazonka.WAFV2.Types.PasswordField
+import Amazonka.WAFV2.Types.PayloadType
+import Amazonka.WAFV2.Types.Platform
+import Amazonka.WAFV2.Types.PositionalConstraint
+import Amazonka.WAFV2.Types.QueryString
+import Amazonka.WAFV2.Types.RateBasedStatement
+import Amazonka.WAFV2.Types.RateBasedStatementAggregateKeyType
+import Amazonka.WAFV2.Types.RateBasedStatementManagedKeysIPSet
+import Amazonka.WAFV2.Types.Regex
+import Amazonka.WAFV2.Types.RegexMatchStatement
+import Amazonka.WAFV2.Types.RegexPatternSet
+import Amazonka.WAFV2.Types.RegexPatternSetReferenceStatement
+import Amazonka.WAFV2.Types.RegexPatternSetSummary
+import Amazonka.WAFV2.Types.ReleaseSummary
+import Amazonka.WAFV2.Types.ResourceType
+import Amazonka.WAFV2.Types.ResponseContentType
+import Amazonka.WAFV2.Types.Rule
+import Amazonka.WAFV2.Types.RuleAction
+import Amazonka.WAFV2.Types.RuleActionOverride
+import Amazonka.WAFV2.Types.RuleGroup
+import Amazonka.WAFV2.Types.RuleGroupReferenceStatement
+import Amazonka.WAFV2.Types.RuleGroupSummary
+import Amazonka.WAFV2.Types.RuleSummary
+import Amazonka.WAFV2.Types.SampledHTTPRequest
+import Amazonka.WAFV2.Types.Scope
+import Amazonka.WAFV2.Types.SensitivityLevel
+import Amazonka.WAFV2.Types.SingleHeader
+import Amazonka.WAFV2.Types.SingleQueryArgument
+import Amazonka.WAFV2.Types.SizeConstraintStatement
+import Amazonka.WAFV2.Types.SqliMatchStatement
+import Amazonka.WAFV2.Types.Statement
+import Amazonka.WAFV2.Types.Tag
+import Amazonka.WAFV2.Types.TagInfoForResource
+import Amazonka.WAFV2.Types.TextTransformation
+import Amazonka.WAFV2.Types.TextTransformationType
+import Amazonka.WAFV2.Types.TimeWindow
+import Amazonka.WAFV2.Types.UriPath
+import Amazonka.WAFV2.Types.UsernameField
+import Amazonka.WAFV2.Types.VersionToPublish
+import Amazonka.WAFV2.Types.VisibilityConfig
+import Amazonka.WAFV2.Types.WebACL
+import Amazonka.WAFV2.Types.WebACLSummary
+import Amazonka.WAFV2.Types.XssMatchStatement
+
+-- | API version @2019-07-29@ of the Amazon WAFV2 SDK configuration.
+defaultService :: Core.Service
+defaultService =
+  Core.Service
+    { Core.abbrev = "WAFV2",
+      Core.signer = Sign.v4,
+      Core.endpointPrefix = "wafv2",
+      Core.signingName = "wafv2",
+      Core.version = "2019-07-29",
+      Core.s3AddressingStyle = Core.S3AddressingStyleAuto,
+      Core.endpoint = Core.defaultEndpoint defaultService,
+      Core.timeout = Prelude.Just 70,
+      Core.check = Core.statusSuccess,
+      Core.error = Core.parseJSONError "WAFV2",
+      Core.retry = retry
+    }
+  where
+    retry =
+      Core.Exponential
+        { Core.base = 5.0e-2,
+          Core.growth = 2,
+          Core.attempts = 5,
+          Core.check = check
+        }
+    check e
+      | Lens.has (Core.hasStatus 502) e =
+          Prelude.Just "bad_gateway"
+      | Lens.has (Core.hasStatus 504) e =
+          Prelude.Just "gateway_timeout"
+      | Lens.has (Core.hasStatus 500) e =
+          Prelude.Just "general_server_error"
+      | Lens.has (Core.hasStatus 509) e =
+          Prelude.Just "limit_exceeded"
+      | Lens.has
+          ( Core.hasCode "RequestThrottledException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "request_throttled_exception"
+      | Lens.has (Core.hasStatus 503) e =
+          Prelude.Just "service_unavailable"
+      | Lens.has
+          ( Core.hasCode "ThrottledException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttled_exception"
+      | Lens.has
+          ( Core.hasCode "Throttling"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttling"
+      | Lens.has
+          ( Core.hasCode "ThrottlingException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throttling_exception"
+      | Lens.has
+          ( Core.hasCode
+              "ProvisionedThroughputExceededException"
+              Prelude.. Core.hasStatus 400
+          )
+          e =
+          Prelude.Just "throughput_exceeded"
+      | Lens.has (Core.hasStatus 429) e =
+          Prelude.Just "too_many_requests"
+      | Prelude.otherwise = Prelude.Nothing
+
+-- | WAF couldn’t perform the operation because your resource is being used
+-- by another resource or it’s associated with another resource.
+_WAFAssociatedItemException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_WAFAssociatedItemException =
+  Core._MatchServiceError
+    defaultService
+    "WAFAssociatedItemException"
+
+-- | The operation failed because you are inspecting the web request body,
+-- headers, or cookies without specifying how to handle oversize
+-- components. Rules that inspect the body must either provide an
+-- @OversizeHandling@ configuration or they must be preceded by a
+-- @SizeConstraintStatement@ that blocks the body content from being too
+-- large. Rules that inspect the headers or cookies must provide an
+-- @OversizeHandling@ configuration.
+--
+-- Provide the handling configuration and retry your operation.
+--
+-- Alternately, you can suppress this warning by adding the following tag
+-- to the resource that you provide to this operation: @Tag@
+-- (key:@WAF:OversizeFieldsHandlingConstraintOptOut@, value:@true@).
+_WAFConfigurationWarningException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_WAFConfigurationWarningException =
+  Core._MatchServiceError
+    defaultService
+    "WAFConfigurationWarningException"
+
+-- | WAF couldn’t perform the operation because the resource that you tried
+-- to save is a duplicate of an existing one.
+_WAFDuplicateItemException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_WAFDuplicateItemException =
+  Core._MatchServiceError
+    defaultService
+    "WAFDuplicateItemException"
+
+-- | The operation failed because the specified version for the managed rule
+-- group has expired. You can retrieve the available versions for the
+-- managed rule group by calling ListAvailableManagedRuleGroupVersions.
+_WAFExpiredManagedRuleGroupVersionException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_WAFExpiredManagedRuleGroupVersionException =
+  Core._MatchServiceError
+    defaultService
+    "WAFExpiredManagedRuleGroupVersionException"
+
+-- | Your request is valid, but WAF couldn’t perform the operation because of
+-- a system problem. Retry your request.
+_WAFInternalErrorException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_WAFInternalErrorException =
+  Core._MatchServiceError
+    defaultService
+    "WAFInternalErrorException"
+
+-- | The operation isn\'t valid.
+_WAFInvalidOperationException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_WAFInvalidOperationException =
+  Core._MatchServiceError
+    defaultService
+    "WAFInvalidOperationException"
+
+-- | The operation failed because WAF didn\'t recognize a parameter in the
+-- request. For example:
+--
+-- -   You specified a parameter name or value that isn\'t valid.
+--
+-- -   Your nested statement isn\'t valid. You might have tried to nest a
+--     statement that can’t be nested.
+--
+-- -   You tried to update a @WebACL@ with a @DefaultAction@ that isn\'t
+--     among the types available at DefaultAction.
+--
+-- -   Your request references an ARN that is malformed, or corresponds to
+--     a resource with which a web ACL can\'t be associated.
+_WAFInvalidParameterException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_WAFInvalidParameterException =
+  Core._MatchServiceError
+    defaultService
+    "WAFInvalidParameterException"
+
+-- | The operation failed because the specified policy isn\'t in the proper
+-- format.
+--
+-- The policy specifications must conform to the following:
+--
+-- -   The policy must be composed using IAM Policy version 2012-10-17 or
+--     version 2015-01-01.
+--
+-- -   The policy must include specifications for @Effect@, @Action@, and
+--     @Principal@.
+--
+-- -   @Effect@ must specify @Allow@.
+--
+-- -   @Action@ must specify @wafv2:CreateWebACL@, @wafv2:UpdateWebACL@,
+--     and @wafv2:PutFirewallManagerRuleGroups@ and may optionally specify
+--     @wafv2:GetRuleGroup@. WAF rejects any extra actions or wildcard
+--     actions in the policy.
+--
+-- -   The policy must not include a @Resource@ parameter.
+--
+-- For more information, see
+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies.html IAM Policies>.
+_WAFInvalidPermissionPolicyException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_WAFInvalidPermissionPolicyException =
+  Core._MatchServiceError
+    defaultService
+    "WAFInvalidPermissionPolicyException"
+
+-- | WAF couldn’t perform the operation because the resource that you
+-- requested isn’t valid. Check the resource, and try again.
+_WAFInvalidResourceException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_WAFInvalidResourceException =
+  Core._MatchServiceError
+    defaultService
+    "WAFInvalidResourceException"
+
+-- | WAF couldn’t perform the operation because you exceeded your resource
+-- limit. For example, the maximum number of @WebACL@ objects that you can
+-- create for an Amazon Web Services account. For more information, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+-- in the /WAF Developer Guide/.
+_WAFLimitsExceededException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_WAFLimitsExceededException =
+  Core._MatchServiceError
+    defaultService
+    "WAFLimitsExceededException"
+
+-- | The operation failed because you don\'t have the permissions that your
+-- logging configuration requires. For information, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/logging.html Logging web ACL traffic information>
+-- in the /WAF Developer Guide/.
+_WAFLogDestinationPermissionIssueException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_WAFLogDestinationPermissionIssueException =
+  Core._MatchServiceError
+    defaultService
+    "WAFLogDestinationPermissionIssueException"
+
+-- | WAF couldn’t perform the operation because your resource doesn\'t exist.
+-- If you\'ve just created a resource that you\'re using in this operation,
+-- you might just need to wait a few minutes. It can take from a few
+-- seconds to a number of minutes for changes to propagate.
+_WAFNonexistentItemException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_WAFNonexistentItemException =
+  Core._MatchServiceError
+    defaultService
+    "WAFNonexistentItemException"
+
+-- | WAF couldn’t save your changes because you tried to update or delete a
+-- resource that has changed since you last retrieved it. Get the resource
+-- again, make any changes you need to make to the new copy, and retry your
+-- operation.
+_WAFOptimisticLockException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_WAFOptimisticLockException =
+  Core._MatchServiceError
+    defaultService
+    "WAFOptimisticLockException"
+
+-- | WAF is not able to access the service linked role. This can be caused by
+-- a previous @PutLoggingConfiguration@ request, which can lock the service
+-- linked role for about 20 seconds. Please try your request again. The
+-- service linked role can also be locked by a previous
+-- @DeleteServiceLinkedRole@ request, which can lock the role for 15
+-- minutes or more. If you recently made a call to
+-- @DeleteServiceLinkedRole@, wait at least 15 minutes and try the request
+-- again. If you receive this same exception again, you will have to wait
+-- additional time until the role is unlocked.
+_WAFServiceLinkedRoleErrorException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_WAFServiceLinkedRoleErrorException =
+  Core._MatchServiceError
+    defaultService
+    "WAFServiceLinkedRoleErrorException"
+
+-- | You tried to use a managed rule group that\'s available by subscription,
+-- but you aren\'t subscribed to it yet.
+_WAFSubscriptionNotFoundException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_WAFSubscriptionNotFoundException =
+  Core._MatchServiceError
+    defaultService
+    "WAFSubscriptionNotFoundException"
+
+-- | An error occurred during the tagging operation. Retry your request.
+_WAFTagOperationException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_WAFTagOperationException =
+  Core._MatchServiceError
+    defaultService
+    "WAFTagOperationException"
+
+-- | WAF couldn’t perform your tagging operation because of an internal
+-- error. Retry your request.
+_WAFTagOperationInternalErrorException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_WAFTagOperationInternalErrorException =
+  Core._MatchServiceError
+    defaultService
+    "WAFTagOperationInternalErrorException"
+
+-- | WAF couldn’t retrieve a resource that you specified for this operation.
+-- If you\'ve just created a resource that you\'re using in this operation,
+-- you might just need to wait a few minutes. It can take from a few
+-- seconds to a number of minutes for changes to propagate. Verify the
+-- resources that you are specifying in your request parameters and then
+-- retry the operation.
+_WAFUnavailableEntityException :: (Core.AsError a) => Lens.Fold a Core.ServiceError
+_WAFUnavailableEntityException =
+  Core._MatchServiceError
+    defaultService
+    "WAFUnavailableEntityException"
diff --git a/gen/Amazonka/WAFV2/Types/AWSManagedRulesBotControlRuleSet.hs b/gen/Amazonka/WAFV2/Types/AWSManagedRulesBotControlRuleSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/AWSManagedRulesBotControlRuleSet.hs
@@ -0,0 +1,108 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.AWSManagedRulesBotControlRuleSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.AWSManagedRulesBotControlRuleSet where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.InspectionLevel
+
+-- | Details for your use of the Bot Control managed rule group, used in
+-- @ManagedRuleGroupConfig@.
+--
+-- /See:/ 'newAWSManagedRulesBotControlRuleSet' smart constructor.
+data AWSManagedRulesBotControlRuleSet = AWSManagedRulesBotControlRuleSet'
+  { -- | The inspection level to use for the Bot Control rule group. The common
+    -- level is the least expensive. The targeted level includes all common
+    -- level rules and adds rules with more advanced inspection criteria. For
+    -- details, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html WAF Bot Control rule group>.
+    inspectionLevel :: InspectionLevel
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AWSManagedRulesBotControlRuleSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'inspectionLevel', 'aWSManagedRulesBotControlRuleSet_inspectionLevel' - The inspection level to use for the Bot Control rule group. The common
+-- level is the least expensive. The targeted level includes all common
+-- level rules and adds rules with more advanced inspection criteria. For
+-- details, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html WAF Bot Control rule group>.
+newAWSManagedRulesBotControlRuleSet ::
+  -- | 'inspectionLevel'
+  InspectionLevel ->
+  AWSManagedRulesBotControlRuleSet
+newAWSManagedRulesBotControlRuleSet pInspectionLevel_ =
+  AWSManagedRulesBotControlRuleSet'
+    { inspectionLevel =
+        pInspectionLevel_
+    }
+
+-- | The inspection level to use for the Bot Control rule group. The common
+-- level is the least expensive. The targeted level includes all common
+-- level rules and adds rules with more advanced inspection criteria. For
+-- details, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html WAF Bot Control rule group>.
+aWSManagedRulesBotControlRuleSet_inspectionLevel :: Lens.Lens' AWSManagedRulesBotControlRuleSet InspectionLevel
+aWSManagedRulesBotControlRuleSet_inspectionLevel = Lens.lens (\AWSManagedRulesBotControlRuleSet' {inspectionLevel} -> inspectionLevel) (\s@AWSManagedRulesBotControlRuleSet' {} a -> s {inspectionLevel = a} :: AWSManagedRulesBotControlRuleSet)
+
+instance
+  Data.FromJSON
+    AWSManagedRulesBotControlRuleSet
+  where
+  parseJSON =
+    Data.withObject
+      "AWSManagedRulesBotControlRuleSet"
+      ( \x ->
+          AWSManagedRulesBotControlRuleSet'
+            Prelude.<$> (x Data..: "InspectionLevel")
+      )
+
+instance
+  Prelude.Hashable
+    AWSManagedRulesBotControlRuleSet
+  where
+  hashWithSalt
+    _salt
+    AWSManagedRulesBotControlRuleSet' {..} =
+      _salt `Prelude.hashWithSalt` inspectionLevel
+
+instance
+  Prelude.NFData
+    AWSManagedRulesBotControlRuleSet
+  where
+  rnf AWSManagedRulesBotControlRuleSet' {..} =
+    Prelude.rnf inspectionLevel
+
+instance Data.ToJSON AWSManagedRulesBotControlRuleSet where
+  toJSON AWSManagedRulesBotControlRuleSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("InspectionLevel" Data..= inspectionLevel)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/ActionCondition.hs b/gen/Amazonka/WAFV2/Types/ActionCondition.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/ActionCondition.hs
@@ -0,0 +1,95 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.ActionCondition
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.ActionCondition where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.ActionValue
+
+-- | A single action condition for a Condition in a logging filter.
+--
+-- /See:/ 'newActionCondition' smart constructor.
+data ActionCondition = ActionCondition'
+  { -- | The action setting that a log record must contain in order to meet the
+    -- condition. This is the action that WAF applied to the web request.
+    --
+    -- For rule groups, this is either the configured rule action setting, or
+    -- if you\'ve applied a rule action override to the rule, it\'s the
+    -- override action. The value @EXCLUDED_AS_COUNT@ matches on excluded rules
+    -- and also on rules that have a rule action override of Count.
+    action :: ActionValue
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ActionCondition' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'action', 'actionCondition_action' - The action setting that a log record must contain in order to meet the
+-- condition. This is the action that WAF applied to the web request.
+--
+-- For rule groups, this is either the configured rule action setting, or
+-- if you\'ve applied a rule action override to the rule, it\'s the
+-- override action. The value @EXCLUDED_AS_COUNT@ matches on excluded rules
+-- and also on rules that have a rule action override of Count.
+newActionCondition ::
+  -- | 'action'
+  ActionValue ->
+  ActionCondition
+newActionCondition pAction_ =
+  ActionCondition' {action = pAction_}
+
+-- | The action setting that a log record must contain in order to meet the
+-- condition. This is the action that WAF applied to the web request.
+--
+-- For rule groups, this is either the configured rule action setting, or
+-- if you\'ve applied a rule action override to the rule, it\'s the
+-- override action. The value @EXCLUDED_AS_COUNT@ matches on excluded rules
+-- and also on rules that have a rule action override of Count.
+actionCondition_action :: Lens.Lens' ActionCondition ActionValue
+actionCondition_action = Lens.lens (\ActionCondition' {action} -> action) (\s@ActionCondition' {} a -> s {action = a} :: ActionCondition)
+
+instance Data.FromJSON ActionCondition where
+  parseJSON =
+    Data.withObject
+      "ActionCondition"
+      ( \x ->
+          ActionCondition' Prelude.<$> (x Data..: "Action")
+      )
+
+instance Prelude.Hashable ActionCondition where
+  hashWithSalt _salt ActionCondition' {..} =
+    _salt `Prelude.hashWithSalt` action
+
+instance Prelude.NFData ActionCondition where
+  rnf ActionCondition' {..} = Prelude.rnf action
+
+instance Data.ToJSON ActionCondition where
+  toJSON ActionCondition' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("Action" Data..= action)]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/ActionValue.hs b/gen/Amazonka/WAFV2/Types/ActionValue.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/ActionValue.hs
@@ -0,0 +1,91 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.ActionValue
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.ActionValue
+  ( ActionValue
+      ( ..,
+        ActionValue_ALLOW,
+        ActionValue_BLOCK,
+        ActionValue_CAPTCHA,
+        ActionValue_CHALLENGE,
+        ActionValue_COUNT,
+        ActionValue_EXCLUDED_AS_COUNT
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ActionValue = ActionValue'
+  { fromActionValue ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ActionValue_ALLOW :: ActionValue
+pattern ActionValue_ALLOW = ActionValue' "ALLOW"
+
+pattern ActionValue_BLOCK :: ActionValue
+pattern ActionValue_BLOCK = ActionValue' "BLOCK"
+
+pattern ActionValue_CAPTCHA :: ActionValue
+pattern ActionValue_CAPTCHA = ActionValue' "CAPTCHA"
+
+pattern ActionValue_CHALLENGE :: ActionValue
+pattern ActionValue_CHALLENGE = ActionValue' "CHALLENGE"
+
+pattern ActionValue_COUNT :: ActionValue
+pattern ActionValue_COUNT = ActionValue' "COUNT"
+
+pattern ActionValue_EXCLUDED_AS_COUNT :: ActionValue
+pattern ActionValue_EXCLUDED_AS_COUNT = ActionValue' "EXCLUDED_AS_COUNT"
+
+{-# COMPLETE
+  ActionValue_ALLOW,
+  ActionValue_BLOCK,
+  ActionValue_CAPTCHA,
+  ActionValue_CHALLENGE,
+  ActionValue_COUNT,
+  ActionValue_EXCLUDED_AS_COUNT,
+  ActionValue'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/All.hs b/gen/Amazonka/WAFV2/Types/All.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/All.hs
@@ -0,0 +1,62 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.All
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.All where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Inspect all of the elements that WAF has parsed and extracted from the
+-- web request component that you\'ve identified in your FieldToMatch
+-- specifications.
+--
+-- This is used only in the FieldToMatch specification for some web request
+-- component types.
+--
+-- JSON specification: @\"All\": {}@
+--
+-- /See:/ 'newAll' smart constructor.
+data All = All'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'All' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newAll ::
+  All
+newAll = All'
+
+instance Data.FromJSON All where
+  parseJSON =
+    Data.withObject "All" (\x -> Prelude.pure All')
+
+instance Prelude.Hashable All where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance Prelude.NFData All where
+  rnf _ = ()
+
+instance Data.ToJSON All where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
diff --git a/gen/Amazonka/WAFV2/Types/AllQueryArguments.hs b/gen/Amazonka/WAFV2/Types/AllQueryArguments.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/AllQueryArguments.hs
@@ -0,0 +1,62 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.AllQueryArguments
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.AllQueryArguments where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Inspect all query arguments of the web request.
+--
+-- This is used only in the FieldToMatch specification for some web request
+-- component types.
+--
+-- JSON specification: @\"AllQueryArguments\": {}@
+--
+-- /See:/ 'newAllQueryArguments' smart constructor.
+data AllQueryArguments = AllQueryArguments'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AllQueryArguments' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newAllQueryArguments ::
+  AllQueryArguments
+newAllQueryArguments = AllQueryArguments'
+
+instance Data.FromJSON AllQueryArguments where
+  parseJSON =
+    Data.withObject
+      "AllQueryArguments"
+      (\x -> Prelude.pure AllQueryArguments')
+
+instance Prelude.Hashable AllQueryArguments where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance Prelude.NFData AllQueryArguments where
+  rnf _ = ()
+
+instance Data.ToJSON AllQueryArguments where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
diff --git a/gen/Amazonka/WAFV2/Types/AllowAction.hs b/gen/Amazonka/WAFV2/Types/AllowAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/AllowAction.hs
@@ -0,0 +1,101 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.AllowAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.AllowAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.CustomRequestHandling
+
+-- | Specifies that WAF should allow the request and optionally defines
+-- additional custom handling for the request.
+--
+-- This is used in the context of other settings, for example to specify
+-- values for RuleAction and web ACL DefaultAction.
+--
+-- /See:/ 'newAllowAction' smart constructor.
+data AllowAction = AllowAction'
+  { -- | Defines custom handling for the web request.
+    --
+    -- For information about customizing web requests and responses, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+    -- in the
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+    customRequestHandling :: Prelude.Maybe CustomRequestHandling
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AllowAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'customRequestHandling', 'allowAction_customRequestHandling' - Defines custom handling for the web request.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+newAllowAction ::
+  AllowAction
+newAllowAction =
+  AllowAction'
+    { customRequestHandling =
+        Prelude.Nothing
+    }
+
+-- | Defines custom handling for the web request.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+allowAction_customRequestHandling :: Lens.Lens' AllowAction (Prelude.Maybe CustomRequestHandling)
+allowAction_customRequestHandling = Lens.lens (\AllowAction' {customRequestHandling} -> customRequestHandling) (\s@AllowAction' {} a -> s {customRequestHandling = a} :: AllowAction)
+
+instance Data.FromJSON AllowAction where
+  parseJSON =
+    Data.withObject
+      "AllowAction"
+      ( \x ->
+          AllowAction'
+            Prelude.<$> (x Data..:? "CustomRequestHandling")
+      )
+
+instance Prelude.Hashable AllowAction where
+  hashWithSalt _salt AllowAction' {..} =
+    _salt `Prelude.hashWithSalt` customRequestHandling
+
+instance Prelude.NFData AllowAction where
+  rnf AllowAction' {..} =
+    Prelude.rnf customRequestHandling
+
+instance Data.ToJSON AllowAction where
+  toJSON AllowAction' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CustomRequestHandling" Data..=)
+              Prelude.<$> customRequestHandling
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/AndStatement.hs b/gen/Amazonka/WAFV2/Types/AndStatement.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/AndStatement.hs
@@ -0,0 +1,80 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.AndStatement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.AndStatement where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import {-# SOURCE #-} Amazonka.WAFV2.Types.Statement
+
+-- | A logical rule statement used to combine other rule statements with AND
+-- logic. You provide more than one Statement within the @AndStatement@.
+--
+-- /See:/ 'newAndStatement' smart constructor.
+data AndStatement = AndStatement'
+  { -- | The statements to combine with AND logic. You can use any statements
+    -- that can be nested.
+    statements :: [Statement]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'AndStatement' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'statements', 'andStatement_statements' - The statements to combine with AND logic. You can use any statements
+-- that can be nested.
+newAndStatement ::
+  AndStatement
+newAndStatement =
+  AndStatement' {statements = Prelude.mempty}
+
+-- | The statements to combine with AND logic. You can use any statements
+-- that can be nested.
+andStatement_statements :: Lens.Lens' AndStatement [Statement]
+andStatement_statements = Lens.lens (\AndStatement' {statements} -> statements) (\s@AndStatement' {} a -> s {statements = a} :: AndStatement) Prelude.. Lens.coerced
+
+instance Data.FromJSON AndStatement where
+  parseJSON =
+    Data.withObject
+      "AndStatement"
+      ( \x ->
+          AndStatement'
+            Prelude.<$> (x Data..:? "Statements" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable AndStatement where
+  hashWithSalt _salt AndStatement' {..} =
+    _salt `Prelude.hashWithSalt` statements
+
+instance Prelude.NFData AndStatement where
+  rnf AndStatement' {..} = Prelude.rnf statements
+
+instance Data.ToJSON AndStatement where
+  toJSON AndStatement' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("Statements" Data..= statements)]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/AndStatement.hs-boot b/gen/Amazonka/WAFV2/Types/AndStatement.hs-boot
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/AndStatement.hs-boot
@@ -0,0 +1,33 @@
+{-# OPTIONS_GHC -Wno-missing-methods #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.AndStatement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.AndStatement where
+
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+data AndStatement
+
+instance Prelude.Eq AndStatement
+
+instance Prelude.Read AndStatement
+
+instance Prelude.Show AndStatement
+
+instance Prelude.Generic AndStatement
+
+instance Data.ToJSON AndStatement
+
+instance Data.FromJSON AndStatement
+
+instance Prelude.NFData AndStatement
+
+instance Prelude.Hashable AndStatement
diff --git a/gen/Amazonka/WAFV2/Types/BlockAction.hs b/gen/Amazonka/WAFV2/Types/BlockAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/BlockAction.hs
@@ -0,0 +1,97 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.BlockAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.BlockAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.CustomResponse
+
+-- | Specifies that WAF should block the request and optionally defines
+-- additional custom handling for the response to the web request.
+--
+-- This is used in the context of other settings, for example to specify
+-- values for RuleAction and web ACL DefaultAction.
+--
+-- /See:/ 'newBlockAction' smart constructor.
+data BlockAction = BlockAction'
+  { -- | Defines a custom response for the web request.
+    --
+    -- For information about customizing web requests and responses, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+    -- in the
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+    customResponse :: Prelude.Maybe CustomResponse
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'BlockAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'customResponse', 'blockAction_customResponse' - Defines a custom response for the web request.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+newBlockAction ::
+  BlockAction
+newBlockAction =
+  BlockAction' {customResponse = Prelude.Nothing}
+
+-- | Defines a custom response for the web request.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+blockAction_customResponse :: Lens.Lens' BlockAction (Prelude.Maybe CustomResponse)
+blockAction_customResponse = Lens.lens (\BlockAction' {customResponse} -> customResponse) (\s@BlockAction' {} a -> s {customResponse = a} :: BlockAction)
+
+instance Data.FromJSON BlockAction where
+  parseJSON =
+    Data.withObject
+      "BlockAction"
+      ( \x ->
+          BlockAction'
+            Prelude.<$> (x Data..:? "CustomResponse")
+      )
+
+instance Prelude.Hashable BlockAction where
+  hashWithSalt _salt BlockAction' {..} =
+    _salt `Prelude.hashWithSalt` customResponse
+
+instance Prelude.NFData BlockAction where
+  rnf BlockAction' {..} = Prelude.rnf customResponse
+
+instance Data.ToJSON BlockAction where
+  toJSON BlockAction' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CustomResponse" Data..=)
+              Prelude.<$> customResponse
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/Body.hs b/gen/Amazonka/WAFV2/Types/Body.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/Body.hs
@@ -0,0 +1,140 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.Body
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.Body where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.OversizeHandling
+
+-- | Inspect the body of the web request. The body immediately follows the
+-- request headers.
+--
+-- This is used to indicate the web request component to inspect, in the
+-- FieldToMatch specification.
+--
+-- /See:/ 'newBody' smart constructor.
+data Body = Body'
+  { -- | What WAF should do if the body is larger than WAF can inspect. WAF does
+    -- not support inspecting the entire contents of the body of a web request
+    -- when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the
+    -- request body are forwarded to WAF by the underlying host service.
+    --
+    -- The options for oversize handling are the following:
+    --
+    -- -   @CONTINUE@ - Inspect the body normally, according to the rule
+    --     inspection criteria.
+    --
+    -- -   @MATCH@ - Treat the web request as matching the rule statement. WAF
+    --     applies the rule action to the request.
+    --
+    -- -   @NO_MATCH@ - Treat the web request as not matching the rule
+    --     statement.
+    --
+    -- You can combine the @MATCH@ or @NO_MATCH@ settings for oversize handling
+    -- with your rule and web ACL action settings, so that you block any
+    -- request whose body is over 8 KB.
+    --
+    -- Default: @CONTINUE@
+    oversizeHandling :: Prelude.Maybe OversizeHandling
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Body' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'oversizeHandling', 'body_oversizeHandling' - What WAF should do if the body is larger than WAF can inspect. WAF does
+-- not support inspecting the entire contents of the body of a web request
+-- when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the
+-- request body are forwarded to WAF by the underlying host service.
+--
+-- The options for oversize handling are the following:
+--
+-- -   @CONTINUE@ - Inspect the body normally, according to the rule
+--     inspection criteria.
+--
+-- -   @MATCH@ - Treat the web request as matching the rule statement. WAF
+--     applies the rule action to the request.
+--
+-- -   @NO_MATCH@ - Treat the web request as not matching the rule
+--     statement.
+--
+-- You can combine the @MATCH@ or @NO_MATCH@ settings for oversize handling
+-- with your rule and web ACL action settings, so that you block any
+-- request whose body is over 8 KB.
+--
+-- Default: @CONTINUE@
+newBody ::
+  Body
+newBody = Body' {oversizeHandling = Prelude.Nothing}
+
+-- | What WAF should do if the body is larger than WAF can inspect. WAF does
+-- not support inspecting the entire contents of the body of a web request
+-- when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the
+-- request body are forwarded to WAF by the underlying host service.
+--
+-- The options for oversize handling are the following:
+--
+-- -   @CONTINUE@ - Inspect the body normally, according to the rule
+--     inspection criteria.
+--
+-- -   @MATCH@ - Treat the web request as matching the rule statement. WAF
+--     applies the rule action to the request.
+--
+-- -   @NO_MATCH@ - Treat the web request as not matching the rule
+--     statement.
+--
+-- You can combine the @MATCH@ or @NO_MATCH@ settings for oversize handling
+-- with your rule and web ACL action settings, so that you block any
+-- request whose body is over 8 KB.
+--
+-- Default: @CONTINUE@
+body_oversizeHandling :: Lens.Lens' Body (Prelude.Maybe OversizeHandling)
+body_oversizeHandling = Lens.lens (\Body' {oversizeHandling} -> oversizeHandling) (\s@Body' {} a -> s {oversizeHandling = a} :: Body)
+
+instance Data.FromJSON Body where
+  parseJSON =
+    Data.withObject
+      "Body"
+      ( \x ->
+          Body' Prelude.<$> (x Data..:? "OversizeHandling")
+      )
+
+instance Prelude.Hashable Body where
+  hashWithSalt _salt Body' {..} =
+    _salt `Prelude.hashWithSalt` oversizeHandling
+
+instance Prelude.NFData Body where
+  rnf Body' {..} = Prelude.rnf oversizeHandling
+
+instance Data.ToJSON Body where
+  toJSON Body' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("OversizeHandling" Data..=)
+              Prelude.<$> oversizeHandling
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/BodyParsingFallbackBehavior.hs b/gen/Amazonka/WAFV2/Types/BodyParsingFallbackBehavior.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/BodyParsingFallbackBehavior.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.BodyParsingFallbackBehavior
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.BodyParsingFallbackBehavior
+  ( BodyParsingFallbackBehavior
+      ( ..,
+        BodyParsingFallbackBehavior_EVALUATE_AS_STRING,
+        BodyParsingFallbackBehavior_MATCH,
+        BodyParsingFallbackBehavior_NO_MATCH
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype BodyParsingFallbackBehavior = BodyParsingFallbackBehavior'
+  { fromBodyParsingFallbackBehavior ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern BodyParsingFallbackBehavior_EVALUATE_AS_STRING :: BodyParsingFallbackBehavior
+pattern BodyParsingFallbackBehavior_EVALUATE_AS_STRING = BodyParsingFallbackBehavior' "EVALUATE_AS_STRING"
+
+pattern BodyParsingFallbackBehavior_MATCH :: BodyParsingFallbackBehavior
+pattern BodyParsingFallbackBehavior_MATCH = BodyParsingFallbackBehavior' "MATCH"
+
+pattern BodyParsingFallbackBehavior_NO_MATCH :: BodyParsingFallbackBehavior
+pattern BodyParsingFallbackBehavior_NO_MATCH = BodyParsingFallbackBehavior' "NO_MATCH"
+
+{-# COMPLETE
+  BodyParsingFallbackBehavior_EVALUATE_AS_STRING,
+  BodyParsingFallbackBehavior_MATCH,
+  BodyParsingFallbackBehavior_NO_MATCH,
+  BodyParsingFallbackBehavior'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/ByteMatchStatement.hs b/gen/Amazonka/WAFV2/Types/ByteMatchStatement.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/ByteMatchStatement.hs
@@ -0,0 +1,372 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.ByteMatchStatement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.ByteMatchStatement where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.FieldToMatch
+import Amazonka.WAFV2.Types.PositionalConstraint
+import Amazonka.WAFV2.Types.TextTransformation
+
+-- | A rule statement that defines a string match search for WAF to apply to
+-- web requests. The byte match statement provides the bytes to search for,
+-- the location in requests that you want WAF to search, and other
+-- settings. The bytes to search for are typically a string that
+-- corresponds with ASCII characters. In the WAF console and the developer
+-- guide, this is called a string match statement.
+--
+-- /See:/ 'newByteMatchStatement' smart constructor.
+data ByteMatchStatement = ByteMatchStatement'
+  { -- | A string value that you want WAF to search for. WAF searches only in the
+    -- part of web requests that you designate for inspection in FieldToMatch.
+    -- The maximum length of the value is 50 bytes.
+    --
+    -- Valid values depend on the component that you specify for inspection in
+    -- @FieldToMatch@:
+    --
+    -- -   @Method@: The HTTP method that you want WAF to search for. This
+    --     indicates the type of operation specified in the request.
+    --
+    -- -   @UriPath@: The value that you want WAF to search for in the URI
+    --     path, for example, @\/images\/daily-ad.jpg@.
+    --
+    -- If @SearchString@ includes alphabetic characters A-Z and a-z, note that
+    -- the value is case sensitive.
+    --
+    -- __If you\'re using the WAF API__
+    --
+    -- Specify a base64-encoded version of the value. The maximum length of the
+    -- value before you base64-encode it is 50 bytes.
+    --
+    -- For example, suppose the value of @Type@ is @HEADER@ and the value of
+    -- @Data@ is @User-Agent@. If you want to search the @User-Agent@ header
+    -- for the value @BadBot@, you base64-encode @BadBot@ using MIME
+    -- base64-encoding and include the resulting value, @QmFkQm90@, in the
+    -- value of @SearchString@.
+    --
+    -- __If you\'re using the CLI or one of the Amazon Web Services SDKs__
+    --
+    -- The value that you want WAF to search for. The SDK automatically base64
+    -- encodes the value.
+    searchString :: Data.Base64,
+    -- | The part of the web request that you want WAF to inspect.
+    fieldToMatch :: FieldToMatch,
+    -- | Text transformations eliminate some of the unusual formatting that
+    -- attackers use in web requests in an effort to bypass detection. If you
+    -- specify one or more transformations in a rule statement, WAF performs
+    -- all transformations on the content of the request component identified
+    -- by @FieldToMatch@, starting from the lowest priority setting, before
+    -- inspecting the content for a match.
+    textTransformations :: Prelude.NonEmpty TextTransformation,
+    -- | The area within the portion of the web request that you want WAF to
+    -- search for @SearchString@. Valid values include the following:
+    --
+    -- __CONTAINS__
+    --
+    -- The specified part of the web request must include the value of
+    -- @SearchString@, but the location doesn\'t matter.
+    --
+    -- __CONTAINS_WORD__
+    --
+    -- The specified part of the web request must include the value of
+    -- @SearchString@, and @SearchString@ must contain only alphanumeric
+    -- characters or underscore (A-Z, a-z, 0-9, or _). In addition,
+    -- @SearchString@ must be a word, which means that both of the following
+    -- are true:
+    --
+    -- -   @SearchString@ is at the beginning of the specified part of the web
+    --     request or is preceded by a character other than an alphanumeric
+    --     character or underscore (_). Examples include the value of a header
+    --     and @;BadBot@.
+    --
+    -- -   @SearchString@ is at the end of the specified part of the web
+    --     request or is followed by a character other than an alphanumeric
+    --     character or underscore (_), for example, @BadBot;@ and @-BadBot;@.
+    --
+    -- __EXACTLY__
+    --
+    -- The value of the specified part of the web request must exactly match
+    -- the value of @SearchString@.
+    --
+    -- __STARTS_WITH__
+    --
+    -- The value of @SearchString@ must appear at the beginning of the
+    -- specified part of the web request.
+    --
+    -- __ENDS_WITH__
+    --
+    -- The value of @SearchString@ must appear at the end of the specified part
+    -- of the web request.
+    positionalConstraint :: PositionalConstraint
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ByteMatchStatement' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'searchString', 'byteMatchStatement_searchString' - A string value that you want WAF to search for. WAF searches only in the
+-- part of web requests that you designate for inspection in FieldToMatch.
+-- The maximum length of the value is 50 bytes.
+--
+-- Valid values depend on the component that you specify for inspection in
+-- @FieldToMatch@:
+--
+-- -   @Method@: The HTTP method that you want WAF to search for. This
+--     indicates the type of operation specified in the request.
+--
+-- -   @UriPath@: The value that you want WAF to search for in the URI
+--     path, for example, @\/images\/daily-ad.jpg@.
+--
+-- If @SearchString@ includes alphabetic characters A-Z and a-z, note that
+-- the value is case sensitive.
+--
+-- __If you\'re using the WAF API__
+--
+-- Specify a base64-encoded version of the value. The maximum length of the
+-- value before you base64-encode it is 50 bytes.
+--
+-- For example, suppose the value of @Type@ is @HEADER@ and the value of
+-- @Data@ is @User-Agent@. If you want to search the @User-Agent@ header
+-- for the value @BadBot@, you base64-encode @BadBot@ using MIME
+-- base64-encoding and include the resulting value, @QmFkQm90@, in the
+-- value of @SearchString@.
+--
+-- __If you\'re using the CLI or one of the Amazon Web Services SDKs__
+--
+-- The value that you want WAF to search for. The SDK automatically base64
+-- encodes the value.--
+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
+-- -- The underlying isomorphism will encode to Base64 representation during
+-- -- serialisation, and decode from Base64 representation during deserialisation.
+-- -- This 'Lens' accepts and returns only raw unencoded data.
+--
+-- 'fieldToMatch', 'byteMatchStatement_fieldToMatch' - The part of the web request that you want WAF to inspect.
+--
+-- 'textTransformations', 'byteMatchStatement_textTransformations' - Text transformations eliminate some of the unusual formatting that
+-- attackers use in web requests in an effort to bypass detection. If you
+-- specify one or more transformations in a rule statement, WAF performs
+-- all transformations on the content of the request component identified
+-- by @FieldToMatch@, starting from the lowest priority setting, before
+-- inspecting the content for a match.
+--
+-- 'positionalConstraint', 'byteMatchStatement_positionalConstraint' - The area within the portion of the web request that you want WAF to
+-- search for @SearchString@. Valid values include the following:
+--
+-- __CONTAINS__
+--
+-- The specified part of the web request must include the value of
+-- @SearchString@, but the location doesn\'t matter.
+--
+-- __CONTAINS_WORD__
+--
+-- The specified part of the web request must include the value of
+-- @SearchString@, and @SearchString@ must contain only alphanumeric
+-- characters or underscore (A-Z, a-z, 0-9, or _). In addition,
+-- @SearchString@ must be a word, which means that both of the following
+-- are true:
+--
+-- -   @SearchString@ is at the beginning of the specified part of the web
+--     request or is preceded by a character other than an alphanumeric
+--     character or underscore (_). Examples include the value of a header
+--     and @;BadBot@.
+--
+-- -   @SearchString@ is at the end of the specified part of the web
+--     request or is followed by a character other than an alphanumeric
+--     character or underscore (_), for example, @BadBot;@ and @-BadBot;@.
+--
+-- __EXACTLY__
+--
+-- The value of the specified part of the web request must exactly match
+-- the value of @SearchString@.
+--
+-- __STARTS_WITH__
+--
+-- The value of @SearchString@ must appear at the beginning of the
+-- specified part of the web request.
+--
+-- __ENDS_WITH__
+--
+-- The value of @SearchString@ must appear at the end of the specified part
+-- of the web request.
+newByteMatchStatement ::
+  -- | 'searchString'
+  Prelude.ByteString ->
+  -- | 'fieldToMatch'
+  FieldToMatch ->
+  -- | 'textTransformations'
+  Prelude.NonEmpty TextTransformation ->
+  -- | 'positionalConstraint'
+  PositionalConstraint ->
+  ByteMatchStatement
+newByteMatchStatement
+  pSearchString_
+  pFieldToMatch_
+  pTextTransformations_
+  pPositionalConstraint_ =
+    ByteMatchStatement'
+      { searchString =
+          Data._Base64 Lens.# pSearchString_,
+        fieldToMatch = pFieldToMatch_,
+        textTransformations =
+          Lens.coerced Lens.# pTextTransformations_,
+        positionalConstraint = pPositionalConstraint_
+      }
+
+-- | A string value that you want WAF to search for. WAF searches only in the
+-- part of web requests that you designate for inspection in FieldToMatch.
+-- The maximum length of the value is 50 bytes.
+--
+-- Valid values depend on the component that you specify for inspection in
+-- @FieldToMatch@:
+--
+-- -   @Method@: The HTTP method that you want WAF to search for. This
+--     indicates the type of operation specified in the request.
+--
+-- -   @UriPath@: The value that you want WAF to search for in the URI
+--     path, for example, @\/images\/daily-ad.jpg@.
+--
+-- If @SearchString@ includes alphabetic characters A-Z and a-z, note that
+-- the value is case sensitive.
+--
+-- __If you\'re using the WAF API__
+--
+-- Specify a base64-encoded version of the value. The maximum length of the
+-- value before you base64-encode it is 50 bytes.
+--
+-- For example, suppose the value of @Type@ is @HEADER@ and the value of
+-- @Data@ is @User-Agent@. If you want to search the @User-Agent@ header
+-- for the value @BadBot@, you base64-encode @BadBot@ using MIME
+-- base64-encoding and include the resulting value, @QmFkQm90@, in the
+-- value of @SearchString@.
+--
+-- __If you\'re using the CLI or one of the Amazon Web Services SDKs__
+--
+-- The value that you want WAF to search for. The SDK automatically base64
+-- encodes the value.--
+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.
+-- -- The underlying isomorphism will encode to Base64 representation during
+-- -- serialisation, and decode from Base64 representation during deserialisation.
+-- -- This 'Lens' accepts and returns only raw unencoded data.
+byteMatchStatement_searchString :: Lens.Lens' ByteMatchStatement Prelude.ByteString
+byteMatchStatement_searchString = Lens.lens (\ByteMatchStatement' {searchString} -> searchString) (\s@ByteMatchStatement' {} a -> s {searchString = a} :: ByteMatchStatement) Prelude.. Data._Base64
+
+-- | The part of the web request that you want WAF to inspect.
+byteMatchStatement_fieldToMatch :: Lens.Lens' ByteMatchStatement FieldToMatch
+byteMatchStatement_fieldToMatch = Lens.lens (\ByteMatchStatement' {fieldToMatch} -> fieldToMatch) (\s@ByteMatchStatement' {} a -> s {fieldToMatch = a} :: ByteMatchStatement)
+
+-- | Text transformations eliminate some of the unusual formatting that
+-- attackers use in web requests in an effort to bypass detection. If you
+-- specify one or more transformations in a rule statement, WAF performs
+-- all transformations on the content of the request component identified
+-- by @FieldToMatch@, starting from the lowest priority setting, before
+-- inspecting the content for a match.
+byteMatchStatement_textTransformations :: Lens.Lens' ByteMatchStatement (Prelude.NonEmpty TextTransformation)
+byteMatchStatement_textTransformations = Lens.lens (\ByteMatchStatement' {textTransformations} -> textTransformations) (\s@ByteMatchStatement' {} a -> s {textTransformations = a} :: ByteMatchStatement) Prelude.. Lens.coerced
+
+-- | The area within the portion of the web request that you want WAF to
+-- search for @SearchString@. Valid values include the following:
+--
+-- __CONTAINS__
+--
+-- The specified part of the web request must include the value of
+-- @SearchString@, but the location doesn\'t matter.
+--
+-- __CONTAINS_WORD__
+--
+-- The specified part of the web request must include the value of
+-- @SearchString@, and @SearchString@ must contain only alphanumeric
+-- characters or underscore (A-Z, a-z, 0-9, or _). In addition,
+-- @SearchString@ must be a word, which means that both of the following
+-- are true:
+--
+-- -   @SearchString@ is at the beginning of the specified part of the web
+--     request or is preceded by a character other than an alphanumeric
+--     character or underscore (_). Examples include the value of a header
+--     and @;BadBot@.
+--
+-- -   @SearchString@ is at the end of the specified part of the web
+--     request or is followed by a character other than an alphanumeric
+--     character or underscore (_), for example, @BadBot;@ and @-BadBot;@.
+--
+-- __EXACTLY__
+--
+-- The value of the specified part of the web request must exactly match
+-- the value of @SearchString@.
+--
+-- __STARTS_WITH__
+--
+-- The value of @SearchString@ must appear at the beginning of the
+-- specified part of the web request.
+--
+-- __ENDS_WITH__
+--
+-- The value of @SearchString@ must appear at the end of the specified part
+-- of the web request.
+byteMatchStatement_positionalConstraint :: Lens.Lens' ByteMatchStatement PositionalConstraint
+byteMatchStatement_positionalConstraint = Lens.lens (\ByteMatchStatement' {positionalConstraint} -> positionalConstraint) (\s@ByteMatchStatement' {} a -> s {positionalConstraint = a} :: ByteMatchStatement)
+
+instance Data.FromJSON ByteMatchStatement where
+  parseJSON =
+    Data.withObject
+      "ByteMatchStatement"
+      ( \x ->
+          ByteMatchStatement'
+            Prelude.<$> (x Data..: "SearchString")
+            Prelude.<*> (x Data..: "FieldToMatch")
+            Prelude.<*> (x Data..: "TextTransformations")
+            Prelude.<*> (x Data..: "PositionalConstraint")
+      )
+
+instance Prelude.Hashable ByteMatchStatement where
+  hashWithSalt _salt ByteMatchStatement' {..} =
+    _salt
+      `Prelude.hashWithSalt` searchString
+      `Prelude.hashWithSalt` fieldToMatch
+      `Prelude.hashWithSalt` textTransformations
+      `Prelude.hashWithSalt` positionalConstraint
+
+instance Prelude.NFData ByteMatchStatement where
+  rnf ByteMatchStatement' {..} =
+    Prelude.rnf searchString
+      `Prelude.seq` Prelude.rnf fieldToMatch
+      `Prelude.seq` Prelude.rnf textTransformations
+      `Prelude.seq` Prelude.rnf positionalConstraint
+
+instance Data.ToJSON ByteMatchStatement where
+  toJSON ByteMatchStatement' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("SearchString" Data..= searchString),
+            Prelude.Just ("FieldToMatch" Data..= fieldToMatch),
+            Prelude.Just
+              ("TextTransformations" Data..= textTransformations),
+            Prelude.Just
+              ( "PositionalConstraint"
+                  Data..= positionalConstraint
+              )
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/CaptchaAction.hs b/gen/Amazonka/WAFV2/Types/CaptchaAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/CaptchaAction.hs
@@ -0,0 +1,127 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.CaptchaAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.CaptchaAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.CustomRequestHandling
+
+-- | Specifies that WAF should run a @CAPTCHA@ check against the request:
+--
+-- -   If the request includes a valid, unexpired @CAPTCHA@ token, WAF
+--     applies any custom request handling and labels that you\'ve
+--     configured and then allows the web request inspection to proceed to
+--     the next rule, similar to a @CountAction@.
+--
+-- -   If the request doesn\'t include a valid, unexpired token, WAF
+--     discontinues the web ACL evaluation of the request and blocks it
+--     from going to its intended destination.
+--
+--     WAF generates a response that it sends back to the client, which
+--     includes the following:
+--
+--     -   The header @x-amzn-waf-action@ with a value of @captcha@.
+--
+--     -   The HTTP status code @405 Method Not Allowed@.
+--
+--     -   If the request contains an @Accept@ header with a value of
+--         @text\/html@, the response includes a @CAPTCHA@ JavaScript page
+--         interstitial.
+--
+-- You can configure the expiration time in the @CaptchaConfig@
+-- @ImmunityTimeProperty@ setting at the rule and web ACL level. The rule
+-- setting overrides the web ACL setting.
+--
+-- This action option is available for rules. It isn\'t available for web
+-- ACL default actions.
+--
+-- /See:/ 'newCaptchaAction' smart constructor.
+data CaptchaAction = CaptchaAction'
+  { -- | Defines custom handling for the web request, used when the @CAPTCHA@
+    -- inspection determines that the request\'s token is valid and unexpired.
+    --
+    -- For information about customizing web requests and responses, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+    -- in the
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+    customRequestHandling :: Prelude.Maybe CustomRequestHandling
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CaptchaAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'customRequestHandling', 'captchaAction_customRequestHandling' - Defines custom handling for the web request, used when the @CAPTCHA@
+-- inspection determines that the request\'s token is valid and unexpired.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+newCaptchaAction ::
+  CaptchaAction
+newCaptchaAction =
+  CaptchaAction'
+    { customRequestHandling =
+        Prelude.Nothing
+    }
+
+-- | Defines custom handling for the web request, used when the @CAPTCHA@
+-- inspection determines that the request\'s token is valid and unexpired.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+captchaAction_customRequestHandling :: Lens.Lens' CaptchaAction (Prelude.Maybe CustomRequestHandling)
+captchaAction_customRequestHandling = Lens.lens (\CaptchaAction' {customRequestHandling} -> customRequestHandling) (\s@CaptchaAction' {} a -> s {customRequestHandling = a} :: CaptchaAction)
+
+instance Data.FromJSON CaptchaAction where
+  parseJSON =
+    Data.withObject
+      "CaptchaAction"
+      ( \x ->
+          CaptchaAction'
+            Prelude.<$> (x Data..:? "CustomRequestHandling")
+      )
+
+instance Prelude.Hashable CaptchaAction where
+  hashWithSalt _salt CaptchaAction' {..} =
+    _salt `Prelude.hashWithSalt` customRequestHandling
+
+instance Prelude.NFData CaptchaAction where
+  rnf CaptchaAction' {..} =
+    Prelude.rnf customRequestHandling
+
+instance Data.ToJSON CaptchaAction where
+  toJSON CaptchaAction' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CustomRequestHandling" Data..=)
+              Prelude.<$> customRequestHandling
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/CaptchaConfig.hs b/gen/Amazonka/WAFV2/Types/CaptchaConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/CaptchaConfig.hs
@@ -0,0 +1,86 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.CaptchaConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.CaptchaConfig where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.ImmunityTimeProperty
+
+-- | Specifies how WAF should handle @CAPTCHA@ evaluations. This is available
+-- at the web ACL level and in each rule.
+--
+-- /See:/ 'newCaptchaConfig' smart constructor.
+data CaptchaConfig = CaptchaConfig'
+  { -- | Determines how long a @CAPTCHA@ timestamp in the token remains valid
+    -- after the client successfully solves a @CAPTCHA@ puzzle.
+    immunityTimeProperty :: Prelude.Maybe ImmunityTimeProperty
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CaptchaConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'immunityTimeProperty', 'captchaConfig_immunityTimeProperty' - Determines how long a @CAPTCHA@ timestamp in the token remains valid
+-- after the client successfully solves a @CAPTCHA@ puzzle.
+newCaptchaConfig ::
+  CaptchaConfig
+newCaptchaConfig =
+  CaptchaConfig'
+    { immunityTimeProperty =
+        Prelude.Nothing
+    }
+
+-- | Determines how long a @CAPTCHA@ timestamp in the token remains valid
+-- after the client successfully solves a @CAPTCHA@ puzzle.
+captchaConfig_immunityTimeProperty :: Lens.Lens' CaptchaConfig (Prelude.Maybe ImmunityTimeProperty)
+captchaConfig_immunityTimeProperty = Lens.lens (\CaptchaConfig' {immunityTimeProperty} -> immunityTimeProperty) (\s@CaptchaConfig' {} a -> s {immunityTimeProperty = a} :: CaptchaConfig)
+
+instance Data.FromJSON CaptchaConfig where
+  parseJSON =
+    Data.withObject
+      "CaptchaConfig"
+      ( \x ->
+          CaptchaConfig'
+            Prelude.<$> (x Data..:? "ImmunityTimeProperty")
+      )
+
+instance Prelude.Hashable CaptchaConfig where
+  hashWithSalt _salt CaptchaConfig' {..} =
+    _salt `Prelude.hashWithSalt` immunityTimeProperty
+
+instance Prelude.NFData CaptchaConfig where
+  rnf CaptchaConfig' {..} =
+    Prelude.rnf immunityTimeProperty
+
+instance Data.ToJSON CaptchaConfig where
+  toJSON CaptchaConfig' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ImmunityTimeProperty" Data..=)
+              Prelude.<$> immunityTimeProperty
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/CaptchaResponse.hs b/gen/Amazonka/WAFV2/Types/CaptchaResponse.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/CaptchaResponse.hs
@@ -0,0 +1,107 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.CaptchaResponse
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.CaptchaResponse where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.FailureReason
+
+-- | The result from the inspection of the web request for a valid @CAPTCHA@
+-- token.
+--
+-- /See:/ 'newCaptchaResponse' smart constructor.
+data CaptchaResponse = CaptchaResponse'
+  { -- | The reason for failure, populated when the evaluation of the token
+    -- fails.
+    failureReason :: Prelude.Maybe FailureReason,
+    -- | The HTTP response code indicating the status of the @CAPTCHA@ token in
+    -- the web request. If the token is missing, invalid, or expired, this code
+    -- is @405 Method Not Allowed@.
+    responseCode :: Prelude.Maybe Prelude.Int,
+    -- | The time that the @CAPTCHA@ was last solved for the supplied token.
+    solveTimestamp :: Prelude.Maybe Prelude.Integer
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CaptchaResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'failureReason', 'captchaResponse_failureReason' - The reason for failure, populated when the evaluation of the token
+-- fails.
+--
+-- 'responseCode', 'captchaResponse_responseCode' - The HTTP response code indicating the status of the @CAPTCHA@ token in
+-- the web request. If the token is missing, invalid, or expired, this code
+-- is @405 Method Not Allowed@.
+--
+-- 'solveTimestamp', 'captchaResponse_solveTimestamp' - The time that the @CAPTCHA@ was last solved for the supplied token.
+newCaptchaResponse ::
+  CaptchaResponse
+newCaptchaResponse =
+  CaptchaResponse'
+    { failureReason = Prelude.Nothing,
+      responseCode = Prelude.Nothing,
+      solveTimestamp = Prelude.Nothing
+    }
+
+-- | The reason for failure, populated when the evaluation of the token
+-- fails.
+captchaResponse_failureReason :: Lens.Lens' CaptchaResponse (Prelude.Maybe FailureReason)
+captchaResponse_failureReason = Lens.lens (\CaptchaResponse' {failureReason} -> failureReason) (\s@CaptchaResponse' {} a -> s {failureReason = a} :: CaptchaResponse)
+
+-- | The HTTP response code indicating the status of the @CAPTCHA@ token in
+-- the web request. If the token is missing, invalid, or expired, this code
+-- is @405 Method Not Allowed@.
+captchaResponse_responseCode :: Lens.Lens' CaptchaResponse (Prelude.Maybe Prelude.Int)
+captchaResponse_responseCode = Lens.lens (\CaptchaResponse' {responseCode} -> responseCode) (\s@CaptchaResponse' {} a -> s {responseCode = a} :: CaptchaResponse)
+
+-- | The time that the @CAPTCHA@ was last solved for the supplied token.
+captchaResponse_solveTimestamp :: Lens.Lens' CaptchaResponse (Prelude.Maybe Prelude.Integer)
+captchaResponse_solveTimestamp = Lens.lens (\CaptchaResponse' {solveTimestamp} -> solveTimestamp) (\s@CaptchaResponse' {} a -> s {solveTimestamp = a} :: CaptchaResponse)
+
+instance Data.FromJSON CaptchaResponse where
+  parseJSON =
+    Data.withObject
+      "CaptchaResponse"
+      ( \x ->
+          CaptchaResponse'
+            Prelude.<$> (x Data..:? "FailureReason")
+            Prelude.<*> (x Data..:? "ResponseCode")
+            Prelude.<*> (x Data..:? "SolveTimestamp")
+      )
+
+instance Prelude.Hashable CaptchaResponse where
+  hashWithSalt _salt CaptchaResponse' {..} =
+    _salt
+      `Prelude.hashWithSalt` failureReason
+      `Prelude.hashWithSalt` responseCode
+      `Prelude.hashWithSalt` solveTimestamp
+
+instance Prelude.NFData CaptchaResponse where
+  rnf CaptchaResponse' {..} =
+    Prelude.rnf failureReason
+      `Prelude.seq` Prelude.rnf responseCode
+      `Prelude.seq` Prelude.rnf solveTimestamp
diff --git a/gen/Amazonka/WAFV2/Types/ChallengeAction.hs b/gen/Amazonka/WAFV2/Types/ChallengeAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/ChallengeAction.hs
@@ -0,0 +1,140 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.ChallengeAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.ChallengeAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.CustomRequestHandling
+
+-- | Specifies that WAF should run a @Challenge@ check against the request to
+-- verify that the request is coming from a legitimate client session:
+--
+-- -   If the request includes a valid, unexpired challenge token, WAF
+--     applies any custom request handling and labels that you\'ve
+--     configured and then allows the web request inspection to proceed to
+--     the next rule, similar to a @CountAction@.
+--
+-- -   If the request doesn\'t include a valid, unexpired challenge token,
+--     WAF discontinues the web ACL evaluation of the request and blocks it
+--     from going to its intended destination.
+--
+--     WAF then generates a challenge response that it sends back to the
+--     client, which includes the following:
+--
+--     -   The header @x-amzn-waf-action@ with a value of @challenge@.
+--
+--     -   The HTTP status code @202 Request Accepted@.
+--
+--     -   If the request contains an @Accept@ header with a value of
+--         @text\/html@, the response includes a JavaScript page
+--         interstitial with a challenge script.
+--
+--     Challenges run silent browser interrogations in the background, and
+--     don\'t generally affect the end user experience.
+--
+--     A challenge enforces token acquisition using an interstitial
+--     JavaScript challenge that inspects the client session for legitimate
+--     behavior. The challenge blocks bots or at least increases the cost
+--     of operating sophisticated bots.
+--
+--     After the client session successfully responds to the challenge, it
+--     receives a new token from WAF, which the challenge script uses to
+--     resubmit the original request.
+--
+-- You can configure the expiration time in the @ChallengeConfig@
+-- @ImmunityTimeProperty@ setting at the rule and web ACL level. The rule
+-- setting overrides the web ACL setting.
+--
+-- This action option is available for rules. It isn\'t available for web
+-- ACL default actions.
+--
+-- /See:/ 'newChallengeAction' smart constructor.
+data ChallengeAction = ChallengeAction'
+  { -- | Defines custom handling for the web request, used when the challenge
+    -- inspection determines that the request\'s token is valid and unexpired.
+    --
+    -- For information about customizing web requests and responses, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+    -- in the
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+    customRequestHandling :: Prelude.Maybe CustomRequestHandling
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ChallengeAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'customRequestHandling', 'challengeAction_customRequestHandling' - Defines custom handling for the web request, used when the challenge
+-- inspection determines that the request\'s token is valid and unexpired.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+newChallengeAction ::
+  ChallengeAction
+newChallengeAction =
+  ChallengeAction'
+    { customRequestHandling =
+        Prelude.Nothing
+    }
+
+-- | Defines custom handling for the web request, used when the challenge
+-- inspection determines that the request\'s token is valid and unexpired.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+challengeAction_customRequestHandling :: Lens.Lens' ChallengeAction (Prelude.Maybe CustomRequestHandling)
+challengeAction_customRequestHandling = Lens.lens (\ChallengeAction' {customRequestHandling} -> customRequestHandling) (\s@ChallengeAction' {} a -> s {customRequestHandling = a} :: ChallengeAction)
+
+instance Data.FromJSON ChallengeAction where
+  parseJSON =
+    Data.withObject
+      "ChallengeAction"
+      ( \x ->
+          ChallengeAction'
+            Prelude.<$> (x Data..:? "CustomRequestHandling")
+      )
+
+instance Prelude.Hashable ChallengeAction where
+  hashWithSalt _salt ChallengeAction' {..} =
+    _salt `Prelude.hashWithSalt` customRequestHandling
+
+instance Prelude.NFData ChallengeAction where
+  rnf ChallengeAction' {..} =
+    Prelude.rnf customRequestHandling
+
+instance Data.ToJSON ChallengeAction where
+  toJSON ChallengeAction' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CustomRequestHandling" Data..=)
+              Prelude.<$> customRequestHandling
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/ChallengeConfig.hs b/gen/Amazonka/WAFV2/Types/ChallengeConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/ChallengeConfig.hs
@@ -0,0 +1,86 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.ChallengeConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.ChallengeConfig where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.ImmunityTimeProperty
+
+-- | Specifies how WAF should handle @Challenge@ evaluations. This is
+-- available at the web ACL level and in each rule.
+--
+-- /See:/ 'newChallengeConfig' smart constructor.
+data ChallengeConfig = ChallengeConfig'
+  { -- | Determines how long a challenge timestamp in the token remains valid
+    -- after the client successfully responds to a challenge.
+    immunityTimeProperty :: Prelude.Maybe ImmunityTimeProperty
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ChallengeConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'immunityTimeProperty', 'challengeConfig_immunityTimeProperty' - Determines how long a challenge timestamp in the token remains valid
+-- after the client successfully responds to a challenge.
+newChallengeConfig ::
+  ChallengeConfig
+newChallengeConfig =
+  ChallengeConfig'
+    { immunityTimeProperty =
+        Prelude.Nothing
+    }
+
+-- | Determines how long a challenge timestamp in the token remains valid
+-- after the client successfully responds to a challenge.
+challengeConfig_immunityTimeProperty :: Lens.Lens' ChallengeConfig (Prelude.Maybe ImmunityTimeProperty)
+challengeConfig_immunityTimeProperty = Lens.lens (\ChallengeConfig' {immunityTimeProperty} -> immunityTimeProperty) (\s@ChallengeConfig' {} a -> s {immunityTimeProperty = a} :: ChallengeConfig)
+
+instance Data.FromJSON ChallengeConfig where
+  parseJSON =
+    Data.withObject
+      "ChallengeConfig"
+      ( \x ->
+          ChallengeConfig'
+            Prelude.<$> (x Data..:? "ImmunityTimeProperty")
+      )
+
+instance Prelude.Hashable ChallengeConfig where
+  hashWithSalt _salt ChallengeConfig' {..} =
+    _salt `Prelude.hashWithSalt` immunityTimeProperty
+
+instance Prelude.NFData ChallengeConfig where
+  rnf ChallengeConfig' {..} =
+    Prelude.rnf immunityTimeProperty
+
+instance Data.ToJSON ChallengeConfig where
+  toJSON ChallengeConfig' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ImmunityTimeProperty" Data..=)
+              Prelude.<$> immunityTimeProperty
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/ChallengeResponse.hs b/gen/Amazonka/WAFV2/Types/ChallengeResponse.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/ChallengeResponse.hs
@@ -0,0 +1,107 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.ChallengeResponse
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.ChallengeResponse where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.FailureReason
+
+-- | The result from the inspection of the web request for a valid challenge
+-- token.
+--
+-- /See:/ 'newChallengeResponse' smart constructor.
+data ChallengeResponse = ChallengeResponse'
+  { -- | The reason for failure, populated when the evaluation of the token
+    -- fails.
+    failureReason :: Prelude.Maybe FailureReason,
+    -- | The HTTP response code indicating the status of the challenge token in
+    -- the web request. If the token is missing, invalid, or expired, this code
+    -- is @202 Request Accepted@.
+    responseCode :: Prelude.Maybe Prelude.Int,
+    -- | The time that the challenge was last solved for the supplied token.
+    solveTimestamp :: Prelude.Maybe Prelude.Integer
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ChallengeResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'failureReason', 'challengeResponse_failureReason' - The reason for failure, populated when the evaluation of the token
+-- fails.
+--
+-- 'responseCode', 'challengeResponse_responseCode' - The HTTP response code indicating the status of the challenge token in
+-- the web request. If the token is missing, invalid, or expired, this code
+-- is @202 Request Accepted@.
+--
+-- 'solveTimestamp', 'challengeResponse_solveTimestamp' - The time that the challenge was last solved for the supplied token.
+newChallengeResponse ::
+  ChallengeResponse
+newChallengeResponse =
+  ChallengeResponse'
+    { failureReason = Prelude.Nothing,
+      responseCode = Prelude.Nothing,
+      solveTimestamp = Prelude.Nothing
+    }
+
+-- | The reason for failure, populated when the evaluation of the token
+-- fails.
+challengeResponse_failureReason :: Lens.Lens' ChallengeResponse (Prelude.Maybe FailureReason)
+challengeResponse_failureReason = Lens.lens (\ChallengeResponse' {failureReason} -> failureReason) (\s@ChallengeResponse' {} a -> s {failureReason = a} :: ChallengeResponse)
+
+-- | The HTTP response code indicating the status of the challenge token in
+-- the web request. If the token is missing, invalid, or expired, this code
+-- is @202 Request Accepted@.
+challengeResponse_responseCode :: Lens.Lens' ChallengeResponse (Prelude.Maybe Prelude.Int)
+challengeResponse_responseCode = Lens.lens (\ChallengeResponse' {responseCode} -> responseCode) (\s@ChallengeResponse' {} a -> s {responseCode = a} :: ChallengeResponse)
+
+-- | The time that the challenge was last solved for the supplied token.
+challengeResponse_solveTimestamp :: Lens.Lens' ChallengeResponse (Prelude.Maybe Prelude.Integer)
+challengeResponse_solveTimestamp = Lens.lens (\ChallengeResponse' {solveTimestamp} -> solveTimestamp) (\s@ChallengeResponse' {} a -> s {solveTimestamp = a} :: ChallengeResponse)
+
+instance Data.FromJSON ChallengeResponse where
+  parseJSON =
+    Data.withObject
+      "ChallengeResponse"
+      ( \x ->
+          ChallengeResponse'
+            Prelude.<$> (x Data..:? "FailureReason")
+            Prelude.<*> (x Data..:? "ResponseCode")
+            Prelude.<*> (x Data..:? "SolveTimestamp")
+      )
+
+instance Prelude.Hashable ChallengeResponse where
+  hashWithSalt _salt ChallengeResponse' {..} =
+    _salt
+      `Prelude.hashWithSalt` failureReason
+      `Prelude.hashWithSalt` responseCode
+      `Prelude.hashWithSalt` solveTimestamp
+
+instance Prelude.NFData ChallengeResponse where
+  rnf ChallengeResponse' {..} =
+    Prelude.rnf failureReason
+      `Prelude.seq` Prelude.rnf responseCode
+      `Prelude.seq` Prelude.rnf solveTimestamp
diff --git a/gen/Amazonka/WAFV2/Types/ComparisonOperator.hs b/gen/Amazonka/WAFV2/Types/ComparisonOperator.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/ComparisonOperator.hs
@@ -0,0 +1,91 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.ComparisonOperator
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.ComparisonOperator
+  ( ComparisonOperator
+      ( ..,
+        ComparisonOperator_EQ,
+        ComparisonOperator_GE,
+        ComparisonOperator_GT,
+        ComparisonOperator_LE,
+        ComparisonOperator_LT,
+        ComparisonOperator_NE
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ComparisonOperator = ComparisonOperator'
+  { fromComparisonOperator ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ComparisonOperator_EQ :: ComparisonOperator
+pattern ComparisonOperator_EQ = ComparisonOperator' "EQ"
+
+pattern ComparisonOperator_GE :: ComparisonOperator
+pattern ComparisonOperator_GE = ComparisonOperator' "GE"
+
+pattern ComparisonOperator_GT :: ComparisonOperator
+pattern ComparisonOperator_GT = ComparisonOperator' "GT"
+
+pattern ComparisonOperator_LE :: ComparisonOperator
+pattern ComparisonOperator_LE = ComparisonOperator' "LE"
+
+pattern ComparisonOperator_LT :: ComparisonOperator
+pattern ComparisonOperator_LT = ComparisonOperator' "LT"
+
+pattern ComparisonOperator_NE :: ComparisonOperator
+pattern ComparisonOperator_NE = ComparisonOperator' "NE"
+
+{-# COMPLETE
+  ComparisonOperator_EQ,
+  ComparisonOperator_GE,
+  ComparisonOperator_GT,
+  ComparisonOperator_LE,
+  ComparisonOperator_LT,
+  ComparisonOperator_NE,
+  ComparisonOperator'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/Condition.hs b/gen/Amazonka/WAFV2/Types/Condition.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/Condition.hs
@@ -0,0 +1,112 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.Condition
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.Condition where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.ActionCondition
+import Amazonka.WAFV2.Types.LabelNameCondition
+
+-- | A single match condition for a Filter.
+--
+-- /See:/ 'newCondition' smart constructor.
+data Condition = Condition'
+  { -- | A single action condition. This is the action setting that a log record
+    -- must contain in order to meet the condition.
+    actionCondition :: Prelude.Maybe ActionCondition,
+    -- | A single label name condition. This is the fully qualified label name
+    -- that a log record must contain in order to meet the condition. Fully
+    -- qualified labels have a prefix, optional namespaces, and label name. The
+    -- prefix identifies the rule group or web ACL context of the rule that
+    -- added the label.
+    labelNameCondition :: Prelude.Maybe LabelNameCondition
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Condition' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'actionCondition', 'condition_actionCondition' - A single action condition. This is the action setting that a log record
+-- must contain in order to meet the condition.
+--
+-- 'labelNameCondition', 'condition_labelNameCondition' - A single label name condition. This is the fully qualified label name
+-- that a log record must contain in order to meet the condition. Fully
+-- qualified labels have a prefix, optional namespaces, and label name. The
+-- prefix identifies the rule group or web ACL context of the rule that
+-- added the label.
+newCondition ::
+  Condition
+newCondition =
+  Condition'
+    { actionCondition = Prelude.Nothing,
+      labelNameCondition = Prelude.Nothing
+    }
+
+-- | A single action condition. This is the action setting that a log record
+-- must contain in order to meet the condition.
+condition_actionCondition :: Lens.Lens' Condition (Prelude.Maybe ActionCondition)
+condition_actionCondition = Lens.lens (\Condition' {actionCondition} -> actionCondition) (\s@Condition' {} a -> s {actionCondition = a} :: Condition)
+
+-- | A single label name condition. This is the fully qualified label name
+-- that a log record must contain in order to meet the condition. Fully
+-- qualified labels have a prefix, optional namespaces, and label name. The
+-- prefix identifies the rule group or web ACL context of the rule that
+-- added the label.
+condition_labelNameCondition :: Lens.Lens' Condition (Prelude.Maybe LabelNameCondition)
+condition_labelNameCondition = Lens.lens (\Condition' {labelNameCondition} -> labelNameCondition) (\s@Condition' {} a -> s {labelNameCondition = a} :: Condition)
+
+instance Data.FromJSON Condition where
+  parseJSON =
+    Data.withObject
+      "Condition"
+      ( \x ->
+          Condition'
+            Prelude.<$> (x Data..:? "ActionCondition")
+            Prelude.<*> (x Data..:? "LabelNameCondition")
+      )
+
+instance Prelude.Hashable Condition where
+  hashWithSalt _salt Condition' {..} =
+    _salt
+      `Prelude.hashWithSalt` actionCondition
+      `Prelude.hashWithSalt` labelNameCondition
+
+instance Prelude.NFData Condition where
+  rnf Condition' {..} =
+    Prelude.rnf actionCondition
+      `Prelude.seq` Prelude.rnf labelNameCondition
+
+instance Data.ToJSON Condition where
+  toJSON Condition' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ActionCondition" Data..=)
+              Prelude.<$> actionCondition,
+            ("LabelNameCondition" Data..=)
+              Prelude.<$> labelNameCondition
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/CookieMatchPattern.hs b/gen/Amazonka/WAFV2/Types/CookieMatchPattern.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/CookieMatchPattern.hs
@@ -0,0 +1,122 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.CookieMatchPattern
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.CookieMatchPattern where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.All
+
+-- | The filter to use to identify the subset of cookies to inspect in a web
+-- request.
+--
+-- You must specify exactly one setting: either @All@, @IncludedCookies@,
+-- or @ExcludedCookies@.
+--
+-- Example JSON:
+-- @\"MatchPattern\": { \"IncludedCookies\": {\"KeyToInclude1\", \"KeyToInclude2\", \"KeyToInclude3\"} }@
+--
+-- /See:/ 'newCookieMatchPattern' smart constructor.
+data CookieMatchPattern = CookieMatchPattern'
+  { -- | Inspect all cookies.
+    all :: Prelude.Maybe All,
+    -- | Inspect only the cookies whose keys don\'t match any of the strings
+    -- specified here.
+    excludedCookies :: Prelude.Maybe (Prelude.NonEmpty Prelude.Text),
+    -- | Inspect only the cookies that have a key that matches one of the strings
+    -- specified here.
+    includedCookies :: Prelude.Maybe (Prelude.NonEmpty Prelude.Text)
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CookieMatchPattern' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'all', 'cookieMatchPattern_all' - Inspect all cookies.
+--
+-- 'excludedCookies', 'cookieMatchPattern_excludedCookies' - Inspect only the cookies whose keys don\'t match any of the strings
+-- specified here.
+--
+-- 'includedCookies', 'cookieMatchPattern_includedCookies' - Inspect only the cookies that have a key that matches one of the strings
+-- specified here.
+newCookieMatchPattern ::
+  CookieMatchPattern
+newCookieMatchPattern =
+  CookieMatchPattern'
+    { all = Prelude.Nothing,
+      excludedCookies = Prelude.Nothing,
+      includedCookies = Prelude.Nothing
+    }
+
+-- | Inspect all cookies.
+cookieMatchPattern_all :: Lens.Lens' CookieMatchPattern (Prelude.Maybe All)
+cookieMatchPattern_all = Lens.lens (\CookieMatchPattern' {all} -> all) (\s@CookieMatchPattern' {} a -> s {all = a} :: CookieMatchPattern)
+
+-- | Inspect only the cookies whose keys don\'t match any of the strings
+-- specified here.
+cookieMatchPattern_excludedCookies :: Lens.Lens' CookieMatchPattern (Prelude.Maybe (Prelude.NonEmpty Prelude.Text))
+cookieMatchPattern_excludedCookies = Lens.lens (\CookieMatchPattern' {excludedCookies} -> excludedCookies) (\s@CookieMatchPattern' {} a -> s {excludedCookies = a} :: CookieMatchPattern) Prelude.. Lens.mapping Lens.coerced
+
+-- | Inspect only the cookies that have a key that matches one of the strings
+-- specified here.
+cookieMatchPattern_includedCookies :: Lens.Lens' CookieMatchPattern (Prelude.Maybe (Prelude.NonEmpty Prelude.Text))
+cookieMatchPattern_includedCookies = Lens.lens (\CookieMatchPattern' {includedCookies} -> includedCookies) (\s@CookieMatchPattern' {} a -> s {includedCookies = a} :: CookieMatchPattern) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON CookieMatchPattern where
+  parseJSON =
+    Data.withObject
+      "CookieMatchPattern"
+      ( \x ->
+          CookieMatchPattern'
+            Prelude.<$> (x Data..:? "All")
+            Prelude.<*> (x Data..:? "ExcludedCookies")
+            Prelude.<*> (x Data..:? "IncludedCookies")
+      )
+
+instance Prelude.Hashable CookieMatchPattern where
+  hashWithSalt _salt CookieMatchPattern' {..} =
+    _salt
+      `Prelude.hashWithSalt` all
+      `Prelude.hashWithSalt` excludedCookies
+      `Prelude.hashWithSalt` includedCookies
+
+instance Prelude.NFData CookieMatchPattern where
+  rnf CookieMatchPattern' {..} =
+    Prelude.rnf all
+      `Prelude.seq` Prelude.rnf excludedCookies
+      `Prelude.seq` Prelude.rnf includedCookies
+
+instance Data.ToJSON CookieMatchPattern where
+  toJSON CookieMatchPattern' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("All" Data..=) Prelude.<$> all,
+            ("ExcludedCookies" Data..=)
+              Prelude.<$> excludedCookies,
+            ("IncludedCookies" Data..=)
+              Prelude.<$> includedCookies
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/Cookies.hs b/gen/Amazonka/WAFV2/Types/Cookies.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/Cookies.hs
@@ -0,0 +1,196 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.Cookies
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.Cookies where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.CookieMatchPattern
+import Amazonka.WAFV2.Types.MapMatchScope
+import Amazonka.WAFV2.Types.OversizeHandling
+
+-- | Inspect the cookies in the web request. You can specify the parts of the
+-- cookies to inspect and you can narrow the set of cookies to inspect by
+-- including or excluding specific keys.
+--
+-- This is used to indicate the web request component to inspect, in the
+-- FieldToMatch specification.
+--
+-- Example JSON:
+-- @\"Cookies\": { \"MatchPattern\": { \"All\": {} }, \"MatchScope\": \"KEY\", \"OversizeHandling\": \"MATCH\" }@
+--
+-- /See:/ 'newCookies' smart constructor.
+data Cookies = Cookies'
+  { -- | The filter to use to identify the subset of cookies to inspect in a web
+    -- request.
+    --
+    -- You must specify exactly one setting: either @All@, @IncludedCookies@,
+    -- or @ExcludedCookies@.
+    --
+    -- Example JSON:
+    -- @\"MatchPattern\": { \"IncludedCookies\": {\"KeyToInclude1\", \"KeyToInclude2\", \"KeyToInclude3\"} }@
+    matchPattern :: CookieMatchPattern,
+    -- | The parts of the cookies to inspect with the rule inspection criteria.
+    -- If you specify @All@, WAF inspects both keys and values.
+    matchScope :: MapMatchScope,
+    -- | What WAF should do if the cookies of the request are larger than WAF can
+    -- inspect. WAF does not support inspecting the entire contents of request
+    -- cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The
+    -- underlying host service forwards a maximum of 200 cookies and at most 8
+    -- KB of cookie contents to WAF.
+    --
+    -- The options for oversize handling are the following:
+    --
+    -- -   @CONTINUE@ - Inspect the cookies normally, according to the rule
+    --     inspection criteria.
+    --
+    -- -   @MATCH@ - Treat the web request as matching the rule statement. WAF
+    --     applies the rule action to the request.
+    --
+    -- -   @NO_MATCH@ - Treat the web request as not matching the rule
+    --     statement.
+    oversizeHandling :: OversizeHandling
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Cookies' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'matchPattern', 'cookies_matchPattern' - The filter to use to identify the subset of cookies to inspect in a web
+-- request.
+--
+-- You must specify exactly one setting: either @All@, @IncludedCookies@,
+-- or @ExcludedCookies@.
+--
+-- Example JSON:
+-- @\"MatchPattern\": { \"IncludedCookies\": {\"KeyToInclude1\", \"KeyToInclude2\", \"KeyToInclude3\"} }@
+--
+-- 'matchScope', 'cookies_matchScope' - The parts of the cookies to inspect with the rule inspection criteria.
+-- If you specify @All@, WAF inspects both keys and values.
+--
+-- 'oversizeHandling', 'cookies_oversizeHandling' - What WAF should do if the cookies of the request are larger than WAF can
+-- inspect. WAF does not support inspecting the entire contents of request
+-- cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The
+-- underlying host service forwards a maximum of 200 cookies and at most 8
+-- KB of cookie contents to WAF.
+--
+-- The options for oversize handling are the following:
+--
+-- -   @CONTINUE@ - Inspect the cookies normally, according to the rule
+--     inspection criteria.
+--
+-- -   @MATCH@ - Treat the web request as matching the rule statement. WAF
+--     applies the rule action to the request.
+--
+-- -   @NO_MATCH@ - Treat the web request as not matching the rule
+--     statement.
+newCookies ::
+  -- | 'matchPattern'
+  CookieMatchPattern ->
+  -- | 'matchScope'
+  MapMatchScope ->
+  -- | 'oversizeHandling'
+  OversizeHandling ->
+  Cookies
+newCookies
+  pMatchPattern_
+  pMatchScope_
+  pOversizeHandling_ =
+    Cookies'
+      { matchPattern = pMatchPattern_,
+        matchScope = pMatchScope_,
+        oversizeHandling = pOversizeHandling_
+      }
+
+-- | The filter to use to identify the subset of cookies to inspect in a web
+-- request.
+--
+-- You must specify exactly one setting: either @All@, @IncludedCookies@,
+-- or @ExcludedCookies@.
+--
+-- Example JSON:
+-- @\"MatchPattern\": { \"IncludedCookies\": {\"KeyToInclude1\", \"KeyToInclude2\", \"KeyToInclude3\"} }@
+cookies_matchPattern :: Lens.Lens' Cookies CookieMatchPattern
+cookies_matchPattern = Lens.lens (\Cookies' {matchPattern} -> matchPattern) (\s@Cookies' {} a -> s {matchPattern = a} :: Cookies)
+
+-- | The parts of the cookies to inspect with the rule inspection criteria.
+-- If you specify @All@, WAF inspects both keys and values.
+cookies_matchScope :: Lens.Lens' Cookies MapMatchScope
+cookies_matchScope = Lens.lens (\Cookies' {matchScope} -> matchScope) (\s@Cookies' {} a -> s {matchScope = a} :: Cookies)
+
+-- | What WAF should do if the cookies of the request are larger than WAF can
+-- inspect. WAF does not support inspecting the entire contents of request
+-- cookies when they exceed 8 KB (8192 bytes) or 200 total cookies. The
+-- underlying host service forwards a maximum of 200 cookies and at most 8
+-- KB of cookie contents to WAF.
+--
+-- The options for oversize handling are the following:
+--
+-- -   @CONTINUE@ - Inspect the cookies normally, according to the rule
+--     inspection criteria.
+--
+-- -   @MATCH@ - Treat the web request as matching the rule statement. WAF
+--     applies the rule action to the request.
+--
+-- -   @NO_MATCH@ - Treat the web request as not matching the rule
+--     statement.
+cookies_oversizeHandling :: Lens.Lens' Cookies OversizeHandling
+cookies_oversizeHandling = Lens.lens (\Cookies' {oversizeHandling} -> oversizeHandling) (\s@Cookies' {} a -> s {oversizeHandling = a} :: Cookies)
+
+instance Data.FromJSON Cookies where
+  parseJSON =
+    Data.withObject
+      "Cookies"
+      ( \x ->
+          Cookies'
+            Prelude.<$> (x Data..: "MatchPattern")
+            Prelude.<*> (x Data..: "MatchScope")
+            Prelude.<*> (x Data..: "OversizeHandling")
+      )
+
+instance Prelude.Hashable Cookies where
+  hashWithSalt _salt Cookies' {..} =
+    _salt
+      `Prelude.hashWithSalt` matchPattern
+      `Prelude.hashWithSalt` matchScope
+      `Prelude.hashWithSalt` oversizeHandling
+
+instance Prelude.NFData Cookies where
+  rnf Cookies' {..} =
+    Prelude.rnf matchPattern
+      `Prelude.seq` Prelude.rnf matchScope
+      `Prelude.seq` Prelude.rnf oversizeHandling
+
+instance Data.ToJSON Cookies where
+  toJSON Cookies' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("MatchPattern" Data..= matchPattern),
+            Prelude.Just ("MatchScope" Data..= matchScope),
+            Prelude.Just
+              ("OversizeHandling" Data..= oversizeHandling)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/CountAction.hs b/gen/Amazonka/WAFV2/Types/CountAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/CountAction.hs
@@ -0,0 +1,101 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.CountAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.CountAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.CustomRequestHandling
+
+-- | Specifies that WAF should count the request. Optionally defines
+-- additional custom handling for the request.
+--
+-- This is used in the context of other settings, for example to specify
+-- values for RuleAction and web ACL DefaultAction.
+--
+-- /See:/ 'newCountAction' smart constructor.
+data CountAction = CountAction'
+  { -- | Defines custom handling for the web request.
+    --
+    -- For information about customizing web requests and responses, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+    -- in the
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+    customRequestHandling :: Prelude.Maybe CustomRequestHandling
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CountAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'customRequestHandling', 'countAction_customRequestHandling' - Defines custom handling for the web request.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+newCountAction ::
+  CountAction
+newCountAction =
+  CountAction'
+    { customRequestHandling =
+        Prelude.Nothing
+    }
+
+-- | Defines custom handling for the web request.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+countAction_customRequestHandling :: Lens.Lens' CountAction (Prelude.Maybe CustomRequestHandling)
+countAction_customRequestHandling = Lens.lens (\CountAction' {customRequestHandling} -> customRequestHandling) (\s@CountAction' {} a -> s {customRequestHandling = a} :: CountAction)
+
+instance Data.FromJSON CountAction where
+  parseJSON =
+    Data.withObject
+      "CountAction"
+      ( \x ->
+          CountAction'
+            Prelude.<$> (x Data..:? "CustomRequestHandling")
+      )
+
+instance Prelude.Hashable CountAction where
+  hashWithSalt _salt CountAction' {..} =
+    _salt `Prelude.hashWithSalt` customRequestHandling
+
+instance Prelude.NFData CountAction where
+  rnf CountAction' {..} =
+    Prelude.rnf customRequestHandling
+
+instance Data.ToJSON CountAction where
+  toJSON CountAction' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CustomRequestHandling" Data..=)
+              Prelude.<$> customRequestHandling
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/CountryCode.hs b/gen/Amazonka/WAFV2/Types/CountryCode.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/CountryCode.hs
@@ -0,0 +1,1311 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.CountryCode
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.CountryCode
+  ( CountryCode
+      ( ..,
+        CountryCode_AD,
+        CountryCode_AE,
+        CountryCode_AF,
+        CountryCode_AG,
+        CountryCode_AI,
+        CountryCode_AL,
+        CountryCode_AM,
+        CountryCode_AO,
+        CountryCode_AQ,
+        CountryCode_AR,
+        CountryCode_AS,
+        CountryCode_AT,
+        CountryCode_AU,
+        CountryCode_AW,
+        CountryCode_AX,
+        CountryCode_AZ,
+        CountryCode_BA,
+        CountryCode_BB,
+        CountryCode_BD,
+        CountryCode_BE,
+        CountryCode_BF,
+        CountryCode_BG,
+        CountryCode_BH,
+        CountryCode_BI,
+        CountryCode_BJ,
+        CountryCode_BL,
+        CountryCode_BM,
+        CountryCode_BN,
+        CountryCode_BO,
+        CountryCode_BQ,
+        CountryCode_BR,
+        CountryCode_BS,
+        CountryCode_BT,
+        CountryCode_BV,
+        CountryCode_BW,
+        CountryCode_BY,
+        CountryCode_BZ,
+        CountryCode_CA,
+        CountryCode_CC,
+        CountryCode_CD,
+        CountryCode_CF,
+        CountryCode_CG,
+        CountryCode_CH,
+        CountryCode_CI,
+        CountryCode_CK,
+        CountryCode_CL,
+        CountryCode_CM,
+        CountryCode_CN,
+        CountryCode_CO,
+        CountryCode_CR,
+        CountryCode_CU,
+        CountryCode_CV,
+        CountryCode_CW,
+        CountryCode_CX,
+        CountryCode_CY,
+        CountryCode_CZ,
+        CountryCode_DE,
+        CountryCode_DJ,
+        CountryCode_DK,
+        CountryCode_DM,
+        CountryCode_DO,
+        CountryCode_DZ,
+        CountryCode_EC,
+        CountryCode_EE,
+        CountryCode_EG,
+        CountryCode_EH,
+        CountryCode_ER,
+        CountryCode_ES,
+        CountryCode_ET,
+        CountryCode_FI,
+        CountryCode_FJ,
+        CountryCode_FK,
+        CountryCode_FM,
+        CountryCode_FO,
+        CountryCode_FR,
+        CountryCode_GA,
+        CountryCode_GB,
+        CountryCode_GD,
+        CountryCode_GE,
+        CountryCode_GF,
+        CountryCode_GG,
+        CountryCode_GH,
+        CountryCode_GI,
+        CountryCode_GL,
+        CountryCode_GM,
+        CountryCode_GN,
+        CountryCode_GP,
+        CountryCode_GQ,
+        CountryCode_GR,
+        CountryCode_GS,
+        CountryCode_GT,
+        CountryCode_GU,
+        CountryCode_GW,
+        CountryCode_GY,
+        CountryCode_HK,
+        CountryCode_HM,
+        CountryCode_HN,
+        CountryCode_HR,
+        CountryCode_HT,
+        CountryCode_HU,
+        CountryCode_ID,
+        CountryCode_IE,
+        CountryCode_IL,
+        CountryCode_IM,
+        CountryCode_IN,
+        CountryCode_IO,
+        CountryCode_IQ,
+        CountryCode_IR,
+        CountryCode_IS,
+        CountryCode_IT,
+        CountryCode_JE,
+        CountryCode_JM,
+        CountryCode_JO,
+        CountryCode_JP,
+        CountryCode_KE,
+        CountryCode_KG,
+        CountryCode_KH,
+        CountryCode_KI,
+        CountryCode_KM,
+        CountryCode_KN,
+        CountryCode_KP,
+        CountryCode_KR,
+        CountryCode_KW,
+        CountryCode_KY,
+        CountryCode_KZ,
+        CountryCode_LA,
+        CountryCode_LB,
+        CountryCode_LC,
+        CountryCode_LI,
+        CountryCode_LK,
+        CountryCode_LR,
+        CountryCode_LS,
+        CountryCode_LT,
+        CountryCode_LU,
+        CountryCode_LV,
+        CountryCode_LY,
+        CountryCode_MA,
+        CountryCode_MC,
+        CountryCode_MD,
+        CountryCode_ME,
+        CountryCode_MF,
+        CountryCode_MG,
+        CountryCode_MH,
+        CountryCode_MK,
+        CountryCode_ML,
+        CountryCode_MM,
+        CountryCode_MN,
+        CountryCode_MO,
+        CountryCode_MP,
+        CountryCode_MQ,
+        CountryCode_MR,
+        CountryCode_MS,
+        CountryCode_MT,
+        CountryCode_MU,
+        CountryCode_MV,
+        CountryCode_MW,
+        CountryCode_MX,
+        CountryCode_MY,
+        CountryCode_MZ,
+        CountryCode_NA,
+        CountryCode_NC,
+        CountryCode_NE,
+        CountryCode_NF,
+        CountryCode_NG,
+        CountryCode_NI,
+        CountryCode_NL,
+        CountryCode_NO,
+        CountryCode_NP,
+        CountryCode_NR,
+        CountryCode_NU,
+        CountryCode_NZ,
+        CountryCode_OM,
+        CountryCode_PA,
+        CountryCode_PE,
+        CountryCode_PF,
+        CountryCode_PG,
+        CountryCode_PH,
+        CountryCode_PK,
+        CountryCode_PL,
+        CountryCode_PM,
+        CountryCode_PN,
+        CountryCode_PR,
+        CountryCode_PS,
+        CountryCode_PT,
+        CountryCode_PW,
+        CountryCode_PY,
+        CountryCode_QA,
+        CountryCode_RE,
+        CountryCode_RO,
+        CountryCode_RS,
+        CountryCode_RU,
+        CountryCode_RW,
+        CountryCode_SA,
+        CountryCode_SB,
+        CountryCode_SC,
+        CountryCode_SD,
+        CountryCode_SE,
+        CountryCode_SG,
+        CountryCode_SH,
+        CountryCode_SI,
+        CountryCode_SJ,
+        CountryCode_SK,
+        CountryCode_SL,
+        CountryCode_SM,
+        CountryCode_SN,
+        CountryCode_SO,
+        CountryCode_SR,
+        CountryCode_SS,
+        CountryCode_ST,
+        CountryCode_SV,
+        CountryCode_SX,
+        CountryCode_SY,
+        CountryCode_SZ,
+        CountryCode_TC,
+        CountryCode_TD,
+        CountryCode_TF,
+        CountryCode_TG,
+        CountryCode_TH,
+        CountryCode_TJ,
+        CountryCode_TK,
+        CountryCode_TL,
+        CountryCode_TM,
+        CountryCode_TN,
+        CountryCode_TO,
+        CountryCode_TR,
+        CountryCode_TT,
+        CountryCode_TV,
+        CountryCode_TW,
+        CountryCode_TZ,
+        CountryCode_UA,
+        CountryCode_UG,
+        CountryCode_UM,
+        CountryCode_US,
+        CountryCode_UY,
+        CountryCode_UZ,
+        CountryCode_VA,
+        CountryCode_VC,
+        CountryCode_VE,
+        CountryCode_VG,
+        CountryCode_VI,
+        CountryCode_VN,
+        CountryCode_VU,
+        CountryCode_WF,
+        CountryCode_WS,
+        CountryCode_XK,
+        CountryCode_YE,
+        CountryCode_YT,
+        CountryCode_ZA,
+        CountryCode_ZM,
+        CountryCode_ZW
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype CountryCode = CountryCode'
+  { fromCountryCode ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern CountryCode_AD :: CountryCode
+pattern CountryCode_AD = CountryCode' "AD"
+
+pattern CountryCode_AE :: CountryCode
+pattern CountryCode_AE = CountryCode' "AE"
+
+pattern CountryCode_AF :: CountryCode
+pattern CountryCode_AF = CountryCode' "AF"
+
+pattern CountryCode_AG :: CountryCode
+pattern CountryCode_AG = CountryCode' "AG"
+
+pattern CountryCode_AI :: CountryCode
+pattern CountryCode_AI = CountryCode' "AI"
+
+pattern CountryCode_AL :: CountryCode
+pattern CountryCode_AL = CountryCode' "AL"
+
+pattern CountryCode_AM :: CountryCode
+pattern CountryCode_AM = CountryCode' "AM"
+
+pattern CountryCode_AO :: CountryCode
+pattern CountryCode_AO = CountryCode' "AO"
+
+pattern CountryCode_AQ :: CountryCode
+pattern CountryCode_AQ = CountryCode' "AQ"
+
+pattern CountryCode_AR :: CountryCode
+pattern CountryCode_AR = CountryCode' "AR"
+
+pattern CountryCode_AS :: CountryCode
+pattern CountryCode_AS = CountryCode' "AS"
+
+pattern CountryCode_AT :: CountryCode
+pattern CountryCode_AT = CountryCode' "AT"
+
+pattern CountryCode_AU :: CountryCode
+pattern CountryCode_AU = CountryCode' "AU"
+
+pattern CountryCode_AW :: CountryCode
+pattern CountryCode_AW = CountryCode' "AW"
+
+pattern CountryCode_AX :: CountryCode
+pattern CountryCode_AX = CountryCode' "AX"
+
+pattern CountryCode_AZ :: CountryCode
+pattern CountryCode_AZ = CountryCode' "AZ"
+
+pattern CountryCode_BA :: CountryCode
+pattern CountryCode_BA = CountryCode' "BA"
+
+pattern CountryCode_BB :: CountryCode
+pattern CountryCode_BB = CountryCode' "BB"
+
+pattern CountryCode_BD :: CountryCode
+pattern CountryCode_BD = CountryCode' "BD"
+
+pattern CountryCode_BE :: CountryCode
+pattern CountryCode_BE = CountryCode' "BE"
+
+pattern CountryCode_BF :: CountryCode
+pattern CountryCode_BF = CountryCode' "BF"
+
+pattern CountryCode_BG :: CountryCode
+pattern CountryCode_BG = CountryCode' "BG"
+
+pattern CountryCode_BH :: CountryCode
+pattern CountryCode_BH = CountryCode' "BH"
+
+pattern CountryCode_BI :: CountryCode
+pattern CountryCode_BI = CountryCode' "BI"
+
+pattern CountryCode_BJ :: CountryCode
+pattern CountryCode_BJ = CountryCode' "BJ"
+
+pattern CountryCode_BL :: CountryCode
+pattern CountryCode_BL = CountryCode' "BL"
+
+pattern CountryCode_BM :: CountryCode
+pattern CountryCode_BM = CountryCode' "BM"
+
+pattern CountryCode_BN :: CountryCode
+pattern CountryCode_BN = CountryCode' "BN"
+
+pattern CountryCode_BO :: CountryCode
+pattern CountryCode_BO = CountryCode' "BO"
+
+pattern CountryCode_BQ :: CountryCode
+pattern CountryCode_BQ = CountryCode' "BQ"
+
+pattern CountryCode_BR :: CountryCode
+pattern CountryCode_BR = CountryCode' "BR"
+
+pattern CountryCode_BS :: CountryCode
+pattern CountryCode_BS = CountryCode' "BS"
+
+pattern CountryCode_BT :: CountryCode
+pattern CountryCode_BT = CountryCode' "BT"
+
+pattern CountryCode_BV :: CountryCode
+pattern CountryCode_BV = CountryCode' "BV"
+
+pattern CountryCode_BW :: CountryCode
+pattern CountryCode_BW = CountryCode' "BW"
+
+pattern CountryCode_BY :: CountryCode
+pattern CountryCode_BY = CountryCode' "BY"
+
+pattern CountryCode_BZ :: CountryCode
+pattern CountryCode_BZ = CountryCode' "BZ"
+
+pattern CountryCode_CA :: CountryCode
+pattern CountryCode_CA = CountryCode' "CA"
+
+pattern CountryCode_CC :: CountryCode
+pattern CountryCode_CC = CountryCode' "CC"
+
+pattern CountryCode_CD :: CountryCode
+pattern CountryCode_CD = CountryCode' "CD"
+
+pattern CountryCode_CF :: CountryCode
+pattern CountryCode_CF = CountryCode' "CF"
+
+pattern CountryCode_CG :: CountryCode
+pattern CountryCode_CG = CountryCode' "CG"
+
+pattern CountryCode_CH :: CountryCode
+pattern CountryCode_CH = CountryCode' "CH"
+
+pattern CountryCode_CI :: CountryCode
+pattern CountryCode_CI = CountryCode' "CI"
+
+pattern CountryCode_CK :: CountryCode
+pattern CountryCode_CK = CountryCode' "CK"
+
+pattern CountryCode_CL :: CountryCode
+pattern CountryCode_CL = CountryCode' "CL"
+
+pattern CountryCode_CM :: CountryCode
+pattern CountryCode_CM = CountryCode' "CM"
+
+pattern CountryCode_CN :: CountryCode
+pattern CountryCode_CN = CountryCode' "CN"
+
+pattern CountryCode_CO :: CountryCode
+pattern CountryCode_CO = CountryCode' "CO"
+
+pattern CountryCode_CR :: CountryCode
+pattern CountryCode_CR = CountryCode' "CR"
+
+pattern CountryCode_CU :: CountryCode
+pattern CountryCode_CU = CountryCode' "CU"
+
+pattern CountryCode_CV :: CountryCode
+pattern CountryCode_CV = CountryCode' "CV"
+
+pattern CountryCode_CW :: CountryCode
+pattern CountryCode_CW = CountryCode' "CW"
+
+pattern CountryCode_CX :: CountryCode
+pattern CountryCode_CX = CountryCode' "CX"
+
+pattern CountryCode_CY :: CountryCode
+pattern CountryCode_CY = CountryCode' "CY"
+
+pattern CountryCode_CZ :: CountryCode
+pattern CountryCode_CZ = CountryCode' "CZ"
+
+pattern CountryCode_DE :: CountryCode
+pattern CountryCode_DE = CountryCode' "DE"
+
+pattern CountryCode_DJ :: CountryCode
+pattern CountryCode_DJ = CountryCode' "DJ"
+
+pattern CountryCode_DK :: CountryCode
+pattern CountryCode_DK = CountryCode' "DK"
+
+pattern CountryCode_DM :: CountryCode
+pattern CountryCode_DM = CountryCode' "DM"
+
+pattern CountryCode_DO :: CountryCode
+pattern CountryCode_DO = CountryCode' "DO"
+
+pattern CountryCode_DZ :: CountryCode
+pattern CountryCode_DZ = CountryCode' "DZ"
+
+pattern CountryCode_EC :: CountryCode
+pattern CountryCode_EC = CountryCode' "EC"
+
+pattern CountryCode_EE :: CountryCode
+pattern CountryCode_EE = CountryCode' "EE"
+
+pattern CountryCode_EG :: CountryCode
+pattern CountryCode_EG = CountryCode' "EG"
+
+pattern CountryCode_EH :: CountryCode
+pattern CountryCode_EH = CountryCode' "EH"
+
+pattern CountryCode_ER :: CountryCode
+pattern CountryCode_ER = CountryCode' "ER"
+
+pattern CountryCode_ES :: CountryCode
+pattern CountryCode_ES = CountryCode' "ES"
+
+pattern CountryCode_ET :: CountryCode
+pattern CountryCode_ET = CountryCode' "ET"
+
+pattern CountryCode_FI :: CountryCode
+pattern CountryCode_FI = CountryCode' "FI"
+
+pattern CountryCode_FJ :: CountryCode
+pattern CountryCode_FJ = CountryCode' "FJ"
+
+pattern CountryCode_FK :: CountryCode
+pattern CountryCode_FK = CountryCode' "FK"
+
+pattern CountryCode_FM :: CountryCode
+pattern CountryCode_FM = CountryCode' "FM"
+
+pattern CountryCode_FO :: CountryCode
+pattern CountryCode_FO = CountryCode' "FO"
+
+pattern CountryCode_FR :: CountryCode
+pattern CountryCode_FR = CountryCode' "FR"
+
+pattern CountryCode_GA :: CountryCode
+pattern CountryCode_GA = CountryCode' "GA"
+
+pattern CountryCode_GB :: CountryCode
+pattern CountryCode_GB = CountryCode' "GB"
+
+pattern CountryCode_GD :: CountryCode
+pattern CountryCode_GD = CountryCode' "GD"
+
+pattern CountryCode_GE :: CountryCode
+pattern CountryCode_GE = CountryCode' "GE"
+
+pattern CountryCode_GF :: CountryCode
+pattern CountryCode_GF = CountryCode' "GF"
+
+pattern CountryCode_GG :: CountryCode
+pattern CountryCode_GG = CountryCode' "GG"
+
+pattern CountryCode_GH :: CountryCode
+pattern CountryCode_GH = CountryCode' "GH"
+
+pattern CountryCode_GI :: CountryCode
+pattern CountryCode_GI = CountryCode' "GI"
+
+pattern CountryCode_GL :: CountryCode
+pattern CountryCode_GL = CountryCode' "GL"
+
+pattern CountryCode_GM :: CountryCode
+pattern CountryCode_GM = CountryCode' "GM"
+
+pattern CountryCode_GN :: CountryCode
+pattern CountryCode_GN = CountryCode' "GN"
+
+pattern CountryCode_GP :: CountryCode
+pattern CountryCode_GP = CountryCode' "GP"
+
+pattern CountryCode_GQ :: CountryCode
+pattern CountryCode_GQ = CountryCode' "GQ"
+
+pattern CountryCode_GR :: CountryCode
+pattern CountryCode_GR = CountryCode' "GR"
+
+pattern CountryCode_GS :: CountryCode
+pattern CountryCode_GS = CountryCode' "GS"
+
+pattern CountryCode_GT :: CountryCode
+pattern CountryCode_GT = CountryCode' "GT"
+
+pattern CountryCode_GU :: CountryCode
+pattern CountryCode_GU = CountryCode' "GU"
+
+pattern CountryCode_GW :: CountryCode
+pattern CountryCode_GW = CountryCode' "GW"
+
+pattern CountryCode_GY :: CountryCode
+pattern CountryCode_GY = CountryCode' "GY"
+
+pattern CountryCode_HK :: CountryCode
+pattern CountryCode_HK = CountryCode' "HK"
+
+pattern CountryCode_HM :: CountryCode
+pattern CountryCode_HM = CountryCode' "HM"
+
+pattern CountryCode_HN :: CountryCode
+pattern CountryCode_HN = CountryCode' "HN"
+
+pattern CountryCode_HR :: CountryCode
+pattern CountryCode_HR = CountryCode' "HR"
+
+pattern CountryCode_HT :: CountryCode
+pattern CountryCode_HT = CountryCode' "HT"
+
+pattern CountryCode_HU :: CountryCode
+pattern CountryCode_HU = CountryCode' "HU"
+
+pattern CountryCode_ID :: CountryCode
+pattern CountryCode_ID = CountryCode' "ID"
+
+pattern CountryCode_IE :: CountryCode
+pattern CountryCode_IE = CountryCode' "IE"
+
+pattern CountryCode_IL :: CountryCode
+pattern CountryCode_IL = CountryCode' "IL"
+
+pattern CountryCode_IM :: CountryCode
+pattern CountryCode_IM = CountryCode' "IM"
+
+pattern CountryCode_IN :: CountryCode
+pattern CountryCode_IN = CountryCode' "IN"
+
+pattern CountryCode_IO :: CountryCode
+pattern CountryCode_IO = CountryCode' "IO"
+
+pattern CountryCode_IQ :: CountryCode
+pattern CountryCode_IQ = CountryCode' "IQ"
+
+pattern CountryCode_IR :: CountryCode
+pattern CountryCode_IR = CountryCode' "IR"
+
+pattern CountryCode_IS :: CountryCode
+pattern CountryCode_IS = CountryCode' "IS"
+
+pattern CountryCode_IT :: CountryCode
+pattern CountryCode_IT = CountryCode' "IT"
+
+pattern CountryCode_JE :: CountryCode
+pattern CountryCode_JE = CountryCode' "JE"
+
+pattern CountryCode_JM :: CountryCode
+pattern CountryCode_JM = CountryCode' "JM"
+
+pattern CountryCode_JO :: CountryCode
+pattern CountryCode_JO = CountryCode' "JO"
+
+pattern CountryCode_JP :: CountryCode
+pattern CountryCode_JP = CountryCode' "JP"
+
+pattern CountryCode_KE :: CountryCode
+pattern CountryCode_KE = CountryCode' "KE"
+
+pattern CountryCode_KG :: CountryCode
+pattern CountryCode_KG = CountryCode' "KG"
+
+pattern CountryCode_KH :: CountryCode
+pattern CountryCode_KH = CountryCode' "KH"
+
+pattern CountryCode_KI :: CountryCode
+pattern CountryCode_KI = CountryCode' "KI"
+
+pattern CountryCode_KM :: CountryCode
+pattern CountryCode_KM = CountryCode' "KM"
+
+pattern CountryCode_KN :: CountryCode
+pattern CountryCode_KN = CountryCode' "KN"
+
+pattern CountryCode_KP :: CountryCode
+pattern CountryCode_KP = CountryCode' "KP"
+
+pattern CountryCode_KR :: CountryCode
+pattern CountryCode_KR = CountryCode' "KR"
+
+pattern CountryCode_KW :: CountryCode
+pattern CountryCode_KW = CountryCode' "KW"
+
+pattern CountryCode_KY :: CountryCode
+pattern CountryCode_KY = CountryCode' "KY"
+
+pattern CountryCode_KZ :: CountryCode
+pattern CountryCode_KZ = CountryCode' "KZ"
+
+pattern CountryCode_LA :: CountryCode
+pattern CountryCode_LA = CountryCode' "LA"
+
+pattern CountryCode_LB :: CountryCode
+pattern CountryCode_LB = CountryCode' "LB"
+
+pattern CountryCode_LC :: CountryCode
+pattern CountryCode_LC = CountryCode' "LC"
+
+pattern CountryCode_LI :: CountryCode
+pattern CountryCode_LI = CountryCode' "LI"
+
+pattern CountryCode_LK :: CountryCode
+pattern CountryCode_LK = CountryCode' "LK"
+
+pattern CountryCode_LR :: CountryCode
+pattern CountryCode_LR = CountryCode' "LR"
+
+pattern CountryCode_LS :: CountryCode
+pattern CountryCode_LS = CountryCode' "LS"
+
+pattern CountryCode_LT :: CountryCode
+pattern CountryCode_LT = CountryCode' "LT"
+
+pattern CountryCode_LU :: CountryCode
+pattern CountryCode_LU = CountryCode' "LU"
+
+pattern CountryCode_LV :: CountryCode
+pattern CountryCode_LV = CountryCode' "LV"
+
+pattern CountryCode_LY :: CountryCode
+pattern CountryCode_LY = CountryCode' "LY"
+
+pattern CountryCode_MA :: CountryCode
+pattern CountryCode_MA = CountryCode' "MA"
+
+pattern CountryCode_MC :: CountryCode
+pattern CountryCode_MC = CountryCode' "MC"
+
+pattern CountryCode_MD :: CountryCode
+pattern CountryCode_MD = CountryCode' "MD"
+
+pattern CountryCode_ME :: CountryCode
+pattern CountryCode_ME = CountryCode' "ME"
+
+pattern CountryCode_MF :: CountryCode
+pattern CountryCode_MF = CountryCode' "MF"
+
+pattern CountryCode_MG :: CountryCode
+pattern CountryCode_MG = CountryCode' "MG"
+
+pattern CountryCode_MH :: CountryCode
+pattern CountryCode_MH = CountryCode' "MH"
+
+pattern CountryCode_MK :: CountryCode
+pattern CountryCode_MK = CountryCode' "MK"
+
+pattern CountryCode_ML :: CountryCode
+pattern CountryCode_ML = CountryCode' "ML"
+
+pattern CountryCode_MM :: CountryCode
+pattern CountryCode_MM = CountryCode' "MM"
+
+pattern CountryCode_MN :: CountryCode
+pattern CountryCode_MN = CountryCode' "MN"
+
+pattern CountryCode_MO :: CountryCode
+pattern CountryCode_MO = CountryCode' "MO"
+
+pattern CountryCode_MP :: CountryCode
+pattern CountryCode_MP = CountryCode' "MP"
+
+pattern CountryCode_MQ :: CountryCode
+pattern CountryCode_MQ = CountryCode' "MQ"
+
+pattern CountryCode_MR :: CountryCode
+pattern CountryCode_MR = CountryCode' "MR"
+
+pattern CountryCode_MS :: CountryCode
+pattern CountryCode_MS = CountryCode' "MS"
+
+pattern CountryCode_MT :: CountryCode
+pattern CountryCode_MT = CountryCode' "MT"
+
+pattern CountryCode_MU :: CountryCode
+pattern CountryCode_MU = CountryCode' "MU"
+
+pattern CountryCode_MV :: CountryCode
+pattern CountryCode_MV = CountryCode' "MV"
+
+pattern CountryCode_MW :: CountryCode
+pattern CountryCode_MW = CountryCode' "MW"
+
+pattern CountryCode_MX :: CountryCode
+pattern CountryCode_MX = CountryCode' "MX"
+
+pattern CountryCode_MY :: CountryCode
+pattern CountryCode_MY = CountryCode' "MY"
+
+pattern CountryCode_MZ :: CountryCode
+pattern CountryCode_MZ = CountryCode' "MZ"
+
+pattern CountryCode_NA :: CountryCode
+pattern CountryCode_NA = CountryCode' "NA"
+
+pattern CountryCode_NC :: CountryCode
+pattern CountryCode_NC = CountryCode' "NC"
+
+pattern CountryCode_NE :: CountryCode
+pattern CountryCode_NE = CountryCode' "NE"
+
+pattern CountryCode_NF :: CountryCode
+pattern CountryCode_NF = CountryCode' "NF"
+
+pattern CountryCode_NG :: CountryCode
+pattern CountryCode_NG = CountryCode' "NG"
+
+pattern CountryCode_NI :: CountryCode
+pattern CountryCode_NI = CountryCode' "NI"
+
+pattern CountryCode_NL :: CountryCode
+pattern CountryCode_NL = CountryCode' "NL"
+
+pattern CountryCode_NO :: CountryCode
+pattern CountryCode_NO = CountryCode' "NO"
+
+pattern CountryCode_NP :: CountryCode
+pattern CountryCode_NP = CountryCode' "NP"
+
+pattern CountryCode_NR :: CountryCode
+pattern CountryCode_NR = CountryCode' "NR"
+
+pattern CountryCode_NU :: CountryCode
+pattern CountryCode_NU = CountryCode' "NU"
+
+pattern CountryCode_NZ :: CountryCode
+pattern CountryCode_NZ = CountryCode' "NZ"
+
+pattern CountryCode_OM :: CountryCode
+pattern CountryCode_OM = CountryCode' "OM"
+
+pattern CountryCode_PA :: CountryCode
+pattern CountryCode_PA = CountryCode' "PA"
+
+pattern CountryCode_PE :: CountryCode
+pattern CountryCode_PE = CountryCode' "PE"
+
+pattern CountryCode_PF :: CountryCode
+pattern CountryCode_PF = CountryCode' "PF"
+
+pattern CountryCode_PG :: CountryCode
+pattern CountryCode_PG = CountryCode' "PG"
+
+pattern CountryCode_PH :: CountryCode
+pattern CountryCode_PH = CountryCode' "PH"
+
+pattern CountryCode_PK :: CountryCode
+pattern CountryCode_PK = CountryCode' "PK"
+
+pattern CountryCode_PL :: CountryCode
+pattern CountryCode_PL = CountryCode' "PL"
+
+pattern CountryCode_PM :: CountryCode
+pattern CountryCode_PM = CountryCode' "PM"
+
+pattern CountryCode_PN :: CountryCode
+pattern CountryCode_PN = CountryCode' "PN"
+
+pattern CountryCode_PR :: CountryCode
+pattern CountryCode_PR = CountryCode' "PR"
+
+pattern CountryCode_PS :: CountryCode
+pattern CountryCode_PS = CountryCode' "PS"
+
+pattern CountryCode_PT :: CountryCode
+pattern CountryCode_PT = CountryCode' "PT"
+
+pattern CountryCode_PW :: CountryCode
+pattern CountryCode_PW = CountryCode' "PW"
+
+pattern CountryCode_PY :: CountryCode
+pattern CountryCode_PY = CountryCode' "PY"
+
+pattern CountryCode_QA :: CountryCode
+pattern CountryCode_QA = CountryCode' "QA"
+
+pattern CountryCode_RE :: CountryCode
+pattern CountryCode_RE = CountryCode' "RE"
+
+pattern CountryCode_RO :: CountryCode
+pattern CountryCode_RO = CountryCode' "RO"
+
+pattern CountryCode_RS :: CountryCode
+pattern CountryCode_RS = CountryCode' "RS"
+
+pattern CountryCode_RU :: CountryCode
+pattern CountryCode_RU = CountryCode' "RU"
+
+pattern CountryCode_RW :: CountryCode
+pattern CountryCode_RW = CountryCode' "RW"
+
+pattern CountryCode_SA :: CountryCode
+pattern CountryCode_SA = CountryCode' "SA"
+
+pattern CountryCode_SB :: CountryCode
+pattern CountryCode_SB = CountryCode' "SB"
+
+pattern CountryCode_SC :: CountryCode
+pattern CountryCode_SC = CountryCode' "SC"
+
+pattern CountryCode_SD :: CountryCode
+pattern CountryCode_SD = CountryCode' "SD"
+
+pattern CountryCode_SE :: CountryCode
+pattern CountryCode_SE = CountryCode' "SE"
+
+pattern CountryCode_SG :: CountryCode
+pattern CountryCode_SG = CountryCode' "SG"
+
+pattern CountryCode_SH :: CountryCode
+pattern CountryCode_SH = CountryCode' "SH"
+
+pattern CountryCode_SI :: CountryCode
+pattern CountryCode_SI = CountryCode' "SI"
+
+pattern CountryCode_SJ :: CountryCode
+pattern CountryCode_SJ = CountryCode' "SJ"
+
+pattern CountryCode_SK :: CountryCode
+pattern CountryCode_SK = CountryCode' "SK"
+
+pattern CountryCode_SL :: CountryCode
+pattern CountryCode_SL = CountryCode' "SL"
+
+pattern CountryCode_SM :: CountryCode
+pattern CountryCode_SM = CountryCode' "SM"
+
+pattern CountryCode_SN :: CountryCode
+pattern CountryCode_SN = CountryCode' "SN"
+
+pattern CountryCode_SO :: CountryCode
+pattern CountryCode_SO = CountryCode' "SO"
+
+pattern CountryCode_SR :: CountryCode
+pattern CountryCode_SR = CountryCode' "SR"
+
+pattern CountryCode_SS :: CountryCode
+pattern CountryCode_SS = CountryCode' "SS"
+
+pattern CountryCode_ST :: CountryCode
+pattern CountryCode_ST = CountryCode' "ST"
+
+pattern CountryCode_SV :: CountryCode
+pattern CountryCode_SV = CountryCode' "SV"
+
+pattern CountryCode_SX :: CountryCode
+pattern CountryCode_SX = CountryCode' "SX"
+
+pattern CountryCode_SY :: CountryCode
+pattern CountryCode_SY = CountryCode' "SY"
+
+pattern CountryCode_SZ :: CountryCode
+pattern CountryCode_SZ = CountryCode' "SZ"
+
+pattern CountryCode_TC :: CountryCode
+pattern CountryCode_TC = CountryCode' "TC"
+
+pattern CountryCode_TD :: CountryCode
+pattern CountryCode_TD = CountryCode' "TD"
+
+pattern CountryCode_TF :: CountryCode
+pattern CountryCode_TF = CountryCode' "TF"
+
+pattern CountryCode_TG :: CountryCode
+pattern CountryCode_TG = CountryCode' "TG"
+
+pattern CountryCode_TH :: CountryCode
+pattern CountryCode_TH = CountryCode' "TH"
+
+pattern CountryCode_TJ :: CountryCode
+pattern CountryCode_TJ = CountryCode' "TJ"
+
+pattern CountryCode_TK :: CountryCode
+pattern CountryCode_TK = CountryCode' "TK"
+
+pattern CountryCode_TL :: CountryCode
+pattern CountryCode_TL = CountryCode' "TL"
+
+pattern CountryCode_TM :: CountryCode
+pattern CountryCode_TM = CountryCode' "TM"
+
+pattern CountryCode_TN :: CountryCode
+pattern CountryCode_TN = CountryCode' "TN"
+
+pattern CountryCode_TO :: CountryCode
+pattern CountryCode_TO = CountryCode' "TO"
+
+pattern CountryCode_TR :: CountryCode
+pattern CountryCode_TR = CountryCode' "TR"
+
+pattern CountryCode_TT :: CountryCode
+pattern CountryCode_TT = CountryCode' "TT"
+
+pattern CountryCode_TV :: CountryCode
+pattern CountryCode_TV = CountryCode' "TV"
+
+pattern CountryCode_TW :: CountryCode
+pattern CountryCode_TW = CountryCode' "TW"
+
+pattern CountryCode_TZ :: CountryCode
+pattern CountryCode_TZ = CountryCode' "TZ"
+
+pattern CountryCode_UA :: CountryCode
+pattern CountryCode_UA = CountryCode' "UA"
+
+pattern CountryCode_UG :: CountryCode
+pattern CountryCode_UG = CountryCode' "UG"
+
+pattern CountryCode_UM :: CountryCode
+pattern CountryCode_UM = CountryCode' "UM"
+
+pattern CountryCode_US :: CountryCode
+pattern CountryCode_US = CountryCode' "US"
+
+pattern CountryCode_UY :: CountryCode
+pattern CountryCode_UY = CountryCode' "UY"
+
+pattern CountryCode_UZ :: CountryCode
+pattern CountryCode_UZ = CountryCode' "UZ"
+
+pattern CountryCode_VA :: CountryCode
+pattern CountryCode_VA = CountryCode' "VA"
+
+pattern CountryCode_VC :: CountryCode
+pattern CountryCode_VC = CountryCode' "VC"
+
+pattern CountryCode_VE :: CountryCode
+pattern CountryCode_VE = CountryCode' "VE"
+
+pattern CountryCode_VG :: CountryCode
+pattern CountryCode_VG = CountryCode' "VG"
+
+pattern CountryCode_VI :: CountryCode
+pattern CountryCode_VI = CountryCode' "VI"
+
+pattern CountryCode_VN :: CountryCode
+pattern CountryCode_VN = CountryCode' "VN"
+
+pattern CountryCode_VU :: CountryCode
+pattern CountryCode_VU = CountryCode' "VU"
+
+pattern CountryCode_WF :: CountryCode
+pattern CountryCode_WF = CountryCode' "WF"
+
+pattern CountryCode_WS :: CountryCode
+pattern CountryCode_WS = CountryCode' "WS"
+
+pattern CountryCode_XK :: CountryCode
+pattern CountryCode_XK = CountryCode' "XK"
+
+pattern CountryCode_YE :: CountryCode
+pattern CountryCode_YE = CountryCode' "YE"
+
+pattern CountryCode_YT :: CountryCode
+pattern CountryCode_YT = CountryCode' "YT"
+
+pattern CountryCode_ZA :: CountryCode
+pattern CountryCode_ZA = CountryCode' "ZA"
+
+pattern CountryCode_ZM :: CountryCode
+pattern CountryCode_ZM = CountryCode' "ZM"
+
+pattern CountryCode_ZW :: CountryCode
+pattern CountryCode_ZW = CountryCode' "ZW"
+
+{-# COMPLETE
+  CountryCode_AD,
+  CountryCode_AE,
+  CountryCode_AF,
+  CountryCode_AG,
+  CountryCode_AI,
+  CountryCode_AL,
+  CountryCode_AM,
+  CountryCode_AO,
+  CountryCode_AQ,
+  CountryCode_AR,
+  CountryCode_AS,
+  CountryCode_AT,
+  CountryCode_AU,
+  CountryCode_AW,
+  CountryCode_AX,
+  CountryCode_AZ,
+  CountryCode_BA,
+  CountryCode_BB,
+  CountryCode_BD,
+  CountryCode_BE,
+  CountryCode_BF,
+  CountryCode_BG,
+  CountryCode_BH,
+  CountryCode_BI,
+  CountryCode_BJ,
+  CountryCode_BL,
+  CountryCode_BM,
+  CountryCode_BN,
+  CountryCode_BO,
+  CountryCode_BQ,
+  CountryCode_BR,
+  CountryCode_BS,
+  CountryCode_BT,
+  CountryCode_BV,
+  CountryCode_BW,
+  CountryCode_BY,
+  CountryCode_BZ,
+  CountryCode_CA,
+  CountryCode_CC,
+  CountryCode_CD,
+  CountryCode_CF,
+  CountryCode_CG,
+  CountryCode_CH,
+  CountryCode_CI,
+  CountryCode_CK,
+  CountryCode_CL,
+  CountryCode_CM,
+  CountryCode_CN,
+  CountryCode_CO,
+  CountryCode_CR,
+  CountryCode_CU,
+  CountryCode_CV,
+  CountryCode_CW,
+  CountryCode_CX,
+  CountryCode_CY,
+  CountryCode_CZ,
+  CountryCode_DE,
+  CountryCode_DJ,
+  CountryCode_DK,
+  CountryCode_DM,
+  CountryCode_DO,
+  CountryCode_DZ,
+  CountryCode_EC,
+  CountryCode_EE,
+  CountryCode_EG,
+  CountryCode_EH,
+  CountryCode_ER,
+  CountryCode_ES,
+  CountryCode_ET,
+  CountryCode_FI,
+  CountryCode_FJ,
+  CountryCode_FK,
+  CountryCode_FM,
+  CountryCode_FO,
+  CountryCode_FR,
+  CountryCode_GA,
+  CountryCode_GB,
+  CountryCode_GD,
+  CountryCode_GE,
+  CountryCode_GF,
+  CountryCode_GG,
+  CountryCode_GH,
+  CountryCode_GI,
+  CountryCode_GL,
+  CountryCode_GM,
+  CountryCode_GN,
+  CountryCode_GP,
+  CountryCode_GQ,
+  CountryCode_GR,
+  CountryCode_GS,
+  CountryCode_GT,
+  CountryCode_GU,
+  CountryCode_GW,
+  CountryCode_GY,
+  CountryCode_HK,
+  CountryCode_HM,
+  CountryCode_HN,
+  CountryCode_HR,
+  CountryCode_HT,
+  CountryCode_HU,
+  CountryCode_ID,
+  CountryCode_IE,
+  CountryCode_IL,
+  CountryCode_IM,
+  CountryCode_IN,
+  CountryCode_IO,
+  CountryCode_IQ,
+  CountryCode_IR,
+  CountryCode_IS,
+  CountryCode_IT,
+  CountryCode_JE,
+  CountryCode_JM,
+  CountryCode_JO,
+  CountryCode_JP,
+  CountryCode_KE,
+  CountryCode_KG,
+  CountryCode_KH,
+  CountryCode_KI,
+  CountryCode_KM,
+  CountryCode_KN,
+  CountryCode_KP,
+  CountryCode_KR,
+  CountryCode_KW,
+  CountryCode_KY,
+  CountryCode_KZ,
+  CountryCode_LA,
+  CountryCode_LB,
+  CountryCode_LC,
+  CountryCode_LI,
+  CountryCode_LK,
+  CountryCode_LR,
+  CountryCode_LS,
+  CountryCode_LT,
+  CountryCode_LU,
+  CountryCode_LV,
+  CountryCode_LY,
+  CountryCode_MA,
+  CountryCode_MC,
+  CountryCode_MD,
+  CountryCode_ME,
+  CountryCode_MF,
+  CountryCode_MG,
+  CountryCode_MH,
+  CountryCode_MK,
+  CountryCode_ML,
+  CountryCode_MM,
+  CountryCode_MN,
+  CountryCode_MO,
+  CountryCode_MP,
+  CountryCode_MQ,
+  CountryCode_MR,
+  CountryCode_MS,
+  CountryCode_MT,
+  CountryCode_MU,
+  CountryCode_MV,
+  CountryCode_MW,
+  CountryCode_MX,
+  CountryCode_MY,
+  CountryCode_MZ,
+  CountryCode_NA,
+  CountryCode_NC,
+  CountryCode_NE,
+  CountryCode_NF,
+  CountryCode_NG,
+  CountryCode_NI,
+  CountryCode_NL,
+  CountryCode_NO,
+  CountryCode_NP,
+  CountryCode_NR,
+  CountryCode_NU,
+  CountryCode_NZ,
+  CountryCode_OM,
+  CountryCode_PA,
+  CountryCode_PE,
+  CountryCode_PF,
+  CountryCode_PG,
+  CountryCode_PH,
+  CountryCode_PK,
+  CountryCode_PL,
+  CountryCode_PM,
+  CountryCode_PN,
+  CountryCode_PR,
+  CountryCode_PS,
+  CountryCode_PT,
+  CountryCode_PW,
+  CountryCode_PY,
+  CountryCode_QA,
+  CountryCode_RE,
+  CountryCode_RO,
+  CountryCode_RS,
+  CountryCode_RU,
+  CountryCode_RW,
+  CountryCode_SA,
+  CountryCode_SB,
+  CountryCode_SC,
+  CountryCode_SD,
+  CountryCode_SE,
+  CountryCode_SG,
+  CountryCode_SH,
+  CountryCode_SI,
+  CountryCode_SJ,
+  CountryCode_SK,
+  CountryCode_SL,
+  CountryCode_SM,
+  CountryCode_SN,
+  CountryCode_SO,
+  CountryCode_SR,
+  CountryCode_SS,
+  CountryCode_ST,
+  CountryCode_SV,
+  CountryCode_SX,
+  CountryCode_SY,
+  CountryCode_SZ,
+  CountryCode_TC,
+  CountryCode_TD,
+  CountryCode_TF,
+  CountryCode_TG,
+  CountryCode_TH,
+  CountryCode_TJ,
+  CountryCode_TK,
+  CountryCode_TL,
+  CountryCode_TM,
+  CountryCode_TN,
+  CountryCode_TO,
+  CountryCode_TR,
+  CountryCode_TT,
+  CountryCode_TV,
+  CountryCode_TW,
+  CountryCode_TZ,
+  CountryCode_UA,
+  CountryCode_UG,
+  CountryCode_UM,
+  CountryCode_US,
+  CountryCode_UY,
+  CountryCode_UZ,
+  CountryCode_VA,
+  CountryCode_VC,
+  CountryCode_VE,
+  CountryCode_VG,
+  CountryCode_VI,
+  CountryCode_VN,
+  CountryCode_VU,
+  CountryCode_WF,
+  CountryCode_WS,
+  CountryCode_XK,
+  CountryCode_YE,
+  CountryCode_YT,
+  CountryCode_ZA,
+  CountryCode_ZM,
+  CountryCode_ZW,
+  CountryCode'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/CustomHTTPHeader.hs b/gen/Amazonka/WAFV2/Types/CustomHTTPHeader.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/CustomHTTPHeader.hs
@@ -0,0 +1,109 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.CustomHTTPHeader
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.CustomHTTPHeader where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A custom header for custom request and response handling. This is used
+-- in CustomResponse and CustomRequestHandling.
+--
+-- /See:/ 'newCustomHTTPHeader' smart constructor.
+data CustomHTTPHeader = CustomHTTPHeader'
+  { -- | The name of the custom header.
+    --
+    -- For custom request header insertion, when WAF inserts the header into
+    -- the request, it prefixes this name @x-amzn-waf-@, to avoid confusion
+    -- with the headers that are already in the request. For example, for the
+    -- header name @sample@, WAF inserts the header @x-amzn-waf-sample@.
+    name :: Prelude.Text,
+    -- | The value of the custom header.
+    value :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CustomHTTPHeader' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'customHTTPHeader_name' - The name of the custom header.
+--
+-- For custom request header insertion, when WAF inserts the header into
+-- the request, it prefixes this name @x-amzn-waf-@, to avoid confusion
+-- with the headers that are already in the request. For example, for the
+-- header name @sample@, WAF inserts the header @x-amzn-waf-sample@.
+--
+-- 'value', 'customHTTPHeader_value' - The value of the custom header.
+newCustomHTTPHeader ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'value'
+  Prelude.Text ->
+  CustomHTTPHeader
+newCustomHTTPHeader pName_ pValue_ =
+  CustomHTTPHeader' {name = pName_, value = pValue_}
+
+-- | The name of the custom header.
+--
+-- For custom request header insertion, when WAF inserts the header into
+-- the request, it prefixes this name @x-amzn-waf-@, to avoid confusion
+-- with the headers that are already in the request. For example, for the
+-- header name @sample@, WAF inserts the header @x-amzn-waf-sample@.
+customHTTPHeader_name :: Lens.Lens' CustomHTTPHeader Prelude.Text
+customHTTPHeader_name = Lens.lens (\CustomHTTPHeader' {name} -> name) (\s@CustomHTTPHeader' {} a -> s {name = a} :: CustomHTTPHeader)
+
+-- | The value of the custom header.
+customHTTPHeader_value :: Lens.Lens' CustomHTTPHeader Prelude.Text
+customHTTPHeader_value = Lens.lens (\CustomHTTPHeader' {value} -> value) (\s@CustomHTTPHeader' {} a -> s {value = a} :: CustomHTTPHeader)
+
+instance Data.FromJSON CustomHTTPHeader where
+  parseJSON =
+    Data.withObject
+      "CustomHTTPHeader"
+      ( \x ->
+          CustomHTTPHeader'
+            Prelude.<$> (x Data..: "Name")
+            Prelude.<*> (x Data..: "Value")
+      )
+
+instance Prelude.Hashable CustomHTTPHeader where
+  hashWithSalt _salt CustomHTTPHeader' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` value
+
+instance Prelude.NFData CustomHTTPHeader where
+  rnf CustomHTTPHeader' {..} =
+    Prelude.rnf name `Prelude.seq` Prelude.rnf value
+
+instance Data.ToJSON CustomHTTPHeader where
+  toJSON CustomHTTPHeader' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Value" Data..= value)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/CustomRequestHandling.hs b/gen/Amazonka/WAFV2/Types/CustomRequestHandling.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/CustomRequestHandling.hs
@@ -0,0 +1,113 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.CustomRequestHandling
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.CustomRequestHandling where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.CustomHTTPHeader
+
+-- | Custom request handling behavior that inserts custom headers into a web
+-- request. You can add custom request handling for WAF to use when the
+-- rule action doesn\'t block the request. For example, @CaptchaAction@ for
+-- requests with valid t okens, and @AllowAction@.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- /See:/ 'newCustomRequestHandling' smart constructor.
+data CustomRequestHandling = CustomRequestHandling'
+  { -- | The HTTP headers to insert into the request. Duplicate header names are
+    -- not allowed.
+    --
+    -- For information about the limits on count and size for custom request
+    -- and response settings, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+    -- in the
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+    insertHeaders :: Prelude.NonEmpty CustomHTTPHeader
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CustomRequestHandling' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'insertHeaders', 'customRequestHandling_insertHeaders' - The HTTP headers to insert into the request. Duplicate header names are
+-- not allowed.
+--
+-- For information about the limits on count and size for custom request
+-- and response settings, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+newCustomRequestHandling ::
+  -- | 'insertHeaders'
+  Prelude.NonEmpty CustomHTTPHeader ->
+  CustomRequestHandling
+newCustomRequestHandling pInsertHeaders_ =
+  CustomRequestHandling'
+    { insertHeaders =
+        Lens.coerced Lens.# pInsertHeaders_
+    }
+
+-- | The HTTP headers to insert into the request. Duplicate header names are
+-- not allowed.
+--
+-- For information about the limits on count and size for custom request
+-- and response settings, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+customRequestHandling_insertHeaders :: Lens.Lens' CustomRequestHandling (Prelude.NonEmpty CustomHTTPHeader)
+customRequestHandling_insertHeaders = Lens.lens (\CustomRequestHandling' {insertHeaders} -> insertHeaders) (\s@CustomRequestHandling' {} a -> s {insertHeaders = a} :: CustomRequestHandling) Prelude.. Lens.coerced
+
+instance Data.FromJSON CustomRequestHandling where
+  parseJSON =
+    Data.withObject
+      "CustomRequestHandling"
+      ( \x ->
+          CustomRequestHandling'
+            Prelude.<$> (x Data..: "InsertHeaders")
+      )
+
+instance Prelude.Hashable CustomRequestHandling where
+  hashWithSalt _salt CustomRequestHandling' {..} =
+    _salt `Prelude.hashWithSalt` insertHeaders
+
+instance Prelude.NFData CustomRequestHandling where
+  rnf CustomRequestHandling' {..} =
+    Prelude.rnf insertHeaders
+
+instance Data.ToJSON CustomRequestHandling where
+  toJSON CustomRequestHandling' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ("InsertHeaders" Data..= insertHeaders)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/CustomResponse.hs b/gen/Amazonka/WAFV2/Types/CustomResponse.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/CustomResponse.hs
@@ -0,0 +1,176 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.CustomResponse
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.CustomResponse where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.CustomHTTPHeader
+
+-- | A custom response to send to the client. You can define a custom
+-- response for rule actions and default web ACL actions that are set to
+-- BlockAction.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- /See:/ 'newCustomResponse' smart constructor.
+data CustomResponse = CustomResponse'
+  { -- | References the response body that you want WAF to return to the web
+    -- request client. You can define a custom response for a rule action or a
+    -- default web ACL action that is set to block. To do this, you first
+    -- define the response body key and value in the @CustomResponseBodies@
+    -- setting for the WebACL or RuleGroup where you want to use it. Then, in
+    -- the rule action or web ACL default action @BlockAction@ setting, you
+    -- reference the response body using this key.
+    customResponseBodyKey :: Prelude.Maybe Prelude.Text,
+    -- | The HTTP headers to use in the response. Duplicate header names are not
+    -- allowed.
+    --
+    -- For information about the limits on count and size for custom request
+    -- and response settings, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+    -- in the
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+    responseHeaders :: Prelude.Maybe (Prelude.NonEmpty CustomHTTPHeader),
+    -- | The HTTP status code to return to the client.
+    --
+    -- For a list of status codes that you can use in your custom responses,
+    -- see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html Supported status codes for custom response>
+    -- in the
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+    responseCode :: Prelude.Natural
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CustomResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'customResponseBodyKey', 'customResponse_customResponseBodyKey' - References the response body that you want WAF to return to the web
+-- request client. You can define a custom response for a rule action or a
+-- default web ACL action that is set to block. To do this, you first
+-- define the response body key and value in the @CustomResponseBodies@
+-- setting for the WebACL or RuleGroup where you want to use it. Then, in
+-- the rule action or web ACL default action @BlockAction@ setting, you
+-- reference the response body using this key.
+--
+-- 'responseHeaders', 'customResponse_responseHeaders' - The HTTP headers to use in the response. Duplicate header names are not
+-- allowed.
+--
+-- For information about the limits on count and size for custom request
+-- and response settings, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- 'responseCode', 'customResponse_responseCode' - The HTTP status code to return to the client.
+--
+-- For a list of status codes that you can use in your custom responses,
+-- see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html Supported status codes for custom response>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+newCustomResponse ::
+  -- | 'responseCode'
+  Prelude.Natural ->
+  CustomResponse
+newCustomResponse pResponseCode_ =
+  CustomResponse'
+    { customResponseBodyKey =
+        Prelude.Nothing,
+      responseHeaders = Prelude.Nothing,
+      responseCode = pResponseCode_
+    }
+
+-- | References the response body that you want WAF to return to the web
+-- request client. You can define a custom response for a rule action or a
+-- default web ACL action that is set to block. To do this, you first
+-- define the response body key and value in the @CustomResponseBodies@
+-- setting for the WebACL or RuleGroup where you want to use it. Then, in
+-- the rule action or web ACL default action @BlockAction@ setting, you
+-- reference the response body using this key.
+customResponse_customResponseBodyKey :: Lens.Lens' CustomResponse (Prelude.Maybe Prelude.Text)
+customResponse_customResponseBodyKey = Lens.lens (\CustomResponse' {customResponseBodyKey} -> customResponseBodyKey) (\s@CustomResponse' {} a -> s {customResponseBodyKey = a} :: CustomResponse)
+
+-- | The HTTP headers to use in the response. Duplicate header names are not
+-- allowed.
+--
+-- For information about the limits on count and size for custom request
+-- and response settings, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+customResponse_responseHeaders :: Lens.Lens' CustomResponse (Prelude.Maybe (Prelude.NonEmpty CustomHTTPHeader))
+customResponse_responseHeaders = Lens.lens (\CustomResponse' {responseHeaders} -> responseHeaders) (\s@CustomResponse' {} a -> s {responseHeaders = a} :: CustomResponse) Prelude.. Lens.mapping Lens.coerced
+
+-- | The HTTP status code to return to the client.
+--
+-- For a list of status codes that you can use in your custom responses,
+-- see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-response-status-codes.html Supported status codes for custom response>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+customResponse_responseCode :: Lens.Lens' CustomResponse Prelude.Natural
+customResponse_responseCode = Lens.lens (\CustomResponse' {responseCode} -> responseCode) (\s@CustomResponse' {} a -> s {responseCode = a} :: CustomResponse)
+
+instance Data.FromJSON CustomResponse where
+  parseJSON =
+    Data.withObject
+      "CustomResponse"
+      ( \x ->
+          CustomResponse'
+            Prelude.<$> (x Data..:? "CustomResponseBodyKey")
+            Prelude.<*> (x Data..:? "ResponseHeaders")
+            Prelude.<*> (x Data..: "ResponseCode")
+      )
+
+instance Prelude.Hashable CustomResponse where
+  hashWithSalt _salt CustomResponse' {..} =
+    _salt
+      `Prelude.hashWithSalt` customResponseBodyKey
+      `Prelude.hashWithSalt` responseHeaders
+      `Prelude.hashWithSalt` responseCode
+
+instance Prelude.NFData CustomResponse where
+  rnf CustomResponse' {..} =
+    Prelude.rnf customResponseBodyKey
+      `Prelude.seq` Prelude.rnf responseHeaders
+      `Prelude.seq` Prelude.rnf responseCode
+
+instance Data.ToJSON CustomResponse where
+  toJSON CustomResponse' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CustomResponseBodyKey" Data..=)
+              Prelude.<$> customResponseBodyKey,
+            ("ResponseHeaders" Data..=)
+              Prelude.<$> responseHeaders,
+            Prelude.Just ("ResponseCode" Data..= responseCode)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/CustomResponseBody.hs b/gen/Amazonka/WAFV2/Types/CustomResponseBody.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/CustomResponseBody.hs
@@ -0,0 +1,129 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.CustomResponseBody
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.CustomResponseBody where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.ResponseContentType
+
+-- | The response body to use in a custom response to a web request. This is
+-- referenced by key from CustomResponse @CustomResponseBodyKey@.
+--
+-- /See:/ 'newCustomResponseBody' smart constructor.
+data CustomResponseBody = CustomResponseBody'
+  { -- | The type of content in the payload that you are defining in the
+    -- @Content@ string.
+    contentType :: ResponseContentType,
+    -- | The payload of the custom response.
+    --
+    -- You can use JSON escape strings in JSON content. To do this, you must
+    -- specify JSON content in the @ContentType@ setting.
+    --
+    -- For information about the limits on count and size for custom request
+    -- and response settings, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+    -- in the
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+    content :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'CustomResponseBody' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'contentType', 'customResponseBody_contentType' - The type of content in the payload that you are defining in the
+-- @Content@ string.
+--
+-- 'content', 'customResponseBody_content' - The payload of the custom response.
+--
+-- You can use JSON escape strings in JSON content. To do this, you must
+-- specify JSON content in the @ContentType@ setting.
+--
+-- For information about the limits on count and size for custom request
+-- and response settings, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+newCustomResponseBody ::
+  -- | 'contentType'
+  ResponseContentType ->
+  -- | 'content'
+  Prelude.Text ->
+  CustomResponseBody
+newCustomResponseBody pContentType_ pContent_ =
+  CustomResponseBody'
+    { contentType = pContentType_,
+      content = pContent_
+    }
+
+-- | The type of content in the payload that you are defining in the
+-- @Content@ string.
+customResponseBody_contentType :: Lens.Lens' CustomResponseBody ResponseContentType
+customResponseBody_contentType = Lens.lens (\CustomResponseBody' {contentType} -> contentType) (\s@CustomResponseBody' {} a -> s {contentType = a} :: CustomResponseBody)
+
+-- | The payload of the custom response.
+--
+-- You can use JSON escape strings in JSON content. To do this, you must
+-- specify JSON content in the @ContentType@ setting.
+--
+-- For information about the limits on count and size for custom request
+-- and response settings, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+customResponseBody_content :: Lens.Lens' CustomResponseBody Prelude.Text
+customResponseBody_content = Lens.lens (\CustomResponseBody' {content} -> content) (\s@CustomResponseBody' {} a -> s {content = a} :: CustomResponseBody)
+
+instance Data.FromJSON CustomResponseBody where
+  parseJSON =
+    Data.withObject
+      "CustomResponseBody"
+      ( \x ->
+          CustomResponseBody'
+            Prelude.<$> (x Data..: "ContentType")
+            Prelude.<*> (x Data..: "Content")
+      )
+
+instance Prelude.Hashable CustomResponseBody where
+  hashWithSalt _salt CustomResponseBody' {..} =
+    _salt
+      `Prelude.hashWithSalt` contentType
+      `Prelude.hashWithSalt` content
+
+instance Prelude.NFData CustomResponseBody where
+  rnf CustomResponseBody' {..} =
+    Prelude.rnf contentType
+      `Prelude.seq` Prelude.rnf content
+
+instance Data.ToJSON CustomResponseBody where
+  toJSON CustomResponseBody' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("ContentType" Data..= contentType),
+            Prelude.Just ("Content" Data..= content)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/DefaultAction.hs b/gen/Amazonka/WAFV2/Types/DefaultAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/DefaultAction.hs
@@ -0,0 +1,96 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.DefaultAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.DefaultAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.AllowAction
+import Amazonka.WAFV2.Types.BlockAction
+
+-- | In a WebACL, this is the action that you want WAF to perform when a web
+-- request doesn\'t match any of the rules in the @WebACL@. The default
+-- action must be a terminating action.
+--
+-- /See:/ 'newDefaultAction' smart constructor.
+data DefaultAction = DefaultAction'
+  { -- | Specifies that WAF should allow requests by default.
+    allow :: Prelude.Maybe AllowAction,
+    -- | Specifies that WAF should block requests by default.
+    block :: Prelude.Maybe BlockAction
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'DefaultAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'allow', 'defaultAction_allow' - Specifies that WAF should allow requests by default.
+--
+-- 'block', 'defaultAction_block' - Specifies that WAF should block requests by default.
+newDefaultAction ::
+  DefaultAction
+newDefaultAction =
+  DefaultAction'
+    { allow = Prelude.Nothing,
+      block = Prelude.Nothing
+    }
+
+-- | Specifies that WAF should allow requests by default.
+defaultAction_allow :: Lens.Lens' DefaultAction (Prelude.Maybe AllowAction)
+defaultAction_allow = Lens.lens (\DefaultAction' {allow} -> allow) (\s@DefaultAction' {} a -> s {allow = a} :: DefaultAction)
+
+-- | Specifies that WAF should block requests by default.
+defaultAction_block :: Lens.Lens' DefaultAction (Prelude.Maybe BlockAction)
+defaultAction_block = Lens.lens (\DefaultAction' {block} -> block) (\s@DefaultAction' {} a -> s {block = a} :: DefaultAction)
+
+instance Data.FromJSON DefaultAction where
+  parseJSON =
+    Data.withObject
+      "DefaultAction"
+      ( \x ->
+          DefaultAction'
+            Prelude.<$> (x Data..:? "Allow")
+            Prelude.<*> (x Data..:? "Block")
+      )
+
+instance Prelude.Hashable DefaultAction where
+  hashWithSalt _salt DefaultAction' {..} =
+    _salt
+      `Prelude.hashWithSalt` allow
+      `Prelude.hashWithSalt` block
+
+instance Prelude.NFData DefaultAction where
+  rnf DefaultAction' {..} =
+    Prelude.rnf allow `Prelude.seq` Prelude.rnf block
+
+instance Data.ToJSON DefaultAction where
+  toJSON DefaultAction' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Allow" Data..=) Prelude.<$> allow,
+            ("Block" Data..=) Prelude.<$> block
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/ExcludedRule.hs b/gen/Amazonka/WAFV2/Types/ExcludedRule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/ExcludedRule.hs
@@ -0,0 +1,77 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.ExcludedRule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.ExcludedRule where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Specifies a single rule in a rule group whose action you want to
+-- override to @Count@.
+--
+-- Instead of this option, use @RuleActionOverrides@. It accepts any valid
+-- action setting, including @Count@.
+--
+-- /See:/ 'newExcludedRule' smart constructor.
+data ExcludedRule = ExcludedRule'
+  { -- | The name of the rule whose action you want to override to @Count@.
+    name :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ExcludedRule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'excludedRule_name' - The name of the rule whose action you want to override to @Count@.
+newExcludedRule ::
+  -- | 'name'
+  Prelude.Text ->
+  ExcludedRule
+newExcludedRule pName_ = ExcludedRule' {name = pName_}
+
+-- | The name of the rule whose action you want to override to @Count@.
+excludedRule_name :: Lens.Lens' ExcludedRule Prelude.Text
+excludedRule_name = Lens.lens (\ExcludedRule' {name} -> name) (\s@ExcludedRule' {} a -> s {name = a} :: ExcludedRule)
+
+instance Data.FromJSON ExcludedRule where
+  parseJSON =
+    Data.withObject
+      "ExcludedRule"
+      (\x -> ExcludedRule' Prelude.<$> (x Data..: "Name"))
+
+instance Prelude.Hashable ExcludedRule where
+  hashWithSalt _salt ExcludedRule' {..} =
+    _salt `Prelude.hashWithSalt` name
+
+instance Prelude.NFData ExcludedRule where
+  rnf ExcludedRule' {..} = Prelude.rnf name
+
+instance Data.ToJSON ExcludedRule where
+  toJSON ExcludedRule' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("Name" Data..= name)]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/FailureReason.hs b/gen/Amazonka/WAFV2/Types/FailureReason.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/FailureReason.hs
@@ -0,0 +1,81 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.FailureReason
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.FailureReason
+  ( FailureReason
+      ( ..,
+        FailureReason_TOKEN_DOMAIN_MISMATCH,
+        FailureReason_TOKEN_EXPIRED,
+        FailureReason_TOKEN_INVALID,
+        FailureReason_TOKEN_MISSING
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype FailureReason = FailureReason'
+  { fromFailureReason ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern FailureReason_TOKEN_DOMAIN_MISMATCH :: FailureReason
+pattern FailureReason_TOKEN_DOMAIN_MISMATCH = FailureReason' "TOKEN_DOMAIN_MISMATCH"
+
+pattern FailureReason_TOKEN_EXPIRED :: FailureReason
+pattern FailureReason_TOKEN_EXPIRED = FailureReason' "TOKEN_EXPIRED"
+
+pattern FailureReason_TOKEN_INVALID :: FailureReason
+pattern FailureReason_TOKEN_INVALID = FailureReason' "TOKEN_INVALID"
+
+pattern FailureReason_TOKEN_MISSING :: FailureReason
+pattern FailureReason_TOKEN_MISSING = FailureReason' "TOKEN_MISSING"
+
+{-# COMPLETE
+  FailureReason_TOKEN_DOMAIN_MISMATCH,
+  FailureReason_TOKEN_EXPIRED,
+  FailureReason_TOKEN_INVALID,
+  FailureReason_TOKEN_MISSING,
+  FailureReason'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/FallbackBehavior.hs b/gen/Amazonka/WAFV2/Types/FallbackBehavior.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/FallbackBehavior.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.FallbackBehavior
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.FallbackBehavior
+  ( FallbackBehavior
+      ( ..,
+        FallbackBehavior_MATCH,
+        FallbackBehavior_NO_MATCH
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype FallbackBehavior = FallbackBehavior'
+  { fromFallbackBehavior ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern FallbackBehavior_MATCH :: FallbackBehavior
+pattern FallbackBehavior_MATCH = FallbackBehavior' "MATCH"
+
+pattern FallbackBehavior_NO_MATCH :: FallbackBehavior
+pattern FallbackBehavior_NO_MATCH = FallbackBehavior' "NO_MATCH"
+
+{-# COMPLETE
+  FallbackBehavior_MATCH,
+  FallbackBehavior_NO_MATCH,
+  FallbackBehavior'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/FieldToMatch.hs b/gen/Amazonka/WAFV2/Types/FieldToMatch.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/FieldToMatch.hs
@@ -0,0 +1,363 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.FieldToMatch
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.FieldToMatch where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.AllQueryArguments
+import Amazonka.WAFV2.Types.Body
+import Amazonka.WAFV2.Types.Cookies
+import Amazonka.WAFV2.Types.Headers
+import Amazonka.WAFV2.Types.JsonBody
+import Amazonka.WAFV2.Types.Method
+import Amazonka.WAFV2.Types.QueryString
+import Amazonka.WAFV2.Types.SingleHeader
+import Amazonka.WAFV2.Types.SingleQueryArgument
+import Amazonka.WAFV2.Types.UriPath
+
+-- | The part of the web request that you want WAF to inspect. Include the
+-- single @FieldToMatch@ type that you want to inspect, with additional
+-- specifications as needed, according to the type. You specify a single
+-- request component in @FieldToMatch@ for each rule statement that
+-- requires it. To inspect more than one component of the web request,
+-- create a separate rule statement for each component.
+--
+-- Example JSON for a @QueryString@ field to match:
+--
+-- @ \"FieldToMatch\": { \"QueryString\": {} }@
+--
+-- Example JSON for a @Method@ field to match specification:
+--
+-- @ \"FieldToMatch\": { \"Method\": { \"Name\": \"DELETE\" } }@
+--
+-- /See:/ 'newFieldToMatch' smart constructor.
+data FieldToMatch = FieldToMatch'
+  { -- | Inspect all query arguments.
+    allQueryArguments :: Prelude.Maybe AllQueryArguments,
+    -- | Inspect the request body as plain text. The request body immediately
+    -- follows the request headers. This is the part of a request that contains
+    -- any additional data that you want to send to your web server as the HTTP
+    -- request body, such as data from a form.
+    --
+    -- Only the first 8 KB (8192 bytes) of the request body are forwarded to
+    -- WAF for inspection by the underlying host service. For information about
+    -- how to handle oversized request bodies, see the @Body@ object
+    -- configuration.
+    body :: Prelude.Maybe Body,
+    -- | Inspect the request cookies. You must configure scope and pattern
+    -- matching filters in the @Cookies@ object, to define the set of cookies
+    -- and the parts of the cookies that WAF inspects.
+    --
+    -- Only the first 8 KB (8192 bytes) of a request\'s cookies and only the
+    -- first 200 cookies are forwarded to WAF for inspection by the underlying
+    -- host service. You must configure how to handle any oversize cookie
+    -- content in the @Cookies@ object. WAF applies the pattern matching
+    -- filters to the cookies that it receives from the underlying host
+    -- service.
+    cookies :: Prelude.Maybe Cookies,
+    -- | Inspect the request headers. You must configure scope and pattern
+    -- matching filters in the @Headers@ object, to define the set of headers
+    -- to and the parts of the headers that WAF inspects.
+    --
+    -- Only the first 8 KB (8192 bytes) of a request\'s headers and only the
+    -- first 200 headers are forwarded to WAF for inspection by the underlying
+    -- host service. You must configure how to handle any oversize header
+    -- content in the @Headers@ object. WAF applies the pattern matching
+    -- filters to the headers that it receives from the underlying host
+    -- service.
+    headers :: Prelude.Maybe Headers,
+    -- | Inspect the request body as JSON. The request body immediately follows
+    -- the request headers. This is the part of a request that contains any
+    -- additional data that you want to send to your web server as the HTTP
+    -- request body, such as data from a form.
+    --
+    -- Only the first 8 KB (8192 bytes) of the request body are forwarded to
+    -- WAF for inspection by the underlying host service. For information about
+    -- how to handle oversized request bodies, see the @JsonBody@ object
+    -- configuration.
+    jsonBody :: Prelude.Maybe JsonBody,
+    -- | Inspect the HTTP method. The method indicates the type of operation that
+    -- the request is asking the origin to perform.
+    method :: Prelude.Maybe Method,
+    -- | Inspect the query string. This is the part of a URL that appears after a
+    -- @?@ character, if any.
+    queryString :: Prelude.Maybe QueryString,
+    -- | Inspect a single header. Provide the name of the header to inspect, for
+    -- example, @User-Agent@ or @Referer@. This setting isn\'t case sensitive.
+    --
+    -- Example JSON: @\"SingleHeader\": { \"Name\": \"haystack\" }@
+    --
+    -- Alternately, you can filter and inspect all headers with the @Headers@
+    -- @FieldToMatch@ setting.
+    singleHeader :: Prelude.Maybe SingleHeader,
+    -- | Inspect a single query argument. Provide the name of the query argument
+    -- to inspect, such as /UserName/ or /SalesRegion/. The name can be up to
+    -- 30 characters long and isn\'t case sensitive.
+    --
+    -- Example JSON: @\"SingleQueryArgument\": { \"Name\": \"myArgument\" }@
+    singleQueryArgument :: Prelude.Maybe SingleQueryArgument,
+    -- | Inspect the request URI path. This is the part of the web request that
+    -- identifies a resource, for example, @\/images\/daily-ad.jpg@.
+    uriPath :: Prelude.Maybe UriPath
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FieldToMatch' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'allQueryArguments', 'fieldToMatch_allQueryArguments' - Inspect all query arguments.
+--
+-- 'body', 'fieldToMatch_body' - Inspect the request body as plain text. The request body immediately
+-- follows the request headers. This is the part of a request that contains
+-- any additional data that you want to send to your web server as the HTTP
+-- request body, such as data from a form.
+--
+-- Only the first 8 KB (8192 bytes) of the request body are forwarded to
+-- WAF for inspection by the underlying host service. For information about
+-- how to handle oversized request bodies, see the @Body@ object
+-- configuration.
+--
+-- 'cookies', 'fieldToMatch_cookies' - Inspect the request cookies. You must configure scope and pattern
+-- matching filters in the @Cookies@ object, to define the set of cookies
+-- and the parts of the cookies that WAF inspects.
+--
+-- Only the first 8 KB (8192 bytes) of a request\'s cookies and only the
+-- first 200 cookies are forwarded to WAF for inspection by the underlying
+-- host service. You must configure how to handle any oversize cookie
+-- content in the @Cookies@ object. WAF applies the pattern matching
+-- filters to the cookies that it receives from the underlying host
+-- service.
+--
+-- 'headers', 'fieldToMatch_headers' - Inspect the request headers. You must configure scope and pattern
+-- matching filters in the @Headers@ object, to define the set of headers
+-- to and the parts of the headers that WAF inspects.
+--
+-- Only the first 8 KB (8192 bytes) of a request\'s headers and only the
+-- first 200 headers are forwarded to WAF for inspection by the underlying
+-- host service. You must configure how to handle any oversize header
+-- content in the @Headers@ object. WAF applies the pattern matching
+-- filters to the headers that it receives from the underlying host
+-- service.
+--
+-- 'jsonBody', 'fieldToMatch_jsonBody' - Inspect the request body as JSON. The request body immediately follows
+-- the request headers. This is the part of a request that contains any
+-- additional data that you want to send to your web server as the HTTP
+-- request body, such as data from a form.
+--
+-- Only the first 8 KB (8192 bytes) of the request body are forwarded to
+-- WAF for inspection by the underlying host service. For information about
+-- how to handle oversized request bodies, see the @JsonBody@ object
+-- configuration.
+--
+-- 'method', 'fieldToMatch_method' - Inspect the HTTP method. The method indicates the type of operation that
+-- the request is asking the origin to perform.
+--
+-- 'queryString', 'fieldToMatch_queryString' - Inspect the query string. This is the part of a URL that appears after a
+-- @?@ character, if any.
+--
+-- 'singleHeader', 'fieldToMatch_singleHeader' - Inspect a single header. Provide the name of the header to inspect, for
+-- example, @User-Agent@ or @Referer@. This setting isn\'t case sensitive.
+--
+-- Example JSON: @\"SingleHeader\": { \"Name\": \"haystack\" }@
+--
+-- Alternately, you can filter and inspect all headers with the @Headers@
+-- @FieldToMatch@ setting.
+--
+-- 'singleQueryArgument', 'fieldToMatch_singleQueryArgument' - Inspect a single query argument. Provide the name of the query argument
+-- to inspect, such as /UserName/ or /SalesRegion/. The name can be up to
+-- 30 characters long and isn\'t case sensitive.
+--
+-- Example JSON: @\"SingleQueryArgument\": { \"Name\": \"myArgument\" }@
+--
+-- 'uriPath', 'fieldToMatch_uriPath' - Inspect the request URI path. This is the part of the web request that
+-- identifies a resource, for example, @\/images\/daily-ad.jpg@.
+newFieldToMatch ::
+  FieldToMatch
+newFieldToMatch =
+  FieldToMatch'
+    { allQueryArguments = Prelude.Nothing,
+      body = Prelude.Nothing,
+      cookies = Prelude.Nothing,
+      headers = Prelude.Nothing,
+      jsonBody = Prelude.Nothing,
+      method = Prelude.Nothing,
+      queryString = Prelude.Nothing,
+      singleHeader = Prelude.Nothing,
+      singleQueryArgument = Prelude.Nothing,
+      uriPath = Prelude.Nothing
+    }
+
+-- | Inspect all query arguments.
+fieldToMatch_allQueryArguments :: Lens.Lens' FieldToMatch (Prelude.Maybe AllQueryArguments)
+fieldToMatch_allQueryArguments = Lens.lens (\FieldToMatch' {allQueryArguments} -> allQueryArguments) (\s@FieldToMatch' {} a -> s {allQueryArguments = a} :: FieldToMatch)
+
+-- | Inspect the request body as plain text. The request body immediately
+-- follows the request headers. This is the part of a request that contains
+-- any additional data that you want to send to your web server as the HTTP
+-- request body, such as data from a form.
+--
+-- Only the first 8 KB (8192 bytes) of the request body are forwarded to
+-- WAF for inspection by the underlying host service. For information about
+-- how to handle oversized request bodies, see the @Body@ object
+-- configuration.
+fieldToMatch_body :: Lens.Lens' FieldToMatch (Prelude.Maybe Body)
+fieldToMatch_body = Lens.lens (\FieldToMatch' {body} -> body) (\s@FieldToMatch' {} a -> s {body = a} :: FieldToMatch)
+
+-- | Inspect the request cookies. You must configure scope and pattern
+-- matching filters in the @Cookies@ object, to define the set of cookies
+-- and the parts of the cookies that WAF inspects.
+--
+-- Only the first 8 KB (8192 bytes) of a request\'s cookies and only the
+-- first 200 cookies are forwarded to WAF for inspection by the underlying
+-- host service. You must configure how to handle any oversize cookie
+-- content in the @Cookies@ object. WAF applies the pattern matching
+-- filters to the cookies that it receives from the underlying host
+-- service.
+fieldToMatch_cookies :: Lens.Lens' FieldToMatch (Prelude.Maybe Cookies)
+fieldToMatch_cookies = Lens.lens (\FieldToMatch' {cookies} -> cookies) (\s@FieldToMatch' {} a -> s {cookies = a} :: FieldToMatch)
+
+-- | Inspect the request headers. You must configure scope and pattern
+-- matching filters in the @Headers@ object, to define the set of headers
+-- to and the parts of the headers that WAF inspects.
+--
+-- Only the first 8 KB (8192 bytes) of a request\'s headers and only the
+-- first 200 headers are forwarded to WAF for inspection by the underlying
+-- host service. You must configure how to handle any oversize header
+-- content in the @Headers@ object. WAF applies the pattern matching
+-- filters to the headers that it receives from the underlying host
+-- service.
+fieldToMatch_headers :: Lens.Lens' FieldToMatch (Prelude.Maybe Headers)
+fieldToMatch_headers = Lens.lens (\FieldToMatch' {headers} -> headers) (\s@FieldToMatch' {} a -> s {headers = a} :: FieldToMatch)
+
+-- | Inspect the request body as JSON. The request body immediately follows
+-- the request headers. This is the part of a request that contains any
+-- additional data that you want to send to your web server as the HTTP
+-- request body, such as data from a form.
+--
+-- Only the first 8 KB (8192 bytes) of the request body are forwarded to
+-- WAF for inspection by the underlying host service. For information about
+-- how to handle oversized request bodies, see the @JsonBody@ object
+-- configuration.
+fieldToMatch_jsonBody :: Lens.Lens' FieldToMatch (Prelude.Maybe JsonBody)
+fieldToMatch_jsonBody = Lens.lens (\FieldToMatch' {jsonBody} -> jsonBody) (\s@FieldToMatch' {} a -> s {jsonBody = a} :: FieldToMatch)
+
+-- | Inspect the HTTP method. The method indicates the type of operation that
+-- the request is asking the origin to perform.
+fieldToMatch_method :: Lens.Lens' FieldToMatch (Prelude.Maybe Method)
+fieldToMatch_method = Lens.lens (\FieldToMatch' {method} -> method) (\s@FieldToMatch' {} a -> s {method = a} :: FieldToMatch)
+
+-- | Inspect the query string. This is the part of a URL that appears after a
+-- @?@ character, if any.
+fieldToMatch_queryString :: Lens.Lens' FieldToMatch (Prelude.Maybe QueryString)
+fieldToMatch_queryString = Lens.lens (\FieldToMatch' {queryString} -> queryString) (\s@FieldToMatch' {} a -> s {queryString = a} :: FieldToMatch)
+
+-- | Inspect a single header. Provide the name of the header to inspect, for
+-- example, @User-Agent@ or @Referer@. This setting isn\'t case sensitive.
+--
+-- Example JSON: @\"SingleHeader\": { \"Name\": \"haystack\" }@
+--
+-- Alternately, you can filter and inspect all headers with the @Headers@
+-- @FieldToMatch@ setting.
+fieldToMatch_singleHeader :: Lens.Lens' FieldToMatch (Prelude.Maybe SingleHeader)
+fieldToMatch_singleHeader = Lens.lens (\FieldToMatch' {singleHeader} -> singleHeader) (\s@FieldToMatch' {} a -> s {singleHeader = a} :: FieldToMatch)
+
+-- | Inspect a single query argument. Provide the name of the query argument
+-- to inspect, such as /UserName/ or /SalesRegion/. The name can be up to
+-- 30 characters long and isn\'t case sensitive.
+--
+-- Example JSON: @\"SingleQueryArgument\": { \"Name\": \"myArgument\" }@
+fieldToMatch_singleQueryArgument :: Lens.Lens' FieldToMatch (Prelude.Maybe SingleQueryArgument)
+fieldToMatch_singleQueryArgument = Lens.lens (\FieldToMatch' {singleQueryArgument} -> singleQueryArgument) (\s@FieldToMatch' {} a -> s {singleQueryArgument = a} :: FieldToMatch)
+
+-- | Inspect the request URI path. This is the part of the web request that
+-- identifies a resource, for example, @\/images\/daily-ad.jpg@.
+fieldToMatch_uriPath :: Lens.Lens' FieldToMatch (Prelude.Maybe UriPath)
+fieldToMatch_uriPath = Lens.lens (\FieldToMatch' {uriPath} -> uriPath) (\s@FieldToMatch' {} a -> s {uriPath = a} :: FieldToMatch)
+
+instance Data.FromJSON FieldToMatch where
+  parseJSON =
+    Data.withObject
+      "FieldToMatch"
+      ( \x ->
+          FieldToMatch'
+            Prelude.<$> (x Data..:? "AllQueryArguments")
+            Prelude.<*> (x Data..:? "Body")
+            Prelude.<*> (x Data..:? "Cookies")
+            Prelude.<*> (x Data..:? "Headers")
+            Prelude.<*> (x Data..:? "JsonBody")
+            Prelude.<*> (x Data..:? "Method")
+            Prelude.<*> (x Data..:? "QueryString")
+            Prelude.<*> (x Data..:? "SingleHeader")
+            Prelude.<*> (x Data..:? "SingleQueryArgument")
+            Prelude.<*> (x Data..:? "UriPath")
+      )
+
+instance Prelude.Hashable FieldToMatch where
+  hashWithSalt _salt FieldToMatch' {..} =
+    _salt
+      `Prelude.hashWithSalt` allQueryArguments
+      `Prelude.hashWithSalt` body
+      `Prelude.hashWithSalt` cookies
+      `Prelude.hashWithSalt` headers
+      `Prelude.hashWithSalt` jsonBody
+      `Prelude.hashWithSalt` method
+      `Prelude.hashWithSalt` queryString
+      `Prelude.hashWithSalt` singleHeader
+      `Prelude.hashWithSalt` singleQueryArgument
+      `Prelude.hashWithSalt` uriPath
+
+instance Prelude.NFData FieldToMatch where
+  rnf FieldToMatch' {..} =
+    Prelude.rnf allQueryArguments
+      `Prelude.seq` Prelude.rnf body
+      `Prelude.seq` Prelude.rnf cookies
+      `Prelude.seq` Prelude.rnf headers
+      `Prelude.seq` Prelude.rnf jsonBody
+      `Prelude.seq` Prelude.rnf method
+      `Prelude.seq` Prelude.rnf queryString
+      `Prelude.seq` Prelude.rnf singleHeader
+      `Prelude.seq` Prelude.rnf singleQueryArgument
+      `Prelude.seq` Prelude.rnf uriPath
+
+instance Data.ToJSON FieldToMatch where
+  toJSON FieldToMatch' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AllQueryArguments" Data..=)
+              Prelude.<$> allQueryArguments,
+            ("Body" Data..=) Prelude.<$> body,
+            ("Cookies" Data..=) Prelude.<$> cookies,
+            ("Headers" Data..=) Prelude.<$> headers,
+            ("JsonBody" Data..=) Prelude.<$> jsonBody,
+            ("Method" Data..=) Prelude.<$> method,
+            ("QueryString" Data..=) Prelude.<$> queryString,
+            ("SingleHeader" Data..=) Prelude.<$> singleHeader,
+            ("SingleQueryArgument" Data..=)
+              Prelude.<$> singleQueryArgument,
+            ("UriPath" Data..=) Prelude.<$> uriPath
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/Filter.hs b/gen/Amazonka/WAFV2/Types/Filter.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/Filter.hs
@@ -0,0 +1,124 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.Filter
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.Filter where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.Condition
+import Amazonka.WAFV2.Types.FilterBehavior
+import Amazonka.WAFV2.Types.FilterRequirement
+
+-- | A single logging filter, used in LoggingFilter.
+--
+-- /See:/ 'newFilter' smart constructor.
+data Filter = Filter'
+  { -- | How to handle logs that satisfy the filter\'s conditions and
+    -- requirement.
+    behavior :: FilterBehavior,
+    -- | Logic to apply to the filtering conditions. You can specify that, in
+    -- order to satisfy the filter, a log must match all conditions or must
+    -- match at least one condition.
+    requirement :: FilterRequirement,
+    -- | Match conditions for the filter.
+    conditions :: Prelude.NonEmpty Condition
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Filter' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'behavior', 'filter_behavior' - How to handle logs that satisfy the filter\'s conditions and
+-- requirement.
+--
+-- 'requirement', 'filter_requirement' - Logic to apply to the filtering conditions. You can specify that, in
+-- order to satisfy the filter, a log must match all conditions or must
+-- match at least one condition.
+--
+-- 'conditions', 'filter_conditions' - Match conditions for the filter.
+newFilter ::
+  -- | 'behavior'
+  FilterBehavior ->
+  -- | 'requirement'
+  FilterRequirement ->
+  -- | 'conditions'
+  Prelude.NonEmpty Condition ->
+  Filter
+newFilter pBehavior_ pRequirement_ pConditions_ =
+  Filter'
+    { behavior = pBehavior_,
+      requirement = pRequirement_,
+      conditions = Lens.coerced Lens.# pConditions_
+    }
+
+-- | How to handle logs that satisfy the filter\'s conditions and
+-- requirement.
+filter_behavior :: Lens.Lens' Filter FilterBehavior
+filter_behavior = Lens.lens (\Filter' {behavior} -> behavior) (\s@Filter' {} a -> s {behavior = a} :: Filter)
+
+-- | Logic to apply to the filtering conditions. You can specify that, in
+-- order to satisfy the filter, a log must match all conditions or must
+-- match at least one condition.
+filter_requirement :: Lens.Lens' Filter FilterRequirement
+filter_requirement = Lens.lens (\Filter' {requirement} -> requirement) (\s@Filter' {} a -> s {requirement = a} :: Filter)
+
+-- | Match conditions for the filter.
+filter_conditions :: Lens.Lens' Filter (Prelude.NonEmpty Condition)
+filter_conditions = Lens.lens (\Filter' {conditions} -> conditions) (\s@Filter' {} a -> s {conditions = a} :: Filter) Prelude.. Lens.coerced
+
+instance Data.FromJSON Filter where
+  parseJSON =
+    Data.withObject
+      "Filter"
+      ( \x ->
+          Filter'
+            Prelude.<$> (x Data..: "Behavior")
+            Prelude.<*> (x Data..: "Requirement")
+            Prelude.<*> (x Data..: "Conditions")
+      )
+
+instance Prelude.Hashable Filter where
+  hashWithSalt _salt Filter' {..} =
+    _salt
+      `Prelude.hashWithSalt` behavior
+      `Prelude.hashWithSalt` requirement
+      `Prelude.hashWithSalt` conditions
+
+instance Prelude.NFData Filter where
+  rnf Filter' {..} =
+    Prelude.rnf behavior
+      `Prelude.seq` Prelude.rnf requirement
+      `Prelude.seq` Prelude.rnf conditions
+
+instance Data.ToJSON Filter where
+  toJSON Filter' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Behavior" Data..= behavior),
+            Prelude.Just ("Requirement" Data..= requirement),
+            Prelude.Just ("Conditions" Data..= conditions)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/FilterBehavior.hs b/gen/Amazonka/WAFV2/Types/FilterBehavior.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/FilterBehavior.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.FilterBehavior
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.FilterBehavior
+  ( FilterBehavior
+      ( ..,
+        FilterBehavior_DROP,
+        FilterBehavior_KEEP
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype FilterBehavior = FilterBehavior'
+  { fromFilterBehavior ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern FilterBehavior_DROP :: FilterBehavior
+pattern FilterBehavior_DROP = FilterBehavior' "DROP"
+
+pattern FilterBehavior_KEEP :: FilterBehavior
+pattern FilterBehavior_KEEP = FilterBehavior' "KEEP"
+
+{-# COMPLETE
+  FilterBehavior_DROP,
+  FilterBehavior_KEEP,
+  FilterBehavior'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/FilterRequirement.hs b/gen/Amazonka/WAFV2/Types/FilterRequirement.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/FilterRequirement.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.FilterRequirement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.FilterRequirement
+  ( FilterRequirement
+      ( ..,
+        FilterRequirement_MEETS_ALL,
+        FilterRequirement_MEETS_ANY
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype FilterRequirement = FilterRequirement'
+  { fromFilterRequirement ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern FilterRequirement_MEETS_ALL :: FilterRequirement
+pattern FilterRequirement_MEETS_ALL = FilterRequirement' "MEETS_ALL"
+
+pattern FilterRequirement_MEETS_ANY :: FilterRequirement
+pattern FilterRequirement_MEETS_ANY = FilterRequirement' "MEETS_ANY"
+
+{-# COMPLETE
+  FilterRequirement_MEETS_ALL,
+  FilterRequirement_MEETS_ANY,
+  FilterRequirement'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/FirewallManagerRuleGroup.hs b/gen/Amazonka/WAFV2/Types/FirewallManagerRuleGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/FirewallManagerRuleGroup.hs
@@ -0,0 +1,193 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.FirewallManagerRuleGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.FirewallManagerRuleGroup where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.FirewallManagerStatement
+import Amazonka.WAFV2.Types.OverrideAction
+import Amazonka.WAFV2.Types.VisibilityConfig
+
+-- | A rule group that\'s defined for an Firewall Manager WAF policy.
+--
+-- /See:/ 'newFirewallManagerRuleGroup' smart constructor.
+data FirewallManagerRuleGroup = FirewallManagerRuleGroup'
+  { -- | The name of the rule group. You cannot change the name of a rule group
+    -- after you create it.
+    name :: Prelude.Text,
+    -- | If you define more than one rule group in the first or last Firewall
+    -- Manager rule groups, WAF evaluates each request against the rule groups
+    -- in order, starting from the lowest priority setting. The priorities
+    -- don\'t need to be consecutive, but they must all be different.
+    priority :: Prelude.Natural,
+    -- | The processing guidance for an Firewall Manager rule. This is like a
+    -- regular rule Statement, but it can only contain a rule group reference.
+    firewallManagerStatement :: FirewallManagerStatement,
+    -- | The action to use in the place of the action that results from the rule
+    -- group evaluation. Set the override action to none to leave the result of
+    -- the rule group alone. Set it to count to override the result to count
+    -- only.
+    --
+    -- You can only use this for rule statements that reference a rule group,
+    -- like @RuleGroupReferenceStatement@ and @ManagedRuleGroupStatement@.
+    --
+    -- This option is usually set to none. It does not affect how the rules in
+    -- the rule group are evaluated. If you want the rules in the rule group to
+    -- only count matches, do not use this and instead use the rule action
+    -- override option, with @Count@ action, in your rule group reference
+    -- statement settings.
+    overrideAction :: OverrideAction,
+    -- | Defines and enables Amazon CloudWatch metrics and web request sample
+    -- collection.
+    visibilityConfig :: VisibilityConfig
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FirewallManagerRuleGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'firewallManagerRuleGroup_name' - The name of the rule group. You cannot change the name of a rule group
+-- after you create it.
+--
+-- 'priority', 'firewallManagerRuleGroup_priority' - If you define more than one rule group in the first or last Firewall
+-- Manager rule groups, WAF evaluates each request against the rule groups
+-- in order, starting from the lowest priority setting. The priorities
+-- don\'t need to be consecutive, but they must all be different.
+--
+-- 'firewallManagerStatement', 'firewallManagerRuleGroup_firewallManagerStatement' - The processing guidance for an Firewall Manager rule. This is like a
+-- regular rule Statement, but it can only contain a rule group reference.
+--
+-- 'overrideAction', 'firewallManagerRuleGroup_overrideAction' - The action to use in the place of the action that results from the rule
+-- group evaluation. Set the override action to none to leave the result of
+-- the rule group alone. Set it to count to override the result to count
+-- only.
+--
+-- You can only use this for rule statements that reference a rule group,
+-- like @RuleGroupReferenceStatement@ and @ManagedRuleGroupStatement@.
+--
+-- This option is usually set to none. It does not affect how the rules in
+-- the rule group are evaluated. If you want the rules in the rule group to
+-- only count matches, do not use this and instead use the rule action
+-- override option, with @Count@ action, in your rule group reference
+-- statement settings.
+--
+-- 'visibilityConfig', 'firewallManagerRuleGroup_visibilityConfig' - Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+newFirewallManagerRuleGroup ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'priority'
+  Prelude.Natural ->
+  -- | 'firewallManagerStatement'
+  FirewallManagerStatement ->
+  -- | 'overrideAction'
+  OverrideAction ->
+  -- | 'visibilityConfig'
+  VisibilityConfig ->
+  FirewallManagerRuleGroup
+newFirewallManagerRuleGroup
+  pName_
+  pPriority_
+  pFirewallManagerStatement_
+  pOverrideAction_
+  pVisibilityConfig_ =
+    FirewallManagerRuleGroup'
+      { name = pName_,
+        priority = pPriority_,
+        firewallManagerStatement =
+          pFirewallManagerStatement_,
+        overrideAction = pOverrideAction_,
+        visibilityConfig = pVisibilityConfig_
+      }
+
+-- | The name of the rule group. You cannot change the name of a rule group
+-- after you create it.
+firewallManagerRuleGroup_name :: Lens.Lens' FirewallManagerRuleGroup Prelude.Text
+firewallManagerRuleGroup_name = Lens.lens (\FirewallManagerRuleGroup' {name} -> name) (\s@FirewallManagerRuleGroup' {} a -> s {name = a} :: FirewallManagerRuleGroup)
+
+-- | If you define more than one rule group in the first or last Firewall
+-- Manager rule groups, WAF evaluates each request against the rule groups
+-- in order, starting from the lowest priority setting. The priorities
+-- don\'t need to be consecutive, but they must all be different.
+firewallManagerRuleGroup_priority :: Lens.Lens' FirewallManagerRuleGroup Prelude.Natural
+firewallManagerRuleGroup_priority = Lens.lens (\FirewallManagerRuleGroup' {priority} -> priority) (\s@FirewallManagerRuleGroup' {} a -> s {priority = a} :: FirewallManagerRuleGroup)
+
+-- | The processing guidance for an Firewall Manager rule. This is like a
+-- regular rule Statement, but it can only contain a rule group reference.
+firewallManagerRuleGroup_firewallManagerStatement :: Lens.Lens' FirewallManagerRuleGroup FirewallManagerStatement
+firewallManagerRuleGroup_firewallManagerStatement = Lens.lens (\FirewallManagerRuleGroup' {firewallManagerStatement} -> firewallManagerStatement) (\s@FirewallManagerRuleGroup' {} a -> s {firewallManagerStatement = a} :: FirewallManagerRuleGroup)
+
+-- | The action to use in the place of the action that results from the rule
+-- group evaluation. Set the override action to none to leave the result of
+-- the rule group alone. Set it to count to override the result to count
+-- only.
+--
+-- You can only use this for rule statements that reference a rule group,
+-- like @RuleGroupReferenceStatement@ and @ManagedRuleGroupStatement@.
+--
+-- This option is usually set to none. It does not affect how the rules in
+-- the rule group are evaluated. If you want the rules in the rule group to
+-- only count matches, do not use this and instead use the rule action
+-- override option, with @Count@ action, in your rule group reference
+-- statement settings.
+firewallManagerRuleGroup_overrideAction :: Lens.Lens' FirewallManagerRuleGroup OverrideAction
+firewallManagerRuleGroup_overrideAction = Lens.lens (\FirewallManagerRuleGroup' {overrideAction} -> overrideAction) (\s@FirewallManagerRuleGroup' {} a -> s {overrideAction = a} :: FirewallManagerRuleGroup)
+
+-- | Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+firewallManagerRuleGroup_visibilityConfig :: Lens.Lens' FirewallManagerRuleGroup VisibilityConfig
+firewallManagerRuleGroup_visibilityConfig = Lens.lens (\FirewallManagerRuleGroup' {visibilityConfig} -> visibilityConfig) (\s@FirewallManagerRuleGroup' {} a -> s {visibilityConfig = a} :: FirewallManagerRuleGroup)
+
+instance Data.FromJSON FirewallManagerRuleGroup where
+  parseJSON =
+    Data.withObject
+      "FirewallManagerRuleGroup"
+      ( \x ->
+          FirewallManagerRuleGroup'
+            Prelude.<$> (x Data..: "Name")
+            Prelude.<*> (x Data..: "Priority")
+            Prelude.<*> (x Data..: "FirewallManagerStatement")
+            Prelude.<*> (x Data..: "OverrideAction")
+            Prelude.<*> (x Data..: "VisibilityConfig")
+      )
+
+instance Prelude.Hashable FirewallManagerRuleGroup where
+  hashWithSalt _salt FirewallManagerRuleGroup' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` priority
+      `Prelude.hashWithSalt` firewallManagerStatement
+      `Prelude.hashWithSalt` overrideAction
+      `Prelude.hashWithSalt` visibilityConfig
+
+instance Prelude.NFData FirewallManagerRuleGroup where
+  rnf FirewallManagerRuleGroup' {..} =
+    Prelude.rnf name
+      `Prelude.seq` Prelude.rnf priority
+      `Prelude.seq` Prelude.rnf firewallManagerStatement
+      `Prelude.seq` Prelude.rnf overrideAction
+      `Prelude.seq` Prelude.rnf visibilityConfig
diff --git a/gen/Amazonka/WAFV2/Types/FirewallManagerStatement.hs b/gen/Amazonka/WAFV2/Types/FirewallManagerStatement.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/FirewallManagerStatement.hs
@@ -0,0 +1,145 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.FirewallManagerStatement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.FirewallManagerStatement where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.ManagedRuleGroupStatement
+import Amazonka.WAFV2.Types.RuleGroupReferenceStatement
+
+-- | The processing guidance for an Firewall Manager rule. This is like a
+-- regular rule Statement, but it can only contain a rule group reference.
+--
+-- /See:/ 'newFirewallManagerStatement' smart constructor.
+data FirewallManagerStatement = FirewallManagerStatement'
+  { -- | A rule statement used to run the rules that are defined in a managed
+    -- rule group. To use this, provide the vendor name and the name of the
+    -- rule group in this statement. You can retrieve the required names by
+    -- calling ListAvailableManagedRuleGroups.
+    --
+    -- You cannot nest a @ManagedRuleGroupStatement@, for example for use
+    -- inside a @NotStatement@ or @OrStatement@. It can only be referenced as a
+    -- top-level statement within a rule.
+    --
+    -- You are charged additional fees when you use the WAF Bot Control managed
+    -- rule group @AWSManagedRulesBotControlRuleSet@ or the WAF Fraud Control
+    -- account takeover prevention (ATP) managed rule group
+    -- @AWSManagedRulesATPRuleSet@. For more information, see
+    -- <http://aws.amazon.com/waf/pricing/ WAF Pricing>.
+    managedRuleGroupStatement :: Prelude.Maybe ManagedRuleGroupStatement,
+    -- | A rule statement used to run the rules that are defined in a RuleGroup.
+    -- To use this, create a rule group with your rules, then provide the ARN
+    -- of the rule group in this statement.
+    --
+    -- You cannot nest a @RuleGroupReferenceStatement@, for example for use
+    -- inside a @NotStatement@ or @OrStatement@. You can only use a rule group
+    -- reference statement at the top level inside a web ACL.
+    ruleGroupReferenceStatement :: Prelude.Maybe RuleGroupReferenceStatement
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'FirewallManagerStatement' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'managedRuleGroupStatement', 'firewallManagerStatement_managedRuleGroupStatement' - A rule statement used to run the rules that are defined in a managed
+-- rule group. To use this, provide the vendor name and the name of the
+-- rule group in this statement. You can retrieve the required names by
+-- calling ListAvailableManagedRuleGroups.
+--
+-- You cannot nest a @ManagedRuleGroupStatement@, for example for use
+-- inside a @NotStatement@ or @OrStatement@. It can only be referenced as a
+-- top-level statement within a rule.
+--
+-- You are charged additional fees when you use the WAF Bot Control managed
+-- rule group @AWSManagedRulesBotControlRuleSet@ or the WAF Fraud Control
+-- account takeover prevention (ATP) managed rule group
+-- @AWSManagedRulesATPRuleSet@. For more information, see
+-- <http://aws.amazon.com/waf/pricing/ WAF Pricing>.
+--
+-- 'ruleGroupReferenceStatement', 'firewallManagerStatement_ruleGroupReferenceStatement' - A rule statement used to run the rules that are defined in a RuleGroup.
+-- To use this, create a rule group with your rules, then provide the ARN
+-- of the rule group in this statement.
+--
+-- You cannot nest a @RuleGroupReferenceStatement@, for example for use
+-- inside a @NotStatement@ or @OrStatement@. You can only use a rule group
+-- reference statement at the top level inside a web ACL.
+newFirewallManagerStatement ::
+  FirewallManagerStatement
+newFirewallManagerStatement =
+  FirewallManagerStatement'
+    { managedRuleGroupStatement =
+        Prelude.Nothing,
+      ruleGroupReferenceStatement = Prelude.Nothing
+    }
+
+-- | A rule statement used to run the rules that are defined in a managed
+-- rule group. To use this, provide the vendor name and the name of the
+-- rule group in this statement. You can retrieve the required names by
+-- calling ListAvailableManagedRuleGroups.
+--
+-- You cannot nest a @ManagedRuleGroupStatement@, for example for use
+-- inside a @NotStatement@ or @OrStatement@. It can only be referenced as a
+-- top-level statement within a rule.
+--
+-- You are charged additional fees when you use the WAF Bot Control managed
+-- rule group @AWSManagedRulesBotControlRuleSet@ or the WAF Fraud Control
+-- account takeover prevention (ATP) managed rule group
+-- @AWSManagedRulesATPRuleSet@. For more information, see
+-- <http://aws.amazon.com/waf/pricing/ WAF Pricing>.
+firewallManagerStatement_managedRuleGroupStatement :: Lens.Lens' FirewallManagerStatement (Prelude.Maybe ManagedRuleGroupStatement)
+firewallManagerStatement_managedRuleGroupStatement = Lens.lens (\FirewallManagerStatement' {managedRuleGroupStatement} -> managedRuleGroupStatement) (\s@FirewallManagerStatement' {} a -> s {managedRuleGroupStatement = a} :: FirewallManagerStatement)
+
+-- | A rule statement used to run the rules that are defined in a RuleGroup.
+-- To use this, create a rule group with your rules, then provide the ARN
+-- of the rule group in this statement.
+--
+-- You cannot nest a @RuleGroupReferenceStatement@, for example for use
+-- inside a @NotStatement@ or @OrStatement@. You can only use a rule group
+-- reference statement at the top level inside a web ACL.
+firewallManagerStatement_ruleGroupReferenceStatement :: Lens.Lens' FirewallManagerStatement (Prelude.Maybe RuleGroupReferenceStatement)
+firewallManagerStatement_ruleGroupReferenceStatement = Lens.lens (\FirewallManagerStatement' {ruleGroupReferenceStatement} -> ruleGroupReferenceStatement) (\s@FirewallManagerStatement' {} a -> s {ruleGroupReferenceStatement = a} :: FirewallManagerStatement)
+
+instance Data.FromJSON FirewallManagerStatement where
+  parseJSON =
+    Data.withObject
+      "FirewallManagerStatement"
+      ( \x ->
+          FirewallManagerStatement'
+            Prelude.<$> (x Data..:? "ManagedRuleGroupStatement")
+            Prelude.<*> (x Data..:? "RuleGroupReferenceStatement")
+      )
+
+instance Prelude.Hashable FirewallManagerStatement where
+  hashWithSalt _salt FirewallManagerStatement' {..} =
+    _salt
+      `Prelude.hashWithSalt` managedRuleGroupStatement
+      `Prelude.hashWithSalt` ruleGroupReferenceStatement
+
+instance Prelude.NFData FirewallManagerStatement where
+  rnf FirewallManagerStatement' {..} =
+    Prelude.rnf managedRuleGroupStatement
+      `Prelude.seq` Prelude.rnf ruleGroupReferenceStatement
diff --git a/gen/Amazonka/WAFV2/Types/ForwardedIPConfig.hs b/gen/Amazonka/WAFV2/Types/ForwardedIPConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/ForwardedIPConfig.hs
@@ -0,0 +1,159 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.ForwardedIPConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.ForwardedIPConfig where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.FallbackBehavior
+
+-- | The configuration for inspecting IP addresses in an HTTP header that you
+-- specify, instead of using the IP address that\'s reported by the web
+-- request origin. Commonly, this is the X-Forwarded-For (XFF) header, but
+-- you can specify any header name.
+--
+-- If the specified header isn\'t present in the request, WAF doesn\'t
+-- apply the rule to the web request at all.
+--
+-- This configuration is used for GeoMatchStatement and RateBasedStatement.
+-- For IPSetReferenceStatement, use IPSetForwardedIPConfig instead.
+--
+-- WAF only evaluates the first IP address found in the specified HTTP
+-- header.
+--
+-- /See:/ 'newForwardedIPConfig' smart constructor.
+data ForwardedIPConfig = ForwardedIPConfig'
+  { -- | The name of the HTTP header to use for the IP address. For example, to
+    -- use the X-Forwarded-For (XFF) header, set this to @X-Forwarded-For@.
+    --
+    -- If the specified header isn\'t present in the request, WAF doesn\'t
+    -- apply the rule to the web request at all.
+    headerName :: Prelude.Text,
+    -- | The match status to assign to the web request if the request doesn\'t
+    -- have a valid IP address in the specified position.
+    --
+    -- If the specified header isn\'t present in the request, WAF doesn\'t
+    -- apply the rule to the web request at all.
+    --
+    -- You can specify the following fallback behaviors:
+    --
+    -- -   @MATCH@ - Treat the web request as matching the rule statement. WAF
+    --     applies the rule action to the request.
+    --
+    -- -   @NO_MATCH@ - Treat the web request as not matching the rule
+    --     statement.
+    fallbackBehavior :: FallbackBehavior
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ForwardedIPConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'headerName', 'forwardedIPConfig_headerName' - The name of the HTTP header to use for the IP address. For example, to
+-- use the X-Forwarded-For (XFF) header, set this to @X-Forwarded-For@.
+--
+-- If the specified header isn\'t present in the request, WAF doesn\'t
+-- apply the rule to the web request at all.
+--
+-- 'fallbackBehavior', 'forwardedIPConfig_fallbackBehavior' - The match status to assign to the web request if the request doesn\'t
+-- have a valid IP address in the specified position.
+--
+-- If the specified header isn\'t present in the request, WAF doesn\'t
+-- apply the rule to the web request at all.
+--
+-- You can specify the following fallback behaviors:
+--
+-- -   @MATCH@ - Treat the web request as matching the rule statement. WAF
+--     applies the rule action to the request.
+--
+-- -   @NO_MATCH@ - Treat the web request as not matching the rule
+--     statement.
+newForwardedIPConfig ::
+  -- | 'headerName'
+  Prelude.Text ->
+  -- | 'fallbackBehavior'
+  FallbackBehavior ->
+  ForwardedIPConfig
+newForwardedIPConfig pHeaderName_ pFallbackBehavior_ =
+  ForwardedIPConfig'
+    { headerName = pHeaderName_,
+      fallbackBehavior = pFallbackBehavior_
+    }
+
+-- | The name of the HTTP header to use for the IP address. For example, to
+-- use the X-Forwarded-For (XFF) header, set this to @X-Forwarded-For@.
+--
+-- If the specified header isn\'t present in the request, WAF doesn\'t
+-- apply the rule to the web request at all.
+forwardedIPConfig_headerName :: Lens.Lens' ForwardedIPConfig Prelude.Text
+forwardedIPConfig_headerName = Lens.lens (\ForwardedIPConfig' {headerName} -> headerName) (\s@ForwardedIPConfig' {} a -> s {headerName = a} :: ForwardedIPConfig)
+
+-- | The match status to assign to the web request if the request doesn\'t
+-- have a valid IP address in the specified position.
+--
+-- If the specified header isn\'t present in the request, WAF doesn\'t
+-- apply the rule to the web request at all.
+--
+-- You can specify the following fallback behaviors:
+--
+-- -   @MATCH@ - Treat the web request as matching the rule statement. WAF
+--     applies the rule action to the request.
+--
+-- -   @NO_MATCH@ - Treat the web request as not matching the rule
+--     statement.
+forwardedIPConfig_fallbackBehavior :: Lens.Lens' ForwardedIPConfig FallbackBehavior
+forwardedIPConfig_fallbackBehavior = Lens.lens (\ForwardedIPConfig' {fallbackBehavior} -> fallbackBehavior) (\s@ForwardedIPConfig' {} a -> s {fallbackBehavior = a} :: ForwardedIPConfig)
+
+instance Data.FromJSON ForwardedIPConfig where
+  parseJSON =
+    Data.withObject
+      "ForwardedIPConfig"
+      ( \x ->
+          ForwardedIPConfig'
+            Prelude.<$> (x Data..: "HeaderName")
+            Prelude.<*> (x Data..: "FallbackBehavior")
+      )
+
+instance Prelude.Hashable ForwardedIPConfig where
+  hashWithSalt _salt ForwardedIPConfig' {..} =
+    _salt
+      `Prelude.hashWithSalt` headerName
+      `Prelude.hashWithSalt` fallbackBehavior
+
+instance Prelude.NFData ForwardedIPConfig where
+  rnf ForwardedIPConfig' {..} =
+    Prelude.rnf headerName
+      `Prelude.seq` Prelude.rnf fallbackBehavior
+
+instance Data.ToJSON ForwardedIPConfig where
+  toJSON ForwardedIPConfig' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("HeaderName" Data..= headerName),
+            Prelude.Just
+              ("FallbackBehavior" Data..= fallbackBehavior)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/ForwardedIPPosition.hs b/gen/Amazonka/WAFV2/Types/ForwardedIPPosition.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/ForwardedIPPosition.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.ForwardedIPPosition
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.ForwardedIPPosition
+  ( ForwardedIPPosition
+      ( ..,
+        ForwardedIPPosition_ANY,
+        ForwardedIPPosition_FIRST,
+        ForwardedIPPosition_LAST
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ForwardedIPPosition = ForwardedIPPosition'
+  { fromForwardedIPPosition ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ForwardedIPPosition_ANY :: ForwardedIPPosition
+pattern ForwardedIPPosition_ANY = ForwardedIPPosition' "ANY"
+
+pattern ForwardedIPPosition_FIRST :: ForwardedIPPosition
+pattern ForwardedIPPosition_FIRST = ForwardedIPPosition' "FIRST"
+
+pattern ForwardedIPPosition_LAST :: ForwardedIPPosition
+pattern ForwardedIPPosition_LAST = ForwardedIPPosition' "LAST"
+
+{-# COMPLETE
+  ForwardedIPPosition_ANY,
+  ForwardedIPPosition_FIRST,
+  ForwardedIPPosition_LAST,
+  ForwardedIPPosition'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/GeoMatchStatement.hs b/gen/Amazonka/WAFV2/Types/GeoMatchStatement.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/GeoMatchStatement.hs
@@ -0,0 +1,175 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.GeoMatchStatement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.GeoMatchStatement where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.CountryCode
+import Amazonka.WAFV2.Types.ForwardedIPConfig
+
+-- | A rule statement that labels web requests by country and region and that
+-- matches against web requests based on country code. A geo match rule
+-- labels every request that it inspects regardless of whether it finds a
+-- match.
+--
+-- -   To manage requests only by country, you can use this statement by
+--     itself and specify the countries that you want to match against in
+--     the @CountryCodes@ array.
+--
+-- -   Otherwise, configure your geo match rule with Count action so that
+--     it only labels requests. Then, add one or more label match rules to
+--     run after the geo match rule and configure them to match against the
+--     geographic labels and handle the requests as needed.
+--
+-- WAF labels requests using the alpha-2 country and region codes from the
+-- International Organization for Standardization (ISO) 3166 standard. WAF
+-- determines the codes using either the IP address in the web request
+-- origin or, if you specify it, the address in the geo match
+-- @ForwardedIPConfig@.
+--
+-- If you use the web request origin, the label formats are
+-- @awswaf:clientip:geo:region:\<ISO country code>-\<ISO region code>@ and
+-- @awswaf:clientip:geo:country:\<ISO country code>@.
+--
+-- If you use a forwarded IP address, the label formats are
+-- @awswaf:forwardedip:geo:region:\<ISO country code>-\<ISO region code>@
+-- and @awswaf:forwardedip:geo:country:\<ISO country code>@.
+--
+-- For additional details, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-geo-match.html Geographic match rule statement>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- /See:/ 'newGeoMatchStatement' smart constructor.
+data GeoMatchStatement = GeoMatchStatement'
+  { -- | An array of two-character country codes that you want to match against,
+    -- for example, @[ \"US\", \"CN\" ]@, from the alpha-2 country ISO codes of
+    -- the ISO 3166 international standard.
+    --
+    -- When you use a geo match statement just for the region and country
+    -- labels that it adds to requests, you still have to supply a country code
+    -- for the rule to evaluate. In this case, you configure the rule to only
+    -- count matching requests, but it will still generate logging and count
+    -- metrics for any matches. You can reduce the logging and metrics that the
+    -- rule produces by specifying a country that\'s unlikely to be a source of
+    -- traffic to your site.
+    countryCodes :: Prelude.Maybe (Prelude.NonEmpty CountryCode),
+    -- | The configuration for inspecting IP addresses in an HTTP header that you
+    -- specify, instead of using the IP address that\'s reported by the web
+    -- request origin. Commonly, this is the X-Forwarded-For (XFF) header, but
+    -- you can specify any header name.
+    --
+    -- If the specified header isn\'t present in the request, WAF doesn\'t
+    -- apply the rule to the web request at all.
+    forwardedIPConfig :: Prelude.Maybe ForwardedIPConfig
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'GeoMatchStatement' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'countryCodes', 'geoMatchStatement_countryCodes' - An array of two-character country codes that you want to match against,
+-- for example, @[ \"US\", \"CN\" ]@, from the alpha-2 country ISO codes of
+-- the ISO 3166 international standard.
+--
+-- When you use a geo match statement just for the region and country
+-- labels that it adds to requests, you still have to supply a country code
+-- for the rule to evaluate. In this case, you configure the rule to only
+-- count matching requests, but it will still generate logging and count
+-- metrics for any matches. You can reduce the logging and metrics that the
+-- rule produces by specifying a country that\'s unlikely to be a source of
+-- traffic to your site.
+--
+-- 'forwardedIPConfig', 'geoMatchStatement_forwardedIPConfig' - The configuration for inspecting IP addresses in an HTTP header that you
+-- specify, instead of using the IP address that\'s reported by the web
+-- request origin. Commonly, this is the X-Forwarded-For (XFF) header, but
+-- you can specify any header name.
+--
+-- If the specified header isn\'t present in the request, WAF doesn\'t
+-- apply the rule to the web request at all.
+newGeoMatchStatement ::
+  GeoMatchStatement
+newGeoMatchStatement =
+  GeoMatchStatement'
+    { countryCodes = Prelude.Nothing,
+      forwardedIPConfig = Prelude.Nothing
+    }
+
+-- | An array of two-character country codes that you want to match against,
+-- for example, @[ \"US\", \"CN\" ]@, from the alpha-2 country ISO codes of
+-- the ISO 3166 international standard.
+--
+-- When you use a geo match statement just for the region and country
+-- labels that it adds to requests, you still have to supply a country code
+-- for the rule to evaluate. In this case, you configure the rule to only
+-- count matching requests, but it will still generate logging and count
+-- metrics for any matches. You can reduce the logging and metrics that the
+-- rule produces by specifying a country that\'s unlikely to be a source of
+-- traffic to your site.
+geoMatchStatement_countryCodes :: Lens.Lens' GeoMatchStatement (Prelude.Maybe (Prelude.NonEmpty CountryCode))
+geoMatchStatement_countryCodes = Lens.lens (\GeoMatchStatement' {countryCodes} -> countryCodes) (\s@GeoMatchStatement' {} a -> s {countryCodes = a} :: GeoMatchStatement) Prelude.. Lens.mapping Lens.coerced
+
+-- | The configuration for inspecting IP addresses in an HTTP header that you
+-- specify, instead of using the IP address that\'s reported by the web
+-- request origin. Commonly, this is the X-Forwarded-For (XFF) header, but
+-- you can specify any header name.
+--
+-- If the specified header isn\'t present in the request, WAF doesn\'t
+-- apply the rule to the web request at all.
+geoMatchStatement_forwardedIPConfig :: Lens.Lens' GeoMatchStatement (Prelude.Maybe ForwardedIPConfig)
+geoMatchStatement_forwardedIPConfig = Lens.lens (\GeoMatchStatement' {forwardedIPConfig} -> forwardedIPConfig) (\s@GeoMatchStatement' {} a -> s {forwardedIPConfig = a} :: GeoMatchStatement)
+
+instance Data.FromJSON GeoMatchStatement where
+  parseJSON =
+    Data.withObject
+      "GeoMatchStatement"
+      ( \x ->
+          GeoMatchStatement'
+            Prelude.<$> (x Data..:? "CountryCodes")
+            Prelude.<*> (x Data..:? "ForwardedIPConfig")
+      )
+
+instance Prelude.Hashable GeoMatchStatement where
+  hashWithSalt _salt GeoMatchStatement' {..} =
+    _salt
+      `Prelude.hashWithSalt` countryCodes
+      `Prelude.hashWithSalt` forwardedIPConfig
+
+instance Prelude.NFData GeoMatchStatement where
+  rnf GeoMatchStatement' {..} =
+    Prelude.rnf countryCodes
+      `Prelude.seq` Prelude.rnf forwardedIPConfig
+
+instance Data.ToJSON GeoMatchStatement where
+  toJSON GeoMatchStatement' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CountryCodes" Data..=) Prelude.<$> countryCodes,
+            ("ForwardedIPConfig" Data..=)
+              Prelude.<$> forwardedIPConfig
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/HTTPHeader.hs b/gen/Amazonka/WAFV2/Types/HTTPHeader.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/HTTPHeader.hs
@@ -0,0 +1,86 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.HTTPHeader
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.HTTPHeader where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Part of the response from GetSampledRequests. This is a complex type
+-- that appears as @Headers@ in the response syntax. @HTTPHeader@ contains
+-- the names and values of all of the headers that appear in one of the web
+-- requests.
+--
+-- /See:/ 'newHTTPHeader' smart constructor.
+data HTTPHeader = HTTPHeader'
+  { -- | The name of the HTTP header.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The value of the HTTP header.
+    value :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'HTTPHeader' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'hTTPHeader_name' - The name of the HTTP header.
+--
+-- 'value', 'hTTPHeader_value' - The value of the HTTP header.
+newHTTPHeader ::
+  HTTPHeader
+newHTTPHeader =
+  HTTPHeader'
+    { name = Prelude.Nothing,
+      value = Prelude.Nothing
+    }
+
+-- | The name of the HTTP header.
+hTTPHeader_name :: Lens.Lens' HTTPHeader (Prelude.Maybe Prelude.Text)
+hTTPHeader_name = Lens.lens (\HTTPHeader' {name} -> name) (\s@HTTPHeader' {} a -> s {name = a} :: HTTPHeader)
+
+-- | The value of the HTTP header.
+hTTPHeader_value :: Lens.Lens' HTTPHeader (Prelude.Maybe Prelude.Text)
+hTTPHeader_value = Lens.lens (\HTTPHeader' {value} -> value) (\s@HTTPHeader' {} a -> s {value = a} :: HTTPHeader)
+
+instance Data.FromJSON HTTPHeader where
+  parseJSON =
+    Data.withObject
+      "HTTPHeader"
+      ( \x ->
+          HTTPHeader'
+            Prelude.<$> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "Value")
+      )
+
+instance Prelude.Hashable HTTPHeader where
+  hashWithSalt _salt HTTPHeader' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` value
+
+instance Prelude.NFData HTTPHeader where
+  rnf HTTPHeader' {..} =
+    Prelude.rnf name `Prelude.seq` Prelude.rnf value
diff --git a/gen/Amazonka/WAFV2/Types/HTTPRequest.hs b/gen/Amazonka/WAFV2/Types/HTTPRequest.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/HTTPRequest.hs
@@ -0,0 +1,174 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.HTTPRequest
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.HTTPRequest where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.HTTPHeader
+
+-- | Part of the response from GetSampledRequests. This is a complex type
+-- that appears as @Request@ in the response syntax. @HTTPRequest@ contains
+-- information about one of the web requests.
+--
+-- /See:/ 'newHTTPRequest' smart constructor.
+data HTTPRequest = HTTPRequest'
+  { -- | The IP address that the request originated from. If the web ACL is
+    -- associated with a CloudFront distribution, this is the value of one of
+    -- the following fields in CloudFront access logs:
+    --
+    -- -   @c-ip@, if the viewer did not use an HTTP proxy or a load balancer
+    --     to send the request
+    --
+    -- -   @x-forwarded-for@, if the viewer did use an HTTP proxy or a load
+    --     balancer to send the request
+    clientIP :: Prelude.Maybe Prelude.Text,
+    -- | The two-letter country code for the country that the request originated
+    -- from. For a current list of country codes, see the Wikipedia entry
+    -- <https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 ISO 3166-1 alpha-2>.
+    country :: Prelude.Maybe Prelude.Text,
+    -- | The HTTP version specified in the sampled web request, for example,
+    -- @HTTP\/1.1@.
+    hTTPVersion :: Prelude.Maybe Prelude.Text,
+    -- | A complex type that contains the name and value for each header in the
+    -- sampled web request.
+    headers :: Prelude.Maybe [HTTPHeader],
+    -- | The HTTP method specified in the sampled web request.
+    method :: Prelude.Maybe Prelude.Text,
+    -- | The URI path of the request, which identifies the resource, for example,
+    -- @\/images\/daily-ad.jpg@.
+    uri :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'HTTPRequest' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'clientIP', 'hTTPRequest_clientIP' - The IP address that the request originated from. If the web ACL is
+-- associated with a CloudFront distribution, this is the value of one of
+-- the following fields in CloudFront access logs:
+--
+-- -   @c-ip@, if the viewer did not use an HTTP proxy or a load balancer
+--     to send the request
+--
+-- -   @x-forwarded-for@, if the viewer did use an HTTP proxy or a load
+--     balancer to send the request
+--
+-- 'country', 'hTTPRequest_country' - The two-letter country code for the country that the request originated
+-- from. For a current list of country codes, see the Wikipedia entry
+-- <https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 ISO 3166-1 alpha-2>.
+--
+-- 'hTTPVersion', 'hTTPRequest_hTTPVersion' - The HTTP version specified in the sampled web request, for example,
+-- @HTTP\/1.1@.
+--
+-- 'headers', 'hTTPRequest_headers' - A complex type that contains the name and value for each header in the
+-- sampled web request.
+--
+-- 'method', 'hTTPRequest_method' - The HTTP method specified in the sampled web request.
+--
+-- 'uri', 'hTTPRequest_uri' - The URI path of the request, which identifies the resource, for example,
+-- @\/images\/daily-ad.jpg@.
+newHTTPRequest ::
+  HTTPRequest
+newHTTPRequest =
+  HTTPRequest'
+    { clientIP = Prelude.Nothing,
+      country = Prelude.Nothing,
+      hTTPVersion = Prelude.Nothing,
+      headers = Prelude.Nothing,
+      method = Prelude.Nothing,
+      uri = Prelude.Nothing
+    }
+
+-- | The IP address that the request originated from. If the web ACL is
+-- associated with a CloudFront distribution, this is the value of one of
+-- the following fields in CloudFront access logs:
+--
+-- -   @c-ip@, if the viewer did not use an HTTP proxy or a load balancer
+--     to send the request
+--
+-- -   @x-forwarded-for@, if the viewer did use an HTTP proxy or a load
+--     balancer to send the request
+hTTPRequest_clientIP :: Lens.Lens' HTTPRequest (Prelude.Maybe Prelude.Text)
+hTTPRequest_clientIP = Lens.lens (\HTTPRequest' {clientIP} -> clientIP) (\s@HTTPRequest' {} a -> s {clientIP = a} :: HTTPRequest)
+
+-- | The two-letter country code for the country that the request originated
+-- from. For a current list of country codes, see the Wikipedia entry
+-- <https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 ISO 3166-1 alpha-2>.
+hTTPRequest_country :: Lens.Lens' HTTPRequest (Prelude.Maybe Prelude.Text)
+hTTPRequest_country = Lens.lens (\HTTPRequest' {country} -> country) (\s@HTTPRequest' {} a -> s {country = a} :: HTTPRequest)
+
+-- | The HTTP version specified in the sampled web request, for example,
+-- @HTTP\/1.1@.
+hTTPRequest_hTTPVersion :: Lens.Lens' HTTPRequest (Prelude.Maybe Prelude.Text)
+hTTPRequest_hTTPVersion = Lens.lens (\HTTPRequest' {hTTPVersion} -> hTTPVersion) (\s@HTTPRequest' {} a -> s {hTTPVersion = a} :: HTTPRequest)
+
+-- | A complex type that contains the name and value for each header in the
+-- sampled web request.
+hTTPRequest_headers :: Lens.Lens' HTTPRequest (Prelude.Maybe [HTTPHeader])
+hTTPRequest_headers = Lens.lens (\HTTPRequest' {headers} -> headers) (\s@HTTPRequest' {} a -> s {headers = a} :: HTTPRequest) Prelude.. Lens.mapping Lens.coerced
+
+-- | The HTTP method specified in the sampled web request.
+hTTPRequest_method :: Lens.Lens' HTTPRequest (Prelude.Maybe Prelude.Text)
+hTTPRequest_method = Lens.lens (\HTTPRequest' {method} -> method) (\s@HTTPRequest' {} a -> s {method = a} :: HTTPRequest)
+
+-- | The URI path of the request, which identifies the resource, for example,
+-- @\/images\/daily-ad.jpg@.
+hTTPRequest_uri :: Lens.Lens' HTTPRequest (Prelude.Maybe Prelude.Text)
+hTTPRequest_uri = Lens.lens (\HTTPRequest' {uri} -> uri) (\s@HTTPRequest' {} a -> s {uri = a} :: HTTPRequest)
+
+instance Data.FromJSON HTTPRequest where
+  parseJSON =
+    Data.withObject
+      "HTTPRequest"
+      ( \x ->
+          HTTPRequest'
+            Prelude.<$> (x Data..:? "ClientIP")
+            Prelude.<*> (x Data..:? "Country")
+            Prelude.<*> (x Data..:? "HTTPVersion")
+            Prelude.<*> (x Data..:? "Headers" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "Method")
+            Prelude.<*> (x Data..:? "URI")
+      )
+
+instance Prelude.Hashable HTTPRequest where
+  hashWithSalt _salt HTTPRequest' {..} =
+    _salt
+      `Prelude.hashWithSalt` clientIP
+      `Prelude.hashWithSalt` country
+      `Prelude.hashWithSalt` hTTPVersion
+      `Prelude.hashWithSalt` headers
+      `Prelude.hashWithSalt` method
+      `Prelude.hashWithSalt` uri
+
+instance Prelude.NFData HTTPRequest where
+  rnf HTTPRequest' {..} =
+    Prelude.rnf clientIP
+      `Prelude.seq` Prelude.rnf country
+      `Prelude.seq` Prelude.rnf hTTPVersion
+      `Prelude.seq` Prelude.rnf headers
+      `Prelude.seq` Prelude.rnf method
+      `Prelude.seq` Prelude.rnf uri
diff --git a/gen/Amazonka/WAFV2/Types/HeaderMatchPattern.hs b/gen/Amazonka/WAFV2/Types/HeaderMatchPattern.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/HeaderMatchPattern.hs
@@ -0,0 +1,122 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.HeaderMatchPattern
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.HeaderMatchPattern where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.All
+
+-- | The filter to use to identify the subset of headers to inspect in a web
+-- request.
+--
+-- You must specify exactly one setting: either @All@, @IncludedHeaders@,
+-- or @ExcludedHeaders@.
+--
+-- Example JSON:
+-- @\"MatchPattern\": { \"ExcludedHeaders\": {\"KeyToExclude1\", \"KeyToExclude2\"} }@
+--
+-- /See:/ 'newHeaderMatchPattern' smart constructor.
+data HeaderMatchPattern = HeaderMatchPattern'
+  { -- | Inspect all headers.
+    all :: Prelude.Maybe All,
+    -- | Inspect only the headers whose keys don\'t match any of the strings
+    -- specified here.
+    excludedHeaders :: Prelude.Maybe (Prelude.NonEmpty Prelude.Text),
+    -- | Inspect only the headers that have a key that matches one of the strings
+    -- specified here.
+    includedHeaders :: Prelude.Maybe (Prelude.NonEmpty Prelude.Text)
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'HeaderMatchPattern' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'all', 'headerMatchPattern_all' - Inspect all headers.
+--
+-- 'excludedHeaders', 'headerMatchPattern_excludedHeaders' - Inspect only the headers whose keys don\'t match any of the strings
+-- specified here.
+--
+-- 'includedHeaders', 'headerMatchPattern_includedHeaders' - Inspect only the headers that have a key that matches one of the strings
+-- specified here.
+newHeaderMatchPattern ::
+  HeaderMatchPattern
+newHeaderMatchPattern =
+  HeaderMatchPattern'
+    { all = Prelude.Nothing,
+      excludedHeaders = Prelude.Nothing,
+      includedHeaders = Prelude.Nothing
+    }
+
+-- | Inspect all headers.
+headerMatchPattern_all :: Lens.Lens' HeaderMatchPattern (Prelude.Maybe All)
+headerMatchPattern_all = Lens.lens (\HeaderMatchPattern' {all} -> all) (\s@HeaderMatchPattern' {} a -> s {all = a} :: HeaderMatchPattern)
+
+-- | Inspect only the headers whose keys don\'t match any of the strings
+-- specified here.
+headerMatchPattern_excludedHeaders :: Lens.Lens' HeaderMatchPattern (Prelude.Maybe (Prelude.NonEmpty Prelude.Text))
+headerMatchPattern_excludedHeaders = Lens.lens (\HeaderMatchPattern' {excludedHeaders} -> excludedHeaders) (\s@HeaderMatchPattern' {} a -> s {excludedHeaders = a} :: HeaderMatchPattern) Prelude.. Lens.mapping Lens.coerced
+
+-- | Inspect only the headers that have a key that matches one of the strings
+-- specified here.
+headerMatchPattern_includedHeaders :: Lens.Lens' HeaderMatchPattern (Prelude.Maybe (Prelude.NonEmpty Prelude.Text))
+headerMatchPattern_includedHeaders = Lens.lens (\HeaderMatchPattern' {includedHeaders} -> includedHeaders) (\s@HeaderMatchPattern' {} a -> s {includedHeaders = a} :: HeaderMatchPattern) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON HeaderMatchPattern where
+  parseJSON =
+    Data.withObject
+      "HeaderMatchPattern"
+      ( \x ->
+          HeaderMatchPattern'
+            Prelude.<$> (x Data..:? "All")
+            Prelude.<*> (x Data..:? "ExcludedHeaders")
+            Prelude.<*> (x Data..:? "IncludedHeaders")
+      )
+
+instance Prelude.Hashable HeaderMatchPattern where
+  hashWithSalt _salt HeaderMatchPattern' {..} =
+    _salt
+      `Prelude.hashWithSalt` all
+      `Prelude.hashWithSalt` excludedHeaders
+      `Prelude.hashWithSalt` includedHeaders
+
+instance Prelude.NFData HeaderMatchPattern where
+  rnf HeaderMatchPattern' {..} =
+    Prelude.rnf all
+      `Prelude.seq` Prelude.rnf excludedHeaders
+      `Prelude.seq` Prelude.rnf includedHeaders
+
+instance Data.ToJSON HeaderMatchPattern where
+  toJSON HeaderMatchPattern' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("All" Data..=) Prelude.<$> all,
+            ("ExcludedHeaders" Data..=)
+              Prelude.<$> excludedHeaders,
+            ("IncludedHeaders" Data..=)
+              Prelude.<$> includedHeaders
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/Headers.hs b/gen/Amazonka/WAFV2/Types/Headers.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/Headers.hs
@@ -0,0 +1,199 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.Headers
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.Headers where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.HeaderMatchPattern
+import Amazonka.WAFV2.Types.MapMatchScope
+import Amazonka.WAFV2.Types.OversizeHandling
+
+-- | Inspect all headers in the web request. You can specify the parts of the
+-- headers to inspect and you can narrow the set of headers to inspect by
+-- including or excluding specific keys.
+--
+-- This is used to indicate the web request component to inspect, in the
+-- FieldToMatch specification.
+--
+-- If you want to inspect just the value of a single header, use the
+-- @SingleHeader@ @FieldToMatch@ setting instead.
+--
+-- Example JSON:
+-- @\"Headers\": { \"MatchPattern\": { \"All\": {} }, \"MatchScope\": \"KEY\", \"OversizeHandling\": \"MATCH\" }@
+--
+-- /See:/ 'newHeaders' smart constructor.
+data Headers = Headers'
+  { -- | The filter to use to identify the subset of headers to inspect in a web
+    -- request.
+    --
+    -- You must specify exactly one setting: either @All@, @IncludedHeaders@,
+    -- or @ExcludedHeaders@.
+    --
+    -- Example JSON:
+    -- @\"MatchPattern\": { \"ExcludedHeaders\": {\"KeyToExclude1\", \"KeyToExclude2\"} }@
+    matchPattern :: HeaderMatchPattern,
+    -- | The parts of the headers to match with the rule inspection criteria. If
+    -- you specify @All@, WAF inspects both keys and values.
+    matchScope :: MapMatchScope,
+    -- | What WAF should do if the headers of the request are larger than WAF can
+    -- inspect. WAF does not support inspecting the entire contents of request
+    -- headers when they exceed 8 KB (8192 bytes) or 200 total headers. The
+    -- underlying host service forwards a maximum of 200 headers and at most 8
+    -- KB of header contents to WAF.
+    --
+    -- The options for oversize handling are the following:
+    --
+    -- -   @CONTINUE@ - Inspect the headers normally, according to the rule
+    --     inspection criteria.
+    --
+    -- -   @MATCH@ - Treat the web request as matching the rule statement. WAF
+    --     applies the rule action to the request.
+    --
+    -- -   @NO_MATCH@ - Treat the web request as not matching the rule
+    --     statement.
+    oversizeHandling :: OversizeHandling
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Headers' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'matchPattern', 'headers_matchPattern' - The filter to use to identify the subset of headers to inspect in a web
+-- request.
+--
+-- You must specify exactly one setting: either @All@, @IncludedHeaders@,
+-- or @ExcludedHeaders@.
+--
+-- Example JSON:
+-- @\"MatchPattern\": { \"ExcludedHeaders\": {\"KeyToExclude1\", \"KeyToExclude2\"} }@
+--
+-- 'matchScope', 'headers_matchScope' - The parts of the headers to match with the rule inspection criteria. If
+-- you specify @All@, WAF inspects both keys and values.
+--
+-- 'oversizeHandling', 'headers_oversizeHandling' - What WAF should do if the headers of the request are larger than WAF can
+-- inspect. WAF does not support inspecting the entire contents of request
+-- headers when they exceed 8 KB (8192 bytes) or 200 total headers. The
+-- underlying host service forwards a maximum of 200 headers and at most 8
+-- KB of header contents to WAF.
+--
+-- The options for oversize handling are the following:
+--
+-- -   @CONTINUE@ - Inspect the headers normally, according to the rule
+--     inspection criteria.
+--
+-- -   @MATCH@ - Treat the web request as matching the rule statement. WAF
+--     applies the rule action to the request.
+--
+-- -   @NO_MATCH@ - Treat the web request as not matching the rule
+--     statement.
+newHeaders ::
+  -- | 'matchPattern'
+  HeaderMatchPattern ->
+  -- | 'matchScope'
+  MapMatchScope ->
+  -- | 'oversizeHandling'
+  OversizeHandling ->
+  Headers
+newHeaders
+  pMatchPattern_
+  pMatchScope_
+  pOversizeHandling_ =
+    Headers'
+      { matchPattern = pMatchPattern_,
+        matchScope = pMatchScope_,
+        oversizeHandling = pOversizeHandling_
+      }
+
+-- | The filter to use to identify the subset of headers to inspect in a web
+-- request.
+--
+-- You must specify exactly one setting: either @All@, @IncludedHeaders@,
+-- or @ExcludedHeaders@.
+--
+-- Example JSON:
+-- @\"MatchPattern\": { \"ExcludedHeaders\": {\"KeyToExclude1\", \"KeyToExclude2\"} }@
+headers_matchPattern :: Lens.Lens' Headers HeaderMatchPattern
+headers_matchPattern = Lens.lens (\Headers' {matchPattern} -> matchPattern) (\s@Headers' {} a -> s {matchPattern = a} :: Headers)
+
+-- | The parts of the headers to match with the rule inspection criteria. If
+-- you specify @All@, WAF inspects both keys and values.
+headers_matchScope :: Lens.Lens' Headers MapMatchScope
+headers_matchScope = Lens.lens (\Headers' {matchScope} -> matchScope) (\s@Headers' {} a -> s {matchScope = a} :: Headers)
+
+-- | What WAF should do if the headers of the request are larger than WAF can
+-- inspect. WAF does not support inspecting the entire contents of request
+-- headers when they exceed 8 KB (8192 bytes) or 200 total headers. The
+-- underlying host service forwards a maximum of 200 headers and at most 8
+-- KB of header contents to WAF.
+--
+-- The options for oversize handling are the following:
+--
+-- -   @CONTINUE@ - Inspect the headers normally, according to the rule
+--     inspection criteria.
+--
+-- -   @MATCH@ - Treat the web request as matching the rule statement. WAF
+--     applies the rule action to the request.
+--
+-- -   @NO_MATCH@ - Treat the web request as not matching the rule
+--     statement.
+headers_oversizeHandling :: Lens.Lens' Headers OversizeHandling
+headers_oversizeHandling = Lens.lens (\Headers' {oversizeHandling} -> oversizeHandling) (\s@Headers' {} a -> s {oversizeHandling = a} :: Headers)
+
+instance Data.FromJSON Headers where
+  parseJSON =
+    Data.withObject
+      "Headers"
+      ( \x ->
+          Headers'
+            Prelude.<$> (x Data..: "MatchPattern")
+            Prelude.<*> (x Data..: "MatchScope")
+            Prelude.<*> (x Data..: "OversizeHandling")
+      )
+
+instance Prelude.Hashable Headers where
+  hashWithSalt _salt Headers' {..} =
+    _salt
+      `Prelude.hashWithSalt` matchPattern
+      `Prelude.hashWithSalt` matchScope
+      `Prelude.hashWithSalt` oversizeHandling
+
+instance Prelude.NFData Headers where
+  rnf Headers' {..} =
+    Prelude.rnf matchPattern
+      `Prelude.seq` Prelude.rnf matchScope
+      `Prelude.seq` Prelude.rnf oversizeHandling
+
+instance Data.ToJSON Headers where
+  toJSON Headers' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("MatchPattern" Data..= matchPattern),
+            Prelude.Just ("MatchScope" Data..= matchScope),
+            Prelude.Just
+              ("OversizeHandling" Data..= oversizeHandling)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/IPAddressVersion.hs b/gen/Amazonka/WAFV2/Types/IPAddressVersion.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/IPAddressVersion.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.IPAddressVersion
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.IPAddressVersion
+  ( IPAddressVersion
+      ( ..,
+        IPAddressVersion_IPV4,
+        IPAddressVersion_IPV6
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype IPAddressVersion = IPAddressVersion'
+  { fromIPAddressVersion ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern IPAddressVersion_IPV4 :: IPAddressVersion
+pattern IPAddressVersion_IPV4 = IPAddressVersion' "IPV4"
+
+pattern IPAddressVersion_IPV6 :: IPAddressVersion
+pattern IPAddressVersion_IPV6 = IPAddressVersion' "IPV6"
+
+{-# COMPLETE
+  IPAddressVersion_IPV4,
+  IPAddressVersion_IPV6,
+  IPAddressVersion'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/IPSet.hs b/gen/Amazonka/WAFV2/Types/IPSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/IPSet.hs
@@ -0,0 +1,263 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.IPSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.IPSet where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.IPAddressVersion
+
+-- | Contains zero or more IP addresses or blocks of IP addresses specified
+-- in Classless Inter-Domain Routing (CIDR) notation. WAF supports all IPv4
+-- and IPv6 CIDR ranges except for \/0. For information about CIDR
+-- notation, see the Wikipedia entry
+-- <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing Classless Inter-Domain Routing>.
+--
+-- WAF assigns an ARN to each @IPSet@ that you create. To use an IP set in
+-- a rule, you provide the ARN to the Rule statement
+-- IPSetReferenceStatement.
+--
+-- /See:/ 'newIPSet' smart constructor.
+data IPSet = IPSet'
+  { -- | A description of the IP set that helps with identification.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The name of the IP set. You cannot change the name of an @IPSet@ after
+    -- you create it.
+    name :: Prelude.Text,
+    -- | A unique identifier for the set. This ID is returned in the responses to
+    -- create and list commands. You provide it to operations like update and
+    -- delete.
+    id :: Prelude.Text,
+    -- | The Amazon Resource Name (ARN) of the entity.
+    arn :: Prelude.Text,
+    -- | The version of the IP addresses, either @IPV4@ or @IPV6@.
+    iPAddressVersion :: IPAddressVersion,
+    -- | Contains an array of strings that specifies zero or more IP addresses or
+    -- blocks of IP addresses. All addresses must be specified using Classless
+    -- Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6
+    -- CIDR ranges except for @\/0@.
+    --
+    -- Example address strings:
+    --
+    -- -   To configure WAF to allow, block, or count requests that originated
+    --     from the IP address 192.0.2.44, specify @192.0.2.44\/32@.
+    --
+    -- -   To configure WAF to allow, block, or count requests that originated
+    --     from IP addresses from 192.0.2.0 to 192.0.2.255, specify
+    --     @192.0.2.0\/24@.
+    --
+    -- -   To configure WAF to allow, block, or count requests that originated
+    --     from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify
+    --     @1111:0000:0000:0000:0000:0000:0000:0111\/128@.
+    --
+    -- -   To configure WAF to allow, block, or count requests that originated
+    --     from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to
+    --     1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
+    --     @1111:0000:0000:0000:0000:0000:0000:0000\/64@.
+    --
+    -- For more information about CIDR notation, see the Wikipedia entry
+    -- <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing Classless Inter-Domain Routing>.
+    --
+    -- Example JSON @Addresses@ specifications:
+    --
+    -- -   Empty array: @\"Addresses\": []@
+    --
+    -- -   Array with one address: @\"Addresses\": [\"192.0.2.44\/32\"]@
+    --
+    -- -   Array with three addresses:
+    --     @\"Addresses\": [\"192.0.2.44\/32\", \"192.0.2.0\/24\", \"192.0.0.0\/16\"]@
+    --
+    -- -   INVALID specification: @\"Addresses\": [\"\"]@ INVALID
+    addresses :: [Prelude.Text]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'IPSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'description', 'iPSet_description' - A description of the IP set that helps with identification.
+--
+-- 'name', 'iPSet_name' - The name of the IP set. You cannot change the name of an @IPSet@ after
+-- you create it.
+--
+-- 'id', 'iPSet_id' - A unique identifier for the set. This ID is returned in the responses to
+-- create and list commands. You provide it to operations like update and
+-- delete.
+--
+-- 'arn', 'iPSet_arn' - The Amazon Resource Name (ARN) of the entity.
+--
+-- 'iPAddressVersion', 'iPSet_iPAddressVersion' - The version of the IP addresses, either @IPV4@ or @IPV6@.
+--
+-- 'addresses', 'iPSet_addresses' - Contains an array of strings that specifies zero or more IP addresses or
+-- blocks of IP addresses. All addresses must be specified using Classless
+-- Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6
+-- CIDR ranges except for @\/0@.
+--
+-- Example address strings:
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from the IP address 192.0.2.44, specify @192.0.2.44\/32@.
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from IP addresses from 192.0.2.0 to 192.0.2.255, specify
+--     @192.0.2.0\/24@.
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify
+--     @1111:0000:0000:0000:0000:0000:0000:0111\/128@.
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to
+--     1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
+--     @1111:0000:0000:0000:0000:0000:0000:0000\/64@.
+--
+-- For more information about CIDR notation, see the Wikipedia entry
+-- <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing Classless Inter-Domain Routing>.
+--
+-- Example JSON @Addresses@ specifications:
+--
+-- -   Empty array: @\"Addresses\": []@
+--
+-- -   Array with one address: @\"Addresses\": [\"192.0.2.44\/32\"]@
+--
+-- -   Array with three addresses:
+--     @\"Addresses\": [\"192.0.2.44\/32\", \"192.0.2.0\/24\", \"192.0.0.0\/16\"]@
+--
+-- -   INVALID specification: @\"Addresses\": [\"\"]@ INVALID
+newIPSet ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'arn'
+  Prelude.Text ->
+  -- | 'iPAddressVersion'
+  IPAddressVersion ->
+  IPSet
+newIPSet pName_ pId_ pARN_ pIPAddressVersion_ =
+  IPSet'
+    { description = Prelude.Nothing,
+      name = pName_,
+      id = pId_,
+      arn = pARN_,
+      iPAddressVersion = pIPAddressVersion_,
+      addresses = Prelude.mempty
+    }
+
+-- | A description of the IP set that helps with identification.
+iPSet_description :: Lens.Lens' IPSet (Prelude.Maybe Prelude.Text)
+iPSet_description = Lens.lens (\IPSet' {description} -> description) (\s@IPSet' {} a -> s {description = a} :: IPSet)
+
+-- | The name of the IP set. You cannot change the name of an @IPSet@ after
+-- you create it.
+iPSet_name :: Lens.Lens' IPSet Prelude.Text
+iPSet_name = Lens.lens (\IPSet' {name} -> name) (\s@IPSet' {} a -> s {name = a} :: IPSet)
+
+-- | A unique identifier for the set. This ID is returned in the responses to
+-- create and list commands. You provide it to operations like update and
+-- delete.
+iPSet_id :: Lens.Lens' IPSet Prelude.Text
+iPSet_id = Lens.lens (\IPSet' {id} -> id) (\s@IPSet' {} a -> s {id = a} :: IPSet)
+
+-- | The Amazon Resource Name (ARN) of the entity.
+iPSet_arn :: Lens.Lens' IPSet Prelude.Text
+iPSet_arn = Lens.lens (\IPSet' {arn} -> arn) (\s@IPSet' {} a -> s {arn = a} :: IPSet)
+
+-- | The version of the IP addresses, either @IPV4@ or @IPV6@.
+iPSet_iPAddressVersion :: Lens.Lens' IPSet IPAddressVersion
+iPSet_iPAddressVersion = Lens.lens (\IPSet' {iPAddressVersion} -> iPAddressVersion) (\s@IPSet' {} a -> s {iPAddressVersion = a} :: IPSet)
+
+-- | Contains an array of strings that specifies zero or more IP addresses or
+-- blocks of IP addresses. All addresses must be specified using Classless
+-- Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6
+-- CIDR ranges except for @\/0@.
+--
+-- Example address strings:
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from the IP address 192.0.2.44, specify @192.0.2.44\/32@.
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from IP addresses from 192.0.2.0 to 192.0.2.255, specify
+--     @192.0.2.0\/24@.
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify
+--     @1111:0000:0000:0000:0000:0000:0000:0111\/128@.
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to
+--     1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
+--     @1111:0000:0000:0000:0000:0000:0000:0000\/64@.
+--
+-- For more information about CIDR notation, see the Wikipedia entry
+-- <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing Classless Inter-Domain Routing>.
+--
+-- Example JSON @Addresses@ specifications:
+--
+-- -   Empty array: @\"Addresses\": []@
+--
+-- -   Array with one address: @\"Addresses\": [\"192.0.2.44\/32\"]@
+--
+-- -   Array with three addresses:
+--     @\"Addresses\": [\"192.0.2.44\/32\", \"192.0.2.0\/24\", \"192.0.0.0\/16\"]@
+--
+-- -   INVALID specification: @\"Addresses\": [\"\"]@ INVALID
+iPSet_addresses :: Lens.Lens' IPSet [Prelude.Text]
+iPSet_addresses = Lens.lens (\IPSet' {addresses} -> addresses) (\s@IPSet' {} a -> s {addresses = a} :: IPSet) Prelude.. Lens.coerced
+
+instance Data.FromJSON IPSet where
+  parseJSON =
+    Data.withObject
+      "IPSet"
+      ( \x ->
+          IPSet'
+            Prelude.<$> (x Data..:? "Description")
+            Prelude.<*> (x Data..: "Name")
+            Prelude.<*> (x Data..: "Id")
+            Prelude.<*> (x Data..: "ARN")
+            Prelude.<*> (x Data..: "IPAddressVersion")
+            Prelude.<*> (x Data..:? "Addresses" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable IPSet where
+  hashWithSalt _salt IPSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` iPAddressVersion
+      `Prelude.hashWithSalt` addresses
+
+instance Prelude.NFData IPSet where
+  rnf IPSet' {..} =
+    Prelude.rnf description
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf iPAddressVersion
+      `Prelude.seq` Prelude.rnf addresses
diff --git a/gen/Amazonka/WAFV2/Types/IPSetForwardedIPConfig.hs b/gen/Amazonka/WAFV2/Types/IPSetForwardedIPConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/IPSetForwardedIPConfig.hs
@@ -0,0 +1,220 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.IPSetForwardedIPConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.IPSetForwardedIPConfig where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.FallbackBehavior
+import Amazonka.WAFV2.Types.ForwardedIPPosition
+
+-- | The configuration for inspecting IP addresses in an HTTP header that you
+-- specify, instead of using the IP address that\'s reported by the web
+-- request origin. Commonly, this is the X-Forwarded-For (XFF) header, but
+-- you can specify any header name.
+--
+-- If the specified header isn\'t present in the request, WAF doesn\'t
+-- apply the rule to the web request at all.
+--
+-- This configuration is used only for IPSetReferenceStatement. For
+-- GeoMatchStatement and RateBasedStatement, use ForwardedIPConfig instead.
+--
+-- /See:/ 'newIPSetForwardedIPConfig' smart constructor.
+data IPSetForwardedIPConfig = IPSetForwardedIPConfig'
+  { -- | The name of the HTTP header to use for the IP address. For example, to
+    -- use the X-Forwarded-For (XFF) header, set this to @X-Forwarded-For@.
+    --
+    -- If the specified header isn\'t present in the request, WAF doesn\'t
+    -- apply the rule to the web request at all.
+    headerName :: Prelude.Text,
+    -- | The match status to assign to the web request if the request doesn\'t
+    -- have a valid IP address in the specified position.
+    --
+    -- If the specified header isn\'t present in the request, WAF doesn\'t
+    -- apply the rule to the web request at all.
+    --
+    -- You can specify the following fallback behaviors:
+    --
+    -- -   @MATCH@ - Treat the web request as matching the rule statement. WAF
+    --     applies the rule action to the request.
+    --
+    -- -   @NO_MATCH@ - Treat the web request as not matching the rule
+    --     statement.
+    fallbackBehavior :: FallbackBehavior,
+    -- | The position in the header to search for the IP address. The header can
+    -- contain IP addresses of the original client and also of proxies. For
+    -- example, the header value could be @10.1.1.1, 127.0.0.0, 10.10.10.10@
+    -- where the first IP address identifies the original client and the rest
+    -- identify proxies that the request went through.
+    --
+    -- The options for this setting are the following:
+    --
+    -- -   FIRST - Inspect the first IP address in the list of IP addresses in
+    --     the header. This is usually the client\'s original IP.
+    --
+    -- -   LAST - Inspect the last IP address in the list of IP addresses in
+    --     the header.
+    --
+    -- -   ANY - Inspect all IP addresses in the header for a match. If the
+    --     header contains more than 10 IP addresses, WAF inspects the last 10.
+    position :: ForwardedIPPosition
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'IPSetForwardedIPConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'headerName', 'iPSetForwardedIPConfig_headerName' - The name of the HTTP header to use for the IP address. For example, to
+-- use the X-Forwarded-For (XFF) header, set this to @X-Forwarded-For@.
+--
+-- If the specified header isn\'t present in the request, WAF doesn\'t
+-- apply the rule to the web request at all.
+--
+-- 'fallbackBehavior', 'iPSetForwardedIPConfig_fallbackBehavior' - The match status to assign to the web request if the request doesn\'t
+-- have a valid IP address in the specified position.
+--
+-- If the specified header isn\'t present in the request, WAF doesn\'t
+-- apply the rule to the web request at all.
+--
+-- You can specify the following fallback behaviors:
+--
+-- -   @MATCH@ - Treat the web request as matching the rule statement. WAF
+--     applies the rule action to the request.
+--
+-- -   @NO_MATCH@ - Treat the web request as not matching the rule
+--     statement.
+--
+-- 'position', 'iPSetForwardedIPConfig_position' - The position in the header to search for the IP address. The header can
+-- contain IP addresses of the original client and also of proxies. For
+-- example, the header value could be @10.1.1.1, 127.0.0.0, 10.10.10.10@
+-- where the first IP address identifies the original client and the rest
+-- identify proxies that the request went through.
+--
+-- The options for this setting are the following:
+--
+-- -   FIRST - Inspect the first IP address in the list of IP addresses in
+--     the header. This is usually the client\'s original IP.
+--
+-- -   LAST - Inspect the last IP address in the list of IP addresses in
+--     the header.
+--
+-- -   ANY - Inspect all IP addresses in the header for a match. If the
+--     header contains more than 10 IP addresses, WAF inspects the last 10.
+newIPSetForwardedIPConfig ::
+  -- | 'headerName'
+  Prelude.Text ->
+  -- | 'fallbackBehavior'
+  FallbackBehavior ->
+  -- | 'position'
+  ForwardedIPPosition ->
+  IPSetForwardedIPConfig
+newIPSetForwardedIPConfig
+  pHeaderName_
+  pFallbackBehavior_
+  pPosition_ =
+    IPSetForwardedIPConfig'
+      { headerName = pHeaderName_,
+        fallbackBehavior = pFallbackBehavior_,
+        position = pPosition_
+      }
+
+-- | The name of the HTTP header to use for the IP address. For example, to
+-- use the X-Forwarded-For (XFF) header, set this to @X-Forwarded-For@.
+--
+-- If the specified header isn\'t present in the request, WAF doesn\'t
+-- apply the rule to the web request at all.
+iPSetForwardedIPConfig_headerName :: Lens.Lens' IPSetForwardedIPConfig Prelude.Text
+iPSetForwardedIPConfig_headerName = Lens.lens (\IPSetForwardedIPConfig' {headerName} -> headerName) (\s@IPSetForwardedIPConfig' {} a -> s {headerName = a} :: IPSetForwardedIPConfig)
+
+-- | The match status to assign to the web request if the request doesn\'t
+-- have a valid IP address in the specified position.
+--
+-- If the specified header isn\'t present in the request, WAF doesn\'t
+-- apply the rule to the web request at all.
+--
+-- You can specify the following fallback behaviors:
+--
+-- -   @MATCH@ - Treat the web request as matching the rule statement. WAF
+--     applies the rule action to the request.
+--
+-- -   @NO_MATCH@ - Treat the web request as not matching the rule
+--     statement.
+iPSetForwardedIPConfig_fallbackBehavior :: Lens.Lens' IPSetForwardedIPConfig FallbackBehavior
+iPSetForwardedIPConfig_fallbackBehavior = Lens.lens (\IPSetForwardedIPConfig' {fallbackBehavior} -> fallbackBehavior) (\s@IPSetForwardedIPConfig' {} a -> s {fallbackBehavior = a} :: IPSetForwardedIPConfig)
+
+-- | The position in the header to search for the IP address. The header can
+-- contain IP addresses of the original client and also of proxies. For
+-- example, the header value could be @10.1.1.1, 127.0.0.0, 10.10.10.10@
+-- where the first IP address identifies the original client and the rest
+-- identify proxies that the request went through.
+--
+-- The options for this setting are the following:
+--
+-- -   FIRST - Inspect the first IP address in the list of IP addresses in
+--     the header. This is usually the client\'s original IP.
+--
+-- -   LAST - Inspect the last IP address in the list of IP addresses in
+--     the header.
+--
+-- -   ANY - Inspect all IP addresses in the header for a match. If the
+--     header contains more than 10 IP addresses, WAF inspects the last 10.
+iPSetForwardedIPConfig_position :: Lens.Lens' IPSetForwardedIPConfig ForwardedIPPosition
+iPSetForwardedIPConfig_position = Lens.lens (\IPSetForwardedIPConfig' {position} -> position) (\s@IPSetForwardedIPConfig' {} a -> s {position = a} :: IPSetForwardedIPConfig)
+
+instance Data.FromJSON IPSetForwardedIPConfig where
+  parseJSON =
+    Data.withObject
+      "IPSetForwardedIPConfig"
+      ( \x ->
+          IPSetForwardedIPConfig'
+            Prelude.<$> (x Data..: "HeaderName")
+            Prelude.<*> (x Data..: "FallbackBehavior")
+            Prelude.<*> (x Data..: "Position")
+      )
+
+instance Prelude.Hashable IPSetForwardedIPConfig where
+  hashWithSalt _salt IPSetForwardedIPConfig' {..} =
+    _salt
+      `Prelude.hashWithSalt` headerName
+      `Prelude.hashWithSalt` fallbackBehavior
+      `Prelude.hashWithSalt` position
+
+instance Prelude.NFData IPSetForwardedIPConfig where
+  rnf IPSetForwardedIPConfig' {..} =
+    Prelude.rnf headerName
+      `Prelude.seq` Prelude.rnf fallbackBehavior
+      `Prelude.seq` Prelude.rnf position
+
+instance Data.ToJSON IPSetForwardedIPConfig where
+  toJSON IPSetForwardedIPConfig' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("HeaderName" Data..= headerName),
+            Prelude.Just
+              ("FallbackBehavior" Data..= fallbackBehavior),
+            Prelude.Just ("Position" Data..= position)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/IPSetReferenceStatement.hs b/gen/Amazonka/WAFV2/Types/IPSetReferenceStatement.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/IPSetReferenceStatement.hs
@@ -0,0 +1,127 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.IPSetReferenceStatement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.IPSetReferenceStatement where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.IPSetForwardedIPConfig
+
+-- | A rule statement used to detect web requests coming from particular IP
+-- addresses or address ranges. To use this, create an IPSet that specifies
+-- the addresses you want to detect, then use the ARN of that set in this
+-- statement. To create an IP set, see CreateIPSet.
+--
+-- Each IP set rule statement references an IP set. You create and maintain
+-- the set independent of your rules. This allows you to use the single set
+-- in multiple rules. When you update the referenced set, WAF automatically
+-- updates all rules that reference it.
+--
+-- /See:/ 'newIPSetReferenceStatement' smart constructor.
+data IPSetReferenceStatement = IPSetReferenceStatement'
+  { -- | The configuration for inspecting IP addresses in an HTTP header that you
+    -- specify, instead of using the IP address that\'s reported by the web
+    -- request origin. Commonly, this is the X-Forwarded-For (XFF) header, but
+    -- you can specify any header name.
+    --
+    -- If the specified header isn\'t present in the request, WAF doesn\'t
+    -- apply the rule to the web request at all.
+    iPSetForwardedIPConfig :: Prelude.Maybe IPSetForwardedIPConfig,
+    -- | The Amazon Resource Name (ARN) of the IPSet that this statement
+    -- references.
+    arn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'IPSetReferenceStatement' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'iPSetForwardedIPConfig', 'iPSetReferenceStatement_iPSetForwardedIPConfig' - The configuration for inspecting IP addresses in an HTTP header that you
+-- specify, instead of using the IP address that\'s reported by the web
+-- request origin. Commonly, this is the X-Forwarded-For (XFF) header, but
+-- you can specify any header name.
+--
+-- If the specified header isn\'t present in the request, WAF doesn\'t
+-- apply the rule to the web request at all.
+--
+-- 'arn', 'iPSetReferenceStatement_arn' - The Amazon Resource Name (ARN) of the IPSet that this statement
+-- references.
+newIPSetReferenceStatement ::
+  -- | 'arn'
+  Prelude.Text ->
+  IPSetReferenceStatement
+newIPSetReferenceStatement pARN_ =
+  IPSetReferenceStatement'
+    { iPSetForwardedIPConfig =
+        Prelude.Nothing,
+      arn = pARN_
+    }
+
+-- | The configuration for inspecting IP addresses in an HTTP header that you
+-- specify, instead of using the IP address that\'s reported by the web
+-- request origin. Commonly, this is the X-Forwarded-For (XFF) header, but
+-- you can specify any header name.
+--
+-- If the specified header isn\'t present in the request, WAF doesn\'t
+-- apply the rule to the web request at all.
+iPSetReferenceStatement_iPSetForwardedIPConfig :: Lens.Lens' IPSetReferenceStatement (Prelude.Maybe IPSetForwardedIPConfig)
+iPSetReferenceStatement_iPSetForwardedIPConfig = Lens.lens (\IPSetReferenceStatement' {iPSetForwardedIPConfig} -> iPSetForwardedIPConfig) (\s@IPSetReferenceStatement' {} a -> s {iPSetForwardedIPConfig = a} :: IPSetReferenceStatement)
+
+-- | The Amazon Resource Name (ARN) of the IPSet that this statement
+-- references.
+iPSetReferenceStatement_arn :: Lens.Lens' IPSetReferenceStatement Prelude.Text
+iPSetReferenceStatement_arn = Lens.lens (\IPSetReferenceStatement' {arn} -> arn) (\s@IPSetReferenceStatement' {} a -> s {arn = a} :: IPSetReferenceStatement)
+
+instance Data.FromJSON IPSetReferenceStatement where
+  parseJSON =
+    Data.withObject
+      "IPSetReferenceStatement"
+      ( \x ->
+          IPSetReferenceStatement'
+            Prelude.<$> (x Data..:? "IPSetForwardedIPConfig")
+            Prelude.<*> (x Data..: "ARN")
+      )
+
+instance Prelude.Hashable IPSetReferenceStatement where
+  hashWithSalt _salt IPSetReferenceStatement' {..} =
+    _salt
+      `Prelude.hashWithSalt` iPSetForwardedIPConfig
+      `Prelude.hashWithSalt` arn
+
+instance Prelude.NFData IPSetReferenceStatement where
+  rnf IPSetReferenceStatement' {..} =
+    Prelude.rnf iPSetForwardedIPConfig
+      `Prelude.seq` Prelude.rnf arn
+
+instance Data.ToJSON IPSetReferenceStatement where
+  toJSON IPSetReferenceStatement' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("IPSetForwardedIPConfig" Data..=)
+              Prelude.<$> iPSetForwardedIPConfig,
+            Prelude.Just ("ARN" Data..= arn)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/IPSetSummary.hs b/gen/Amazonka/WAFV2/Types/IPSetSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/IPSetSummary.hs
@@ -0,0 +1,153 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.IPSetSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.IPSetSummary where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | High-level information about an IPSet, returned by operations like
+-- create and list. This provides information like the ID, that you can use
+-- to retrieve and manage an @IPSet@, and the ARN, that you provide to the
+-- IPSetReferenceStatement to use the address set in a Rule.
+--
+-- /See:/ 'newIPSetSummary' smart constructor.
+data IPSetSummary = IPSetSummary'
+  { -- | The Amazon Resource Name (ARN) of the entity.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | A description of the IP set that helps with identification.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | A unique identifier for the set. This ID is returned in the responses to
+    -- create and list commands. You provide it to operations like update and
+    -- delete.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    lockToken :: Prelude.Maybe Prelude.Text,
+    -- | The name of the IP set. You cannot change the name of an @IPSet@ after
+    -- you create it.
+    name :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'IPSetSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'iPSetSummary_arn' - The Amazon Resource Name (ARN) of the entity.
+--
+-- 'description', 'iPSetSummary_description' - A description of the IP set that helps with identification.
+--
+-- 'id', 'iPSetSummary_id' - A unique identifier for the set. This ID is returned in the responses to
+-- create and list commands. You provide it to operations like update and
+-- delete.
+--
+-- 'lockToken', 'iPSetSummary_lockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+--
+-- 'name', 'iPSetSummary_name' - The name of the IP set. You cannot change the name of an @IPSet@ after
+-- you create it.
+newIPSetSummary ::
+  IPSetSummary
+newIPSetSummary =
+  IPSetSummary'
+    { arn = Prelude.Nothing,
+      description = Prelude.Nothing,
+      id = Prelude.Nothing,
+      lockToken = Prelude.Nothing,
+      name = Prelude.Nothing
+    }
+
+-- | The Amazon Resource Name (ARN) of the entity.
+iPSetSummary_arn :: Lens.Lens' IPSetSummary (Prelude.Maybe Prelude.Text)
+iPSetSummary_arn = Lens.lens (\IPSetSummary' {arn} -> arn) (\s@IPSetSummary' {} a -> s {arn = a} :: IPSetSummary)
+
+-- | A description of the IP set that helps with identification.
+iPSetSummary_description :: Lens.Lens' IPSetSummary (Prelude.Maybe Prelude.Text)
+iPSetSummary_description = Lens.lens (\IPSetSummary' {description} -> description) (\s@IPSetSummary' {} a -> s {description = a} :: IPSetSummary)
+
+-- | A unique identifier for the set. This ID is returned in the responses to
+-- create and list commands. You provide it to operations like update and
+-- delete.
+iPSetSummary_id :: Lens.Lens' IPSetSummary (Prelude.Maybe Prelude.Text)
+iPSetSummary_id = Lens.lens (\IPSetSummary' {id} -> id) (\s@IPSetSummary' {} a -> s {id = a} :: IPSetSummary)
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+iPSetSummary_lockToken :: Lens.Lens' IPSetSummary (Prelude.Maybe Prelude.Text)
+iPSetSummary_lockToken = Lens.lens (\IPSetSummary' {lockToken} -> lockToken) (\s@IPSetSummary' {} a -> s {lockToken = a} :: IPSetSummary)
+
+-- | The name of the IP set. You cannot change the name of an @IPSet@ after
+-- you create it.
+iPSetSummary_name :: Lens.Lens' IPSetSummary (Prelude.Maybe Prelude.Text)
+iPSetSummary_name = Lens.lens (\IPSetSummary' {name} -> name) (\s@IPSetSummary' {} a -> s {name = a} :: IPSetSummary)
+
+instance Data.FromJSON IPSetSummary where
+  parseJSON =
+    Data.withObject
+      "IPSetSummary"
+      ( \x ->
+          IPSetSummary'
+            Prelude.<$> (x Data..:? "ARN")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "LockToken")
+            Prelude.<*> (x Data..:? "Name")
+      )
+
+instance Prelude.Hashable IPSetSummary where
+  hashWithSalt _salt IPSetSummary' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` lockToken
+      `Prelude.hashWithSalt` name
+
+instance Prelude.NFData IPSetSummary where
+  rnf IPSetSummary' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf lockToken
+      `Prelude.seq` Prelude.rnf name
diff --git a/gen/Amazonka/WAFV2/Types/ImmunityTimeProperty.hs b/gen/Amazonka/WAFV2/Types/ImmunityTimeProperty.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/ImmunityTimeProperty.hs
@@ -0,0 +1,92 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.ImmunityTimeProperty
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.ImmunityTimeProperty where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Used for CAPTCHA and challenge token settings. Determines how long a
+-- @CAPTCHA@ or challenge timestamp remains valid after WAF updates it for
+-- a successful @CAPTCHA@ or challenge response.
+--
+-- /See:/ 'newImmunityTimeProperty' smart constructor.
+data ImmunityTimeProperty = ImmunityTimeProperty'
+  { -- | The amount of time, in seconds, that a @CAPTCHA@ or challenge timestamp
+    -- is considered valid by WAF. The default setting is 300.
+    --
+    -- For the Challenge action, the minimum setting is 300.
+    immunityTime :: Prelude.Natural
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ImmunityTimeProperty' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'immunityTime', 'immunityTimeProperty_immunityTime' - The amount of time, in seconds, that a @CAPTCHA@ or challenge timestamp
+-- is considered valid by WAF. The default setting is 300.
+--
+-- For the Challenge action, the minimum setting is 300.
+newImmunityTimeProperty ::
+  -- | 'immunityTime'
+  Prelude.Natural ->
+  ImmunityTimeProperty
+newImmunityTimeProperty pImmunityTime_ =
+  ImmunityTimeProperty'
+    { immunityTime =
+        pImmunityTime_
+    }
+
+-- | The amount of time, in seconds, that a @CAPTCHA@ or challenge timestamp
+-- is considered valid by WAF. The default setting is 300.
+--
+-- For the Challenge action, the minimum setting is 300.
+immunityTimeProperty_immunityTime :: Lens.Lens' ImmunityTimeProperty Prelude.Natural
+immunityTimeProperty_immunityTime = Lens.lens (\ImmunityTimeProperty' {immunityTime} -> immunityTime) (\s@ImmunityTimeProperty' {} a -> s {immunityTime = a} :: ImmunityTimeProperty)
+
+instance Data.FromJSON ImmunityTimeProperty where
+  parseJSON =
+    Data.withObject
+      "ImmunityTimeProperty"
+      ( \x ->
+          ImmunityTimeProperty'
+            Prelude.<$> (x Data..: "ImmunityTime")
+      )
+
+instance Prelude.Hashable ImmunityTimeProperty where
+  hashWithSalt _salt ImmunityTimeProperty' {..} =
+    _salt `Prelude.hashWithSalt` immunityTime
+
+instance Prelude.NFData ImmunityTimeProperty where
+  rnf ImmunityTimeProperty' {..} =
+    Prelude.rnf immunityTime
+
+instance Data.ToJSON ImmunityTimeProperty where
+  toJSON ImmunityTimeProperty' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("ImmunityTime" Data..= immunityTime)]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/InspectionLevel.hs b/gen/Amazonka/WAFV2/Types/InspectionLevel.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/InspectionLevel.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.InspectionLevel
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.InspectionLevel
+  ( InspectionLevel
+      ( ..,
+        InspectionLevel_COMMON,
+        InspectionLevel_TARGETED
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype InspectionLevel = InspectionLevel'
+  { fromInspectionLevel ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern InspectionLevel_COMMON :: InspectionLevel
+pattern InspectionLevel_COMMON = InspectionLevel' "COMMON"
+
+pattern InspectionLevel_TARGETED :: InspectionLevel
+pattern InspectionLevel_TARGETED = InspectionLevel' "TARGETED"
+
+{-# COMPLETE
+  InspectionLevel_COMMON,
+  InspectionLevel_TARGETED,
+  InspectionLevel'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/JsonBody.hs b/gen/Amazonka/WAFV2/Types/JsonBody.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/JsonBody.hs
@@ -0,0 +1,289 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.JsonBody
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.JsonBody where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.BodyParsingFallbackBehavior
+import Amazonka.WAFV2.Types.JsonMatchPattern
+import Amazonka.WAFV2.Types.JsonMatchScope
+import Amazonka.WAFV2.Types.OversizeHandling
+
+-- | Inspect the body of the web request as JSON. The body immediately
+-- follows the request headers.
+--
+-- This is used to indicate the web request component to inspect, in the
+-- FieldToMatch specification.
+--
+-- Use the specifications in this object to indicate which parts of the
+-- JSON body to inspect using the rule\'s inspection criteria. WAF inspects
+-- only the parts of the JSON that result from the matches that you
+-- indicate.
+--
+-- Example JSON:
+-- @\"JsonBody\": { \"MatchPattern\": { \"All\": {} }, \"MatchScope\": \"ALL\" }@
+--
+-- /See:/ 'newJsonBody' smart constructor.
+data JsonBody = JsonBody'
+  { -- | What WAF should do if it fails to completely parse the JSON body. The
+    -- options are the following:
+    --
+    -- -   @EVALUATE_AS_STRING@ - Inspect the body as plain text. WAF applies
+    --     the text transformations and inspection criteria that you defined
+    --     for the JSON inspection to the body text string.
+    --
+    -- -   @MATCH@ - Treat the web request as matching the rule statement. WAF
+    --     applies the rule action to the request.
+    --
+    -- -   @NO_MATCH@ - Treat the web request as not matching the rule
+    --     statement.
+    --
+    -- If you don\'t provide this setting, WAF parses and evaluates the content
+    -- only up to the first parsing failure that it encounters.
+    --
+    -- WAF does its best to parse the entire JSON body, but might be forced to
+    -- stop for reasons such as invalid characters, duplicate keys, truncation,
+    -- and any content whose root node isn\'t an object or an array.
+    --
+    -- WAF parses the JSON in the following examples as two valid key, value
+    -- pairs:
+    --
+    -- -   Missing comma: @{\"key1\":\"value1\"\"key2\":\"value2\"}@
+    --
+    -- -   Missing colon: @{\"key1\":\"value1\",\"key2\"\"value2\"}@
+    --
+    -- -   Extra colons: @{\"key1\"::\"value1\",\"key2\"\"value2\"}@
+    invalidFallbackBehavior :: Prelude.Maybe BodyParsingFallbackBehavior,
+    -- | What WAF should do if the body is larger than WAF can inspect. WAF does
+    -- not support inspecting the entire contents of the body of a web request
+    -- when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the
+    -- request body are forwarded to WAF by the underlying host service.
+    --
+    -- The options for oversize handling are the following:
+    --
+    -- -   @CONTINUE@ - Inspect the body normally, according to the rule
+    --     inspection criteria.
+    --
+    -- -   @MATCH@ - Treat the web request as matching the rule statement. WAF
+    --     applies the rule action to the request.
+    --
+    -- -   @NO_MATCH@ - Treat the web request as not matching the rule
+    --     statement.
+    --
+    -- You can combine the @MATCH@ or @NO_MATCH@ settings for oversize handling
+    -- with your rule and web ACL action settings, so that you block any
+    -- request whose body is over 8 KB.
+    --
+    -- Default: @CONTINUE@
+    oversizeHandling :: Prelude.Maybe OversizeHandling,
+    -- | The patterns to look for in the JSON body. WAF inspects the results of
+    -- these pattern matches against the rule inspection criteria.
+    matchPattern :: JsonMatchPattern,
+    -- | The parts of the JSON to match against using the @MatchPattern@. If you
+    -- specify @All@, WAF matches against keys and values.
+    matchScope :: JsonMatchScope
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'JsonBody' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'invalidFallbackBehavior', 'jsonBody_invalidFallbackBehavior' - What WAF should do if it fails to completely parse the JSON body. The
+-- options are the following:
+--
+-- -   @EVALUATE_AS_STRING@ - Inspect the body as plain text. WAF applies
+--     the text transformations and inspection criteria that you defined
+--     for the JSON inspection to the body text string.
+--
+-- -   @MATCH@ - Treat the web request as matching the rule statement. WAF
+--     applies the rule action to the request.
+--
+-- -   @NO_MATCH@ - Treat the web request as not matching the rule
+--     statement.
+--
+-- If you don\'t provide this setting, WAF parses and evaluates the content
+-- only up to the first parsing failure that it encounters.
+--
+-- WAF does its best to parse the entire JSON body, but might be forced to
+-- stop for reasons such as invalid characters, duplicate keys, truncation,
+-- and any content whose root node isn\'t an object or an array.
+--
+-- WAF parses the JSON in the following examples as two valid key, value
+-- pairs:
+--
+-- -   Missing comma: @{\"key1\":\"value1\"\"key2\":\"value2\"}@
+--
+-- -   Missing colon: @{\"key1\":\"value1\",\"key2\"\"value2\"}@
+--
+-- -   Extra colons: @{\"key1\"::\"value1\",\"key2\"\"value2\"}@
+--
+-- 'oversizeHandling', 'jsonBody_oversizeHandling' - What WAF should do if the body is larger than WAF can inspect. WAF does
+-- not support inspecting the entire contents of the body of a web request
+-- when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the
+-- request body are forwarded to WAF by the underlying host service.
+--
+-- The options for oversize handling are the following:
+--
+-- -   @CONTINUE@ - Inspect the body normally, according to the rule
+--     inspection criteria.
+--
+-- -   @MATCH@ - Treat the web request as matching the rule statement. WAF
+--     applies the rule action to the request.
+--
+-- -   @NO_MATCH@ - Treat the web request as not matching the rule
+--     statement.
+--
+-- You can combine the @MATCH@ or @NO_MATCH@ settings for oversize handling
+-- with your rule and web ACL action settings, so that you block any
+-- request whose body is over 8 KB.
+--
+-- Default: @CONTINUE@
+--
+-- 'matchPattern', 'jsonBody_matchPattern' - The patterns to look for in the JSON body. WAF inspects the results of
+-- these pattern matches against the rule inspection criteria.
+--
+-- 'matchScope', 'jsonBody_matchScope' - The parts of the JSON to match against using the @MatchPattern@. If you
+-- specify @All@, WAF matches against keys and values.
+newJsonBody ::
+  -- | 'matchPattern'
+  JsonMatchPattern ->
+  -- | 'matchScope'
+  JsonMatchScope ->
+  JsonBody
+newJsonBody pMatchPattern_ pMatchScope_ =
+  JsonBody'
+    { invalidFallbackBehavior =
+        Prelude.Nothing,
+      oversizeHandling = Prelude.Nothing,
+      matchPattern = pMatchPattern_,
+      matchScope = pMatchScope_
+    }
+
+-- | What WAF should do if it fails to completely parse the JSON body. The
+-- options are the following:
+--
+-- -   @EVALUATE_AS_STRING@ - Inspect the body as plain text. WAF applies
+--     the text transformations and inspection criteria that you defined
+--     for the JSON inspection to the body text string.
+--
+-- -   @MATCH@ - Treat the web request as matching the rule statement. WAF
+--     applies the rule action to the request.
+--
+-- -   @NO_MATCH@ - Treat the web request as not matching the rule
+--     statement.
+--
+-- If you don\'t provide this setting, WAF parses and evaluates the content
+-- only up to the first parsing failure that it encounters.
+--
+-- WAF does its best to parse the entire JSON body, but might be forced to
+-- stop for reasons such as invalid characters, duplicate keys, truncation,
+-- and any content whose root node isn\'t an object or an array.
+--
+-- WAF parses the JSON in the following examples as two valid key, value
+-- pairs:
+--
+-- -   Missing comma: @{\"key1\":\"value1\"\"key2\":\"value2\"}@
+--
+-- -   Missing colon: @{\"key1\":\"value1\",\"key2\"\"value2\"}@
+--
+-- -   Extra colons: @{\"key1\"::\"value1\",\"key2\"\"value2\"}@
+jsonBody_invalidFallbackBehavior :: Lens.Lens' JsonBody (Prelude.Maybe BodyParsingFallbackBehavior)
+jsonBody_invalidFallbackBehavior = Lens.lens (\JsonBody' {invalidFallbackBehavior} -> invalidFallbackBehavior) (\s@JsonBody' {} a -> s {invalidFallbackBehavior = a} :: JsonBody)
+
+-- | What WAF should do if the body is larger than WAF can inspect. WAF does
+-- not support inspecting the entire contents of the body of a web request
+-- when the body exceeds 8 KB (8192 bytes). Only the first 8 KB of the
+-- request body are forwarded to WAF by the underlying host service.
+--
+-- The options for oversize handling are the following:
+--
+-- -   @CONTINUE@ - Inspect the body normally, according to the rule
+--     inspection criteria.
+--
+-- -   @MATCH@ - Treat the web request as matching the rule statement. WAF
+--     applies the rule action to the request.
+--
+-- -   @NO_MATCH@ - Treat the web request as not matching the rule
+--     statement.
+--
+-- You can combine the @MATCH@ or @NO_MATCH@ settings for oversize handling
+-- with your rule and web ACL action settings, so that you block any
+-- request whose body is over 8 KB.
+--
+-- Default: @CONTINUE@
+jsonBody_oversizeHandling :: Lens.Lens' JsonBody (Prelude.Maybe OversizeHandling)
+jsonBody_oversizeHandling = Lens.lens (\JsonBody' {oversizeHandling} -> oversizeHandling) (\s@JsonBody' {} a -> s {oversizeHandling = a} :: JsonBody)
+
+-- | The patterns to look for in the JSON body. WAF inspects the results of
+-- these pattern matches against the rule inspection criteria.
+jsonBody_matchPattern :: Lens.Lens' JsonBody JsonMatchPattern
+jsonBody_matchPattern = Lens.lens (\JsonBody' {matchPattern} -> matchPattern) (\s@JsonBody' {} a -> s {matchPattern = a} :: JsonBody)
+
+-- | The parts of the JSON to match against using the @MatchPattern@. If you
+-- specify @All@, WAF matches against keys and values.
+jsonBody_matchScope :: Lens.Lens' JsonBody JsonMatchScope
+jsonBody_matchScope = Lens.lens (\JsonBody' {matchScope} -> matchScope) (\s@JsonBody' {} a -> s {matchScope = a} :: JsonBody)
+
+instance Data.FromJSON JsonBody where
+  parseJSON =
+    Data.withObject
+      "JsonBody"
+      ( \x ->
+          JsonBody'
+            Prelude.<$> (x Data..:? "InvalidFallbackBehavior")
+            Prelude.<*> (x Data..:? "OversizeHandling")
+            Prelude.<*> (x Data..: "MatchPattern")
+            Prelude.<*> (x Data..: "MatchScope")
+      )
+
+instance Prelude.Hashable JsonBody where
+  hashWithSalt _salt JsonBody' {..} =
+    _salt
+      `Prelude.hashWithSalt` invalidFallbackBehavior
+      `Prelude.hashWithSalt` oversizeHandling
+      `Prelude.hashWithSalt` matchPattern
+      `Prelude.hashWithSalt` matchScope
+
+instance Prelude.NFData JsonBody where
+  rnf JsonBody' {..} =
+    Prelude.rnf invalidFallbackBehavior
+      `Prelude.seq` Prelude.rnf oversizeHandling
+      `Prelude.seq` Prelude.rnf matchPattern
+      `Prelude.seq` Prelude.rnf matchScope
+
+instance Data.ToJSON JsonBody where
+  toJSON JsonBody' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("InvalidFallbackBehavior" Data..=)
+              Prelude.<$> invalidFallbackBehavior,
+            ("OversizeHandling" Data..=)
+              Prelude.<$> oversizeHandling,
+            Prelude.Just ("MatchPattern" Data..= matchPattern),
+            Prelude.Just ("MatchScope" Data..= matchScope)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/JsonMatchPattern.hs b/gen/Amazonka/WAFV2/Types/JsonMatchPattern.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/JsonMatchPattern.hs
@@ -0,0 +1,141 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.JsonMatchPattern
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.JsonMatchPattern where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.All
+
+-- | The patterns to look for in the JSON body. WAF inspects the results of
+-- these pattern matches against the rule inspection criteria. This is used
+-- with the FieldToMatch option @JsonBody@.
+--
+-- /See:/ 'newJsonMatchPattern' smart constructor.
+data JsonMatchPattern = JsonMatchPattern'
+  { -- | Match all of the elements. See also @MatchScope@ in JsonBody.
+    --
+    -- You must specify either this setting or the @IncludedPaths@ setting, but
+    -- not both.
+    all :: Prelude.Maybe All,
+    -- | Match only the specified include paths. See also @MatchScope@ in
+    -- JsonBody.
+    --
+    -- Provide the include paths using JSON Pointer syntax. For example,
+    -- @\"IncludedPaths\": [\"\/dogs\/0\/name\", \"\/dogs\/1\/name\"]@. For
+    -- information about this syntax, see the Internet Engineering Task Force
+    -- (IETF) documentation
+    -- <https://tools.ietf.org/html/rfc6901 JavaScript Object Notation (JSON) Pointer>.
+    --
+    -- You must specify either this setting or the @All@ setting, but not both.
+    --
+    -- Don\'t use this option to include all paths. Instead, use the @All@
+    -- setting.
+    includedPaths :: Prelude.Maybe (Prelude.NonEmpty Prelude.Text)
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'JsonMatchPattern' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'all', 'jsonMatchPattern_all' - Match all of the elements. See also @MatchScope@ in JsonBody.
+--
+-- You must specify either this setting or the @IncludedPaths@ setting, but
+-- not both.
+--
+-- 'includedPaths', 'jsonMatchPattern_includedPaths' - Match only the specified include paths. See also @MatchScope@ in
+-- JsonBody.
+--
+-- Provide the include paths using JSON Pointer syntax. For example,
+-- @\"IncludedPaths\": [\"\/dogs\/0\/name\", \"\/dogs\/1\/name\"]@. For
+-- information about this syntax, see the Internet Engineering Task Force
+-- (IETF) documentation
+-- <https://tools.ietf.org/html/rfc6901 JavaScript Object Notation (JSON) Pointer>.
+--
+-- You must specify either this setting or the @All@ setting, but not both.
+--
+-- Don\'t use this option to include all paths. Instead, use the @All@
+-- setting.
+newJsonMatchPattern ::
+  JsonMatchPattern
+newJsonMatchPattern =
+  JsonMatchPattern'
+    { all = Prelude.Nothing,
+      includedPaths = Prelude.Nothing
+    }
+
+-- | Match all of the elements. See also @MatchScope@ in JsonBody.
+--
+-- You must specify either this setting or the @IncludedPaths@ setting, but
+-- not both.
+jsonMatchPattern_all :: Lens.Lens' JsonMatchPattern (Prelude.Maybe All)
+jsonMatchPattern_all = Lens.lens (\JsonMatchPattern' {all} -> all) (\s@JsonMatchPattern' {} a -> s {all = a} :: JsonMatchPattern)
+
+-- | Match only the specified include paths. See also @MatchScope@ in
+-- JsonBody.
+--
+-- Provide the include paths using JSON Pointer syntax. For example,
+-- @\"IncludedPaths\": [\"\/dogs\/0\/name\", \"\/dogs\/1\/name\"]@. For
+-- information about this syntax, see the Internet Engineering Task Force
+-- (IETF) documentation
+-- <https://tools.ietf.org/html/rfc6901 JavaScript Object Notation (JSON) Pointer>.
+--
+-- You must specify either this setting or the @All@ setting, but not both.
+--
+-- Don\'t use this option to include all paths. Instead, use the @All@
+-- setting.
+jsonMatchPattern_includedPaths :: Lens.Lens' JsonMatchPattern (Prelude.Maybe (Prelude.NonEmpty Prelude.Text))
+jsonMatchPattern_includedPaths = Lens.lens (\JsonMatchPattern' {includedPaths} -> includedPaths) (\s@JsonMatchPattern' {} a -> s {includedPaths = a} :: JsonMatchPattern) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON JsonMatchPattern where
+  parseJSON =
+    Data.withObject
+      "JsonMatchPattern"
+      ( \x ->
+          JsonMatchPattern'
+            Prelude.<$> (x Data..:? "All")
+            Prelude.<*> (x Data..:? "IncludedPaths")
+      )
+
+instance Prelude.Hashable JsonMatchPattern where
+  hashWithSalt _salt JsonMatchPattern' {..} =
+    _salt
+      `Prelude.hashWithSalt` all
+      `Prelude.hashWithSalt` includedPaths
+
+instance Prelude.NFData JsonMatchPattern where
+  rnf JsonMatchPattern' {..} =
+    Prelude.rnf all
+      `Prelude.seq` Prelude.rnf includedPaths
+
+instance Data.ToJSON JsonMatchPattern where
+  toJSON JsonMatchPattern' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("All" Data..=) Prelude.<$> all,
+            ("IncludedPaths" Data..=) Prelude.<$> includedPaths
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/JsonMatchScope.hs b/gen/Amazonka/WAFV2/Types/JsonMatchScope.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/JsonMatchScope.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.JsonMatchScope
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.JsonMatchScope
+  ( JsonMatchScope
+      ( ..,
+        JsonMatchScope_ALL,
+        JsonMatchScope_KEY,
+        JsonMatchScope_VALUE
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype JsonMatchScope = JsonMatchScope'
+  { fromJsonMatchScope ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern JsonMatchScope_ALL :: JsonMatchScope
+pattern JsonMatchScope_ALL = JsonMatchScope' "ALL"
+
+pattern JsonMatchScope_KEY :: JsonMatchScope
+pattern JsonMatchScope_KEY = JsonMatchScope' "KEY"
+
+pattern JsonMatchScope_VALUE :: JsonMatchScope
+pattern JsonMatchScope_VALUE = JsonMatchScope' "VALUE"
+
+{-# COMPLETE
+  JsonMatchScope_ALL,
+  JsonMatchScope_KEY,
+  JsonMatchScope_VALUE,
+  JsonMatchScope'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/Label.hs b/gen/Amazonka/WAFV2/Types/Label.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/Label.hs
@@ -0,0 +1,75 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.Label
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.Label where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A single label container. This is used as an element of a label array in
+-- multiple contexts, for example, in @RuleLabels@ inside a Rule and in
+-- @Labels@ inside a SampledHTTPRequest.
+--
+-- /See:/ 'newLabel' smart constructor.
+data Label = Label'
+  { -- | The label string.
+    name :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Label' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'label_name' - The label string.
+newLabel ::
+  -- | 'name'
+  Prelude.Text ->
+  Label
+newLabel pName_ = Label' {name = pName_}
+
+-- | The label string.
+label_name :: Lens.Lens' Label Prelude.Text
+label_name = Lens.lens (\Label' {name} -> name) (\s@Label' {} a -> s {name = a} :: Label)
+
+instance Data.FromJSON Label where
+  parseJSON =
+    Data.withObject
+      "Label"
+      (\x -> Label' Prelude.<$> (x Data..: "Name"))
+
+instance Prelude.Hashable Label where
+  hashWithSalt _salt Label' {..} =
+    _salt `Prelude.hashWithSalt` name
+
+instance Prelude.NFData Label where
+  rnf Label' {..} = Prelude.rnf name
+
+instance Data.ToJSON Label where
+  toJSON Label' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("Name" Data..= name)]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/LabelMatchScope.hs b/gen/Amazonka/WAFV2/Types/LabelMatchScope.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/LabelMatchScope.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.LabelMatchScope
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.LabelMatchScope
+  ( LabelMatchScope
+      ( ..,
+        LabelMatchScope_LABEL,
+        LabelMatchScope_NAMESPACE
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype LabelMatchScope = LabelMatchScope'
+  { fromLabelMatchScope ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern LabelMatchScope_LABEL :: LabelMatchScope
+pattern LabelMatchScope_LABEL = LabelMatchScope' "LABEL"
+
+pattern LabelMatchScope_NAMESPACE :: LabelMatchScope
+pattern LabelMatchScope_NAMESPACE = LabelMatchScope' "NAMESPACE"
+
+{-# COMPLETE
+  LabelMatchScope_LABEL,
+  LabelMatchScope_NAMESPACE,
+  LabelMatchScope'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/LabelMatchStatement.hs b/gen/Amazonka/WAFV2/Types/LabelMatchStatement.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/LabelMatchStatement.hs
@@ -0,0 +1,149 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.LabelMatchStatement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.LabelMatchStatement where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.LabelMatchScope
+
+-- | A rule statement to match against labels that have been added to the web
+-- request by rules that have already run in the web ACL.
+--
+-- The label match statement provides the label or namespace string to
+-- search for. The label string can represent a part or all of the fully
+-- qualified label name that had been added to the web request. Fully
+-- qualified labels have a prefix, optional namespaces, and label name. The
+-- prefix identifies the rule group or web ACL context of the rule that
+-- added the label. If you do not provide the fully qualified name in your
+-- label match string, WAF performs the search for labels that were added
+-- in the same context as the label match statement.
+--
+-- /See:/ 'newLabelMatchStatement' smart constructor.
+data LabelMatchStatement = LabelMatchStatement'
+  { -- | Specify whether you want to match using the label name or just the
+    -- namespace.
+    scope :: LabelMatchScope,
+    -- | The string to match against. The setting you provide for this depends on
+    -- the match statement\'s @Scope@ setting:
+    --
+    -- -   If the @Scope@ indicates @LABEL@, then this specification must
+    --     include the name and can include any number of preceding namespace
+    --     specifications and prefix up to providing the fully qualified label
+    --     name.
+    --
+    -- -   If the @Scope@ indicates @NAMESPACE@, then this specification can
+    --     include any number of contiguous namespace strings, and can include
+    --     the entire label namespace prefix from the rule group or web ACL
+    --     where the label originates.
+    --
+    -- Labels are case sensitive and components of a label must be separated by
+    -- colon, for example @NS1:NS2:name@.
+    key :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'LabelMatchStatement' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'scope', 'labelMatchStatement_scope' - Specify whether you want to match using the label name or just the
+-- namespace.
+--
+-- 'key', 'labelMatchStatement_key' - The string to match against. The setting you provide for this depends on
+-- the match statement\'s @Scope@ setting:
+--
+-- -   If the @Scope@ indicates @LABEL@, then this specification must
+--     include the name and can include any number of preceding namespace
+--     specifications and prefix up to providing the fully qualified label
+--     name.
+--
+-- -   If the @Scope@ indicates @NAMESPACE@, then this specification can
+--     include any number of contiguous namespace strings, and can include
+--     the entire label namespace prefix from the rule group or web ACL
+--     where the label originates.
+--
+-- Labels are case sensitive and components of a label must be separated by
+-- colon, for example @NS1:NS2:name@.
+newLabelMatchStatement ::
+  -- | 'scope'
+  LabelMatchScope ->
+  -- | 'key'
+  Prelude.Text ->
+  LabelMatchStatement
+newLabelMatchStatement pScope_ pKey_ =
+  LabelMatchStatement' {scope = pScope_, key = pKey_}
+
+-- | Specify whether you want to match using the label name or just the
+-- namespace.
+labelMatchStatement_scope :: Lens.Lens' LabelMatchStatement LabelMatchScope
+labelMatchStatement_scope = Lens.lens (\LabelMatchStatement' {scope} -> scope) (\s@LabelMatchStatement' {} a -> s {scope = a} :: LabelMatchStatement)
+
+-- | The string to match against. The setting you provide for this depends on
+-- the match statement\'s @Scope@ setting:
+--
+-- -   If the @Scope@ indicates @LABEL@, then this specification must
+--     include the name and can include any number of preceding namespace
+--     specifications and prefix up to providing the fully qualified label
+--     name.
+--
+-- -   If the @Scope@ indicates @NAMESPACE@, then this specification can
+--     include any number of contiguous namespace strings, and can include
+--     the entire label namespace prefix from the rule group or web ACL
+--     where the label originates.
+--
+-- Labels are case sensitive and components of a label must be separated by
+-- colon, for example @NS1:NS2:name@.
+labelMatchStatement_key :: Lens.Lens' LabelMatchStatement Prelude.Text
+labelMatchStatement_key = Lens.lens (\LabelMatchStatement' {key} -> key) (\s@LabelMatchStatement' {} a -> s {key = a} :: LabelMatchStatement)
+
+instance Data.FromJSON LabelMatchStatement where
+  parseJSON =
+    Data.withObject
+      "LabelMatchStatement"
+      ( \x ->
+          LabelMatchStatement'
+            Prelude.<$> (x Data..: "Scope")
+            Prelude.<*> (x Data..: "Key")
+      )
+
+instance Prelude.Hashable LabelMatchStatement where
+  hashWithSalt _salt LabelMatchStatement' {..} =
+    _salt
+      `Prelude.hashWithSalt` scope
+      `Prelude.hashWithSalt` key
+
+instance Prelude.NFData LabelMatchStatement where
+  rnf LabelMatchStatement' {..} =
+    Prelude.rnf scope `Prelude.seq` Prelude.rnf key
+
+instance Data.ToJSON LabelMatchStatement where
+  toJSON LabelMatchStatement' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Scope" Data..= scope),
+            Prelude.Just ("Key" Data..= key)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/LabelNameCondition.hs b/gen/Amazonka/WAFV2/Types/LabelNameCondition.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/LabelNameCondition.hs
@@ -0,0 +1,89 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.LabelNameCondition
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.LabelNameCondition where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A single label name condition for a Condition in a logging filter.
+--
+-- /See:/ 'newLabelNameCondition' smart constructor.
+data LabelNameCondition = LabelNameCondition'
+  { -- | The label name that a log record must contain in order to meet the
+    -- condition. This must be a fully qualified label name. Fully qualified
+    -- labels have a prefix, optional namespaces, and label name. The prefix
+    -- identifies the rule group or web ACL context of the rule that added the
+    -- label.
+    labelName :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'LabelNameCondition' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'labelName', 'labelNameCondition_labelName' - The label name that a log record must contain in order to meet the
+-- condition. This must be a fully qualified label name. Fully qualified
+-- labels have a prefix, optional namespaces, and label name. The prefix
+-- identifies the rule group or web ACL context of the rule that added the
+-- label.
+newLabelNameCondition ::
+  -- | 'labelName'
+  Prelude.Text ->
+  LabelNameCondition
+newLabelNameCondition pLabelName_ =
+  LabelNameCondition' {labelName = pLabelName_}
+
+-- | The label name that a log record must contain in order to meet the
+-- condition. This must be a fully qualified label name. Fully qualified
+-- labels have a prefix, optional namespaces, and label name. The prefix
+-- identifies the rule group or web ACL context of the rule that added the
+-- label.
+labelNameCondition_labelName :: Lens.Lens' LabelNameCondition Prelude.Text
+labelNameCondition_labelName = Lens.lens (\LabelNameCondition' {labelName} -> labelName) (\s@LabelNameCondition' {} a -> s {labelName = a} :: LabelNameCondition)
+
+instance Data.FromJSON LabelNameCondition where
+  parseJSON =
+    Data.withObject
+      "LabelNameCondition"
+      ( \x ->
+          LabelNameCondition'
+            Prelude.<$> (x Data..: "LabelName")
+      )
+
+instance Prelude.Hashable LabelNameCondition where
+  hashWithSalt _salt LabelNameCondition' {..} =
+    _salt `Prelude.hashWithSalt` labelName
+
+instance Prelude.NFData LabelNameCondition where
+  rnf LabelNameCondition' {..} = Prelude.rnf labelName
+
+instance Data.ToJSON LabelNameCondition where
+  toJSON LabelNameCondition' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("LabelName" Data..= labelName)]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/LabelSummary.hs b/gen/Amazonka/WAFV2/Types/LabelSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/LabelSummary.hs
@@ -0,0 +1,75 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.LabelSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.LabelSummary where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | List of labels used by one or more of the rules of a RuleGroup. This
+-- summary object is used for the following rule group lists:
+--
+-- -   @AvailableLabels@ - Labels that rules add to matching requests.
+--     These labels are defined in the @RuleLabels@ for a Rule.
+--
+-- -   @ConsumedLabels@ - Labels that rules match against. These labels are
+--     defined in a @LabelMatchStatement@ specification, in the Statement
+--     definition of a rule.
+--
+-- /See:/ 'newLabelSummary' smart constructor.
+data LabelSummary = LabelSummary'
+  { -- | An individual label specification.
+    name :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'LabelSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'labelSummary_name' - An individual label specification.
+newLabelSummary ::
+  LabelSummary
+newLabelSummary =
+  LabelSummary' {name = Prelude.Nothing}
+
+-- | An individual label specification.
+labelSummary_name :: Lens.Lens' LabelSummary (Prelude.Maybe Prelude.Text)
+labelSummary_name = Lens.lens (\LabelSummary' {name} -> name) (\s@LabelSummary' {} a -> s {name = a} :: LabelSummary)
+
+instance Data.FromJSON LabelSummary where
+  parseJSON =
+    Data.withObject
+      "LabelSummary"
+      ( \x ->
+          LabelSummary' Prelude.<$> (x Data..:? "Name")
+      )
+
+instance Prelude.Hashable LabelSummary where
+  hashWithSalt _salt LabelSummary' {..} =
+    _salt `Prelude.hashWithSalt` name
+
+instance Prelude.NFData LabelSummary where
+  rnf LabelSummary' {..} = Prelude.rnf name
diff --git a/gen/Amazonka/WAFV2/Types/LoggingConfiguration.hs b/gen/Amazonka/WAFV2/Types/LoggingConfiguration.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/LoggingConfiguration.hs
@@ -0,0 +1,225 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.LoggingConfiguration
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.LoggingConfiguration where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.FieldToMatch
+import Amazonka.WAFV2.Types.LoggingFilter
+
+-- | Defines an association between logging destinations and a web ACL
+-- resource, for logging from WAF. As part of the association, you can
+-- specify parts of the standard logging fields to keep out of the logs and
+-- you can specify filters so that you log only a subset of the logging
+-- records.
+--
+-- You can define one logging destination per web ACL.
+--
+-- You can access information about the traffic that WAF inspects using the
+-- following steps:
+--
+-- 1.  Create your logging destination. You can use an Amazon CloudWatch
+--     Logs log group, an Amazon Simple Storage Service (Amazon S3) bucket,
+--     or an Amazon Kinesis Data Firehose.
+--
+--     The name that you give the destination must start with
+--     @aws-waf-logs-@. Depending on the type of destination, you might
+--     need to configure additional settings or permissions.
+--
+--     For configuration requirements and pricing information for each
+--     destination type, see
+--     <https://docs.aws.amazon.com/waf/latest/developerguide/logging.html Logging web ACL traffic>
+--     in the /WAF Developer Guide/.
+--
+-- 2.  Associate your logging destination to your web ACL using a
+--     @PutLoggingConfiguration@ request.
+--
+-- When you successfully enable logging using a @PutLoggingConfiguration@
+-- request, WAF creates an additional role or policy that is required to
+-- write logs to the logging destination. For an Amazon CloudWatch Logs log
+-- group, WAF creates a resource policy on the log group. For an Amazon S3
+-- bucket, WAF creates a bucket policy. For an Amazon Kinesis Data
+-- Firehose, WAF creates a service-linked role.
+--
+-- For additional information about web ACL logging, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/logging.html Logging web ACL traffic information>
+-- in the /WAF Developer Guide/.
+--
+-- /See:/ 'newLoggingConfiguration' smart constructor.
+data LoggingConfiguration = LoggingConfiguration'
+  { -- | Filtering that specifies which web requests are kept in the logs and
+    -- which are dropped. You can filter on the rule action and on the web
+    -- request labels that were applied by matching rules during web ACL
+    -- evaluation.
+    loggingFilter :: Prelude.Maybe LoggingFilter,
+    -- | Indicates whether the logging configuration was created by Firewall
+    -- Manager, as part of an WAF policy configuration. If true, only Firewall
+    -- Manager can modify or delete the configuration.
+    managedByFirewallManager :: Prelude.Maybe Prelude.Bool,
+    -- | The parts of the request that you want to keep out of the logs. For
+    -- example, if you redact the @SingleHeader@ field, the @HEADER@ field in
+    -- the logs will be @xxx@.
+    --
+    -- You can specify only the following fields for redaction: @UriPath@,
+    -- @QueryString@, @SingleHeader@, @Method@, and @JsonBody@.
+    redactedFields :: Prelude.Maybe [FieldToMatch],
+    -- | The Amazon Resource Name (ARN) of the web ACL that you want to associate
+    -- with @LogDestinationConfigs@.
+    resourceArn :: Prelude.Text,
+    -- | The logging destination configuration that you want to associate with
+    -- the web ACL.
+    --
+    -- You can associate one logging destination to a web ACL.
+    logDestinationConfigs :: Prelude.NonEmpty Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'LoggingConfiguration' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'loggingFilter', 'loggingConfiguration_loggingFilter' - Filtering that specifies which web requests are kept in the logs and
+-- which are dropped. You can filter on the rule action and on the web
+-- request labels that were applied by matching rules during web ACL
+-- evaluation.
+--
+-- 'managedByFirewallManager', 'loggingConfiguration_managedByFirewallManager' - Indicates whether the logging configuration was created by Firewall
+-- Manager, as part of an WAF policy configuration. If true, only Firewall
+-- Manager can modify or delete the configuration.
+--
+-- 'redactedFields', 'loggingConfiguration_redactedFields' - The parts of the request that you want to keep out of the logs. For
+-- example, if you redact the @SingleHeader@ field, the @HEADER@ field in
+-- the logs will be @xxx@.
+--
+-- You can specify only the following fields for redaction: @UriPath@,
+-- @QueryString@, @SingleHeader@, @Method@, and @JsonBody@.
+--
+-- 'resourceArn', 'loggingConfiguration_resourceArn' - The Amazon Resource Name (ARN) of the web ACL that you want to associate
+-- with @LogDestinationConfigs@.
+--
+-- 'logDestinationConfigs', 'loggingConfiguration_logDestinationConfigs' - The logging destination configuration that you want to associate with
+-- the web ACL.
+--
+-- You can associate one logging destination to a web ACL.
+newLoggingConfiguration ::
+  -- | 'resourceArn'
+  Prelude.Text ->
+  -- | 'logDestinationConfigs'
+  Prelude.NonEmpty Prelude.Text ->
+  LoggingConfiguration
+newLoggingConfiguration
+  pResourceArn_
+  pLogDestinationConfigs_ =
+    LoggingConfiguration'
+      { loggingFilter =
+          Prelude.Nothing,
+        managedByFirewallManager = Prelude.Nothing,
+        redactedFields = Prelude.Nothing,
+        resourceArn = pResourceArn_,
+        logDestinationConfigs =
+          Lens.coerced Lens.# pLogDestinationConfigs_
+      }
+
+-- | Filtering that specifies which web requests are kept in the logs and
+-- which are dropped. You can filter on the rule action and on the web
+-- request labels that were applied by matching rules during web ACL
+-- evaluation.
+loggingConfiguration_loggingFilter :: Lens.Lens' LoggingConfiguration (Prelude.Maybe LoggingFilter)
+loggingConfiguration_loggingFilter = Lens.lens (\LoggingConfiguration' {loggingFilter} -> loggingFilter) (\s@LoggingConfiguration' {} a -> s {loggingFilter = a} :: LoggingConfiguration)
+
+-- | Indicates whether the logging configuration was created by Firewall
+-- Manager, as part of an WAF policy configuration. If true, only Firewall
+-- Manager can modify or delete the configuration.
+loggingConfiguration_managedByFirewallManager :: Lens.Lens' LoggingConfiguration (Prelude.Maybe Prelude.Bool)
+loggingConfiguration_managedByFirewallManager = Lens.lens (\LoggingConfiguration' {managedByFirewallManager} -> managedByFirewallManager) (\s@LoggingConfiguration' {} a -> s {managedByFirewallManager = a} :: LoggingConfiguration)
+
+-- | The parts of the request that you want to keep out of the logs. For
+-- example, if you redact the @SingleHeader@ field, the @HEADER@ field in
+-- the logs will be @xxx@.
+--
+-- You can specify only the following fields for redaction: @UriPath@,
+-- @QueryString@, @SingleHeader@, @Method@, and @JsonBody@.
+loggingConfiguration_redactedFields :: Lens.Lens' LoggingConfiguration (Prelude.Maybe [FieldToMatch])
+loggingConfiguration_redactedFields = Lens.lens (\LoggingConfiguration' {redactedFields} -> redactedFields) (\s@LoggingConfiguration' {} a -> s {redactedFields = a} :: LoggingConfiguration) Prelude.. Lens.mapping Lens.coerced
+
+-- | The Amazon Resource Name (ARN) of the web ACL that you want to associate
+-- with @LogDestinationConfigs@.
+loggingConfiguration_resourceArn :: Lens.Lens' LoggingConfiguration Prelude.Text
+loggingConfiguration_resourceArn = Lens.lens (\LoggingConfiguration' {resourceArn} -> resourceArn) (\s@LoggingConfiguration' {} a -> s {resourceArn = a} :: LoggingConfiguration)
+
+-- | The logging destination configuration that you want to associate with
+-- the web ACL.
+--
+-- You can associate one logging destination to a web ACL.
+loggingConfiguration_logDestinationConfigs :: Lens.Lens' LoggingConfiguration (Prelude.NonEmpty Prelude.Text)
+loggingConfiguration_logDestinationConfigs = Lens.lens (\LoggingConfiguration' {logDestinationConfigs} -> logDestinationConfigs) (\s@LoggingConfiguration' {} a -> s {logDestinationConfigs = a} :: LoggingConfiguration) Prelude.. Lens.coerced
+
+instance Data.FromJSON LoggingConfiguration where
+  parseJSON =
+    Data.withObject
+      "LoggingConfiguration"
+      ( \x ->
+          LoggingConfiguration'
+            Prelude.<$> (x Data..:? "LoggingFilter")
+            Prelude.<*> (x Data..:? "ManagedByFirewallManager")
+            Prelude.<*> (x Data..:? "RedactedFields" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..: "ResourceArn")
+            Prelude.<*> (x Data..: "LogDestinationConfigs")
+      )
+
+instance Prelude.Hashable LoggingConfiguration where
+  hashWithSalt _salt LoggingConfiguration' {..} =
+    _salt
+      `Prelude.hashWithSalt` loggingFilter
+      `Prelude.hashWithSalt` managedByFirewallManager
+      `Prelude.hashWithSalt` redactedFields
+      `Prelude.hashWithSalt` resourceArn
+      `Prelude.hashWithSalt` logDestinationConfigs
+
+instance Prelude.NFData LoggingConfiguration where
+  rnf LoggingConfiguration' {..} =
+    Prelude.rnf loggingFilter
+      `Prelude.seq` Prelude.rnf managedByFirewallManager
+      `Prelude.seq` Prelude.rnf redactedFields
+      `Prelude.seq` Prelude.rnf resourceArn
+      `Prelude.seq` Prelude.rnf logDestinationConfigs
+
+instance Data.ToJSON LoggingConfiguration where
+  toJSON LoggingConfiguration' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("LoggingFilter" Data..=) Prelude.<$> loggingFilter,
+            ("ManagedByFirewallManager" Data..=)
+              Prelude.<$> managedByFirewallManager,
+            ("RedactedFields" Data..=)
+              Prelude.<$> redactedFields,
+            Prelude.Just ("ResourceArn" Data..= resourceArn),
+            Prelude.Just
+              ( "LogDestinationConfigs"
+                  Data..= logDestinationConfigs
+              )
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/LoggingFilter.hs b/gen/Amazonka/WAFV2/Types/LoggingFilter.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/LoggingFilter.hs
@@ -0,0 +1,108 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.LoggingFilter
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.LoggingFilter where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.Filter
+import Amazonka.WAFV2.Types.FilterBehavior
+
+-- | Filtering that specifies which web requests are kept in the logs and
+-- which are dropped, defined for a web ACL\'s LoggingConfiguration.
+--
+-- You can filter on the rule action and on the web request labels that
+-- were applied by matching rules during web ACL evaluation.
+--
+-- /See:/ 'newLoggingFilter' smart constructor.
+data LoggingFilter = LoggingFilter'
+  { -- | The filters that you want to apply to the logs.
+    filters :: Prelude.NonEmpty Filter,
+    -- | Default handling for logs that don\'t match any of the specified
+    -- filtering conditions.
+    defaultBehavior :: FilterBehavior
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'LoggingFilter' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'filters', 'loggingFilter_filters' - The filters that you want to apply to the logs.
+--
+-- 'defaultBehavior', 'loggingFilter_defaultBehavior' - Default handling for logs that don\'t match any of the specified
+-- filtering conditions.
+newLoggingFilter ::
+  -- | 'filters'
+  Prelude.NonEmpty Filter ->
+  -- | 'defaultBehavior'
+  FilterBehavior ->
+  LoggingFilter
+newLoggingFilter pFilters_ pDefaultBehavior_ =
+  LoggingFilter'
+    { filters =
+        Lens.coerced Lens.# pFilters_,
+      defaultBehavior = pDefaultBehavior_
+    }
+
+-- | The filters that you want to apply to the logs.
+loggingFilter_filters :: Lens.Lens' LoggingFilter (Prelude.NonEmpty Filter)
+loggingFilter_filters = Lens.lens (\LoggingFilter' {filters} -> filters) (\s@LoggingFilter' {} a -> s {filters = a} :: LoggingFilter) Prelude.. Lens.coerced
+
+-- | Default handling for logs that don\'t match any of the specified
+-- filtering conditions.
+loggingFilter_defaultBehavior :: Lens.Lens' LoggingFilter FilterBehavior
+loggingFilter_defaultBehavior = Lens.lens (\LoggingFilter' {defaultBehavior} -> defaultBehavior) (\s@LoggingFilter' {} a -> s {defaultBehavior = a} :: LoggingFilter)
+
+instance Data.FromJSON LoggingFilter where
+  parseJSON =
+    Data.withObject
+      "LoggingFilter"
+      ( \x ->
+          LoggingFilter'
+            Prelude.<$> (x Data..: "Filters")
+            Prelude.<*> (x Data..: "DefaultBehavior")
+      )
+
+instance Prelude.Hashable LoggingFilter where
+  hashWithSalt _salt LoggingFilter' {..} =
+    _salt
+      `Prelude.hashWithSalt` filters
+      `Prelude.hashWithSalt` defaultBehavior
+
+instance Prelude.NFData LoggingFilter where
+  rnf LoggingFilter' {..} =
+    Prelude.rnf filters
+      `Prelude.seq` Prelude.rnf defaultBehavior
+
+instance Data.ToJSON LoggingFilter where
+  toJSON LoggingFilter' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Filters" Data..= filters),
+            Prelude.Just
+              ("DefaultBehavior" Data..= defaultBehavior)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/ManagedRuleGroupConfig.hs b/gen/Amazonka/WAFV2/Types/ManagedRuleGroupConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/ManagedRuleGroupConfig.hs
@@ -0,0 +1,169 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.ManagedRuleGroupConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.ManagedRuleGroupConfig where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.AWSManagedRulesBotControlRuleSet
+import Amazonka.WAFV2.Types.PasswordField
+import Amazonka.WAFV2.Types.PayloadType
+import Amazonka.WAFV2.Types.UsernameField
+
+-- | Additional information that\'s used by a managed rule group. Many
+-- managed rule groups don\'t require this.
+--
+-- Use the @AWSManagedRulesBotControlRuleSet@ configuration object to
+-- configure the protection level that you want the Bot Control rule group
+-- to use.
+--
+-- For example specifications, see the examples section of CreateWebACL.
+--
+-- /See:/ 'newManagedRuleGroupConfig' smart constructor.
+data ManagedRuleGroupConfig = ManagedRuleGroupConfig'
+  { -- | Additional configuration for using the Bot Control managed rule group.
+    -- Use this to specify the inspection level that you want to use. For
+    -- information about using the Bot Control managed rule group, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html WAF Bot Control rule group>
+    -- and
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-bot-control.html WAF Bot Control>
+    -- in the /WAF Developer Guide/.
+    aWSManagedRulesBotControlRuleSet :: Prelude.Maybe AWSManagedRulesBotControlRuleSet,
+    -- | The path of the login endpoint for your application. For example, for
+    -- the URL @https:\/\/example.com\/web\/login@, you would provide the path
+    -- @\/web\/login@.
+    loginPath :: Prelude.Maybe Prelude.Text,
+    -- | Details about your login page password field.
+    passwordField :: Prelude.Maybe PasswordField,
+    -- | The payload type for your login endpoint, either JSON or form encoded.
+    payloadType :: Prelude.Maybe PayloadType,
+    -- | Details about your login page username field.
+    usernameField :: Prelude.Maybe UsernameField
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ManagedRuleGroupConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'aWSManagedRulesBotControlRuleSet', 'managedRuleGroupConfig_aWSManagedRulesBotControlRuleSet' - Additional configuration for using the Bot Control managed rule group.
+-- Use this to specify the inspection level that you want to use. For
+-- information about using the Bot Control managed rule group, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html WAF Bot Control rule group>
+-- and
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-bot-control.html WAF Bot Control>
+-- in the /WAF Developer Guide/.
+--
+-- 'loginPath', 'managedRuleGroupConfig_loginPath' - The path of the login endpoint for your application. For example, for
+-- the URL @https:\/\/example.com\/web\/login@, you would provide the path
+-- @\/web\/login@.
+--
+-- 'passwordField', 'managedRuleGroupConfig_passwordField' - Details about your login page password field.
+--
+-- 'payloadType', 'managedRuleGroupConfig_payloadType' - The payload type for your login endpoint, either JSON or form encoded.
+--
+-- 'usernameField', 'managedRuleGroupConfig_usernameField' - Details about your login page username field.
+newManagedRuleGroupConfig ::
+  ManagedRuleGroupConfig
+newManagedRuleGroupConfig =
+  ManagedRuleGroupConfig'
+    { aWSManagedRulesBotControlRuleSet =
+        Prelude.Nothing,
+      loginPath = Prelude.Nothing,
+      passwordField = Prelude.Nothing,
+      payloadType = Prelude.Nothing,
+      usernameField = Prelude.Nothing
+    }
+
+-- | Additional configuration for using the Bot Control managed rule group.
+-- Use this to specify the inspection level that you want to use. For
+-- information about using the Bot Control managed rule group, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/aws-managed-rule-groups-bot.html WAF Bot Control rule group>
+-- and
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-bot-control.html WAF Bot Control>
+-- in the /WAF Developer Guide/.
+managedRuleGroupConfig_aWSManagedRulesBotControlRuleSet :: Lens.Lens' ManagedRuleGroupConfig (Prelude.Maybe AWSManagedRulesBotControlRuleSet)
+managedRuleGroupConfig_aWSManagedRulesBotControlRuleSet = Lens.lens (\ManagedRuleGroupConfig' {aWSManagedRulesBotControlRuleSet} -> aWSManagedRulesBotControlRuleSet) (\s@ManagedRuleGroupConfig' {} a -> s {aWSManagedRulesBotControlRuleSet = a} :: ManagedRuleGroupConfig)
+
+-- | The path of the login endpoint for your application. For example, for
+-- the URL @https:\/\/example.com\/web\/login@, you would provide the path
+-- @\/web\/login@.
+managedRuleGroupConfig_loginPath :: Lens.Lens' ManagedRuleGroupConfig (Prelude.Maybe Prelude.Text)
+managedRuleGroupConfig_loginPath = Lens.lens (\ManagedRuleGroupConfig' {loginPath} -> loginPath) (\s@ManagedRuleGroupConfig' {} a -> s {loginPath = a} :: ManagedRuleGroupConfig)
+
+-- | Details about your login page password field.
+managedRuleGroupConfig_passwordField :: Lens.Lens' ManagedRuleGroupConfig (Prelude.Maybe PasswordField)
+managedRuleGroupConfig_passwordField = Lens.lens (\ManagedRuleGroupConfig' {passwordField} -> passwordField) (\s@ManagedRuleGroupConfig' {} a -> s {passwordField = a} :: ManagedRuleGroupConfig)
+
+-- | The payload type for your login endpoint, either JSON or form encoded.
+managedRuleGroupConfig_payloadType :: Lens.Lens' ManagedRuleGroupConfig (Prelude.Maybe PayloadType)
+managedRuleGroupConfig_payloadType = Lens.lens (\ManagedRuleGroupConfig' {payloadType} -> payloadType) (\s@ManagedRuleGroupConfig' {} a -> s {payloadType = a} :: ManagedRuleGroupConfig)
+
+-- | Details about your login page username field.
+managedRuleGroupConfig_usernameField :: Lens.Lens' ManagedRuleGroupConfig (Prelude.Maybe UsernameField)
+managedRuleGroupConfig_usernameField = Lens.lens (\ManagedRuleGroupConfig' {usernameField} -> usernameField) (\s@ManagedRuleGroupConfig' {} a -> s {usernameField = a} :: ManagedRuleGroupConfig)
+
+instance Data.FromJSON ManagedRuleGroupConfig where
+  parseJSON =
+    Data.withObject
+      "ManagedRuleGroupConfig"
+      ( \x ->
+          ManagedRuleGroupConfig'
+            Prelude.<$> (x Data..:? "AWSManagedRulesBotControlRuleSet")
+            Prelude.<*> (x Data..:? "LoginPath")
+            Prelude.<*> (x Data..:? "PasswordField")
+            Prelude.<*> (x Data..:? "PayloadType")
+            Prelude.<*> (x Data..:? "UsernameField")
+      )
+
+instance Prelude.Hashable ManagedRuleGroupConfig where
+  hashWithSalt _salt ManagedRuleGroupConfig' {..} =
+    _salt
+      `Prelude.hashWithSalt` aWSManagedRulesBotControlRuleSet
+      `Prelude.hashWithSalt` loginPath
+      `Prelude.hashWithSalt` passwordField
+      `Prelude.hashWithSalt` payloadType
+      `Prelude.hashWithSalt` usernameField
+
+instance Prelude.NFData ManagedRuleGroupConfig where
+  rnf ManagedRuleGroupConfig' {..} =
+    Prelude.rnf aWSManagedRulesBotControlRuleSet
+      `Prelude.seq` Prelude.rnf loginPath
+      `Prelude.seq` Prelude.rnf passwordField
+      `Prelude.seq` Prelude.rnf payloadType
+      `Prelude.seq` Prelude.rnf usernameField
+
+instance Data.ToJSON ManagedRuleGroupConfig where
+  toJSON ManagedRuleGroupConfig' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AWSManagedRulesBotControlRuleSet" Data..=)
+              Prelude.<$> aWSManagedRulesBotControlRuleSet,
+            ("LoginPath" Data..=) Prelude.<$> loginPath,
+            ("PasswordField" Data..=) Prelude.<$> passwordField,
+            ("PayloadType" Data..=) Prelude.<$> payloadType,
+            ("UsernameField" Data..=) Prelude.<$> usernameField
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/ManagedRuleGroupStatement.hs b/gen/Amazonka/WAFV2/Types/ManagedRuleGroupStatement.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/ManagedRuleGroupStatement.hs
@@ -0,0 +1,261 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.ManagedRuleGroupStatement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.ManagedRuleGroupStatement where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.ExcludedRule
+import Amazonka.WAFV2.Types.ManagedRuleGroupConfig
+import Amazonka.WAFV2.Types.RuleActionOverride
+import {-# SOURCE #-} Amazonka.WAFV2.Types.Statement
+
+-- | A rule statement used to run the rules that are defined in a managed
+-- rule group. To use this, provide the vendor name and the name of the
+-- rule group in this statement. You can retrieve the required names by
+-- calling ListAvailableManagedRuleGroups.
+--
+-- You cannot nest a @ManagedRuleGroupStatement@, for example for use
+-- inside a @NotStatement@ or @OrStatement@. It can only be referenced as a
+-- top-level statement within a rule.
+--
+-- You are charged additional fees when you use the WAF Bot Control managed
+-- rule group @AWSManagedRulesBotControlRuleSet@ or the WAF Fraud Control
+-- account takeover prevention (ATP) managed rule group
+-- @AWSManagedRulesATPRuleSet@. For more information, see
+-- <http://aws.amazon.com/waf/pricing/ WAF Pricing>.
+--
+-- /See:/ 'newManagedRuleGroupStatement' smart constructor.
+data ManagedRuleGroupStatement = ManagedRuleGroupStatement'
+  { -- | Rules in the referenced rule group whose actions are set to @Count@.
+    --
+    -- Instead of this option, use @RuleActionOverrides@. It accepts any valid
+    -- action setting, including @Count@.
+    excludedRules :: Prelude.Maybe [ExcludedRule],
+    -- | Additional information that\'s used by a managed rule group. Many
+    -- managed rule groups don\'t require this.
+    --
+    -- Use the @AWSManagedRulesBotControlRuleSet@ configuration object to
+    -- configure the protection level that you want the Bot Control rule group
+    -- to use.
+    managedRuleGroupConfigs :: Prelude.Maybe (Prelude.NonEmpty ManagedRuleGroupConfig),
+    -- | Action settings to use in the place of the rule actions that are
+    -- configured inside the rule group. You specify one override for each rule
+    -- whose action you want to change.
+    --
+    -- You can use overrides for testing, for example you can override all of
+    -- rule actions to @Count@ and then monitor the resulting count metrics to
+    -- understand how the rule group would handle your web traffic. You can
+    -- also permanently override some or all actions, to modify how the rule
+    -- group manages your web traffic.
+    ruleActionOverrides :: Prelude.Maybe (Prelude.NonEmpty RuleActionOverride),
+    -- | An optional nested statement that narrows the scope of the web requests
+    -- that are evaluated by the managed rule group. Requests are only
+    -- evaluated by the rule group if they match the scope-down statement. You
+    -- can use any nestable Statement in the scope-down statement, and you can
+    -- nest statements at any level, the same as you can for a rule statement.
+    scopeDownStatement :: Prelude.Maybe Statement,
+    -- | The version of the managed rule group to use. If you specify this, the
+    -- version setting is fixed until you change it. If you don\'t specify
+    -- this, WAF uses the vendor\'s default version, and then keeps the version
+    -- at the vendor\'s default when the vendor updates the managed rule group
+    -- settings.
+    version :: Prelude.Maybe Prelude.Text,
+    -- | The name of the managed rule group vendor. You use this, along with the
+    -- rule group name, to identify the rule group.
+    vendorName :: Prelude.Text,
+    -- | The name of the managed rule group. You use this, along with the vendor
+    -- name, to identify the rule group.
+    name :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ManagedRuleGroupStatement' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'excludedRules', 'managedRuleGroupStatement_excludedRules' - Rules in the referenced rule group whose actions are set to @Count@.
+--
+-- Instead of this option, use @RuleActionOverrides@. It accepts any valid
+-- action setting, including @Count@.
+--
+-- 'managedRuleGroupConfigs', 'managedRuleGroupStatement_managedRuleGroupConfigs' - Additional information that\'s used by a managed rule group. Many
+-- managed rule groups don\'t require this.
+--
+-- Use the @AWSManagedRulesBotControlRuleSet@ configuration object to
+-- configure the protection level that you want the Bot Control rule group
+-- to use.
+--
+-- 'ruleActionOverrides', 'managedRuleGroupStatement_ruleActionOverrides' - Action settings to use in the place of the rule actions that are
+-- configured inside the rule group. You specify one override for each rule
+-- whose action you want to change.
+--
+-- You can use overrides for testing, for example you can override all of
+-- rule actions to @Count@ and then monitor the resulting count metrics to
+-- understand how the rule group would handle your web traffic. You can
+-- also permanently override some or all actions, to modify how the rule
+-- group manages your web traffic.
+--
+-- 'scopeDownStatement', 'managedRuleGroupStatement_scopeDownStatement' - An optional nested statement that narrows the scope of the web requests
+-- that are evaluated by the managed rule group. Requests are only
+-- evaluated by the rule group if they match the scope-down statement. You
+-- can use any nestable Statement in the scope-down statement, and you can
+-- nest statements at any level, the same as you can for a rule statement.
+--
+-- 'version', 'managedRuleGroupStatement_version' - The version of the managed rule group to use. If you specify this, the
+-- version setting is fixed until you change it. If you don\'t specify
+-- this, WAF uses the vendor\'s default version, and then keeps the version
+-- at the vendor\'s default when the vendor updates the managed rule group
+-- settings.
+--
+-- 'vendorName', 'managedRuleGroupStatement_vendorName' - The name of the managed rule group vendor. You use this, along with the
+-- rule group name, to identify the rule group.
+--
+-- 'name', 'managedRuleGroupStatement_name' - The name of the managed rule group. You use this, along with the vendor
+-- name, to identify the rule group.
+newManagedRuleGroupStatement ::
+  -- | 'vendorName'
+  Prelude.Text ->
+  -- | 'name'
+  Prelude.Text ->
+  ManagedRuleGroupStatement
+newManagedRuleGroupStatement pVendorName_ pName_ =
+  ManagedRuleGroupStatement'
+    { excludedRules =
+        Prelude.Nothing,
+      managedRuleGroupConfigs = Prelude.Nothing,
+      ruleActionOverrides = Prelude.Nothing,
+      scopeDownStatement = Prelude.Nothing,
+      version = Prelude.Nothing,
+      vendorName = pVendorName_,
+      name = pName_
+    }
+
+-- | Rules in the referenced rule group whose actions are set to @Count@.
+--
+-- Instead of this option, use @RuleActionOverrides@. It accepts any valid
+-- action setting, including @Count@.
+managedRuleGroupStatement_excludedRules :: Lens.Lens' ManagedRuleGroupStatement (Prelude.Maybe [ExcludedRule])
+managedRuleGroupStatement_excludedRules = Lens.lens (\ManagedRuleGroupStatement' {excludedRules} -> excludedRules) (\s@ManagedRuleGroupStatement' {} a -> s {excludedRules = a} :: ManagedRuleGroupStatement) Prelude.. Lens.mapping Lens.coerced
+
+-- | Additional information that\'s used by a managed rule group. Many
+-- managed rule groups don\'t require this.
+--
+-- Use the @AWSManagedRulesBotControlRuleSet@ configuration object to
+-- configure the protection level that you want the Bot Control rule group
+-- to use.
+managedRuleGroupStatement_managedRuleGroupConfigs :: Lens.Lens' ManagedRuleGroupStatement (Prelude.Maybe (Prelude.NonEmpty ManagedRuleGroupConfig))
+managedRuleGroupStatement_managedRuleGroupConfigs = Lens.lens (\ManagedRuleGroupStatement' {managedRuleGroupConfigs} -> managedRuleGroupConfigs) (\s@ManagedRuleGroupStatement' {} a -> s {managedRuleGroupConfigs = a} :: ManagedRuleGroupStatement) Prelude.. Lens.mapping Lens.coerced
+
+-- | Action settings to use in the place of the rule actions that are
+-- configured inside the rule group. You specify one override for each rule
+-- whose action you want to change.
+--
+-- You can use overrides for testing, for example you can override all of
+-- rule actions to @Count@ and then monitor the resulting count metrics to
+-- understand how the rule group would handle your web traffic. You can
+-- also permanently override some or all actions, to modify how the rule
+-- group manages your web traffic.
+managedRuleGroupStatement_ruleActionOverrides :: Lens.Lens' ManagedRuleGroupStatement (Prelude.Maybe (Prelude.NonEmpty RuleActionOverride))
+managedRuleGroupStatement_ruleActionOverrides = Lens.lens (\ManagedRuleGroupStatement' {ruleActionOverrides} -> ruleActionOverrides) (\s@ManagedRuleGroupStatement' {} a -> s {ruleActionOverrides = a} :: ManagedRuleGroupStatement) Prelude.. Lens.mapping Lens.coerced
+
+-- | An optional nested statement that narrows the scope of the web requests
+-- that are evaluated by the managed rule group. Requests are only
+-- evaluated by the rule group if they match the scope-down statement. You
+-- can use any nestable Statement in the scope-down statement, and you can
+-- nest statements at any level, the same as you can for a rule statement.
+managedRuleGroupStatement_scopeDownStatement :: Lens.Lens' ManagedRuleGroupStatement (Prelude.Maybe Statement)
+managedRuleGroupStatement_scopeDownStatement = Lens.lens (\ManagedRuleGroupStatement' {scopeDownStatement} -> scopeDownStatement) (\s@ManagedRuleGroupStatement' {} a -> s {scopeDownStatement = a} :: ManagedRuleGroupStatement)
+
+-- | The version of the managed rule group to use. If you specify this, the
+-- version setting is fixed until you change it. If you don\'t specify
+-- this, WAF uses the vendor\'s default version, and then keeps the version
+-- at the vendor\'s default when the vendor updates the managed rule group
+-- settings.
+managedRuleGroupStatement_version :: Lens.Lens' ManagedRuleGroupStatement (Prelude.Maybe Prelude.Text)
+managedRuleGroupStatement_version = Lens.lens (\ManagedRuleGroupStatement' {version} -> version) (\s@ManagedRuleGroupStatement' {} a -> s {version = a} :: ManagedRuleGroupStatement)
+
+-- | The name of the managed rule group vendor. You use this, along with the
+-- rule group name, to identify the rule group.
+managedRuleGroupStatement_vendorName :: Lens.Lens' ManagedRuleGroupStatement Prelude.Text
+managedRuleGroupStatement_vendorName = Lens.lens (\ManagedRuleGroupStatement' {vendorName} -> vendorName) (\s@ManagedRuleGroupStatement' {} a -> s {vendorName = a} :: ManagedRuleGroupStatement)
+
+-- | The name of the managed rule group. You use this, along with the vendor
+-- name, to identify the rule group.
+managedRuleGroupStatement_name :: Lens.Lens' ManagedRuleGroupStatement Prelude.Text
+managedRuleGroupStatement_name = Lens.lens (\ManagedRuleGroupStatement' {name} -> name) (\s@ManagedRuleGroupStatement' {} a -> s {name = a} :: ManagedRuleGroupStatement)
+
+instance Data.FromJSON ManagedRuleGroupStatement where
+  parseJSON =
+    Data.withObject
+      "ManagedRuleGroupStatement"
+      ( \x ->
+          ManagedRuleGroupStatement'
+            Prelude.<$> (x Data..:? "ExcludedRules" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "ManagedRuleGroupConfigs")
+            Prelude.<*> (x Data..:? "RuleActionOverrides")
+            Prelude.<*> (x Data..:? "ScopeDownStatement")
+            Prelude.<*> (x Data..:? "Version")
+            Prelude.<*> (x Data..: "VendorName")
+            Prelude.<*> (x Data..: "Name")
+      )
+
+instance Prelude.Hashable ManagedRuleGroupStatement where
+  hashWithSalt _salt ManagedRuleGroupStatement' {..} =
+    _salt
+      `Prelude.hashWithSalt` excludedRules
+      `Prelude.hashWithSalt` managedRuleGroupConfigs
+      `Prelude.hashWithSalt` ruleActionOverrides
+      `Prelude.hashWithSalt` scopeDownStatement
+      `Prelude.hashWithSalt` version
+      `Prelude.hashWithSalt` vendorName
+      `Prelude.hashWithSalt` name
+
+instance Prelude.NFData ManagedRuleGroupStatement where
+  rnf ManagedRuleGroupStatement' {..} =
+    Prelude.rnf excludedRules
+      `Prelude.seq` Prelude.rnf managedRuleGroupConfigs
+      `Prelude.seq` Prelude.rnf ruleActionOverrides
+      `Prelude.seq` Prelude.rnf scopeDownStatement
+      `Prelude.seq` Prelude.rnf version
+      `Prelude.seq` Prelude.rnf vendorName
+      `Prelude.seq` Prelude.rnf name
+
+instance Data.ToJSON ManagedRuleGroupStatement where
+  toJSON ManagedRuleGroupStatement' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ExcludedRules" Data..=) Prelude.<$> excludedRules,
+            ("ManagedRuleGroupConfigs" Data..=)
+              Prelude.<$> managedRuleGroupConfigs,
+            ("RuleActionOverrides" Data..=)
+              Prelude.<$> ruleActionOverrides,
+            ("ScopeDownStatement" Data..=)
+              Prelude.<$> scopeDownStatement,
+            ("Version" Data..=) Prelude.<$> version,
+            Prelude.Just ("VendorName" Data..= vendorName),
+            Prelude.Just ("Name" Data..= name)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/ManagedRuleGroupStatement.hs-boot b/gen/Amazonka/WAFV2/Types/ManagedRuleGroupStatement.hs-boot
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/ManagedRuleGroupStatement.hs-boot
@@ -0,0 +1,33 @@
+{-# OPTIONS_GHC -Wno-missing-methods #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.ManagedRuleGroupStatement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.ManagedRuleGroupStatement where
+
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+data ManagedRuleGroupStatement
+
+instance Prelude.Eq ManagedRuleGroupStatement
+
+instance Prelude.Read ManagedRuleGroupStatement
+
+instance Prelude.Show ManagedRuleGroupStatement
+
+instance Prelude.Generic ManagedRuleGroupStatement
+
+instance Data.ToJSON ManagedRuleGroupStatement
+
+instance Data.FromJSON ManagedRuleGroupStatement
+
+instance Prelude.NFData ManagedRuleGroupStatement
+
+instance Prelude.Hashable ManagedRuleGroupStatement
diff --git a/gen/Amazonka/WAFV2/Types/ManagedRuleGroupSummary.hs b/gen/Amazonka/WAFV2/Types/ManagedRuleGroupSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/ManagedRuleGroupSummary.hs
@@ -0,0 +1,134 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.ManagedRuleGroupSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.ManagedRuleGroupSummary where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | High-level information about a managed rule group, returned by
+-- ListAvailableManagedRuleGroups. This provides information like the name
+-- and vendor name, that you provide when you add a
+-- ManagedRuleGroupStatement to a web ACL. Managed rule groups include
+-- Amazon Web Services Managed Rules rule groups, which are free of charge
+-- to WAF customers, and Amazon Web Services Marketplace managed rule
+-- groups, which you can subscribe to through Amazon Web Services
+-- Marketplace.
+--
+-- /See:/ 'newManagedRuleGroupSummary' smart constructor.
+data ManagedRuleGroupSummary = ManagedRuleGroupSummary'
+  { -- | The description of the managed rule group, provided by Amazon Web
+    -- Services Managed Rules or the Amazon Web Services Marketplace seller who
+    -- manages it.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The name of the managed rule group. You use this, along with the vendor
+    -- name, to identify the rule group.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The name of the managed rule group vendor. You use this, along with the
+    -- rule group name, to identify the rule group.
+    vendorName :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether the managed rule group is versioned. If it is, you can
+    -- retrieve the versions list by calling
+    -- ListAvailableManagedRuleGroupVersions.
+    versioningSupported :: Prelude.Maybe Prelude.Bool
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ManagedRuleGroupSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'description', 'managedRuleGroupSummary_description' - The description of the managed rule group, provided by Amazon Web
+-- Services Managed Rules or the Amazon Web Services Marketplace seller who
+-- manages it.
+--
+-- 'name', 'managedRuleGroupSummary_name' - The name of the managed rule group. You use this, along with the vendor
+-- name, to identify the rule group.
+--
+-- 'vendorName', 'managedRuleGroupSummary_vendorName' - The name of the managed rule group vendor. You use this, along with the
+-- rule group name, to identify the rule group.
+--
+-- 'versioningSupported', 'managedRuleGroupSummary_versioningSupported' - Indicates whether the managed rule group is versioned. If it is, you can
+-- retrieve the versions list by calling
+-- ListAvailableManagedRuleGroupVersions.
+newManagedRuleGroupSummary ::
+  ManagedRuleGroupSummary
+newManagedRuleGroupSummary =
+  ManagedRuleGroupSummary'
+    { description =
+        Prelude.Nothing,
+      name = Prelude.Nothing,
+      vendorName = Prelude.Nothing,
+      versioningSupported = Prelude.Nothing
+    }
+
+-- | The description of the managed rule group, provided by Amazon Web
+-- Services Managed Rules or the Amazon Web Services Marketplace seller who
+-- manages it.
+managedRuleGroupSummary_description :: Lens.Lens' ManagedRuleGroupSummary (Prelude.Maybe Prelude.Text)
+managedRuleGroupSummary_description = Lens.lens (\ManagedRuleGroupSummary' {description} -> description) (\s@ManagedRuleGroupSummary' {} a -> s {description = a} :: ManagedRuleGroupSummary)
+
+-- | The name of the managed rule group. You use this, along with the vendor
+-- name, to identify the rule group.
+managedRuleGroupSummary_name :: Lens.Lens' ManagedRuleGroupSummary (Prelude.Maybe Prelude.Text)
+managedRuleGroupSummary_name = Lens.lens (\ManagedRuleGroupSummary' {name} -> name) (\s@ManagedRuleGroupSummary' {} a -> s {name = a} :: ManagedRuleGroupSummary)
+
+-- | The name of the managed rule group vendor. You use this, along with the
+-- rule group name, to identify the rule group.
+managedRuleGroupSummary_vendorName :: Lens.Lens' ManagedRuleGroupSummary (Prelude.Maybe Prelude.Text)
+managedRuleGroupSummary_vendorName = Lens.lens (\ManagedRuleGroupSummary' {vendorName} -> vendorName) (\s@ManagedRuleGroupSummary' {} a -> s {vendorName = a} :: ManagedRuleGroupSummary)
+
+-- | Indicates whether the managed rule group is versioned. If it is, you can
+-- retrieve the versions list by calling
+-- ListAvailableManagedRuleGroupVersions.
+managedRuleGroupSummary_versioningSupported :: Lens.Lens' ManagedRuleGroupSummary (Prelude.Maybe Prelude.Bool)
+managedRuleGroupSummary_versioningSupported = Lens.lens (\ManagedRuleGroupSummary' {versioningSupported} -> versioningSupported) (\s@ManagedRuleGroupSummary' {} a -> s {versioningSupported = a} :: ManagedRuleGroupSummary)
+
+instance Data.FromJSON ManagedRuleGroupSummary where
+  parseJSON =
+    Data.withObject
+      "ManagedRuleGroupSummary"
+      ( \x ->
+          ManagedRuleGroupSummary'
+            Prelude.<$> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> (x Data..:? "VendorName")
+            Prelude.<*> (x Data..:? "VersioningSupported")
+      )
+
+instance Prelude.Hashable ManagedRuleGroupSummary where
+  hashWithSalt _salt ManagedRuleGroupSummary' {..} =
+    _salt
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` vendorName
+      `Prelude.hashWithSalt` versioningSupported
+
+instance Prelude.NFData ManagedRuleGroupSummary where
+  rnf ManagedRuleGroupSummary' {..} =
+    Prelude.rnf description
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf vendorName
+      `Prelude.seq` Prelude.rnf versioningSupported
diff --git a/gen/Amazonka/WAFV2/Types/ManagedRuleGroupVersion.hs b/gen/Amazonka/WAFV2/Types/ManagedRuleGroupVersion.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/ManagedRuleGroupVersion.hs
@@ -0,0 +1,88 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.ManagedRuleGroupVersion
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.ManagedRuleGroupVersion where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Describes a single version of a managed rule group.
+--
+-- /See:/ 'newManagedRuleGroupVersion' smart constructor.
+data ManagedRuleGroupVersion = ManagedRuleGroupVersion'
+  { -- | The date and time that the managed rule group owner updated the rule
+    -- group version information.
+    lastUpdateTimestamp :: Prelude.Maybe Data.POSIX,
+    -- | The version name.
+    name :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ManagedRuleGroupVersion' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'lastUpdateTimestamp', 'managedRuleGroupVersion_lastUpdateTimestamp' - The date and time that the managed rule group owner updated the rule
+-- group version information.
+--
+-- 'name', 'managedRuleGroupVersion_name' - The version name.
+newManagedRuleGroupVersion ::
+  ManagedRuleGroupVersion
+newManagedRuleGroupVersion =
+  ManagedRuleGroupVersion'
+    { lastUpdateTimestamp =
+        Prelude.Nothing,
+      name = Prelude.Nothing
+    }
+
+-- | The date and time that the managed rule group owner updated the rule
+-- group version information.
+managedRuleGroupVersion_lastUpdateTimestamp :: Lens.Lens' ManagedRuleGroupVersion (Prelude.Maybe Prelude.UTCTime)
+managedRuleGroupVersion_lastUpdateTimestamp = Lens.lens (\ManagedRuleGroupVersion' {lastUpdateTimestamp} -> lastUpdateTimestamp) (\s@ManagedRuleGroupVersion' {} a -> s {lastUpdateTimestamp = a} :: ManagedRuleGroupVersion) Prelude.. Lens.mapping Data._Time
+
+-- | The version name.
+managedRuleGroupVersion_name :: Lens.Lens' ManagedRuleGroupVersion (Prelude.Maybe Prelude.Text)
+managedRuleGroupVersion_name = Lens.lens (\ManagedRuleGroupVersion' {name} -> name) (\s@ManagedRuleGroupVersion' {} a -> s {name = a} :: ManagedRuleGroupVersion)
+
+instance Data.FromJSON ManagedRuleGroupVersion where
+  parseJSON =
+    Data.withObject
+      "ManagedRuleGroupVersion"
+      ( \x ->
+          ManagedRuleGroupVersion'
+            Prelude.<$> (x Data..:? "LastUpdateTimestamp")
+            Prelude.<*> (x Data..:? "Name")
+      )
+
+instance Prelude.Hashable ManagedRuleGroupVersion where
+  hashWithSalt _salt ManagedRuleGroupVersion' {..} =
+    _salt
+      `Prelude.hashWithSalt` lastUpdateTimestamp
+      `Prelude.hashWithSalt` name
+
+instance Prelude.NFData ManagedRuleGroupVersion where
+  rnf ManagedRuleGroupVersion' {..} =
+    Prelude.rnf lastUpdateTimestamp
+      `Prelude.seq` Prelude.rnf name
diff --git a/gen/Amazonka/WAFV2/Types/ManagedRuleSet.hs b/gen/Amazonka/WAFV2/Types/ManagedRuleSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/ManagedRuleSet.hs
@@ -0,0 +1,228 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.ManagedRuleSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.ManagedRuleSet where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.ManagedRuleSetVersion
+
+-- | A set of rules that is managed by Amazon Web Services and Amazon Web
+-- Services Marketplace sellers to provide versioned managed rule groups
+-- for customers of WAF.
+--
+-- This is intended for use only by vendors of managed rule sets. Vendors
+-- are Amazon Web Services and Amazon Web Services Marketplace sellers.
+--
+-- Vendors, you can use the managed rule set APIs to provide controlled
+-- rollout of your versioned managed rule group offerings for your
+-- customers. The APIs are @ListManagedRuleSets@, @GetManagedRuleSet@,
+-- @PutManagedRuleSetVersions@, and
+-- @UpdateManagedRuleSetVersionExpiryDate@.
+--
+-- /See:/ 'newManagedRuleSet' smart constructor.
+data ManagedRuleSet = ManagedRuleSet'
+  { -- | A description of the set that helps with identification.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The label namespace prefix for the managed rule groups that are offered
+    -- to customers from this managed rule set. All labels that are added by
+    -- rules in the managed rule group have this prefix.
+    --
+    -- -   The syntax for the label namespace prefix for a managed rule group
+    --     is the following:
+    --
+    --     @awswaf:managed:\<vendor>:\<rule group name>@:
+    --
+    -- -   When a rule with a label matches a web request, WAF adds the fully
+    --     qualified label to the request. A fully qualified label is made up
+    --     of the label namespace from the rule group or web ACL where the rule
+    --     is defined and the label from the rule, separated by a colon:
+    --
+    --     @\<label namespace>:\<label from rule>@
+    labelNamespace :: Prelude.Maybe Prelude.Text,
+    -- | The versions of this managed rule set that are available for use by
+    -- customers.
+    publishedVersions :: Prelude.Maybe (Prelude.HashMap Prelude.Text ManagedRuleSetVersion),
+    -- | The version that you would like your customers to use.
+    recommendedVersion :: Prelude.Maybe Prelude.Text,
+    -- | The name of the managed rule set. You use this, along with the rule set
+    -- ID, to identify the rule set.
+    --
+    -- This name is assigned to the corresponding managed rule group, which
+    -- your customers can access and use.
+    name :: Prelude.Text,
+    -- | A unique identifier for the managed rule set. The ID is returned in the
+    -- responses to commands like @list@. You provide it to operations like
+    -- @get@ and @update@.
+    id :: Prelude.Text,
+    -- | The Amazon Resource Name (ARN) of the entity.
+    arn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ManagedRuleSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'description', 'managedRuleSet_description' - A description of the set that helps with identification.
+--
+-- 'labelNamespace', 'managedRuleSet_labelNamespace' - The label namespace prefix for the managed rule groups that are offered
+-- to customers from this managed rule set. All labels that are added by
+-- rules in the managed rule group have this prefix.
+--
+-- -   The syntax for the label namespace prefix for a managed rule group
+--     is the following:
+--
+--     @awswaf:managed:\<vendor>:\<rule group name>@:
+--
+-- -   When a rule with a label matches a web request, WAF adds the fully
+--     qualified label to the request. A fully qualified label is made up
+--     of the label namespace from the rule group or web ACL where the rule
+--     is defined and the label from the rule, separated by a colon:
+--
+--     @\<label namespace>:\<label from rule>@
+--
+-- 'publishedVersions', 'managedRuleSet_publishedVersions' - The versions of this managed rule set that are available for use by
+-- customers.
+--
+-- 'recommendedVersion', 'managedRuleSet_recommendedVersion' - The version that you would like your customers to use.
+--
+-- 'name', 'managedRuleSet_name' - The name of the managed rule set. You use this, along with the rule set
+-- ID, to identify the rule set.
+--
+-- This name is assigned to the corresponding managed rule group, which
+-- your customers can access and use.
+--
+-- 'id', 'managedRuleSet_id' - A unique identifier for the managed rule set. The ID is returned in the
+-- responses to commands like @list@. You provide it to operations like
+-- @get@ and @update@.
+--
+-- 'arn', 'managedRuleSet_arn' - The Amazon Resource Name (ARN) of the entity.
+newManagedRuleSet ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'arn'
+  Prelude.Text ->
+  ManagedRuleSet
+newManagedRuleSet pName_ pId_ pARN_ =
+  ManagedRuleSet'
+    { description = Prelude.Nothing,
+      labelNamespace = Prelude.Nothing,
+      publishedVersions = Prelude.Nothing,
+      recommendedVersion = Prelude.Nothing,
+      name = pName_,
+      id = pId_,
+      arn = pARN_
+    }
+
+-- | A description of the set that helps with identification.
+managedRuleSet_description :: Lens.Lens' ManagedRuleSet (Prelude.Maybe Prelude.Text)
+managedRuleSet_description = Lens.lens (\ManagedRuleSet' {description} -> description) (\s@ManagedRuleSet' {} a -> s {description = a} :: ManagedRuleSet)
+
+-- | The label namespace prefix for the managed rule groups that are offered
+-- to customers from this managed rule set. All labels that are added by
+-- rules in the managed rule group have this prefix.
+--
+-- -   The syntax for the label namespace prefix for a managed rule group
+--     is the following:
+--
+--     @awswaf:managed:\<vendor>:\<rule group name>@:
+--
+-- -   When a rule with a label matches a web request, WAF adds the fully
+--     qualified label to the request. A fully qualified label is made up
+--     of the label namespace from the rule group or web ACL where the rule
+--     is defined and the label from the rule, separated by a colon:
+--
+--     @\<label namespace>:\<label from rule>@
+managedRuleSet_labelNamespace :: Lens.Lens' ManagedRuleSet (Prelude.Maybe Prelude.Text)
+managedRuleSet_labelNamespace = Lens.lens (\ManagedRuleSet' {labelNamespace} -> labelNamespace) (\s@ManagedRuleSet' {} a -> s {labelNamespace = a} :: ManagedRuleSet)
+
+-- | The versions of this managed rule set that are available for use by
+-- customers.
+managedRuleSet_publishedVersions :: Lens.Lens' ManagedRuleSet (Prelude.Maybe (Prelude.HashMap Prelude.Text ManagedRuleSetVersion))
+managedRuleSet_publishedVersions = Lens.lens (\ManagedRuleSet' {publishedVersions} -> publishedVersions) (\s@ManagedRuleSet' {} a -> s {publishedVersions = a} :: ManagedRuleSet) Prelude.. Lens.mapping Lens.coerced
+
+-- | The version that you would like your customers to use.
+managedRuleSet_recommendedVersion :: Lens.Lens' ManagedRuleSet (Prelude.Maybe Prelude.Text)
+managedRuleSet_recommendedVersion = Lens.lens (\ManagedRuleSet' {recommendedVersion} -> recommendedVersion) (\s@ManagedRuleSet' {} a -> s {recommendedVersion = a} :: ManagedRuleSet)
+
+-- | The name of the managed rule set. You use this, along with the rule set
+-- ID, to identify the rule set.
+--
+-- This name is assigned to the corresponding managed rule group, which
+-- your customers can access and use.
+managedRuleSet_name :: Lens.Lens' ManagedRuleSet Prelude.Text
+managedRuleSet_name = Lens.lens (\ManagedRuleSet' {name} -> name) (\s@ManagedRuleSet' {} a -> s {name = a} :: ManagedRuleSet)
+
+-- | A unique identifier for the managed rule set. The ID is returned in the
+-- responses to commands like @list@. You provide it to operations like
+-- @get@ and @update@.
+managedRuleSet_id :: Lens.Lens' ManagedRuleSet Prelude.Text
+managedRuleSet_id = Lens.lens (\ManagedRuleSet' {id} -> id) (\s@ManagedRuleSet' {} a -> s {id = a} :: ManagedRuleSet)
+
+-- | The Amazon Resource Name (ARN) of the entity.
+managedRuleSet_arn :: Lens.Lens' ManagedRuleSet Prelude.Text
+managedRuleSet_arn = Lens.lens (\ManagedRuleSet' {arn} -> arn) (\s@ManagedRuleSet' {} a -> s {arn = a} :: ManagedRuleSet)
+
+instance Data.FromJSON ManagedRuleSet where
+  parseJSON =
+    Data.withObject
+      "ManagedRuleSet"
+      ( \x ->
+          ManagedRuleSet'
+            Prelude.<$> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "LabelNamespace")
+            Prelude.<*> ( x
+                            Data..:? "PublishedVersions"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "RecommendedVersion")
+            Prelude.<*> (x Data..: "Name")
+            Prelude.<*> (x Data..: "Id")
+            Prelude.<*> (x Data..: "ARN")
+      )
+
+instance Prelude.Hashable ManagedRuleSet where
+  hashWithSalt _salt ManagedRuleSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` labelNamespace
+      `Prelude.hashWithSalt` publishedVersions
+      `Prelude.hashWithSalt` recommendedVersion
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` arn
+
+instance Prelude.NFData ManagedRuleSet where
+  rnf ManagedRuleSet' {..} =
+    Prelude.rnf description
+      `Prelude.seq` Prelude.rnf labelNamespace
+      `Prelude.seq` Prelude.rnf publishedVersions
+      `Prelude.seq` Prelude.rnf recommendedVersion
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf arn
diff --git a/gen/Amazonka/WAFV2/Types/ManagedRuleSetSummary.hs b/gen/Amazonka/WAFV2/Types/ManagedRuleSetSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/ManagedRuleSetSummary.hs
@@ -0,0 +1,222 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.ManagedRuleSetSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.ManagedRuleSetSummary where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | High-level information for a managed rule set.
+--
+-- This is intended for use only by vendors of managed rule sets. Vendors
+-- are Amazon Web Services and Amazon Web Services Marketplace sellers.
+--
+-- Vendors, you can use the managed rule set APIs to provide controlled
+-- rollout of your versioned managed rule group offerings for your
+-- customers. The APIs are @ListManagedRuleSets@, @GetManagedRuleSet@,
+-- @PutManagedRuleSetVersions@, and
+-- @UpdateManagedRuleSetVersionExpiryDate@.
+--
+-- /See:/ 'newManagedRuleSetSummary' smart constructor.
+data ManagedRuleSetSummary = ManagedRuleSetSummary'
+  { -- | The Amazon Resource Name (ARN) of the entity.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | A description of the set that helps with identification.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | A unique identifier for the managed rule set. The ID is returned in the
+    -- responses to commands like @list@. You provide it to operations like
+    -- @get@ and @update@.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The label namespace prefix for the managed rule groups that are offered
+    -- to customers from this managed rule set. All labels that are added by
+    -- rules in the managed rule group have this prefix.
+    --
+    -- -   The syntax for the label namespace prefix for a managed rule group
+    --     is the following:
+    --
+    --     @awswaf:managed:\<vendor>:\<rule group name>@:
+    --
+    -- -   When a rule with a label matches a web request, WAF adds the fully
+    --     qualified label to the request. A fully qualified label is made up
+    --     of the label namespace from the rule group or web ACL where the rule
+    --     is defined and the label from the rule, separated by a colon:
+    --
+    --     @\<label namespace>:\<label from rule>@
+    labelNamespace :: Prelude.Maybe Prelude.Text,
+    -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    lockToken :: Prelude.Maybe Prelude.Text,
+    -- | The name of the managed rule set. You use this, along with the rule set
+    -- ID, to identify the rule set.
+    --
+    -- This name is assigned to the corresponding managed rule group, which
+    -- your customers can access and use.
+    name :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ManagedRuleSetSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'managedRuleSetSummary_arn' - The Amazon Resource Name (ARN) of the entity.
+--
+-- 'description', 'managedRuleSetSummary_description' - A description of the set that helps with identification.
+--
+-- 'id', 'managedRuleSetSummary_id' - A unique identifier for the managed rule set. The ID is returned in the
+-- responses to commands like @list@. You provide it to operations like
+-- @get@ and @update@.
+--
+-- 'labelNamespace', 'managedRuleSetSummary_labelNamespace' - The label namespace prefix for the managed rule groups that are offered
+-- to customers from this managed rule set. All labels that are added by
+-- rules in the managed rule group have this prefix.
+--
+-- -   The syntax for the label namespace prefix for a managed rule group
+--     is the following:
+--
+--     @awswaf:managed:\<vendor>:\<rule group name>@:
+--
+-- -   When a rule with a label matches a web request, WAF adds the fully
+--     qualified label to the request. A fully qualified label is made up
+--     of the label namespace from the rule group or web ACL where the rule
+--     is defined and the label from the rule, separated by a colon:
+--
+--     @\<label namespace>:\<label from rule>@
+--
+-- 'lockToken', 'managedRuleSetSummary_lockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+--
+-- 'name', 'managedRuleSetSummary_name' - The name of the managed rule set. You use this, along with the rule set
+-- ID, to identify the rule set.
+--
+-- This name is assigned to the corresponding managed rule group, which
+-- your customers can access and use.
+newManagedRuleSetSummary ::
+  ManagedRuleSetSummary
+newManagedRuleSetSummary =
+  ManagedRuleSetSummary'
+    { arn = Prelude.Nothing,
+      description = Prelude.Nothing,
+      id = Prelude.Nothing,
+      labelNamespace = Prelude.Nothing,
+      lockToken = Prelude.Nothing,
+      name = Prelude.Nothing
+    }
+
+-- | The Amazon Resource Name (ARN) of the entity.
+managedRuleSetSummary_arn :: Lens.Lens' ManagedRuleSetSummary (Prelude.Maybe Prelude.Text)
+managedRuleSetSummary_arn = Lens.lens (\ManagedRuleSetSummary' {arn} -> arn) (\s@ManagedRuleSetSummary' {} a -> s {arn = a} :: ManagedRuleSetSummary)
+
+-- | A description of the set that helps with identification.
+managedRuleSetSummary_description :: Lens.Lens' ManagedRuleSetSummary (Prelude.Maybe Prelude.Text)
+managedRuleSetSummary_description = Lens.lens (\ManagedRuleSetSummary' {description} -> description) (\s@ManagedRuleSetSummary' {} a -> s {description = a} :: ManagedRuleSetSummary)
+
+-- | A unique identifier for the managed rule set. The ID is returned in the
+-- responses to commands like @list@. You provide it to operations like
+-- @get@ and @update@.
+managedRuleSetSummary_id :: Lens.Lens' ManagedRuleSetSummary (Prelude.Maybe Prelude.Text)
+managedRuleSetSummary_id = Lens.lens (\ManagedRuleSetSummary' {id} -> id) (\s@ManagedRuleSetSummary' {} a -> s {id = a} :: ManagedRuleSetSummary)
+
+-- | The label namespace prefix for the managed rule groups that are offered
+-- to customers from this managed rule set. All labels that are added by
+-- rules in the managed rule group have this prefix.
+--
+-- -   The syntax for the label namespace prefix for a managed rule group
+--     is the following:
+--
+--     @awswaf:managed:\<vendor>:\<rule group name>@:
+--
+-- -   When a rule with a label matches a web request, WAF adds the fully
+--     qualified label to the request. A fully qualified label is made up
+--     of the label namespace from the rule group or web ACL where the rule
+--     is defined and the label from the rule, separated by a colon:
+--
+--     @\<label namespace>:\<label from rule>@
+managedRuleSetSummary_labelNamespace :: Lens.Lens' ManagedRuleSetSummary (Prelude.Maybe Prelude.Text)
+managedRuleSetSummary_labelNamespace = Lens.lens (\ManagedRuleSetSummary' {labelNamespace} -> labelNamespace) (\s@ManagedRuleSetSummary' {} a -> s {labelNamespace = a} :: ManagedRuleSetSummary)
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+managedRuleSetSummary_lockToken :: Lens.Lens' ManagedRuleSetSummary (Prelude.Maybe Prelude.Text)
+managedRuleSetSummary_lockToken = Lens.lens (\ManagedRuleSetSummary' {lockToken} -> lockToken) (\s@ManagedRuleSetSummary' {} a -> s {lockToken = a} :: ManagedRuleSetSummary)
+
+-- | The name of the managed rule set. You use this, along with the rule set
+-- ID, to identify the rule set.
+--
+-- This name is assigned to the corresponding managed rule group, which
+-- your customers can access and use.
+managedRuleSetSummary_name :: Lens.Lens' ManagedRuleSetSummary (Prelude.Maybe Prelude.Text)
+managedRuleSetSummary_name = Lens.lens (\ManagedRuleSetSummary' {name} -> name) (\s@ManagedRuleSetSummary' {} a -> s {name = a} :: ManagedRuleSetSummary)
+
+instance Data.FromJSON ManagedRuleSetSummary where
+  parseJSON =
+    Data.withObject
+      "ManagedRuleSetSummary"
+      ( \x ->
+          ManagedRuleSetSummary'
+            Prelude.<$> (x Data..:? "ARN")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "LabelNamespace")
+            Prelude.<*> (x Data..:? "LockToken")
+            Prelude.<*> (x Data..:? "Name")
+      )
+
+instance Prelude.Hashable ManagedRuleSetSummary where
+  hashWithSalt _salt ManagedRuleSetSummary' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` labelNamespace
+      `Prelude.hashWithSalt` lockToken
+      `Prelude.hashWithSalt` name
+
+instance Prelude.NFData ManagedRuleSetSummary where
+  rnf ManagedRuleSetSummary' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf labelNamespace
+      `Prelude.seq` Prelude.rnf lockToken
+      `Prelude.seq` Prelude.rnf name
diff --git a/gen/Amazonka/WAFV2/Types/ManagedRuleSetVersion.hs b/gen/Amazonka/WAFV2/Types/ManagedRuleSetVersion.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/ManagedRuleSetVersion.hs
@@ -0,0 +1,199 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.ManagedRuleSetVersion
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.ManagedRuleSetVersion where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Information for a single version of a managed rule set.
+--
+-- This is intended for use only by vendors of managed rule sets. Vendors
+-- are Amazon Web Services and Amazon Web Services Marketplace sellers.
+--
+-- Vendors, you can use the managed rule set APIs to provide controlled
+-- rollout of your versioned managed rule group offerings for your
+-- customers. The APIs are @ListManagedRuleSets@, @GetManagedRuleSet@,
+-- @PutManagedRuleSetVersions@, and
+-- @UpdateManagedRuleSetVersionExpiryDate@.
+--
+-- /See:/ 'newManagedRuleSetVersion' smart constructor.
+data ManagedRuleSetVersion = ManagedRuleSetVersion'
+  { -- | The Amazon Resource Name (ARN) of the vendor rule group that\'s used to
+    -- define the published version of your managed rule group.
+    associatedRuleGroupArn :: Prelude.Maybe Prelude.Text,
+    -- | The web ACL capacity units (WCUs) required for this rule group.
+    --
+    -- WAF uses WCUs to calculate and control the operating resources that are
+    -- used to run your rules, rule groups, and web ACLs. WAF calculates
+    -- capacity differently for each rule type, to reflect the relative cost of
+    -- each rule. Simple rules that cost little to run use fewer WCUs than more
+    -- complex rules that use more processing power. Rule group capacity is
+    -- fixed at creation, which helps users plan their web ACL WCU usage when
+    -- they use a rule group. The WCU limit for web ACLs is 1,500.
+    capacity :: Prelude.Maybe Prelude.Natural,
+    -- | The time that this version is set to expire.
+    --
+    -- Times are in Coordinated Universal Time (UTC) format. UTC format
+    -- includes the special designator, Z. For example, \"2016-09-27T14:50Z\".
+    expiryTimestamp :: Prelude.Maybe Data.POSIX,
+    -- | The amount of time you expect this version of your managed rule group to
+    -- last, in days.
+    forecastedLifetime :: Prelude.Maybe Prelude.Natural,
+    -- | The last time that you updated this version.
+    --
+    -- Times are in Coordinated Universal Time (UTC) format. UTC format
+    -- includes the special designator, Z. For example, \"2016-09-27T14:50Z\".
+    lastUpdateTimestamp :: Prelude.Maybe Data.POSIX,
+    -- | The time that you first published this version.
+    --
+    -- Times are in Coordinated Universal Time (UTC) format. UTC format
+    -- includes the special designator, Z. For example, \"2016-09-27T14:50Z\".
+    publishTimestamp :: Prelude.Maybe Data.POSIX
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ManagedRuleSetVersion' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'associatedRuleGroupArn', 'managedRuleSetVersion_associatedRuleGroupArn' - The Amazon Resource Name (ARN) of the vendor rule group that\'s used to
+-- define the published version of your managed rule group.
+--
+-- 'capacity', 'managedRuleSetVersion_capacity' - The web ACL capacity units (WCUs) required for this rule group.
+--
+-- WAF uses WCUs to calculate and control the operating resources that are
+-- used to run your rules, rule groups, and web ACLs. WAF calculates
+-- capacity differently for each rule type, to reflect the relative cost of
+-- each rule. Simple rules that cost little to run use fewer WCUs than more
+-- complex rules that use more processing power. Rule group capacity is
+-- fixed at creation, which helps users plan their web ACL WCU usage when
+-- they use a rule group. The WCU limit for web ACLs is 1,500.
+--
+-- 'expiryTimestamp', 'managedRuleSetVersion_expiryTimestamp' - The time that this version is set to expire.
+--
+-- Times are in Coordinated Universal Time (UTC) format. UTC format
+-- includes the special designator, Z. For example, \"2016-09-27T14:50Z\".
+--
+-- 'forecastedLifetime', 'managedRuleSetVersion_forecastedLifetime' - The amount of time you expect this version of your managed rule group to
+-- last, in days.
+--
+-- 'lastUpdateTimestamp', 'managedRuleSetVersion_lastUpdateTimestamp' - The last time that you updated this version.
+--
+-- Times are in Coordinated Universal Time (UTC) format. UTC format
+-- includes the special designator, Z. For example, \"2016-09-27T14:50Z\".
+--
+-- 'publishTimestamp', 'managedRuleSetVersion_publishTimestamp' - The time that you first published this version.
+--
+-- Times are in Coordinated Universal Time (UTC) format. UTC format
+-- includes the special designator, Z. For example, \"2016-09-27T14:50Z\".
+newManagedRuleSetVersion ::
+  ManagedRuleSetVersion
+newManagedRuleSetVersion =
+  ManagedRuleSetVersion'
+    { associatedRuleGroupArn =
+        Prelude.Nothing,
+      capacity = Prelude.Nothing,
+      expiryTimestamp = Prelude.Nothing,
+      forecastedLifetime = Prelude.Nothing,
+      lastUpdateTimestamp = Prelude.Nothing,
+      publishTimestamp = Prelude.Nothing
+    }
+
+-- | The Amazon Resource Name (ARN) of the vendor rule group that\'s used to
+-- define the published version of your managed rule group.
+managedRuleSetVersion_associatedRuleGroupArn :: Lens.Lens' ManagedRuleSetVersion (Prelude.Maybe Prelude.Text)
+managedRuleSetVersion_associatedRuleGroupArn = Lens.lens (\ManagedRuleSetVersion' {associatedRuleGroupArn} -> associatedRuleGroupArn) (\s@ManagedRuleSetVersion' {} a -> s {associatedRuleGroupArn = a} :: ManagedRuleSetVersion)
+
+-- | The web ACL capacity units (WCUs) required for this rule group.
+--
+-- WAF uses WCUs to calculate and control the operating resources that are
+-- used to run your rules, rule groups, and web ACLs. WAF calculates
+-- capacity differently for each rule type, to reflect the relative cost of
+-- each rule. Simple rules that cost little to run use fewer WCUs than more
+-- complex rules that use more processing power. Rule group capacity is
+-- fixed at creation, which helps users plan their web ACL WCU usage when
+-- they use a rule group. The WCU limit for web ACLs is 1,500.
+managedRuleSetVersion_capacity :: Lens.Lens' ManagedRuleSetVersion (Prelude.Maybe Prelude.Natural)
+managedRuleSetVersion_capacity = Lens.lens (\ManagedRuleSetVersion' {capacity} -> capacity) (\s@ManagedRuleSetVersion' {} a -> s {capacity = a} :: ManagedRuleSetVersion)
+
+-- | The time that this version is set to expire.
+--
+-- Times are in Coordinated Universal Time (UTC) format. UTC format
+-- includes the special designator, Z. For example, \"2016-09-27T14:50Z\".
+managedRuleSetVersion_expiryTimestamp :: Lens.Lens' ManagedRuleSetVersion (Prelude.Maybe Prelude.UTCTime)
+managedRuleSetVersion_expiryTimestamp = Lens.lens (\ManagedRuleSetVersion' {expiryTimestamp} -> expiryTimestamp) (\s@ManagedRuleSetVersion' {} a -> s {expiryTimestamp = a} :: ManagedRuleSetVersion) Prelude.. Lens.mapping Data._Time
+
+-- | The amount of time you expect this version of your managed rule group to
+-- last, in days.
+managedRuleSetVersion_forecastedLifetime :: Lens.Lens' ManagedRuleSetVersion (Prelude.Maybe Prelude.Natural)
+managedRuleSetVersion_forecastedLifetime = Lens.lens (\ManagedRuleSetVersion' {forecastedLifetime} -> forecastedLifetime) (\s@ManagedRuleSetVersion' {} a -> s {forecastedLifetime = a} :: ManagedRuleSetVersion)
+
+-- | The last time that you updated this version.
+--
+-- Times are in Coordinated Universal Time (UTC) format. UTC format
+-- includes the special designator, Z. For example, \"2016-09-27T14:50Z\".
+managedRuleSetVersion_lastUpdateTimestamp :: Lens.Lens' ManagedRuleSetVersion (Prelude.Maybe Prelude.UTCTime)
+managedRuleSetVersion_lastUpdateTimestamp = Lens.lens (\ManagedRuleSetVersion' {lastUpdateTimestamp} -> lastUpdateTimestamp) (\s@ManagedRuleSetVersion' {} a -> s {lastUpdateTimestamp = a} :: ManagedRuleSetVersion) Prelude.. Lens.mapping Data._Time
+
+-- | The time that you first published this version.
+--
+-- Times are in Coordinated Universal Time (UTC) format. UTC format
+-- includes the special designator, Z. For example, \"2016-09-27T14:50Z\".
+managedRuleSetVersion_publishTimestamp :: Lens.Lens' ManagedRuleSetVersion (Prelude.Maybe Prelude.UTCTime)
+managedRuleSetVersion_publishTimestamp = Lens.lens (\ManagedRuleSetVersion' {publishTimestamp} -> publishTimestamp) (\s@ManagedRuleSetVersion' {} a -> s {publishTimestamp = a} :: ManagedRuleSetVersion) Prelude.. Lens.mapping Data._Time
+
+instance Data.FromJSON ManagedRuleSetVersion where
+  parseJSON =
+    Data.withObject
+      "ManagedRuleSetVersion"
+      ( \x ->
+          ManagedRuleSetVersion'
+            Prelude.<$> (x Data..:? "AssociatedRuleGroupArn")
+            Prelude.<*> (x Data..:? "Capacity")
+            Prelude.<*> (x Data..:? "ExpiryTimestamp")
+            Prelude.<*> (x Data..:? "ForecastedLifetime")
+            Prelude.<*> (x Data..:? "LastUpdateTimestamp")
+            Prelude.<*> (x Data..:? "PublishTimestamp")
+      )
+
+instance Prelude.Hashable ManagedRuleSetVersion where
+  hashWithSalt _salt ManagedRuleSetVersion' {..} =
+    _salt
+      `Prelude.hashWithSalt` associatedRuleGroupArn
+      `Prelude.hashWithSalt` capacity
+      `Prelude.hashWithSalt` expiryTimestamp
+      `Prelude.hashWithSalt` forecastedLifetime
+      `Prelude.hashWithSalt` lastUpdateTimestamp
+      `Prelude.hashWithSalt` publishTimestamp
+
+instance Prelude.NFData ManagedRuleSetVersion where
+  rnf ManagedRuleSetVersion' {..} =
+    Prelude.rnf associatedRuleGroupArn
+      `Prelude.seq` Prelude.rnf capacity
+      `Prelude.seq` Prelude.rnf expiryTimestamp
+      `Prelude.seq` Prelude.rnf forecastedLifetime
+      `Prelude.seq` Prelude.rnf lastUpdateTimestamp
+      `Prelude.seq` Prelude.rnf publishTimestamp
diff --git a/gen/Amazonka/WAFV2/Types/MapMatchScope.hs b/gen/Amazonka/WAFV2/Types/MapMatchScope.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/MapMatchScope.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.MapMatchScope
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.MapMatchScope
+  ( MapMatchScope
+      ( ..,
+        MapMatchScope_ALL,
+        MapMatchScope_KEY,
+        MapMatchScope_VALUE
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype MapMatchScope = MapMatchScope'
+  { fromMapMatchScope ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern MapMatchScope_ALL :: MapMatchScope
+pattern MapMatchScope_ALL = MapMatchScope' "ALL"
+
+pattern MapMatchScope_KEY :: MapMatchScope
+pattern MapMatchScope_KEY = MapMatchScope' "KEY"
+
+pattern MapMatchScope_VALUE :: MapMatchScope
+pattern MapMatchScope_VALUE = MapMatchScope' "VALUE"
+
+{-# COMPLETE
+  MapMatchScope_ALL,
+  MapMatchScope_KEY,
+  MapMatchScope_VALUE,
+  MapMatchScope'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/Method.hs b/gen/Amazonka/WAFV2/Types/Method.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/Method.hs
@@ -0,0 +1,63 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.Method
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.Method where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Inspect the HTTP method of the web request. The method indicates the
+-- type of operation that the request is asking the origin to perform.
+--
+-- This is used only in the FieldToMatch specification for some web request
+-- component types.
+--
+-- JSON specification: @\"Method\": {}@
+--
+-- /See:/ 'newMethod' smart constructor.
+data Method = Method'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Method' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newMethod ::
+  Method
+newMethod = Method'
+
+instance Data.FromJSON Method where
+  parseJSON =
+    Data.withObject
+      "Method"
+      (\x -> Prelude.pure Method')
+
+instance Prelude.Hashable Method where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance Prelude.NFData Method where
+  rnf _ = ()
+
+instance Data.ToJSON Method where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
diff --git a/gen/Amazonka/WAFV2/Types/MobileSdkRelease.hs b/gen/Amazonka/WAFV2/Types/MobileSdkRelease.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/MobileSdkRelease.hs
@@ -0,0 +1,116 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.MobileSdkRelease
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.MobileSdkRelease where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.Tag
+
+-- | Information for a release of the mobile SDK, including release notes and
+-- tags.
+--
+-- The mobile SDK is not generally available. Customers who have access to
+-- the mobile SDK can use it to establish and manage WAF tokens for use in
+-- HTTP(S) requests from a mobile device to WAF. For more information, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-application-integration.html WAF client application integration>
+-- in the /WAF Developer Guide/.
+--
+-- /See:/ 'newMobileSdkRelease' smart constructor.
+data MobileSdkRelease = MobileSdkRelease'
+  { -- | Notes describing the release.
+    releaseNotes :: Prelude.Maybe Prelude.Text,
+    -- | The release version.
+    releaseVersion :: Prelude.Maybe Prelude.Text,
+    -- | Tags that are associated with the release.
+    tags :: Prelude.Maybe (Prelude.NonEmpty Tag),
+    -- | The timestamp of the release.
+    timestamp :: Prelude.Maybe Data.POSIX
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'MobileSdkRelease' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'releaseNotes', 'mobileSdkRelease_releaseNotes' - Notes describing the release.
+--
+-- 'releaseVersion', 'mobileSdkRelease_releaseVersion' - The release version.
+--
+-- 'tags', 'mobileSdkRelease_tags' - Tags that are associated with the release.
+--
+-- 'timestamp', 'mobileSdkRelease_timestamp' - The timestamp of the release.
+newMobileSdkRelease ::
+  MobileSdkRelease
+newMobileSdkRelease =
+  MobileSdkRelease'
+    { releaseNotes = Prelude.Nothing,
+      releaseVersion = Prelude.Nothing,
+      tags = Prelude.Nothing,
+      timestamp = Prelude.Nothing
+    }
+
+-- | Notes describing the release.
+mobileSdkRelease_releaseNotes :: Lens.Lens' MobileSdkRelease (Prelude.Maybe Prelude.Text)
+mobileSdkRelease_releaseNotes = Lens.lens (\MobileSdkRelease' {releaseNotes} -> releaseNotes) (\s@MobileSdkRelease' {} a -> s {releaseNotes = a} :: MobileSdkRelease)
+
+-- | The release version.
+mobileSdkRelease_releaseVersion :: Lens.Lens' MobileSdkRelease (Prelude.Maybe Prelude.Text)
+mobileSdkRelease_releaseVersion = Lens.lens (\MobileSdkRelease' {releaseVersion} -> releaseVersion) (\s@MobileSdkRelease' {} a -> s {releaseVersion = a} :: MobileSdkRelease)
+
+-- | Tags that are associated with the release.
+mobileSdkRelease_tags :: Lens.Lens' MobileSdkRelease (Prelude.Maybe (Prelude.NonEmpty Tag))
+mobileSdkRelease_tags = Lens.lens (\MobileSdkRelease' {tags} -> tags) (\s@MobileSdkRelease' {} a -> s {tags = a} :: MobileSdkRelease) Prelude.. Lens.mapping Lens.coerced
+
+-- | The timestamp of the release.
+mobileSdkRelease_timestamp :: Lens.Lens' MobileSdkRelease (Prelude.Maybe Prelude.UTCTime)
+mobileSdkRelease_timestamp = Lens.lens (\MobileSdkRelease' {timestamp} -> timestamp) (\s@MobileSdkRelease' {} a -> s {timestamp = a} :: MobileSdkRelease) Prelude.. Lens.mapping Data._Time
+
+instance Data.FromJSON MobileSdkRelease where
+  parseJSON =
+    Data.withObject
+      "MobileSdkRelease"
+      ( \x ->
+          MobileSdkRelease'
+            Prelude.<$> (x Data..:? "ReleaseNotes")
+            Prelude.<*> (x Data..:? "ReleaseVersion")
+            Prelude.<*> (x Data..:? "Tags")
+            Prelude.<*> (x Data..:? "Timestamp")
+      )
+
+instance Prelude.Hashable MobileSdkRelease where
+  hashWithSalt _salt MobileSdkRelease' {..} =
+    _salt
+      `Prelude.hashWithSalt` releaseNotes
+      `Prelude.hashWithSalt` releaseVersion
+      `Prelude.hashWithSalt` tags
+      `Prelude.hashWithSalt` timestamp
+
+instance Prelude.NFData MobileSdkRelease where
+  rnf MobileSdkRelease' {..} =
+    Prelude.rnf releaseNotes
+      `Prelude.seq` Prelude.rnf releaseVersion
+      `Prelude.seq` Prelude.rnf tags
+      `Prelude.seq` Prelude.rnf timestamp
diff --git a/gen/Amazonka/WAFV2/Types/NoneAction.hs b/gen/Amazonka/WAFV2/Types/NoneAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/NoneAction.hs
@@ -0,0 +1,64 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.NoneAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.NoneAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Specifies that WAF should do nothing. This is used for the
+-- @OverrideAction@ setting on a Rule when the rule uses a rule group
+-- reference statement.
+--
+-- This is used in the context of other settings, for example to specify
+-- values for RuleAction and web ACL DefaultAction.
+--
+-- JSON specification: @\"None\": {}@
+--
+-- /See:/ 'newNoneAction' smart constructor.
+data NoneAction = NoneAction'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'NoneAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newNoneAction ::
+  NoneAction
+newNoneAction = NoneAction'
+
+instance Data.FromJSON NoneAction where
+  parseJSON =
+    Data.withObject
+      "NoneAction"
+      (\x -> Prelude.pure NoneAction')
+
+instance Prelude.Hashable NoneAction where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance Prelude.NFData NoneAction where
+  rnf _ = ()
+
+instance Data.ToJSON NoneAction where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
diff --git a/gen/Amazonka/WAFV2/Types/NotStatement.hs b/gen/Amazonka/WAFV2/Types/NotStatement.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/NotStatement.hs
@@ -0,0 +1,78 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.NotStatement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.NotStatement where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import {-# SOURCE #-} Amazonka.WAFV2.Types.Statement
+
+-- | A logical rule statement used to negate the results of another rule
+-- statement. You provide one Statement within the @NotStatement@.
+--
+-- /See:/ 'newNotStatement' smart constructor.
+data NotStatement = NotStatement'
+  { -- | The statement to negate. You can use any statement that can be nested.
+    statement :: Statement
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'NotStatement' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'statement', 'notStatement_statement' - The statement to negate. You can use any statement that can be nested.
+newNotStatement ::
+  -- | 'statement'
+  Statement ->
+  NotStatement
+newNotStatement pStatement_ =
+  NotStatement' {statement = pStatement_}
+
+-- | The statement to negate. You can use any statement that can be nested.
+notStatement_statement :: Lens.Lens' NotStatement Statement
+notStatement_statement = Lens.lens (\NotStatement' {statement} -> statement) (\s@NotStatement' {} a -> s {statement = a} :: NotStatement)
+
+instance Data.FromJSON NotStatement where
+  parseJSON =
+    Data.withObject
+      "NotStatement"
+      ( \x ->
+          NotStatement' Prelude.<$> (x Data..: "Statement")
+      )
+
+instance Prelude.Hashable NotStatement where
+  hashWithSalt _salt NotStatement' {..} =
+    _salt `Prelude.hashWithSalt` statement
+
+instance Prelude.NFData NotStatement where
+  rnf NotStatement' {..} = Prelude.rnf statement
+
+instance Data.ToJSON NotStatement where
+  toJSON NotStatement' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("Statement" Data..= statement)]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/NotStatement.hs-boot b/gen/Amazonka/WAFV2/Types/NotStatement.hs-boot
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/NotStatement.hs-boot
@@ -0,0 +1,33 @@
+{-# OPTIONS_GHC -Wno-missing-methods #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.NotStatement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.NotStatement where
+
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+data NotStatement
+
+instance Prelude.Eq NotStatement
+
+instance Prelude.Read NotStatement
+
+instance Prelude.Show NotStatement
+
+instance Prelude.Generic NotStatement
+
+instance Data.ToJSON NotStatement
+
+instance Data.FromJSON NotStatement
+
+instance Prelude.NFData NotStatement
+
+instance Prelude.Hashable NotStatement
diff --git a/gen/Amazonka/WAFV2/Types/OrStatement.hs b/gen/Amazonka/WAFV2/Types/OrStatement.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/OrStatement.hs
@@ -0,0 +1,80 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.OrStatement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.OrStatement where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import {-# SOURCE #-} Amazonka.WAFV2.Types.Statement
+
+-- | A logical rule statement used to combine other rule statements with OR
+-- logic. You provide more than one Statement within the @OrStatement@.
+--
+-- /See:/ 'newOrStatement' smart constructor.
+data OrStatement = OrStatement'
+  { -- | The statements to combine with OR logic. You can use any statements that
+    -- can be nested.
+    statements :: [Statement]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'OrStatement' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'statements', 'orStatement_statements' - The statements to combine with OR logic. You can use any statements that
+-- can be nested.
+newOrStatement ::
+  OrStatement
+newOrStatement =
+  OrStatement' {statements = Prelude.mempty}
+
+-- | The statements to combine with OR logic. You can use any statements that
+-- can be nested.
+orStatement_statements :: Lens.Lens' OrStatement [Statement]
+orStatement_statements = Lens.lens (\OrStatement' {statements} -> statements) (\s@OrStatement' {} a -> s {statements = a} :: OrStatement) Prelude.. Lens.coerced
+
+instance Data.FromJSON OrStatement where
+  parseJSON =
+    Data.withObject
+      "OrStatement"
+      ( \x ->
+          OrStatement'
+            Prelude.<$> (x Data..:? "Statements" Data..!= Prelude.mempty)
+      )
+
+instance Prelude.Hashable OrStatement where
+  hashWithSalt _salt OrStatement' {..} =
+    _salt `Prelude.hashWithSalt` statements
+
+instance Prelude.NFData OrStatement where
+  rnf OrStatement' {..} = Prelude.rnf statements
+
+instance Data.ToJSON OrStatement where
+  toJSON OrStatement' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("Statements" Data..= statements)]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/OrStatement.hs-boot b/gen/Amazonka/WAFV2/Types/OrStatement.hs-boot
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/OrStatement.hs-boot
@@ -0,0 +1,33 @@
+{-# OPTIONS_GHC -Wno-missing-methods #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.OrStatement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.OrStatement where
+
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+data OrStatement
+
+instance Prelude.Eq OrStatement
+
+instance Prelude.Read OrStatement
+
+instance Prelude.Show OrStatement
+
+instance Prelude.Generic OrStatement
+
+instance Data.ToJSON OrStatement
+
+instance Data.FromJSON OrStatement
+
+instance Prelude.NFData OrStatement
+
+instance Prelude.Hashable OrStatement
diff --git a/gen/Amazonka/WAFV2/Types/OverrideAction.hs b/gen/Amazonka/WAFV2/Types/OverrideAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/OverrideAction.hs
@@ -0,0 +1,127 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.OverrideAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.OverrideAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.CountAction
+import Amazonka.WAFV2.Types.NoneAction
+
+-- | The action to use in the place of the action that results from the rule
+-- group evaluation. Set the override action to none to leave the result of
+-- the rule group alone. Set it to count to override the result to count
+-- only.
+--
+-- You can only use this for rule statements that reference a rule group,
+-- like @RuleGroupReferenceStatement@ and @ManagedRuleGroupStatement@.
+--
+-- This option is usually set to none. It does not affect how the rules in
+-- the rule group are evaluated. If you want the rules in the rule group to
+-- only count matches, do not use this and instead use the rule action
+-- override option, with @Count@ action, in your rule group reference
+-- statement settings.
+--
+-- /See:/ 'newOverrideAction' smart constructor.
+data OverrideAction = OverrideAction'
+  { -- | Override the rule group evaluation result to count only.
+    --
+    -- This option is usually set to none. It does not affect how the rules in
+    -- the rule group are evaluated. If you want the rules in the rule group to
+    -- only count matches, do not use this and instead use the rule action
+    -- override option, with @Count@ action, in your rule group reference
+    -- statement settings.
+    count :: Prelude.Maybe CountAction,
+    -- | Don\'t override the rule group evaluation result. This is the most
+    -- common setting.
+    none :: Prelude.Maybe NoneAction
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'OverrideAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'count', 'overrideAction_count' - Override the rule group evaluation result to count only.
+--
+-- This option is usually set to none. It does not affect how the rules in
+-- the rule group are evaluated. If you want the rules in the rule group to
+-- only count matches, do not use this and instead use the rule action
+-- override option, with @Count@ action, in your rule group reference
+-- statement settings.
+--
+-- 'none', 'overrideAction_none' - Don\'t override the rule group evaluation result. This is the most
+-- common setting.
+newOverrideAction ::
+  OverrideAction
+newOverrideAction =
+  OverrideAction'
+    { count = Prelude.Nothing,
+      none = Prelude.Nothing
+    }
+
+-- | Override the rule group evaluation result to count only.
+--
+-- This option is usually set to none. It does not affect how the rules in
+-- the rule group are evaluated. If you want the rules in the rule group to
+-- only count matches, do not use this and instead use the rule action
+-- override option, with @Count@ action, in your rule group reference
+-- statement settings.
+overrideAction_count :: Lens.Lens' OverrideAction (Prelude.Maybe CountAction)
+overrideAction_count = Lens.lens (\OverrideAction' {count} -> count) (\s@OverrideAction' {} a -> s {count = a} :: OverrideAction)
+
+-- | Don\'t override the rule group evaluation result. This is the most
+-- common setting.
+overrideAction_none :: Lens.Lens' OverrideAction (Prelude.Maybe NoneAction)
+overrideAction_none = Lens.lens (\OverrideAction' {none} -> none) (\s@OverrideAction' {} a -> s {none = a} :: OverrideAction)
+
+instance Data.FromJSON OverrideAction where
+  parseJSON =
+    Data.withObject
+      "OverrideAction"
+      ( \x ->
+          OverrideAction'
+            Prelude.<$> (x Data..:? "Count")
+            Prelude.<*> (x Data..:? "None")
+      )
+
+instance Prelude.Hashable OverrideAction where
+  hashWithSalt _salt OverrideAction' {..} =
+    _salt
+      `Prelude.hashWithSalt` count
+      `Prelude.hashWithSalt` none
+
+instance Prelude.NFData OverrideAction where
+  rnf OverrideAction' {..} =
+    Prelude.rnf count `Prelude.seq` Prelude.rnf none
+
+instance Data.ToJSON OverrideAction where
+  toJSON OverrideAction' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Count" Data..=) Prelude.<$> count,
+            ("None" Data..=) Prelude.<$> none
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/OversizeHandling.hs b/gen/Amazonka/WAFV2/Types/OversizeHandling.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/OversizeHandling.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.OversizeHandling
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.OversizeHandling
+  ( OversizeHandling
+      ( ..,
+        OversizeHandling_CONTINUE,
+        OversizeHandling_MATCH,
+        OversizeHandling_NO_MATCH
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype OversizeHandling = OversizeHandling'
+  { fromOversizeHandling ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern OversizeHandling_CONTINUE :: OversizeHandling
+pattern OversizeHandling_CONTINUE = OversizeHandling' "CONTINUE"
+
+pattern OversizeHandling_MATCH :: OversizeHandling
+pattern OversizeHandling_MATCH = OversizeHandling' "MATCH"
+
+pattern OversizeHandling_NO_MATCH :: OversizeHandling
+pattern OversizeHandling_NO_MATCH = OversizeHandling' "NO_MATCH"
+
+{-# COMPLETE
+  OversizeHandling_CONTINUE,
+  OversizeHandling_MATCH,
+  OversizeHandling_NO_MATCH,
+  OversizeHandling'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/PasswordField.hs b/gen/Amazonka/WAFV2/Types/PasswordField.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/PasswordField.hs
@@ -0,0 +1,77 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.PasswordField
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.PasswordField where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details about your login page password field, used in a
+-- @ManagedRuleGroupConfig@.
+--
+-- /See:/ 'newPasswordField' smart constructor.
+data PasswordField = PasswordField'
+  { -- | The name of the password field. For example @\/form\/password@.
+    identifier :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'PasswordField' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'identifier', 'passwordField_identifier' - The name of the password field. For example @\/form\/password@.
+newPasswordField ::
+  -- | 'identifier'
+  Prelude.Text ->
+  PasswordField
+newPasswordField pIdentifier_ =
+  PasswordField' {identifier = pIdentifier_}
+
+-- | The name of the password field. For example @\/form\/password@.
+passwordField_identifier :: Lens.Lens' PasswordField Prelude.Text
+passwordField_identifier = Lens.lens (\PasswordField' {identifier} -> identifier) (\s@PasswordField' {} a -> s {identifier = a} :: PasswordField)
+
+instance Data.FromJSON PasswordField where
+  parseJSON =
+    Data.withObject
+      "PasswordField"
+      ( \x ->
+          PasswordField' Prelude.<$> (x Data..: "Identifier")
+      )
+
+instance Prelude.Hashable PasswordField where
+  hashWithSalt _salt PasswordField' {..} =
+    _salt `Prelude.hashWithSalt` identifier
+
+instance Prelude.NFData PasswordField where
+  rnf PasswordField' {..} = Prelude.rnf identifier
+
+instance Data.ToJSON PasswordField where
+  toJSON PasswordField' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("Identifier" Data..= identifier)]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/PayloadType.hs b/gen/Amazonka/WAFV2/Types/PayloadType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/PayloadType.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.PayloadType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.PayloadType
+  ( PayloadType
+      ( ..,
+        PayloadType_FORM_ENCODED,
+        PayloadType_JSON
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype PayloadType = PayloadType'
+  { fromPayloadType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern PayloadType_FORM_ENCODED :: PayloadType
+pattern PayloadType_FORM_ENCODED = PayloadType' "FORM_ENCODED"
+
+pattern PayloadType_JSON :: PayloadType
+pattern PayloadType_JSON = PayloadType' "JSON"
+
+{-# COMPLETE
+  PayloadType_FORM_ENCODED,
+  PayloadType_JSON,
+  PayloadType'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/Platform.hs b/gen/Amazonka/WAFV2/Types/Platform.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/Platform.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.Platform
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.Platform
+  ( Platform
+      ( ..,
+        Platform_ANDROID,
+        Platform_IOS
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype Platform = Platform'
+  { fromPlatform ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern Platform_ANDROID :: Platform
+pattern Platform_ANDROID = Platform' "ANDROID"
+
+pattern Platform_IOS :: Platform
+pattern Platform_IOS = Platform' "IOS"
+
+{-# COMPLETE
+  Platform_ANDROID,
+  Platform_IOS,
+  Platform'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/PositionalConstraint.hs b/gen/Amazonka/WAFV2/Types/PositionalConstraint.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/PositionalConstraint.hs
@@ -0,0 +1,86 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.PositionalConstraint
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.PositionalConstraint
+  ( PositionalConstraint
+      ( ..,
+        PositionalConstraint_CONTAINS,
+        PositionalConstraint_CONTAINS_WORD,
+        PositionalConstraint_ENDS_WITH,
+        PositionalConstraint_EXACTLY,
+        PositionalConstraint_STARTS_WITH
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype PositionalConstraint = PositionalConstraint'
+  { fromPositionalConstraint ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern PositionalConstraint_CONTAINS :: PositionalConstraint
+pattern PositionalConstraint_CONTAINS = PositionalConstraint' "CONTAINS"
+
+pattern PositionalConstraint_CONTAINS_WORD :: PositionalConstraint
+pattern PositionalConstraint_CONTAINS_WORD = PositionalConstraint' "CONTAINS_WORD"
+
+pattern PositionalConstraint_ENDS_WITH :: PositionalConstraint
+pattern PositionalConstraint_ENDS_WITH = PositionalConstraint' "ENDS_WITH"
+
+pattern PositionalConstraint_EXACTLY :: PositionalConstraint
+pattern PositionalConstraint_EXACTLY = PositionalConstraint' "EXACTLY"
+
+pattern PositionalConstraint_STARTS_WITH :: PositionalConstraint
+pattern PositionalConstraint_STARTS_WITH = PositionalConstraint' "STARTS_WITH"
+
+{-# COMPLETE
+  PositionalConstraint_CONTAINS,
+  PositionalConstraint_CONTAINS_WORD,
+  PositionalConstraint_ENDS_WITH,
+  PositionalConstraint_EXACTLY,
+  PositionalConstraint_STARTS_WITH,
+  PositionalConstraint'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/QueryString.hs b/gen/Amazonka/WAFV2/Types/QueryString.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/QueryString.hs
@@ -0,0 +1,63 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.QueryString
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.QueryString where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Inspect the query string of the web request. This is the part of a URL
+-- that appears after a @?@ character, if any.
+--
+-- This is used only in the FieldToMatch specification for some web request
+-- component types.
+--
+-- JSON specification: @\"QueryString\": {}@
+--
+-- /See:/ 'newQueryString' smart constructor.
+data QueryString = QueryString'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'QueryString' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newQueryString ::
+  QueryString
+newQueryString = QueryString'
+
+instance Data.FromJSON QueryString where
+  parseJSON =
+    Data.withObject
+      "QueryString"
+      (\x -> Prelude.pure QueryString')
+
+instance Prelude.Hashable QueryString where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance Prelude.NFData QueryString where
+  rnf _ = ()
+
+instance Data.ToJSON QueryString where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
diff --git a/gen/Amazonka/WAFV2/Types/RateBasedStatement.hs b/gen/Amazonka/WAFV2/Types/RateBasedStatement.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/RateBasedStatement.hs
@@ -0,0 +1,239 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.RateBasedStatement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.RateBasedStatement where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.ForwardedIPConfig
+import Amazonka.WAFV2.Types.RateBasedStatementAggregateKeyType
+import {-# SOURCE #-} Amazonka.WAFV2.Types.Statement
+
+-- | A rate-based rule tracks the rate of requests for each originating IP
+-- address, and triggers the rule action when the rate exceeds a limit that
+-- you specify on the number of requests in any 5-minute time span. You can
+-- use this to put a temporary block on requests from an IP address that is
+-- sending excessive requests.
+--
+-- WAF tracks and manages web requests separately for each instance of a
+-- rate-based rule that you use. For example, if you provide the same
+-- rate-based rule settings in two web ACLs, each of the two rule
+-- statements represents a separate instance of the rate-based rule and
+-- gets its own tracking and management by WAF. If you define a rate-based
+-- rule inside a rule group, and then use that rule group in multiple
+-- places, each use creates a separate instance of the rate-based rule that
+-- gets its own tracking and management by WAF.
+--
+-- When the rule action triggers, WAF blocks additional requests from the
+-- IP address until the request rate falls below the limit.
+--
+-- You can optionally nest another statement inside the rate-based
+-- statement, to narrow the scope of the rule so that it only counts
+-- requests that match the nested statement. For example, based on recent
+-- requests that you have seen from an attacker, you might create a
+-- rate-based rule with a nested AND rule statement that contains the
+-- following nested statements:
+--
+-- -   An IP match statement with an IP set that specified the address
+--     192.0.2.44.
+--
+-- -   A string match statement that searches in the User-Agent header for
+--     the string BadBot.
+--
+-- In this rate-based rule, you also define a rate limit. For this example,
+-- the rate limit is 1,000. Requests that meet the criteria of both of the
+-- nested statements are counted. If the count exceeds 1,000 requests per
+-- five minutes, the rule action triggers. Requests that do not meet the
+-- criteria of both of the nested statements are not counted towards the
+-- rate limit and are not affected by this rule.
+--
+-- You cannot nest a @RateBasedStatement@ inside another statement, for
+-- example inside a @NotStatement@ or @OrStatement@. You can define a
+-- @RateBasedStatement@ inside a web ACL and inside a rule group.
+--
+-- /See:/ 'newRateBasedStatement' smart constructor.
+data RateBasedStatement = RateBasedStatement'
+  { -- | The configuration for inspecting IP addresses in an HTTP header that you
+    -- specify, instead of using the IP address that\'s reported by the web
+    -- request origin. Commonly, this is the X-Forwarded-For (XFF) header, but
+    -- you can specify any header name.
+    --
+    -- If the specified header isn\'t present in the request, WAF doesn\'t
+    -- apply the rule to the web request at all.
+    --
+    -- This is required if @AggregateKeyType@ is set to @FORWARDED_IP@.
+    forwardedIPConfig :: Prelude.Maybe ForwardedIPConfig,
+    -- | An optional nested statement that narrows the scope of the web requests
+    -- that are evaluated by the rate-based statement. Requests are only
+    -- tracked by the rate-based statement if they match the scope-down
+    -- statement. You can use any nestable Statement in the scope-down
+    -- statement, and you can nest statements at any level, the same as you can
+    -- for a rule statement.
+    scopeDownStatement :: Prelude.Maybe Statement,
+    -- | The limit on requests per 5-minute period for a single originating IP
+    -- address. If the statement includes a @ScopeDownStatement@, this limit is
+    -- applied only to the requests that match the statement.
+    limit :: Prelude.Natural,
+    -- | Setting that indicates how to aggregate the request counts. The options
+    -- are the following:
+    --
+    -- -   IP - Aggregate the request counts on the IP address from the web
+    --     request origin.
+    --
+    -- -   FORWARDED_IP - Aggregate the request counts on the first IP address
+    --     in an HTTP header. If you use this, configure the
+    --     @ForwardedIPConfig@, to specify the header to use.
+    aggregateKeyType :: RateBasedStatementAggregateKeyType
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RateBasedStatement' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'forwardedIPConfig', 'rateBasedStatement_forwardedIPConfig' - The configuration for inspecting IP addresses in an HTTP header that you
+-- specify, instead of using the IP address that\'s reported by the web
+-- request origin. Commonly, this is the X-Forwarded-For (XFF) header, but
+-- you can specify any header name.
+--
+-- If the specified header isn\'t present in the request, WAF doesn\'t
+-- apply the rule to the web request at all.
+--
+-- This is required if @AggregateKeyType@ is set to @FORWARDED_IP@.
+--
+-- 'scopeDownStatement', 'rateBasedStatement_scopeDownStatement' - An optional nested statement that narrows the scope of the web requests
+-- that are evaluated by the rate-based statement. Requests are only
+-- tracked by the rate-based statement if they match the scope-down
+-- statement. You can use any nestable Statement in the scope-down
+-- statement, and you can nest statements at any level, the same as you can
+-- for a rule statement.
+--
+-- 'limit', 'rateBasedStatement_limit' - The limit on requests per 5-minute period for a single originating IP
+-- address. If the statement includes a @ScopeDownStatement@, this limit is
+-- applied only to the requests that match the statement.
+--
+-- 'aggregateKeyType', 'rateBasedStatement_aggregateKeyType' - Setting that indicates how to aggregate the request counts. The options
+-- are the following:
+--
+-- -   IP - Aggregate the request counts on the IP address from the web
+--     request origin.
+--
+-- -   FORWARDED_IP - Aggregate the request counts on the first IP address
+--     in an HTTP header. If you use this, configure the
+--     @ForwardedIPConfig@, to specify the header to use.
+newRateBasedStatement ::
+  -- | 'limit'
+  Prelude.Natural ->
+  -- | 'aggregateKeyType'
+  RateBasedStatementAggregateKeyType ->
+  RateBasedStatement
+newRateBasedStatement pLimit_ pAggregateKeyType_ =
+  RateBasedStatement'
+    { forwardedIPConfig =
+        Prelude.Nothing,
+      scopeDownStatement = Prelude.Nothing,
+      limit = pLimit_,
+      aggregateKeyType = pAggregateKeyType_
+    }
+
+-- | The configuration for inspecting IP addresses in an HTTP header that you
+-- specify, instead of using the IP address that\'s reported by the web
+-- request origin. Commonly, this is the X-Forwarded-For (XFF) header, but
+-- you can specify any header name.
+--
+-- If the specified header isn\'t present in the request, WAF doesn\'t
+-- apply the rule to the web request at all.
+--
+-- This is required if @AggregateKeyType@ is set to @FORWARDED_IP@.
+rateBasedStatement_forwardedIPConfig :: Lens.Lens' RateBasedStatement (Prelude.Maybe ForwardedIPConfig)
+rateBasedStatement_forwardedIPConfig = Lens.lens (\RateBasedStatement' {forwardedIPConfig} -> forwardedIPConfig) (\s@RateBasedStatement' {} a -> s {forwardedIPConfig = a} :: RateBasedStatement)
+
+-- | An optional nested statement that narrows the scope of the web requests
+-- that are evaluated by the rate-based statement. Requests are only
+-- tracked by the rate-based statement if they match the scope-down
+-- statement. You can use any nestable Statement in the scope-down
+-- statement, and you can nest statements at any level, the same as you can
+-- for a rule statement.
+rateBasedStatement_scopeDownStatement :: Lens.Lens' RateBasedStatement (Prelude.Maybe Statement)
+rateBasedStatement_scopeDownStatement = Lens.lens (\RateBasedStatement' {scopeDownStatement} -> scopeDownStatement) (\s@RateBasedStatement' {} a -> s {scopeDownStatement = a} :: RateBasedStatement)
+
+-- | The limit on requests per 5-minute period for a single originating IP
+-- address. If the statement includes a @ScopeDownStatement@, this limit is
+-- applied only to the requests that match the statement.
+rateBasedStatement_limit :: Lens.Lens' RateBasedStatement Prelude.Natural
+rateBasedStatement_limit = Lens.lens (\RateBasedStatement' {limit} -> limit) (\s@RateBasedStatement' {} a -> s {limit = a} :: RateBasedStatement)
+
+-- | Setting that indicates how to aggregate the request counts. The options
+-- are the following:
+--
+-- -   IP - Aggregate the request counts on the IP address from the web
+--     request origin.
+--
+-- -   FORWARDED_IP - Aggregate the request counts on the first IP address
+--     in an HTTP header. If you use this, configure the
+--     @ForwardedIPConfig@, to specify the header to use.
+rateBasedStatement_aggregateKeyType :: Lens.Lens' RateBasedStatement RateBasedStatementAggregateKeyType
+rateBasedStatement_aggregateKeyType = Lens.lens (\RateBasedStatement' {aggregateKeyType} -> aggregateKeyType) (\s@RateBasedStatement' {} a -> s {aggregateKeyType = a} :: RateBasedStatement)
+
+instance Data.FromJSON RateBasedStatement where
+  parseJSON =
+    Data.withObject
+      "RateBasedStatement"
+      ( \x ->
+          RateBasedStatement'
+            Prelude.<$> (x Data..:? "ForwardedIPConfig")
+            Prelude.<*> (x Data..:? "ScopeDownStatement")
+            Prelude.<*> (x Data..: "Limit")
+            Prelude.<*> (x Data..: "AggregateKeyType")
+      )
+
+instance Prelude.Hashable RateBasedStatement where
+  hashWithSalt _salt RateBasedStatement' {..} =
+    _salt
+      `Prelude.hashWithSalt` forwardedIPConfig
+      `Prelude.hashWithSalt` scopeDownStatement
+      `Prelude.hashWithSalt` limit
+      `Prelude.hashWithSalt` aggregateKeyType
+
+instance Prelude.NFData RateBasedStatement where
+  rnf RateBasedStatement' {..} =
+    Prelude.rnf forwardedIPConfig
+      `Prelude.seq` Prelude.rnf scopeDownStatement
+      `Prelude.seq` Prelude.rnf limit
+      `Prelude.seq` Prelude.rnf aggregateKeyType
+
+instance Data.ToJSON RateBasedStatement where
+  toJSON RateBasedStatement' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ForwardedIPConfig" Data..=)
+              Prelude.<$> forwardedIPConfig,
+            ("ScopeDownStatement" Data..=)
+              Prelude.<$> scopeDownStatement,
+            Prelude.Just ("Limit" Data..= limit),
+            Prelude.Just
+              ("AggregateKeyType" Data..= aggregateKeyType)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/RateBasedStatement.hs-boot b/gen/Amazonka/WAFV2/Types/RateBasedStatement.hs-boot
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/RateBasedStatement.hs-boot
@@ -0,0 +1,33 @@
+{-# OPTIONS_GHC -Wno-missing-methods #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.RateBasedStatement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.RateBasedStatement where
+
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+data RateBasedStatement
+
+instance Prelude.Eq RateBasedStatement
+
+instance Prelude.Read RateBasedStatement
+
+instance Prelude.Show RateBasedStatement
+
+instance Prelude.Generic RateBasedStatement
+
+instance Data.ToJSON RateBasedStatement
+
+instance Data.FromJSON RateBasedStatement
+
+instance Prelude.NFData RateBasedStatement
+
+instance Prelude.Hashable RateBasedStatement
diff --git a/gen/Amazonka/WAFV2/Types/RateBasedStatementAggregateKeyType.hs b/gen/Amazonka/WAFV2/Types/RateBasedStatementAggregateKeyType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/RateBasedStatementAggregateKeyType.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.RateBasedStatementAggregateKeyType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.RateBasedStatementAggregateKeyType
+  ( RateBasedStatementAggregateKeyType
+      ( ..,
+        RateBasedStatementAggregateKeyType_FORWARDED_IP,
+        RateBasedStatementAggregateKeyType_IP
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype RateBasedStatementAggregateKeyType = RateBasedStatementAggregateKeyType'
+  { fromRateBasedStatementAggregateKeyType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern RateBasedStatementAggregateKeyType_FORWARDED_IP :: RateBasedStatementAggregateKeyType
+pattern RateBasedStatementAggregateKeyType_FORWARDED_IP = RateBasedStatementAggregateKeyType' "FORWARDED_IP"
+
+pattern RateBasedStatementAggregateKeyType_IP :: RateBasedStatementAggregateKeyType
+pattern RateBasedStatementAggregateKeyType_IP = RateBasedStatementAggregateKeyType' "IP"
+
+{-# COMPLETE
+  RateBasedStatementAggregateKeyType_FORWARDED_IP,
+  RateBasedStatementAggregateKeyType_IP,
+  RateBasedStatementAggregateKeyType'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/RateBasedStatementManagedKeysIPSet.hs b/gen/Amazonka/WAFV2/Types/RateBasedStatementManagedKeysIPSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/RateBasedStatementManagedKeysIPSet.hs
@@ -0,0 +1,98 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.RateBasedStatementManagedKeysIPSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.RateBasedStatementManagedKeysIPSet where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.IPAddressVersion
+
+-- | The set of IP addresses that are currently blocked for a
+-- RateBasedStatement.
+--
+-- /See:/ 'newRateBasedStatementManagedKeysIPSet' smart constructor.
+data RateBasedStatementManagedKeysIPSet = RateBasedStatementManagedKeysIPSet'
+  { -- | The IP addresses that are currently blocked.
+    addresses :: Prelude.Maybe [Prelude.Text],
+    -- | The version of the IP addresses, either @IPV4@ or @IPV6@.
+    iPAddressVersion :: Prelude.Maybe IPAddressVersion
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RateBasedStatementManagedKeysIPSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'addresses', 'rateBasedStatementManagedKeysIPSet_addresses' - The IP addresses that are currently blocked.
+--
+-- 'iPAddressVersion', 'rateBasedStatementManagedKeysIPSet_iPAddressVersion' - The version of the IP addresses, either @IPV4@ or @IPV6@.
+newRateBasedStatementManagedKeysIPSet ::
+  RateBasedStatementManagedKeysIPSet
+newRateBasedStatementManagedKeysIPSet =
+  RateBasedStatementManagedKeysIPSet'
+    { addresses =
+        Prelude.Nothing,
+      iPAddressVersion = Prelude.Nothing
+    }
+
+-- | The IP addresses that are currently blocked.
+rateBasedStatementManagedKeysIPSet_addresses :: Lens.Lens' RateBasedStatementManagedKeysIPSet (Prelude.Maybe [Prelude.Text])
+rateBasedStatementManagedKeysIPSet_addresses = Lens.lens (\RateBasedStatementManagedKeysIPSet' {addresses} -> addresses) (\s@RateBasedStatementManagedKeysIPSet' {} a -> s {addresses = a} :: RateBasedStatementManagedKeysIPSet) Prelude.. Lens.mapping Lens.coerced
+
+-- | The version of the IP addresses, either @IPV4@ or @IPV6@.
+rateBasedStatementManagedKeysIPSet_iPAddressVersion :: Lens.Lens' RateBasedStatementManagedKeysIPSet (Prelude.Maybe IPAddressVersion)
+rateBasedStatementManagedKeysIPSet_iPAddressVersion = Lens.lens (\RateBasedStatementManagedKeysIPSet' {iPAddressVersion} -> iPAddressVersion) (\s@RateBasedStatementManagedKeysIPSet' {} a -> s {iPAddressVersion = a} :: RateBasedStatementManagedKeysIPSet)
+
+instance
+  Data.FromJSON
+    RateBasedStatementManagedKeysIPSet
+  where
+  parseJSON =
+    Data.withObject
+      "RateBasedStatementManagedKeysIPSet"
+      ( \x ->
+          RateBasedStatementManagedKeysIPSet'
+            Prelude.<$> (x Data..:? "Addresses" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "IPAddressVersion")
+      )
+
+instance
+  Prelude.Hashable
+    RateBasedStatementManagedKeysIPSet
+  where
+  hashWithSalt
+    _salt
+    RateBasedStatementManagedKeysIPSet' {..} =
+      _salt
+        `Prelude.hashWithSalt` addresses
+        `Prelude.hashWithSalt` iPAddressVersion
+
+instance
+  Prelude.NFData
+    RateBasedStatementManagedKeysIPSet
+  where
+  rnf RateBasedStatementManagedKeysIPSet' {..} =
+    Prelude.rnf addresses
+      `Prelude.seq` Prelude.rnf iPAddressVersion
diff --git a/gen/Amazonka/WAFV2/Types/Regex.hs b/gen/Amazonka/WAFV2/Types/Regex.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/Regex.hs
@@ -0,0 +1,73 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.Regex
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.Regex where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A single regular expression. This is used in a RegexPatternSet.
+--
+-- /See:/ 'newRegex' smart constructor.
+data Regex = Regex'
+  { -- | The string representing the regular expression.
+    regexString :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Regex' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'regexString', 'regex_regexString' - The string representing the regular expression.
+newRegex ::
+  Regex
+newRegex = Regex' {regexString = Prelude.Nothing}
+
+-- | The string representing the regular expression.
+regex_regexString :: Lens.Lens' Regex (Prelude.Maybe Prelude.Text)
+regex_regexString = Lens.lens (\Regex' {regexString} -> regexString) (\s@Regex' {} a -> s {regexString = a} :: Regex)
+
+instance Data.FromJSON Regex where
+  parseJSON =
+    Data.withObject
+      "Regex"
+      ( \x ->
+          Regex' Prelude.<$> (x Data..:? "RegexString")
+      )
+
+instance Prelude.Hashable Regex where
+  hashWithSalt _salt Regex' {..} =
+    _salt `Prelude.hashWithSalt` regexString
+
+instance Prelude.NFData Regex where
+  rnf Regex' {..} = Prelude.rnf regexString
+
+instance Data.ToJSON Regex where
+  toJSON Regex' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [("RegexString" Data..=) Prelude.<$> regexString]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/RegexMatchStatement.hs b/gen/Amazonka/WAFV2/Types/RegexMatchStatement.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/RegexMatchStatement.hs
@@ -0,0 +1,135 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.RegexMatchStatement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.RegexMatchStatement where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.FieldToMatch
+import Amazonka.WAFV2.Types.TextTransformation
+
+-- | A rule statement used to search web request components for a match
+-- against a single regular expression.
+--
+-- /See:/ 'newRegexMatchStatement' smart constructor.
+data RegexMatchStatement = RegexMatchStatement'
+  { -- | The string representing the regular expression.
+    regexString :: Prelude.Text,
+    -- | The part of the web request that you want WAF to inspect.
+    fieldToMatch :: FieldToMatch,
+    -- | Text transformations eliminate some of the unusual formatting that
+    -- attackers use in web requests in an effort to bypass detection. If you
+    -- specify one or more transformations in a rule statement, WAF performs
+    -- all transformations on the content of the request component identified
+    -- by @FieldToMatch@, starting from the lowest priority setting, before
+    -- inspecting the content for a match.
+    textTransformations :: Prelude.NonEmpty TextTransformation
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RegexMatchStatement' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'regexString', 'regexMatchStatement_regexString' - The string representing the regular expression.
+--
+-- 'fieldToMatch', 'regexMatchStatement_fieldToMatch' - The part of the web request that you want WAF to inspect.
+--
+-- 'textTransformations', 'regexMatchStatement_textTransformations' - Text transformations eliminate some of the unusual formatting that
+-- attackers use in web requests in an effort to bypass detection. If you
+-- specify one or more transformations in a rule statement, WAF performs
+-- all transformations on the content of the request component identified
+-- by @FieldToMatch@, starting from the lowest priority setting, before
+-- inspecting the content for a match.
+newRegexMatchStatement ::
+  -- | 'regexString'
+  Prelude.Text ->
+  -- | 'fieldToMatch'
+  FieldToMatch ->
+  -- | 'textTransformations'
+  Prelude.NonEmpty TextTransformation ->
+  RegexMatchStatement
+newRegexMatchStatement
+  pRegexString_
+  pFieldToMatch_
+  pTextTransformations_ =
+    RegexMatchStatement'
+      { regexString = pRegexString_,
+        fieldToMatch = pFieldToMatch_,
+        textTransformations =
+          Lens.coerced Lens.# pTextTransformations_
+      }
+
+-- | The string representing the regular expression.
+regexMatchStatement_regexString :: Lens.Lens' RegexMatchStatement Prelude.Text
+regexMatchStatement_regexString = Lens.lens (\RegexMatchStatement' {regexString} -> regexString) (\s@RegexMatchStatement' {} a -> s {regexString = a} :: RegexMatchStatement)
+
+-- | The part of the web request that you want WAF to inspect.
+regexMatchStatement_fieldToMatch :: Lens.Lens' RegexMatchStatement FieldToMatch
+regexMatchStatement_fieldToMatch = Lens.lens (\RegexMatchStatement' {fieldToMatch} -> fieldToMatch) (\s@RegexMatchStatement' {} a -> s {fieldToMatch = a} :: RegexMatchStatement)
+
+-- | Text transformations eliminate some of the unusual formatting that
+-- attackers use in web requests in an effort to bypass detection. If you
+-- specify one or more transformations in a rule statement, WAF performs
+-- all transformations on the content of the request component identified
+-- by @FieldToMatch@, starting from the lowest priority setting, before
+-- inspecting the content for a match.
+regexMatchStatement_textTransformations :: Lens.Lens' RegexMatchStatement (Prelude.NonEmpty TextTransformation)
+regexMatchStatement_textTransformations = Lens.lens (\RegexMatchStatement' {textTransformations} -> textTransformations) (\s@RegexMatchStatement' {} a -> s {textTransformations = a} :: RegexMatchStatement) Prelude.. Lens.coerced
+
+instance Data.FromJSON RegexMatchStatement where
+  parseJSON =
+    Data.withObject
+      "RegexMatchStatement"
+      ( \x ->
+          RegexMatchStatement'
+            Prelude.<$> (x Data..: "RegexString")
+            Prelude.<*> (x Data..: "FieldToMatch")
+            Prelude.<*> (x Data..: "TextTransformations")
+      )
+
+instance Prelude.Hashable RegexMatchStatement where
+  hashWithSalt _salt RegexMatchStatement' {..} =
+    _salt
+      `Prelude.hashWithSalt` regexString
+      `Prelude.hashWithSalt` fieldToMatch
+      `Prelude.hashWithSalt` textTransformations
+
+instance Prelude.NFData RegexMatchStatement where
+  rnf RegexMatchStatement' {..} =
+    Prelude.rnf regexString
+      `Prelude.seq` Prelude.rnf fieldToMatch
+      `Prelude.seq` Prelude.rnf textTransformations
+
+instance Data.ToJSON RegexMatchStatement where
+  toJSON RegexMatchStatement' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("RegexString" Data..= regexString),
+            Prelude.Just ("FieldToMatch" Data..= fieldToMatch),
+            Prelude.Just
+              ("TextTransformations" Data..= textTransformations)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/RegexPatternSet.hs b/gen/Amazonka/WAFV2/Types/RegexPatternSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/RegexPatternSet.hs
@@ -0,0 +1,137 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.RegexPatternSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.RegexPatternSet where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.Regex
+
+-- | Contains one or more regular expressions.
+--
+-- WAF assigns an ARN to each @RegexPatternSet@ that you create. To use a
+-- set in a rule, you provide the ARN to the Rule statement
+-- RegexPatternSetReferenceStatement.
+--
+-- /See:/ 'newRegexPatternSet' smart constructor.
+data RegexPatternSet = RegexPatternSet'
+  { -- | The Amazon Resource Name (ARN) of the entity.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | A description of the set that helps with identification.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | A unique identifier for the set. This ID is returned in the responses to
+    -- create and list commands. You provide it to operations like update and
+    -- delete.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | The name of the set. You cannot change the name after you create the
+    -- set.
+    name :: Prelude.Maybe Prelude.Text,
+    -- | The regular expression patterns in the set.
+    regularExpressionList :: Prelude.Maybe [Regex]
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RegexPatternSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'regexPatternSet_arn' - The Amazon Resource Name (ARN) of the entity.
+--
+-- 'description', 'regexPatternSet_description' - A description of the set that helps with identification.
+--
+-- 'id', 'regexPatternSet_id' - A unique identifier for the set. This ID is returned in the responses to
+-- create and list commands. You provide it to operations like update and
+-- delete.
+--
+-- 'name', 'regexPatternSet_name' - The name of the set. You cannot change the name after you create the
+-- set.
+--
+-- 'regularExpressionList', 'regexPatternSet_regularExpressionList' - The regular expression patterns in the set.
+newRegexPatternSet ::
+  RegexPatternSet
+newRegexPatternSet =
+  RegexPatternSet'
+    { arn = Prelude.Nothing,
+      description = Prelude.Nothing,
+      id = Prelude.Nothing,
+      name = Prelude.Nothing,
+      regularExpressionList = Prelude.Nothing
+    }
+
+-- | The Amazon Resource Name (ARN) of the entity.
+regexPatternSet_arn :: Lens.Lens' RegexPatternSet (Prelude.Maybe Prelude.Text)
+regexPatternSet_arn = Lens.lens (\RegexPatternSet' {arn} -> arn) (\s@RegexPatternSet' {} a -> s {arn = a} :: RegexPatternSet)
+
+-- | A description of the set that helps with identification.
+regexPatternSet_description :: Lens.Lens' RegexPatternSet (Prelude.Maybe Prelude.Text)
+regexPatternSet_description = Lens.lens (\RegexPatternSet' {description} -> description) (\s@RegexPatternSet' {} a -> s {description = a} :: RegexPatternSet)
+
+-- | A unique identifier for the set. This ID is returned in the responses to
+-- create and list commands. You provide it to operations like update and
+-- delete.
+regexPatternSet_id :: Lens.Lens' RegexPatternSet (Prelude.Maybe Prelude.Text)
+regexPatternSet_id = Lens.lens (\RegexPatternSet' {id} -> id) (\s@RegexPatternSet' {} a -> s {id = a} :: RegexPatternSet)
+
+-- | The name of the set. You cannot change the name after you create the
+-- set.
+regexPatternSet_name :: Lens.Lens' RegexPatternSet (Prelude.Maybe Prelude.Text)
+regexPatternSet_name = Lens.lens (\RegexPatternSet' {name} -> name) (\s@RegexPatternSet' {} a -> s {name = a} :: RegexPatternSet)
+
+-- | The regular expression patterns in the set.
+regexPatternSet_regularExpressionList :: Lens.Lens' RegexPatternSet (Prelude.Maybe [Regex])
+regexPatternSet_regularExpressionList = Lens.lens (\RegexPatternSet' {regularExpressionList} -> regularExpressionList) (\s@RegexPatternSet' {} a -> s {regularExpressionList = a} :: RegexPatternSet) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON RegexPatternSet where
+  parseJSON =
+    Data.withObject
+      "RegexPatternSet"
+      ( \x ->
+          RegexPatternSet'
+            Prelude.<$> (x Data..:? "ARN")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "Name")
+            Prelude.<*> ( x
+                            Data..:? "RegularExpressionList"
+                            Data..!= Prelude.mempty
+                        )
+      )
+
+instance Prelude.Hashable RegexPatternSet where
+  hashWithSalt _salt RegexPatternSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` regularExpressionList
+
+instance Prelude.NFData RegexPatternSet where
+  rnf RegexPatternSet' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf regularExpressionList
diff --git a/gen/Amazonka/WAFV2/Types/RegexPatternSetReferenceStatement.hs b/gen/Amazonka/WAFV2/Types/RegexPatternSetReferenceStatement.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/RegexPatternSetReferenceStatement.hs
@@ -0,0 +1,162 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.RegexPatternSetReferenceStatement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.RegexPatternSetReferenceStatement where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.FieldToMatch
+import Amazonka.WAFV2.Types.TextTransformation
+
+-- | A rule statement used to search web request components for matches with
+-- regular expressions. To use this, create a RegexPatternSet that
+-- specifies the expressions that you want to detect, then use the ARN of
+-- that set in this statement. A web request matches the pattern set rule
+-- statement if the request component matches any of the patterns in the
+-- set. To create a regex pattern set, see CreateRegexPatternSet.
+--
+-- Each regex pattern set rule statement references a regex pattern set.
+-- You create and maintain the set independent of your rules. This allows
+-- you to use the single set in multiple rules. When you update the
+-- referenced set, WAF automatically updates all rules that reference it.
+--
+-- /See:/ 'newRegexPatternSetReferenceStatement' smart constructor.
+data RegexPatternSetReferenceStatement = RegexPatternSetReferenceStatement'
+  { -- | The Amazon Resource Name (ARN) of the RegexPatternSet that this
+    -- statement references.
+    arn :: Prelude.Text,
+    -- | The part of the web request that you want WAF to inspect.
+    fieldToMatch :: FieldToMatch,
+    -- | Text transformations eliminate some of the unusual formatting that
+    -- attackers use in web requests in an effort to bypass detection. If you
+    -- specify one or more transformations in a rule statement, WAF performs
+    -- all transformations on the content of the request component identified
+    -- by @FieldToMatch@, starting from the lowest priority setting, before
+    -- inspecting the content for a match.
+    textTransformations :: Prelude.NonEmpty TextTransformation
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RegexPatternSetReferenceStatement' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'regexPatternSetReferenceStatement_arn' - The Amazon Resource Name (ARN) of the RegexPatternSet that this
+-- statement references.
+--
+-- 'fieldToMatch', 'regexPatternSetReferenceStatement_fieldToMatch' - The part of the web request that you want WAF to inspect.
+--
+-- 'textTransformations', 'regexPatternSetReferenceStatement_textTransformations' - Text transformations eliminate some of the unusual formatting that
+-- attackers use in web requests in an effort to bypass detection. If you
+-- specify one or more transformations in a rule statement, WAF performs
+-- all transformations on the content of the request component identified
+-- by @FieldToMatch@, starting from the lowest priority setting, before
+-- inspecting the content for a match.
+newRegexPatternSetReferenceStatement ::
+  -- | 'arn'
+  Prelude.Text ->
+  -- | 'fieldToMatch'
+  FieldToMatch ->
+  -- | 'textTransformations'
+  Prelude.NonEmpty TextTransformation ->
+  RegexPatternSetReferenceStatement
+newRegexPatternSetReferenceStatement
+  pARN_
+  pFieldToMatch_
+  pTextTransformations_ =
+    RegexPatternSetReferenceStatement'
+      { arn = pARN_,
+        fieldToMatch = pFieldToMatch_,
+        textTransformations =
+          Lens.coerced
+            Lens.# pTextTransformations_
+      }
+
+-- | The Amazon Resource Name (ARN) of the RegexPatternSet that this
+-- statement references.
+regexPatternSetReferenceStatement_arn :: Lens.Lens' RegexPatternSetReferenceStatement Prelude.Text
+regexPatternSetReferenceStatement_arn = Lens.lens (\RegexPatternSetReferenceStatement' {arn} -> arn) (\s@RegexPatternSetReferenceStatement' {} a -> s {arn = a} :: RegexPatternSetReferenceStatement)
+
+-- | The part of the web request that you want WAF to inspect.
+regexPatternSetReferenceStatement_fieldToMatch :: Lens.Lens' RegexPatternSetReferenceStatement FieldToMatch
+regexPatternSetReferenceStatement_fieldToMatch = Lens.lens (\RegexPatternSetReferenceStatement' {fieldToMatch} -> fieldToMatch) (\s@RegexPatternSetReferenceStatement' {} a -> s {fieldToMatch = a} :: RegexPatternSetReferenceStatement)
+
+-- | Text transformations eliminate some of the unusual formatting that
+-- attackers use in web requests in an effort to bypass detection. If you
+-- specify one or more transformations in a rule statement, WAF performs
+-- all transformations on the content of the request component identified
+-- by @FieldToMatch@, starting from the lowest priority setting, before
+-- inspecting the content for a match.
+regexPatternSetReferenceStatement_textTransformations :: Lens.Lens' RegexPatternSetReferenceStatement (Prelude.NonEmpty TextTransformation)
+regexPatternSetReferenceStatement_textTransformations = Lens.lens (\RegexPatternSetReferenceStatement' {textTransformations} -> textTransformations) (\s@RegexPatternSetReferenceStatement' {} a -> s {textTransformations = a} :: RegexPatternSetReferenceStatement) Prelude.. Lens.coerced
+
+instance
+  Data.FromJSON
+    RegexPatternSetReferenceStatement
+  where
+  parseJSON =
+    Data.withObject
+      "RegexPatternSetReferenceStatement"
+      ( \x ->
+          RegexPatternSetReferenceStatement'
+            Prelude.<$> (x Data..: "ARN")
+            Prelude.<*> (x Data..: "FieldToMatch")
+            Prelude.<*> (x Data..: "TextTransformations")
+      )
+
+instance
+  Prelude.Hashable
+    RegexPatternSetReferenceStatement
+  where
+  hashWithSalt
+    _salt
+    RegexPatternSetReferenceStatement' {..} =
+      _salt
+        `Prelude.hashWithSalt` arn
+        `Prelude.hashWithSalt` fieldToMatch
+        `Prelude.hashWithSalt` textTransformations
+
+instance
+  Prelude.NFData
+    RegexPatternSetReferenceStatement
+  where
+  rnf RegexPatternSetReferenceStatement' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf fieldToMatch
+      `Prelude.seq` Prelude.rnf textTransformations
+
+instance
+  Data.ToJSON
+    RegexPatternSetReferenceStatement
+  where
+  toJSON RegexPatternSetReferenceStatement' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("ARN" Data..= arn),
+            Prelude.Just ("FieldToMatch" Data..= fieldToMatch),
+            Prelude.Just
+              ("TextTransformations" Data..= textTransformations)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/RegexPatternSetSummary.hs b/gen/Amazonka/WAFV2/Types/RegexPatternSetSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/RegexPatternSetSummary.hs
@@ -0,0 +1,154 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.RegexPatternSetSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.RegexPatternSetSummary where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | High-level information about a RegexPatternSet, returned by operations
+-- like create and list. This provides information like the ID, that you
+-- can use to retrieve and manage a @RegexPatternSet@, and the ARN, that
+-- you provide to the RegexPatternSetReferenceStatement to use the pattern
+-- set in a Rule.
+--
+-- /See:/ 'newRegexPatternSetSummary' smart constructor.
+data RegexPatternSetSummary = RegexPatternSetSummary'
+  { -- | The Amazon Resource Name (ARN) of the entity.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | A description of the set that helps with identification.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | A unique identifier for the set. This ID is returned in the responses to
+    -- create and list commands. You provide it to operations like update and
+    -- delete.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    lockToken :: Prelude.Maybe Prelude.Text,
+    -- | The name of the data type instance. You cannot change the name after you
+    -- create the instance.
+    name :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RegexPatternSetSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'regexPatternSetSummary_arn' - The Amazon Resource Name (ARN) of the entity.
+--
+-- 'description', 'regexPatternSetSummary_description' - A description of the set that helps with identification.
+--
+-- 'id', 'regexPatternSetSummary_id' - A unique identifier for the set. This ID is returned in the responses to
+-- create and list commands. You provide it to operations like update and
+-- delete.
+--
+-- 'lockToken', 'regexPatternSetSummary_lockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+--
+-- 'name', 'regexPatternSetSummary_name' - The name of the data type instance. You cannot change the name after you
+-- create the instance.
+newRegexPatternSetSummary ::
+  RegexPatternSetSummary
+newRegexPatternSetSummary =
+  RegexPatternSetSummary'
+    { arn = Prelude.Nothing,
+      description = Prelude.Nothing,
+      id = Prelude.Nothing,
+      lockToken = Prelude.Nothing,
+      name = Prelude.Nothing
+    }
+
+-- | The Amazon Resource Name (ARN) of the entity.
+regexPatternSetSummary_arn :: Lens.Lens' RegexPatternSetSummary (Prelude.Maybe Prelude.Text)
+regexPatternSetSummary_arn = Lens.lens (\RegexPatternSetSummary' {arn} -> arn) (\s@RegexPatternSetSummary' {} a -> s {arn = a} :: RegexPatternSetSummary)
+
+-- | A description of the set that helps with identification.
+regexPatternSetSummary_description :: Lens.Lens' RegexPatternSetSummary (Prelude.Maybe Prelude.Text)
+regexPatternSetSummary_description = Lens.lens (\RegexPatternSetSummary' {description} -> description) (\s@RegexPatternSetSummary' {} a -> s {description = a} :: RegexPatternSetSummary)
+
+-- | A unique identifier for the set. This ID is returned in the responses to
+-- create and list commands. You provide it to operations like update and
+-- delete.
+regexPatternSetSummary_id :: Lens.Lens' RegexPatternSetSummary (Prelude.Maybe Prelude.Text)
+regexPatternSetSummary_id = Lens.lens (\RegexPatternSetSummary' {id} -> id) (\s@RegexPatternSetSummary' {} a -> s {id = a} :: RegexPatternSetSummary)
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+regexPatternSetSummary_lockToken :: Lens.Lens' RegexPatternSetSummary (Prelude.Maybe Prelude.Text)
+regexPatternSetSummary_lockToken = Lens.lens (\RegexPatternSetSummary' {lockToken} -> lockToken) (\s@RegexPatternSetSummary' {} a -> s {lockToken = a} :: RegexPatternSetSummary)
+
+-- | The name of the data type instance. You cannot change the name after you
+-- create the instance.
+regexPatternSetSummary_name :: Lens.Lens' RegexPatternSetSummary (Prelude.Maybe Prelude.Text)
+regexPatternSetSummary_name = Lens.lens (\RegexPatternSetSummary' {name} -> name) (\s@RegexPatternSetSummary' {} a -> s {name = a} :: RegexPatternSetSummary)
+
+instance Data.FromJSON RegexPatternSetSummary where
+  parseJSON =
+    Data.withObject
+      "RegexPatternSetSummary"
+      ( \x ->
+          RegexPatternSetSummary'
+            Prelude.<$> (x Data..:? "ARN")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "LockToken")
+            Prelude.<*> (x Data..:? "Name")
+      )
+
+instance Prelude.Hashable RegexPatternSetSummary where
+  hashWithSalt _salt RegexPatternSetSummary' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` lockToken
+      `Prelude.hashWithSalt` name
+
+instance Prelude.NFData RegexPatternSetSummary where
+  rnf RegexPatternSetSummary' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf lockToken
+      `Prelude.seq` Prelude.rnf name
diff --git a/gen/Amazonka/WAFV2/Types/ReleaseSummary.hs b/gen/Amazonka/WAFV2/Types/ReleaseSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/ReleaseSummary.hs
@@ -0,0 +1,84 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.ReleaseSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.ReleaseSummary where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | High level information for an SDK release.
+--
+-- /See:/ 'newReleaseSummary' smart constructor.
+data ReleaseSummary = ReleaseSummary'
+  { -- | The release version.
+    releaseVersion :: Prelude.Maybe Prelude.Text,
+    -- | The timestamp of the release.
+    timestamp :: Prelude.Maybe Data.POSIX
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'ReleaseSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'releaseVersion', 'releaseSummary_releaseVersion' - The release version.
+--
+-- 'timestamp', 'releaseSummary_timestamp' - The timestamp of the release.
+newReleaseSummary ::
+  ReleaseSummary
+newReleaseSummary =
+  ReleaseSummary'
+    { releaseVersion = Prelude.Nothing,
+      timestamp = Prelude.Nothing
+    }
+
+-- | The release version.
+releaseSummary_releaseVersion :: Lens.Lens' ReleaseSummary (Prelude.Maybe Prelude.Text)
+releaseSummary_releaseVersion = Lens.lens (\ReleaseSummary' {releaseVersion} -> releaseVersion) (\s@ReleaseSummary' {} a -> s {releaseVersion = a} :: ReleaseSummary)
+
+-- | The timestamp of the release.
+releaseSummary_timestamp :: Lens.Lens' ReleaseSummary (Prelude.Maybe Prelude.UTCTime)
+releaseSummary_timestamp = Lens.lens (\ReleaseSummary' {timestamp} -> timestamp) (\s@ReleaseSummary' {} a -> s {timestamp = a} :: ReleaseSummary) Prelude.. Lens.mapping Data._Time
+
+instance Data.FromJSON ReleaseSummary where
+  parseJSON =
+    Data.withObject
+      "ReleaseSummary"
+      ( \x ->
+          ReleaseSummary'
+            Prelude.<$> (x Data..:? "ReleaseVersion")
+            Prelude.<*> (x Data..:? "Timestamp")
+      )
+
+instance Prelude.Hashable ReleaseSummary where
+  hashWithSalt _salt ReleaseSummary' {..} =
+    _salt
+      `Prelude.hashWithSalt` releaseVersion
+      `Prelude.hashWithSalt` timestamp
+
+instance Prelude.NFData ReleaseSummary where
+  rnf ReleaseSummary' {..} =
+    Prelude.rnf releaseVersion
+      `Prelude.seq` Prelude.rnf timestamp
diff --git a/gen/Amazonka/WAFV2/Types/ResourceType.hs b/gen/Amazonka/WAFV2/Types/ResourceType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/ResourceType.hs
@@ -0,0 +1,81 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.ResourceType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.ResourceType
+  ( ResourceType
+      ( ..,
+        ResourceType_API_GATEWAY,
+        ResourceType_APPLICATION_LOAD_BALANCER,
+        ResourceType_APPSYNC,
+        ResourceType_COGNITO_USER_POOL
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ResourceType = ResourceType'
+  { fromResourceType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ResourceType_API_GATEWAY :: ResourceType
+pattern ResourceType_API_GATEWAY = ResourceType' "API_GATEWAY"
+
+pattern ResourceType_APPLICATION_LOAD_BALANCER :: ResourceType
+pattern ResourceType_APPLICATION_LOAD_BALANCER = ResourceType' "APPLICATION_LOAD_BALANCER"
+
+pattern ResourceType_APPSYNC :: ResourceType
+pattern ResourceType_APPSYNC = ResourceType' "APPSYNC"
+
+pattern ResourceType_COGNITO_USER_POOL :: ResourceType
+pattern ResourceType_COGNITO_USER_POOL = ResourceType' "COGNITO_USER_POOL"
+
+{-# COMPLETE
+  ResourceType_API_GATEWAY,
+  ResourceType_APPLICATION_LOAD_BALANCER,
+  ResourceType_APPSYNC,
+  ResourceType_COGNITO_USER_POOL,
+  ResourceType'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/ResponseContentType.hs b/gen/Amazonka/WAFV2/Types/ResponseContentType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/ResponseContentType.hs
@@ -0,0 +1,76 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.ResponseContentType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.ResponseContentType
+  ( ResponseContentType
+      ( ..,
+        ResponseContentType_APPLICATION_JSON,
+        ResponseContentType_TEXT_HTML,
+        ResponseContentType_TEXT_PLAIN
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype ResponseContentType = ResponseContentType'
+  { fromResponseContentType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern ResponseContentType_APPLICATION_JSON :: ResponseContentType
+pattern ResponseContentType_APPLICATION_JSON = ResponseContentType' "APPLICATION_JSON"
+
+pattern ResponseContentType_TEXT_HTML :: ResponseContentType
+pattern ResponseContentType_TEXT_HTML = ResponseContentType' "TEXT_HTML"
+
+pattern ResponseContentType_TEXT_PLAIN :: ResponseContentType
+pattern ResponseContentType_TEXT_PLAIN = ResponseContentType' "TEXT_PLAIN"
+
+{-# COMPLETE
+  ResponseContentType_APPLICATION_JSON,
+  ResponseContentType_TEXT_HTML,
+  ResponseContentType_TEXT_PLAIN,
+  ResponseContentType'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/Rule.hs b/gen/Amazonka/WAFV2/Types/Rule.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/Rule.hs
@@ -0,0 +1,383 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.Rule
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.Rule where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.CaptchaConfig
+import Amazonka.WAFV2.Types.ChallengeConfig
+import Amazonka.WAFV2.Types.Label
+import Amazonka.WAFV2.Types.OverrideAction
+import Amazonka.WAFV2.Types.RuleAction
+import Amazonka.WAFV2.Types.Statement
+import Amazonka.WAFV2.Types.VisibilityConfig
+
+-- | A single rule, which you can use in a WebACL or RuleGroup to identify
+-- web requests that you want to allow, block, or count. Each rule includes
+-- one top-level Statement that WAF uses to identify matching web requests,
+-- and parameters that govern how WAF handles them.
+--
+-- /See:/ 'newRule' smart constructor.
+data Rule = Rule'
+  { -- | The action that WAF should take on a web request when it matches the
+    -- rule statement. Settings at the web ACL level can override the rule
+    -- action setting.
+    --
+    -- This is used only for rules whose statements do not reference a rule
+    -- group. Rule statements that reference a rule group include
+    -- @RuleGroupReferenceStatement@ and @ManagedRuleGroupStatement@.
+    --
+    -- You must specify either this @Action@ setting or the rule
+    -- @OverrideAction@ setting, but not both:
+    --
+    -- -   If the rule statement does not reference a rule group, use this rule
+    --     action setting and not the rule override action setting.
+    --
+    -- -   If the rule statement references a rule group, use the override
+    --     action setting and not this action setting.
+    action :: Prelude.Maybe RuleAction,
+    -- | Specifies how WAF should handle @CAPTCHA@ evaluations. If you don\'t
+    -- specify this, WAF uses the @CAPTCHA@ configuration that\'s defined for
+    -- the web ACL.
+    captchaConfig :: Prelude.Maybe CaptchaConfig,
+    -- | Specifies how WAF should handle @Challenge@ evaluations. If you don\'t
+    -- specify this, WAF uses the challenge configuration that\'s defined for
+    -- the web ACL.
+    challengeConfig :: Prelude.Maybe ChallengeConfig,
+    -- | The action to use in the place of the action that results from the rule
+    -- group evaluation. Set the override action to none to leave the result of
+    -- the rule group alone. Set it to count to override the result to count
+    -- only.
+    --
+    -- You can only use this for rule statements that reference a rule group,
+    -- like @RuleGroupReferenceStatement@ and @ManagedRuleGroupStatement@.
+    --
+    -- This option is usually set to none. It does not affect how the rules in
+    -- the rule group are evaluated. If you want the rules in the rule group to
+    -- only count matches, do not use this and instead use the rule action
+    -- override option, with @Count@ action, in your rule group reference
+    -- statement settings.
+    overrideAction :: Prelude.Maybe OverrideAction,
+    -- | Labels to apply to web requests that match the rule match statement. WAF
+    -- applies fully qualified labels to matching web requests. A fully
+    -- qualified label is the concatenation of a label namespace and a rule
+    -- label. The rule\'s rule group or web ACL defines the label namespace.
+    --
+    -- Rules that run after this rule in the web ACL can match against these
+    -- labels using a @LabelMatchStatement@.
+    --
+    -- For each label, provide a case-sensitive string containing optional
+    -- namespaces and a label name, according to the following guidelines:
+    --
+    -- -   Separate each component of the label with a colon.
+    --
+    -- -   Each namespace or name can have up to 128 characters.
+    --
+    -- -   You can specify up to 5 namespaces in a label.
+    --
+    -- -   Don\'t use the following reserved words in your label specification:
+    --     @aws@, @waf@, @managed@, @rulegroup@, @webacl@, @regexpatternset@,
+    --     or @ipset@.
+    --
+    -- For example, @myLabelName@ or @nameSpace1:nameSpace2:myLabelName@.
+    ruleLabels :: Prelude.Maybe [Label],
+    -- | The name of the rule. You can\'t change the name of a @Rule@ after you
+    -- create it.
+    name :: Prelude.Text,
+    -- | If you define more than one @Rule@ in a @WebACL@, WAF evaluates each
+    -- request against the @Rules@ in order based on the value of @Priority@.
+    -- WAF processes rules with lower priority first. The priorities don\'t
+    -- need to be consecutive, but they must all be different.
+    priority :: Prelude.Natural,
+    -- | The WAF processing statement for the rule, for example
+    -- ByteMatchStatement or SizeConstraintStatement.
+    statement :: Statement,
+    -- | Defines and enables Amazon CloudWatch metrics and web request sample
+    -- collection.
+    visibilityConfig :: VisibilityConfig
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Rule' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'action', 'rule_action' - The action that WAF should take on a web request when it matches the
+-- rule statement. Settings at the web ACL level can override the rule
+-- action setting.
+--
+-- This is used only for rules whose statements do not reference a rule
+-- group. Rule statements that reference a rule group include
+-- @RuleGroupReferenceStatement@ and @ManagedRuleGroupStatement@.
+--
+-- You must specify either this @Action@ setting or the rule
+-- @OverrideAction@ setting, but not both:
+--
+-- -   If the rule statement does not reference a rule group, use this rule
+--     action setting and not the rule override action setting.
+--
+-- -   If the rule statement references a rule group, use the override
+--     action setting and not this action setting.
+--
+-- 'captchaConfig', 'rule_captchaConfig' - Specifies how WAF should handle @CAPTCHA@ evaluations. If you don\'t
+-- specify this, WAF uses the @CAPTCHA@ configuration that\'s defined for
+-- the web ACL.
+--
+-- 'challengeConfig', 'rule_challengeConfig' - Specifies how WAF should handle @Challenge@ evaluations. If you don\'t
+-- specify this, WAF uses the challenge configuration that\'s defined for
+-- the web ACL.
+--
+-- 'overrideAction', 'rule_overrideAction' - The action to use in the place of the action that results from the rule
+-- group evaluation. Set the override action to none to leave the result of
+-- the rule group alone. Set it to count to override the result to count
+-- only.
+--
+-- You can only use this for rule statements that reference a rule group,
+-- like @RuleGroupReferenceStatement@ and @ManagedRuleGroupStatement@.
+--
+-- This option is usually set to none. It does not affect how the rules in
+-- the rule group are evaluated. If you want the rules in the rule group to
+-- only count matches, do not use this and instead use the rule action
+-- override option, with @Count@ action, in your rule group reference
+-- statement settings.
+--
+-- 'ruleLabels', 'rule_ruleLabels' - Labels to apply to web requests that match the rule match statement. WAF
+-- applies fully qualified labels to matching web requests. A fully
+-- qualified label is the concatenation of a label namespace and a rule
+-- label. The rule\'s rule group or web ACL defines the label namespace.
+--
+-- Rules that run after this rule in the web ACL can match against these
+-- labels using a @LabelMatchStatement@.
+--
+-- For each label, provide a case-sensitive string containing optional
+-- namespaces and a label name, according to the following guidelines:
+--
+-- -   Separate each component of the label with a colon.
+--
+-- -   Each namespace or name can have up to 128 characters.
+--
+-- -   You can specify up to 5 namespaces in a label.
+--
+-- -   Don\'t use the following reserved words in your label specification:
+--     @aws@, @waf@, @managed@, @rulegroup@, @webacl@, @regexpatternset@,
+--     or @ipset@.
+--
+-- For example, @myLabelName@ or @nameSpace1:nameSpace2:myLabelName@.
+--
+-- 'name', 'rule_name' - The name of the rule. You can\'t change the name of a @Rule@ after you
+-- create it.
+--
+-- 'priority', 'rule_priority' - If you define more than one @Rule@ in a @WebACL@, WAF evaluates each
+-- request against the @Rules@ in order based on the value of @Priority@.
+-- WAF processes rules with lower priority first. The priorities don\'t
+-- need to be consecutive, but they must all be different.
+--
+-- 'statement', 'rule_statement' - The WAF processing statement for the rule, for example
+-- ByteMatchStatement or SizeConstraintStatement.
+--
+-- 'visibilityConfig', 'rule_visibilityConfig' - Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+newRule ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'priority'
+  Prelude.Natural ->
+  -- | 'statement'
+  Statement ->
+  -- | 'visibilityConfig'
+  VisibilityConfig ->
+  Rule
+newRule
+  pName_
+  pPriority_
+  pStatement_
+  pVisibilityConfig_ =
+    Rule'
+      { action = Prelude.Nothing,
+        captchaConfig = Prelude.Nothing,
+        challengeConfig = Prelude.Nothing,
+        overrideAction = Prelude.Nothing,
+        ruleLabels = Prelude.Nothing,
+        name = pName_,
+        priority = pPriority_,
+        statement = pStatement_,
+        visibilityConfig = pVisibilityConfig_
+      }
+
+-- | The action that WAF should take on a web request when it matches the
+-- rule statement. Settings at the web ACL level can override the rule
+-- action setting.
+--
+-- This is used only for rules whose statements do not reference a rule
+-- group. Rule statements that reference a rule group include
+-- @RuleGroupReferenceStatement@ and @ManagedRuleGroupStatement@.
+--
+-- You must specify either this @Action@ setting or the rule
+-- @OverrideAction@ setting, but not both:
+--
+-- -   If the rule statement does not reference a rule group, use this rule
+--     action setting and not the rule override action setting.
+--
+-- -   If the rule statement references a rule group, use the override
+--     action setting and not this action setting.
+rule_action :: Lens.Lens' Rule (Prelude.Maybe RuleAction)
+rule_action = Lens.lens (\Rule' {action} -> action) (\s@Rule' {} a -> s {action = a} :: Rule)
+
+-- | Specifies how WAF should handle @CAPTCHA@ evaluations. If you don\'t
+-- specify this, WAF uses the @CAPTCHA@ configuration that\'s defined for
+-- the web ACL.
+rule_captchaConfig :: Lens.Lens' Rule (Prelude.Maybe CaptchaConfig)
+rule_captchaConfig = Lens.lens (\Rule' {captchaConfig} -> captchaConfig) (\s@Rule' {} a -> s {captchaConfig = a} :: Rule)
+
+-- | Specifies how WAF should handle @Challenge@ evaluations. If you don\'t
+-- specify this, WAF uses the challenge configuration that\'s defined for
+-- the web ACL.
+rule_challengeConfig :: Lens.Lens' Rule (Prelude.Maybe ChallengeConfig)
+rule_challengeConfig = Lens.lens (\Rule' {challengeConfig} -> challengeConfig) (\s@Rule' {} a -> s {challengeConfig = a} :: Rule)
+
+-- | The action to use in the place of the action that results from the rule
+-- group evaluation. Set the override action to none to leave the result of
+-- the rule group alone. Set it to count to override the result to count
+-- only.
+--
+-- You can only use this for rule statements that reference a rule group,
+-- like @RuleGroupReferenceStatement@ and @ManagedRuleGroupStatement@.
+--
+-- This option is usually set to none. It does not affect how the rules in
+-- the rule group are evaluated. If you want the rules in the rule group to
+-- only count matches, do not use this and instead use the rule action
+-- override option, with @Count@ action, in your rule group reference
+-- statement settings.
+rule_overrideAction :: Lens.Lens' Rule (Prelude.Maybe OverrideAction)
+rule_overrideAction = Lens.lens (\Rule' {overrideAction} -> overrideAction) (\s@Rule' {} a -> s {overrideAction = a} :: Rule)
+
+-- | Labels to apply to web requests that match the rule match statement. WAF
+-- applies fully qualified labels to matching web requests. A fully
+-- qualified label is the concatenation of a label namespace and a rule
+-- label. The rule\'s rule group or web ACL defines the label namespace.
+--
+-- Rules that run after this rule in the web ACL can match against these
+-- labels using a @LabelMatchStatement@.
+--
+-- For each label, provide a case-sensitive string containing optional
+-- namespaces and a label name, according to the following guidelines:
+--
+-- -   Separate each component of the label with a colon.
+--
+-- -   Each namespace or name can have up to 128 characters.
+--
+-- -   You can specify up to 5 namespaces in a label.
+--
+-- -   Don\'t use the following reserved words in your label specification:
+--     @aws@, @waf@, @managed@, @rulegroup@, @webacl@, @regexpatternset@,
+--     or @ipset@.
+--
+-- For example, @myLabelName@ or @nameSpace1:nameSpace2:myLabelName@.
+rule_ruleLabels :: Lens.Lens' Rule (Prelude.Maybe [Label])
+rule_ruleLabels = Lens.lens (\Rule' {ruleLabels} -> ruleLabels) (\s@Rule' {} a -> s {ruleLabels = a} :: Rule) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the rule. You can\'t change the name of a @Rule@ after you
+-- create it.
+rule_name :: Lens.Lens' Rule Prelude.Text
+rule_name = Lens.lens (\Rule' {name} -> name) (\s@Rule' {} a -> s {name = a} :: Rule)
+
+-- | If you define more than one @Rule@ in a @WebACL@, WAF evaluates each
+-- request against the @Rules@ in order based on the value of @Priority@.
+-- WAF processes rules with lower priority first. The priorities don\'t
+-- need to be consecutive, but they must all be different.
+rule_priority :: Lens.Lens' Rule Prelude.Natural
+rule_priority = Lens.lens (\Rule' {priority} -> priority) (\s@Rule' {} a -> s {priority = a} :: Rule)
+
+-- | The WAF processing statement for the rule, for example
+-- ByteMatchStatement or SizeConstraintStatement.
+rule_statement :: Lens.Lens' Rule Statement
+rule_statement = Lens.lens (\Rule' {statement} -> statement) (\s@Rule' {} a -> s {statement = a} :: Rule)
+
+-- | Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+rule_visibilityConfig :: Lens.Lens' Rule VisibilityConfig
+rule_visibilityConfig = Lens.lens (\Rule' {visibilityConfig} -> visibilityConfig) (\s@Rule' {} a -> s {visibilityConfig = a} :: Rule)
+
+instance Data.FromJSON Rule where
+  parseJSON =
+    Data.withObject
+      "Rule"
+      ( \x ->
+          Rule'
+            Prelude.<$> (x Data..:? "Action")
+            Prelude.<*> (x Data..:? "CaptchaConfig")
+            Prelude.<*> (x Data..:? "ChallengeConfig")
+            Prelude.<*> (x Data..:? "OverrideAction")
+            Prelude.<*> (x Data..:? "RuleLabels" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..: "Name")
+            Prelude.<*> (x Data..: "Priority")
+            Prelude.<*> (x Data..: "Statement")
+            Prelude.<*> (x Data..: "VisibilityConfig")
+      )
+
+instance Prelude.Hashable Rule where
+  hashWithSalt _salt Rule' {..} =
+    _salt
+      `Prelude.hashWithSalt` action
+      `Prelude.hashWithSalt` captchaConfig
+      `Prelude.hashWithSalt` challengeConfig
+      `Prelude.hashWithSalt` overrideAction
+      `Prelude.hashWithSalt` ruleLabels
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` priority
+      `Prelude.hashWithSalt` statement
+      `Prelude.hashWithSalt` visibilityConfig
+
+instance Prelude.NFData Rule where
+  rnf Rule' {..} =
+    Prelude.rnf action
+      `Prelude.seq` Prelude.rnf captchaConfig
+      `Prelude.seq` Prelude.rnf challengeConfig
+      `Prelude.seq` Prelude.rnf overrideAction
+      `Prelude.seq` Prelude.rnf ruleLabels
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf priority
+      `Prelude.seq` Prelude.rnf statement
+      `Prelude.seq` Prelude.rnf visibilityConfig
+
+instance Data.ToJSON Rule where
+  toJSON Rule' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Action" Data..=) Prelude.<$> action,
+            ("CaptchaConfig" Data..=) Prelude.<$> captchaConfig,
+            ("ChallengeConfig" Data..=)
+              Prelude.<$> challengeConfig,
+            ("OverrideAction" Data..=)
+              Prelude.<$> overrideAction,
+            ("RuleLabels" Data..=) Prelude.<$> ruleLabels,
+            Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Priority" Data..= priority),
+            Prelude.Just ("Statement" Data..= statement),
+            Prelude.Just
+              ("VisibilityConfig" Data..= visibilityConfig)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/RuleAction.hs b/gen/Amazonka/WAFV2/Types/RuleAction.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/RuleAction.hs
@@ -0,0 +1,142 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.RuleAction
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.RuleAction where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.AllowAction
+import Amazonka.WAFV2.Types.BlockAction
+import Amazonka.WAFV2.Types.CaptchaAction
+import Amazonka.WAFV2.Types.ChallengeAction
+import Amazonka.WAFV2.Types.CountAction
+
+-- | The action that WAF should take on a web request when it matches a
+-- rule\'s statement. Settings at the web ACL level can override the rule
+-- action setting.
+--
+-- /See:/ 'newRuleAction' smart constructor.
+data RuleAction = RuleAction'
+  { -- | Instructs WAF to allow the web request.
+    allow :: Prelude.Maybe AllowAction,
+    -- | Instructs WAF to block the web request.
+    block :: Prelude.Maybe BlockAction,
+    -- | Instructs WAF to run a @CAPTCHA@ check against the web request.
+    captcha :: Prelude.Maybe CaptchaAction,
+    -- | Instructs WAF to run a @Challenge@ check against the web request.
+    challenge :: Prelude.Maybe ChallengeAction,
+    -- | Instructs WAF to count the web request and then continue evaluating the
+    -- request using the remaining rules in the web ACL.
+    count :: Prelude.Maybe CountAction
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleAction' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'allow', 'ruleAction_allow' - Instructs WAF to allow the web request.
+--
+-- 'block', 'ruleAction_block' - Instructs WAF to block the web request.
+--
+-- 'captcha', 'ruleAction_captcha' - Instructs WAF to run a @CAPTCHA@ check against the web request.
+--
+-- 'challenge', 'ruleAction_challenge' - Instructs WAF to run a @Challenge@ check against the web request.
+--
+-- 'count', 'ruleAction_count' - Instructs WAF to count the web request and then continue evaluating the
+-- request using the remaining rules in the web ACL.
+newRuleAction ::
+  RuleAction
+newRuleAction =
+  RuleAction'
+    { allow = Prelude.Nothing,
+      block = Prelude.Nothing,
+      captcha = Prelude.Nothing,
+      challenge = Prelude.Nothing,
+      count = Prelude.Nothing
+    }
+
+-- | Instructs WAF to allow the web request.
+ruleAction_allow :: Lens.Lens' RuleAction (Prelude.Maybe AllowAction)
+ruleAction_allow = Lens.lens (\RuleAction' {allow} -> allow) (\s@RuleAction' {} a -> s {allow = a} :: RuleAction)
+
+-- | Instructs WAF to block the web request.
+ruleAction_block :: Lens.Lens' RuleAction (Prelude.Maybe BlockAction)
+ruleAction_block = Lens.lens (\RuleAction' {block} -> block) (\s@RuleAction' {} a -> s {block = a} :: RuleAction)
+
+-- | Instructs WAF to run a @CAPTCHA@ check against the web request.
+ruleAction_captcha :: Lens.Lens' RuleAction (Prelude.Maybe CaptchaAction)
+ruleAction_captcha = Lens.lens (\RuleAction' {captcha} -> captcha) (\s@RuleAction' {} a -> s {captcha = a} :: RuleAction)
+
+-- | Instructs WAF to run a @Challenge@ check against the web request.
+ruleAction_challenge :: Lens.Lens' RuleAction (Prelude.Maybe ChallengeAction)
+ruleAction_challenge = Lens.lens (\RuleAction' {challenge} -> challenge) (\s@RuleAction' {} a -> s {challenge = a} :: RuleAction)
+
+-- | Instructs WAF to count the web request and then continue evaluating the
+-- request using the remaining rules in the web ACL.
+ruleAction_count :: Lens.Lens' RuleAction (Prelude.Maybe CountAction)
+ruleAction_count = Lens.lens (\RuleAction' {count} -> count) (\s@RuleAction' {} a -> s {count = a} :: RuleAction)
+
+instance Data.FromJSON RuleAction where
+  parseJSON =
+    Data.withObject
+      "RuleAction"
+      ( \x ->
+          RuleAction'
+            Prelude.<$> (x Data..:? "Allow")
+            Prelude.<*> (x Data..:? "Block")
+            Prelude.<*> (x Data..:? "Captcha")
+            Prelude.<*> (x Data..:? "Challenge")
+            Prelude.<*> (x Data..:? "Count")
+      )
+
+instance Prelude.Hashable RuleAction where
+  hashWithSalt _salt RuleAction' {..} =
+    _salt
+      `Prelude.hashWithSalt` allow
+      `Prelude.hashWithSalt` block
+      `Prelude.hashWithSalt` captcha
+      `Prelude.hashWithSalt` challenge
+      `Prelude.hashWithSalt` count
+
+instance Prelude.NFData RuleAction where
+  rnf RuleAction' {..} =
+    Prelude.rnf allow
+      `Prelude.seq` Prelude.rnf block
+      `Prelude.seq` Prelude.rnf captcha
+      `Prelude.seq` Prelude.rnf challenge
+      `Prelude.seq` Prelude.rnf count
+
+instance Data.ToJSON RuleAction where
+  toJSON RuleAction' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Allow" Data..=) Prelude.<$> allow,
+            ("Block" Data..=) Prelude.<$> block,
+            ("Captcha" Data..=) Prelude.<$> captcha,
+            ("Challenge" Data..=) Prelude.<$> challenge,
+            ("Count" Data..=) Prelude.<$> count
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/RuleActionOverride.hs b/gen/Amazonka/WAFV2/Types/RuleActionOverride.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/RuleActionOverride.hs
@@ -0,0 +1,109 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.RuleActionOverride
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.RuleActionOverride where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.RuleAction
+
+-- | Action setting to use in the place of a rule action that is configured
+-- inside the rule group. You specify one override for each rule whose
+-- action you want to change.
+--
+-- You can use overrides for testing, for example you can override all of
+-- rule actions to @Count@ and then monitor the resulting count metrics to
+-- understand how the rule group would handle your web traffic. You can
+-- also permanently override some or all actions, to modify how the rule
+-- group manages your web traffic.
+--
+-- /See:/ 'newRuleActionOverride' smart constructor.
+data RuleActionOverride = RuleActionOverride'
+  { -- | The name of the rule to override.
+    name :: Prelude.Text,
+    -- | The override action to use, in place of the configured action of the
+    -- rule in the rule group.
+    actionToUse :: RuleAction
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleActionOverride' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'ruleActionOverride_name' - The name of the rule to override.
+--
+-- 'actionToUse', 'ruleActionOverride_actionToUse' - The override action to use, in place of the configured action of the
+-- rule in the rule group.
+newRuleActionOverride ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'actionToUse'
+  RuleAction ->
+  RuleActionOverride
+newRuleActionOverride pName_ pActionToUse_ =
+  RuleActionOverride'
+    { name = pName_,
+      actionToUse = pActionToUse_
+    }
+
+-- | The name of the rule to override.
+ruleActionOverride_name :: Lens.Lens' RuleActionOverride Prelude.Text
+ruleActionOverride_name = Lens.lens (\RuleActionOverride' {name} -> name) (\s@RuleActionOverride' {} a -> s {name = a} :: RuleActionOverride)
+
+-- | The override action to use, in place of the configured action of the
+-- rule in the rule group.
+ruleActionOverride_actionToUse :: Lens.Lens' RuleActionOverride RuleAction
+ruleActionOverride_actionToUse = Lens.lens (\RuleActionOverride' {actionToUse} -> actionToUse) (\s@RuleActionOverride' {} a -> s {actionToUse = a} :: RuleActionOverride)
+
+instance Data.FromJSON RuleActionOverride where
+  parseJSON =
+    Data.withObject
+      "RuleActionOverride"
+      ( \x ->
+          RuleActionOverride'
+            Prelude.<$> (x Data..: "Name")
+            Prelude.<*> (x Data..: "ActionToUse")
+      )
+
+instance Prelude.Hashable RuleActionOverride where
+  hashWithSalt _salt RuleActionOverride' {..} =
+    _salt
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` actionToUse
+
+instance Prelude.NFData RuleActionOverride where
+  rnf RuleActionOverride' {..} =
+    Prelude.rnf name
+      `Prelude.seq` Prelude.rnf actionToUse
+
+instance Data.ToJSON RuleActionOverride where
+  toJSON RuleActionOverride' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("ActionToUse" Data..= actionToUse)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/RuleGroup.hs b/gen/Amazonka/WAFV2/Types/RuleGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/RuleGroup.hs
@@ -0,0 +1,374 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.RuleGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.RuleGroup where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.CustomResponseBody
+import Amazonka.WAFV2.Types.LabelSummary
+import Amazonka.WAFV2.Types.Rule
+import Amazonka.WAFV2.Types.VisibilityConfig
+
+-- | A rule group defines a collection of rules to inspect and control web
+-- requests that you can use in a WebACL. When you create a rule group, you
+-- define an immutable capacity limit. If you update a rule group, you must
+-- stay within the capacity. This allows others to reuse the rule group
+-- with confidence in its capacity requirements.
+--
+-- /See:/ 'newRuleGroup' smart constructor.
+data RuleGroup = RuleGroup'
+  { -- | The labels that one or more rules in this rule group add to matching web
+    -- requests. These labels are defined in the @RuleLabels@ for a Rule.
+    availableLabels :: Prelude.Maybe [LabelSummary],
+    -- | The labels that one or more rules in this rule group match against in
+    -- label match statements. These labels are defined in a
+    -- @LabelMatchStatement@ specification, in the Statement definition of a
+    -- rule.
+    consumedLabels :: Prelude.Maybe [LabelSummary],
+    -- | A map of custom response keys and content bodies. When you create a rule
+    -- with a block action, you can send a custom response to the web request.
+    -- You define these for the rule group, and then use them in the rules that
+    -- you define in the rule group.
+    --
+    -- For information about customizing web requests and responses, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+    -- in the
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+    --
+    -- For information about the limits on count and size for custom request
+    -- and response settings, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+    -- in the
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+    customResponseBodies :: Prelude.Maybe (Prelude.HashMap Prelude.Text CustomResponseBody),
+    -- | A description of the rule group that helps with identification.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The label namespace prefix for this rule group. All labels added by
+    -- rules in this rule group have this prefix.
+    --
+    -- -   The syntax for the label namespace prefix for your rule groups is
+    --     the following:
+    --
+    --     @awswaf:\<account ID>:rulegroup:\<rule group name>:@
+    --
+    -- -   When a rule with a label matches a web request, WAF adds the fully
+    --     qualified label to the request. A fully qualified label is made up
+    --     of the label namespace from the rule group or web ACL where the rule
+    --     is defined and the label from the rule, separated by a colon:
+    --
+    --     @\<label namespace>:\<label from rule>@
+    labelNamespace :: Prelude.Maybe Prelude.Text,
+    -- | The Rule statements used to identify the web requests that you want to
+    -- allow, block, or count. Each rule includes one top-level statement that
+    -- WAF uses to identify matching web requests, and parameters that govern
+    -- how WAF handles them.
+    rules :: Prelude.Maybe [Rule],
+    -- | The name of the rule group. You cannot change the name of a rule group
+    -- after you create it.
+    name :: Prelude.Text,
+    -- | A unique identifier for the rule group. This ID is returned in the
+    -- responses to create and list commands. You provide it to operations like
+    -- update and delete.
+    id :: Prelude.Text,
+    -- | The web ACL capacity units (WCUs) required for this rule group.
+    --
+    -- When you create your own rule group, you define this, and you cannot
+    -- change it after creation. When you add or modify the rules in a rule
+    -- group, WAF enforces this limit. You can check the capacity for a set of
+    -- rules using CheckCapacity.
+    --
+    -- WAF uses WCUs to calculate and control the operating resources that are
+    -- used to run your rules, rule groups, and web ACLs. WAF calculates
+    -- capacity differently for each rule type, to reflect the relative cost of
+    -- each rule. Simple rules that cost little to run use fewer WCUs than more
+    -- complex rules that use more processing power. Rule group capacity is
+    -- fixed at creation, which helps users plan their web ACL WCU usage when
+    -- they use a rule group. The WCU limit for web ACLs is 1,500.
+    capacity :: Prelude.Natural,
+    -- | The Amazon Resource Name (ARN) of the entity.
+    arn :: Prelude.Text,
+    -- | Defines and enables Amazon CloudWatch metrics and web request sample
+    -- collection.
+    visibilityConfig :: VisibilityConfig
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'availableLabels', 'ruleGroup_availableLabels' - The labels that one or more rules in this rule group add to matching web
+-- requests. These labels are defined in the @RuleLabels@ for a Rule.
+--
+-- 'consumedLabels', 'ruleGroup_consumedLabels' - The labels that one or more rules in this rule group match against in
+-- label match statements. These labels are defined in a
+-- @LabelMatchStatement@ specification, in the Statement definition of a
+-- rule.
+--
+-- 'customResponseBodies', 'ruleGroup_customResponseBodies' - A map of custom response keys and content bodies. When you create a rule
+-- with a block action, you can send a custom response to the web request.
+-- You define these for the rule group, and then use them in the rules that
+-- you define in the rule group.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- For information about the limits on count and size for custom request
+-- and response settings, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- 'description', 'ruleGroup_description' - A description of the rule group that helps with identification.
+--
+-- 'labelNamespace', 'ruleGroup_labelNamespace' - The label namespace prefix for this rule group. All labels added by
+-- rules in this rule group have this prefix.
+--
+-- -   The syntax for the label namespace prefix for your rule groups is
+--     the following:
+--
+--     @awswaf:\<account ID>:rulegroup:\<rule group name>:@
+--
+-- -   When a rule with a label matches a web request, WAF adds the fully
+--     qualified label to the request. A fully qualified label is made up
+--     of the label namespace from the rule group or web ACL where the rule
+--     is defined and the label from the rule, separated by a colon:
+--
+--     @\<label namespace>:\<label from rule>@
+--
+-- 'rules', 'ruleGroup_rules' - The Rule statements used to identify the web requests that you want to
+-- allow, block, or count. Each rule includes one top-level statement that
+-- WAF uses to identify matching web requests, and parameters that govern
+-- how WAF handles them.
+--
+-- 'name', 'ruleGroup_name' - The name of the rule group. You cannot change the name of a rule group
+-- after you create it.
+--
+-- 'id', 'ruleGroup_id' - A unique identifier for the rule group. This ID is returned in the
+-- responses to create and list commands. You provide it to operations like
+-- update and delete.
+--
+-- 'capacity', 'ruleGroup_capacity' - The web ACL capacity units (WCUs) required for this rule group.
+--
+-- When you create your own rule group, you define this, and you cannot
+-- change it after creation. When you add or modify the rules in a rule
+-- group, WAF enforces this limit. You can check the capacity for a set of
+-- rules using CheckCapacity.
+--
+-- WAF uses WCUs to calculate and control the operating resources that are
+-- used to run your rules, rule groups, and web ACLs. WAF calculates
+-- capacity differently for each rule type, to reflect the relative cost of
+-- each rule. Simple rules that cost little to run use fewer WCUs than more
+-- complex rules that use more processing power. Rule group capacity is
+-- fixed at creation, which helps users plan their web ACL WCU usage when
+-- they use a rule group. The WCU limit for web ACLs is 1,500.
+--
+-- 'arn', 'ruleGroup_arn' - The Amazon Resource Name (ARN) of the entity.
+--
+-- 'visibilityConfig', 'ruleGroup_visibilityConfig' - Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+newRuleGroup ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'capacity'
+  Prelude.Natural ->
+  -- | 'arn'
+  Prelude.Text ->
+  -- | 'visibilityConfig'
+  VisibilityConfig ->
+  RuleGroup
+newRuleGroup
+  pName_
+  pId_
+  pCapacity_
+  pARN_
+  pVisibilityConfig_ =
+    RuleGroup'
+      { availableLabels = Prelude.Nothing,
+        consumedLabels = Prelude.Nothing,
+        customResponseBodies = Prelude.Nothing,
+        description = Prelude.Nothing,
+        labelNamespace = Prelude.Nothing,
+        rules = Prelude.Nothing,
+        name = pName_,
+        id = pId_,
+        capacity = pCapacity_,
+        arn = pARN_,
+        visibilityConfig = pVisibilityConfig_
+      }
+
+-- | The labels that one or more rules in this rule group add to matching web
+-- requests. These labels are defined in the @RuleLabels@ for a Rule.
+ruleGroup_availableLabels :: Lens.Lens' RuleGroup (Prelude.Maybe [LabelSummary])
+ruleGroup_availableLabels = Lens.lens (\RuleGroup' {availableLabels} -> availableLabels) (\s@RuleGroup' {} a -> s {availableLabels = a} :: RuleGroup) Prelude.. Lens.mapping Lens.coerced
+
+-- | The labels that one or more rules in this rule group match against in
+-- label match statements. These labels are defined in a
+-- @LabelMatchStatement@ specification, in the Statement definition of a
+-- rule.
+ruleGroup_consumedLabels :: Lens.Lens' RuleGroup (Prelude.Maybe [LabelSummary])
+ruleGroup_consumedLabels = Lens.lens (\RuleGroup' {consumedLabels} -> consumedLabels) (\s@RuleGroup' {} a -> s {consumedLabels = a} :: RuleGroup) Prelude.. Lens.mapping Lens.coerced
+
+-- | A map of custom response keys and content bodies. When you create a rule
+-- with a block action, you can send a custom response to the web request.
+-- You define these for the rule group, and then use them in the rules that
+-- you define in the rule group.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- For information about the limits on count and size for custom request
+-- and response settings, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+ruleGroup_customResponseBodies :: Lens.Lens' RuleGroup (Prelude.Maybe (Prelude.HashMap Prelude.Text CustomResponseBody))
+ruleGroup_customResponseBodies = Lens.lens (\RuleGroup' {customResponseBodies} -> customResponseBodies) (\s@RuleGroup' {} a -> s {customResponseBodies = a} :: RuleGroup) Prelude.. Lens.mapping Lens.coerced
+
+-- | A description of the rule group that helps with identification.
+ruleGroup_description :: Lens.Lens' RuleGroup (Prelude.Maybe Prelude.Text)
+ruleGroup_description = Lens.lens (\RuleGroup' {description} -> description) (\s@RuleGroup' {} a -> s {description = a} :: RuleGroup)
+
+-- | The label namespace prefix for this rule group. All labels added by
+-- rules in this rule group have this prefix.
+--
+-- -   The syntax for the label namespace prefix for your rule groups is
+--     the following:
+--
+--     @awswaf:\<account ID>:rulegroup:\<rule group name>:@
+--
+-- -   When a rule with a label matches a web request, WAF adds the fully
+--     qualified label to the request. A fully qualified label is made up
+--     of the label namespace from the rule group or web ACL where the rule
+--     is defined and the label from the rule, separated by a colon:
+--
+--     @\<label namespace>:\<label from rule>@
+ruleGroup_labelNamespace :: Lens.Lens' RuleGroup (Prelude.Maybe Prelude.Text)
+ruleGroup_labelNamespace = Lens.lens (\RuleGroup' {labelNamespace} -> labelNamespace) (\s@RuleGroup' {} a -> s {labelNamespace = a} :: RuleGroup)
+
+-- | The Rule statements used to identify the web requests that you want to
+-- allow, block, or count. Each rule includes one top-level statement that
+-- WAF uses to identify matching web requests, and parameters that govern
+-- how WAF handles them.
+ruleGroup_rules :: Lens.Lens' RuleGroup (Prelude.Maybe [Rule])
+ruleGroup_rules = Lens.lens (\RuleGroup' {rules} -> rules) (\s@RuleGroup' {} a -> s {rules = a} :: RuleGroup) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the rule group. You cannot change the name of a rule group
+-- after you create it.
+ruleGroup_name :: Lens.Lens' RuleGroup Prelude.Text
+ruleGroup_name = Lens.lens (\RuleGroup' {name} -> name) (\s@RuleGroup' {} a -> s {name = a} :: RuleGroup)
+
+-- | A unique identifier for the rule group. This ID is returned in the
+-- responses to create and list commands. You provide it to operations like
+-- update and delete.
+ruleGroup_id :: Lens.Lens' RuleGroup Prelude.Text
+ruleGroup_id = Lens.lens (\RuleGroup' {id} -> id) (\s@RuleGroup' {} a -> s {id = a} :: RuleGroup)
+
+-- | The web ACL capacity units (WCUs) required for this rule group.
+--
+-- When you create your own rule group, you define this, and you cannot
+-- change it after creation. When you add or modify the rules in a rule
+-- group, WAF enforces this limit. You can check the capacity for a set of
+-- rules using CheckCapacity.
+--
+-- WAF uses WCUs to calculate and control the operating resources that are
+-- used to run your rules, rule groups, and web ACLs. WAF calculates
+-- capacity differently for each rule type, to reflect the relative cost of
+-- each rule. Simple rules that cost little to run use fewer WCUs than more
+-- complex rules that use more processing power. Rule group capacity is
+-- fixed at creation, which helps users plan their web ACL WCU usage when
+-- they use a rule group. The WCU limit for web ACLs is 1,500.
+ruleGroup_capacity :: Lens.Lens' RuleGroup Prelude.Natural
+ruleGroup_capacity = Lens.lens (\RuleGroup' {capacity} -> capacity) (\s@RuleGroup' {} a -> s {capacity = a} :: RuleGroup)
+
+-- | The Amazon Resource Name (ARN) of the entity.
+ruleGroup_arn :: Lens.Lens' RuleGroup Prelude.Text
+ruleGroup_arn = Lens.lens (\RuleGroup' {arn} -> arn) (\s@RuleGroup' {} a -> s {arn = a} :: RuleGroup)
+
+-- | Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+ruleGroup_visibilityConfig :: Lens.Lens' RuleGroup VisibilityConfig
+ruleGroup_visibilityConfig = Lens.lens (\RuleGroup' {visibilityConfig} -> visibilityConfig) (\s@RuleGroup' {} a -> s {visibilityConfig = a} :: RuleGroup)
+
+instance Data.FromJSON RuleGroup where
+  parseJSON =
+    Data.withObject
+      "RuleGroup"
+      ( \x ->
+          RuleGroup'
+            Prelude.<$> ( x
+                            Data..:? "AvailableLabels"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ConsumedLabels" Data..!= Prelude.mempty)
+            Prelude.<*> ( x
+                            Data..:? "CustomResponseBodies"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "LabelNamespace")
+            Prelude.<*> (x Data..:? "Rules" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..: "Name")
+            Prelude.<*> (x Data..: "Id")
+            Prelude.<*> (x Data..: "Capacity")
+            Prelude.<*> (x Data..: "ARN")
+            Prelude.<*> (x Data..: "VisibilityConfig")
+      )
+
+instance Prelude.Hashable RuleGroup where
+  hashWithSalt _salt RuleGroup' {..} =
+    _salt
+      `Prelude.hashWithSalt` availableLabels
+      `Prelude.hashWithSalt` consumedLabels
+      `Prelude.hashWithSalt` customResponseBodies
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` labelNamespace
+      `Prelude.hashWithSalt` rules
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` capacity
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` visibilityConfig
+
+instance Prelude.NFData RuleGroup where
+  rnf RuleGroup' {..} =
+    Prelude.rnf availableLabels
+      `Prelude.seq` Prelude.rnf consumedLabels
+      `Prelude.seq` Prelude.rnf customResponseBodies
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf labelNamespace
+      `Prelude.seq` Prelude.rnf rules
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf capacity
+      `Prelude.seq` Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf visibilityConfig
diff --git a/gen/Amazonka/WAFV2/Types/RuleGroupReferenceStatement.hs b/gen/Amazonka/WAFV2/Types/RuleGroupReferenceStatement.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/RuleGroupReferenceStatement.hs
@@ -0,0 +1,151 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.RuleGroupReferenceStatement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.RuleGroupReferenceStatement where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.ExcludedRule
+import Amazonka.WAFV2.Types.RuleActionOverride
+
+-- | A rule statement used to run the rules that are defined in a RuleGroup.
+-- To use this, create a rule group with your rules, then provide the ARN
+-- of the rule group in this statement.
+--
+-- You cannot nest a @RuleGroupReferenceStatement@, for example for use
+-- inside a @NotStatement@ or @OrStatement@. You can only use a rule group
+-- reference statement at the top level inside a web ACL.
+--
+-- /See:/ 'newRuleGroupReferenceStatement' smart constructor.
+data RuleGroupReferenceStatement = RuleGroupReferenceStatement'
+  { -- | Rules in the referenced rule group whose actions are set to @Count@.
+    --
+    -- Instead of this option, use @RuleActionOverrides@. It accepts any valid
+    -- action setting, including @Count@.
+    excludedRules :: Prelude.Maybe [ExcludedRule],
+    -- | Action settings to use in the place of the rule actions that are
+    -- configured inside the rule group. You specify one override for each rule
+    -- whose action you want to change.
+    --
+    -- You can use overrides for testing, for example you can override all of
+    -- rule actions to @Count@ and then monitor the resulting count metrics to
+    -- understand how the rule group would handle your web traffic. You can
+    -- also permanently override some or all actions, to modify how the rule
+    -- group manages your web traffic.
+    ruleActionOverrides :: Prelude.Maybe (Prelude.NonEmpty RuleActionOverride),
+    -- | The Amazon Resource Name (ARN) of the entity.
+    arn :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleGroupReferenceStatement' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'excludedRules', 'ruleGroupReferenceStatement_excludedRules' - Rules in the referenced rule group whose actions are set to @Count@.
+--
+-- Instead of this option, use @RuleActionOverrides@. It accepts any valid
+-- action setting, including @Count@.
+--
+-- 'ruleActionOverrides', 'ruleGroupReferenceStatement_ruleActionOverrides' - Action settings to use in the place of the rule actions that are
+-- configured inside the rule group. You specify one override for each rule
+-- whose action you want to change.
+--
+-- You can use overrides for testing, for example you can override all of
+-- rule actions to @Count@ and then monitor the resulting count metrics to
+-- understand how the rule group would handle your web traffic. You can
+-- also permanently override some or all actions, to modify how the rule
+-- group manages your web traffic.
+--
+-- 'arn', 'ruleGroupReferenceStatement_arn' - The Amazon Resource Name (ARN) of the entity.
+newRuleGroupReferenceStatement ::
+  -- | 'arn'
+  Prelude.Text ->
+  RuleGroupReferenceStatement
+newRuleGroupReferenceStatement pARN_ =
+  RuleGroupReferenceStatement'
+    { excludedRules =
+        Prelude.Nothing,
+      ruleActionOverrides = Prelude.Nothing,
+      arn = pARN_
+    }
+
+-- | Rules in the referenced rule group whose actions are set to @Count@.
+--
+-- Instead of this option, use @RuleActionOverrides@. It accepts any valid
+-- action setting, including @Count@.
+ruleGroupReferenceStatement_excludedRules :: Lens.Lens' RuleGroupReferenceStatement (Prelude.Maybe [ExcludedRule])
+ruleGroupReferenceStatement_excludedRules = Lens.lens (\RuleGroupReferenceStatement' {excludedRules} -> excludedRules) (\s@RuleGroupReferenceStatement' {} a -> s {excludedRules = a} :: RuleGroupReferenceStatement) Prelude.. Lens.mapping Lens.coerced
+
+-- | Action settings to use in the place of the rule actions that are
+-- configured inside the rule group. You specify one override for each rule
+-- whose action you want to change.
+--
+-- You can use overrides for testing, for example you can override all of
+-- rule actions to @Count@ and then monitor the resulting count metrics to
+-- understand how the rule group would handle your web traffic. You can
+-- also permanently override some or all actions, to modify how the rule
+-- group manages your web traffic.
+ruleGroupReferenceStatement_ruleActionOverrides :: Lens.Lens' RuleGroupReferenceStatement (Prelude.Maybe (Prelude.NonEmpty RuleActionOverride))
+ruleGroupReferenceStatement_ruleActionOverrides = Lens.lens (\RuleGroupReferenceStatement' {ruleActionOverrides} -> ruleActionOverrides) (\s@RuleGroupReferenceStatement' {} a -> s {ruleActionOverrides = a} :: RuleGroupReferenceStatement) Prelude.. Lens.mapping Lens.coerced
+
+-- | The Amazon Resource Name (ARN) of the entity.
+ruleGroupReferenceStatement_arn :: Lens.Lens' RuleGroupReferenceStatement Prelude.Text
+ruleGroupReferenceStatement_arn = Lens.lens (\RuleGroupReferenceStatement' {arn} -> arn) (\s@RuleGroupReferenceStatement' {} a -> s {arn = a} :: RuleGroupReferenceStatement)
+
+instance Data.FromJSON RuleGroupReferenceStatement where
+  parseJSON =
+    Data.withObject
+      "RuleGroupReferenceStatement"
+      ( \x ->
+          RuleGroupReferenceStatement'
+            Prelude.<$> (x Data..:? "ExcludedRules" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "RuleActionOverrides")
+            Prelude.<*> (x Data..: "ARN")
+      )
+
+instance Prelude.Hashable RuleGroupReferenceStatement where
+  hashWithSalt _salt RuleGroupReferenceStatement' {..} =
+    _salt
+      `Prelude.hashWithSalt` excludedRules
+      `Prelude.hashWithSalt` ruleActionOverrides
+      `Prelude.hashWithSalt` arn
+
+instance Prelude.NFData RuleGroupReferenceStatement where
+  rnf RuleGroupReferenceStatement' {..} =
+    Prelude.rnf excludedRules
+      `Prelude.seq` Prelude.rnf ruleActionOverrides
+      `Prelude.seq` Prelude.rnf arn
+
+instance Data.ToJSON RuleGroupReferenceStatement where
+  toJSON RuleGroupReferenceStatement' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("ExcludedRules" Data..=) Prelude.<$> excludedRules,
+            ("RuleActionOverrides" Data..=)
+              Prelude.<$> ruleActionOverrides,
+            Prelude.Just ("ARN" Data..= arn)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/RuleGroupSummary.hs b/gen/Amazonka/WAFV2/Types/RuleGroupSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/RuleGroupSummary.hs
@@ -0,0 +1,153 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.RuleGroupSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.RuleGroupSummary where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | High-level information about a RuleGroup, returned by operations like
+-- create and list. This provides information like the ID, that you can use
+-- to retrieve and manage a @RuleGroup@, and the ARN, that you provide to
+-- the RuleGroupReferenceStatement to use the rule group in a Rule.
+--
+-- /See:/ 'newRuleGroupSummary' smart constructor.
+data RuleGroupSummary = RuleGroupSummary'
+  { -- | The Amazon Resource Name (ARN) of the entity.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | A description of the rule group that helps with identification.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | A unique identifier for the rule group. This ID is returned in the
+    -- responses to create and list commands. You provide it to operations like
+    -- update and delete.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    lockToken :: Prelude.Maybe Prelude.Text,
+    -- | The name of the data type instance. You cannot change the name after you
+    -- create the instance.
+    name :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleGroupSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'ruleGroupSummary_arn' - The Amazon Resource Name (ARN) of the entity.
+--
+-- 'description', 'ruleGroupSummary_description' - A description of the rule group that helps with identification.
+--
+-- 'id', 'ruleGroupSummary_id' - A unique identifier for the rule group. This ID is returned in the
+-- responses to create and list commands. You provide it to operations like
+-- update and delete.
+--
+-- 'lockToken', 'ruleGroupSummary_lockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+--
+-- 'name', 'ruleGroupSummary_name' - The name of the data type instance. You cannot change the name after you
+-- create the instance.
+newRuleGroupSummary ::
+  RuleGroupSummary
+newRuleGroupSummary =
+  RuleGroupSummary'
+    { arn = Prelude.Nothing,
+      description = Prelude.Nothing,
+      id = Prelude.Nothing,
+      lockToken = Prelude.Nothing,
+      name = Prelude.Nothing
+    }
+
+-- | The Amazon Resource Name (ARN) of the entity.
+ruleGroupSummary_arn :: Lens.Lens' RuleGroupSummary (Prelude.Maybe Prelude.Text)
+ruleGroupSummary_arn = Lens.lens (\RuleGroupSummary' {arn} -> arn) (\s@RuleGroupSummary' {} a -> s {arn = a} :: RuleGroupSummary)
+
+-- | A description of the rule group that helps with identification.
+ruleGroupSummary_description :: Lens.Lens' RuleGroupSummary (Prelude.Maybe Prelude.Text)
+ruleGroupSummary_description = Lens.lens (\RuleGroupSummary' {description} -> description) (\s@RuleGroupSummary' {} a -> s {description = a} :: RuleGroupSummary)
+
+-- | A unique identifier for the rule group. This ID is returned in the
+-- responses to create and list commands. You provide it to operations like
+-- update and delete.
+ruleGroupSummary_id :: Lens.Lens' RuleGroupSummary (Prelude.Maybe Prelude.Text)
+ruleGroupSummary_id = Lens.lens (\RuleGroupSummary' {id} -> id) (\s@RuleGroupSummary' {} a -> s {id = a} :: RuleGroupSummary)
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+ruleGroupSummary_lockToken :: Lens.Lens' RuleGroupSummary (Prelude.Maybe Prelude.Text)
+ruleGroupSummary_lockToken = Lens.lens (\RuleGroupSummary' {lockToken} -> lockToken) (\s@RuleGroupSummary' {} a -> s {lockToken = a} :: RuleGroupSummary)
+
+-- | The name of the data type instance. You cannot change the name after you
+-- create the instance.
+ruleGroupSummary_name :: Lens.Lens' RuleGroupSummary (Prelude.Maybe Prelude.Text)
+ruleGroupSummary_name = Lens.lens (\RuleGroupSummary' {name} -> name) (\s@RuleGroupSummary' {} a -> s {name = a} :: RuleGroupSummary)
+
+instance Data.FromJSON RuleGroupSummary where
+  parseJSON =
+    Data.withObject
+      "RuleGroupSummary"
+      ( \x ->
+          RuleGroupSummary'
+            Prelude.<$> (x Data..:? "ARN")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "LockToken")
+            Prelude.<*> (x Data..:? "Name")
+      )
+
+instance Prelude.Hashable RuleGroupSummary where
+  hashWithSalt _salt RuleGroupSummary' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` lockToken
+      `Prelude.hashWithSalt` name
+
+instance Prelude.NFData RuleGroupSummary where
+  rnf RuleGroupSummary' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf lockToken
+      `Prelude.seq` Prelude.rnf name
diff --git a/gen/Amazonka/WAFV2/Types/RuleSummary.hs b/gen/Amazonka/WAFV2/Types/RuleSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/RuleSummary.hs
@@ -0,0 +1,94 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.RuleSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.RuleSummary where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.RuleAction
+
+-- | High-level information about a Rule, returned by operations like
+-- DescribeManagedRuleGroup. This provides information like the ID, that
+-- you can use to retrieve and manage a @RuleGroup@, and the ARN, that you
+-- provide to the RuleGroupReferenceStatement to use the rule group in a
+-- Rule.
+--
+-- /See:/ 'newRuleSummary' smart constructor.
+data RuleSummary = RuleSummary'
+  { -- | The action that WAF should take on a web request when it matches a
+    -- rule\'s statement. Settings at the web ACL level can override the rule
+    -- action setting.
+    action :: Prelude.Maybe RuleAction,
+    -- | The name of the rule.
+    name :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'RuleSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'action', 'ruleSummary_action' - The action that WAF should take on a web request when it matches a
+-- rule\'s statement. Settings at the web ACL level can override the rule
+-- action setting.
+--
+-- 'name', 'ruleSummary_name' - The name of the rule.
+newRuleSummary ::
+  RuleSummary
+newRuleSummary =
+  RuleSummary'
+    { action = Prelude.Nothing,
+      name = Prelude.Nothing
+    }
+
+-- | The action that WAF should take on a web request when it matches a
+-- rule\'s statement. Settings at the web ACL level can override the rule
+-- action setting.
+ruleSummary_action :: Lens.Lens' RuleSummary (Prelude.Maybe RuleAction)
+ruleSummary_action = Lens.lens (\RuleSummary' {action} -> action) (\s@RuleSummary' {} a -> s {action = a} :: RuleSummary)
+
+-- | The name of the rule.
+ruleSummary_name :: Lens.Lens' RuleSummary (Prelude.Maybe Prelude.Text)
+ruleSummary_name = Lens.lens (\RuleSummary' {name} -> name) (\s@RuleSummary' {} a -> s {name = a} :: RuleSummary)
+
+instance Data.FromJSON RuleSummary where
+  parseJSON =
+    Data.withObject
+      "RuleSummary"
+      ( \x ->
+          RuleSummary'
+            Prelude.<$> (x Data..:? "Action")
+            Prelude.<*> (x Data..:? "Name")
+      )
+
+instance Prelude.Hashable RuleSummary where
+  hashWithSalt _salt RuleSummary' {..} =
+    _salt
+      `Prelude.hashWithSalt` action
+      `Prelude.hashWithSalt` name
+
+instance Prelude.NFData RuleSummary where
+  rnf RuleSummary' {..} =
+    Prelude.rnf action `Prelude.seq` Prelude.rnf name
diff --git a/gen/Amazonka/WAFV2/Types/SampledHTTPRequest.hs b/gen/Amazonka/WAFV2/Types/SampledHTTPRequest.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/SampledHTTPRequest.hs
@@ -0,0 +1,267 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.SampledHTTPRequest
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.SampledHTTPRequest where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.CaptchaResponse
+import Amazonka.WAFV2.Types.ChallengeResponse
+import Amazonka.WAFV2.Types.HTTPHeader
+import Amazonka.WAFV2.Types.HTTPRequest
+import Amazonka.WAFV2.Types.Label
+
+-- | Represents a single sampled web request. The response from
+-- GetSampledRequests includes a @SampledHTTPRequests@ complex type that
+-- appears as @SampledRequests@ in the response syntax.
+-- @SampledHTTPRequests@ contains an array of @SampledHTTPRequest@ objects.
+--
+-- /See:/ 'newSampledHTTPRequest' smart constructor.
+data SampledHTTPRequest = SampledHTTPRequest'
+  { -- | The action that WAF applied to the request.
+    action :: Prelude.Maybe Prelude.Text,
+    -- | The @CAPTCHA@ response for the request.
+    captchaResponse :: Prelude.Maybe CaptchaResponse,
+    -- | The @Challenge@ response for the request.
+    challengeResponse :: Prelude.Maybe ChallengeResponse,
+    -- | Labels applied to the web request by matching rules. WAF applies fully
+    -- qualified labels to matching web requests. A fully qualified label is
+    -- the concatenation of a label namespace and a rule label. The rule\'s
+    -- rule group or web ACL defines the label namespace.
+    --
+    -- For example,
+    -- @awswaf:111122223333:myRuleGroup:testRules:testNS1:testNS2:labelNameA@
+    -- or @awswaf:managed:aws:managed-rule-set:header:encoding:utf8@.
+    labels :: Prelude.Maybe [Label],
+    -- | Used only for rule group rules that have a rule action override in place
+    -- in the web ACL. This is the action that the rule group rule is
+    -- configured for, and not the action that was applied to the request. The
+    -- action that WAF applied is the @Action@ value.
+    overriddenAction :: Prelude.Maybe Prelude.Text,
+    -- | Custom request headers inserted by WAF into the request, according to
+    -- the custom request configuration for the matching rule action.
+    requestHeadersInserted :: Prelude.Maybe [HTTPHeader],
+    -- | The response code that was sent for the request.
+    responseCodeSent :: Prelude.Maybe Prelude.Natural,
+    -- | The name of the @Rule@ that the request matched. For managed rule
+    -- groups, the format for this name is
+    -- @\<vendor name>#\<managed rule group name>#\<rule name>@. For your own
+    -- rule groups, the format for this name is
+    -- @\<rule group name>#\<rule name>@. If the rule is not in a rule group,
+    -- this field is absent.
+    ruleNameWithinRuleGroup :: Prelude.Maybe Prelude.Text,
+    -- | The time at which WAF received the request from your Amazon Web Services
+    -- resource, in Unix time format (in seconds).
+    timestamp :: Prelude.Maybe Data.POSIX,
+    -- | A complex type that contains detailed information about the request.
+    request :: HTTPRequest,
+    -- | A value that indicates how one result in the response relates
+    -- proportionally to other results in the response. For example, a result
+    -- that has a weight of @2@ represents roughly twice as many web requests
+    -- as a result that has a weight of @1@.
+    weight :: Prelude.Natural
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SampledHTTPRequest' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'action', 'sampledHTTPRequest_action' - The action that WAF applied to the request.
+--
+-- 'captchaResponse', 'sampledHTTPRequest_captchaResponse' - The @CAPTCHA@ response for the request.
+--
+-- 'challengeResponse', 'sampledHTTPRequest_challengeResponse' - The @Challenge@ response for the request.
+--
+-- 'labels', 'sampledHTTPRequest_labels' - Labels applied to the web request by matching rules. WAF applies fully
+-- qualified labels to matching web requests. A fully qualified label is
+-- the concatenation of a label namespace and a rule label. The rule\'s
+-- rule group or web ACL defines the label namespace.
+--
+-- For example,
+-- @awswaf:111122223333:myRuleGroup:testRules:testNS1:testNS2:labelNameA@
+-- or @awswaf:managed:aws:managed-rule-set:header:encoding:utf8@.
+--
+-- 'overriddenAction', 'sampledHTTPRequest_overriddenAction' - Used only for rule group rules that have a rule action override in place
+-- in the web ACL. This is the action that the rule group rule is
+-- configured for, and not the action that was applied to the request. The
+-- action that WAF applied is the @Action@ value.
+--
+-- 'requestHeadersInserted', 'sampledHTTPRequest_requestHeadersInserted' - Custom request headers inserted by WAF into the request, according to
+-- the custom request configuration for the matching rule action.
+--
+-- 'responseCodeSent', 'sampledHTTPRequest_responseCodeSent' - The response code that was sent for the request.
+--
+-- 'ruleNameWithinRuleGroup', 'sampledHTTPRequest_ruleNameWithinRuleGroup' - The name of the @Rule@ that the request matched. For managed rule
+-- groups, the format for this name is
+-- @\<vendor name>#\<managed rule group name>#\<rule name>@. For your own
+-- rule groups, the format for this name is
+-- @\<rule group name>#\<rule name>@. If the rule is not in a rule group,
+-- this field is absent.
+--
+-- 'timestamp', 'sampledHTTPRequest_timestamp' - The time at which WAF received the request from your Amazon Web Services
+-- resource, in Unix time format (in seconds).
+--
+-- 'request', 'sampledHTTPRequest_request' - A complex type that contains detailed information about the request.
+--
+-- 'weight', 'sampledHTTPRequest_weight' - A value that indicates how one result in the response relates
+-- proportionally to other results in the response. For example, a result
+-- that has a weight of @2@ represents roughly twice as many web requests
+-- as a result that has a weight of @1@.
+newSampledHTTPRequest ::
+  -- | 'request'
+  HTTPRequest ->
+  -- | 'weight'
+  Prelude.Natural ->
+  SampledHTTPRequest
+newSampledHTTPRequest pRequest_ pWeight_ =
+  SampledHTTPRequest'
+    { action = Prelude.Nothing,
+      captchaResponse = Prelude.Nothing,
+      challengeResponse = Prelude.Nothing,
+      labels = Prelude.Nothing,
+      overriddenAction = Prelude.Nothing,
+      requestHeadersInserted = Prelude.Nothing,
+      responseCodeSent = Prelude.Nothing,
+      ruleNameWithinRuleGroup = Prelude.Nothing,
+      timestamp = Prelude.Nothing,
+      request = pRequest_,
+      weight = pWeight_
+    }
+
+-- | The action that WAF applied to the request.
+sampledHTTPRequest_action :: Lens.Lens' SampledHTTPRequest (Prelude.Maybe Prelude.Text)
+sampledHTTPRequest_action = Lens.lens (\SampledHTTPRequest' {action} -> action) (\s@SampledHTTPRequest' {} a -> s {action = a} :: SampledHTTPRequest)
+
+-- | The @CAPTCHA@ response for the request.
+sampledHTTPRequest_captchaResponse :: Lens.Lens' SampledHTTPRequest (Prelude.Maybe CaptchaResponse)
+sampledHTTPRequest_captchaResponse = Lens.lens (\SampledHTTPRequest' {captchaResponse} -> captchaResponse) (\s@SampledHTTPRequest' {} a -> s {captchaResponse = a} :: SampledHTTPRequest)
+
+-- | The @Challenge@ response for the request.
+sampledHTTPRequest_challengeResponse :: Lens.Lens' SampledHTTPRequest (Prelude.Maybe ChallengeResponse)
+sampledHTTPRequest_challengeResponse = Lens.lens (\SampledHTTPRequest' {challengeResponse} -> challengeResponse) (\s@SampledHTTPRequest' {} a -> s {challengeResponse = a} :: SampledHTTPRequest)
+
+-- | Labels applied to the web request by matching rules. WAF applies fully
+-- qualified labels to matching web requests. A fully qualified label is
+-- the concatenation of a label namespace and a rule label. The rule\'s
+-- rule group or web ACL defines the label namespace.
+--
+-- For example,
+-- @awswaf:111122223333:myRuleGroup:testRules:testNS1:testNS2:labelNameA@
+-- or @awswaf:managed:aws:managed-rule-set:header:encoding:utf8@.
+sampledHTTPRequest_labels :: Lens.Lens' SampledHTTPRequest (Prelude.Maybe [Label])
+sampledHTTPRequest_labels = Lens.lens (\SampledHTTPRequest' {labels} -> labels) (\s@SampledHTTPRequest' {} a -> s {labels = a} :: SampledHTTPRequest) Prelude.. Lens.mapping Lens.coerced
+
+-- | Used only for rule group rules that have a rule action override in place
+-- in the web ACL. This is the action that the rule group rule is
+-- configured for, and not the action that was applied to the request. The
+-- action that WAF applied is the @Action@ value.
+sampledHTTPRequest_overriddenAction :: Lens.Lens' SampledHTTPRequest (Prelude.Maybe Prelude.Text)
+sampledHTTPRequest_overriddenAction = Lens.lens (\SampledHTTPRequest' {overriddenAction} -> overriddenAction) (\s@SampledHTTPRequest' {} a -> s {overriddenAction = a} :: SampledHTTPRequest)
+
+-- | Custom request headers inserted by WAF into the request, according to
+-- the custom request configuration for the matching rule action.
+sampledHTTPRequest_requestHeadersInserted :: Lens.Lens' SampledHTTPRequest (Prelude.Maybe [HTTPHeader])
+sampledHTTPRequest_requestHeadersInserted = Lens.lens (\SampledHTTPRequest' {requestHeadersInserted} -> requestHeadersInserted) (\s@SampledHTTPRequest' {} a -> s {requestHeadersInserted = a} :: SampledHTTPRequest) Prelude.. Lens.mapping Lens.coerced
+
+-- | The response code that was sent for the request.
+sampledHTTPRequest_responseCodeSent :: Lens.Lens' SampledHTTPRequest (Prelude.Maybe Prelude.Natural)
+sampledHTTPRequest_responseCodeSent = Lens.lens (\SampledHTTPRequest' {responseCodeSent} -> responseCodeSent) (\s@SampledHTTPRequest' {} a -> s {responseCodeSent = a} :: SampledHTTPRequest)
+
+-- | The name of the @Rule@ that the request matched. For managed rule
+-- groups, the format for this name is
+-- @\<vendor name>#\<managed rule group name>#\<rule name>@. For your own
+-- rule groups, the format for this name is
+-- @\<rule group name>#\<rule name>@. If the rule is not in a rule group,
+-- this field is absent.
+sampledHTTPRequest_ruleNameWithinRuleGroup :: Lens.Lens' SampledHTTPRequest (Prelude.Maybe Prelude.Text)
+sampledHTTPRequest_ruleNameWithinRuleGroup = Lens.lens (\SampledHTTPRequest' {ruleNameWithinRuleGroup} -> ruleNameWithinRuleGroup) (\s@SampledHTTPRequest' {} a -> s {ruleNameWithinRuleGroup = a} :: SampledHTTPRequest)
+
+-- | The time at which WAF received the request from your Amazon Web Services
+-- resource, in Unix time format (in seconds).
+sampledHTTPRequest_timestamp :: Lens.Lens' SampledHTTPRequest (Prelude.Maybe Prelude.UTCTime)
+sampledHTTPRequest_timestamp = Lens.lens (\SampledHTTPRequest' {timestamp} -> timestamp) (\s@SampledHTTPRequest' {} a -> s {timestamp = a} :: SampledHTTPRequest) Prelude.. Lens.mapping Data._Time
+
+-- | A complex type that contains detailed information about the request.
+sampledHTTPRequest_request :: Lens.Lens' SampledHTTPRequest HTTPRequest
+sampledHTTPRequest_request = Lens.lens (\SampledHTTPRequest' {request} -> request) (\s@SampledHTTPRequest' {} a -> s {request = a} :: SampledHTTPRequest)
+
+-- | A value that indicates how one result in the response relates
+-- proportionally to other results in the response. For example, a result
+-- that has a weight of @2@ represents roughly twice as many web requests
+-- as a result that has a weight of @1@.
+sampledHTTPRequest_weight :: Lens.Lens' SampledHTTPRequest Prelude.Natural
+sampledHTTPRequest_weight = Lens.lens (\SampledHTTPRequest' {weight} -> weight) (\s@SampledHTTPRequest' {} a -> s {weight = a} :: SampledHTTPRequest)
+
+instance Data.FromJSON SampledHTTPRequest where
+  parseJSON =
+    Data.withObject
+      "SampledHTTPRequest"
+      ( \x ->
+          SampledHTTPRequest'
+            Prelude.<$> (x Data..:? "Action")
+            Prelude.<*> (x Data..:? "CaptchaResponse")
+            Prelude.<*> (x Data..:? "ChallengeResponse")
+            Prelude.<*> (x Data..:? "Labels" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "OverriddenAction")
+            Prelude.<*> ( x
+                            Data..:? "RequestHeadersInserted"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "ResponseCodeSent")
+            Prelude.<*> (x Data..:? "RuleNameWithinRuleGroup")
+            Prelude.<*> (x Data..:? "Timestamp")
+            Prelude.<*> (x Data..: "Request")
+            Prelude.<*> (x Data..: "Weight")
+      )
+
+instance Prelude.Hashable SampledHTTPRequest where
+  hashWithSalt _salt SampledHTTPRequest' {..} =
+    _salt
+      `Prelude.hashWithSalt` action
+      `Prelude.hashWithSalt` captchaResponse
+      `Prelude.hashWithSalt` challengeResponse
+      `Prelude.hashWithSalt` labels
+      `Prelude.hashWithSalt` overriddenAction
+      `Prelude.hashWithSalt` requestHeadersInserted
+      `Prelude.hashWithSalt` responseCodeSent
+      `Prelude.hashWithSalt` ruleNameWithinRuleGroup
+      `Prelude.hashWithSalt` timestamp
+      `Prelude.hashWithSalt` request
+      `Prelude.hashWithSalt` weight
+
+instance Prelude.NFData SampledHTTPRequest where
+  rnf SampledHTTPRequest' {..} =
+    Prelude.rnf action
+      `Prelude.seq` Prelude.rnf captchaResponse
+      `Prelude.seq` Prelude.rnf challengeResponse
+      `Prelude.seq` Prelude.rnf labels
+      `Prelude.seq` Prelude.rnf overriddenAction
+      `Prelude.seq` Prelude.rnf requestHeadersInserted
+      `Prelude.seq` Prelude.rnf responseCodeSent
+      `Prelude.seq` Prelude.rnf ruleNameWithinRuleGroup
+      `Prelude.seq` Prelude.rnf timestamp
+      `Prelude.seq` Prelude.rnf request
+      `Prelude.seq` Prelude.rnf weight
diff --git a/gen/Amazonka/WAFV2/Types/Scope.hs b/gen/Amazonka/WAFV2/Types/Scope.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/Scope.hs
@@ -0,0 +1,68 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.Scope
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.Scope
+  ( Scope
+      ( ..,
+        Scope_CLOUDFRONT,
+        Scope_REGIONAL
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype Scope = Scope' {fromScope :: Data.Text}
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern Scope_CLOUDFRONT :: Scope
+pattern Scope_CLOUDFRONT = Scope' "CLOUDFRONT"
+
+pattern Scope_REGIONAL :: Scope
+pattern Scope_REGIONAL = Scope' "REGIONAL"
+
+{-# COMPLETE
+  Scope_CLOUDFRONT,
+  Scope_REGIONAL,
+  Scope'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/SensitivityLevel.hs b/gen/Amazonka/WAFV2/Types/SensitivityLevel.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/SensitivityLevel.hs
@@ -0,0 +1,71 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.SensitivityLevel
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.SensitivityLevel
+  ( SensitivityLevel
+      ( ..,
+        SensitivityLevel_HIGH,
+        SensitivityLevel_LOW
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype SensitivityLevel = SensitivityLevel'
+  { fromSensitivityLevel ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern SensitivityLevel_HIGH :: SensitivityLevel
+pattern SensitivityLevel_HIGH = SensitivityLevel' "HIGH"
+
+pattern SensitivityLevel_LOW :: SensitivityLevel
+pattern SensitivityLevel_LOW = SensitivityLevel' "LOW"
+
+{-# COMPLETE
+  SensitivityLevel_HIGH,
+  SensitivityLevel_LOW,
+  SensitivityLevel'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/SingleHeader.hs b/gen/Amazonka/WAFV2/Types/SingleHeader.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/SingleHeader.hs
@@ -0,0 +1,82 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.SingleHeader
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.SingleHeader where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Inspect one of the headers in the web request, identified by name, for
+-- example, @User-Agent@ or @Referer@. The name isn\'t case sensitive.
+--
+-- You can filter and inspect all headers with the @FieldToMatch@ setting
+-- @Headers@.
+--
+-- This is used to indicate the web request component to inspect, in the
+-- FieldToMatch specification.
+--
+-- Example JSON: @\"SingleHeader\": { \"Name\": \"haystack\" }@
+--
+-- /See:/ 'newSingleHeader' smart constructor.
+data SingleHeader = SingleHeader'
+  { -- | The name of the query header to inspect.
+    name :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SingleHeader' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'singleHeader_name' - The name of the query header to inspect.
+newSingleHeader ::
+  -- | 'name'
+  Prelude.Text ->
+  SingleHeader
+newSingleHeader pName_ = SingleHeader' {name = pName_}
+
+-- | The name of the query header to inspect.
+singleHeader_name :: Lens.Lens' SingleHeader Prelude.Text
+singleHeader_name = Lens.lens (\SingleHeader' {name} -> name) (\s@SingleHeader' {} a -> s {name = a} :: SingleHeader)
+
+instance Data.FromJSON SingleHeader where
+  parseJSON =
+    Data.withObject
+      "SingleHeader"
+      (\x -> SingleHeader' Prelude.<$> (x Data..: "Name"))
+
+instance Prelude.Hashable SingleHeader where
+  hashWithSalt _salt SingleHeader' {..} =
+    _salt `Prelude.hashWithSalt` name
+
+instance Prelude.NFData SingleHeader where
+  rnf SingleHeader' {..} = Prelude.rnf name
+
+instance Data.ToJSON SingleHeader where
+  toJSON SingleHeader' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("Name" Data..= name)]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/SingleQueryArgument.hs b/gen/Amazonka/WAFV2/Types/SingleQueryArgument.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/SingleQueryArgument.hs
@@ -0,0 +1,82 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.SingleQueryArgument
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.SingleQueryArgument where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Inspect one query argument in the web request, identified by name, for
+-- example /UserName/ or /SalesRegion/. The name isn\'t case sensitive.
+--
+-- This is used to indicate the web request component to inspect, in the
+-- FieldToMatch specification.
+--
+-- Example JSON: @\"SingleQueryArgument\": { \"Name\": \"myArgument\" }@
+--
+-- /See:/ 'newSingleQueryArgument' smart constructor.
+data SingleQueryArgument = SingleQueryArgument'
+  { -- | The name of the query argument to inspect.
+    name :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SingleQueryArgument' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'singleQueryArgument_name' - The name of the query argument to inspect.
+newSingleQueryArgument ::
+  -- | 'name'
+  Prelude.Text ->
+  SingleQueryArgument
+newSingleQueryArgument pName_ =
+  SingleQueryArgument' {name = pName_}
+
+-- | The name of the query argument to inspect.
+singleQueryArgument_name :: Lens.Lens' SingleQueryArgument Prelude.Text
+singleQueryArgument_name = Lens.lens (\SingleQueryArgument' {name} -> name) (\s@SingleQueryArgument' {} a -> s {name = a} :: SingleQueryArgument)
+
+instance Data.FromJSON SingleQueryArgument where
+  parseJSON =
+    Data.withObject
+      "SingleQueryArgument"
+      ( \x ->
+          SingleQueryArgument' Prelude.<$> (x Data..: "Name")
+      )
+
+instance Prelude.Hashable SingleQueryArgument where
+  hashWithSalt _salt SingleQueryArgument' {..} =
+    _salt `Prelude.hashWithSalt` name
+
+instance Prelude.NFData SingleQueryArgument where
+  rnf SingleQueryArgument' {..} = Prelude.rnf name
+
+instance Data.ToJSON SingleQueryArgument where
+  toJSON SingleQueryArgument' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("Name" Data..= name)]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/SizeConstraintStatement.hs b/gen/Amazonka/WAFV2/Types/SizeConstraintStatement.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/SizeConstraintStatement.hs
@@ -0,0 +1,168 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.SizeConstraintStatement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.SizeConstraintStatement where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.ComparisonOperator
+import Amazonka.WAFV2.Types.FieldToMatch
+import Amazonka.WAFV2.Types.TextTransformation
+
+-- | A rule statement that compares a number of bytes against the size of a
+-- request component, using a comparison operator, such as greater than (>)
+-- or less than (\<). For example, you can use a size constraint statement
+-- to look for query strings that are longer than 100 bytes.
+--
+-- If you configure WAF to inspect the request body, WAF inspects only the
+-- first 8192 bytes (8 KB). If the request body for your web requests never
+-- exceeds 8192 bytes, you could use a size constraint statement to block
+-- requests that have a request body greater than 8192 bytes.
+--
+-- If you choose URI for the value of Part of the request to filter on, the
+-- slash (\/) in the URI counts as one character. For example, the URI
+-- @\/logo.jpg@ is nine characters long.
+--
+-- /See:/ 'newSizeConstraintStatement' smart constructor.
+data SizeConstraintStatement = SizeConstraintStatement'
+  { -- | The part of the web request that you want WAF to inspect.
+    fieldToMatch :: FieldToMatch,
+    -- | The operator to use to compare the request part to the size setting.
+    comparisonOperator :: ComparisonOperator,
+    -- | The size, in byte, to compare to the request part, after any
+    -- transformations.
+    size :: Prelude.Natural,
+    -- | Text transformations eliminate some of the unusual formatting that
+    -- attackers use in web requests in an effort to bypass detection. If you
+    -- specify one or more transformations in a rule statement, WAF performs
+    -- all transformations on the content of the request component identified
+    -- by @FieldToMatch@, starting from the lowest priority setting, before
+    -- inspecting the content for a match.
+    textTransformations :: Prelude.NonEmpty TextTransformation
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SizeConstraintStatement' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'fieldToMatch', 'sizeConstraintStatement_fieldToMatch' - The part of the web request that you want WAF to inspect.
+--
+-- 'comparisonOperator', 'sizeConstraintStatement_comparisonOperator' - The operator to use to compare the request part to the size setting.
+--
+-- 'size', 'sizeConstraintStatement_size' - The size, in byte, to compare to the request part, after any
+-- transformations.
+--
+-- 'textTransformations', 'sizeConstraintStatement_textTransformations' - Text transformations eliminate some of the unusual formatting that
+-- attackers use in web requests in an effort to bypass detection. If you
+-- specify one or more transformations in a rule statement, WAF performs
+-- all transformations on the content of the request component identified
+-- by @FieldToMatch@, starting from the lowest priority setting, before
+-- inspecting the content for a match.
+newSizeConstraintStatement ::
+  -- | 'fieldToMatch'
+  FieldToMatch ->
+  -- | 'comparisonOperator'
+  ComparisonOperator ->
+  -- | 'size'
+  Prelude.Natural ->
+  -- | 'textTransformations'
+  Prelude.NonEmpty TextTransformation ->
+  SizeConstraintStatement
+newSizeConstraintStatement
+  pFieldToMatch_
+  pComparisonOperator_
+  pSize_
+  pTextTransformations_ =
+    SizeConstraintStatement'
+      { fieldToMatch =
+          pFieldToMatch_,
+        comparisonOperator = pComparisonOperator_,
+        size = pSize_,
+        textTransformations =
+          Lens.coerced Lens.# pTextTransformations_
+      }
+
+-- | The part of the web request that you want WAF to inspect.
+sizeConstraintStatement_fieldToMatch :: Lens.Lens' SizeConstraintStatement FieldToMatch
+sizeConstraintStatement_fieldToMatch = Lens.lens (\SizeConstraintStatement' {fieldToMatch} -> fieldToMatch) (\s@SizeConstraintStatement' {} a -> s {fieldToMatch = a} :: SizeConstraintStatement)
+
+-- | The operator to use to compare the request part to the size setting.
+sizeConstraintStatement_comparisonOperator :: Lens.Lens' SizeConstraintStatement ComparisonOperator
+sizeConstraintStatement_comparisonOperator = Lens.lens (\SizeConstraintStatement' {comparisonOperator} -> comparisonOperator) (\s@SizeConstraintStatement' {} a -> s {comparisonOperator = a} :: SizeConstraintStatement)
+
+-- | The size, in byte, to compare to the request part, after any
+-- transformations.
+sizeConstraintStatement_size :: Lens.Lens' SizeConstraintStatement Prelude.Natural
+sizeConstraintStatement_size = Lens.lens (\SizeConstraintStatement' {size} -> size) (\s@SizeConstraintStatement' {} a -> s {size = a} :: SizeConstraintStatement)
+
+-- | Text transformations eliminate some of the unusual formatting that
+-- attackers use in web requests in an effort to bypass detection. If you
+-- specify one or more transformations in a rule statement, WAF performs
+-- all transformations on the content of the request component identified
+-- by @FieldToMatch@, starting from the lowest priority setting, before
+-- inspecting the content for a match.
+sizeConstraintStatement_textTransformations :: Lens.Lens' SizeConstraintStatement (Prelude.NonEmpty TextTransformation)
+sizeConstraintStatement_textTransformations = Lens.lens (\SizeConstraintStatement' {textTransformations} -> textTransformations) (\s@SizeConstraintStatement' {} a -> s {textTransformations = a} :: SizeConstraintStatement) Prelude.. Lens.coerced
+
+instance Data.FromJSON SizeConstraintStatement where
+  parseJSON =
+    Data.withObject
+      "SizeConstraintStatement"
+      ( \x ->
+          SizeConstraintStatement'
+            Prelude.<$> (x Data..: "FieldToMatch")
+            Prelude.<*> (x Data..: "ComparisonOperator")
+            Prelude.<*> (x Data..: "Size")
+            Prelude.<*> (x Data..: "TextTransformations")
+      )
+
+instance Prelude.Hashable SizeConstraintStatement where
+  hashWithSalt _salt SizeConstraintStatement' {..} =
+    _salt
+      `Prelude.hashWithSalt` fieldToMatch
+      `Prelude.hashWithSalt` comparisonOperator
+      `Prelude.hashWithSalt` size
+      `Prelude.hashWithSalt` textTransformations
+
+instance Prelude.NFData SizeConstraintStatement where
+  rnf SizeConstraintStatement' {..} =
+    Prelude.rnf fieldToMatch
+      `Prelude.seq` Prelude.rnf comparisonOperator
+      `Prelude.seq` Prelude.rnf size
+      `Prelude.seq` Prelude.rnf textTransformations
+
+instance Data.ToJSON SizeConstraintStatement where
+  toJSON SizeConstraintStatement' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("FieldToMatch" Data..= fieldToMatch),
+            Prelude.Just
+              ("ComparisonOperator" Data..= comparisonOperator),
+            Prelude.Just ("Size" Data..= size),
+            Prelude.Just
+              ("TextTransformations" Data..= textTransformations)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/SqliMatchStatement.hs b/gen/Amazonka/WAFV2/Types/SqliMatchStatement.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/SqliMatchStatement.hs
@@ -0,0 +1,175 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.SqliMatchStatement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.SqliMatchStatement where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.FieldToMatch
+import Amazonka.WAFV2.Types.SensitivityLevel
+import Amazonka.WAFV2.Types.TextTransformation
+
+-- | A rule statement that inspects for malicious SQL code. Attackers insert
+-- malicious SQL code into web requests to do things like modify your
+-- database or extract data from it.
+--
+-- /See:/ 'newSqliMatchStatement' smart constructor.
+data SqliMatchStatement = SqliMatchStatement'
+  { -- | The sensitivity that you want WAF to use to inspect for SQL injection
+    -- attacks.
+    --
+    -- @HIGH@ detects more attacks, but might generate more false positives,
+    -- especially if your web requests frequently contain unusual strings. For
+    -- information about identifying and mitigating false positives, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-testing.html Testing and tuning>
+    -- in the /WAF Developer Guide/.
+    --
+    -- @LOW@ is generally a better choice for resources that already have other
+    -- protections against SQL injection attacks or that have a low tolerance
+    -- for false positives.
+    --
+    -- Default: @LOW@
+    sensitivityLevel :: Prelude.Maybe SensitivityLevel,
+    -- | The part of the web request that you want WAF to inspect.
+    fieldToMatch :: FieldToMatch,
+    -- | Text transformations eliminate some of the unusual formatting that
+    -- attackers use in web requests in an effort to bypass detection. If you
+    -- specify one or more transformations in a rule statement, WAF performs
+    -- all transformations on the content of the request component identified
+    -- by @FieldToMatch@, starting from the lowest priority setting, before
+    -- inspecting the content for a match.
+    textTransformations :: Prelude.NonEmpty TextTransformation
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'SqliMatchStatement' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'sensitivityLevel', 'sqliMatchStatement_sensitivityLevel' - The sensitivity that you want WAF to use to inspect for SQL injection
+-- attacks.
+--
+-- @HIGH@ detects more attacks, but might generate more false positives,
+-- especially if your web requests frequently contain unusual strings. For
+-- information about identifying and mitigating false positives, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-testing.html Testing and tuning>
+-- in the /WAF Developer Guide/.
+--
+-- @LOW@ is generally a better choice for resources that already have other
+-- protections against SQL injection attacks or that have a low tolerance
+-- for false positives.
+--
+-- Default: @LOW@
+--
+-- 'fieldToMatch', 'sqliMatchStatement_fieldToMatch' - The part of the web request that you want WAF to inspect.
+--
+-- 'textTransformations', 'sqliMatchStatement_textTransformations' - Text transformations eliminate some of the unusual formatting that
+-- attackers use in web requests in an effort to bypass detection. If you
+-- specify one or more transformations in a rule statement, WAF performs
+-- all transformations on the content of the request component identified
+-- by @FieldToMatch@, starting from the lowest priority setting, before
+-- inspecting the content for a match.
+newSqliMatchStatement ::
+  -- | 'fieldToMatch'
+  FieldToMatch ->
+  -- | 'textTransformations'
+  Prelude.NonEmpty TextTransformation ->
+  SqliMatchStatement
+newSqliMatchStatement
+  pFieldToMatch_
+  pTextTransformations_ =
+    SqliMatchStatement'
+      { sensitivityLevel =
+          Prelude.Nothing,
+        fieldToMatch = pFieldToMatch_,
+        textTransformations =
+          Lens.coerced Lens.# pTextTransformations_
+      }
+
+-- | The sensitivity that you want WAF to use to inspect for SQL injection
+-- attacks.
+--
+-- @HIGH@ detects more attacks, but might generate more false positives,
+-- especially if your web requests frequently contain unusual strings. For
+-- information about identifying and mitigating false positives, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-testing.html Testing and tuning>
+-- in the /WAF Developer Guide/.
+--
+-- @LOW@ is generally a better choice for resources that already have other
+-- protections against SQL injection attacks or that have a low tolerance
+-- for false positives.
+--
+-- Default: @LOW@
+sqliMatchStatement_sensitivityLevel :: Lens.Lens' SqliMatchStatement (Prelude.Maybe SensitivityLevel)
+sqliMatchStatement_sensitivityLevel = Lens.lens (\SqliMatchStatement' {sensitivityLevel} -> sensitivityLevel) (\s@SqliMatchStatement' {} a -> s {sensitivityLevel = a} :: SqliMatchStatement)
+
+-- | The part of the web request that you want WAF to inspect.
+sqliMatchStatement_fieldToMatch :: Lens.Lens' SqliMatchStatement FieldToMatch
+sqliMatchStatement_fieldToMatch = Lens.lens (\SqliMatchStatement' {fieldToMatch} -> fieldToMatch) (\s@SqliMatchStatement' {} a -> s {fieldToMatch = a} :: SqliMatchStatement)
+
+-- | Text transformations eliminate some of the unusual formatting that
+-- attackers use in web requests in an effort to bypass detection. If you
+-- specify one or more transformations in a rule statement, WAF performs
+-- all transformations on the content of the request component identified
+-- by @FieldToMatch@, starting from the lowest priority setting, before
+-- inspecting the content for a match.
+sqliMatchStatement_textTransformations :: Lens.Lens' SqliMatchStatement (Prelude.NonEmpty TextTransformation)
+sqliMatchStatement_textTransformations = Lens.lens (\SqliMatchStatement' {textTransformations} -> textTransformations) (\s@SqliMatchStatement' {} a -> s {textTransformations = a} :: SqliMatchStatement) Prelude.. Lens.coerced
+
+instance Data.FromJSON SqliMatchStatement where
+  parseJSON =
+    Data.withObject
+      "SqliMatchStatement"
+      ( \x ->
+          SqliMatchStatement'
+            Prelude.<$> (x Data..:? "SensitivityLevel")
+            Prelude.<*> (x Data..: "FieldToMatch")
+            Prelude.<*> (x Data..: "TextTransformations")
+      )
+
+instance Prelude.Hashable SqliMatchStatement where
+  hashWithSalt _salt SqliMatchStatement' {..} =
+    _salt
+      `Prelude.hashWithSalt` sensitivityLevel
+      `Prelude.hashWithSalt` fieldToMatch
+      `Prelude.hashWithSalt` textTransformations
+
+instance Prelude.NFData SqliMatchStatement where
+  rnf SqliMatchStatement' {..} =
+    Prelude.rnf sensitivityLevel
+      `Prelude.seq` Prelude.rnf fieldToMatch
+      `Prelude.seq` Prelude.rnf textTransformations
+
+instance Data.ToJSON SqliMatchStatement where
+  toJSON SqliMatchStatement' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("SensitivityLevel" Data..=)
+              Prelude.<$> sensitivityLevel,
+            Prelude.Just ("FieldToMatch" Data..= fieldToMatch),
+            Prelude.Just
+              ("TextTransformations" Data..= textTransformations)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/Statement.hs b/gen/Amazonka/WAFV2/Types/Statement.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/Statement.hs
@@ -0,0 +1,724 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.Statement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.Statement where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import {-# SOURCE #-} Amazonka.WAFV2.Types.AndStatement
+import Amazonka.WAFV2.Types.ByteMatchStatement
+import Amazonka.WAFV2.Types.GeoMatchStatement
+import Amazonka.WAFV2.Types.IPSetReferenceStatement
+import Amazonka.WAFV2.Types.LabelMatchStatement
+import {-# SOURCE #-} Amazonka.WAFV2.Types.ManagedRuleGroupStatement
+import {-# SOURCE #-} Amazonka.WAFV2.Types.NotStatement
+import {-# SOURCE #-} Amazonka.WAFV2.Types.OrStatement
+import {-# SOURCE #-} Amazonka.WAFV2.Types.RateBasedStatement
+import Amazonka.WAFV2.Types.RegexMatchStatement
+import Amazonka.WAFV2.Types.RegexPatternSetReferenceStatement
+import Amazonka.WAFV2.Types.RuleGroupReferenceStatement
+import Amazonka.WAFV2.Types.SizeConstraintStatement
+import Amazonka.WAFV2.Types.SqliMatchStatement
+import Amazonka.WAFV2.Types.XssMatchStatement
+
+-- | The processing guidance for a Rule, used by WAF to determine whether a
+-- web request matches the rule.
+--
+-- For example specifications, see the examples section of CreateWebACL.
+--
+-- /See:/ 'newStatement' smart constructor.
+data Statement = Statement'
+  { -- | A logical rule statement used to combine other rule statements with AND
+    -- logic. You provide more than one Statement within the @AndStatement@.
+    andStatement :: Prelude.Maybe AndStatement,
+    -- | A rule statement that defines a string match search for WAF to apply to
+    -- web requests. The byte match statement provides the bytes to search for,
+    -- the location in requests that you want WAF to search, and other
+    -- settings. The bytes to search for are typically a string that
+    -- corresponds with ASCII characters. In the WAF console and the developer
+    -- guide, this is called a string match statement.
+    byteMatchStatement :: Prelude.Maybe ByteMatchStatement,
+    -- | A rule statement that labels web requests by country and region and that
+    -- matches against web requests based on country code. A geo match rule
+    -- labels every request that it inspects regardless of whether it finds a
+    -- match.
+    --
+    -- -   To manage requests only by country, you can use this statement by
+    --     itself and specify the countries that you want to match against in
+    --     the @CountryCodes@ array.
+    --
+    -- -   Otherwise, configure your geo match rule with Count action so that
+    --     it only labels requests. Then, add one or more label match rules to
+    --     run after the geo match rule and configure them to match against the
+    --     geographic labels and handle the requests as needed.
+    --
+    -- WAF labels requests using the alpha-2 country and region codes from the
+    -- International Organization for Standardization (ISO) 3166 standard. WAF
+    -- determines the codes using either the IP address in the web request
+    -- origin or, if you specify it, the address in the geo match
+    -- @ForwardedIPConfig@.
+    --
+    -- If you use the web request origin, the label formats are
+    -- @awswaf:clientip:geo:region:\<ISO country code>-\<ISO region code>@ and
+    -- @awswaf:clientip:geo:country:\<ISO country code>@.
+    --
+    -- If you use a forwarded IP address, the label formats are
+    -- @awswaf:forwardedip:geo:region:\<ISO country code>-\<ISO region code>@
+    -- and @awswaf:forwardedip:geo:country:\<ISO country code>@.
+    --
+    -- For additional details, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-geo-match.html Geographic match rule statement>
+    -- in the
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+    geoMatchStatement :: Prelude.Maybe GeoMatchStatement,
+    -- | A rule statement used to detect web requests coming from particular IP
+    -- addresses or address ranges. To use this, create an IPSet that specifies
+    -- the addresses you want to detect, then use the ARN of that set in this
+    -- statement. To create an IP set, see CreateIPSet.
+    --
+    -- Each IP set rule statement references an IP set. You create and maintain
+    -- the set independent of your rules. This allows you to use the single set
+    -- in multiple rules. When you update the referenced set, WAF automatically
+    -- updates all rules that reference it.
+    iPSetReferenceStatement :: Prelude.Maybe IPSetReferenceStatement,
+    -- | A rule statement to match against labels that have been added to the web
+    -- request by rules that have already run in the web ACL.
+    --
+    -- The label match statement provides the label or namespace string to
+    -- search for. The label string can represent a part or all of the fully
+    -- qualified label name that had been added to the web request. Fully
+    -- qualified labels have a prefix, optional namespaces, and label name. The
+    -- prefix identifies the rule group or web ACL context of the rule that
+    -- added the label. If you do not provide the fully qualified name in your
+    -- label match string, WAF performs the search for labels that were added
+    -- in the same context as the label match statement.
+    labelMatchStatement :: Prelude.Maybe LabelMatchStatement,
+    -- | A rule statement used to run the rules that are defined in a managed
+    -- rule group. To use this, provide the vendor name and the name of the
+    -- rule group in this statement. You can retrieve the required names by
+    -- calling ListAvailableManagedRuleGroups.
+    --
+    -- You cannot nest a @ManagedRuleGroupStatement@, for example for use
+    -- inside a @NotStatement@ or @OrStatement@. It can only be referenced as a
+    -- top-level statement within a rule.
+    --
+    -- You are charged additional fees when you use the WAF Bot Control managed
+    -- rule group @AWSManagedRulesBotControlRuleSet@ or the WAF Fraud Control
+    -- account takeover prevention (ATP) managed rule group
+    -- @AWSManagedRulesATPRuleSet@. For more information, see
+    -- <http://aws.amazon.com/waf/pricing/ WAF Pricing>.
+    managedRuleGroupStatement :: Prelude.Maybe ManagedRuleGroupStatement,
+    -- | A logical rule statement used to negate the results of another rule
+    -- statement. You provide one Statement within the @NotStatement@.
+    notStatement :: Prelude.Maybe NotStatement,
+    -- | A logical rule statement used to combine other rule statements with OR
+    -- logic. You provide more than one Statement within the @OrStatement@.
+    orStatement :: Prelude.Maybe OrStatement,
+    -- | A rate-based rule tracks the rate of requests for each originating IP
+    -- address, and triggers the rule action when the rate exceeds a limit that
+    -- you specify on the number of requests in any 5-minute time span. You can
+    -- use this to put a temporary block on requests from an IP address that is
+    -- sending excessive requests.
+    --
+    -- WAF tracks and manages web requests separately for each instance of a
+    -- rate-based rule that you use. For example, if you provide the same
+    -- rate-based rule settings in two web ACLs, each of the two rule
+    -- statements represents a separate instance of the rate-based rule and
+    -- gets its own tracking and management by WAF. If you define a rate-based
+    -- rule inside a rule group, and then use that rule group in multiple
+    -- places, each use creates a separate instance of the rate-based rule that
+    -- gets its own tracking and management by WAF.
+    --
+    -- When the rule action triggers, WAF blocks additional requests from the
+    -- IP address until the request rate falls below the limit.
+    --
+    -- You can optionally nest another statement inside the rate-based
+    -- statement, to narrow the scope of the rule so that it only counts
+    -- requests that match the nested statement. For example, based on recent
+    -- requests that you have seen from an attacker, you might create a
+    -- rate-based rule with a nested AND rule statement that contains the
+    -- following nested statements:
+    --
+    -- -   An IP match statement with an IP set that specified the address
+    --     192.0.2.44.
+    --
+    -- -   A string match statement that searches in the User-Agent header for
+    --     the string BadBot.
+    --
+    -- In this rate-based rule, you also define a rate limit. For this example,
+    -- the rate limit is 1,000. Requests that meet the criteria of both of the
+    -- nested statements are counted. If the count exceeds 1,000 requests per
+    -- five minutes, the rule action triggers. Requests that do not meet the
+    -- criteria of both of the nested statements are not counted towards the
+    -- rate limit and are not affected by this rule.
+    --
+    -- You cannot nest a @RateBasedStatement@ inside another statement, for
+    -- example inside a @NotStatement@ or @OrStatement@. You can define a
+    -- @RateBasedStatement@ inside a web ACL and inside a rule group.
+    rateBasedStatement :: Prelude.Maybe RateBasedStatement,
+    -- | A rule statement used to search web request components for a match
+    -- against a single regular expression.
+    regexMatchStatement :: Prelude.Maybe RegexMatchStatement,
+    -- | A rule statement used to search web request components for matches with
+    -- regular expressions. To use this, create a RegexPatternSet that
+    -- specifies the expressions that you want to detect, then use the ARN of
+    -- that set in this statement. A web request matches the pattern set rule
+    -- statement if the request component matches any of the patterns in the
+    -- set. To create a regex pattern set, see CreateRegexPatternSet.
+    --
+    -- Each regex pattern set rule statement references a regex pattern set.
+    -- You create and maintain the set independent of your rules. This allows
+    -- you to use the single set in multiple rules. When you update the
+    -- referenced set, WAF automatically updates all rules that reference it.
+    regexPatternSetReferenceStatement :: Prelude.Maybe RegexPatternSetReferenceStatement,
+    -- | A rule statement used to run the rules that are defined in a RuleGroup.
+    -- To use this, create a rule group with your rules, then provide the ARN
+    -- of the rule group in this statement.
+    --
+    -- You cannot nest a @RuleGroupReferenceStatement@, for example for use
+    -- inside a @NotStatement@ or @OrStatement@. You can only use a rule group
+    -- reference statement at the top level inside a web ACL.
+    ruleGroupReferenceStatement :: Prelude.Maybe RuleGroupReferenceStatement,
+    -- | A rule statement that compares a number of bytes against the size of a
+    -- request component, using a comparison operator, such as greater than (>)
+    -- or less than (\<). For example, you can use a size constraint statement
+    -- to look for query strings that are longer than 100 bytes.
+    --
+    -- If you configure WAF to inspect the request body, WAF inspects only the
+    -- first 8192 bytes (8 KB). If the request body for your web requests never
+    -- exceeds 8192 bytes, you could use a size constraint statement to block
+    -- requests that have a request body greater than 8192 bytes.
+    --
+    -- If you choose URI for the value of Part of the request to filter on, the
+    -- slash (\/) in the URI counts as one character. For example, the URI
+    -- @\/logo.jpg@ is nine characters long.
+    sizeConstraintStatement :: Prelude.Maybe SizeConstraintStatement,
+    -- | A rule statement that inspects for malicious SQL code. Attackers insert
+    -- malicious SQL code into web requests to do things like modify your
+    -- database or extract data from it.
+    sqliMatchStatement :: Prelude.Maybe SqliMatchStatement,
+    -- | A rule statement that inspects for cross-site scripting (XSS) attacks.
+    -- In XSS attacks, the attacker uses vulnerabilities in a benign website as
+    -- a vehicle to inject malicious client-site scripts into other legitimate
+    -- web browsers.
+    xssMatchStatement :: Prelude.Maybe XssMatchStatement
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Statement' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'andStatement', 'statement_andStatement' - A logical rule statement used to combine other rule statements with AND
+-- logic. You provide more than one Statement within the @AndStatement@.
+--
+-- 'byteMatchStatement', 'statement_byteMatchStatement' - A rule statement that defines a string match search for WAF to apply to
+-- web requests. The byte match statement provides the bytes to search for,
+-- the location in requests that you want WAF to search, and other
+-- settings. The bytes to search for are typically a string that
+-- corresponds with ASCII characters. In the WAF console and the developer
+-- guide, this is called a string match statement.
+--
+-- 'geoMatchStatement', 'statement_geoMatchStatement' - A rule statement that labels web requests by country and region and that
+-- matches against web requests based on country code. A geo match rule
+-- labels every request that it inspects regardless of whether it finds a
+-- match.
+--
+-- -   To manage requests only by country, you can use this statement by
+--     itself and specify the countries that you want to match against in
+--     the @CountryCodes@ array.
+--
+-- -   Otherwise, configure your geo match rule with Count action so that
+--     it only labels requests. Then, add one or more label match rules to
+--     run after the geo match rule and configure them to match against the
+--     geographic labels and handle the requests as needed.
+--
+-- WAF labels requests using the alpha-2 country and region codes from the
+-- International Organization for Standardization (ISO) 3166 standard. WAF
+-- determines the codes using either the IP address in the web request
+-- origin or, if you specify it, the address in the geo match
+-- @ForwardedIPConfig@.
+--
+-- If you use the web request origin, the label formats are
+-- @awswaf:clientip:geo:region:\<ISO country code>-\<ISO region code>@ and
+-- @awswaf:clientip:geo:country:\<ISO country code>@.
+--
+-- If you use a forwarded IP address, the label formats are
+-- @awswaf:forwardedip:geo:region:\<ISO country code>-\<ISO region code>@
+-- and @awswaf:forwardedip:geo:country:\<ISO country code>@.
+--
+-- For additional details, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-geo-match.html Geographic match rule statement>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- 'iPSetReferenceStatement', 'statement_iPSetReferenceStatement' - A rule statement used to detect web requests coming from particular IP
+-- addresses or address ranges. To use this, create an IPSet that specifies
+-- the addresses you want to detect, then use the ARN of that set in this
+-- statement. To create an IP set, see CreateIPSet.
+--
+-- Each IP set rule statement references an IP set. You create and maintain
+-- the set independent of your rules. This allows you to use the single set
+-- in multiple rules. When you update the referenced set, WAF automatically
+-- updates all rules that reference it.
+--
+-- 'labelMatchStatement', 'statement_labelMatchStatement' - A rule statement to match against labels that have been added to the web
+-- request by rules that have already run in the web ACL.
+--
+-- The label match statement provides the label or namespace string to
+-- search for. The label string can represent a part or all of the fully
+-- qualified label name that had been added to the web request. Fully
+-- qualified labels have a prefix, optional namespaces, and label name. The
+-- prefix identifies the rule group or web ACL context of the rule that
+-- added the label. If you do not provide the fully qualified name in your
+-- label match string, WAF performs the search for labels that were added
+-- in the same context as the label match statement.
+--
+-- 'managedRuleGroupStatement', 'statement_managedRuleGroupStatement' - A rule statement used to run the rules that are defined in a managed
+-- rule group. To use this, provide the vendor name and the name of the
+-- rule group in this statement. You can retrieve the required names by
+-- calling ListAvailableManagedRuleGroups.
+--
+-- You cannot nest a @ManagedRuleGroupStatement@, for example for use
+-- inside a @NotStatement@ or @OrStatement@. It can only be referenced as a
+-- top-level statement within a rule.
+--
+-- You are charged additional fees when you use the WAF Bot Control managed
+-- rule group @AWSManagedRulesBotControlRuleSet@ or the WAF Fraud Control
+-- account takeover prevention (ATP) managed rule group
+-- @AWSManagedRulesATPRuleSet@. For more information, see
+-- <http://aws.amazon.com/waf/pricing/ WAF Pricing>.
+--
+-- 'notStatement', 'statement_notStatement' - A logical rule statement used to negate the results of another rule
+-- statement. You provide one Statement within the @NotStatement@.
+--
+-- 'orStatement', 'statement_orStatement' - A logical rule statement used to combine other rule statements with OR
+-- logic. You provide more than one Statement within the @OrStatement@.
+--
+-- 'rateBasedStatement', 'statement_rateBasedStatement' - A rate-based rule tracks the rate of requests for each originating IP
+-- address, and triggers the rule action when the rate exceeds a limit that
+-- you specify on the number of requests in any 5-minute time span. You can
+-- use this to put a temporary block on requests from an IP address that is
+-- sending excessive requests.
+--
+-- WAF tracks and manages web requests separately for each instance of a
+-- rate-based rule that you use. For example, if you provide the same
+-- rate-based rule settings in two web ACLs, each of the two rule
+-- statements represents a separate instance of the rate-based rule and
+-- gets its own tracking and management by WAF. If you define a rate-based
+-- rule inside a rule group, and then use that rule group in multiple
+-- places, each use creates a separate instance of the rate-based rule that
+-- gets its own tracking and management by WAF.
+--
+-- When the rule action triggers, WAF blocks additional requests from the
+-- IP address until the request rate falls below the limit.
+--
+-- You can optionally nest another statement inside the rate-based
+-- statement, to narrow the scope of the rule so that it only counts
+-- requests that match the nested statement. For example, based on recent
+-- requests that you have seen from an attacker, you might create a
+-- rate-based rule with a nested AND rule statement that contains the
+-- following nested statements:
+--
+-- -   An IP match statement with an IP set that specified the address
+--     192.0.2.44.
+--
+-- -   A string match statement that searches in the User-Agent header for
+--     the string BadBot.
+--
+-- In this rate-based rule, you also define a rate limit. For this example,
+-- the rate limit is 1,000. Requests that meet the criteria of both of the
+-- nested statements are counted. If the count exceeds 1,000 requests per
+-- five minutes, the rule action triggers. Requests that do not meet the
+-- criteria of both of the nested statements are not counted towards the
+-- rate limit and are not affected by this rule.
+--
+-- You cannot nest a @RateBasedStatement@ inside another statement, for
+-- example inside a @NotStatement@ or @OrStatement@. You can define a
+-- @RateBasedStatement@ inside a web ACL and inside a rule group.
+--
+-- 'regexMatchStatement', 'statement_regexMatchStatement' - A rule statement used to search web request components for a match
+-- against a single regular expression.
+--
+-- 'regexPatternSetReferenceStatement', 'statement_regexPatternSetReferenceStatement' - A rule statement used to search web request components for matches with
+-- regular expressions. To use this, create a RegexPatternSet that
+-- specifies the expressions that you want to detect, then use the ARN of
+-- that set in this statement. A web request matches the pattern set rule
+-- statement if the request component matches any of the patterns in the
+-- set. To create a regex pattern set, see CreateRegexPatternSet.
+--
+-- Each regex pattern set rule statement references a regex pattern set.
+-- You create and maintain the set independent of your rules. This allows
+-- you to use the single set in multiple rules. When you update the
+-- referenced set, WAF automatically updates all rules that reference it.
+--
+-- 'ruleGroupReferenceStatement', 'statement_ruleGroupReferenceStatement' - A rule statement used to run the rules that are defined in a RuleGroup.
+-- To use this, create a rule group with your rules, then provide the ARN
+-- of the rule group in this statement.
+--
+-- You cannot nest a @RuleGroupReferenceStatement@, for example for use
+-- inside a @NotStatement@ or @OrStatement@. You can only use a rule group
+-- reference statement at the top level inside a web ACL.
+--
+-- 'sizeConstraintStatement', 'statement_sizeConstraintStatement' - A rule statement that compares a number of bytes against the size of a
+-- request component, using a comparison operator, such as greater than (>)
+-- or less than (\<). For example, you can use a size constraint statement
+-- to look for query strings that are longer than 100 bytes.
+--
+-- If you configure WAF to inspect the request body, WAF inspects only the
+-- first 8192 bytes (8 KB). If the request body for your web requests never
+-- exceeds 8192 bytes, you could use a size constraint statement to block
+-- requests that have a request body greater than 8192 bytes.
+--
+-- If you choose URI for the value of Part of the request to filter on, the
+-- slash (\/) in the URI counts as one character. For example, the URI
+-- @\/logo.jpg@ is nine characters long.
+--
+-- 'sqliMatchStatement', 'statement_sqliMatchStatement' - A rule statement that inspects for malicious SQL code. Attackers insert
+-- malicious SQL code into web requests to do things like modify your
+-- database or extract data from it.
+--
+-- 'xssMatchStatement', 'statement_xssMatchStatement' - A rule statement that inspects for cross-site scripting (XSS) attacks.
+-- In XSS attacks, the attacker uses vulnerabilities in a benign website as
+-- a vehicle to inject malicious client-site scripts into other legitimate
+-- web browsers.
+newStatement ::
+  Statement
+newStatement =
+  Statement'
+    { andStatement = Prelude.Nothing,
+      byteMatchStatement = Prelude.Nothing,
+      geoMatchStatement = Prelude.Nothing,
+      iPSetReferenceStatement = Prelude.Nothing,
+      labelMatchStatement = Prelude.Nothing,
+      managedRuleGroupStatement = Prelude.Nothing,
+      notStatement = Prelude.Nothing,
+      orStatement = Prelude.Nothing,
+      rateBasedStatement = Prelude.Nothing,
+      regexMatchStatement = Prelude.Nothing,
+      regexPatternSetReferenceStatement = Prelude.Nothing,
+      ruleGroupReferenceStatement = Prelude.Nothing,
+      sizeConstraintStatement = Prelude.Nothing,
+      sqliMatchStatement = Prelude.Nothing,
+      xssMatchStatement = Prelude.Nothing
+    }
+
+-- | A logical rule statement used to combine other rule statements with AND
+-- logic. You provide more than one Statement within the @AndStatement@.
+statement_andStatement :: Lens.Lens' Statement (Prelude.Maybe AndStatement)
+statement_andStatement = Lens.lens (\Statement' {andStatement} -> andStatement) (\s@Statement' {} a -> s {andStatement = a} :: Statement)
+
+-- | A rule statement that defines a string match search for WAF to apply to
+-- web requests. The byte match statement provides the bytes to search for,
+-- the location in requests that you want WAF to search, and other
+-- settings. The bytes to search for are typically a string that
+-- corresponds with ASCII characters. In the WAF console and the developer
+-- guide, this is called a string match statement.
+statement_byteMatchStatement :: Lens.Lens' Statement (Prelude.Maybe ByteMatchStatement)
+statement_byteMatchStatement = Lens.lens (\Statement' {byteMatchStatement} -> byteMatchStatement) (\s@Statement' {} a -> s {byteMatchStatement = a} :: Statement)
+
+-- | A rule statement that labels web requests by country and region and that
+-- matches against web requests based on country code. A geo match rule
+-- labels every request that it inspects regardless of whether it finds a
+-- match.
+--
+-- -   To manage requests only by country, you can use this statement by
+--     itself and specify the countries that you want to match against in
+--     the @CountryCodes@ array.
+--
+-- -   Otherwise, configure your geo match rule with Count action so that
+--     it only labels requests. Then, add one or more label match rules to
+--     run after the geo match rule and configure them to match against the
+--     geographic labels and handle the requests as needed.
+--
+-- WAF labels requests using the alpha-2 country and region codes from the
+-- International Organization for Standardization (ISO) 3166 standard. WAF
+-- determines the codes using either the IP address in the web request
+-- origin or, if you specify it, the address in the geo match
+-- @ForwardedIPConfig@.
+--
+-- If you use the web request origin, the label formats are
+-- @awswaf:clientip:geo:region:\<ISO country code>-\<ISO region code>@ and
+-- @awswaf:clientip:geo:country:\<ISO country code>@.
+--
+-- If you use a forwarded IP address, the label formats are
+-- @awswaf:forwardedip:geo:region:\<ISO country code>-\<ISO region code>@
+-- and @awswaf:forwardedip:geo:country:\<ISO country code>@.
+--
+-- For additional details, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-geo-match.html Geographic match rule statement>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+statement_geoMatchStatement :: Lens.Lens' Statement (Prelude.Maybe GeoMatchStatement)
+statement_geoMatchStatement = Lens.lens (\Statement' {geoMatchStatement} -> geoMatchStatement) (\s@Statement' {} a -> s {geoMatchStatement = a} :: Statement)
+
+-- | A rule statement used to detect web requests coming from particular IP
+-- addresses or address ranges. To use this, create an IPSet that specifies
+-- the addresses you want to detect, then use the ARN of that set in this
+-- statement. To create an IP set, see CreateIPSet.
+--
+-- Each IP set rule statement references an IP set. You create and maintain
+-- the set independent of your rules. This allows you to use the single set
+-- in multiple rules. When you update the referenced set, WAF automatically
+-- updates all rules that reference it.
+statement_iPSetReferenceStatement :: Lens.Lens' Statement (Prelude.Maybe IPSetReferenceStatement)
+statement_iPSetReferenceStatement = Lens.lens (\Statement' {iPSetReferenceStatement} -> iPSetReferenceStatement) (\s@Statement' {} a -> s {iPSetReferenceStatement = a} :: Statement)
+
+-- | A rule statement to match against labels that have been added to the web
+-- request by rules that have already run in the web ACL.
+--
+-- The label match statement provides the label or namespace string to
+-- search for. The label string can represent a part or all of the fully
+-- qualified label name that had been added to the web request. Fully
+-- qualified labels have a prefix, optional namespaces, and label name. The
+-- prefix identifies the rule group or web ACL context of the rule that
+-- added the label. If you do not provide the fully qualified name in your
+-- label match string, WAF performs the search for labels that were added
+-- in the same context as the label match statement.
+statement_labelMatchStatement :: Lens.Lens' Statement (Prelude.Maybe LabelMatchStatement)
+statement_labelMatchStatement = Lens.lens (\Statement' {labelMatchStatement} -> labelMatchStatement) (\s@Statement' {} a -> s {labelMatchStatement = a} :: Statement)
+
+-- | A rule statement used to run the rules that are defined in a managed
+-- rule group. To use this, provide the vendor name and the name of the
+-- rule group in this statement. You can retrieve the required names by
+-- calling ListAvailableManagedRuleGroups.
+--
+-- You cannot nest a @ManagedRuleGroupStatement@, for example for use
+-- inside a @NotStatement@ or @OrStatement@. It can only be referenced as a
+-- top-level statement within a rule.
+--
+-- You are charged additional fees when you use the WAF Bot Control managed
+-- rule group @AWSManagedRulesBotControlRuleSet@ or the WAF Fraud Control
+-- account takeover prevention (ATP) managed rule group
+-- @AWSManagedRulesATPRuleSet@. For more information, see
+-- <http://aws.amazon.com/waf/pricing/ WAF Pricing>.
+statement_managedRuleGroupStatement :: Lens.Lens' Statement (Prelude.Maybe ManagedRuleGroupStatement)
+statement_managedRuleGroupStatement = Lens.lens (\Statement' {managedRuleGroupStatement} -> managedRuleGroupStatement) (\s@Statement' {} a -> s {managedRuleGroupStatement = a} :: Statement)
+
+-- | A logical rule statement used to negate the results of another rule
+-- statement. You provide one Statement within the @NotStatement@.
+statement_notStatement :: Lens.Lens' Statement (Prelude.Maybe NotStatement)
+statement_notStatement = Lens.lens (\Statement' {notStatement} -> notStatement) (\s@Statement' {} a -> s {notStatement = a} :: Statement)
+
+-- | A logical rule statement used to combine other rule statements with OR
+-- logic. You provide more than one Statement within the @OrStatement@.
+statement_orStatement :: Lens.Lens' Statement (Prelude.Maybe OrStatement)
+statement_orStatement = Lens.lens (\Statement' {orStatement} -> orStatement) (\s@Statement' {} a -> s {orStatement = a} :: Statement)
+
+-- | A rate-based rule tracks the rate of requests for each originating IP
+-- address, and triggers the rule action when the rate exceeds a limit that
+-- you specify on the number of requests in any 5-minute time span. You can
+-- use this to put a temporary block on requests from an IP address that is
+-- sending excessive requests.
+--
+-- WAF tracks and manages web requests separately for each instance of a
+-- rate-based rule that you use. For example, if you provide the same
+-- rate-based rule settings in two web ACLs, each of the two rule
+-- statements represents a separate instance of the rate-based rule and
+-- gets its own tracking and management by WAF. If you define a rate-based
+-- rule inside a rule group, and then use that rule group in multiple
+-- places, each use creates a separate instance of the rate-based rule that
+-- gets its own tracking and management by WAF.
+--
+-- When the rule action triggers, WAF blocks additional requests from the
+-- IP address until the request rate falls below the limit.
+--
+-- You can optionally nest another statement inside the rate-based
+-- statement, to narrow the scope of the rule so that it only counts
+-- requests that match the nested statement. For example, based on recent
+-- requests that you have seen from an attacker, you might create a
+-- rate-based rule with a nested AND rule statement that contains the
+-- following nested statements:
+--
+-- -   An IP match statement with an IP set that specified the address
+--     192.0.2.44.
+--
+-- -   A string match statement that searches in the User-Agent header for
+--     the string BadBot.
+--
+-- In this rate-based rule, you also define a rate limit. For this example,
+-- the rate limit is 1,000. Requests that meet the criteria of both of the
+-- nested statements are counted. If the count exceeds 1,000 requests per
+-- five minutes, the rule action triggers. Requests that do not meet the
+-- criteria of both of the nested statements are not counted towards the
+-- rate limit and are not affected by this rule.
+--
+-- You cannot nest a @RateBasedStatement@ inside another statement, for
+-- example inside a @NotStatement@ or @OrStatement@. You can define a
+-- @RateBasedStatement@ inside a web ACL and inside a rule group.
+statement_rateBasedStatement :: Lens.Lens' Statement (Prelude.Maybe RateBasedStatement)
+statement_rateBasedStatement = Lens.lens (\Statement' {rateBasedStatement} -> rateBasedStatement) (\s@Statement' {} a -> s {rateBasedStatement = a} :: Statement)
+
+-- | A rule statement used to search web request components for a match
+-- against a single regular expression.
+statement_regexMatchStatement :: Lens.Lens' Statement (Prelude.Maybe RegexMatchStatement)
+statement_regexMatchStatement = Lens.lens (\Statement' {regexMatchStatement} -> regexMatchStatement) (\s@Statement' {} a -> s {regexMatchStatement = a} :: Statement)
+
+-- | A rule statement used to search web request components for matches with
+-- regular expressions. To use this, create a RegexPatternSet that
+-- specifies the expressions that you want to detect, then use the ARN of
+-- that set in this statement. A web request matches the pattern set rule
+-- statement if the request component matches any of the patterns in the
+-- set. To create a regex pattern set, see CreateRegexPatternSet.
+--
+-- Each regex pattern set rule statement references a regex pattern set.
+-- You create and maintain the set independent of your rules. This allows
+-- you to use the single set in multiple rules. When you update the
+-- referenced set, WAF automatically updates all rules that reference it.
+statement_regexPatternSetReferenceStatement :: Lens.Lens' Statement (Prelude.Maybe RegexPatternSetReferenceStatement)
+statement_regexPatternSetReferenceStatement = Lens.lens (\Statement' {regexPatternSetReferenceStatement} -> regexPatternSetReferenceStatement) (\s@Statement' {} a -> s {regexPatternSetReferenceStatement = a} :: Statement)
+
+-- | A rule statement used to run the rules that are defined in a RuleGroup.
+-- To use this, create a rule group with your rules, then provide the ARN
+-- of the rule group in this statement.
+--
+-- You cannot nest a @RuleGroupReferenceStatement@, for example for use
+-- inside a @NotStatement@ or @OrStatement@. You can only use a rule group
+-- reference statement at the top level inside a web ACL.
+statement_ruleGroupReferenceStatement :: Lens.Lens' Statement (Prelude.Maybe RuleGroupReferenceStatement)
+statement_ruleGroupReferenceStatement = Lens.lens (\Statement' {ruleGroupReferenceStatement} -> ruleGroupReferenceStatement) (\s@Statement' {} a -> s {ruleGroupReferenceStatement = a} :: Statement)
+
+-- | A rule statement that compares a number of bytes against the size of a
+-- request component, using a comparison operator, such as greater than (>)
+-- or less than (\<). For example, you can use a size constraint statement
+-- to look for query strings that are longer than 100 bytes.
+--
+-- If you configure WAF to inspect the request body, WAF inspects only the
+-- first 8192 bytes (8 KB). If the request body for your web requests never
+-- exceeds 8192 bytes, you could use a size constraint statement to block
+-- requests that have a request body greater than 8192 bytes.
+--
+-- If you choose URI for the value of Part of the request to filter on, the
+-- slash (\/) in the URI counts as one character. For example, the URI
+-- @\/logo.jpg@ is nine characters long.
+statement_sizeConstraintStatement :: Lens.Lens' Statement (Prelude.Maybe SizeConstraintStatement)
+statement_sizeConstraintStatement = Lens.lens (\Statement' {sizeConstraintStatement} -> sizeConstraintStatement) (\s@Statement' {} a -> s {sizeConstraintStatement = a} :: Statement)
+
+-- | A rule statement that inspects for malicious SQL code. Attackers insert
+-- malicious SQL code into web requests to do things like modify your
+-- database or extract data from it.
+statement_sqliMatchStatement :: Lens.Lens' Statement (Prelude.Maybe SqliMatchStatement)
+statement_sqliMatchStatement = Lens.lens (\Statement' {sqliMatchStatement} -> sqliMatchStatement) (\s@Statement' {} a -> s {sqliMatchStatement = a} :: Statement)
+
+-- | A rule statement that inspects for cross-site scripting (XSS) attacks.
+-- In XSS attacks, the attacker uses vulnerabilities in a benign website as
+-- a vehicle to inject malicious client-site scripts into other legitimate
+-- web browsers.
+statement_xssMatchStatement :: Lens.Lens' Statement (Prelude.Maybe XssMatchStatement)
+statement_xssMatchStatement = Lens.lens (\Statement' {xssMatchStatement} -> xssMatchStatement) (\s@Statement' {} a -> s {xssMatchStatement = a} :: Statement)
+
+instance Data.FromJSON Statement where
+  parseJSON =
+    Data.withObject
+      "Statement"
+      ( \x ->
+          Statement'
+            Prelude.<$> (x Data..:? "AndStatement")
+            Prelude.<*> (x Data..:? "ByteMatchStatement")
+            Prelude.<*> (x Data..:? "GeoMatchStatement")
+            Prelude.<*> (x Data..:? "IPSetReferenceStatement")
+            Prelude.<*> (x Data..:? "LabelMatchStatement")
+            Prelude.<*> (x Data..:? "ManagedRuleGroupStatement")
+            Prelude.<*> (x Data..:? "NotStatement")
+            Prelude.<*> (x Data..:? "OrStatement")
+            Prelude.<*> (x Data..:? "RateBasedStatement")
+            Prelude.<*> (x Data..:? "RegexMatchStatement")
+            Prelude.<*> (x Data..:? "RegexPatternSetReferenceStatement")
+            Prelude.<*> (x Data..:? "RuleGroupReferenceStatement")
+            Prelude.<*> (x Data..:? "SizeConstraintStatement")
+            Prelude.<*> (x Data..:? "SqliMatchStatement")
+            Prelude.<*> (x Data..:? "XssMatchStatement")
+      )
+
+instance Prelude.Hashable Statement where
+  hashWithSalt _salt Statement' {..} =
+    _salt
+      `Prelude.hashWithSalt` andStatement
+      `Prelude.hashWithSalt` byteMatchStatement
+      `Prelude.hashWithSalt` geoMatchStatement
+      `Prelude.hashWithSalt` iPSetReferenceStatement
+      `Prelude.hashWithSalt` labelMatchStatement
+      `Prelude.hashWithSalt` managedRuleGroupStatement
+      `Prelude.hashWithSalt` notStatement
+      `Prelude.hashWithSalt` orStatement
+      `Prelude.hashWithSalt` rateBasedStatement
+      `Prelude.hashWithSalt` regexMatchStatement
+      `Prelude.hashWithSalt` regexPatternSetReferenceStatement
+      `Prelude.hashWithSalt` ruleGroupReferenceStatement
+      `Prelude.hashWithSalt` sizeConstraintStatement
+      `Prelude.hashWithSalt` sqliMatchStatement
+      `Prelude.hashWithSalt` xssMatchStatement
+
+instance Prelude.NFData Statement where
+  rnf Statement' {..} =
+    Prelude.rnf andStatement
+      `Prelude.seq` Prelude.rnf byteMatchStatement
+      `Prelude.seq` Prelude.rnf geoMatchStatement
+      `Prelude.seq` Prelude.rnf iPSetReferenceStatement
+      `Prelude.seq` Prelude.rnf labelMatchStatement
+      `Prelude.seq` Prelude.rnf managedRuleGroupStatement
+      `Prelude.seq` Prelude.rnf notStatement
+      `Prelude.seq` Prelude.rnf orStatement
+      `Prelude.seq` Prelude.rnf rateBasedStatement
+      `Prelude.seq` Prelude.rnf regexMatchStatement
+      `Prelude.seq` Prelude.rnf regexPatternSetReferenceStatement
+      `Prelude.seq` Prelude.rnf ruleGroupReferenceStatement
+      `Prelude.seq` Prelude.rnf sizeConstraintStatement
+      `Prelude.seq` Prelude.rnf sqliMatchStatement
+      `Prelude.seq` Prelude.rnf xssMatchStatement
+
+instance Data.ToJSON Statement where
+  toJSON Statement' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AndStatement" Data..=) Prelude.<$> andStatement,
+            ("ByteMatchStatement" Data..=)
+              Prelude.<$> byteMatchStatement,
+            ("GeoMatchStatement" Data..=)
+              Prelude.<$> geoMatchStatement,
+            ("IPSetReferenceStatement" Data..=)
+              Prelude.<$> iPSetReferenceStatement,
+            ("LabelMatchStatement" Data..=)
+              Prelude.<$> labelMatchStatement,
+            ("ManagedRuleGroupStatement" Data..=)
+              Prelude.<$> managedRuleGroupStatement,
+            ("NotStatement" Data..=) Prelude.<$> notStatement,
+            ("OrStatement" Data..=) Prelude.<$> orStatement,
+            ("RateBasedStatement" Data..=)
+              Prelude.<$> rateBasedStatement,
+            ("RegexMatchStatement" Data..=)
+              Prelude.<$> regexMatchStatement,
+            ("RegexPatternSetReferenceStatement" Data..=)
+              Prelude.<$> regexPatternSetReferenceStatement,
+            ("RuleGroupReferenceStatement" Data..=)
+              Prelude.<$> ruleGroupReferenceStatement,
+            ("SizeConstraintStatement" Data..=)
+              Prelude.<$> sizeConstraintStatement,
+            ("SqliMatchStatement" Data..=)
+              Prelude.<$> sqliMatchStatement,
+            ("XssMatchStatement" Data..=)
+              Prelude.<$> xssMatchStatement
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/Statement.hs-boot b/gen/Amazonka/WAFV2/Types/Statement.hs-boot
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/Statement.hs-boot
@@ -0,0 +1,33 @@
+{-# OPTIONS_GHC -Wno-missing-methods #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.Statement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.Statement where
+
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+data Statement
+
+instance Prelude.Eq Statement
+
+instance Prelude.Read Statement
+
+instance Prelude.Show Statement
+
+instance Prelude.Generic Statement
+
+instance Data.ToJSON Statement
+
+instance Data.FromJSON Statement
+
+instance Prelude.NFData Statement
+
+instance Prelude.Hashable Statement
diff --git a/gen/Amazonka/WAFV2/Types/Tag.hs b/gen/Amazonka/WAFV2/Types/Tag.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/Tag.hs
@@ -0,0 +1,117 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.Tag
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.Tag where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A tag associated with an Amazon Web Services resource. Tags are
+-- key:value pairs that you can use to categorize and manage your
+-- resources, for purposes like billing or other management. Typically, the
+-- tag key represents a category, such as \"environment\", and the tag
+-- value represents a specific value within that category, such as
+-- \"test,\" \"development,\" or \"production\". Or you might set the tag
+-- key to \"customer\" and the value to the customer name or ID. You can
+-- specify one or more tags to add to each Amazon Web Services resource, up
+-- to 50 tags for a resource.
+--
+-- You can tag the Amazon Web Services resources that you manage through
+-- WAF: web ACLs, rule groups, IP sets, and regex pattern sets. You can\'t
+-- manage or view tags through the WAF console.
+--
+-- /See:/ 'newTag' smart constructor.
+data Tag = Tag'
+  { -- | Part of the key:value pair that defines a tag. You can use a tag key to
+    -- describe a category of information, such as \"customer.\" Tag keys are
+    -- case-sensitive.
+    key :: Prelude.Text,
+    -- | Part of the key:value pair that defines a tag. You can use a tag value
+    -- to describe a specific value within a category, such as \"companyA\" or
+    -- \"companyB.\" Tag values are case-sensitive.
+    value :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'Tag' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'key', 'tag_key' - Part of the key:value pair that defines a tag. You can use a tag key to
+-- describe a category of information, such as \"customer.\" Tag keys are
+-- case-sensitive.
+--
+-- 'value', 'tag_value' - Part of the key:value pair that defines a tag. You can use a tag value
+-- to describe a specific value within a category, such as \"companyA\" or
+-- \"companyB.\" Tag values are case-sensitive.
+newTag ::
+  -- | 'key'
+  Prelude.Text ->
+  -- | 'value'
+  Prelude.Text ->
+  Tag
+newTag pKey_ pValue_ =
+  Tag' {key = pKey_, value = pValue_}
+
+-- | Part of the key:value pair that defines a tag. You can use a tag key to
+-- describe a category of information, such as \"customer.\" Tag keys are
+-- case-sensitive.
+tag_key :: Lens.Lens' Tag Prelude.Text
+tag_key = Lens.lens (\Tag' {key} -> key) (\s@Tag' {} a -> s {key = a} :: Tag)
+
+-- | Part of the key:value pair that defines a tag. You can use a tag value
+-- to describe a specific value within a category, such as \"companyA\" or
+-- \"companyB.\" Tag values are case-sensitive.
+tag_value :: Lens.Lens' Tag Prelude.Text
+tag_value = Lens.lens (\Tag' {value} -> value) (\s@Tag' {} a -> s {value = a} :: Tag)
+
+instance Data.FromJSON Tag where
+  parseJSON =
+    Data.withObject
+      "Tag"
+      ( \x ->
+          Tag'
+            Prelude.<$> (x Data..: "Key")
+            Prelude.<*> (x Data..: "Value")
+      )
+
+instance Prelude.Hashable Tag where
+  hashWithSalt _salt Tag' {..} =
+    _salt
+      `Prelude.hashWithSalt` key
+      `Prelude.hashWithSalt` value
+
+instance Prelude.NFData Tag where
+  rnf Tag' {..} =
+    Prelude.rnf key `Prelude.seq` Prelude.rnf value
+
+instance Data.ToJSON Tag where
+  toJSON Tag' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Key" Data..= key),
+            Prelude.Just ("Value" Data..= value)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/TagInfoForResource.hs b/gen/Amazonka/WAFV2/Types/TagInfoForResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/TagInfoForResource.hs
@@ -0,0 +1,97 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.TagInfoForResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.TagInfoForResource where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.Tag
+
+-- | The collection of tagging definitions for an Amazon Web Services
+-- resource. Tags are key:value pairs that you can use to categorize and
+-- manage your resources, for purposes like billing or other management.
+-- Typically, the tag key represents a category, such as \"environment\",
+-- and the tag value represents a specific value within that category, such
+-- as \"test,\" \"development,\" or \"production\". Or you might set the
+-- tag key to \"customer\" and the value to the customer name or ID. You
+-- can specify one or more tags to add to each Amazon Web Services
+-- resource, up to 50 tags for a resource.
+--
+-- You can tag the Amazon Web Services resources that you manage through
+-- WAF: web ACLs, rule groups, IP sets, and regex pattern sets. You can\'t
+-- manage or view tags through the WAF console.
+--
+-- /See:/ 'newTagInfoForResource' smart constructor.
+data TagInfoForResource = TagInfoForResource'
+  { -- | The Amazon Resource Name (ARN) of the resource.
+    resourceARN :: Prelude.Maybe Prelude.Text,
+    -- | The array of Tag objects defined for the resource.
+    tagList :: Prelude.Maybe (Prelude.NonEmpty Tag)
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TagInfoForResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceARN', 'tagInfoForResource_resourceARN' - The Amazon Resource Name (ARN) of the resource.
+--
+-- 'tagList', 'tagInfoForResource_tagList' - The array of Tag objects defined for the resource.
+newTagInfoForResource ::
+  TagInfoForResource
+newTagInfoForResource =
+  TagInfoForResource'
+    { resourceARN = Prelude.Nothing,
+      tagList = Prelude.Nothing
+    }
+
+-- | The Amazon Resource Name (ARN) of the resource.
+tagInfoForResource_resourceARN :: Lens.Lens' TagInfoForResource (Prelude.Maybe Prelude.Text)
+tagInfoForResource_resourceARN = Lens.lens (\TagInfoForResource' {resourceARN} -> resourceARN) (\s@TagInfoForResource' {} a -> s {resourceARN = a} :: TagInfoForResource)
+
+-- | The array of Tag objects defined for the resource.
+tagInfoForResource_tagList :: Lens.Lens' TagInfoForResource (Prelude.Maybe (Prelude.NonEmpty Tag))
+tagInfoForResource_tagList = Lens.lens (\TagInfoForResource' {tagList} -> tagList) (\s@TagInfoForResource' {} a -> s {tagList = a} :: TagInfoForResource) Prelude.. Lens.mapping Lens.coerced
+
+instance Data.FromJSON TagInfoForResource where
+  parseJSON =
+    Data.withObject
+      "TagInfoForResource"
+      ( \x ->
+          TagInfoForResource'
+            Prelude.<$> (x Data..:? "ResourceARN")
+            Prelude.<*> (x Data..:? "TagList")
+      )
+
+instance Prelude.Hashable TagInfoForResource where
+  hashWithSalt _salt TagInfoForResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceARN
+      `Prelude.hashWithSalt` tagList
+
+instance Prelude.NFData TagInfoForResource where
+  rnf TagInfoForResource' {..} =
+    Prelude.rnf resourceARN
+      `Prelude.seq` Prelude.rnf tagList
diff --git a/gen/Amazonka/WAFV2/Types/TextTransformation.hs b/gen/Amazonka/WAFV2/Types/TextTransformation.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/TextTransformation.hs
@@ -0,0 +1,459 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.TextTransformation
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.TextTransformation where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.TextTransformationType
+
+-- | Text transformations eliminate some of the unusual formatting that
+-- attackers use in web requests in an effort to bypass detection.
+--
+-- /See:/ 'newTextTransformation' smart constructor.
+data TextTransformation = TextTransformation'
+  { -- | Sets the relative processing order for multiple transformations that are
+    -- defined for a rule statement. WAF processes all transformations, from
+    -- lowest priority to highest, before inspecting the transformed content.
+    -- The priorities don\'t need to be consecutive, but they must all be
+    -- different.
+    priority :: Prelude.Natural,
+    -- | You can specify the following transformation types:
+    --
+    -- __BASE64_DECODE__ - Decode a @Base64@-encoded string.
+    --
+    -- __BASE64_DECODE_EXT__ - Decode a @Base64@-encoded string, but use a
+    -- forgiving implementation that ignores characters that aren\'t valid.
+    --
+    -- __CMD_LINE__ - Command-line transformations. These are helpful in
+    -- reducing effectiveness of attackers who inject an operating system
+    -- command-line command and use unusual formatting to disguise some or all
+    -- of the command.
+    --
+    -- -   Delete the following characters: @\\ \" \' ^@
+    --
+    -- -   Delete spaces before the following characters: @\/ (@
+    --
+    -- -   Replace the following characters with a space: @, ;@
+    --
+    -- -   Replace multiple spaces with one space
+    --
+    -- -   Convert uppercase letters (A-Z) to lowercase (a-z)
+    --
+    -- __COMPRESS_WHITE_SPACE__ - Replace these characters with a space
+    -- character (decimal 32):
+    --
+    -- -   @\\f@, formfeed, decimal 12
+    --
+    -- -   @\\t@, tab, decimal 9
+    --
+    -- -   @\\n@, newline, decimal 10
+    --
+    -- -   @\\r@, carriage return, decimal 13
+    --
+    -- -   @\\v@, vertical tab, decimal 11
+    --
+    -- -   Non-breaking space, decimal 160
+    --
+    -- @COMPRESS_WHITE_SPACE@ also replaces multiple spaces with one space.
+    --
+    -- __CSS_DECODE__ - Decode characters that were encoded using CSS 2.x
+    -- escape rules @syndata.html#characters@. This function uses up to two
+    -- bytes in the decoding process, so it can help to uncover ASCII
+    -- characters that were encoded using CSS encoding that wouldn’t typically
+    -- be encoded. It\'s also useful in countering evasion, which is a
+    -- combination of a backslash and non-hexadecimal characters. For example,
+    -- @ja\\vascript@ for javascript.
+    --
+    -- __ESCAPE_SEQ_DECODE__ - Decode the following ANSI C escape sequences:
+    -- @\\a@, @\\b@, @\\f@, @\\n@, @\\r@, @\\t@, @\\v@, @\\\\@, @\\?@, @\\\'@,
+    -- @\\\"@, @\\xHH@ (hexadecimal), @\\0OOO@ (octal). Encodings that aren\'t
+    -- valid remain in the output.
+    --
+    -- __HEX_DECODE__ - Decode a string of hexadecimal characters into a
+    -- binary.
+    --
+    -- __HTML_ENTITY_DECODE__ - Replace HTML-encoded characters with unencoded
+    -- characters. @HTML_ENTITY_DECODE@ performs these operations:
+    --
+    -- -   Replaces @(ampersand)quot;@ with @\"@
+    --
+    -- -   Replaces @(ampersand)nbsp;@ with a non-breaking space, decimal 160
+    --
+    -- -   Replaces @(ampersand)lt;@ with a \"less than\" symbol
+    --
+    -- -   Replaces @(ampersand)gt;@ with @>@
+    --
+    -- -   Replaces characters that are represented in hexadecimal format,
+    --     @(ampersand)#xhhhh;@, with the corresponding characters
+    --
+    -- -   Replaces characters that are represented in decimal format,
+    --     @(ampersand)#nnnn;@, with the corresponding characters
+    --
+    -- __JS_DECODE__ - Decode JavaScript escape sequences. If a @\\@ @u@ @HHHH@
+    -- code is in the full-width ASCII code range of @FF01-FF5E@, then the
+    -- higher byte is used to detect and adjust the lower byte. If not, only
+    -- the lower byte is used and the higher byte is zeroed, causing a possible
+    -- loss of information.
+    --
+    -- __LOWERCASE__ - Convert uppercase letters (A-Z) to lowercase (a-z).
+    --
+    -- __MD5__ - Calculate an MD5 hash from the data in the input. The computed
+    -- hash is in a raw binary form.
+    --
+    -- __NONE__ - Specify @NONE@ if you don\'t want any text transformations.
+    --
+    -- __NORMALIZE_PATH__ - Remove multiple slashes, directory self-references,
+    -- and directory back-references that are not at the beginning of the input
+    -- from an input string.
+    --
+    -- __NORMALIZE_PATH_WIN__ - This is the same as @NORMALIZE_PATH@, but first
+    -- converts backslash characters to forward slashes.
+    --
+    -- __REMOVE_NULLS__ - Remove all @NULL@ bytes from the input.
+    --
+    -- __REPLACE_COMMENTS__ - Replace each occurrence of a C-style comment
+    -- (@\/* ... *\/@) with a single space. Multiple consecutive occurrences
+    -- are not compressed. Unterminated comments are also replaced with a space
+    -- (ASCII 0x20). However, a standalone termination of a comment (@*\/@) is
+    -- not acted upon.
+    --
+    -- __REPLACE_NULLS__ - Replace NULL bytes in the input with space
+    -- characters (ASCII @0x20@).
+    --
+    -- __SQL_HEX_DECODE__ - Decode SQL hex data. Example (@0x414243@) will be
+    -- decoded to (@ABC@).
+    --
+    -- __URL_DECODE__ - Decode a URL-encoded value.
+    --
+    -- __URL_DECODE_UNI__ - Like @URL_DECODE@, but with support for
+    -- Microsoft-specific @%u@ encoding. If the code is in the full-width ASCII
+    -- code range of @FF01-FF5E@, the higher byte is used to detect and adjust
+    -- the lower byte. Otherwise, only the lower byte is used and the higher
+    -- byte is zeroed.
+    --
+    -- __UTF8_TO_UNICODE__ - Convert all UTF-8 character sequences to Unicode.
+    -- This helps input normalization, and minimizing false-positives and
+    -- false-negatives for non-English languages.
+    type' :: TextTransformationType
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TextTransformation' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'priority', 'textTransformation_priority' - Sets the relative processing order for multiple transformations that are
+-- defined for a rule statement. WAF processes all transformations, from
+-- lowest priority to highest, before inspecting the transformed content.
+-- The priorities don\'t need to be consecutive, but they must all be
+-- different.
+--
+-- 'type'', 'textTransformation_type' - You can specify the following transformation types:
+--
+-- __BASE64_DECODE__ - Decode a @Base64@-encoded string.
+--
+-- __BASE64_DECODE_EXT__ - Decode a @Base64@-encoded string, but use a
+-- forgiving implementation that ignores characters that aren\'t valid.
+--
+-- __CMD_LINE__ - Command-line transformations. These are helpful in
+-- reducing effectiveness of attackers who inject an operating system
+-- command-line command and use unusual formatting to disguise some or all
+-- of the command.
+--
+-- -   Delete the following characters: @\\ \" \' ^@
+--
+-- -   Delete spaces before the following characters: @\/ (@
+--
+-- -   Replace the following characters with a space: @, ;@
+--
+-- -   Replace multiple spaces with one space
+--
+-- -   Convert uppercase letters (A-Z) to lowercase (a-z)
+--
+-- __COMPRESS_WHITE_SPACE__ - Replace these characters with a space
+-- character (decimal 32):
+--
+-- -   @\\f@, formfeed, decimal 12
+--
+-- -   @\\t@, tab, decimal 9
+--
+-- -   @\\n@, newline, decimal 10
+--
+-- -   @\\r@, carriage return, decimal 13
+--
+-- -   @\\v@, vertical tab, decimal 11
+--
+-- -   Non-breaking space, decimal 160
+--
+-- @COMPRESS_WHITE_SPACE@ also replaces multiple spaces with one space.
+--
+-- __CSS_DECODE__ - Decode characters that were encoded using CSS 2.x
+-- escape rules @syndata.html#characters@. This function uses up to two
+-- bytes in the decoding process, so it can help to uncover ASCII
+-- characters that were encoded using CSS encoding that wouldn’t typically
+-- be encoded. It\'s also useful in countering evasion, which is a
+-- combination of a backslash and non-hexadecimal characters. For example,
+-- @ja\\vascript@ for javascript.
+--
+-- __ESCAPE_SEQ_DECODE__ - Decode the following ANSI C escape sequences:
+-- @\\a@, @\\b@, @\\f@, @\\n@, @\\r@, @\\t@, @\\v@, @\\\\@, @\\?@, @\\\'@,
+-- @\\\"@, @\\xHH@ (hexadecimal), @\\0OOO@ (octal). Encodings that aren\'t
+-- valid remain in the output.
+--
+-- __HEX_DECODE__ - Decode a string of hexadecimal characters into a
+-- binary.
+--
+-- __HTML_ENTITY_DECODE__ - Replace HTML-encoded characters with unencoded
+-- characters. @HTML_ENTITY_DECODE@ performs these operations:
+--
+-- -   Replaces @(ampersand)quot;@ with @\"@
+--
+-- -   Replaces @(ampersand)nbsp;@ with a non-breaking space, decimal 160
+--
+-- -   Replaces @(ampersand)lt;@ with a \"less than\" symbol
+--
+-- -   Replaces @(ampersand)gt;@ with @>@
+--
+-- -   Replaces characters that are represented in hexadecimal format,
+--     @(ampersand)#xhhhh;@, with the corresponding characters
+--
+-- -   Replaces characters that are represented in decimal format,
+--     @(ampersand)#nnnn;@, with the corresponding characters
+--
+-- __JS_DECODE__ - Decode JavaScript escape sequences. If a @\\@ @u@ @HHHH@
+-- code is in the full-width ASCII code range of @FF01-FF5E@, then the
+-- higher byte is used to detect and adjust the lower byte. If not, only
+-- the lower byte is used and the higher byte is zeroed, causing a possible
+-- loss of information.
+--
+-- __LOWERCASE__ - Convert uppercase letters (A-Z) to lowercase (a-z).
+--
+-- __MD5__ - Calculate an MD5 hash from the data in the input. The computed
+-- hash is in a raw binary form.
+--
+-- __NONE__ - Specify @NONE@ if you don\'t want any text transformations.
+--
+-- __NORMALIZE_PATH__ - Remove multiple slashes, directory self-references,
+-- and directory back-references that are not at the beginning of the input
+-- from an input string.
+--
+-- __NORMALIZE_PATH_WIN__ - This is the same as @NORMALIZE_PATH@, but first
+-- converts backslash characters to forward slashes.
+--
+-- __REMOVE_NULLS__ - Remove all @NULL@ bytes from the input.
+--
+-- __REPLACE_COMMENTS__ - Replace each occurrence of a C-style comment
+-- (@\/* ... *\/@) with a single space. Multiple consecutive occurrences
+-- are not compressed. Unterminated comments are also replaced with a space
+-- (ASCII 0x20). However, a standalone termination of a comment (@*\/@) is
+-- not acted upon.
+--
+-- __REPLACE_NULLS__ - Replace NULL bytes in the input with space
+-- characters (ASCII @0x20@).
+--
+-- __SQL_HEX_DECODE__ - Decode SQL hex data. Example (@0x414243@) will be
+-- decoded to (@ABC@).
+--
+-- __URL_DECODE__ - Decode a URL-encoded value.
+--
+-- __URL_DECODE_UNI__ - Like @URL_DECODE@, but with support for
+-- Microsoft-specific @%u@ encoding. If the code is in the full-width ASCII
+-- code range of @FF01-FF5E@, the higher byte is used to detect and adjust
+-- the lower byte. Otherwise, only the lower byte is used and the higher
+-- byte is zeroed.
+--
+-- __UTF8_TO_UNICODE__ - Convert all UTF-8 character sequences to Unicode.
+-- This helps input normalization, and minimizing false-positives and
+-- false-negatives for non-English languages.
+newTextTransformation ::
+  -- | 'priority'
+  Prelude.Natural ->
+  -- | 'type''
+  TextTransformationType ->
+  TextTransformation
+newTextTransformation pPriority_ pType_ =
+  TextTransformation'
+    { priority = pPriority_,
+      type' = pType_
+    }
+
+-- | Sets the relative processing order for multiple transformations that are
+-- defined for a rule statement. WAF processes all transformations, from
+-- lowest priority to highest, before inspecting the transformed content.
+-- The priorities don\'t need to be consecutive, but they must all be
+-- different.
+textTransformation_priority :: Lens.Lens' TextTransformation Prelude.Natural
+textTransformation_priority = Lens.lens (\TextTransformation' {priority} -> priority) (\s@TextTransformation' {} a -> s {priority = a} :: TextTransformation)
+
+-- | You can specify the following transformation types:
+--
+-- __BASE64_DECODE__ - Decode a @Base64@-encoded string.
+--
+-- __BASE64_DECODE_EXT__ - Decode a @Base64@-encoded string, but use a
+-- forgiving implementation that ignores characters that aren\'t valid.
+--
+-- __CMD_LINE__ - Command-line transformations. These are helpful in
+-- reducing effectiveness of attackers who inject an operating system
+-- command-line command and use unusual formatting to disguise some or all
+-- of the command.
+--
+-- -   Delete the following characters: @\\ \" \' ^@
+--
+-- -   Delete spaces before the following characters: @\/ (@
+--
+-- -   Replace the following characters with a space: @, ;@
+--
+-- -   Replace multiple spaces with one space
+--
+-- -   Convert uppercase letters (A-Z) to lowercase (a-z)
+--
+-- __COMPRESS_WHITE_SPACE__ - Replace these characters with a space
+-- character (decimal 32):
+--
+-- -   @\\f@, formfeed, decimal 12
+--
+-- -   @\\t@, tab, decimal 9
+--
+-- -   @\\n@, newline, decimal 10
+--
+-- -   @\\r@, carriage return, decimal 13
+--
+-- -   @\\v@, vertical tab, decimal 11
+--
+-- -   Non-breaking space, decimal 160
+--
+-- @COMPRESS_WHITE_SPACE@ also replaces multiple spaces with one space.
+--
+-- __CSS_DECODE__ - Decode characters that were encoded using CSS 2.x
+-- escape rules @syndata.html#characters@. This function uses up to two
+-- bytes in the decoding process, so it can help to uncover ASCII
+-- characters that were encoded using CSS encoding that wouldn’t typically
+-- be encoded. It\'s also useful in countering evasion, which is a
+-- combination of a backslash and non-hexadecimal characters. For example,
+-- @ja\\vascript@ for javascript.
+--
+-- __ESCAPE_SEQ_DECODE__ - Decode the following ANSI C escape sequences:
+-- @\\a@, @\\b@, @\\f@, @\\n@, @\\r@, @\\t@, @\\v@, @\\\\@, @\\?@, @\\\'@,
+-- @\\\"@, @\\xHH@ (hexadecimal), @\\0OOO@ (octal). Encodings that aren\'t
+-- valid remain in the output.
+--
+-- __HEX_DECODE__ - Decode a string of hexadecimal characters into a
+-- binary.
+--
+-- __HTML_ENTITY_DECODE__ - Replace HTML-encoded characters with unencoded
+-- characters. @HTML_ENTITY_DECODE@ performs these operations:
+--
+-- -   Replaces @(ampersand)quot;@ with @\"@
+--
+-- -   Replaces @(ampersand)nbsp;@ with a non-breaking space, decimal 160
+--
+-- -   Replaces @(ampersand)lt;@ with a \"less than\" symbol
+--
+-- -   Replaces @(ampersand)gt;@ with @>@
+--
+-- -   Replaces characters that are represented in hexadecimal format,
+--     @(ampersand)#xhhhh;@, with the corresponding characters
+--
+-- -   Replaces characters that are represented in decimal format,
+--     @(ampersand)#nnnn;@, with the corresponding characters
+--
+-- __JS_DECODE__ - Decode JavaScript escape sequences. If a @\\@ @u@ @HHHH@
+-- code is in the full-width ASCII code range of @FF01-FF5E@, then the
+-- higher byte is used to detect and adjust the lower byte. If not, only
+-- the lower byte is used and the higher byte is zeroed, causing a possible
+-- loss of information.
+--
+-- __LOWERCASE__ - Convert uppercase letters (A-Z) to lowercase (a-z).
+--
+-- __MD5__ - Calculate an MD5 hash from the data in the input. The computed
+-- hash is in a raw binary form.
+--
+-- __NONE__ - Specify @NONE@ if you don\'t want any text transformations.
+--
+-- __NORMALIZE_PATH__ - Remove multiple slashes, directory self-references,
+-- and directory back-references that are not at the beginning of the input
+-- from an input string.
+--
+-- __NORMALIZE_PATH_WIN__ - This is the same as @NORMALIZE_PATH@, but first
+-- converts backslash characters to forward slashes.
+--
+-- __REMOVE_NULLS__ - Remove all @NULL@ bytes from the input.
+--
+-- __REPLACE_COMMENTS__ - Replace each occurrence of a C-style comment
+-- (@\/* ... *\/@) with a single space. Multiple consecutive occurrences
+-- are not compressed. Unterminated comments are also replaced with a space
+-- (ASCII 0x20). However, a standalone termination of a comment (@*\/@) is
+-- not acted upon.
+--
+-- __REPLACE_NULLS__ - Replace NULL bytes in the input with space
+-- characters (ASCII @0x20@).
+--
+-- __SQL_HEX_DECODE__ - Decode SQL hex data. Example (@0x414243@) will be
+-- decoded to (@ABC@).
+--
+-- __URL_DECODE__ - Decode a URL-encoded value.
+--
+-- __URL_DECODE_UNI__ - Like @URL_DECODE@, but with support for
+-- Microsoft-specific @%u@ encoding. If the code is in the full-width ASCII
+-- code range of @FF01-FF5E@, the higher byte is used to detect and adjust
+-- the lower byte. Otherwise, only the lower byte is used and the higher
+-- byte is zeroed.
+--
+-- __UTF8_TO_UNICODE__ - Convert all UTF-8 character sequences to Unicode.
+-- This helps input normalization, and minimizing false-positives and
+-- false-negatives for non-English languages.
+textTransformation_type :: Lens.Lens' TextTransformation TextTransformationType
+textTransformation_type = Lens.lens (\TextTransformation' {type'} -> type') (\s@TextTransformation' {} a -> s {type' = a} :: TextTransformation)
+
+instance Data.FromJSON TextTransformation where
+  parseJSON =
+    Data.withObject
+      "TextTransformation"
+      ( \x ->
+          TextTransformation'
+            Prelude.<$> (x Data..: "Priority")
+            Prelude.<*> (x Data..: "Type")
+      )
+
+instance Prelude.Hashable TextTransformation where
+  hashWithSalt _salt TextTransformation' {..} =
+    _salt
+      `Prelude.hashWithSalt` priority
+      `Prelude.hashWithSalt` type'
+
+instance Prelude.NFData TextTransformation where
+  rnf TextTransformation' {..} =
+    Prelude.rnf priority
+      `Prelude.seq` Prelude.rnf type'
+
+instance Data.ToJSON TextTransformation where
+  toJSON TextTransformation' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Priority" Data..= priority),
+            Prelude.Just ("Type" Data..= type')
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/TextTransformationType.hs b/gen/Amazonka/WAFV2/Types/TextTransformationType.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/TextTransformationType.hs
@@ -0,0 +1,166 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DerivingStrategies #-}
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE PatternSynonyms #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.TextTransformationType
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.TextTransformationType
+  ( TextTransformationType
+      ( ..,
+        TextTransformationType_BASE64_DECODE,
+        TextTransformationType_BASE64_DECODE_EXT,
+        TextTransformationType_CMD_LINE,
+        TextTransformationType_COMPRESS_WHITE_SPACE,
+        TextTransformationType_CSS_DECODE,
+        TextTransformationType_ESCAPE_SEQ_DECODE,
+        TextTransformationType_HEX_DECODE,
+        TextTransformationType_HTML_ENTITY_DECODE,
+        TextTransformationType_JS_DECODE,
+        TextTransformationType_LOWERCASE,
+        TextTransformationType_MD5,
+        TextTransformationType_NONE,
+        TextTransformationType_NORMALIZE_PATH,
+        TextTransformationType_NORMALIZE_PATH_WIN,
+        TextTransformationType_REMOVE_NULLS,
+        TextTransformationType_REPLACE_COMMENTS,
+        TextTransformationType_REPLACE_NULLS,
+        TextTransformationType_SQL_HEX_DECODE,
+        TextTransformationType_URL_DECODE,
+        TextTransformationType_URL_DECODE_UNI,
+        TextTransformationType_UTF8_TO_UNICODE
+      ),
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+newtype TextTransformationType = TextTransformationType'
+  { fromTextTransformationType ::
+      Data.Text
+  }
+  deriving stock
+    ( Prelude.Show,
+      Prelude.Read,
+      Prelude.Eq,
+      Prelude.Ord,
+      Prelude.Generic
+    )
+  deriving newtype
+    ( Prelude.Hashable,
+      Prelude.NFData,
+      Data.FromText,
+      Data.ToText,
+      Data.ToByteString,
+      Data.ToLog,
+      Data.ToHeader,
+      Data.ToQuery,
+      Data.FromJSON,
+      Data.FromJSONKey,
+      Data.ToJSON,
+      Data.ToJSONKey,
+      Data.FromXML,
+      Data.ToXML
+    )
+
+pattern TextTransformationType_BASE64_DECODE :: TextTransformationType
+pattern TextTransformationType_BASE64_DECODE = TextTransformationType' "BASE64_DECODE"
+
+pattern TextTransformationType_BASE64_DECODE_EXT :: TextTransformationType
+pattern TextTransformationType_BASE64_DECODE_EXT = TextTransformationType' "BASE64_DECODE_EXT"
+
+pattern TextTransformationType_CMD_LINE :: TextTransformationType
+pattern TextTransformationType_CMD_LINE = TextTransformationType' "CMD_LINE"
+
+pattern TextTransformationType_COMPRESS_WHITE_SPACE :: TextTransformationType
+pattern TextTransformationType_COMPRESS_WHITE_SPACE = TextTransformationType' "COMPRESS_WHITE_SPACE"
+
+pattern TextTransformationType_CSS_DECODE :: TextTransformationType
+pattern TextTransformationType_CSS_DECODE = TextTransformationType' "CSS_DECODE"
+
+pattern TextTransformationType_ESCAPE_SEQ_DECODE :: TextTransformationType
+pattern TextTransformationType_ESCAPE_SEQ_DECODE = TextTransformationType' "ESCAPE_SEQ_DECODE"
+
+pattern TextTransformationType_HEX_DECODE :: TextTransformationType
+pattern TextTransformationType_HEX_DECODE = TextTransformationType' "HEX_DECODE"
+
+pattern TextTransformationType_HTML_ENTITY_DECODE :: TextTransformationType
+pattern TextTransformationType_HTML_ENTITY_DECODE = TextTransformationType' "HTML_ENTITY_DECODE"
+
+pattern TextTransformationType_JS_DECODE :: TextTransformationType
+pattern TextTransformationType_JS_DECODE = TextTransformationType' "JS_DECODE"
+
+pattern TextTransformationType_LOWERCASE :: TextTransformationType
+pattern TextTransformationType_LOWERCASE = TextTransformationType' "LOWERCASE"
+
+pattern TextTransformationType_MD5 :: TextTransformationType
+pattern TextTransformationType_MD5 = TextTransformationType' "MD5"
+
+pattern TextTransformationType_NONE :: TextTransformationType
+pattern TextTransformationType_NONE = TextTransformationType' "NONE"
+
+pattern TextTransformationType_NORMALIZE_PATH :: TextTransformationType
+pattern TextTransformationType_NORMALIZE_PATH = TextTransformationType' "NORMALIZE_PATH"
+
+pattern TextTransformationType_NORMALIZE_PATH_WIN :: TextTransformationType
+pattern TextTransformationType_NORMALIZE_PATH_WIN = TextTransformationType' "NORMALIZE_PATH_WIN"
+
+pattern TextTransformationType_REMOVE_NULLS :: TextTransformationType
+pattern TextTransformationType_REMOVE_NULLS = TextTransformationType' "REMOVE_NULLS"
+
+pattern TextTransformationType_REPLACE_COMMENTS :: TextTransformationType
+pattern TextTransformationType_REPLACE_COMMENTS = TextTransformationType' "REPLACE_COMMENTS"
+
+pattern TextTransformationType_REPLACE_NULLS :: TextTransformationType
+pattern TextTransformationType_REPLACE_NULLS = TextTransformationType' "REPLACE_NULLS"
+
+pattern TextTransformationType_SQL_HEX_DECODE :: TextTransformationType
+pattern TextTransformationType_SQL_HEX_DECODE = TextTransformationType' "SQL_HEX_DECODE"
+
+pattern TextTransformationType_URL_DECODE :: TextTransformationType
+pattern TextTransformationType_URL_DECODE = TextTransformationType' "URL_DECODE"
+
+pattern TextTransformationType_URL_DECODE_UNI :: TextTransformationType
+pattern TextTransformationType_URL_DECODE_UNI = TextTransformationType' "URL_DECODE_UNI"
+
+pattern TextTransformationType_UTF8_TO_UNICODE :: TextTransformationType
+pattern TextTransformationType_UTF8_TO_UNICODE = TextTransformationType' "UTF8_TO_UNICODE"
+
+{-# COMPLETE
+  TextTransformationType_BASE64_DECODE,
+  TextTransformationType_BASE64_DECODE_EXT,
+  TextTransformationType_CMD_LINE,
+  TextTransformationType_COMPRESS_WHITE_SPACE,
+  TextTransformationType_CSS_DECODE,
+  TextTransformationType_ESCAPE_SEQ_DECODE,
+  TextTransformationType_HEX_DECODE,
+  TextTransformationType_HTML_ENTITY_DECODE,
+  TextTransformationType_JS_DECODE,
+  TextTransformationType_LOWERCASE,
+  TextTransformationType_MD5,
+  TextTransformationType_NONE,
+  TextTransformationType_NORMALIZE_PATH,
+  TextTransformationType_NORMALIZE_PATH_WIN,
+  TextTransformationType_REMOVE_NULLS,
+  TextTransformationType_REPLACE_COMMENTS,
+  TextTransformationType_REPLACE_NULLS,
+  TextTransformationType_SQL_HEX_DECODE,
+  TextTransformationType_URL_DECODE,
+  TextTransformationType_URL_DECODE_UNI,
+  TextTransformationType_UTF8_TO_UNICODE,
+  TextTransformationType'
+  #-}
diff --git a/gen/Amazonka/WAFV2/Types/TimeWindow.hs b/gen/Amazonka/WAFV2/Types/TimeWindow.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/TimeWindow.hs
@@ -0,0 +1,144 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.TimeWindow
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.TimeWindow where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | In a GetSampledRequests request, the @StartTime@ and @EndTime@ objects
+-- specify the time range for which you want WAF to return a sample of web
+-- requests.
+--
+-- You must specify the times in Coordinated Universal Time (UTC) format.
+-- UTC format includes the special designator, @Z@. For example,
+-- @\"2016-09-27T14:50Z\"@. You can specify any time range in the previous
+-- three hours.
+--
+-- In a GetSampledRequests response, the @StartTime@ and @EndTime@ objects
+-- specify the time range for which WAF actually returned a sample of web
+-- requests. WAF gets the specified number of requests from among the first
+-- 5,000 requests that your Amazon Web Services resource receives during
+-- the specified time period. If your resource receives more than 5,000
+-- requests during that period, WAF stops sampling after the 5,000th
+-- request. In that case, @EndTime@ is the time that WAF received the
+-- 5,000th request.
+--
+-- /See:/ 'newTimeWindow' smart constructor.
+data TimeWindow = TimeWindow'
+  { -- | The beginning of the time range from which you want @GetSampledRequests@
+    -- to return a sample of the requests that your Amazon Web Services
+    -- resource received. You must specify the times in Coordinated Universal
+    -- Time (UTC) format. UTC format includes the special designator, @Z@. For
+    -- example, @\"2016-09-27T14:50Z\"@. You can specify any time range in the
+    -- previous three hours.
+    startTime :: Data.POSIX,
+    -- | The end of the time range from which you want @GetSampledRequests@ to
+    -- return a sample of the requests that your Amazon Web Services resource
+    -- received. You must specify the times in Coordinated Universal Time (UTC)
+    -- format. UTC format includes the special designator, @Z@. For example,
+    -- @\"2016-09-27T14:50Z\"@. You can specify any time range in the previous
+    -- three hours.
+    endTime :: Data.POSIX
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'TimeWindow' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'startTime', 'timeWindow_startTime' - The beginning of the time range from which you want @GetSampledRequests@
+-- to return a sample of the requests that your Amazon Web Services
+-- resource received. You must specify the times in Coordinated Universal
+-- Time (UTC) format. UTC format includes the special designator, @Z@. For
+-- example, @\"2016-09-27T14:50Z\"@. You can specify any time range in the
+-- previous three hours.
+--
+-- 'endTime', 'timeWindow_endTime' - The end of the time range from which you want @GetSampledRequests@ to
+-- return a sample of the requests that your Amazon Web Services resource
+-- received. You must specify the times in Coordinated Universal Time (UTC)
+-- format. UTC format includes the special designator, @Z@. For example,
+-- @\"2016-09-27T14:50Z\"@. You can specify any time range in the previous
+-- three hours.
+newTimeWindow ::
+  -- | 'startTime'
+  Prelude.UTCTime ->
+  -- | 'endTime'
+  Prelude.UTCTime ->
+  TimeWindow
+newTimeWindow pStartTime_ pEndTime_ =
+  TimeWindow'
+    { startTime =
+        Data._Time Lens.# pStartTime_,
+      endTime = Data._Time Lens.# pEndTime_
+    }
+
+-- | The beginning of the time range from which you want @GetSampledRequests@
+-- to return a sample of the requests that your Amazon Web Services
+-- resource received. You must specify the times in Coordinated Universal
+-- Time (UTC) format. UTC format includes the special designator, @Z@. For
+-- example, @\"2016-09-27T14:50Z\"@. You can specify any time range in the
+-- previous three hours.
+timeWindow_startTime :: Lens.Lens' TimeWindow Prelude.UTCTime
+timeWindow_startTime = Lens.lens (\TimeWindow' {startTime} -> startTime) (\s@TimeWindow' {} a -> s {startTime = a} :: TimeWindow) Prelude.. Data._Time
+
+-- | The end of the time range from which you want @GetSampledRequests@ to
+-- return a sample of the requests that your Amazon Web Services resource
+-- received. You must specify the times in Coordinated Universal Time (UTC)
+-- format. UTC format includes the special designator, @Z@. For example,
+-- @\"2016-09-27T14:50Z\"@. You can specify any time range in the previous
+-- three hours.
+timeWindow_endTime :: Lens.Lens' TimeWindow Prelude.UTCTime
+timeWindow_endTime = Lens.lens (\TimeWindow' {endTime} -> endTime) (\s@TimeWindow' {} a -> s {endTime = a} :: TimeWindow) Prelude.. Data._Time
+
+instance Data.FromJSON TimeWindow where
+  parseJSON =
+    Data.withObject
+      "TimeWindow"
+      ( \x ->
+          TimeWindow'
+            Prelude.<$> (x Data..: "StartTime")
+            Prelude.<*> (x Data..: "EndTime")
+      )
+
+instance Prelude.Hashable TimeWindow where
+  hashWithSalt _salt TimeWindow' {..} =
+    _salt
+      `Prelude.hashWithSalt` startTime
+      `Prelude.hashWithSalt` endTime
+
+instance Prelude.NFData TimeWindow where
+  rnf TimeWindow' {..} =
+    Prelude.rnf startTime
+      `Prelude.seq` Prelude.rnf endTime
+
+instance Data.ToJSON TimeWindow where
+  toJSON TimeWindow' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("StartTime" Data..= startTime),
+            Prelude.Just ("EndTime" Data..= endTime)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/UriPath.hs b/gen/Amazonka/WAFV2/Types/UriPath.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/UriPath.hs
@@ -0,0 +1,64 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.UriPath
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.UriPath where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Inspect the path component of the URI of the web request. This is the
+-- part of the web request that identifies a resource. For example,
+-- @\/images\/daily-ad.jpg@.
+--
+-- This is used only in the FieldToMatch specification for some web request
+-- component types.
+--
+-- JSON specification: @\"UriPath\": {}@
+--
+-- /See:/ 'newUriPath' smart constructor.
+data UriPath = UriPath'
+  {
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UriPath' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+newUriPath ::
+  UriPath
+newUriPath = UriPath'
+
+instance Data.FromJSON UriPath where
+  parseJSON =
+    Data.withObject
+      "UriPath"
+      (\x -> Prelude.pure UriPath')
+
+instance Prelude.Hashable UriPath where
+  hashWithSalt _salt _ =
+    _salt `Prelude.hashWithSalt` ()
+
+instance Prelude.NFData UriPath where
+  rnf _ = ()
+
+instance Data.ToJSON UriPath where
+  toJSON = Prelude.const (Data.Object Prelude.mempty)
diff --git a/gen/Amazonka/WAFV2/Types/UsernameField.hs b/gen/Amazonka/WAFV2/Types/UsernameField.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/UsernameField.hs
@@ -0,0 +1,77 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.UsernameField
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.UsernameField where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Details about your login page username field, used in a
+-- @ManagedRuleGroupConfig@.
+--
+-- /See:/ 'newUsernameField' smart constructor.
+data UsernameField = UsernameField'
+  { -- | The name of the username field. For example @\/form\/username@.
+    identifier :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UsernameField' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'identifier', 'usernameField_identifier' - The name of the username field. For example @\/form\/username@.
+newUsernameField ::
+  -- | 'identifier'
+  Prelude.Text ->
+  UsernameField
+newUsernameField pIdentifier_ =
+  UsernameField' {identifier = pIdentifier_}
+
+-- | The name of the username field. For example @\/form\/username@.
+usernameField_identifier :: Lens.Lens' UsernameField Prelude.Text
+usernameField_identifier = Lens.lens (\UsernameField' {identifier} -> identifier) (\s@UsernameField' {} a -> s {identifier = a} :: UsernameField)
+
+instance Data.FromJSON UsernameField where
+  parseJSON =
+    Data.withObject
+      "UsernameField"
+      ( \x ->
+          UsernameField' Prelude.<$> (x Data..: "Identifier")
+      )
+
+instance Prelude.Hashable UsernameField where
+  hashWithSalt _salt UsernameField' {..} =
+    _salt `Prelude.hashWithSalt` identifier
+
+instance Prelude.NFData UsernameField where
+  rnf UsernameField' {..} = Prelude.rnf identifier
+
+instance Data.ToJSON UsernameField where
+  toJSON UsernameField' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [Prelude.Just ("Identifier" Data..= identifier)]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/VersionToPublish.hs b/gen/Amazonka/WAFV2/Types/VersionToPublish.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/VersionToPublish.hs
@@ -0,0 +1,102 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.VersionToPublish
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.VersionToPublish where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | A version of the named managed rule group, that the rule group\'s vendor
+-- publishes for use by customers.
+--
+-- This is intended for use only by vendors of managed rule sets. Vendors
+-- are Amazon Web Services and Amazon Web Services Marketplace sellers.
+--
+-- Vendors, you can use the managed rule set APIs to provide controlled
+-- rollout of your versioned managed rule group offerings for your
+-- customers. The APIs are @ListManagedRuleSets@, @GetManagedRuleSet@,
+-- @PutManagedRuleSetVersions@, and
+-- @UpdateManagedRuleSetVersionExpiryDate@.
+--
+-- /See:/ 'newVersionToPublish' smart constructor.
+data VersionToPublish = VersionToPublish'
+  { -- | The Amazon Resource Name (ARN) of the vendor\'s rule group that\'s used
+    -- in the published managed rule group version.
+    associatedRuleGroupArn :: Prelude.Maybe Prelude.Text,
+    -- | The amount of time the vendor expects this version of the managed rule
+    -- group to last, in days.
+    forecastedLifetime :: Prelude.Maybe Prelude.Natural
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'VersionToPublish' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'associatedRuleGroupArn', 'versionToPublish_associatedRuleGroupArn' - The Amazon Resource Name (ARN) of the vendor\'s rule group that\'s used
+-- in the published managed rule group version.
+--
+-- 'forecastedLifetime', 'versionToPublish_forecastedLifetime' - The amount of time the vendor expects this version of the managed rule
+-- group to last, in days.
+newVersionToPublish ::
+  VersionToPublish
+newVersionToPublish =
+  VersionToPublish'
+    { associatedRuleGroupArn =
+        Prelude.Nothing,
+      forecastedLifetime = Prelude.Nothing
+    }
+
+-- | The Amazon Resource Name (ARN) of the vendor\'s rule group that\'s used
+-- in the published managed rule group version.
+versionToPublish_associatedRuleGroupArn :: Lens.Lens' VersionToPublish (Prelude.Maybe Prelude.Text)
+versionToPublish_associatedRuleGroupArn = Lens.lens (\VersionToPublish' {associatedRuleGroupArn} -> associatedRuleGroupArn) (\s@VersionToPublish' {} a -> s {associatedRuleGroupArn = a} :: VersionToPublish)
+
+-- | The amount of time the vendor expects this version of the managed rule
+-- group to last, in days.
+versionToPublish_forecastedLifetime :: Lens.Lens' VersionToPublish (Prelude.Maybe Prelude.Natural)
+versionToPublish_forecastedLifetime = Lens.lens (\VersionToPublish' {forecastedLifetime} -> forecastedLifetime) (\s@VersionToPublish' {} a -> s {forecastedLifetime = a} :: VersionToPublish)
+
+instance Prelude.Hashable VersionToPublish where
+  hashWithSalt _salt VersionToPublish' {..} =
+    _salt
+      `Prelude.hashWithSalt` associatedRuleGroupArn
+      `Prelude.hashWithSalt` forecastedLifetime
+
+instance Prelude.NFData VersionToPublish where
+  rnf VersionToPublish' {..} =
+    Prelude.rnf associatedRuleGroupArn
+      `Prelude.seq` Prelude.rnf forecastedLifetime
+
+instance Data.ToJSON VersionToPublish where
+  toJSON VersionToPublish' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("AssociatedRuleGroupArn" Data..=)
+              Prelude.<$> associatedRuleGroupArn,
+            ("ForecastedLifetime" Data..=)
+              Prelude.<$> forecastedLifetime
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/VisibilityConfig.hs b/gen/Amazonka/WAFV2/Types/VisibilityConfig.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/VisibilityConfig.hs
@@ -0,0 +1,145 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.VisibilityConfig
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.VisibilityConfig where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+--
+-- /See:/ 'newVisibilityConfig' smart constructor.
+data VisibilityConfig = VisibilityConfig'
+  { -- | A boolean indicating whether WAF should store a sampling of the web
+    -- requests that match the rules. You can view the sampled requests through
+    -- the WAF console.
+    sampledRequestsEnabled :: Prelude.Bool,
+    -- | A boolean indicating whether the associated resource sends metrics to
+    -- Amazon CloudWatch. For the list of available metrics, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics WAF Metrics>.
+    cloudWatchMetricsEnabled :: Prelude.Bool,
+    -- | A name of the Amazon CloudWatch metric. The name can contain only the
+    -- characters: A-Z, a-z, 0-9, - (hyphen), and _ (underscore). The name can
+    -- be from one to 128 characters long. It can\'t contain whitespace or
+    -- metric names reserved for WAF, for example @All@ and @Default_Action@.
+    metricName :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'VisibilityConfig' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'sampledRequestsEnabled', 'visibilityConfig_sampledRequestsEnabled' - A boolean indicating whether WAF should store a sampling of the web
+-- requests that match the rules. You can view the sampled requests through
+-- the WAF console.
+--
+-- 'cloudWatchMetricsEnabled', 'visibilityConfig_cloudWatchMetricsEnabled' - A boolean indicating whether the associated resource sends metrics to
+-- Amazon CloudWatch. For the list of available metrics, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics WAF Metrics>.
+--
+-- 'metricName', 'visibilityConfig_metricName' - A name of the Amazon CloudWatch metric. The name can contain only the
+-- characters: A-Z, a-z, 0-9, - (hyphen), and _ (underscore). The name can
+-- be from one to 128 characters long. It can\'t contain whitespace or
+-- metric names reserved for WAF, for example @All@ and @Default_Action@.
+newVisibilityConfig ::
+  -- | 'sampledRequestsEnabled'
+  Prelude.Bool ->
+  -- | 'cloudWatchMetricsEnabled'
+  Prelude.Bool ->
+  -- | 'metricName'
+  Prelude.Text ->
+  VisibilityConfig
+newVisibilityConfig
+  pSampledRequestsEnabled_
+  pCloudWatchMetricsEnabled_
+  pMetricName_ =
+    VisibilityConfig'
+      { sampledRequestsEnabled =
+          pSampledRequestsEnabled_,
+        cloudWatchMetricsEnabled =
+          pCloudWatchMetricsEnabled_,
+        metricName = pMetricName_
+      }
+
+-- | A boolean indicating whether WAF should store a sampling of the web
+-- requests that match the rules. You can view the sampled requests through
+-- the WAF console.
+visibilityConfig_sampledRequestsEnabled :: Lens.Lens' VisibilityConfig Prelude.Bool
+visibilityConfig_sampledRequestsEnabled = Lens.lens (\VisibilityConfig' {sampledRequestsEnabled} -> sampledRequestsEnabled) (\s@VisibilityConfig' {} a -> s {sampledRequestsEnabled = a} :: VisibilityConfig)
+
+-- | A boolean indicating whether the associated resource sends metrics to
+-- Amazon CloudWatch. For the list of available metrics, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/monitoring-cloudwatch.html#waf-metrics WAF Metrics>.
+visibilityConfig_cloudWatchMetricsEnabled :: Lens.Lens' VisibilityConfig Prelude.Bool
+visibilityConfig_cloudWatchMetricsEnabled = Lens.lens (\VisibilityConfig' {cloudWatchMetricsEnabled} -> cloudWatchMetricsEnabled) (\s@VisibilityConfig' {} a -> s {cloudWatchMetricsEnabled = a} :: VisibilityConfig)
+
+-- | A name of the Amazon CloudWatch metric. The name can contain only the
+-- characters: A-Z, a-z, 0-9, - (hyphen), and _ (underscore). The name can
+-- be from one to 128 characters long. It can\'t contain whitespace or
+-- metric names reserved for WAF, for example @All@ and @Default_Action@.
+visibilityConfig_metricName :: Lens.Lens' VisibilityConfig Prelude.Text
+visibilityConfig_metricName = Lens.lens (\VisibilityConfig' {metricName} -> metricName) (\s@VisibilityConfig' {} a -> s {metricName = a} :: VisibilityConfig)
+
+instance Data.FromJSON VisibilityConfig where
+  parseJSON =
+    Data.withObject
+      "VisibilityConfig"
+      ( \x ->
+          VisibilityConfig'
+            Prelude.<$> (x Data..: "SampledRequestsEnabled")
+            Prelude.<*> (x Data..: "CloudWatchMetricsEnabled")
+            Prelude.<*> (x Data..: "MetricName")
+      )
+
+instance Prelude.Hashable VisibilityConfig where
+  hashWithSalt _salt VisibilityConfig' {..} =
+    _salt
+      `Prelude.hashWithSalt` sampledRequestsEnabled
+      `Prelude.hashWithSalt` cloudWatchMetricsEnabled
+      `Prelude.hashWithSalt` metricName
+
+instance Prelude.NFData VisibilityConfig where
+  rnf VisibilityConfig' {..} =
+    Prelude.rnf sampledRequestsEnabled
+      `Prelude.seq` Prelude.rnf cloudWatchMetricsEnabled
+      `Prelude.seq` Prelude.rnf metricName
+
+instance Data.ToJSON VisibilityConfig where
+  toJSON VisibilityConfig' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just
+              ( "SampledRequestsEnabled"
+                  Data..= sampledRequestsEnabled
+              ),
+            Prelude.Just
+              ( "CloudWatchMetricsEnabled"
+                  Data..= cloudWatchMetricsEnabled
+              ),
+            Prelude.Just ("MetricName" Data..= metricName)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/Types/WebACL.hs b/gen/Amazonka/WAFV2/Types/WebACL.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/WebACL.hs
@@ -0,0 +1,513 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.WebACL
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.WebACL where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.CaptchaConfig
+import Amazonka.WAFV2.Types.ChallengeConfig
+import Amazonka.WAFV2.Types.CustomResponseBody
+import Amazonka.WAFV2.Types.DefaultAction
+import Amazonka.WAFV2.Types.FirewallManagerRuleGroup
+import Amazonka.WAFV2.Types.Rule
+import Amazonka.WAFV2.Types.VisibilityConfig
+
+-- | A web ACL defines a collection of rules to use to inspect and control
+-- web requests. Each rule has an action defined (allow, block, or count)
+-- for requests that match the statement of the rule. In the web ACL, you
+-- assign a default action to take (allow, block) for any request that does
+-- not match any of the rules. The rules in a web ACL can be a combination
+-- of the types Rule, RuleGroup, and managed rule group. You can associate
+-- a web ACL with one or more Amazon Web Services resources to protect. The
+-- resources can be an Amazon CloudFront distribution, an Amazon API
+-- Gateway REST API, an Application Load Balancer, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- /See:/ 'newWebACL' smart constructor.
+data WebACL = WebACL'
+  { -- | The web ACL capacity units (WCUs) currently being used by this web ACL.
+    --
+    -- WAF uses WCUs to calculate and control the operating resources that are
+    -- used to run your rules, rule groups, and web ACLs. WAF calculates
+    -- capacity differently for each rule type, to reflect the relative cost of
+    -- each rule. Simple rules that cost little to run use fewer WCUs than more
+    -- complex rules that use more processing power. Rule group capacity is
+    -- fixed at creation, which helps users plan their web ACL WCU usage when
+    -- they use a rule group. The WCU limit for web ACLs is 1,500.
+    capacity :: Prelude.Maybe Prelude.Natural,
+    -- | Specifies how WAF should handle @CAPTCHA@ evaluations for rules that
+    -- don\'t have their own @CaptchaConfig@ settings. If you don\'t specify
+    -- this, WAF uses its default settings for @CaptchaConfig@.
+    captchaConfig :: Prelude.Maybe CaptchaConfig,
+    -- | Specifies how WAF should handle challenge evaluations for rules that
+    -- don\'t have their own @ChallengeConfig@ settings. If you don\'t specify
+    -- this, WAF uses its default settings for @ChallengeConfig@.
+    challengeConfig :: Prelude.Maybe ChallengeConfig,
+    -- | A map of custom response keys and content bodies. When you create a rule
+    -- with a block action, you can send a custom response to the web request.
+    -- You define these for the web ACL, and then use them in the rules and
+    -- default actions that you define in the web ACL.
+    --
+    -- For information about customizing web requests and responses, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+    -- in the
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+    --
+    -- For information about the limits on count and size for custom request
+    -- and response settings, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+    -- in the
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+    customResponseBodies :: Prelude.Maybe (Prelude.HashMap Prelude.Text CustomResponseBody),
+    -- | A description of the web ACL that helps with identification.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The label namespace prefix for this web ACL. All labels added by rules
+    -- in this web ACL have this prefix.
+    --
+    -- -   The syntax for the label namespace prefix for a web ACL is the
+    --     following:
+    --
+    --     @awswaf:\<account ID>:webacl:\<web ACL name>:@
+    --
+    -- -   When a rule with a label matches a web request, WAF adds the fully
+    --     qualified label to the request. A fully qualified label is made up
+    --     of the label namespace from the rule group or web ACL where the rule
+    --     is defined and the label from the rule, separated by a colon:
+    --
+    --     @\<label namespace>:\<label from rule>@
+    labelNamespace :: Prelude.Maybe Prelude.Text,
+    -- | Indicates whether this web ACL is managed by Firewall Manager. If true,
+    -- then only Firewall Manager can delete the web ACL or any Firewall
+    -- Manager rule groups in the web ACL.
+    managedByFirewallManager :: Prelude.Maybe Prelude.Bool,
+    -- | The last set of rules for WAF to process in the web ACL. This is defined
+    -- in an Firewall Manager WAF policy and contains only rule group
+    -- references. You can\'t alter these. Any rules and rule groups that you
+    -- define for the web ACL are prioritized before these.
+    --
+    -- In the Firewall Manager WAF policy, the Firewall Manager administrator
+    -- can define a set of rule groups to run first in the web ACL and a set of
+    -- rule groups to run last. Within each set, the administrator prioritizes
+    -- the rule groups, to determine their relative processing order.
+    postProcessFirewallManagerRuleGroups :: Prelude.Maybe [FirewallManagerRuleGroup],
+    -- | The first set of rules for WAF to process in the web ACL. This is
+    -- defined in an Firewall Manager WAF policy and contains only rule group
+    -- references. You can\'t alter these. Any rules and rule groups that you
+    -- define for the web ACL are prioritized after these.
+    --
+    -- In the Firewall Manager WAF policy, the Firewall Manager administrator
+    -- can define a set of rule groups to run first in the web ACL and a set of
+    -- rule groups to run last. Within each set, the administrator prioritizes
+    -- the rule groups, to determine their relative processing order.
+    preProcessFirewallManagerRuleGroups :: Prelude.Maybe [FirewallManagerRuleGroup],
+    -- | The Rule statements used to identify the web requests that you want to
+    -- allow, block, or count. Each rule includes one top-level statement that
+    -- WAF uses to identify matching web requests, and parameters that govern
+    -- how WAF handles them.
+    rules :: Prelude.Maybe [Rule],
+    -- | Specifies the domains that WAF should accept in a web request token.
+    -- This enables the use of tokens across multiple protected websites. When
+    -- WAF provides a token, it uses the domain of the Amazon Web Services
+    -- resource that the web ACL is protecting. If you don\'t specify a list of
+    -- token domains, WAF accepts tokens only for the domain of the protected
+    -- resource. With a token domain list, WAF accepts the resource\'s host
+    -- domain plus all domains in the token domain list, including their
+    -- prefixed subdomains.
+    tokenDomains :: Prelude.Maybe (Prelude.NonEmpty Prelude.Text),
+    -- | The name of the web ACL. You cannot change the name of a web ACL after
+    -- you create it.
+    name :: Prelude.Text,
+    -- | A unique identifier for the @WebACL@. This ID is returned in the
+    -- responses to create and list commands. You use this ID to do things like
+    -- get, update, and delete a @WebACL@.
+    id :: Prelude.Text,
+    -- | The Amazon Resource Name (ARN) of the web ACL that you want to associate
+    -- with the resource.
+    arn :: Prelude.Text,
+    -- | The action to perform if none of the @Rules@ contained in the @WebACL@
+    -- match.
+    defaultAction :: DefaultAction,
+    -- | Defines and enables Amazon CloudWatch metrics and web request sample
+    -- collection.
+    visibilityConfig :: VisibilityConfig
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'WebACL' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'capacity', 'webACL_capacity' - The web ACL capacity units (WCUs) currently being used by this web ACL.
+--
+-- WAF uses WCUs to calculate and control the operating resources that are
+-- used to run your rules, rule groups, and web ACLs. WAF calculates
+-- capacity differently for each rule type, to reflect the relative cost of
+-- each rule. Simple rules that cost little to run use fewer WCUs than more
+-- complex rules that use more processing power. Rule group capacity is
+-- fixed at creation, which helps users plan their web ACL WCU usage when
+-- they use a rule group. The WCU limit for web ACLs is 1,500.
+--
+-- 'captchaConfig', 'webACL_captchaConfig' - Specifies how WAF should handle @CAPTCHA@ evaluations for rules that
+-- don\'t have their own @CaptchaConfig@ settings. If you don\'t specify
+-- this, WAF uses its default settings for @CaptchaConfig@.
+--
+-- 'challengeConfig', 'webACL_challengeConfig' - Specifies how WAF should handle challenge evaluations for rules that
+-- don\'t have their own @ChallengeConfig@ settings. If you don\'t specify
+-- this, WAF uses its default settings for @ChallengeConfig@.
+--
+-- 'customResponseBodies', 'webACL_customResponseBodies' - A map of custom response keys and content bodies. When you create a rule
+-- with a block action, you can send a custom response to the web request.
+-- You define these for the web ACL, and then use them in the rules and
+-- default actions that you define in the web ACL.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- For information about the limits on count and size for custom request
+-- and response settings, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- 'description', 'webACL_description' - A description of the web ACL that helps with identification.
+--
+-- 'labelNamespace', 'webACL_labelNamespace' - The label namespace prefix for this web ACL. All labels added by rules
+-- in this web ACL have this prefix.
+--
+-- -   The syntax for the label namespace prefix for a web ACL is the
+--     following:
+--
+--     @awswaf:\<account ID>:webacl:\<web ACL name>:@
+--
+-- -   When a rule with a label matches a web request, WAF adds the fully
+--     qualified label to the request. A fully qualified label is made up
+--     of the label namespace from the rule group or web ACL where the rule
+--     is defined and the label from the rule, separated by a colon:
+--
+--     @\<label namespace>:\<label from rule>@
+--
+-- 'managedByFirewallManager', 'webACL_managedByFirewallManager' - Indicates whether this web ACL is managed by Firewall Manager. If true,
+-- then only Firewall Manager can delete the web ACL or any Firewall
+-- Manager rule groups in the web ACL.
+--
+-- 'postProcessFirewallManagerRuleGroups', 'webACL_postProcessFirewallManagerRuleGroups' - The last set of rules for WAF to process in the web ACL. This is defined
+-- in an Firewall Manager WAF policy and contains only rule group
+-- references. You can\'t alter these. Any rules and rule groups that you
+-- define for the web ACL are prioritized before these.
+--
+-- In the Firewall Manager WAF policy, the Firewall Manager administrator
+-- can define a set of rule groups to run first in the web ACL and a set of
+-- rule groups to run last. Within each set, the administrator prioritizes
+-- the rule groups, to determine their relative processing order.
+--
+-- 'preProcessFirewallManagerRuleGroups', 'webACL_preProcessFirewallManagerRuleGroups' - The first set of rules for WAF to process in the web ACL. This is
+-- defined in an Firewall Manager WAF policy and contains only rule group
+-- references. You can\'t alter these. Any rules and rule groups that you
+-- define for the web ACL are prioritized after these.
+--
+-- In the Firewall Manager WAF policy, the Firewall Manager administrator
+-- can define a set of rule groups to run first in the web ACL and a set of
+-- rule groups to run last. Within each set, the administrator prioritizes
+-- the rule groups, to determine their relative processing order.
+--
+-- 'rules', 'webACL_rules' - The Rule statements used to identify the web requests that you want to
+-- allow, block, or count. Each rule includes one top-level statement that
+-- WAF uses to identify matching web requests, and parameters that govern
+-- how WAF handles them.
+--
+-- 'tokenDomains', 'webACL_tokenDomains' - Specifies the domains that WAF should accept in a web request token.
+-- This enables the use of tokens across multiple protected websites. When
+-- WAF provides a token, it uses the domain of the Amazon Web Services
+-- resource that the web ACL is protecting. If you don\'t specify a list of
+-- token domains, WAF accepts tokens only for the domain of the protected
+-- resource. With a token domain list, WAF accepts the resource\'s host
+-- domain plus all domains in the token domain list, including their
+-- prefixed subdomains.
+--
+-- 'name', 'webACL_name' - The name of the web ACL. You cannot change the name of a web ACL after
+-- you create it.
+--
+-- 'id', 'webACL_id' - A unique identifier for the @WebACL@. This ID is returned in the
+-- responses to create and list commands. You use this ID to do things like
+-- get, update, and delete a @WebACL@.
+--
+-- 'arn', 'webACL_arn' - The Amazon Resource Name (ARN) of the web ACL that you want to associate
+-- with the resource.
+--
+-- 'defaultAction', 'webACL_defaultAction' - The action to perform if none of the @Rules@ contained in the @WebACL@
+-- match.
+--
+-- 'visibilityConfig', 'webACL_visibilityConfig' - Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+newWebACL ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'arn'
+  Prelude.Text ->
+  -- | 'defaultAction'
+  DefaultAction ->
+  -- | 'visibilityConfig'
+  VisibilityConfig ->
+  WebACL
+newWebACL
+  pName_
+  pId_
+  pARN_
+  pDefaultAction_
+  pVisibilityConfig_ =
+    WebACL'
+      { capacity = Prelude.Nothing,
+        captchaConfig = Prelude.Nothing,
+        challengeConfig = Prelude.Nothing,
+        customResponseBodies = Prelude.Nothing,
+        description = Prelude.Nothing,
+        labelNamespace = Prelude.Nothing,
+        managedByFirewallManager = Prelude.Nothing,
+        postProcessFirewallManagerRuleGroups =
+          Prelude.Nothing,
+        preProcessFirewallManagerRuleGroups =
+          Prelude.Nothing,
+        rules = Prelude.Nothing,
+        tokenDomains = Prelude.Nothing,
+        name = pName_,
+        id = pId_,
+        arn = pARN_,
+        defaultAction = pDefaultAction_,
+        visibilityConfig = pVisibilityConfig_
+      }
+
+-- | The web ACL capacity units (WCUs) currently being used by this web ACL.
+--
+-- WAF uses WCUs to calculate and control the operating resources that are
+-- used to run your rules, rule groups, and web ACLs. WAF calculates
+-- capacity differently for each rule type, to reflect the relative cost of
+-- each rule. Simple rules that cost little to run use fewer WCUs than more
+-- complex rules that use more processing power. Rule group capacity is
+-- fixed at creation, which helps users plan their web ACL WCU usage when
+-- they use a rule group. The WCU limit for web ACLs is 1,500.
+webACL_capacity :: Lens.Lens' WebACL (Prelude.Maybe Prelude.Natural)
+webACL_capacity = Lens.lens (\WebACL' {capacity} -> capacity) (\s@WebACL' {} a -> s {capacity = a} :: WebACL)
+
+-- | Specifies how WAF should handle @CAPTCHA@ evaluations for rules that
+-- don\'t have their own @CaptchaConfig@ settings. If you don\'t specify
+-- this, WAF uses its default settings for @CaptchaConfig@.
+webACL_captchaConfig :: Lens.Lens' WebACL (Prelude.Maybe CaptchaConfig)
+webACL_captchaConfig = Lens.lens (\WebACL' {captchaConfig} -> captchaConfig) (\s@WebACL' {} a -> s {captchaConfig = a} :: WebACL)
+
+-- | Specifies how WAF should handle challenge evaluations for rules that
+-- don\'t have their own @ChallengeConfig@ settings. If you don\'t specify
+-- this, WAF uses its default settings for @ChallengeConfig@.
+webACL_challengeConfig :: Lens.Lens' WebACL (Prelude.Maybe ChallengeConfig)
+webACL_challengeConfig = Lens.lens (\WebACL' {challengeConfig} -> challengeConfig) (\s@WebACL' {} a -> s {challengeConfig = a} :: WebACL)
+
+-- | A map of custom response keys and content bodies. When you create a rule
+-- with a block action, you can send a custom response to the web request.
+-- You define these for the web ACL, and then use them in the rules and
+-- default actions that you define in the web ACL.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- For information about the limits on count and size for custom request
+-- and response settings, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+webACL_customResponseBodies :: Lens.Lens' WebACL (Prelude.Maybe (Prelude.HashMap Prelude.Text CustomResponseBody))
+webACL_customResponseBodies = Lens.lens (\WebACL' {customResponseBodies} -> customResponseBodies) (\s@WebACL' {} a -> s {customResponseBodies = a} :: WebACL) Prelude.. Lens.mapping Lens.coerced
+
+-- | A description of the web ACL that helps with identification.
+webACL_description :: Lens.Lens' WebACL (Prelude.Maybe Prelude.Text)
+webACL_description = Lens.lens (\WebACL' {description} -> description) (\s@WebACL' {} a -> s {description = a} :: WebACL)
+
+-- | The label namespace prefix for this web ACL. All labels added by rules
+-- in this web ACL have this prefix.
+--
+-- -   The syntax for the label namespace prefix for a web ACL is the
+--     following:
+--
+--     @awswaf:\<account ID>:webacl:\<web ACL name>:@
+--
+-- -   When a rule with a label matches a web request, WAF adds the fully
+--     qualified label to the request. A fully qualified label is made up
+--     of the label namespace from the rule group or web ACL where the rule
+--     is defined and the label from the rule, separated by a colon:
+--
+--     @\<label namespace>:\<label from rule>@
+webACL_labelNamespace :: Lens.Lens' WebACL (Prelude.Maybe Prelude.Text)
+webACL_labelNamespace = Lens.lens (\WebACL' {labelNamespace} -> labelNamespace) (\s@WebACL' {} a -> s {labelNamespace = a} :: WebACL)
+
+-- | Indicates whether this web ACL is managed by Firewall Manager. If true,
+-- then only Firewall Manager can delete the web ACL or any Firewall
+-- Manager rule groups in the web ACL.
+webACL_managedByFirewallManager :: Lens.Lens' WebACL (Prelude.Maybe Prelude.Bool)
+webACL_managedByFirewallManager = Lens.lens (\WebACL' {managedByFirewallManager} -> managedByFirewallManager) (\s@WebACL' {} a -> s {managedByFirewallManager = a} :: WebACL)
+
+-- | The last set of rules for WAF to process in the web ACL. This is defined
+-- in an Firewall Manager WAF policy and contains only rule group
+-- references. You can\'t alter these. Any rules and rule groups that you
+-- define for the web ACL are prioritized before these.
+--
+-- In the Firewall Manager WAF policy, the Firewall Manager administrator
+-- can define a set of rule groups to run first in the web ACL and a set of
+-- rule groups to run last. Within each set, the administrator prioritizes
+-- the rule groups, to determine their relative processing order.
+webACL_postProcessFirewallManagerRuleGroups :: Lens.Lens' WebACL (Prelude.Maybe [FirewallManagerRuleGroup])
+webACL_postProcessFirewallManagerRuleGroups = Lens.lens (\WebACL' {postProcessFirewallManagerRuleGroups} -> postProcessFirewallManagerRuleGroups) (\s@WebACL' {} a -> s {postProcessFirewallManagerRuleGroups = a} :: WebACL) Prelude.. Lens.mapping Lens.coerced
+
+-- | The first set of rules for WAF to process in the web ACL. This is
+-- defined in an Firewall Manager WAF policy and contains only rule group
+-- references. You can\'t alter these. Any rules and rule groups that you
+-- define for the web ACL are prioritized after these.
+--
+-- In the Firewall Manager WAF policy, the Firewall Manager administrator
+-- can define a set of rule groups to run first in the web ACL and a set of
+-- rule groups to run last. Within each set, the administrator prioritizes
+-- the rule groups, to determine their relative processing order.
+webACL_preProcessFirewallManagerRuleGroups :: Lens.Lens' WebACL (Prelude.Maybe [FirewallManagerRuleGroup])
+webACL_preProcessFirewallManagerRuleGroups = Lens.lens (\WebACL' {preProcessFirewallManagerRuleGroups} -> preProcessFirewallManagerRuleGroups) (\s@WebACL' {} a -> s {preProcessFirewallManagerRuleGroups = a} :: WebACL) Prelude.. Lens.mapping Lens.coerced
+
+-- | The Rule statements used to identify the web requests that you want to
+-- allow, block, or count. Each rule includes one top-level statement that
+-- WAF uses to identify matching web requests, and parameters that govern
+-- how WAF handles them.
+webACL_rules :: Lens.Lens' WebACL (Prelude.Maybe [Rule])
+webACL_rules = Lens.lens (\WebACL' {rules} -> rules) (\s@WebACL' {} a -> s {rules = a} :: WebACL) Prelude.. Lens.mapping Lens.coerced
+
+-- | Specifies the domains that WAF should accept in a web request token.
+-- This enables the use of tokens across multiple protected websites. When
+-- WAF provides a token, it uses the domain of the Amazon Web Services
+-- resource that the web ACL is protecting. If you don\'t specify a list of
+-- token domains, WAF accepts tokens only for the domain of the protected
+-- resource. With a token domain list, WAF accepts the resource\'s host
+-- domain plus all domains in the token domain list, including their
+-- prefixed subdomains.
+webACL_tokenDomains :: Lens.Lens' WebACL (Prelude.Maybe (Prelude.NonEmpty Prelude.Text))
+webACL_tokenDomains = Lens.lens (\WebACL' {tokenDomains} -> tokenDomains) (\s@WebACL' {} a -> s {tokenDomains = a} :: WebACL) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the web ACL. You cannot change the name of a web ACL after
+-- you create it.
+webACL_name :: Lens.Lens' WebACL Prelude.Text
+webACL_name = Lens.lens (\WebACL' {name} -> name) (\s@WebACL' {} a -> s {name = a} :: WebACL)
+
+-- | A unique identifier for the @WebACL@. This ID is returned in the
+-- responses to create and list commands. You use this ID to do things like
+-- get, update, and delete a @WebACL@.
+webACL_id :: Lens.Lens' WebACL Prelude.Text
+webACL_id = Lens.lens (\WebACL' {id} -> id) (\s@WebACL' {} a -> s {id = a} :: WebACL)
+
+-- | The Amazon Resource Name (ARN) of the web ACL that you want to associate
+-- with the resource.
+webACL_arn :: Lens.Lens' WebACL Prelude.Text
+webACL_arn = Lens.lens (\WebACL' {arn} -> arn) (\s@WebACL' {} a -> s {arn = a} :: WebACL)
+
+-- | The action to perform if none of the @Rules@ contained in the @WebACL@
+-- match.
+webACL_defaultAction :: Lens.Lens' WebACL DefaultAction
+webACL_defaultAction = Lens.lens (\WebACL' {defaultAction} -> defaultAction) (\s@WebACL' {} a -> s {defaultAction = a} :: WebACL)
+
+-- | Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+webACL_visibilityConfig :: Lens.Lens' WebACL VisibilityConfig
+webACL_visibilityConfig = Lens.lens (\WebACL' {visibilityConfig} -> visibilityConfig) (\s@WebACL' {} a -> s {visibilityConfig = a} :: WebACL)
+
+instance Data.FromJSON WebACL where
+  parseJSON =
+    Data.withObject
+      "WebACL"
+      ( \x ->
+          WebACL'
+            Prelude.<$> (x Data..:? "Capacity")
+            Prelude.<*> (x Data..:? "CaptchaConfig")
+            Prelude.<*> (x Data..:? "ChallengeConfig")
+            Prelude.<*> ( x
+                            Data..:? "CustomResponseBodies"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "LabelNamespace")
+            Prelude.<*> (x Data..:? "ManagedByFirewallManager")
+            Prelude.<*> ( x
+                            Data..:? "PostProcessFirewallManagerRuleGroups"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> ( x
+                            Data..:? "PreProcessFirewallManagerRuleGroups"
+                            Data..!= Prelude.mempty
+                        )
+            Prelude.<*> (x Data..:? "Rules" Data..!= Prelude.mempty)
+            Prelude.<*> (x Data..:? "TokenDomains")
+            Prelude.<*> (x Data..: "Name")
+            Prelude.<*> (x Data..: "Id")
+            Prelude.<*> (x Data..: "ARN")
+            Prelude.<*> (x Data..: "DefaultAction")
+            Prelude.<*> (x Data..: "VisibilityConfig")
+      )
+
+instance Prelude.Hashable WebACL where
+  hashWithSalt _salt WebACL' {..} =
+    _salt
+      `Prelude.hashWithSalt` capacity
+      `Prelude.hashWithSalt` captchaConfig
+      `Prelude.hashWithSalt` challengeConfig
+      `Prelude.hashWithSalt` customResponseBodies
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` labelNamespace
+      `Prelude.hashWithSalt` managedByFirewallManager
+      `Prelude.hashWithSalt` postProcessFirewallManagerRuleGroups
+      `Prelude.hashWithSalt` preProcessFirewallManagerRuleGroups
+      `Prelude.hashWithSalt` rules
+      `Prelude.hashWithSalt` tokenDomains
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` defaultAction
+      `Prelude.hashWithSalt` visibilityConfig
+
+instance Prelude.NFData WebACL where
+  rnf WebACL' {..} =
+    Prelude.rnf capacity
+      `Prelude.seq` Prelude.rnf captchaConfig
+      `Prelude.seq` Prelude.rnf challengeConfig
+      `Prelude.seq` Prelude.rnf customResponseBodies
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf labelNamespace
+      `Prelude.seq` Prelude.rnf managedByFirewallManager
+      `Prelude.seq` Prelude.rnf postProcessFirewallManagerRuleGroups
+      `Prelude.seq` Prelude.rnf preProcessFirewallManagerRuleGroups
+      `Prelude.seq` Prelude.rnf rules
+      `Prelude.seq` Prelude.rnf tokenDomains
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf defaultAction
+      `Prelude.seq` Prelude.rnf visibilityConfig
diff --git a/gen/Amazonka/WAFV2/Types/WebACLSummary.hs b/gen/Amazonka/WAFV2/Types/WebACLSummary.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/WebACLSummary.hs
@@ -0,0 +1,153 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.WebACLSummary
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.WebACLSummary where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+
+-- | High-level information about a WebACL, returned by operations like
+-- create and list. This provides information like the ID, that you can use
+-- to retrieve and manage a @WebACL@, and the ARN, that you provide to
+-- operations like AssociateWebACL.
+--
+-- /See:/ 'newWebACLSummary' smart constructor.
+data WebACLSummary = WebACLSummary'
+  { -- | The Amazon Resource Name (ARN) of the entity.
+    arn :: Prelude.Maybe Prelude.Text,
+    -- | A description of the web ACL that helps with identification.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The unique identifier for the web ACL. This ID is returned in the
+    -- responses to create and list commands. You provide it to operations like
+    -- update and delete.
+    id :: Prelude.Maybe Prelude.Text,
+    -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    lockToken :: Prelude.Maybe Prelude.Text,
+    -- | The name of the web ACL. You cannot change the name of a web ACL after
+    -- you create it.
+    name :: Prelude.Maybe Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'WebACLSummary' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'arn', 'webACLSummary_arn' - The Amazon Resource Name (ARN) of the entity.
+--
+-- 'description', 'webACLSummary_description' - A description of the web ACL that helps with identification.
+--
+-- 'id', 'webACLSummary_id' - The unique identifier for the web ACL. This ID is returned in the
+-- responses to create and list commands. You provide it to operations like
+-- update and delete.
+--
+-- 'lockToken', 'webACLSummary_lockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+--
+-- 'name', 'webACLSummary_name' - The name of the web ACL. You cannot change the name of a web ACL after
+-- you create it.
+newWebACLSummary ::
+  WebACLSummary
+newWebACLSummary =
+  WebACLSummary'
+    { arn = Prelude.Nothing,
+      description = Prelude.Nothing,
+      id = Prelude.Nothing,
+      lockToken = Prelude.Nothing,
+      name = Prelude.Nothing
+    }
+
+-- | The Amazon Resource Name (ARN) of the entity.
+webACLSummary_arn :: Lens.Lens' WebACLSummary (Prelude.Maybe Prelude.Text)
+webACLSummary_arn = Lens.lens (\WebACLSummary' {arn} -> arn) (\s@WebACLSummary' {} a -> s {arn = a} :: WebACLSummary)
+
+-- | A description of the web ACL that helps with identification.
+webACLSummary_description :: Lens.Lens' WebACLSummary (Prelude.Maybe Prelude.Text)
+webACLSummary_description = Lens.lens (\WebACLSummary' {description} -> description) (\s@WebACLSummary' {} a -> s {description = a} :: WebACLSummary)
+
+-- | The unique identifier for the web ACL. This ID is returned in the
+-- responses to create and list commands. You provide it to operations like
+-- update and delete.
+webACLSummary_id :: Lens.Lens' WebACLSummary (Prelude.Maybe Prelude.Text)
+webACLSummary_id = Lens.lens (\WebACLSummary' {id} -> id) (\s@WebACLSummary' {} a -> s {id = a} :: WebACLSummary)
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+webACLSummary_lockToken :: Lens.Lens' WebACLSummary (Prelude.Maybe Prelude.Text)
+webACLSummary_lockToken = Lens.lens (\WebACLSummary' {lockToken} -> lockToken) (\s@WebACLSummary' {} a -> s {lockToken = a} :: WebACLSummary)
+
+-- | The name of the web ACL. You cannot change the name of a web ACL after
+-- you create it.
+webACLSummary_name :: Lens.Lens' WebACLSummary (Prelude.Maybe Prelude.Text)
+webACLSummary_name = Lens.lens (\WebACLSummary' {name} -> name) (\s@WebACLSummary' {} a -> s {name = a} :: WebACLSummary)
+
+instance Data.FromJSON WebACLSummary where
+  parseJSON =
+    Data.withObject
+      "WebACLSummary"
+      ( \x ->
+          WebACLSummary'
+            Prelude.<$> (x Data..:? "ARN")
+            Prelude.<*> (x Data..:? "Description")
+            Prelude.<*> (x Data..:? "Id")
+            Prelude.<*> (x Data..:? "LockToken")
+            Prelude.<*> (x Data..:? "Name")
+      )
+
+instance Prelude.Hashable WebACLSummary where
+  hashWithSalt _salt WebACLSummary' {..} =
+    _salt
+      `Prelude.hashWithSalt` arn
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` lockToken
+      `Prelude.hashWithSalt` name
+
+instance Prelude.NFData WebACLSummary where
+  rnf WebACLSummary' {..} =
+    Prelude.rnf arn
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf lockToken
+      `Prelude.seq` Prelude.rnf name
diff --git a/gen/Amazonka/WAFV2/Types/XssMatchStatement.hs b/gen/Amazonka/WAFV2/Types/XssMatchStatement.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Types/XssMatchStatement.hs
@@ -0,0 +1,121 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Types.XssMatchStatement
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Types.XssMatchStatement where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Types.FieldToMatch
+import Amazonka.WAFV2.Types.TextTransformation
+
+-- | A rule statement that inspects for cross-site scripting (XSS) attacks.
+-- In XSS attacks, the attacker uses vulnerabilities in a benign website as
+-- a vehicle to inject malicious client-site scripts into other legitimate
+-- web browsers.
+--
+-- /See:/ 'newXssMatchStatement' smart constructor.
+data XssMatchStatement = XssMatchStatement'
+  { -- | The part of the web request that you want WAF to inspect.
+    fieldToMatch :: FieldToMatch,
+    -- | Text transformations eliminate some of the unusual formatting that
+    -- attackers use in web requests in an effort to bypass detection. If you
+    -- specify one or more transformations in a rule statement, WAF performs
+    -- all transformations on the content of the request component identified
+    -- by @FieldToMatch@, starting from the lowest priority setting, before
+    -- inspecting the content for a match.
+    textTransformations :: Prelude.NonEmpty TextTransformation
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'XssMatchStatement' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'fieldToMatch', 'xssMatchStatement_fieldToMatch' - The part of the web request that you want WAF to inspect.
+--
+-- 'textTransformations', 'xssMatchStatement_textTransformations' - Text transformations eliminate some of the unusual formatting that
+-- attackers use in web requests in an effort to bypass detection. If you
+-- specify one or more transformations in a rule statement, WAF performs
+-- all transformations on the content of the request component identified
+-- by @FieldToMatch@, starting from the lowest priority setting, before
+-- inspecting the content for a match.
+newXssMatchStatement ::
+  -- | 'fieldToMatch'
+  FieldToMatch ->
+  -- | 'textTransformations'
+  Prelude.NonEmpty TextTransformation ->
+  XssMatchStatement
+newXssMatchStatement
+  pFieldToMatch_
+  pTextTransformations_ =
+    XssMatchStatement'
+      { fieldToMatch = pFieldToMatch_,
+        textTransformations =
+          Lens.coerced Lens.# pTextTransformations_
+      }
+
+-- | The part of the web request that you want WAF to inspect.
+xssMatchStatement_fieldToMatch :: Lens.Lens' XssMatchStatement FieldToMatch
+xssMatchStatement_fieldToMatch = Lens.lens (\XssMatchStatement' {fieldToMatch} -> fieldToMatch) (\s@XssMatchStatement' {} a -> s {fieldToMatch = a} :: XssMatchStatement)
+
+-- | Text transformations eliminate some of the unusual formatting that
+-- attackers use in web requests in an effort to bypass detection. If you
+-- specify one or more transformations in a rule statement, WAF performs
+-- all transformations on the content of the request component identified
+-- by @FieldToMatch@, starting from the lowest priority setting, before
+-- inspecting the content for a match.
+xssMatchStatement_textTransformations :: Lens.Lens' XssMatchStatement (Prelude.NonEmpty TextTransformation)
+xssMatchStatement_textTransformations = Lens.lens (\XssMatchStatement' {textTransformations} -> textTransformations) (\s@XssMatchStatement' {} a -> s {textTransformations = a} :: XssMatchStatement) Prelude.. Lens.coerced
+
+instance Data.FromJSON XssMatchStatement where
+  parseJSON =
+    Data.withObject
+      "XssMatchStatement"
+      ( \x ->
+          XssMatchStatement'
+            Prelude.<$> (x Data..: "FieldToMatch")
+            Prelude.<*> (x Data..: "TextTransformations")
+      )
+
+instance Prelude.Hashable XssMatchStatement where
+  hashWithSalt _salt XssMatchStatement' {..} =
+    _salt
+      `Prelude.hashWithSalt` fieldToMatch
+      `Prelude.hashWithSalt` textTransformations
+
+instance Prelude.NFData XssMatchStatement where
+  rnf XssMatchStatement' {..} =
+    Prelude.rnf fieldToMatch
+      `Prelude.seq` Prelude.rnf textTransformations
+
+instance Data.ToJSON XssMatchStatement where
+  toJSON XssMatchStatement' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("FieldToMatch" Data..= fieldToMatch),
+            Prelude.Just
+              ("TextTransformations" Data..= textTransformations)
+          ]
+      )
diff --git a/gen/Amazonka/WAFV2/UntagResource.hs b/gen/Amazonka/WAFV2/UntagResource.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/UntagResource.hs
@@ -0,0 +1,178 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.UntagResource
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Disassociates tags from an Amazon Web Services resource. Tags are
+-- key:value pairs that you can associate with Amazon Web Services
+-- resources. For example, the tag key might be \"customer\" and the tag
+-- value might be \"companyA.\" You can specify one or more tags to add to
+-- each container. You can add up to 50 tags to each Amazon Web Services
+-- resource.
+module Amazonka.WAFV2.UntagResource
+  ( -- * Creating a Request
+    UntagResource (..),
+    newUntagResource,
+
+    -- * Request Lenses
+    untagResource_resourceARN,
+    untagResource_tagKeys,
+
+    -- * Destructuring the Response
+    UntagResourceResponse (..),
+    newUntagResourceResponse,
+
+    -- * Response Lenses
+    untagResourceResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newUntagResource' smart constructor.
+data UntagResource = UntagResource'
+  { -- | The Amazon Resource Name (ARN) of the resource.
+    resourceARN :: Prelude.Text,
+    -- | An array of keys identifying the tags to disassociate from the resource.
+    tagKeys :: Prelude.NonEmpty Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UntagResource' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'resourceARN', 'untagResource_resourceARN' - The Amazon Resource Name (ARN) of the resource.
+--
+-- 'tagKeys', 'untagResource_tagKeys' - An array of keys identifying the tags to disassociate from the resource.
+newUntagResource ::
+  -- | 'resourceARN'
+  Prelude.Text ->
+  -- | 'tagKeys'
+  Prelude.NonEmpty Prelude.Text ->
+  UntagResource
+newUntagResource pResourceARN_ pTagKeys_ =
+  UntagResource'
+    { resourceARN = pResourceARN_,
+      tagKeys = Lens.coerced Lens.# pTagKeys_
+    }
+
+-- | The Amazon Resource Name (ARN) of the resource.
+untagResource_resourceARN :: Lens.Lens' UntagResource Prelude.Text
+untagResource_resourceARN = Lens.lens (\UntagResource' {resourceARN} -> resourceARN) (\s@UntagResource' {} a -> s {resourceARN = a} :: UntagResource)
+
+-- | An array of keys identifying the tags to disassociate from the resource.
+untagResource_tagKeys :: Lens.Lens' UntagResource (Prelude.NonEmpty Prelude.Text)
+untagResource_tagKeys = Lens.lens (\UntagResource' {tagKeys} -> tagKeys) (\s@UntagResource' {} a -> s {tagKeys = a} :: UntagResource) Prelude.. Lens.coerced
+
+instance Core.AWSRequest UntagResource where
+  type
+    AWSResponse UntagResource =
+      UntagResourceResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveEmpty
+      ( \s h x ->
+          UntagResourceResponse'
+            Prelude.<$> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UntagResource where
+  hashWithSalt _salt UntagResource' {..} =
+    _salt
+      `Prelude.hashWithSalt` resourceARN
+      `Prelude.hashWithSalt` tagKeys
+
+instance Prelude.NFData UntagResource where
+  rnf UntagResource' {..} =
+    Prelude.rnf resourceARN
+      `Prelude.seq` Prelude.rnf tagKeys
+
+instance Data.ToHeaders UntagResource where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.UntagResource" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UntagResource where
+  toJSON UntagResource' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("ResourceARN" Data..= resourceARN),
+            Prelude.Just ("TagKeys" Data..= tagKeys)
+          ]
+      )
+
+instance Data.ToPath UntagResource where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery UntagResource where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUntagResourceResponse' smart constructor.
+data UntagResourceResponse = UntagResourceResponse'
+  { -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UntagResourceResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'httpStatus', 'untagResourceResponse_httpStatus' - The response's http status code.
+newUntagResourceResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UntagResourceResponse
+newUntagResourceResponse pHttpStatus_ =
+  UntagResourceResponse' {httpStatus = pHttpStatus_}
+
+-- | The response's http status code.
+untagResourceResponse_httpStatus :: Lens.Lens' UntagResourceResponse Prelude.Int
+untagResourceResponse_httpStatus = Lens.lens (\UntagResourceResponse' {httpStatus} -> httpStatus) (\s@UntagResourceResponse' {} a -> s {httpStatus = a} :: UntagResourceResponse)
+
+instance Prelude.NFData UntagResourceResponse where
+  rnf UntagResourceResponse' {..} =
+    Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/UpdateIPSet.hs b/gen/Amazonka/WAFV2/UpdateIPSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/UpdateIPSet.hs
@@ -0,0 +1,436 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.UpdateIPSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the specified IPSet.
+--
+-- This operation completely replaces the mutable specifications that you
+-- already have for the IP set with the ones that you provide to this call.
+-- To modify the IP set, retrieve it by calling GetIPSet, update the
+-- settings as needed, and then provide the complete IP set specification
+-- to this call.
+--
+-- When you make changes to web ACLs or web ACL components, like rules and
+-- rule groups, WAF propagates the changes everywhere that the web ACL and
+-- its components are stored and used. Your changes are applied within
+-- seconds, but there might be a brief period of inconsistency when the
+-- changes have arrived in some places and not in others. So, for example,
+-- if you change a rule action setting, the action might be the old action
+-- in one area and the new action in another area. Or if you add an IP
+-- address to an IP set used in a blocking rule, the new address might
+-- briefly be blocked in one area while still allowed in another. This
+-- temporary inconsistency can occur when you first associate a web ACL
+-- with an Amazon Web Services resource and when you change a web ACL that
+-- is already associated with a resource. Generally, any inconsistencies of
+-- this type last only a few seconds.
+module Amazonka.WAFV2.UpdateIPSet
+  ( -- * Creating a Request
+    UpdateIPSet (..),
+    newUpdateIPSet,
+
+    -- * Request Lenses
+    updateIPSet_description,
+    updateIPSet_name,
+    updateIPSet_scope,
+    updateIPSet_id,
+    updateIPSet_addresses,
+    updateIPSet_lockToken,
+
+    -- * Destructuring the Response
+    UpdateIPSetResponse (..),
+    newUpdateIPSetResponse,
+
+    -- * Response Lenses
+    updateIPSetResponse_nextLockToken,
+    updateIPSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newUpdateIPSet' smart constructor.
+data UpdateIPSet = UpdateIPSet'
+  { -- | A description of the IP set that helps with identification.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The name of the IP set. You cannot change the name of an @IPSet@ after
+    -- you create it.
+    name :: Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope,
+    -- | A unique identifier for the set. This ID is returned in the responses to
+    -- create and list commands. You provide it to operations like update and
+    -- delete.
+    id :: Prelude.Text,
+    -- | Contains an array of strings that specifies zero or more IP addresses or
+    -- blocks of IP addresses. All addresses must be specified using Classless
+    -- Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6
+    -- CIDR ranges except for @\/0@.
+    --
+    -- Example address strings:
+    --
+    -- -   To configure WAF to allow, block, or count requests that originated
+    --     from the IP address 192.0.2.44, specify @192.0.2.44\/32@.
+    --
+    -- -   To configure WAF to allow, block, or count requests that originated
+    --     from IP addresses from 192.0.2.0 to 192.0.2.255, specify
+    --     @192.0.2.0\/24@.
+    --
+    -- -   To configure WAF to allow, block, or count requests that originated
+    --     from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify
+    --     @1111:0000:0000:0000:0000:0000:0000:0111\/128@.
+    --
+    -- -   To configure WAF to allow, block, or count requests that originated
+    --     from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to
+    --     1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
+    --     @1111:0000:0000:0000:0000:0000:0000:0000\/64@.
+    --
+    -- For more information about CIDR notation, see the Wikipedia entry
+    -- <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing Classless Inter-Domain Routing>.
+    --
+    -- Example JSON @Addresses@ specifications:
+    --
+    -- -   Empty array: @\"Addresses\": []@
+    --
+    -- -   Array with one address: @\"Addresses\": [\"192.0.2.44\/32\"]@
+    --
+    -- -   Array with three addresses:
+    --     @\"Addresses\": [\"192.0.2.44\/32\", \"192.0.2.0\/24\", \"192.0.0.0\/16\"]@
+    --
+    -- -   INVALID specification: @\"Addresses\": [\"\"]@ INVALID
+    addresses :: [Prelude.Text],
+    -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    lockToken :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateIPSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'description', 'updateIPSet_description' - A description of the IP set that helps with identification.
+--
+-- 'name', 'updateIPSet_name' - The name of the IP set. You cannot change the name of an @IPSet@ after
+-- you create it.
+--
+-- 'scope', 'updateIPSet_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+--
+-- 'id', 'updateIPSet_id' - A unique identifier for the set. This ID is returned in the responses to
+-- create and list commands. You provide it to operations like update and
+-- delete.
+--
+-- 'addresses', 'updateIPSet_addresses' - Contains an array of strings that specifies zero or more IP addresses or
+-- blocks of IP addresses. All addresses must be specified using Classless
+-- Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6
+-- CIDR ranges except for @\/0@.
+--
+-- Example address strings:
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from the IP address 192.0.2.44, specify @192.0.2.44\/32@.
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from IP addresses from 192.0.2.0 to 192.0.2.255, specify
+--     @192.0.2.0\/24@.
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify
+--     @1111:0000:0000:0000:0000:0000:0000:0111\/128@.
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to
+--     1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
+--     @1111:0000:0000:0000:0000:0000:0000:0000\/64@.
+--
+-- For more information about CIDR notation, see the Wikipedia entry
+-- <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing Classless Inter-Domain Routing>.
+--
+-- Example JSON @Addresses@ specifications:
+--
+-- -   Empty array: @\"Addresses\": []@
+--
+-- -   Array with one address: @\"Addresses\": [\"192.0.2.44\/32\"]@
+--
+-- -   Array with three addresses:
+--     @\"Addresses\": [\"192.0.2.44\/32\", \"192.0.2.0\/24\", \"192.0.0.0\/16\"]@
+--
+-- -   INVALID specification: @\"Addresses\": [\"\"]@ INVALID
+--
+-- 'lockToken', 'updateIPSet_lockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+newUpdateIPSet ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'scope'
+  Scope ->
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'lockToken'
+  Prelude.Text ->
+  UpdateIPSet
+newUpdateIPSet pName_ pScope_ pId_ pLockToken_ =
+  UpdateIPSet'
+    { description = Prelude.Nothing,
+      name = pName_,
+      scope = pScope_,
+      id = pId_,
+      addresses = Prelude.mempty,
+      lockToken = pLockToken_
+    }
+
+-- | A description of the IP set that helps with identification.
+updateIPSet_description :: Lens.Lens' UpdateIPSet (Prelude.Maybe Prelude.Text)
+updateIPSet_description = Lens.lens (\UpdateIPSet' {description} -> description) (\s@UpdateIPSet' {} a -> s {description = a} :: UpdateIPSet)
+
+-- | The name of the IP set. You cannot change the name of an @IPSet@ after
+-- you create it.
+updateIPSet_name :: Lens.Lens' UpdateIPSet Prelude.Text
+updateIPSet_name = Lens.lens (\UpdateIPSet' {name} -> name) (\s@UpdateIPSet' {} a -> s {name = a} :: UpdateIPSet)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+updateIPSet_scope :: Lens.Lens' UpdateIPSet Scope
+updateIPSet_scope = Lens.lens (\UpdateIPSet' {scope} -> scope) (\s@UpdateIPSet' {} a -> s {scope = a} :: UpdateIPSet)
+
+-- | A unique identifier for the set. This ID is returned in the responses to
+-- create and list commands. You provide it to operations like update and
+-- delete.
+updateIPSet_id :: Lens.Lens' UpdateIPSet Prelude.Text
+updateIPSet_id = Lens.lens (\UpdateIPSet' {id} -> id) (\s@UpdateIPSet' {} a -> s {id = a} :: UpdateIPSet)
+
+-- | Contains an array of strings that specifies zero or more IP addresses or
+-- blocks of IP addresses. All addresses must be specified using Classless
+-- Inter-Domain Routing (CIDR) notation. WAF supports all IPv4 and IPv6
+-- CIDR ranges except for @\/0@.
+--
+-- Example address strings:
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from the IP address 192.0.2.44, specify @192.0.2.44\/32@.
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from IP addresses from 192.0.2.0 to 192.0.2.255, specify
+--     @192.0.2.0\/24@.
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify
+--     @1111:0000:0000:0000:0000:0000:0000:0111\/128@.
+--
+-- -   To configure WAF to allow, block, or count requests that originated
+--     from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to
+--     1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
+--     @1111:0000:0000:0000:0000:0000:0000:0000\/64@.
+--
+-- For more information about CIDR notation, see the Wikipedia entry
+-- <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing Classless Inter-Domain Routing>.
+--
+-- Example JSON @Addresses@ specifications:
+--
+-- -   Empty array: @\"Addresses\": []@
+--
+-- -   Array with one address: @\"Addresses\": [\"192.0.2.44\/32\"]@
+--
+-- -   Array with three addresses:
+--     @\"Addresses\": [\"192.0.2.44\/32\", \"192.0.2.0\/24\", \"192.0.0.0\/16\"]@
+--
+-- -   INVALID specification: @\"Addresses\": [\"\"]@ INVALID
+updateIPSet_addresses :: Lens.Lens' UpdateIPSet [Prelude.Text]
+updateIPSet_addresses = Lens.lens (\UpdateIPSet' {addresses} -> addresses) (\s@UpdateIPSet' {} a -> s {addresses = a} :: UpdateIPSet) Prelude.. Lens.coerced
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+updateIPSet_lockToken :: Lens.Lens' UpdateIPSet Prelude.Text
+updateIPSet_lockToken = Lens.lens (\UpdateIPSet' {lockToken} -> lockToken) (\s@UpdateIPSet' {} a -> s {lockToken = a} :: UpdateIPSet)
+
+instance Core.AWSRequest UpdateIPSet where
+  type AWSResponse UpdateIPSet = UpdateIPSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          UpdateIPSetResponse'
+            Prelude.<$> (x Data..?> "NextLockToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateIPSet where
+  hashWithSalt _salt UpdateIPSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` scope
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` addresses
+      `Prelude.hashWithSalt` lockToken
+
+instance Prelude.NFData UpdateIPSet where
+  rnf UpdateIPSet' {..} =
+    Prelude.rnf description
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf scope
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf addresses
+      `Prelude.seq` Prelude.rnf lockToken
+
+instance Data.ToHeaders UpdateIPSet where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.UpdateIPSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateIPSet where
+  toJSON UpdateIPSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Description" Data..=) Prelude.<$> description,
+            Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Scope" Data..= scope),
+            Prelude.Just ("Id" Data..= id),
+            Prelude.Just ("Addresses" Data..= addresses),
+            Prelude.Just ("LockToken" Data..= lockToken)
+          ]
+      )
+
+instance Data.ToPath UpdateIPSet where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery UpdateIPSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateIPSetResponse' smart constructor.
+data UpdateIPSetResponse = UpdateIPSetResponse'
+  { -- | A token used for optimistic locking. WAF returns this token to your
+    -- @update@ requests. You use @NextLockToken@ in the same manner as you use
+    -- @LockToken@.
+    nextLockToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateIPSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextLockToken', 'updateIPSetResponse_nextLockToken' - A token used for optimistic locking. WAF returns this token to your
+-- @update@ requests. You use @NextLockToken@ in the same manner as you use
+-- @LockToken@.
+--
+-- 'httpStatus', 'updateIPSetResponse_httpStatus' - The response's http status code.
+newUpdateIPSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateIPSetResponse
+newUpdateIPSetResponse pHttpStatus_ =
+  UpdateIPSetResponse'
+    { nextLockToken =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A token used for optimistic locking. WAF returns this token to your
+-- @update@ requests. You use @NextLockToken@ in the same manner as you use
+-- @LockToken@.
+updateIPSetResponse_nextLockToken :: Lens.Lens' UpdateIPSetResponse (Prelude.Maybe Prelude.Text)
+updateIPSetResponse_nextLockToken = Lens.lens (\UpdateIPSetResponse' {nextLockToken} -> nextLockToken) (\s@UpdateIPSetResponse' {} a -> s {nextLockToken = a} :: UpdateIPSetResponse)
+
+-- | The response's http status code.
+updateIPSetResponse_httpStatus :: Lens.Lens' UpdateIPSetResponse Prelude.Int
+updateIPSetResponse_httpStatus = Lens.lens (\UpdateIPSetResponse' {httpStatus} -> httpStatus) (\s@UpdateIPSetResponse' {} a -> s {httpStatus = a} :: UpdateIPSetResponse)
+
+instance Prelude.NFData UpdateIPSetResponse where
+  rnf UpdateIPSetResponse' {..} =
+    Prelude.rnf nextLockToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/UpdateManagedRuleSetVersionExpiryDate.hs b/gen/Amazonka/WAFV2/UpdateManagedRuleSetVersionExpiryDate.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/UpdateManagedRuleSetVersionExpiryDate.hs
@@ -0,0 +1,440 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.UpdateManagedRuleSetVersionExpiryDate
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the expiration information for your managed rule set. Use this
+-- to initiate the expiration of a managed rule group version. After you
+-- initiate expiration for a version, WAF excludes it from the response to
+-- ListAvailableManagedRuleGroupVersions for the managed rule group.
+--
+-- This is intended for use only by vendors of managed rule sets. Vendors
+-- are Amazon Web Services and Amazon Web Services Marketplace sellers.
+--
+-- Vendors, you can use the managed rule set APIs to provide controlled
+-- rollout of your versioned managed rule group offerings for your
+-- customers. The APIs are @ListManagedRuleSets@, @GetManagedRuleSet@,
+-- @PutManagedRuleSetVersions@, and
+-- @UpdateManagedRuleSetVersionExpiryDate@.
+module Amazonka.WAFV2.UpdateManagedRuleSetVersionExpiryDate
+  ( -- * Creating a Request
+    UpdateManagedRuleSetVersionExpiryDate (..),
+    newUpdateManagedRuleSetVersionExpiryDate,
+
+    -- * Request Lenses
+    updateManagedRuleSetVersionExpiryDate_name,
+    updateManagedRuleSetVersionExpiryDate_scope,
+    updateManagedRuleSetVersionExpiryDate_id,
+    updateManagedRuleSetVersionExpiryDate_lockToken,
+    updateManagedRuleSetVersionExpiryDate_versionToExpire,
+    updateManagedRuleSetVersionExpiryDate_expiryTimestamp,
+
+    -- * Destructuring the Response
+    UpdateManagedRuleSetVersionExpiryDateResponse (..),
+    newUpdateManagedRuleSetVersionExpiryDateResponse,
+
+    -- * Response Lenses
+    updateManagedRuleSetVersionExpiryDateResponse_expiringVersion,
+    updateManagedRuleSetVersionExpiryDateResponse_expiryTimestamp,
+    updateManagedRuleSetVersionExpiryDateResponse_nextLockToken,
+    updateManagedRuleSetVersionExpiryDateResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newUpdateManagedRuleSetVersionExpiryDate' smart constructor.
+data UpdateManagedRuleSetVersionExpiryDate = UpdateManagedRuleSetVersionExpiryDate'
+  { -- | The name of the managed rule set. You use this, along with the rule set
+    -- ID, to identify the rule set.
+    --
+    -- This name is assigned to the corresponding managed rule group, which
+    -- your customers can access and use.
+    name :: Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope,
+    -- | A unique identifier for the managed rule set. The ID is returned in the
+    -- responses to commands like @list@. You provide it to operations like
+    -- @get@ and @update@.
+    id :: Prelude.Text,
+    -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    lockToken :: Prelude.Text,
+    -- | The version that you want to remove from your list of offerings for the
+    -- named managed rule group.
+    versionToExpire :: Prelude.Text,
+    -- | The time that you want the version to expire.
+    --
+    -- Times are in Coordinated Universal Time (UTC) format. UTC format
+    -- includes the special designator, Z. For example, \"2016-09-27T14:50Z\".
+    expiryTimestamp :: Data.POSIX
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateManagedRuleSetVersionExpiryDate' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'name', 'updateManagedRuleSetVersionExpiryDate_name' - The name of the managed rule set. You use this, along with the rule set
+-- ID, to identify the rule set.
+--
+-- This name is assigned to the corresponding managed rule group, which
+-- your customers can access and use.
+--
+-- 'scope', 'updateManagedRuleSetVersionExpiryDate_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+--
+-- 'id', 'updateManagedRuleSetVersionExpiryDate_id' - A unique identifier for the managed rule set. The ID is returned in the
+-- responses to commands like @list@. You provide it to operations like
+-- @get@ and @update@.
+--
+-- 'lockToken', 'updateManagedRuleSetVersionExpiryDate_lockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+--
+-- 'versionToExpire', 'updateManagedRuleSetVersionExpiryDate_versionToExpire' - The version that you want to remove from your list of offerings for the
+-- named managed rule group.
+--
+-- 'expiryTimestamp', 'updateManagedRuleSetVersionExpiryDate_expiryTimestamp' - The time that you want the version to expire.
+--
+-- Times are in Coordinated Universal Time (UTC) format. UTC format
+-- includes the special designator, Z. For example, \"2016-09-27T14:50Z\".
+newUpdateManagedRuleSetVersionExpiryDate ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'scope'
+  Scope ->
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'lockToken'
+  Prelude.Text ->
+  -- | 'versionToExpire'
+  Prelude.Text ->
+  -- | 'expiryTimestamp'
+  Prelude.UTCTime ->
+  UpdateManagedRuleSetVersionExpiryDate
+newUpdateManagedRuleSetVersionExpiryDate
+  pName_
+  pScope_
+  pId_
+  pLockToken_
+  pVersionToExpire_
+  pExpiryTimestamp_ =
+    UpdateManagedRuleSetVersionExpiryDate'
+      { name =
+          pName_,
+        scope = pScope_,
+        id = pId_,
+        lockToken = pLockToken_,
+        versionToExpire = pVersionToExpire_,
+        expiryTimestamp =
+          Data._Time
+            Lens.# pExpiryTimestamp_
+      }
+
+-- | The name of the managed rule set. You use this, along with the rule set
+-- ID, to identify the rule set.
+--
+-- This name is assigned to the corresponding managed rule group, which
+-- your customers can access and use.
+updateManagedRuleSetVersionExpiryDate_name :: Lens.Lens' UpdateManagedRuleSetVersionExpiryDate Prelude.Text
+updateManagedRuleSetVersionExpiryDate_name = Lens.lens (\UpdateManagedRuleSetVersionExpiryDate' {name} -> name) (\s@UpdateManagedRuleSetVersionExpiryDate' {} a -> s {name = a} :: UpdateManagedRuleSetVersionExpiryDate)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+updateManagedRuleSetVersionExpiryDate_scope :: Lens.Lens' UpdateManagedRuleSetVersionExpiryDate Scope
+updateManagedRuleSetVersionExpiryDate_scope = Lens.lens (\UpdateManagedRuleSetVersionExpiryDate' {scope} -> scope) (\s@UpdateManagedRuleSetVersionExpiryDate' {} a -> s {scope = a} :: UpdateManagedRuleSetVersionExpiryDate)
+
+-- | A unique identifier for the managed rule set. The ID is returned in the
+-- responses to commands like @list@. You provide it to operations like
+-- @get@ and @update@.
+updateManagedRuleSetVersionExpiryDate_id :: Lens.Lens' UpdateManagedRuleSetVersionExpiryDate Prelude.Text
+updateManagedRuleSetVersionExpiryDate_id = Lens.lens (\UpdateManagedRuleSetVersionExpiryDate' {id} -> id) (\s@UpdateManagedRuleSetVersionExpiryDate' {} a -> s {id = a} :: UpdateManagedRuleSetVersionExpiryDate)
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+updateManagedRuleSetVersionExpiryDate_lockToken :: Lens.Lens' UpdateManagedRuleSetVersionExpiryDate Prelude.Text
+updateManagedRuleSetVersionExpiryDate_lockToken = Lens.lens (\UpdateManagedRuleSetVersionExpiryDate' {lockToken} -> lockToken) (\s@UpdateManagedRuleSetVersionExpiryDate' {} a -> s {lockToken = a} :: UpdateManagedRuleSetVersionExpiryDate)
+
+-- | The version that you want to remove from your list of offerings for the
+-- named managed rule group.
+updateManagedRuleSetVersionExpiryDate_versionToExpire :: Lens.Lens' UpdateManagedRuleSetVersionExpiryDate Prelude.Text
+updateManagedRuleSetVersionExpiryDate_versionToExpire = Lens.lens (\UpdateManagedRuleSetVersionExpiryDate' {versionToExpire} -> versionToExpire) (\s@UpdateManagedRuleSetVersionExpiryDate' {} a -> s {versionToExpire = a} :: UpdateManagedRuleSetVersionExpiryDate)
+
+-- | The time that you want the version to expire.
+--
+-- Times are in Coordinated Universal Time (UTC) format. UTC format
+-- includes the special designator, Z. For example, \"2016-09-27T14:50Z\".
+updateManagedRuleSetVersionExpiryDate_expiryTimestamp :: Lens.Lens' UpdateManagedRuleSetVersionExpiryDate Prelude.UTCTime
+updateManagedRuleSetVersionExpiryDate_expiryTimestamp = Lens.lens (\UpdateManagedRuleSetVersionExpiryDate' {expiryTimestamp} -> expiryTimestamp) (\s@UpdateManagedRuleSetVersionExpiryDate' {} a -> s {expiryTimestamp = a} :: UpdateManagedRuleSetVersionExpiryDate) Prelude.. Data._Time
+
+instance
+  Core.AWSRequest
+    UpdateManagedRuleSetVersionExpiryDate
+  where
+  type
+    AWSResponse
+      UpdateManagedRuleSetVersionExpiryDate =
+      UpdateManagedRuleSetVersionExpiryDateResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          UpdateManagedRuleSetVersionExpiryDateResponse'
+            Prelude.<$> (x Data..?> "ExpiringVersion")
+            Prelude.<*> (x Data..?> "ExpiryTimestamp")
+            Prelude.<*> (x Data..?> "NextLockToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance
+  Prelude.Hashable
+    UpdateManagedRuleSetVersionExpiryDate
+  where
+  hashWithSalt
+    _salt
+    UpdateManagedRuleSetVersionExpiryDate' {..} =
+      _salt
+        `Prelude.hashWithSalt` name
+        `Prelude.hashWithSalt` scope
+        `Prelude.hashWithSalt` id
+        `Prelude.hashWithSalt` lockToken
+        `Prelude.hashWithSalt` versionToExpire
+        `Prelude.hashWithSalt` expiryTimestamp
+
+instance
+  Prelude.NFData
+    UpdateManagedRuleSetVersionExpiryDate
+  where
+  rnf UpdateManagedRuleSetVersionExpiryDate' {..} =
+    Prelude.rnf name
+      `Prelude.seq` Prelude.rnf scope
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf lockToken
+      `Prelude.seq` Prelude.rnf versionToExpire
+      `Prelude.seq` Prelude.rnf expiryTimestamp
+
+instance
+  Data.ToHeaders
+    UpdateManagedRuleSetVersionExpiryDate
+  where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.UpdateManagedRuleSetVersionExpiryDate" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance
+  Data.ToJSON
+    UpdateManagedRuleSetVersionExpiryDate
+  where
+  toJSON UpdateManagedRuleSetVersionExpiryDate' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Scope" Data..= scope),
+            Prelude.Just ("Id" Data..= id),
+            Prelude.Just ("LockToken" Data..= lockToken),
+            Prelude.Just
+              ("VersionToExpire" Data..= versionToExpire),
+            Prelude.Just
+              ("ExpiryTimestamp" Data..= expiryTimestamp)
+          ]
+      )
+
+instance
+  Data.ToPath
+    UpdateManagedRuleSetVersionExpiryDate
+  where
+  toPath = Prelude.const "/"
+
+instance
+  Data.ToQuery
+    UpdateManagedRuleSetVersionExpiryDate
+  where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateManagedRuleSetVersionExpiryDateResponse' smart constructor.
+data UpdateManagedRuleSetVersionExpiryDateResponse = UpdateManagedRuleSetVersionExpiryDateResponse'
+  { -- | The version that is set to expire.
+    expiringVersion :: Prelude.Maybe Prelude.Text,
+    -- | The time that the version will expire.
+    --
+    -- Times are in Coordinated Universal Time (UTC) format. UTC format
+    -- includes the special designator, Z. For example, \"2016-09-27T14:50Z\".
+    expiryTimestamp :: Prelude.Maybe Data.POSIX,
+    -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    nextLockToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateManagedRuleSetVersionExpiryDateResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'expiringVersion', 'updateManagedRuleSetVersionExpiryDateResponse_expiringVersion' - The version that is set to expire.
+--
+-- 'expiryTimestamp', 'updateManagedRuleSetVersionExpiryDateResponse_expiryTimestamp' - The time that the version will expire.
+--
+-- Times are in Coordinated Universal Time (UTC) format. UTC format
+-- includes the special designator, Z. For example, \"2016-09-27T14:50Z\".
+--
+-- 'nextLockToken', 'updateManagedRuleSetVersionExpiryDateResponse_nextLockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+--
+-- 'httpStatus', 'updateManagedRuleSetVersionExpiryDateResponse_httpStatus' - The response's http status code.
+newUpdateManagedRuleSetVersionExpiryDateResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateManagedRuleSetVersionExpiryDateResponse
+newUpdateManagedRuleSetVersionExpiryDateResponse
+  pHttpStatus_ =
+    UpdateManagedRuleSetVersionExpiryDateResponse'
+      { expiringVersion =
+          Prelude.Nothing,
+        expiryTimestamp =
+          Prelude.Nothing,
+        nextLockToken =
+          Prelude.Nothing,
+        httpStatus = pHttpStatus_
+      }
+
+-- | The version that is set to expire.
+updateManagedRuleSetVersionExpiryDateResponse_expiringVersion :: Lens.Lens' UpdateManagedRuleSetVersionExpiryDateResponse (Prelude.Maybe Prelude.Text)
+updateManagedRuleSetVersionExpiryDateResponse_expiringVersion = Lens.lens (\UpdateManagedRuleSetVersionExpiryDateResponse' {expiringVersion} -> expiringVersion) (\s@UpdateManagedRuleSetVersionExpiryDateResponse' {} a -> s {expiringVersion = a} :: UpdateManagedRuleSetVersionExpiryDateResponse)
+
+-- | The time that the version will expire.
+--
+-- Times are in Coordinated Universal Time (UTC) format. UTC format
+-- includes the special designator, Z. For example, \"2016-09-27T14:50Z\".
+updateManagedRuleSetVersionExpiryDateResponse_expiryTimestamp :: Lens.Lens' UpdateManagedRuleSetVersionExpiryDateResponse (Prelude.Maybe Prelude.UTCTime)
+updateManagedRuleSetVersionExpiryDateResponse_expiryTimestamp = Lens.lens (\UpdateManagedRuleSetVersionExpiryDateResponse' {expiryTimestamp} -> expiryTimestamp) (\s@UpdateManagedRuleSetVersionExpiryDateResponse' {} a -> s {expiryTimestamp = a} :: UpdateManagedRuleSetVersionExpiryDateResponse) Prelude.. Lens.mapping Data._Time
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+updateManagedRuleSetVersionExpiryDateResponse_nextLockToken :: Lens.Lens' UpdateManagedRuleSetVersionExpiryDateResponse (Prelude.Maybe Prelude.Text)
+updateManagedRuleSetVersionExpiryDateResponse_nextLockToken = Lens.lens (\UpdateManagedRuleSetVersionExpiryDateResponse' {nextLockToken} -> nextLockToken) (\s@UpdateManagedRuleSetVersionExpiryDateResponse' {} a -> s {nextLockToken = a} :: UpdateManagedRuleSetVersionExpiryDateResponse)
+
+-- | The response's http status code.
+updateManagedRuleSetVersionExpiryDateResponse_httpStatus :: Lens.Lens' UpdateManagedRuleSetVersionExpiryDateResponse Prelude.Int
+updateManagedRuleSetVersionExpiryDateResponse_httpStatus = Lens.lens (\UpdateManagedRuleSetVersionExpiryDateResponse' {httpStatus} -> httpStatus) (\s@UpdateManagedRuleSetVersionExpiryDateResponse' {} a -> s {httpStatus = a} :: UpdateManagedRuleSetVersionExpiryDateResponse)
+
+instance
+  Prelude.NFData
+    UpdateManagedRuleSetVersionExpiryDateResponse
+  where
+  rnf
+    UpdateManagedRuleSetVersionExpiryDateResponse' {..} =
+      Prelude.rnf expiringVersion
+        `Prelude.seq` Prelude.rnf expiryTimestamp
+        `Prelude.seq` Prelude.rnf nextLockToken
+        `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/UpdateRegexPatternSet.hs b/gen/Amazonka/WAFV2/UpdateRegexPatternSet.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/UpdateRegexPatternSet.hs
@@ -0,0 +1,339 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.UpdateRegexPatternSet
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the specified RegexPatternSet.
+--
+-- This operation completely replaces the mutable specifications that you
+-- already have for the regex pattern set with the ones that you provide to
+-- this call. To modify the regex pattern set, retrieve it by calling
+-- GetRegexPatternSet, update the settings as needed, and then provide the
+-- complete regex pattern set specification to this call.
+--
+-- When you make changes to web ACLs or web ACL components, like rules and
+-- rule groups, WAF propagates the changes everywhere that the web ACL and
+-- its components are stored and used. Your changes are applied within
+-- seconds, but there might be a brief period of inconsistency when the
+-- changes have arrived in some places and not in others. So, for example,
+-- if you change a rule action setting, the action might be the old action
+-- in one area and the new action in another area. Or if you add an IP
+-- address to an IP set used in a blocking rule, the new address might
+-- briefly be blocked in one area while still allowed in another. This
+-- temporary inconsistency can occur when you first associate a web ACL
+-- with an Amazon Web Services resource and when you change a web ACL that
+-- is already associated with a resource. Generally, any inconsistencies of
+-- this type last only a few seconds.
+module Amazonka.WAFV2.UpdateRegexPatternSet
+  ( -- * Creating a Request
+    UpdateRegexPatternSet (..),
+    newUpdateRegexPatternSet,
+
+    -- * Request Lenses
+    updateRegexPatternSet_description,
+    updateRegexPatternSet_name,
+    updateRegexPatternSet_scope,
+    updateRegexPatternSet_id,
+    updateRegexPatternSet_regularExpressionList,
+    updateRegexPatternSet_lockToken,
+
+    -- * Destructuring the Response
+    UpdateRegexPatternSetResponse (..),
+    newUpdateRegexPatternSetResponse,
+
+    -- * Response Lenses
+    updateRegexPatternSetResponse_nextLockToken,
+    updateRegexPatternSetResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newUpdateRegexPatternSet' smart constructor.
+data UpdateRegexPatternSet = UpdateRegexPatternSet'
+  { -- | A description of the set that helps with identification.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The name of the set. You cannot change the name after you create the
+    -- set.
+    name :: Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope,
+    -- | A unique identifier for the set. This ID is returned in the responses to
+    -- create and list commands. You provide it to operations like update and
+    -- delete.
+    id :: Prelude.Text,
+    regularExpressionList :: [Regex],
+    -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    lockToken :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateRegexPatternSet' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'description', 'updateRegexPatternSet_description' - A description of the set that helps with identification.
+--
+-- 'name', 'updateRegexPatternSet_name' - The name of the set. You cannot change the name after you create the
+-- set.
+--
+-- 'scope', 'updateRegexPatternSet_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+--
+-- 'id', 'updateRegexPatternSet_id' - A unique identifier for the set. This ID is returned in the responses to
+-- create and list commands. You provide it to operations like update and
+-- delete.
+--
+-- 'regularExpressionList', 'updateRegexPatternSet_regularExpressionList' -
+--
+-- 'lockToken', 'updateRegexPatternSet_lockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+newUpdateRegexPatternSet ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'scope'
+  Scope ->
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'lockToken'
+  Prelude.Text ->
+  UpdateRegexPatternSet
+newUpdateRegexPatternSet
+  pName_
+  pScope_
+  pId_
+  pLockToken_ =
+    UpdateRegexPatternSet'
+      { description =
+          Prelude.Nothing,
+        name = pName_,
+        scope = pScope_,
+        id = pId_,
+        regularExpressionList = Prelude.mempty,
+        lockToken = pLockToken_
+      }
+
+-- | A description of the set that helps with identification.
+updateRegexPatternSet_description :: Lens.Lens' UpdateRegexPatternSet (Prelude.Maybe Prelude.Text)
+updateRegexPatternSet_description = Lens.lens (\UpdateRegexPatternSet' {description} -> description) (\s@UpdateRegexPatternSet' {} a -> s {description = a} :: UpdateRegexPatternSet)
+
+-- | The name of the set. You cannot change the name after you create the
+-- set.
+updateRegexPatternSet_name :: Lens.Lens' UpdateRegexPatternSet Prelude.Text
+updateRegexPatternSet_name = Lens.lens (\UpdateRegexPatternSet' {name} -> name) (\s@UpdateRegexPatternSet' {} a -> s {name = a} :: UpdateRegexPatternSet)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+updateRegexPatternSet_scope :: Lens.Lens' UpdateRegexPatternSet Scope
+updateRegexPatternSet_scope = Lens.lens (\UpdateRegexPatternSet' {scope} -> scope) (\s@UpdateRegexPatternSet' {} a -> s {scope = a} :: UpdateRegexPatternSet)
+
+-- | A unique identifier for the set. This ID is returned in the responses to
+-- create and list commands. You provide it to operations like update and
+-- delete.
+updateRegexPatternSet_id :: Lens.Lens' UpdateRegexPatternSet Prelude.Text
+updateRegexPatternSet_id = Lens.lens (\UpdateRegexPatternSet' {id} -> id) (\s@UpdateRegexPatternSet' {} a -> s {id = a} :: UpdateRegexPatternSet)
+
+updateRegexPatternSet_regularExpressionList :: Lens.Lens' UpdateRegexPatternSet [Regex]
+updateRegexPatternSet_regularExpressionList = Lens.lens (\UpdateRegexPatternSet' {regularExpressionList} -> regularExpressionList) (\s@UpdateRegexPatternSet' {} a -> s {regularExpressionList = a} :: UpdateRegexPatternSet) Prelude.. Lens.coerced
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+updateRegexPatternSet_lockToken :: Lens.Lens' UpdateRegexPatternSet Prelude.Text
+updateRegexPatternSet_lockToken = Lens.lens (\UpdateRegexPatternSet' {lockToken} -> lockToken) (\s@UpdateRegexPatternSet' {} a -> s {lockToken = a} :: UpdateRegexPatternSet)
+
+instance Core.AWSRequest UpdateRegexPatternSet where
+  type
+    AWSResponse UpdateRegexPatternSet =
+      UpdateRegexPatternSetResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          UpdateRegexPatternSetResponse'
+            Prelude.<$> (x Data..?> "NextLockToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateRegexPatternSet where
+  hashWithSalt _salt UpdateRegexPatternSet' {..} =
+    _salt
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` scope
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` regularExpressionList
+      `Prelude.hashWithSalt` lockToken
+
+instance Prelude.NFData UpdateRegexPatternSet where
+  rnf UpdateRegexPatternSet' {..} =
+    Prelude.rnf description
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf scope
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf regularExpressionList
+      `Prelude.seq` Prelude.rnf lockToken
+
+instance Data.ToHeaders UpdateRegexPatternSet where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.UpdateRegexPatternSet" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateRegexPatternSet where
+  toJSON UpdateRegexPatternSet' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("Description" Data..=) Prelude.<$> description,
+            Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Scope" Data..= scope),
+            Prelude.Just ("Id" Data..= id),
+            Prelude.Just
+              ( "RegularExpressionList"
+                  Data..= regularExpressionList
+              ),
+            Prelude.Just ("LockToken" Data..= lockToken)
+          ]
+      )
+
+instance Data.ToPath UpdateRegexPatternSet where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery UpdateRegexPatternSet where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateRegexPatternSetResponse' smart constructor.
+data UpdateRegexPatternSetResponse = UpdateRegexPatternSetResponse'
+  { -- | A token used for optimistic locking. WAF returns this token to your
+    -- @update@ requests. You use @NextLockToken@ in the same manner as you use
+    -- @LockToken@.
+    nextLockToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateRegexPatternSetResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextLockToken', 'updateRegexPatternSetResponse_nextLockToken' - A token used for optimistic locking. WAF returns this token to your
+-- @update@ requests. You use @NextLockToken@ in the same manner as you use
+-- @LockToken@.
+--
+-- 'httpStatus', 'updateRegexPatternSetResponse_httpStatus' - The response's http status code.
+newUpdateRegexPatternSetResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateRegexPatternSetResponse
+newUpdateRegexPatternSetResponse pHttpStatus_ =
+  UpdateRegexPatternSetResponse'
+    { nextLockToken =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A token used for optimistic locking. WAF returns this token to your
+-- @update@ requests. You use @NextLockToken@ in the same manner as you use
+-- @LockToken@.
+updateRegexPatternSetResponse_nextLockToken :: Lens.Lens' UpdateRegexPatternSetResponse (Prelude.Maybe Prelude.Text)
+updateRegexPatternSetResponse_nextLockToken = Lens.lens (\UpdateRegexPatternSetResponse' {nextLockToken} -> nextLockToken) (\s@UpdateRegexPatternSetResponse' {} a -> s {nextLockToken = a} :: UpdateRegexPatternSetResponse)
+
+-- | The response's http status code.
+updateRegexPatternSetResponse_httpStatus :: Lens.Lens' UpdateRegexPatternSetResponse Prelude.Int
+updateRegexPatternSetResponse_httpStatus = Lens.lens (\UpdateRegexPatternSetResponse' {httpStatus} -> httpStatus) (\s@UpdateRegexPatternSetResponse' {} a -> s {httpStatus = a} :: UpdateRegexPatternSetResponse)
+
+instance Prelude.NFData UpdateRegexPatternSetResponse where
+  rnf UpdateRegexPatternSetResponse' {..} =
+    Prelude.rnf nextLockToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/UpdateRuleGroup.hs b/gen/Amazonka/WAFV2/UpdateRuleGroup.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/UpdateRuleGroup.hs
@@ -0,0 +1,429 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.UpdateRuleGroup
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the specified RuleGroup.
+--
+-- This operation completely replaces the mutable specifications that you
+-- already have for the rule group with the ones that you provide to this
+-- call. To modify the rule group, retrieve it by calling GetRuleGroup,
+-- update the settings as needed, and then provide the complete rule group
+-- specification to this call.
+--
+-- When you make changes to web ACLs or web ACL components, like rules and
+-- rule groups, WAF propagates the changes everywhere that the web ACL and
+-- its components are stored and used. Your changes are applied within
+-- seconds, but there might be a brief period of inconsistency when the
+-- changes have arrived in some places and not in others. So, for example,
+-- if you change a rule action setting, the action might be the old action
+-- in one area and the new action in another area. Or if you add an IP
+-- address to an IP set used in a blocking rule, the new address might
+-- briefly be blocked in one area while still allowed in another. This
+-- temporary inconsistency can occur when you first associate a web ACL
+-- with an Amazon Web Services resource and when you change a web ACL that
+-- is already associated with a resource. Generally, any inconsistencies of
+-- this type last only a few seconds.
+--
+-- A rule group defines a collection of rules to inspect and control web
+-- requests that you can use in a WebACL. When you create a rule group, you
+-- define an immutable capacity limit. If you update a rule group, you must
+-- stay within the capacity. This allows others to reuse the rule group
+-- with confidence in its capacity requirements.
+module Amazonka.WAFV2.UpdateRuleGroup
+  ( -- * Creating a Request
+    UpdateRuleGroup (..),
+    newUpdateRuleGroup,
+
+    -- * Request Lenses
+    updateRuleGroup_customResponseBodies,
+    updateRuleGroup_description,
+    updateRuleGroup_rules,
+    updateRuleGroup_name,
+    updateRuleGroup_scope,
+    updateRuleGroup_id,
+    updateRuleGroup_visibilityConfig,
+    updateRuleGroup_lockToken,
+
+    -- * Destructuring the Response
+    UpdateRuleGroupResponse (..),
+    newUpdateRuleGroupResponse,
+
+    -- * Response Lenses
+    updateRuleGroupResponse_nextLockToken,
+    updateRuleGroupResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newUpdateRuleGroup' smart constructor.
+data UpdateRuleGroup = UpdateRuleGroup'
+  { -- | A map of custom response keys and content bodies. When you create a rule
+    -- with a block action, you can send a custom response to the web request.
+    -- You define these for the rule group, and then use them in the rules that
+    -- you define in the rule group.
+    --
+    -- For information about customizing web requests and responses, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+    -- in the
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+    --
+    -- For information about the limits on count and size for custom request
+    -- and response settings, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+    -- in the
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+    customResponseBodies :: Prelude.Maybe (Prelude.HashMap Prelude.Text CustomResponseBody),
+    -- | A description of the rule group that helps with identification.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The Rule statements used to identify the web requests that you want to
+    -- allow, block, or count. Each rule includes one top-level statement that
+    -- WAF uses to identify matching web requests, and parameters that govern
+    -- how WAF handles them.
+    rules :: Prelude.Maybe [Rule],
+    -- | The name of the rule group. You cannot change the name of a rule group
+    -- after you create it.
+    name :: Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope,
+    -- | A unique identifier for the rule group. This ID is returned in the
+    -- responses to create and list commands. You provide it to operations like
+    -- update and delete.
+    id :: Prelude.Text,
+    -- | Defines and enables Amazon CloudWatch metrics and web request sample
+    -- collection.
+    visibilityConfig :: VisibilityConfig,
+    -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    lockToken :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateRuleGroup' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'customResponseBodies', 'updateRuleGroup_customResponseBodies' - A map of custom response keys and content bodies. When you create a rule
+-- with a block action, you can send a custom response to the web request.
+-- You define these for the rule group, and then use them in the rules that
+-- you define in the rule group.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- For information about the limits on count and size for custom request
+-- and response settings, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- 'description', 'updateRuleGroup_description' - A description of the rule group that helps with identification.
+--
+-- 'rules', 'updateRuleGroup_rules' - The Rule statements used to identify the web requests that you want to
+-- allow, block, or count. Each rule includes one top-level statement that
+-- WAF uses to identify matching web requests, and parameters that govern
+-- how WAF handles them.
+--
+-- 'name', 'updateRuleGroup_name' - The name of the rule group. You cannot change the name of a rule group
+-- after you create it.
+--
+-- 'scope', 'updateRuleGroup_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+--
+-- 'id', 'updateRuleGroup_id' - A unique identifier for the rule group. This ID is returned in the
+-- responses to create and list commands. You provide it to operations like
+-- update and delete.
+--
+-- 'visibilityConfig', 'updateRuleGroup_visibilityConfig' - Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+--
+-- 'lockToken', 'updateRuleGroup_lockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+newUpdateRuleGroup ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'scope'
+  Scope ->
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'visibilityConfig'
+  VisibilityConfig ->
+  -- | 'lockToken'
+  Prelude.Text ->
+  UpdateRuleGroup
+newUpdateRuleGroup
+  pName_
+  pScope_
+  pId_
+  pVisibilityConfig_
+  pLockToken_ =
+    UpdateRuleGroup'
+      { customResponseBodies =
+          Prelude.Nothing,
+        description = Prelude.Nothing,
+        rules = Prelude.Nothing,
+        name = pName_,
+        scope = pScope_,
+        id = pId_,
+        visibilityConfig = pVisibilityConfig_,
+        lockToken = pLockToken_
+      }
+
+-- | A map of custom response keys and content bodies. When you create a rule
+-- with a block action, you can send a custom response to the web request.
+-- You define these for the rule group, and then use them in the rules that
+-- you define in the rule group.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- For information about the limits on count and size for custom request
+-- and response settings, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+updateRuleGroup_customResponseBodies :: Lens.Lens' UpdateRuleGroup (Prelude.Maybe (Prelude.HashMap Prelude.Text CustomResponseBody))
+updateRuleGroup_customResponseBodies = Lens.lens (\UpdateRuleGroup' {customResponseBodies} -> customResponseBodies) (\s@UpdateRuleGroup' {} a -> s {customResponseBodies = a} :: UpdateRuleGroup) Prelude.. Lens.mapping Lens.coerced
+
+-- | A description of the rule group that helps with identification.
+updateRuleGroup_description :: Lens.Lens' UpdateRuleGroup (Prelude.Maybe Prelude.Text)
+updateRuleGroup_description = Lens.lens (\UpdateRuleGroup' {description} -> description) (\s@UpdateRuleGroup' {} a -> s {description = a} :: UpdateRuleGroup)
+
+-- | The Rule statements used to identify the web requests that you want to
+-- allow, block, or count. Each rule includes one top-level statement that
+-- WAF uses to identify matching web requests, and parameters that govern
+-- how WAF handles them.
+updateRuleGroup_rules :: Lens.Lens' UpdateRuleGroup (Prelude.Maybe [Rule])
+updateRuleGroup_rules = Lens.lens (\UpdateRuleGroup' {rules} -> rules) (\s@UpdateRuleGroup' {} a -> s {rules = a} :: UpdateRuleGroup) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the rule group. You cannot change the name of a rule group
+-- after you create it.
+updateRuleGroup_name :: Lens.Lens' UpdateRuleGroup Prelude.Text
+updateRuleGroup_name = Lens.lens (\UpdateRuleGroup' {name} -> name) (\s@UpdateRuleGroup' {} a -> s {name = a} :: UpdateRuleGroup)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+updateRuleGroup_scope :: Lens.Lens' UpdateRuleGroup Scope
+updateRuleGroup_scope = Lens.lens (\UpdateRuleGroup' {scope} -> scope) (\s@UpdateRuleGroup' {} a -> s {scope = a} :: UpdateRuleGroup)
+
+-- | A unique identifier for the rule group. This ID is returned in the
+-- responses to create and list commands. You provide it to operations like
+-- update and delete.
+updateRuleGroup_id :: Lens.Lens' UpdateRuleGroup Prelude.Text
+updateRuleGroup_id = Lens.lens (\UpdateRuleGroup' {id} -> id) (\s@UpdateRuleGroup' {} a -> s {id = a} :: UpdateRuleGroup)
+
+-- | Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+updateRuleGroup_visibilityConfig :: Lens.Lens' UpdateRuleGroup VisibilityConfig
+updateRuleGroup_visibilityConfig = Lens.lens (\UpdateRuleGroup' {visibilityConfig} -> visibilityConfig) (\s@UpdateRuleGroup' {} a -> s {visibilityConfig = a} :: UpdateRuleGroup)
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+updateRuleGroup_lockToken :: Lens.Lens' UpdateRuleGroup Prelude.Text
+updateRuleGroup_lockToken = Lens.lens (\UpdateRuleGroup' {lockToken} -> lockToken) (\s@UpdateRuleGroup' {} a -> s {lockToken = a} :: UpdateRuleGroup)
+
+instance Core.AWSRequest UpdateRuleGroup where
+  type
+    AWSResponse UpdateRuleGroup =
+      UpdateRuleGroupResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          UpdateRuleGroupResponse'
+            Prelude.<$> (x Data..?> "NextLockToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateRuleGroup where
+  hashWithSalt _salt UpdateRuleGroup' {..} =
+    _salt
+      `Prelude.hashWithSalt` customResponseBodies
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` rules
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` scope
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` visibilityConfig
+      `Prelude.hashWithSalt` lockToken
+
+instance Prelude.NFData UpdateRuleGroup where
+  rnf UpdateRuleGroup' {..} =
+    Prelude.rnf customResponseBodies
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf rules
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf scope
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf visibilityConfig
+      `Prelude.seq` Prelude.rnf lockToken
+
+instance Data.ToHeaders UpdateRuleGroup where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.UpdateRuleGroup" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateRuleGroup where
+  toJSON UpdateRuleGroup' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CustomResponseBodies" Data..=)
+              Prelude.<$> customResponseBodies,
+            ("Description" Data..=) Prelude.<$> description,
+            ("Rules" Data..=) Prelude.<$> rules,
+            Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Scope" Data..= scope),
+            Prelude.Just ("Id" Data..= id),
+            Prelude.Just
+              ("VisibilityConfig" Data..= visibilityConfig),
+            Prelude.Just ("LockToken" Data..= lockToken)
+          ]
+      )
+
+instance Data.ToPath UpdateRuleGroup where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery UpdateRuleGroup where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateRuleGroupResponse' smart constructor.
+data UpdateRuleGroupResponse = UpdateRuleGroupResponse'
+  { -- | A token used for optimistic locking. WAF returns this token to your
+    -- @update@ requests. You use @NextLockToken@ in the same manner as you use
+    -- @LockToken@.
+    nextLockToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateRuleGroupResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextLockToken', 'updateRuleGroupResponse_nextLockToken' - A token used for optimistic locking. WAF returns this token to your
+-- @update@ requests. You use @NextLockToken@ in the same manner as you use
+-- @LockToken@.
+--
+-- 'httpStatus', 'updateRuleGroupResponse_httpStatus' - The response's http status code.
+newUpdateRuleGroupResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateRuleGroupResponse
+newUpdateRuleGroupResponse pHttpStatus_ =
+  UpdateRuleGroupResponse'
+    { nextLockToken =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A token used for optimistic locking. WAF returns this token to your
+-- @update@ requests. You use @NextLockToken@ in the same manner as you use
+-- @LockToken@.
+updateRuleGroupResponse_nextLockToken :: Lens.Lens' UpdateRuleGroupResponse (Prelude.Maybe Prelude.Text)
+updateRuleGroupResponse_nextLockToken = Lens.lens (\UpdateRuleGroupResponse' {nextLockToken} -> nextLockToken) (\s@UpdateRuleGroupResponse' {} a -> s {nextLockToken = a} :: UpdateRuleGroupResponse)
+
+-- | The response's http status code.
+updateRuleGroupResponse_httpStatus :: Lens.Lens' UpdateRuleGroupResponse Prelude.Int
+updateRuleGroupResponse_httpStatus = Lens.lens (\UpdateRuleGroupResponse' {httpStatus} -> httpStatus) (\s@UpdateRuleGroupResponse' {} a -> s {httpStatus = a} :: UpdateRuleGroupResponse)
+
+instance Prelude.NFData UpdateRuleGroupResponse where
+  rnf UpdateRuleGroupResponse' {..} =
+    Prelude.rnf nextLockToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/UpdateWebACL.hs b/gen/Amazonka/WAFV2/UpdateWebACL.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/UpdateWebACL.hs
@@ -0,0 +1,543 @@
+{-# LANGUAGE DeriveGeneric #-}
+{-# LANGUAGE DuplicateRecordFields #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE RecordWildCards #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-binds #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+{-# OPTIONS_GHC -fno-warn-unused-matches #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.UpdateWebACL
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+--
+-- Updates the specified WebACL. While updating a web ACL, WAF provides
+-- continuous coverage to the resources that you have associated with the
+-- web ACL.
+--
+-- When you make changes to web ACLs or web ACL components, like rules and
+-- rule groups, WAF propagates the changes everywhere that the web ACL and
+-- its components are stored and used. Your changes are applied within
+-- seconds, but there might be a brief period of inconsistency when the
+-- changes have arrived in some places and not in others. So, for example,
+-- if you change a rule action setting, the action might be the old action
+-- in one area and the new action in another area. Or if you add an IP
+-- address to an IP set used in a blocking rule, the new address might
+-- briefly be blocked in one area while still allowed in another. This
+-- temporary inconsistency can occur when you first associate a web ACL
+-- with an Amazon Web Services resource and when you change a web ACL that
+-- is already associated with a resource. Generally, any inconsistencies of
+-- this type last only a few seconds.
+--
+-- This operation completely replaces the mutable specifications that you
+-- already have for the web ACL with the ones that you provide to this
+-- call. To modify the web ACL, retrieve it by calling GetWebACL, update
+-- the settings as needed, and then provide the complete web ACL
+-- specification to this call.
+--
+-- A web ACL defines a collection of rules to use to inspect and control
+-- web requests. Each rule has an action defined (allow, block, or count)
+-- for requests that match the statement of the rule. In the web ACL, you
+-- assign a default action to take (allow, block) for any request that does
+-- not match any of the rules. The rules in a web ACL can be a combination
+-- of the types Rule, RuleGroup, and managed rule group. You can associate
+-- a web ACL with one or more Amazon Web Services resources to protect. The
+-- resources can be an Amazon CloudFront distribution, an Amazon API
+-- Gateway REST API, an Application Load Balancer, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+module Amazonka.WAFV2.UpdateWebACL
+  ( -- * Creating a Request
+    UpdateWebACL (..),
+    newUpdateWebACL,
+
+    -- * Request Lenses
+    updateWebACL_captchaConfig,
+    updateWebACL_challengeConfig,
+    updateWebACL_customResponseBodies,
+    updateWebACL_description,
+    updateWebACL_rules,
+    updateWebACL_tokenDomains,
+    updateWebACL_name,
+    updateWebACL_scope,
+    updateWebACL_id,
+    updateWebACL_defaultAction,
+    updateWebACL_visibilityConfig,
+    updateWebACL_lockToken,
+
+    -- * Destructuring the Response
+    UpdateWebACLResponse (..),
+    newUpdateWebACLResponse,
+
+    -- * Response Lenses
+    updateWebACLResponse_nextLockToken,
+    updateWebACLResponse_httpStatus,
+  )
+where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import qualified Amazonka.Request as Request
+import qualified Amazonka.Response as Response
+import Amazonka.WAFV2.Types
+
+-- | /See:/ 'newUpdateWebACL' smart constructor.
+data UpdateWebACL = UpdateWebACL'
+  { -- | Specifies how WAF should handle @CAPTCHA@ evaluations for rules that
+    -- don\'t have their own @CaptchaConfig@ settings. If you don\'t specify
+    -- this, WAF uses its default settings for @CaptchaConfig@.
+    captchaConfig :: Prelude.Maybe CaptchaConfig,
+    -- | Specifies how WAF should handle challenge evaluations for rules that
+    -- don\'t have their own @ChallengeConfig@ settings. If you don\'t specify
+    -- this, WAF uses its default settings for @ChallengeConfig@.
+    challengeConfig :: Prelude.Maybe ChallengeConfig,
+    -- | A map of custom response keys and content bodies. When you create a rule
+    -- with a block action, you can send a custom response to the web request.
+    -- You define these for the web ACL, and then use them in the rules and
+    -- default actions that you define in the web ACL.
+    --
+    -- For information about customizing web requests and responses, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+    -- in the
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+    --
+    -- For information about the limits on count and size for custom request
+    -- and response settings, see
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+    -- in the
+    -- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+    customResponseBodies :: Prelude.Maybe (Prelude.HashMap Prelude.Text CustomResponseBody),
+    -- | A description of the web ACL that helps with identification.
+    description :: Prelude.Maybe Prelude.Text,
+    -- | The Rule statements used to identify the web requests that you want to
+    -- allow, block, or count. Each rule includes one top-level statement that
+    -- WAF uses to identify matching web requests, and parameters that govern
+    -- how WAF handles them.
+    rules :: Prelude.Maybe [Rule],
+    -- | Specifies the domains that WAF should accept in a web request token.
+    -- This enables the use of tokens across multiple protected websites. When
+    -- WAF provides a token, it uses the domain of the Amazon Web Services
+    -- resource that the web ACL is protecting. If you don\'t specify a list of
+    -- token domains, WAF accepts tokens only for the domain of the protected
+    -- resource. With a token domain list, WAF accepts the resource\'s host
+    -- domain plus all domains in the token domain list, including their
+    -- prefixed subdomains.
+    --
+    -- Example JSON:
+    -- @\"TokenDomains\": { \"mywebsite.com\", \"myotherwebsite.com\" }@
+    --
+    -- Public suffixes aren\'t allowed. For example, you can\'t use @usa.gov@
+    -- or @co.uk@ as token domains.
+    tokenDomains :: Prelude.Maybe (Prelude.NonEmpty Prelude.Text),
+    -- | The name of the web ACL. You cannot change the name of a web ACL after
+    -- you create it.
+    name :: Prelude.Text,
+    -- | Specifies whether this is for an Amazon CloudFront distribution or for a
+    -- regional application. A regional application can be an Application Load
+    -- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+    -- or an Amazon Cognito user pool.
+    --
+    -- To work with CloudFront, you must also specify the Region US East (N.
+    -- Virginia) as follows:
+    --
+    -- -   CLI - Specify the Region when you use the CloudFront scope:
+    --     @--scope=CLOUDFRONT --region=us-east-1@.
+    --
+    -- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+    scope :: Scope,
+    -- | The unique identifier for the web ACL. This ID is returned in the
+    -- responses to create and list commands. You provide it to operations like
+    -- update and delete.
+    id :: Prelude.Text,
+    -- | The action to perform if none of the @Rules@ contained in the @WebACL@
+    -- match.
+    defaultAction :: DefaultAction,
+    -- | Defines and enables Amazon CloudWatch metrics and web request sample
+    -- collection.
+    visibilityConfig :: VisibilityConfig,
+    -- | A token used for optimistic locking. WAF returns a token to your @get@
+    -- and @list@ requests, to mark the state of the entity at the time of the
+    -- request. To make changes to the entity associated with the token, you
+    -- provide the token to operations like @update@ and @delete@. WAF uses the
+    -- token to ensure that no changes have been made to the entity since you
+    -- last retrieved it. If a change has been made, the update fails with a
+    -- @WAFOptimisticLockException@. If this happens, perform another @get@,
+    -- and use the new token returned by that operation.
+    lockToken :: Prelude.Text
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateWebACL' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'captchaConfig', 'updateWebACL_captchaConfig' - Specifies how WAF should handle @CAPTCHA@ evaluations for rules that
+-- don\'t have their own @CaptchaConfig@ settings. If you don\'t specify
+-- this, WAF uses its default settings for @CaptchaConfig@.
+--
+-- 'challengeConfig', 'updateWebACL_challengeConfig' - Specifies how WAF should handle challenge evaluations for rules that
+-- don\'t have their own @ChallengeConfig@ settings. If you don\'t specify
+-- this, WAF uses its default settings for @ChallengeConfig@.
+--
+-- 'customResponseBodies', 'updateWebACL_customResponseBodies' - A map of custom response keys and content bodies. When you create a rule
+-- with a block action, you can send a custom response to the web request.
+-- You define these for the web ACL, and then use them in the rules and
+-- default actions that you define in the web ACL.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- For information about the limits on count and size for custom request
+-- and response settings, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- 'description', 'updateWebACL_description' - A description of the web ACL that helps with identification.
+--
+-- 'rules', 'updateWebACL_rules' - The Rule statements used to identify the web requests that you want to
+-- allow, block, or count. Each rule includes one top-level statement that
+-- WAF uses to identify matching web requests, and parameters that govern
+-- how WAF handles them.
+--
+-- 'tokenDomains', 'updateWebACL_tokenDomains' - Specifies the domains that WAF should accept in a web request token.
+-- This enables the use of tokens across multiple protected websites. When
+-- WAF provides a token, it uses the domain of the Amazon Web Services
+-- resource that the web ACL is protecting. If you don\'t specify a list of
+-- token domains, WAF accepts tokens only for the domain of the protected
+-- resource. With a token domain list, WAF accepts the resource\'s host
+-- domain plus all domains in the token domain list, including their
+-- prefixed subdomains.
+--
+-- Example JSON:
+-- @\"TokenDomains\": { \"mywebsite.com\", \"myotherwebsite.com\" }@
+--
+-- Public suffixes aren\'t allowed. For example, you can\'t use @usa.gov@
+-- or @co.uk@ as token domains.
+--
+-- 'name', 'updateWebACL_name' - The name of the web ACL. You cannot change the name of a web ACL after
+-- you create it.
+--
+-- 'scope', 'updateWebACL_scope' - Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+--
+-- 'id', 'updateWebACL_id' - The unique identifier for the web ACL. This ID is returned in the
+-- responses to create and list commands. You provide it to operations like
+-- update and delete.
+--
+-- 'defaultAction', 'updateWebACL_defaultAction' - The action to perform if none of the @Rules@ contained in the @WebACL@
+-- match.
+--
+-- 'visibilityConfig', 'updateWebACL_visibilityConfig' - Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+--
+-- 'lockToken', 'updateWebACL_lockToken' - A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+newUpdateWebACL ::
+  -- | 'name'
+  Prelude.Text ->
+  -- | 'scope'
+  Scope ->
+  -- | 'id'
+  Prelude.Text ->
+  -- | 'defaultAction'
+  DefaultAction ->
+  -- | 'visibilityConfig'
+  VisibilityConfig ->
+  -- | 'lockToken'
+  Prelude.Text ->
+  UpdateWebACL
+newUpdateWebACL
+  pName_
+  pScope_
+  pId_
+  pDefaultAction_
+  pVisibilityConfig_
+  pLockToken_ =
+    UpdateWebACL'
+      { captchaConfig = Prelude.Nothing,
+        challengeConfig = Prelude.Nothing,
+        customResponseBodies = Prelude.Nothing,
+        description = Prelude.Nothing,
+        rules = Prelude.Nothing,
+        tokenDomains = Prelude.Nothing,
+        name = pName_,
+        scope = pScope_,
+        id = pId_,
+        defaultAction = pDefaultAction_,
+        visibilityConfig = pVisibilityConfig_,
+        lockToken = pLockToken_
+      }
+
+-- | Specifies how WAF should handle @CAPTCHA@ evaluations for rules that
+-- don\'t have their own @CaptchaConfig@ settings. If you don\'t specify
+-- this, WAF uses its default settings for @CaptchaConfig@.
+updateWebACL_captchaConfig :: Lens.Lens' UpdateWebACL (Prelude.Maybe CaptchaConfig)
+updateWebACL_captchaConfig = Lens.lens (\UpdateWebACL' {captchaConfig} -> captchaConfig) (\s@UpdateWebACL' {} a -> s {captchaConfig = a} :: UpdateWebACL)
+
+-- | Specifies how WAF should handle challenge evaluations for rules that
+-- don\'t have their own @ChallengeConfig@ settings. If you don\'t specify
+-- this, WAF uses its default settings for @ChallengeConfig@.
+updateWebACL_challengeConfig :: Lens.Lens' UpdateWebACL (Prelude.Maybe ChallengeConfig)
+updateWebACL_challengeConfig = Lens.lens (\UpdateWebACL' {challengeConfig} -> challengeConfig) (\s@UpdateWebACL' {} a -> s {challengeConfig = a} :: UpdateWebACL)
+
+-- | A map of custom response keys and content bodies. When you create a rule
+-- with a block action, you can send a custom response to the web request.
+-- You define these for the web ACL, and then use them in the rules and
+-- default actions that you define in the web ACL.
+--
+-- For information about customizing web requests and responses, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-custom-request-response.html Customizing web requests and responses in WAF>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+--
+-- For information about the limits on count and size for custom request
+-- and response settings, see
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/limits.html WAF quotas>
+-- in the
+-- <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html WAF Developer Guide>.
+updateWebACL_customResponseBodies :: Lens.Lens' UpdateWebACL (Prelude.Maybe (Prelude.HashMap Prelude.Text CustomResponseBody))
+updateWebACL_customResponseBodies = Lens.lens (\UpdateWebACL' {customResponseBodies} -> customResponseBodies) (\s@UpdateWebACL' {} a -> s {customResponseBodies = a} :: UpdateWebACL) Prelude.. Lens.mapping Lens.coerced
+
+-- | A description of the web ACL that helps with identification.
+updateWebACL_description :: Lens.Lens' UpdateWebACL (Prelude.Maybe Prelude.Text)
+updateWebACL_description = Lens.lens (\UpdateWebACL' {description} -> description) (\s@UpdateWebACL' {} a -> s {description = a} :: UpdateWebACL)
+
+-- | The Rule statements used to identify the web requests that you want to
+-- allow, block, or count. Each rule includes one top-level statement that
+-- WAF uses to identify matching web requests, and parameters that govern
+-- how WAF handles them.
+updateWebACL_rules :: Lens.Lens' UpdateWebACL (Prelude.Maybe [Rule])
+updateWebACL_rules = Lens.lens (\UpdateWebACL' {rules} -> rules) (\s@UpdateWebACL' {} a -> s {rules = a} :: UpdateWebACL) Prelude.. Lens.mapping Lens.coerced
+
+-- | Specifies the domains that WAF should accept in a web request token.
+-- This enables the use of tokens across multiple protected websites. When
+-- WAF provides a token, it uses the domain of the Amazon Web Services
+-- resource that the web ACL is protecting. If you don\'t specify a list of
+-- token domains, WAF accepts tokens only for the domain of the protected
+-- resource. With a token domain list, WAF accepts the resource\'s host
+-- domain plus all domains in the token domain list, including their
+-- prefixed subdomains.
+--
+-- Example JSON:
+-- @\"TokenDomains\": { \"mywebsite.com\", \"myotherwebsite.com\" }@
+--
+-- Public suffixes aren\'t allowed. For example, you can\'t use @usa.gov@
+-- or @co.uk@ as token domains.
+updateWebACL_tokenDomains :: Lens.Lens' UpdateWebACL (Prelude.Maybe (Prelude.NonEmpty Prelude.Text))
+updateWebACL_tokenDomains = Lens.lens (\UpdateWebACL' {tokenDomains} -> tokenDomains) (\s@UpdateWebACL' {} a -> s {tokenDomains = a} :: UpdateWebACL) Prelude.. Lens.mapping Lens.coerced
+
+-- | The name of the web ACL. You cannot change the name of a web ACL after
+-- you create it.
+updateWebACL_name :: Lens.Lens' UpdateWebACL Prelude.Text
+updateWebACL_name = Lens.lens (\UpdateWebACL' {name} -> name) (\s@UpdateWebACL' {} a -> s {name = a} :: UpdateWebACL)
+
+-- | Specifies whether this is for an Amazon CloudFront distribution or for a
+-- regional application. A regional application can be an Application Load
+-- Balancer (ALB), an Amazon API Gateway REST API, an AppSync GraphQL API,
+-- or an Amazon Cognito user pool.
+--
+-- To work with CloudFront, you must also specify the Region US East (N.
+-- Virginia) as follows:
+--
+-- -   CLI - Specify the Region when you use the CloudFront scope:
+--     @--scope=CLOUDFRONT --region=us-east-1@.
+--
+-- -   API and SDKs - For all calls, use the Region endpoint us-east-1.
+updateWebACL_scope :: Lens.Lens' UpdateWebACL Scope
+updateWebACL_scope = Lens.lens (\UpdateWebACL' {scope} -> scope) (\s@UpdateWebACL' {} a -> s {scope = a} :: UpdateWebACL)
+
+-- | The unique identifier for the web ACL. This ID is returned in the
+-- responses to create and list commands. You provide it to operations like
+-- update and delete.
+updateWebACL_id :: Lens.Lens' UpdateWebACL Prelude.Text
+updateWebACL_id = Lens.lens (\UpdateWebACL' {id} -> id) (\s@UpdateWebACL' {} a -> s {id = a} :: UpdateWebACL)
+
+-- | The action to perform if none of the @Rules@ contained in the @WebACL@
+-- match.
+updateWebACL_defaultAction :: Lens.Lens' UpdateWebACL DefaultAction
+updateWebACL_defaultAction = Lens.lens (\UpdateWebACL' {defaultAction} -> defaultAction) (\s@UpdateWebACL' {} a -> s {defaultAction = a} :: UpdateWebACL)
+
+-- | Defines and enables Amazon CloudWatch metrics and web request sample
+-- collection.
+updateWebACL_visibilityConfig :: Lens.Lens' UpdateWebACL VisibilityConfig
+updateWebACL_visibilityConfig = Lens.lens (\UpdateWebACL' {visibilityConfig} -> visibilityConfig) (\s@UpdateWebACL' {} a -> s {visibilityConfig = a} :: UpdateWebACL)
+
+-- | A token used for optimistic locking. WAF returns a token to your @get@
+-- and @list@ requests, to mark the state of the entity at the time of the
+-- request. To make changes to the entity associated with the token, you
+-- provide the token to operations like @update@ and @delete@. WAF uses the
+-- token to ensure that no changes have been made to the entity since you
+-- last retrieved it. If a change has been made, the update fails with a
+-- @WAFOptimisticLockException@. If this happens, perform another @get@,
+-- and use the new token returned by that operation.
+updateWebACL_lockToken :: Lens.Lens' UpdateWebACL Prelude.Text
+updateWebACL_lockToken = Lens.lens (\UpdateWebACL' {lockToken} -> lockToken) (\s@UpdateWebACL' {} a -> s {lockToken = a} :: UpdateWebACL)
+
+instance Core.AWSRequest UpdateWebACL where
+  type AWSResponse UpdateWebACL = UpdateWebACLResponse
+  request overrides =
+    Request.postJSON (overrides defaultService)
+  response =
+    Response.receiveJSON
+      ( \s h x ->
+          UpdateWebACLResponse'
+            Prelude.<$> (x Data..?> "NextLockToken")
+            Prelude.<*> (Prelude.pure (Prelude.fromEnum s))
+      )
+
+instance Prelude.Hashable UpdateWebACL where
+  hashWithSalt _salt UpdateWebACL' {..} =
+    _salt
+      `Prelude.hashWithSalt` captchaConfig
+      `Prelude.hashWithSalt` challengeConfig
+      `Prelude.hashWithSalt` customResponseBodies
+      `Prelude.hashWithSalt` description
+      `Prelude.hashWithSalt` rules
+      `Prelude.hashWithSalt` tokenDomains
+      `Prelude.hashWithSalt` name
+      `Prelude.hashWithSalt` scope
+      `Prelude.hashWithSalt` id
+      `Prelude.hashWithSalt` defaultAction
+      `Prelude.hashWithSalt` visibilityConfig
+      `Prelude.hashWithSalt` lockToken
+
+instance Prelude.NFData UpdateWebACL where
+  rnf UpdateWebACL' {..} =
+    Prelude.rnf captchaConfig
+      `Prelude.seq` Prelude.rnf challengeConfig
+      `Prelude.seq` Prelude.rnf customResponseBodies
+      `Prelude.seq` Prelude.rnf description
+      `Prelude.seq` Prelude.rnf rules
+      `Prelude.seq` Prelude.rnf tokenDomains
+      `Prelude.seq` Prelude.rnf name
+      `Prelude.seq` Prelude.rnf scope
+      `Prelude.seq` Prelude.rnf id
+      `Prelude.seq` Prelude.rnf defaultAction
+      `Prelude.seq` Prelude.rnf visibilityConfig
+      `Prelude.seq` Prelude.rnf lockToken
+
+instance Data.ToHeaders UpdateWebACL where
+  toHeaders =
+    Prelude.const
+      ( Prelude.mconcat
+          [ "X-Amz-Target"
+              Data.=# ( "AWSWAF_20190729.UpdateWebACL" ::
+                          Prelude.ByteString
+                      ),
+            "Content-Type"
+              Data.=# ( "application/x-amz-json-1.1" ::
+                          Prelude.ByteString
+                      )
+          ]
+      )
+
+instance Data.ToJSON UpdateWebACL where
+  toJSON UpdateWebACL' {..} =
+    Data.object
+      ( Prelude.catMaybes
+          [ ("CaptchaConfig" Data..=) Prelude.<$> captchaConfig,
+            ("ChallengeConfig" Data..=)
+              Prelude.<$> challengeConfig,
+            ("CustomResponseBodies" Data..=)
+              Prelude.<$> customResponseBodies,
+            ("Description" Data..=) Prelude.<$> description,
+            ("Rules" Data..=) Prelude.<$> rules,
+            ("TokenDomains" Data..=) Prelude.<$> tokenDomains,
+            Prelude.Just ("Name" Data..= name),
+            Prelude.Just ("Scope" Data..= scope),
+            Prelude.Just ("Id" Data..= id),
+            Prelude.Just ("DefaultAction" Data..= defaultAction),
+            Prelude.Just
+              ("VisibilityConfig" Data..= visibilityConfig),
+            Prelude.Just ("LockToken" Data..= lockToken)
+          ]
+      )
+
+instance Data.ToPath UpdateWebACL where
+  toPath = Prelude.const "/"
+
+instance Data.ToQuery UpdateWebACL where
+  toQuery = Prelude.const Prelude.mempty
+
+-- | /See:/ 'newUpdateWebACLResponse' smart constructor.
+data UpdateWebACLResponse = UpdateWebACLResponse'
+  { -- | A token used for optimistic locking. WAF returns this token to your
+    -- @update@ requests. You use @NextLockToken@ in the same manner as you use
+    -- @LockToken@.
+    nextLockToken :: Prelude.Maybe Prelude.Text,
+    -- | The response's http status code.
+    httpStatus :: Prelude.Int
+  }
+  deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)
+
+-- |
+-- Create a value of 'UpdateWebACLResponse' with all optional fields omitted.
+--
+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.
+--
+-- The following record fields are available, with the corresponding lenses provided
+-- for backwards compatibility:
+--
+-- 'nextLockToken', 'updateWebACLResponse_nextLockToken' - A token used for optimistic locking. WAF returns this token to your
+-- @update@ requests. You use @NextLockToken@ in the same manner as you use
+-- @LockToken@.
+--
+-- 'httpStatus', 'updateWebACLResponse_httpStatus' - The response's http status code.
+newUpdateWebACLResponse ::
+  -- | 'httpStatus'
+  Prelude.Int ->
+  UpdateWebACLResponse
+newUpdateWebACLResponse pHttpStatus_ =
+  UpdateWebACLResponse'
+    { nextLockToken =
+        Prelude.Nothing,
+      httpStatus = pHttpStatus_
+    }
+
+-- | A token used for optimistic locking. WAF returns this token to your
+-- @update@ requests. You use @NextLockToken@ in the same manner as you use
+-- @LockToken@.
+updateWebACLResponse_nextLockToken :: Lens.Lens' UpdateWebACLResponse (Prelude.Maybe Prelude.Text)
+updateWebACLResponse_nextLockToken = Lens.lens (\UpdateWebACLResponse' {nextLockToken} -> nextLockToken) (\s@UpdateWebACLResponse' {} a -> s {nextLockToken = a} :: UpdateWebACLResponse)
+
+-- | The response's http status code.
+updateWebACLResponse_httpStatus :: Lens.Lens' UpdateWebACLResponse Prelude.Int
+updateWebACLResponse_httpStatus = Lens.lens (\UpdateWebACLResponse' {httpStatus} -> httpStatus) (\s@UpdateWebACLResponse' {} a -> s {httpStatus = a} :: UpdateWebACLResponse)
+
+instance Prelude.NFData UpdateWebACLResponse where
+  rnf UpdateWebACLResponse' {..} =
+    Prelude.rnf nextLockToken
+      `Prelude.seq` Prelude.rnf httpStatus
diff --git a/gen/Amazonka/WAFV2/Waiters.hs b/gen/Amazonka/WAFV2/Waiters.hs
new file mode 100644
--- /dev/null
+++ b/gen/Amazonka/WAFV2/Waiters.hs
@@ -0,0 +1,24 @@
+{-# LANGUAGE DisambiguateRecordFields #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE StrictData #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE NoImplicitPrelude #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Amazonka.WAFV2.Waiters
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Amazonka.WAFV2.Waiters where
+
+import qualified Amazonka.Core as Core
+import qualified Amazonka.Core.Lens.Internal as Lens
+import qualified Amazonka.Data as Data
+import qualified Amazonka.Prelude as Prelude
+import Amazonka.WAFV2.Lens
+import Amazonka.WAFV2.Types
diff --git a/src/.gitkeep b/src/.gitkeep
new file mode 100644
--- /dev/null
+++ b/src/.gitkeep
diff --git a/test/Main.hs b/test/Main.hs
new file mode 100644
--- /dev/null
+++ b/test/Main.hs
@@ -0,0 +1,23 @@
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- |
+-- Module      : Main
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Main (main) where
+
+import Test.Amazonka.WAFV2
+import Test.Amazonka.WAFV2.Internal
+import Test.Tasty
+
+main :: IO ()
+main =
+  defaultMain $
+    testGroup
+      "WAFV2"
+      [ testGroup "tests" tests,
+        testGroup "fixtures" fixtures
+      ]
diff --git a/test/Test/Amazonka/Gen/WAFV2.hs b/test/Test/Amazonka/Gen/WAFV2.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/Gen/WAFV2.hs
@@ -0,0 +1,998 @@
+{-# OPTIONS_GHC -fno-warn-orphans #-}
+{-# OPTIONS_GHC -fno-warn-unused-imports #-}
+
+-- Derived from AWS service descriptions, licensed under Apache 2.0.
+
+-- |
+-- Module      : Test.Amazonka.Gen.WAFV2
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.Gen.WAFV2 where
+
+import Amazonka.WAFV2
+import qualified Data.Proxy as Proxy
+import Test.Amazonka.Fixture
+import Test.Amazonka.Prelude
+import Test.Amazonka.WAFV2.Internal
+import Test.Tasty
+
+-- Auto-generated: the actual test selection needs to be manually placed into
+-- the top-level so that real test data can be incrementally added.
+--
+-- This commented snippet is what the entire set should look like:
+
+-- fixtures :: TestTree
+-- fixtures =
+--     [ testGroup "request"
+--         [ requestAssociateWebACL $
+--             newAssociateWebACL
+--
+--         , requestCheckCapacity $
+--             newCheckCapacity
+--
+--         , requestCreateIPSet $
+--             newCreateIPSet
+--
+--         , requestCreateRegexPatternSet $
+--             newCreateRegexPatternSet
+--
+--         , requestCreateRuleGroup $
+--             newCreateRuleGroup
+--
+--         , requestCreateWebACL $
+--             newCreateWebACL
+--
+--         , requestDeleteFirewallManagerRuleGroups $
+--             newDeleteFirewallManagerRuleGroups
+--
+--         , requestDeleteIPSet $
+--             newDeleteIPSet
+--
+--         , requestDeleteLoggingConfiguration $
+--             newDeleteLoggingConfiguration
+--
+--         , requestDeletePermissionPolicy $
+--             newDeletePermissionPolicy
+--
+--         , requestDeleteRegexPatternSet $
+--             newDeleteRegexPatternSet
+--
+--         , requestDeleteRuleGroup $
+--             newDeleteRuleGroup
+--
+--         , requestDeleteWebACL $
+--             newDeleteWebACL
+--
+--         , requestDescribeManagedRuleGroup $
+--             newDescribeManagedRuleGroup
+--
+--         , requestDisassociateWebACL $
+--             newDisassociateWebACL
+--
+--         , requestGenerateMobileSdkReleaseUrl $
+--             newGenerateMobileSdkReleaseUrl
+--
+--         , requestGetIPSet $
+--             newGetIPSet
+--
+--         , requestGetLoggingConfiguration $
+--             newGetLoggingConfiguration
+--
+--         , requestGetManagedRuleSet $
+--             newGetManagedRuleSet
+--
+--         , requestGetMobileSdkRelease $
+--             newGetMobileSdkRelease
+--
+--         , requestGetPermissionPolicy $
+--             newGetPermissionPolicy
+--
+--         , requestGetRateBasedStatementManagedKeys $
+--             newGetRateBasedStatementManagedKeys
+--
+--         , requestGetRegexPatternSet $
+--             newGetRegexPatternSet
+--
+--         , requestGetRuleGroup $
+--             newGetRuleGroup
+--
+--         , requestGetSampledRequests $
+--             newGetSampledRequests
+--
+--         , requestGetWebACL $
+--             newGetWebACL
+--
+--         , requestGetWebACLForResource $
+--             newGetWebACLForResource
+--
+--         , requestListAvailableManagedRuleGroupVersions $
+--             newListAvailableManagedRuleGroupVersions
+--
+--         , requestListAvailableManagedRuleGroups $
+--             newListAvailableManagedRuleGroups
+--
+--         , requestListIPSets $
+--             newListIPSets
+--
+--         , requestListLoggingConfigurations $
+--             newListLoggingConfigurations
+--
+--         , requestListManagedRuleSets $
+--             newListManagedRuleSets
+--
+--         , requestListMobileSdkReleases $
+--             newListMobileSdkReleases
+--
+--         , requestListRegexPatternSets $
+--             newListRegexPatternSets
+--
+--         , requestListResourcesForWebACL $
+--             newListResourcesForWebACL
+--
+--         , requestListRuleGroups $
+--             newListRuleGroups
+--
+--         , requestListTagsForResource $
+--             newListTagsForResource
+--
+--         , requestListWebACLs $
+--             newListWebACLs
+--
+--         , requestPutLoggingConfiguration $
+--             newPutLoggingConfiguration
+--
+--         , requestPutManagedRuleSetVersions $
+--             newPutManagedRuleSetVersions
+--
+--         , requestPutPermissionPolicy $
+--             newPutPermissionPolicy
+--
+--         , requestTagResource $
+--             newTagResource
+--
+--         , requestUntagResource $
+--             newUntagResource
+--
+--         , requestUpdateIPSet $
+--             newUpdateIPSet
+--
+--         , requestUpdateManagedRuleSetVersionExpiryDate $
+--             newUpdateManagedRuleSetVersionExpiryDate
+--
+--         , requestUpdateRegexPatternSet $
+--             newUpdateRegexPatternSet
+--
+--         , requestUpdateRuleGroup $
+--             newUpdateRuleGroup
+--
+--         , requestUpdateWebACL $
+--             newUpdateWebACL
+--
+--           ]
+
+--     , testGroup "response"
+--         [ responseAssociateWebACL $
+--             newAssociateWebACLResponse
+--
+--         , responseCheckCapacity $
+--             newCheckCapacityResponse
+--
+--         , responseCreateIPSet $
+--             newCreateIPSetResponse
+--
+--         , responseCreateRegexPatternSet $
+--             newCreateRegexPatternSetResponse
+--
+--         , responseCreateRuleGroup $
+--             newCreateRuleGroupResponse
+--
+--         , responseCreateWebACL $
+--             newCreateWebACLResponse
+--
+--         , responseDeleteFirewallManagerRuleGroups $
+--             newDeleteFirewallManagerRuleGroupsResponse
+--
+--         , responseDeleteIPSet $
+--             newDeleteIPSetResponse
+--
+--         , responseDeleteLoggingConfiguration $
+--             newDeleteLoggingConfigurationResponse
+--
+--         , responseDeletePermissionPolicy $
+--             newDeletePermissionPolicyResponse
+--
+--         , responseDeleteRegexPatternSet $
+--             newDeleteRegexPatternSetResponse
+--
+--         , responseDeleteRuleGroup $
+--             newDeleteRuleGroupResponse
+--
+--         , responseDeleteWebACL $
+--             newDeleteWebACLResponse
+--
+--         , responseDescribeManagedRuleGroup $
+--             newDescribeManagedRuleGroupResponse
+--
+--         , responseDisassociateWebACL $
+--             newDisassociateWebACLResponse
+--
+--         , responseGenerateMobileSdkReleaseUrl $
+--             newGenerateMobileSdkReleaseUrlResponse
+--
+--         , responseGetIPSet $
+--             newGetIPSetResponse
+--
+--         , responseGetLoggingConfiguration $
+--             newGetLoggingConfigurationResponse
+--
+--         , responseGetManagedRuleSet $
+--             newGetManagedRuleSetResponse
+--
+--         , responseGetMobileSdkRelease $
+--             newGetMobileSdkReleaseResponse
+--
+--         , responseGetPermissionPolicy $
+--             newGetPermissionPolicyResponse
+--
+--         , responseGetRateBasedStatementManagedKeys $
+--             newGetRateBasedStatementManagedKeysResponse
+--
+--         , responseGetRegexPatternSet $
+--             newGetRegexPatternSetResponse
+--
+--         , responseGetRuleGroup $
+--             newGetRuleGroupResponse
+--
+--         , responseGetSampledRequests $
+--             newGetSampledRequestsResponse
+--
+--         , responseGetWebACL $
+--             newGetWebACLResponse
+--
+--         , responseGetWebACLForResource $
+--             newGetWebACLForResourceResponse
+--
+--         , responseListAvailableManagedRuleGroupVersions $
+--             newListAvailableManagedRuleGroupVersionsResponse
+--
+--         , responseListAvailableManagedRuleGroups $
+--             newListAvailableManagedRuleGroupsResponse
+--
+--         , responseListIPSets $
+--             newListIPSetsResponse
+--
+--         , responseListLoggingConfigurations $
+--             newListLoggingConfigurationsResponse
+--
+--         , responseListManagedRuleSets $
+--             newListManagedRuleSetsResponse
+--
+--         , responseListMobileSdkReleases $
+--             newListMobileSdkReleasesResponse
+--
+--         , responseListRegexPatternSets $
+--             newListRegexPatternSetsResponse
+--
+--         , responseListResourcesForWebACL $
+--             newListResourcesForWebACLResponse
+--
+--         , responseListRuleGroups $
+--             newListRuleGroupsResponse
+--
+--         , responseListTagsForResource $
+--             newListTagsForResourceResponse
+--
+--         , responseListWebACLs $
+--             newListWebACLsResponse
+--
+--         , responsePutLoggingConfiguration $
+--             newPutLoggingConfigurationResponse
+--
+--         , responsePutManagedRuleSetVersions $
+--             newPutManagedRuleSetVersionsResponse
+--
+--         , responsePutPermissionPolicy $
+--             newPutPermissionPolicyResponse
+--
+--         , responseTagResource $
+--             newTagResourceResponse
+--
+--         , responseUntagResource $
+--             newUntagResourceResponse
+--
+--         , responseUpdateIPSet $
+--             newUpdateIPSetResponse
+--
+--         , responseUpdateManagedRuleSetVersionExpiryDate $
+--             newUpdateManagedRuleSetVersionExpiryDateResponse
+--
+--         , responseUpdateRegexPatternSet $
+--             newUpdateRegexPatternSetResponse
+--
+--         , responseUpdateRuleGroup $
+--             newUpdateRuleGroupResponse
+--
+--         , responseUpdateWebACL $
+--             newUpdateWebACLResponse
+--
+--           ]
+--     ]
+
+-- Requests
+
+requestAssociateWebACL :: AssociateWebACL -> TestTree
+requestAssociateWebACL =
+  req
+    "AssociateWebACL"
+    "fixture/AssociateWebACL.yaml"
+
+requestCheckCapacity :: CheckCapacity -> TestTree
+requestCheckCapacity =
+  req
+    "CheckCapacity"
+    "fixture/CheckCapacity.yaml"
+
+requestCreateIPSet :: CreateIPSet -> TestTree
+requestCreateIPSet =
+  req
+    "CreateIPSet"
+    "fixture/CreateIPSet.yaml"
+
+requestCreateRegexPatternSet :: CreateRegexPatternSet -> TestTree
+requestCreateRegexPatternSet =
+  req
+    "CreateRegexPatternSet"
+    "fixture/CreateRegexPatternSet.yaml"
+
+requestCreateRuleGroup :: CreateRuleGroup -> TestTree
+requestCreateRuleGroup =
+  req
+    "CreateRuleGroup"
+    "fixture/CreateRuleGroup.yaml"
+
+requestCreateWebACL :: CreateWebACL -> TestTree
+requestCreateWebACL =
+  req
+    "CreateWebACL"
+    "fixture/CreateWebACL.yaml"
+
+requestDeleteFirewallManagerRuleGroups :: DeleteFirewallManagerRuleGroups -> TestTree
+requestDeleteFirewallManagerRuleGroups =
+  req
+    "DeleteFirewallManagerRuleGroups"
+    "fixture/DeleteFirewallManagerRuleGroups.yaml"
+
+requestDeleteIPSet :: DeleteIPSet -> TestTree
+requestDeleteIPSet =
+  req
+    "DeleteIPSet"
+    "fixture/DeleteIPSet.yaml"
+
+requestDeleteLoggingConfiguration :: DeleteLoggingConfiguration -> TestTree
+requestDeleteLoggingConfiguration =
+  req
+    "DeleteLoggingConfiguration"
+    "fixture/DeleteLoggingConfiguration.yaml"
+
+requestDeletePermissionPolicy :: DeletePermissionPolicy -> TestTree
+requestDeletePermissionPolicy =
+  req
+    "DeletePermissionPolicy"
+    "fixture/DeletePermissionPolicy.yaml"
+
+requestDeleteRegexPatternSet :: DeleteRegexPatternSet -> TestTree
+requestDeleteRegexPatternSet =
+  req
+    "DeleteRegexPatternSet"
+    "fixture/DeleteRegexPatternSet.yaml"
+
+requestDeleteRuleGroup :: DeleteRuleGroup -> TestTree
+requestDeleteRuleGroup =
+  req
+    "DeleteRuleGroup"
+    "fixture/DeleteRuleGroup.yaml"
+
+requestDeleteWebACL :: DeleteWebACL -> TestTree
+requestDeleteWebACL =
+  req
+    "DeleteWebACL"
+    "fixture/DeleteWebACL.yaml"
+
+requestDescribeManagedRuleGroup :: DescribeManagedRuleGroup -> TestTree
+requestDescribeManagedRuleGroup =
+  req
+    "DescribeManagedRuleGroup"
+    "fixture/DescribeManagedRuleGroup.yaml"
+
+requestDisassociateWebACL :: DisassociateWebACL -> TestTree
+requestDisassociateWebACL =
+  req
+    "DisassociateWebACL"
+    "fixture/DisassociateWebACL.yaml"
+
+requestGenerateMobileSdkReleaseUrl :: GenerateMobileSdkReleaseUrl -> TestTree
+requestGenerateMobileSdkReleaseUrl =
+  req
+    "GenerateMobileSdkReleaseUrl"
+    "fixture/GenerateMobileSdkReleaseUrl.yaml"
+
+requestGetIPSet :: GetIPSet -> TestTree
+requestGetIPSet =
+  req
+    "GetIPSet"
+    "fixture/GetIPSet.yaml"
+
+requestGetLoggingConfiguration :: GetLoggingConfiguration -> TestTree
+requestGetLoggingConfiguration =
+  req
+    "GetLoggingConfiguration"
+    "fixture/GetLoggingConfiguration.yaml"
+
+requestGetManagedRuleSet :: GetManagedRuleSet -> TestTree
+requestGetManagedRuleSet =
+  req
+    "GetManagedRuleSet"
+    "fixture/GetManagedRuleSet.yaml"
+
+requestGetMobileSdkRelease :: GetMobileSdkRelease -> TestTree
+requestGetMobileSdkRelease =
+  req
+    "GetMobileSdkRelease"
+    "fixture/GetMobileSdkRelease.yaml"
+
+requestGetPermissionPolicy :: GetPermissionPolicy -> TestTree
+requestGetPermissionPolicy =
+  req
+    "GetPermissionPolicy"
+    "fixture/GetPermissionPolicy.yaml"
+
+requestGetRateBasedStatementManagedKeys :: GetRateBasedStatementManagedKeys -> TestTree
+requestGetRateBasedStatementManagedKeys =
+  req
+    "GetRateBasedStatementManagedKeys"
+    "fixture/GetRateBasedStatementManagedKeys.yaml"
+
+requestGetRegexPatternSet :: GetRegexPatternSet -> TestTree
+requestGetRegexPatternSet =
+  req
+    "GetRegexPatternSet"
+    "fixture/GetRegexPatternSet.yaml"
+
+requestGetRuleGroup :: GetRuleGroup -> TestTree
+requestGetRuleGroup =
+  req
+    "GetRuleGroup"
+    "fixture/GetRuleGroup.yaml"
+
+requestGetSampledRequests :: GetSampledRequests -> TestTree
+requestGetSampledRequests =
+  req
+    "GetSampledRequests"
+    "fixture/GetSampledRequests.yaml"
+
+requestGetWebACL :: GetWebACL -> TestTree
+requestGetWebACL =
+  req
+    "GetWebACL"
+    "fixture/GetWebACL.yaml"
+
+requestGetWebACLForResource :: GetWebACLForResource -> TestTree
+requestGetWebACLForResource =
+  req
+    "GetWebACLForResource"
+    "fixture/GetWebACLForResource.yaml"
+
+requestListAvailableManagedRuleGroupVersions :: ListAvailableManagedRuleGroupVersions -> TestTree
+requestListAvailableManagedRuleGroupVersions =
+  req
+    "ListAvailableManagedRuleGroupVersions"
+    "fixture/ListAvailableManagedRuleGroupVersions.yaml"
+
+requestListAvailableManagedRuleGroups :: ListAvailableManagedRuleGroups -> TestTree
+requestListAvailableManagedRuleGroups =
+  req
+    "ListAvailableManagedRuleGroups"
+    "fixture/ListAvailableManagedRuleGroups.yaml"
+
+requestListIPSets :: ListIPSets -> TestTree
+requestListIPSets =
+  req
+    "ListIPSets"
+    "fixture/ListIPSets.yaml"
+
+requestListLoggingConfigurations :: ListLoggingConfigurations -> TestTree
+requestListLoggingConfigurations =
+  req
+    "ListLoggingConfigurations"
+    "fixture/ListLoggingConfigurations.yaml"
+
+requestListManagedRuleSets :: ListManagedRuleSets -> TestTree
+requestListManagedRuleSets =
+  req
+    "ListManagedRuleSets"
+    "fixture/ListManagedRuleSets.yaml"
+
+requestListMobileSdkReleases :: ListMobileSdkReleases -> TestTree
+requestListMobileSdkReleases =
+  req
+    "ListMobileSdkReleases"
+    "fixture/ListMobileSdkReleases.yaml"
+
+requestListRegexPatternSets :: ListRegexPatternSets -> TestTree
+requestListRegexPatternSets =
+  req
+    "ListRegexPatternSets"
+    "fixture/ListRegexPatternSets.yaml"
+
+requestListResourcesForWebACL :: ListResourcesForWebACL -> TestTree
+requestListResourcesForWebACL =
+  req
+    "ListResourcesForWebACL"
+    "fixture/ListResourcesForWebACL.yaml"
+
+requestListRuleGroups :: ListRuleGroups -> TestTree
+requestListRuleGroups =
+  req
+    "ListRuleGroups"
+    "fixture/ListRuleGroups.yaml"
+
+requestListTagsForResource :: ListTagsForResource -> TestTree
+requestListTagsForResource =
+  req
+    "ListTagsForResource"
+    "fixture/ListTagsForResource.yaml"
+
+requestListWebACLs :: ListWebACLs -> TestTree
+requestListWebACLs =
+  req
+    "ListWebACLs"
+    "fixture/ListWebACLs.yaml"
+
+requestPutLoggingConfiguration :: PutLoggingConfiguration -> TestTree
+requestPutLoggingConfiguration =
+  req
+    "PutLoggingConfiguration"
+    "fixture/PutLoggingConfiguration.yaml"
+
+requestPutManagedRuleSetVersions :: PutManagedRuleSetVersions -> TestTree
+requestPutManagedRuleSetVersions =
+  req
+    "PutManagedRuleSetVersions"
+    "fixture/PutManagedRuleSetVersions.yaml"
+
+requestPutPermissionPolicy :: PutPermissionPolicy -> TestTree
+requestPutPermissionPolicy =
+  req
+    "PutPermissionPolicy"
+    "fixture/PutPermissionPolicy.yaml"
+
+requestTagResource :: TagResource -> TestTree
+requestTagResource =
+  req
+    "TagResource"
+    "fixture/TagResource.yaml"
+
+requestUntagResource :: UntagResource -> TestTree
+requestUntagResource =
+  req
+    "UntagResource"
+    "fixture/UntagResource.yaml"
+
+requestUpdateIPSet :: UpdateIPSet -> TestTree
+requestUpdateIPSet =
+  req
+    "UpdateIPSet"
+    "fixture/UpdateIPSet.yaml"
+
+requestUpdateManagedRuleSetVersionExpiryDate :: UpdateManagedRuleSetVersionExpiryDate -> TestTree
+requestUpdateManagedRuleSetVersionExpiryDate =
+  req
+    "UpdateManagedRuleSetVersionExpiryDate"
+    "fixture/UpdateManagedRuleSetVersionExpiryDate.yaml"
+
+requestUpdateRegexPatternSet :: UpdateRegexPatternSet -> TestTree
+requestUpdateRegexPatternSet =
+  req
+    "UpdateRegexPatternSet"
+    "fixture/UpdateRegexPatternSet.yaml"
+
+requestUpdateRuleGroup :: UpdateRuleGroup -> TestTree
+requestUpdateRuleGroup =
+  req
+    "UpdateRuleGroup"
+    "fixture/UpdateRuleGroup.yaml"
+
+requestUpdateWebACL :: UpdateWebACL -> TestTree
+requestUpdateWebACL =
+  req
+    "UpdateWebACL"
+    "fixture/UpdateWebACL.yaml"
+
+-- Responses
+
+responseAssociateWebACL :: AssociateWebACLResponse -> TestTree
+responseAssociateWebACL =
+  res
+    "AssociateWebACLResponse"
+    "fixture/AssociateWebACLResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy AssociateWebACL)
+
+responseCheckCapacity :: CheckCapacityResponse -> TestTree
+responseCheckCapacity =
+  res
+    "CheckCapacityResponse"
+    "fixture/CheckCapacityResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CheckCapacity)
+
+responseCreateIPSet :: CreateIPSetResponse -> TestTree
+responseCreateIPSet =
+  res
+    "CreateIPSetResponse"
+    "fixture/CreateIPSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateIPSet)
+
+responseCreateRegexPatternSet :: CreateRegexPatternSetResponse -> TestTree
+responseCreateRegexPatternSet =
+  res
+    "CreateRegexPatternSetResponse"
+    "fixture/CreateRegexPatternSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateRegexPatternSet)
+
+responseCreateRuleGroup :: CreateRuleGroupResponse -> TestTree
+responseCreateRuleGroup =
+  res
+    "CreateRuleGroupResponse"
+    "fixture/CreateRuleGroupResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateRuleGroup)
+
+responseCreateWebACL :: CreateWebACLResponse -> TestTree
+responseCreateWebACL =
+  res
+    "CreateWebACLResponse"
+    "fixture/CreateWebACLResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy CreateWebACL)
+
+responseDeleteFirewallManagerRuleGroups :: DeleteFirewallManagerRuleGroupsResponse -> TestTree
+responseDeleteFirewallManagerRuleGroups =
+  res
+    "DeleteFirewallManagerRuleGroupsResponse"
+    "fixture/DeleteFirewallManagerRuleGroupsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteFirewallManagerRuleGroups)
+
+responseDeleteIPSet :: DeleteIPSetResponse -> TestTree
+responseDeleteIPSet =
+  res
+    "DeleteIPSetResponse"
+    "fixture/DeleteIPSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteIPSet)
+
+responseDeleteLoggingConfiguration :: DeleteLoggingConfigurationResponse -> TestTree
+responseDeleteLoggingConfiguration =
+  res
+    "DeleteLoggingConfigurationResponse"
+    "fixture/DeleteLoggingConfigurationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteLoggingConfiguration)
+
+responseDeletePermissionPolicy :: DeletePermissionPolicyResponse -> TestTree
+responseDeletePermissionPolicy =
+  res
+    "DeletePermissionPolicyResponse"
+    "fixture/DeletePermissionPolicyResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeletePermissionPolicy)
+
+responseDeleteRegexPatternSet :: DeleteRegexPatternSetResponse -> TestTree
+responseDeleteRegexPatternSet =
+  res
+    "DeleteRegexPatternSetResponse"
+    "fixture/DeleteRegexPatternSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteRegexPatternSet)
+
+responseDeleteRuleGroup :: DeleteRuleGroupResponse -> TestTree
+responseDeleteRuleGroup =
+  res
+    "DeleteRuleGroupResponse"
+    "fixture/DeleteRuleGroupResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteRuleGroup)
+
+responseDeleteWebACL :: DeleteWebACLResponse -> TestTree
+responseDeleteWebACL =
+  res
+    "DeleteWebACLResponse"
+    "fixture/DeleteWebACLResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DeleteWebACL)
+
+responseDescribeManagedRuleGroup :: DescribeManagedRuleGroupResponse -> TestTree
+responseDescribeManagedRuleGroup =
+  res
+    "DescribeManagedRuleGroupResponse"
+    "fixture/DescribeManagedRuleGroupResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DescribeManagedRuleGroup)
+
+responseDisassociateWebACL :: DisassociateWebACLResponse -> TestTree
+responseDisassociateWebACL =
+  res
+    "DisassociateWebACLResponse"
+    "fixture/DisassociateWebACLResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy DisassociateWebACL)
+
+responseGenerateMobileSdkReleaseUrl :: GenerateMobileSdkReleaseUrlResponse -> TestTree
+responseGenerateMobileSdkReleaseUrl =
+  res
+    "GenerateMobileSdkReleaseUrlResponse"
+    "fixture/GenerateMobileSdkReleaseUrlResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GenerateMobileSdkReleaseUrl)
+
+responseGetIPSet :: GetIPSetResponse -> TestTree
+responseGetIPSet =
+  res
+    "GetIPSetResponse"
+    "fixture/GetIPSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetIPSet)
+
+responseGetLoggingConfiguration :: GetLoggingConfigurationResponse -> TestTree
+responseGetLoggingConfiguration =
+  res
+    "GetLoggingConfigurationResponse"
+    "fixture/GetLoggingConfigurationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetLoggingConfiguration)
+
+responseGetManagedRuleSet :: GetManagedRuleSetResponse -> TestTree
+responseGetManagedRuleSet =
+  res
+    "GetManagedRuleSetResponse"
+    "fixture/GetManagedRuleSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetManagedRuleSet)
+
+responseGetMobileSdkRelease :: GetMobileSdkReleaseResponse -> TestTree
+responseGetMobileSdkRelease =
+  res
+    "GetMobileSdkReleaseResponse"
+    "fixture/GetMobileSdkReleaseResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetMobileSdkRelease)
+
+responseGetPermissionPolicy :: GetPermissionPolicyResponse -> TestTree
+responseGetPermissionPolicy =
+  res
+    "GetPermissionPolicyResponse"
+    "fixture/GetPermissionPolicyResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetPermissionPolicy)
+
+responseGetRateBasedStatementManagedKeys :: GetRateBasedStatementManagedKeysResponse -> TestTree
+responseGetRateBasedStatementManagedKeys =
+  res
+    "GetRateBasedStatementManagedKeysResponse"
+    "fixture/GetRateBasedStatementManagedKeysResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetRateBasedStatementManagedKeys)
+
+responseGetRegexPatternSet :: GetRegexPatternSetResponse -> TestTree
+responseGetRegexPatternSet =
+  res
+    "GetRegexPatternSetResponse"
+    "fixture/GetRegexPatternSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetRegexPatternSet)
+
+responseGetRuleGroup :: GetRuleGroupResponse -> TestTree
+responseGetRuleGroup =
+  res
+    "GetRuleGroupResponse"
+    "fixture/GetRuleGroupResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetRuleGroup)
+
+responseGetSampledRequests :: GetSampledRequestsResponse -> TestTree
+responseGetSampledRequests =
+  res
+    "GetSampledRequestsResponse"
+    "fixture/GetSampledRequestsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetSampledRequests)
+
+responseGetWebACL :: GetWebACLResponse -> TestTree
+responseGetWebACL =
+  res
+    "GetWebACLResponse"
+    "fixture/GetWebACLResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetWebACL)
+
+responseGetWebACLForResource :: GetWebACLForResourceResponse -> TestTree
+responseGetWebACLForResource =
+  res
+    "GetWebACLForResourceResponse"
+    "fixture/GetWebACLForResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy GetWebACLForResource)
+
+responseListAvailableManagedRuleGroupVersions :: ListAvailableManagedRuleGroupVersionsResponse -> TestTree
+responseListAvailableManagedRuleGroupVersions =
+  res
+    "ListAvailableManagedRuleGroupVersionsResponse"
+    "fixture/ListAvailableManagedRuleGroupVersionsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListAvailableManagedRuleGroupVersions)
+
+responseListAvailableManagedRuleGroups :: ListAvailableManagedRuleGroupsResponse -> TestTree
+responseListAvailableManagedRuleGroups =
+  res
+    "ListAvailableManagedRuleGroupsResponse"
+    "fixture/ListAvailableManagedRuleGroupsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListAvailableManagedRuleGroups)
+
+responseListIPSets :: ListIPSetsResponse -> TestTree
+responseListIPSets =
+  res
+    "ListIPSetsResponse"
+    "fixture/ListIPSetsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListIPSets)
+
+responseListLoggingConfigurations :: ListLoggingConfigurationsResponse -> TestTree
+responseListLoggingConfigurations =
+  res
+    "ListLoggingConfigurationsResponse"
+    "fixture/ListLoggingConfigurationsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListLoggingConfigurations)
+
+responseListManagedRuleSets :: ListManagedRuleSetsResponse -> TestTree
+responseListManagedRuleSets =
+  res
+    "ListManagedRuleSetsResponse"
+    "fixture/ListManagedRuleSetsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListManagedRuleSets)
+
+responseListMobileSdkReleases :: ListMobileSdkReleasesResponse -> TestTree
+responseListMobileSdkReleases =
+  res
+    "ListMobileSdkReleasesResponse"
+    "fixture/ListMobileSdkReleasesResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListMobileSdkReleases)
+
+responseListRegexPatternSets :: ListRegexPatternSetsResponse -> TestTree
+responseListRegexPatternSets =
+  res
+    "ListRegexPatternSetsResponse"
+    "fixture/ListRegexPatternSetsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListRegexPatternSets)
+
+responseListResourcesForWebACL :: ListResourcesForWebACLResponse -> TestTree
+responseListResourcesForWebACL =
+  res
+    "ListResourcesForWebACLResponse"
+    "fixture/ListResourcesForWebACLResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListResourcesForWebACL)
+
+responseListRuleGroups :: ListRuleGroupsResponse -> TestTree
+responseListRuleGroups =
+  res
+    "ListRuleGroupsResponse"
+    "fixture/ListRuleGroupsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListRuleGroups)
+
+responseListTagsForResource :: ListTagsForResourceResponse -> TestTree
+responseListTagsForResource =
+  res
+    "ListTagsForResourceResponse"
+    "fixture/ListTagsForResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListTagsForResource)
+
+responseListWebACLs :: ListWebACLsResponse -> TestTree
+responseListWebACLs =
+  res
+    "ListWebACLsResponse"
+    "fixture/ListWebACLsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy ListWebACLs)
+
+responsePutLoggingConfiguration :: PutLoggingConfigurationResponse -> TestTree
+responsePutLoggingConfiguration =
+  res
+    "PutLoggingConfigurationResponse"
+    "fixture/PutLoggingConfigurationResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy PutLoggingConfiguration)
+
+responsePutManagedRuleSetVersions :: PutManagedRuleSetVersionsResponse -> TestTree
+responsePutManagedRuleSetVersions =
+  res
+    "PutManagedRuleSetVersionsResponse"
+    "fixture/PutManagedRuleSetVersionsResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy PutManagedRuleSetVersions)
+
+responsePutPermissionPolicy :: PutPermissionPolicyResponse -> TestTree
+responsePutPermissionPolicy =
+  res
+    "PutPermissionPolicyResponse"
+    "fixture/PutPermissionPolicyResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy PutPermissionPolicy)
+
+responseTagResource :: TagResourceResponse -> TestTree
+responseTagResource =
+  res
+    "TagResourceResponse"
+    "fixture/TagResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy TagResource)
+
+responseUntagResource :: UntagResourceResponse -> TestTree
+responseUntagResource =
+  res
+    "UntagResourceResponse"
+    "fixture/UntagResourceResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UntagResource)
+
+responseUpdateIPSet :: UpdateIPSetResponse -> TestTree
+responseUpdateIPSet =
+  res
+    "UpdateIPSetResponse"
+    "fixture/UpdateIPSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateIPSet)
+
+responseUpdateManagedRuleSetVersionExpiryDate :: UpdateManagedRuleSetVersionExpiryDateResponse -> TestTree
+responseUpdateManagedRuleSetVersionExpiryDate =
+  res
+    "UpdateManagedRuleSetVersionExpiryDateResponse"
+    "fixture/UpdateManagedRuleSetVersionExpiryDateResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateManagedRuleSetVersionExpiryDate)
+
+responseUpdateRegexPatternSet :: UpdateRegexPatternSetResponse -> TestTree
+responseUpdateRegexPatternSet =
+  res
+    "UpdateRegexPatternSetResponse"
+    "fixture/UpdateRegexPatternSetResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateRegexPatternSet)
+
+responseUpdateRuleGroup :: UpdateRuleGroupResponse -> TestTree
+responseUpdateRuleGroup =
+  res
+    "UpdateRuleGroupResponse"
+    "fixture/UpdateRuleGroupResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateRuleGroup)
+
+responseUpdateWebACL :: UpdateWebACLResponse -> TestTree
+responseUpdateWebACL =
+  res
+    "UpdateWebACLResponse"
+    "fixture/UpdateWebACLResponse.proto"
+    defaultService
+    (Proxy.Proxy :: Proxy.Proxy UpdateWebACL)
diff --git a/test/Test/Amazonka/WAFV2.hs b/test/Test/Amazonka/WAFV2.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/WAFV2.hs
@@ -0,0 +1,20 @@
+-- |
+-- Module      : Test.Amazonka.WAFV2
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.WAFV2
+  ( tests,
+    fixtures,
+  )
+where
+
+import Test.Tasty (TestTree)
+
+tests :: [TestTree]
+tests = []
+
+fixtures :: [TestTree]
+fixtures = []
diff --git a/test/Test/Amazonka/WAFV2/Internal.hs b/test/Test/Amazonka/WAFV2/Internal.hs
new file mode 100644
--- /dev/null
+++ b/test/Test/Amazonka/WAFV2/Internal.hs
@@ -0,0 +1,8 @@
+-- |
+-- Module      : Test.Amazonka.WAFV2.Internal
+-- Copyright   : (c) 2013-2023 Brendan Hay
+-- License     : Mozilla Public License, v. 2.0.
+-- Maintainer  : Brendan Hay
+-- Stability   : auto-generated
+-- Portability : non-portable (GHC extensions)
+module Test.Amazonka.WAFV2.Internal where
