{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://wafv2.amazonaws.com/schemas/web-acl",
  "title": "AWS WAF Web ACL",
  "description": "Schema representing an AWS WAF Web ACL (Access Control List) resource.",
  "type": "object",
  "required": [
    "Name",
    "Scope",
    "DefaultAction",
    "VisibilityConfig"
  ],
  "properties": {
    "Name": {
      "type": "string",
      "description": "The name of the web ACL.",
      "minLength": 1,
      "maxLength": 128,
      "pattern": "^[\\w+=:#@/\\-,.][\\w+=:#@/\\-,.\\s]+[\\w+=:#@/\\-,.]$"
    },
    "Id": {
      "type": "string",
      "description": "A unique identifier for the web ACL.",
      "minLength": 1,
      "maxLength": 36,
      "pattern": "^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$"
    },
    "ARN": {
      "type": "string",
      "description": "The Amazon Resource Name (ARN) of the web ACL.",
      "pattern": "^arn:aws:wafv2:.+:.+:.*/(web)?acl/.+"
    },
    "Scope": {
      "type": "string",
      "description": "Specifies whether this is for CloudFront or for a regional application.",
      "enum": [
        "CLOUDFRONT",
        "REGIONAL"
      ]
    },
    "DefaultAction": {
      "type": "object",
      "description": "The action to perform if none of the rules match.",
      "properties": {
        "Allow": {
          "type": "object",
          "description": "Allow the request."
        },
        "Block": {
          "type": "object",
          "description": "Block the request."
        }
      }
    },
    "Rules": {
      "type": "array",
      "description": "The rules associated with the web ACL.",
      "items": {
        "$ref": "#/$defs/Rule"
      }
    },
    "VisibilityConfig": {
      "$ref": "#/$defs/VisibilityConfig",
      "description": "Defines the CloudWatch metrics and sampling configuration."
    },
    "Capacity": {
      "type": "integer",
      "description": "The web ACL capacity units (WCUs) consumed by this web ACL."
    },
    "LockToken": {
      "type": "string",
      "description": "A token for optimistic locking."
    },
    "Tags": {
      "type": "array",
      "description": "Tags associated with the web ACL.",
      "items": {
        "$ref": "#/$defs/Tag"
      }
    }
  },
  "$defs": {
    "Rule": {
      "type": "object",
      "description": "A single rule in a web ACL.",
      "required": [
        "Name",
        "Priority",
        "VisibilityConfig"
      ],
      "properties": {
        "Name": {
          "type": "string",
          "description": "The name of the rule."
        },
        "Priority": {
          "type": "integer",
          "description": "The processing priority of the rule."
        },
        "Action": {
          "type": "object",
          "description": "The action to perform when the rule matches."
        },
        "OverrideAction": {
          "type": "object",
          "description": "The override action to apply to rules in a rule group."
        },
        "VisibilityConfig": {
          "$ref": "#/$defs/VisibilityConfig"
        }
      }
    },
    "VisibilityConfig": {
      "type": "object",
      "description": "Visibility configuration for CloudWatch metrics and request sampling.",
      "required": [
        "SampledRequestsEnabled",
        "CloudWatchMetricsEnabled",
        "MetricName"
      ],
      "properties": {
        "SampledRequestsEnabled": {
          "type": "boolean"
        },
        "CloudWatchMetricsEnabled": {
          "type": "boolean"
        },
        "MetricName": {
          "type": "string"
        }
      }
    },
    "Tag": {
      "type": "object",
      "required": [
        "Key",
        "Value"
      ],
      "properties": {
        "Key": {
          "type": "string",
          "minLength": 1,
          "maxLength": 128
        },
        "Value": {
          "type": "string",
          "minLength": 0,
          "maxLength": 256
        }
      }
    }
  }
}