The AWS-provided definitions of the “Bot Control labels”

awswaf:managed:aws:bot-control:bot:   user_triggered        :verified

and

awswaf:managed:aws:bot-control:bot:   developer_platform    :verified

are hard to comprehend for me. The definitions are pasted below and can be found via the link above.

The questions are:

1. As per the definition, user_triggered is “similar to a verified bot” yet behaves like a human. My first thought was that this could be a developer testing a verified bot/scraper via a manually controlled browser. In this case, the developer would sit at the computer or inside of the corporate network, so outgoing requests might look like they originate from the bot that usually runs on that network. Is that the correct way of thinking about this label?

2. The name of awswaf:managed:aws:bot-control:bot: user_triggered :verified suggests that this is a verified bot. But it is neither a bot, nor is it verified. Can somebody explain why this traffic is treated as unverified?

3. Again, what makes awswaf:managed:aws:bot-control:bot: developer_platform :verified “similar to a verified bot,” but still not equal?

4. What is meant by “developer platforms […] Google Apps Script”? Is this a bot that a developer would write on a Google-hosted service (such as a Google Sheets script) and that is ran directly on Google’s infrastructure, thus looking like verified traffic (because it comes from Google), yet being potentially triggered by any Google Workspace or Gmail user? And the same may hold for any other platform that lets users run their scripts on fully serviced infrastructure?

Appendix: Definitions From AWS (Link)

awswaf:managed:aws:bot-control:bot: user_triggered :verified – Used to indicate a bot that is similar to a verified bot, but that might be directly invoked by end users. This category of bot is treated by the Bot Control rules like an unverified bot.

awswaf:managed:aws:bot-control:bot: developer_platform :verified – Used to indicate a bot that is similar to a verified bot, but that is used by developer platforms for scripting, for example Google Apps Script. This category of bot is treated by the Bot Control rules like an unverified bot.