AWS API Changes

2026/03/20 - Amazon OpenSearch Service - 4 updated api methods

Changes Added support for Amazon Managed Service for Prometheus (AMP) as a connected data source in OpenSearch UI. Now users can analyze Prometheus metrics in OpenSearch UI without data copy.

AddDirectQueryDataSource (updated)

Link ¶
Changes (request)

{'DataSourceType': {'Prometheus': {'RoleArn': 'string',
                                   'WorkspaceArn': 'string'}}}

Adds a new data source in Amazon OpenSearch Service so that you can perform direct queries on external data.

See also: AWS API Documentation

Request Syntax

client.add_direct_query_data_source(
    DataSourceName='string',
    DataSourceType={
        'CloudWatchLog': {
            'RoleArn': 'string'
        },
        'SecurityLake': {
            'RoleArn': 'string'
        },
        'Prometheus': {
            'RoleArn': 'string',
            'WorkspaceArn': 'string'
        }
    },
    Description='string',
    OpenSearchArns=[
        'string',
    ],
    DataSourceAccessPolicy='string',
    TagList=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ]
)

type DataSourceName:

string

param DataSourceName:

[REQUIRED]

A unique, user-defined label to identify the data source within your OpenSearch Service environment.

type DataSourceType:

dict

param DataSourceType:

[REQUIRED]

The supported Amazon Web Services service that you want to use as the source for direct queries in OpenSearch Service.

CloudWatchLog (dict) --

Specifies CloudWatch Logs as a type of data source for direct queries.
- RoleArn (string) -- [REQUIRED]
  
  The unique identifier of the IAM role that grants OpenSearch Service permission to access the specified data source.
SecurityLake (dict) --

Specifies Security Lake as a type of data source for direct queries.
- RoleArn (string) -- [REQUIRED]
  
  The unique identifier of the IAM role that grants OpenSearch Service permission to access the specified data source.
Prometheus (dict) --

Specifies Prometheus as a type of data source for direct queries.
- RoleArn (string) -- [REQUIRED]
  
  The unique identifier of the IAM role that grants OpenSearch Service permission to access the specified data source.
- WorkspaceArn (string) -- [REQUIRED]
  
  The unique identifier of the Amazon Managed Prometheus Workspace that is associated with the specified data source.

type Description:

string

param Description:

An optional text field for providing additional context and details about the data source.

type OpenSearchArns:

list

param OpenSearchArns:

An optional list of Amazon Resource Names (ARNs) for the OpenSearch collections that are associated with the direct query data source. This field is required for CloudWatchLogs and SecurityLake datasource types.

(string) --

The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities in Using Amazon Web Services Identity and Access Management for more information.

type DataSourceAccessPolicy:

string

param DataSourceAccessPolicy:

An optional IAM access policy document that defines the permissions for accessing the data source. The policy document must be in valid JSON format and follow IAM policy syntax.

type TagList:

list

param TagList:

A list of tags attached to a domain.

(dict) --

A tag (key-value pair) for an Amazon OpenSearch Service resource.
- Key (string) -- [REQUIRED]
  
  The tag key. Tag keys must be unique for the domain to which they are attached.
- Value (string) -- [REQUIRED]
  
  The value assigned to the corresponding tag key. Tag values can be null and don't have to be unique in a tag set. For example, you can have a key value pair in a tag set of project : Trinity and cost-center : Trinity

rtype:

dict

returns:

Response Syntax

{
    'DataSourceArn': 'string'
}

Response Structure

(dict) --
- DataSourceArn (string) --
  
  The unique, system-generated identifier that represents the data source.

GetDirectQueryDataSource (updated)

Link ¶
Changes (response)

{'DataSourceType': {'Prometheus': {'RoleArn': 'string',
                                   'WorkspaceArn': 'string'}}}

Returns detailed configuration information for a specific direct query data source in Amazon OpenSearch Service.

See also: AWS API Documentation

Request Syntax

client.get_direct_query_data_source(
    DataSourceName='string'
)

type DataSourceName:

string

param DataSourceName:

[REQUIRED]

A unique, user-defined label that identifies the data source within your OpenSearch Service environment.

rtype:

dict

returns:

Response Syntax

{
    'DataSourceName': 'string',
    'DataSourceType': {
        'CloudWatchLog': {
            'RoleArn': 'string'
        },
        'SecurityLake': {
            'RoleArn': 'string'
        },
        'Prometheus': {
            'RoleArn': 'string',
            'WorkspaceArn': 'string'
        }
    },
    'Description': 'string',
    'OpenSearchArns': [
        'string',
    ],
    'DataSourceAccessPolicy': 'string',
    'DataSourceArn': 'string'
}

Response Structure

(dict) --
- DataSourceName (string) --
  
  A unique, user-defined label to identify the data source within your OpenSearch Service environment.
- DataSourceType (dict) --
  
  The supported Amazon Web Services service that is used as the source for direct queries in OpenSearch Service.
  Note
  
  This is a Tagged Union structure. Only one of the following top level keys will be set: CloudWatchLog, SecurityLake, Prometheus. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
```
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
```
  - CloudWatchLog (dict) --
    
    Specifies CloudWatch Logs as a type of data source for direct queries.
    - RoleArn (string) --
      
      The unique identifier of the IAM role that grants OpenSearch Service permission to access the specified data source.
  - SecurityLake (dict) --
    
    Specifies Security Lake as a type of data source for direct queries.
    - RoleArn (string) --
      
      The unique identifier of the IAM role that grants OpenSearch Service permission to access the specified data source.
  - Prometheus (dict) --
    
    Specifies Prometheus as a type of data source for direct queries.
    - RoleArn (string) --
      
      The unique identifier of the IAM role that grants OpenSearch Service permission to access the specified data source.
    - WorkspaceArn (string) --
      
      The unique identifier of the Amazon Managed Prometheus Workspace that is associated with the specified data source.
- Description (string) --
  
  A description that provides additional context and details about the data source.
- OpenSearchArns (list) --
  
  A list of Amazon Resource Names (ARNs) for the OpenSearch collections that are associated with the direct query data source.
  - (string) --
    
    The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities in Using Amazon Web Services Identity and Access Management for more information.
- DataSourceAccessPolicy (string) --
  
  The IAM access policy document that defines the permissions for accessing the direct query data source. Returns the current policy configuration in JSON format, or null if no custom policy is configured.
- DataSourceArn (string) --
  
  The unique, system-generated identifier that represents the data source.

ListDirectQueryDataSources (updated)

Link ¶
Changes (response)

{'DirectQueryDataSources': {'DataSourceType': {'Prometheus': {'RoleArn': 'string',
                                                              'WorkspaceArn': 'string'}}}}

Lists an inventory of all the direct query data sources that you have configured within Amazon OpenSearch Service.

See also: AWS API Documentation

Request Syntax

client.list_direct_query_data_sources(
    NextToken='string'
)

type NextToken:

string

param NextToken:

When nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Send the request again using the returned token to retrieve the next page.

rtype:

dict

returns:

Response Syntax

{
    'NextToken': 'string',
    'DirectQueryDataSources': [
        {
            'DataSourceName': 'string',
            'DataSourceType': {
                'CloudWatchLog': {
                    'RoleArn': 'string'
                },
                'SecurityLake': {
                    'RoleArn': 'string'
                },
                'Prometheus': {
                    'RoleArn': 'string',
                    'WorkspaceArn': 'string'
                }
            },
            'Description': 'string',
            'OpenSearchArns': [
                'string',
            ],
            'DataSourceArn': 'string',
            'TagList': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ]
}

Response Structure

(dict) --
- NextToken (string) --
  
  When nextToken is returned, there are more results available. The value of nextToken is a unique pagination token for each page. Send the request again using the returned token to retrieve the next page.
- DirectQueryDataSources (list) --
  
  A list of the direct query data sources that are returned by the ListDirectQueryDataSources API operation.
  - (dict) --
    
    The configuration details for a data source that can be directly queried.
    - DataSourceName (string) --
      
      A unique, user-defined label to identify the data source within your OpenSearch Service environment.
    - DataSourceType (dict) --
      
      The supported Amazon Web Services service that is used as the source for direct queries in OpenSearch Service.
      Note
      
      This is a Tagged Union structure. Only one of the following top level keys will be set: CloudWatchLog, SecurityLake, Prometheus. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
      
      'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
      - CloudWatchLog (dict) --
        
        Specifies CloudWatch Logs as a type of data source for direct queries.
        
        RoleArn (string) --
        
        The unique identifier of the IAM role that grants OpenSearch Service permission to access the specified data source.
      - SecurityLake (dict) --
        
        Specifies Security Lake as a type of data source for direct queries.
        
        RoleArn (string) --
        
        The unique identifier of the IAM role that grants OpenSearch Service permission to access the specified data source.
      - Prometheus (dict) --
        
        Specifies Prometheus as a type of data source for direct queries.
        
        RoleArn (string) --
        
        The unique identifier of the IAM role that grants OpenSearch Service permission to access the specified data source.
        
        WorkspaceArn (string) --
        
        The unique identifier of the Amazon Managed Prometheus Workspace that is associated with the specified data source.
    - Description (string) --
      
      A description that provides additional context and details about the data source.
    - OpenSearchArns (list) --
      
      A list of Amazon Resource Names (ARNs) for the OpenSearch collections that are associated with the direct query data source.
      - (string) --
        
        The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities in Using Amazon Web Services Identity and Access Management for more information.
    - DataSourceArn (string) --
      
      The unique, system-generated identifier that represents the data source.
    - TagList (list) --
      
      A list of tags attached to a direct query data source.
      - (dict) --
        
        A tag (key-value pair) for an Amazon OpenSearch Service resource.
        
        Key (string) --
        
        The tag key. Tag keys must be unique for the domain to which they are attached.
        
        Value (string) --
        
        The value assigned to the corresponding tag key. Tag values can be null and don't have to be unique in a tag set. For example, you can have a key value pair in a tag set of project : Trinity and cost-center : Trinity

UpdateDirectQueryDataSource (updated)

Link ¶
Changes (request)

{'DataSourceType': {'Prometheus': {'RoleArn': 'string',
                                   'WorkspaceArn': 'string'}}}

Updates the configuration or properties of an existing direct query data source in Amazon OpenSearch Service.

See also: AWS API Documentation

Request Syntax

client.update_direct_query_data_source(
    DataSourceName='string',
    DataSourceType={
        'CloudWatchLog': {
            'RoleArn': 'string'
        },
        'SecurityLake': {
            'RoleArn': 'string'
        },
        'Prometheus': {
            'RoleArn': 'string',
            'WorkspaceArn': 'string'
        }
    },
    Description='string',
    OpenSearchArns=[
        'string',
    ],
    DataSourceAccessPolicy='string'
)

type DataSourceName:

string

param DataSourceName:

[REQUIRED]

A unique, user-defined label to identify the data source within your OpenSearch Service environment.

type DataSourceType:

dict

param DataSourceType:

[REQUIRED]

The supported Amazon Web Services service that you want to use as the source for direct queries in OpenSearch Service.

CloudWatchLog (dict) --

Specifies CloudWatch Logs as a type of data source for direct queries.
- RoleArn (string) -- [REQUIRED]
  
  The unique identifier of the IAM role that grants OpenSearch Service permission to access the specified data source.
SecurityLake (dict) --

Specifies Security Lake as a type of data source for direct queries.
- RoleArn (string) -- [REQUIRED]
  
  The unique identifier of the IAM role that grants OpenSearch Service permission to access the specified data source.
Prometheus (dict) --

Specifies Prometheus as a type of data source for direct queries.
- RoleArn (string) -- [REQUIRED]
  
  The unique identifier of the IAM role that grants OpenSearch Service permission to access the specified data source.
- WorkspaceArn (string) -- [REQUIRED]
  
  The unique identifier of the Amazon Managed Prometheus Workspace that is associated with the specified data source.

type Description:

string

param Description:

An optional text field for providing additional context and details about the data source.

type OpenSearchArns:

list

param OpenSearchArns:

(string) --

The Amazon Resource Name (ARN) of the domain. See Identifiers for IAM Entities in Using Amazon Web Services Identity and Access Management for more information.

type DataSourceAccessPolicy:

string

param DataSourceAccessPolicy:

An optional IAM access policy document that defines the updated permissions for accessing the direct query data source. The policy document must be in valid JSON format and follow IAM policy syntax. If not specified, the existing access policy if present remains unchanged.

rtype:

dict

returns:

Response Syntax

{
    'DataSourceArn': 'string'
}

Response Structure

(dict) --
- DataSourceArn (string) --
  
  The unique, system-generated identifier that represents the data source.