2019/11/25 - AWS IoT - 15 new 9 updated api methods
Changes This release adds: 1) APIs for fleet provisioning claim and template, 2) endpoint configuration and custom domains, 3) support for enhanced custom authentication, d) support for 4 additional audit checks: Device and CA certificate key quality checks, IoT role alias over-permissive check and IoT role alias access to unused services check, 5) extended capability of AWS IoT Rules Engine to support IoT SiteWise rule action. The IoT SiteWise rule action lets you send messages from IoT sensors and applications to IoT SiteWise asset properties
Updates values stored in the domain configuration. Domain configurations for default endpoints can't be updated.
Note
The domain configuration feature is in public preview and is subject to change.
See also: AWS API Documentation
Request Syntax
client.update_domain_configuration(
domainConfigurationName='string',
authorizerConfig={
'defaultAuthorizerName': 'string',
'allowAuthorizerOverride': True|False
},
domainConfigurationStatus='ENABLED'|'DISABLED',
removeAuthorizerConfig=True|False
)
string
[REQUIRED]
The name of the domain configuration to be updated.
dict
An object that specifies the authorization service for a domain.
defaultAuthorizerName (string) --
The name of the authorization service for a domain configuration.
allowAuthorizerOverride (boolean) --
A Boolean that specifies whether the domain configuration's authorization service can be overridden.
string
The status to which the domain configuration should be updated.
boolean
Removes the authorization configuration from a domain.
dict
Response Syntax
{
'domainConfigurationName': 'string',
'domainConfigurationArn': 'string'
}
Response Structure
(dict) --
domainConfigurationName (string) --
The name of the domain configuration that was updated.
domainConfigurationArn (string) --
The ARN of the domain configuration that was updated.
Gets a list of domain configurations for the user. This list is sorted alphabetically by domain configuration name.
Note
The domain configuration feature is in public preview and is subject to change.
See also: AWS API Documentation
Request Syntax
client.list_domain_configurations(
marker='string',
pageSize=123,
serviceType='DATA'|'CREDENTIAL_PROVIDER'|'JOBS'
)
string
The marker for the next set of results.
integer
The result page size.
string
The type of service delivered by the endpoint.
dict
Response Syntax
{
'domainConfigurations': [
{
'domainConfigurationName': 'string',
'domainConfigurationArn': 'string',
'serviceType': 'DATA'|'CREDENTIAL_PROVIDER'|'JOBS'
},
],
'nextMarker': 'string'
}
Response Structure
(dict) --
domainConfigurations (list) --
A list of objects that contain summary information about the user's domain configurations.
(dict) --
The summary of a domain configuration. A domain configuration specifies custom IoT-specific information about a domain. A domain configuration can be associated with an AWS-managed domain (for example, dbc123defghijk.iot.us-west-2.amazonaws.com), a customer managed domain, or a default endpoint.
Data
Jobs
CredentialProvider
Note
The domain configuration feature is in public preview and is subject to change.
domainConfigurationName (string) --
The name of the domain configuration. This value must be unique to a region.
domainConfigurationArn (string) --
The ARN of the domain configuration.
serviceType (string) --
The type of service delivered by the endpoint.
nextMarker (string) --
The marker for the next set of results.
A list of fleet provisioning template versions.
See also: AWS API Documentation
Request Syntax
client.list_provisioning_template_versions(
templateName='string',
maxResults=123,
nextToken='string'
)
string
[REQUIRED]
The name of the fleet provisioning template.
integer
The maximum number of results to return at one time.
string
A token to retrieve the next set of results.
dict
Response Syntax
{
'versions': [
{
'versionId': 123,
'creationDate': datetime(2015, 1, 1),
'isDefaultVersion': True|False
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
versions (list) --
The list of fleet provisioning template versions.
(dict) --
A summary of information about a fleet provision template version.
versionId (integer) --
The ID of the fleet privisioning template version.
creationDate (datetime) --
The date when the fleet provisioning template version was created
isDefaultVersion (boolean) --
True if the fleet provisioning template version is the default version, otherwise false.
nextToken (string) --
A token to retrieve the next set of results.
Returns information about a fleet provisioning template version.
See also: AWS API Documentation
Request Syntax
client.describe_provisioning_template_version(
templateName='string',
versionId=123
)
string
[REQUIRED]
The template name.
integer
[REQUIRED]
The fleet provisioning template version ID.
dict
Response Syntax
{
'versionId': 123,
'creationDate': datetime(2015, 1, 1),
'templateBody': 'string',
'isDefaultVersion': True|False
}
Response Structure
(dict) --
versionId (integer) --
The fleet provisioning template version ID.
creationDate (datetime) --
The date when the fleet provisioning template version was created.
templateBody (string) --
The JSON formatted contents of the fleet provisioning template version.
isDefaultVersion (boolean) --
True if the fleet provisioning template version is the default version.
Creates a provisioning claim.
See also: AWS API Documentation
Request Syntax
client.create_provisioning_claim(
templateName='string'
)
string
[REQUIRED]
The name of the provisioning template to use.
dict
Response Syntax
{
'certificateId': 'string',
'certificatePem': 'string',
'keyPair': {
'PublicKey': 'string',
'PrivateKey': 'string'
},
'expiration': datetime(2015, 1, 1)
}
Response Structure
(dict) --
certificateId (string) --
The ID of the certificate.
certificatePem (string) --
The provisioning claim certificate.
keyPair (dict) --
The provisioning claim key pair.
PublicKey (string) --
The public key.
PrivateKey (string) --
The private key.
expiration (datetime) --
The provisioning claim expiration time.
Deletes a fleet provisioning template version.
See also: AWS API Documentation
Request Syntax
client.delete_provisioning_template_version(
templateName='string',
versionId=123
)
string
[REQUIRED]
The name of the fleet provisioning template version to delete.
integer
[REQUIRED]
The fleet provisioning template version ID to delete.
dict
Response Syntax
{}
Response Structure
(dict) --
Returns information about a fleet provisioning template.
See also: AWS API Documentation
Request Syntax
client.describe_provisioning_template(
templateName='string'
)
string
[REQUIRED]
The name of the fleet provisioning template.
dict
Response Syntax
{
'templateArn': 'string',
'templateName': 'string',
'description': 'string',
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1),
'defaultVersionId': 123,
'templateBody': 'string',
'enabled': True|False,
'provisioningRoleArn': 'string'
}
Response Structure
(dict) --
templateArn (string) --
The ARN of the fleet provisioning template.
templateName (string) --
The name of the fleet provisioning template.
description (string) --
The description of the fleet provisioning template.
creationDate (datetime) --
The date when the fleet provisioning template was created.
lastModifiedDate (datetime) --
The date when the fleet provisioning template was last modified.
defaultVersionId (integer) --
The default fleet template version ID.
templateBody (string) --
The JSON formatted contents of the fleet provisioning template.
enabled (boolean) --
True if the fleet provisioning template is enabled, otherwise false.
provisioningRoleArn (string) --
The ARN of the role associated with the provisioning template. This IoT role grants permission to provision a device.
Creates a fleet provisioning template.
See also: AWS API Documentation
Request Syntax
client.create_provisioning_template(
templateName='string',
description='string',
templateBody='string',
enabled=True|False,
provisioningRoleArn='string',
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
string
[REQUIRED]
The name of the fleet provisioning template.
string
The description of the fleet provisioning template.
string
[REQUIRED]
The JSON formatted contents of the fleet provisioning template.
boolean
True to enable the fleet provisioning template, otherwise false.
string
[REQUIRED]
The role ARN for the role associated with the fleet provisioning template. This IoT role grants permission to provision a device.
list
Metadata which can be used to manage the fleet provisioning template.
Note
For URI Request parameters use format: ...key1=value1&key2=value2...
For the CLI command-line parameter use format: &&tags "key1=value1&key2=value2..."
For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."
(dict) --
A set of key/value pairs that are used to manage the resource.
Key (string) --
The tag's key.
Value (string) --
The tag's value.
dict
Response Syntax
{
'templateArn': 'string',
'templateName': 'string',
'defaultVersionId': 123
}
Response Structure
(dict) --
templateArn (string) --
The ARN that identifies the provisioning template.
templateName (string) --
The name of the fleet provisioning template.
defaultVersionId (integer) --
The default version of the fleet provisioning template.
Creates a new version of a fleet provisioning template.
See also: AWS API Documentation
Request Syntax
client.create_provisioning_template_version(
templateName='string',
templateBody='string',
setAsDefault=True|False
)
string
[REQUIRED]
The name of the fleet provisioning template.
string
[REQUIRED]
The JSON formatted contents of the fleet provisioning template.
boolean
Sets a fleet provision template version as the default version.
dict
Response Syntax
{
'templateArn': 'string',
'templateName': 'string',
'versionId': 123,
'isDefaultVersion': True|False
}
Response Structure
(dict) --
templateArn (string) --
The ARN that identifies the provisioning template.
templateName (string) --
The name of the fleet provisioning template.
versionId (integer) --
The version of the fleet provisioning template.
isDefaultVersion (boolean) --
True if the fleet provisioning template version is the default version, otherwise false.
Gets summary information about a domain configuration.
Note
The domain configuration feature is in public preview and is subject to change.
See also: AWS API Documentation
Request Syntax
client.describe_domain_configuration(
domainConfigurationName='string'
)
string
[REQUIRED]
The name of the domain configuration.
dict
Response Syntax
{
'domainConfigurationName': 'string',
'domainConfigurationArn': 'string',
'domainName': 'string',
'serverCertificates': [
{
'serverCertificateArn': 'string',
'serverCertificateStatus': 'INVALID'|'VALID',
'serverCertificateStatusDetail': 'string'
},
],
'authorizerConfig': {
'defaultAuthorizerName': 'string',
'allowAuthorizerOverride': True|False
},
'domainConfigurationStatus': 'ENABLED'|'DISABLED',
'serviceType': 'DATA'|'CREDENTIAL_PROVIDER'|'JOBS',
'domainType': 'ENDPOINT'|'AWS_MANAGED'|'CUSTOMER_MANAGED'
}
Response Structure
(dict) --
domainConfigurationName (string) --
The name of the domain configuration.
domainConfigurationArn (string) --
The ARN of the domain configuration.
domainName (string) --
The name of the domain.
serverCertificates (list) --
A list containing summary information about the server certificate included in the domain configuration.
(dict) --
An object that contains information about a server certificate.
serverCertificateArn (string) --
The ARN of the server certificate.
serverCertificateStatus (string) --
The status of the server certificate.
serverCertificateStatusDetail (string) --
Details that explain the status of the server certificate.
authorizerConfig (dict) --
An object that specifies the authorization service for a domain.
defaultAuthorizerName (string) --
The name of the authorization service for a domain configuration.
allowAuthorizerOverride (boolean) --
A Boolean that specifies whether the domain configuration's authorization service can be overridden.
domainConfigurationStatus (string) --
A Boolean value that specifies the current state of the domain configuration.
serviceType (string) --
The type of service delivered by the endpoint.
domainType (string) --
The type of the domain.
Creates a domain configuration.
Note
The domain configuration feature is in public preview and is subject to change.
See also: AWS API Documentation
Request Syntax
client.create_domain_configuration(
domainConfigurationName='string',
domainName='string',
serverCertificateArns=[
'string',
],
validationCertificateArn='string',
authorizerConfig={
'defaultAuthorizerName': 'string',
'allowAuthorizerOverride': True|False
},
serviceType='DATA'|'CREDENTIAL_PROVIDER'|'JOBS'
)
string
[REQUIRED]
The name of the domain configuration. This value must be unique to a region.
string
The name of the domain.
list
The ARNs of the certificates that AWS IoT passes to the device during the TLS handshake. Currently you can specify only one certificate ARN. This value is not required for AWS-managed domains.
(string) --
string
The certificate used to validate the server certificate and prove domain name ownership. This certificate must be signed by a public certificate authority. This value is not required for AWS-managed domains.
dict
An object that specifies the authorization service for a domain.
defaultAuthorizerName (string) --
The name of the authorization service for a domain configuration.
allowAuthorizerOverride (boolean) --
A Boolean that specifies whether the domain configuration's authorization service can be overridden.
string
The type of service delivered by the endpoint.
dict
Response Syntax
{
'domainConfigurationName': 'string',
'domainConfigurationArn': 'string'
}
Response Structure
(dict) --
domainConfigurationName (string) --
The name of the domain configuration.
domainConfigurationArn (string) --
The ARN of the domain configuration.
Updates a fleet provisioning template.
See also: AWS API Documentation
Request Syntax
client.update_provisioning_template(
templateName='string',
description='string',
enabled=True|False,
defaultVersionId=123,
provisioningRoleArn='string'
)
string
[REQUIRED]
The name of the fleet provisioning template.
string
The description of the fleet provisioning template.
boolean
True to enable the fleet provisioning template, otherwise false.
integer
The ID of the default provisioning template version.
string
The ARN of the role associated with the provisioning template. This IoT role grants permission to provision a device.
dict
Response Syntax
{}
Response Structure
(dict) --
Deletes a fleet provisioning template.
See also: AWS API Documentation
Request Syntax
client.delete_provisioning_template(
templateName='string'
)
string
[REQUIRED]
The name of the fleet provision template to delete.
dict
Response Syntax
{}
Response Structure
(dict) --
Deletes the specified domain configuration.
Note
The domain configuration feature is in public preview and is subject to change.
See also: AWS API Documentation
Request Syntax
client.delete_domain_configuration(
domainConfigurationName='string'
)
string
[REQUIRED]
The name of the domain configuration to be deleted.
dict
Response Syntax
{}
Response Structure
(dict) --
Lists the fleet provisioning templates in your AWS account.
See also: AWS API Documentation
Request Syntax
client.list_provisioning_templates(
maxResults=123,
nextToken='string'
)
integer
The maximum number of results to return at one time.
string
A token to retrieve the next set of results.
dict
Response Syntax
{
'templates': [
{
'templateArn': 'string',
'templateName': 'string',
'description': 'string',
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1),
'enabled': True|False
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
templates (list) --
A list of fleet provisioning templates
(dict) --
A summary of information about a fleet provisioning template.
templateArn (string) --
The ARN of the fleet provisioning template.
templateName (string) --
The name of the fleet provisioning template.
description (string) --
The description of the fleet provisioning template.
creationDate (datetime) --
The date when the fleet provisioning template summary was created.
lastModifiedDate (datetime) --
The date when the fleet provisioning template summary was last modified.
enabled (boolean) --
True if the fleet provision template is enabled, otherwise false.
nextToken (string) --
A token to retrieve the next set of results.
{'signingDisabled': 'boolean'}
Creates an authorizer.
See also: AWS API Documentation
Request Syntax
client.create_authorizer(
authorizerName='string',
authorizerFunctionArn='string',
tokenKeyName='string',
tokenSigningPublicKeys={
'string': 'string'
},
status='ACTIVE'|'INACTIVE',
signingDisabled=True|False
)
string
[REQUIRED]
The authorizer name.
string
[REQUIRED]
The ARN of the authorizer's Lambda function.
string
The name of the token key used to extract the token from the HTTP headers.
dict
The public keys used to verify the digital signature returned by your custom authentication service.
(string) --
(string) --
string
The status of the create authorizer request.
boolean
Specifies whether AWS IoT validates the token signature in an authorization request.
dict
Response Syntax
{
'authorizerName': 'string',
'authorizerArn': 'string'
}
Response Structure
(dict) --
authorizerName (string) --
The authorizer's name.
authorizerArn (string) --
The authorizer ARN.
{'topicRulePayload': {'actions': {'iotSiteWise': {'putAssetPropertyValueEntries': [{'assetId': 'string',
'entryId': 'string',
'propertyAlias': 'string',
'propertyId': 'string',
'propertyValues': [{'quality': 'string',
'timestamp': {'offsetInNanos': 'string',
'timeInSeconds': 'string'},
'value': {'booleanValue': 'string',
'doubleValue': 'string',
'integerValue': 'string',
'stringValue': 'string'}}]}],
'roleArn': 'string'}},
'errorAction': {'iotSiteWise': {'putAssetPropertyValueEntries': [{'assetId': 'string',
'entryId': 'string',
'propertyAlias': 'string',
'propertyId': 'string',
'propertyValues': [{'quality': 'string',
'timestamp': {'offsetInNanos': 'string',
'timeInSeconds': 'string'},
'value': {'booleanValue': 'string',
'doubleValue': 'string',
'integerValue': 'string',
'stringValue': 'string'}}]}],
'roleArn': 'string'}}}}
Creates a rule. Creating rules is an administrator-level action. Any user who has permission to create rules will be able to access data processed by the rule.
See also: AWS API Documentation
Request Syntax
client.create_topic_rule(
ruleName='string',
topicRulePayload={
'sql': 'string',
'description': 'string',
'actions': [
{
'dynamoDB': {
'tableName': 'string',
'roleArn': 'string',
'operation': 'string',
'hashKeyField': 'string',
'hashKeyValue': 'string',
'hashKeyType': 'STRING'|'NUMBER',
'rangeKeyField': 'string',
'rangeKeyValue': 'string',
'rangeKeyType': 'STRING'|'NUMBER',
'payloadField': 'string'
},
'dynamoDBv2': {
'roleArn': 'string',
'putItem': {
'tableName': 'string'
}
},
'lambda': {
'functionArn': 'string'
},
'sns': {
'targetArn': 'string',
'roleArn': 'string',
'messageFormat': 'RAW'|'JSON'
},
'sqs': {
'roleArn': 'string',
'queueUrl': 'string',
'useBase64': True|False
},
'kinesis': {
'roleArn': 'string',
'streamName': 'string',
'partitionKey': 'string'
},
'republish': {
'roleArn': 'string',
'topic': 'string',
'qos': 123
},
's3': {
'roleArn': 'string',
'bucketName': 'string',
'key': 'string',
'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
},
'firehose': {
'roleArn': 'string',
'deliveryStreamName': 'string',
'separator': 'string'
},
'cloudwatchMetric': {
'roleArn': 'string',
'metricNamespace': 'string',
'metricName': 'string',
'metricValue': 'string',
'metricUnit': 'string',
'metricTimestamp': 'string'
},
'cloudwatchAlarm': {
'roleArn': 'string',
'alarmName': 'string',
'stateReason': 'string',
'stateValue': 'string'
},
'elasticsearch': {
'roleArn': 'string',
'endpoint': 'string',
'index': 'string',
'type': 'string',
'id': 'string'
},
'salesforce': {
'token': 'string',
'url': 'string'
},
'iotAnalytics': {
'channelArn': 'string',
'channelName': 'string',
'roleArn': 'string'
},
'iotEvents': {
'inputName': 'string',
'messageId': 'string',
'roleArn': 'string'
},
'iotSiteWise': {
'putAssetPropertyValueEntries': [
{
'entryId': 'string',
'assetId': 'string',
'propertyId': 'string',
'propertyAlias': 'string',
'propertyValues': [
{
'value': {
'stringValue': 'string',
'integerValue': 'string',
'doubleValue': 'string',
'booleanValue': 'string'
},
'timestamp': {
'timeInSeconds': 'string',
'offsetInNanos': 'string'
},
'quality': 'string'
},
]
},
],
'roleArn': 'string'
},
'stepFunctions': {
'executionNamePrefix': 'string',
'stateMachineName': 'string',
'roleArn': 'string'
},
'http': {
'url': 'string',
'confirmationUrl': 'string',
'headers': [
{
'key': 'string',
'value': 'string'
},
],
'auth': {
'sigv4': {
'signingRegion': 'string',
'serviceName': 'string',
'roleArn': 'string'
}
}
}
},
],
'ruleDisabled': True|False,
'awsIotSqlVersion': 'string',
'errorAction': {
'dynamoDB': {
'tableName': 'string',
'roleArn': 'string',
'operation': 'string',
'hashKeyField': 'string',
'hashKeyValue': 'string',
'hashKeyType': 'STRING'|'NUMBER',
'rangeKeyField': 'string',
'rangeKeyValue': 'string',
'rangeKeyType': 'STRING'|'NUMBER',
'payloadField': 'string'
},
'dynamoDBv2': {
'roleArn': 'string',
'putItem': {
'tableName': 'string'
}
},
'lambda': {
'functionArn': 'string'
},
'sns': {
'targetArn': 'string',
'roleArn': 'string',
'messageFormat': 'RAW'|'JSON'
},
'sqs': {
'roleArn': 'string',
'queueUrl': 'string',
'useBase64': True|False
},
'kinesis': {
'roleArn': 'string',
'streamName': 'string',
'partitionKey': 'string'
},
'republish': {
'roleArn': 'string',
'topic': 'string',
'qos': 123
},
's3': {
'roleArn': 'string',
'bucketName': 'string',
'key': 'string',
'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
},
'firehose': {
'roleArn': 'string',
'deliveryStreamName': 'string',
'separator': 'string'
},
'cloudwatchMetric': {
'roleArn': 'string',
'metricNamespace': 'string',
'metricName': 'string',
'metricValue': 'string',
'metricUnit': 'string',
'metricTimestamp': 'string'
},
'cloudwatchAlarm': {
'roleArn': 'string',
'alarmName': 'string',
'stateReason': 'string',
'stateValue': 'string'
},
'elasticsearch': {
'roleArn': 'string',
'endpoint': 'string',
'index': 'string',
'type': 'string',
'id': 'string'
},
'salesforce': {
'token': 'string',
'url': 'string'
},
'iotAnalytics': {
'channelArn': 'string',
'channelName': 'string',
'roleArn': 'string'
},
'iotEvents': {
'inputName': 'string',
'messageId': 'string',
'roleArn': 'string'
},
'iotSiteWise': {
'putAssetPropertyValueEntries': [
{
'entryId': 'string',
'assetId': 'string',
'propertyId': 'string',
'propertyAlias': 'string',
'propertyValues': [
{
'value': {
'stringValue': 'string',
'integerValue': 'string',
'doubleValue': 'string',
'booleanValue': 'string'
},
'timestamp': {
'timeInSeconds': 'string',
'offsetInNanos': 'string'
},
'quality': 'string'
},
]
},
],
'roleArn': 'string'
},
'stepFunctions': {
'executionNamePrefix': 'string',
'stateMachineName': 'string',
'roleArn': 'string'
},
'http': {
'url': 'string',
'confirmationUrl': 'string',
'headers': [
{
'key': 'string',
'value': 'string'
},
],
'auth': {
'sigv4': {
'signingRegion': 'string',
'serviceName': 'string',
'roleArn': 'string'
}
}
}
}
},
tags='string'
)
string
[REQUIRED]
The name of the rule.
dict
[REQUIRED]
The rule payload.
sql (string) -- [REQUIRED]
The SQL statement used to query the topic. For more information, see AWS IoT SQL Reference in the AWS IoT Developer Guide .
description (string) --
The description of the rule.
actions (list) -- [REQUIRED]
The actions associated with the rule.
(dict) --
Describes the actions associated with a rule.
dynamoDB (dict) --
Write to a DynamoDB table.
tableName (string) -- [REQUIRED]
The name of the DynamoDB table.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the DynamoDB table.
operation (string) --
The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .
hashKeyField (string) -- [REQUIRED]
The hash key name.
hashKeyValue (string) -- [REQUIRED]
The hash key value.
hashKeyType (string) --
The hash key type. Valid values are "STRING" or "NUMBER"
rangeKeyField (string) --
The range key name.
rangeKeyValue (string) --
The range key value.
rangeKeyType (string) --
The range key type. Valid values are "STRING" or "NUMBER"
payloadField (string) --
The action payload. This name can be customized.
dynamoDBv2 (dict) --
Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the DynamoDB table.
putItem (dict) -- [REQUIRED]
Specifies the DynamoDB table to which the message data will be written. For example:
{ "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }
Each attribute in the message payload will be written to a separate column in the DynamoDB database.
tableName (string) -- [REQUIRED]
The table where the message data will be written.
lambda (dict) --
Invoke a Lambda function.
functionArn (string) -- [REQUIRED]
The ARN of the Lambda function.
sns (dict) --
Publish to an Amazon SNS topic.
targetArn (string) -- [REQUIRED]
The ARN of the SNS topic.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
messageFormat (string) --
(Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see https://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.
sqs (dict) --
Publish to an Amazon SQS queue.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
queueUrl (string) -- [REQUIRED]
The URL of the Amazon SQS queue.
useBase64 (boolean) --
Specifies whether to use Base64 encoding.
kinesis (dict) --
Write data to an Amazon Kinesis stream.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the Amazon Kinesis stream.
streamName (string) -- [REQUIRED]
The name of the Amazon Kinesis stream.
partitionKey (string) --
The partition key.
republish (dict) --
Publish to another MQTT topic.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
topic (string) -- [REQUIRED]
The name of the MQTT topic.
qos (integer) --
The Quality of Service (QoS) level to use when republishing messages. The default value is 0.
s3 (dict) --
Write to an Amazon S3 bucket.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
bucketName (string) -- [REQUIRED]
The Amazon S3 bucket.
key (string) -- [REQUIRED]
The object key.
cannedAcl (string) --
The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs.
firehose (dict) --
Write to an Amazon Kinesis Firehose stream.
roleArn (string) -- [REQUIRED]
The IAM role that grants access to the Amazon Kinesis Firehose stream.
deliveryStreamName (string) -- [REQUIRED]
The delivery stream name.
separator (string) --
A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).
cloudwatchMetric (dict) --
Capture a CloudWatch metric.
roleArn (string) -- [REQUIRED]
The IAM role that allows access to the CloudWatch metric.
metricNamespace (string) -- [REQUIRED]
The CloudWatch metric namespace name.
metricName (string) -- [REQUIRED]
The CloudWatch metric name.
metricValue (string) -- [REQUIRED]
The CloudWatch metric value.
metricUnit (string) -- [REQUIRED]
The metric unit supported by CloudWatch.
metricTimestamp (string) --
An optional Unix timestamp.
cloudwatchAlarm (dict) --
Change the state of a CloudWatch alarm.
roleArn (string) -- [REQUIRED]
The IAM role that allows access to the CloudWatch alarm.
alarmName (string) -- [REQUIRED]
The CloudWatch alarm name.
stateReason (string) -- [REQUIRED]
The reason for the alarm change.
stateValue (string) -- [REQUIRED]
The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.
elasticsearch (dict) --
Write data to an Amazon Elasticsearch Service domain.
roleArn (string) -- [REQUIRED]
The IAM role ARN that has access to Elasticsearch.
endpoint (string) -- [REQUIRED]
The endpoint of your Elasticsearch domain.
index (string) -- [REQUIRED]
The Elasticsearch index where you want to store your data.
type (string) -- [REQUIRED]
The type of document you are storing.
id (string) -- [REQUIRED]
The unique identifier for the document you are storing.
salesforce (dict) --
Send a message to a Salesforce IoT Cloud Input Stream.
token (string) -- [REQUIRED]
The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
url (string) -- [REQUIRED]
The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
iotAnalytics (dict) --
Sends message data to an AWS IoT Analytics channel.
channelArn (string) --
(deprecated) The ARN of the IoT Analytics channel to which message data will be sent.
channelName (string) --
The name of the IoT Analytics channel to which message data will be sent.
roleArn (string) --
The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).
iotEvents (dict) --
Sends an input to an AWS IoT Events detector.
inputName (string) -- [REQUIRED]
The name of the AWS IoT Events input.
messageId (string) --
[Optional] Use this to ensure that only one input (message) with a given messageId will be processed by an AWS IoT Events detector.
roleArn (string) -- [REQUIRED]
The ARN of the role that grants AWS IoT permission to send an input to an AWS IoT Events detector. ("Action":"iotevents:BatchPutMessage").
iotSiteWise (dict) --
Sends data from the MQTT message that triggered the rule to AWS IoT SiteWise asset properties.
putAssetPropertyValueEntries (list) -- [REQUIRED]
A list of asset property value entries.
(dict) --
An asset property value entry containing the following information.
entryId (string) --
Optional. A unique identifier for this entry that you can define to better track which message caused an error in case of failure. Accepts substitution templates. Defaults to a new UUID.
assetId (string) --
The ID of the AWS IoT SiteWise asset. You must specify either a propertyAlias or both an analiasId and a propertyId . Accepts substitution templates.
propertyId (string) --
The ID of the asset's property. You must specify either a propertyAlias or both an analiasId and a propertyId . Accepts substitution templates.
propertyAlias (string) --
The name of the property alias associated with your asset property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyValues (list) -- [REQUIRED]
A list of property values to insert that each contain timestamp, quality, and value (TQV) information.
(dict) --
An asset property value entry containing the following information.
value (dict) -- [REQUIRED]
The value of the asset property.
stringValue (string) --
Optional. The string value of the value entry. Accepts substitution templates.
integerValue (string) --
Optional. A string that contains the integer value of the value entry. Accepts substitution templates.
doubleValue (string) --
Optional. A string that contains the double value of the value entry. Accepts substitution templates.
booleanValue (string) --
Optional. A string that contains the boolean value ( true or false ) of the value entry. Accepts substitution templates.
timestamp (dict) -- [REQUIRED]
The asset property value timestamp.
timeInSeconds (string) -- [REQUIRED]
A string that contains the time in seconds since epoch. Accepts substitution templates.
offsetInNanos (string) --
Optional. A string that contains the nanosecond time offset. Accepts substitution templates.
quality (string) --
Optional. A string that describes the quality of the value. Accepts substitution templates. Must be GOOD , BAD , or UNCERTAIN .
roleArn (string) -- [REQUIRED]
The ARN of the role that grants AWS IoT permission to send an asset property value to AWS IoTSiteWise. ( "Action": "iotsitewise:BatchPutAssetPropertyValue" ). The trust policy can restrict access to specific asset hierarchy paths.
stepFunctions (dict) --
Starts execution of a Step Functions state machine.
executionNamePrefix (string) --
(Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.
stateMachineName (string) -- [REQUIRED]
The name of the Step Functions state machine whose execution will be started.
roleArn (string) -- [REQUIRED]
The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").
http (dict) --
Send data to an HTTPS endpoint.
url (string) -- [REQUIRED]
The endpoint URL. If substitution templates are used in the URL, you must also specify a confirmationUrl . If this is a new destination, a new TopicRuleDestination is created if possible.
confirmationUrl (string) --
The URL to which AWS IoT sends a confirmation message. The value of the confirmation URL must be a prefix of the endpoint URL. If you do not specify a confirmation URL AWS IoT uses the endpoint URL as the confirmation URL. If you use substitution templates in the confirmationUrl, you must create and enable topic rule destinations that match each possible value of the substituion template before traffic is allowed to your endpoint URL.
headers (list) --
The HTTP headers to send with the message data.
(dict) --
The HTTP action header.
key (string) -- [REQUIRED]
The HTTP header key.
value (string) -- [REQUIRED]
The HTTP header value. Substitution templates are supported.
auth (dict) --
The authentication method to use when sending data to an HTTPS endpoint.
sigv4 (dict) --
Use Sig V4 authorization. For more information, see Signature Version 4 Signing Process.
signingRegion (string) -- [REQUIRED]
The signing region.
serviceName (string) -- [REQUIRED]
The service name to use while signing with Sig V4.
roleArn (string) -- [REQUIRED]
The ARN of the signing role.
ruleDisabled (boolean) --
Specifies whether the rule is disabled.
awsIotSqlVersion (string) --
The version of the SQL rules engine to use when evaluating the rule.
errorAction (dict) --
The action to take when an error occurs.
dynamoDB (dict) --
Write to a DynamoDB table.
tableName (string) -- [REQUIRED]
The name of the DynamoDB table.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the DynamoDB table.
operation (string) --
The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .
hashKeyField (string) -- [REQUIRED]
The hash key name.
hashKeyValue (string) -- [REQUIRED]
The hash key value.
hashKeyType (string) --
The hash key type. Valid values are "STRING" or "NUMBER"
rangeKeyField (string) --
The range key name.
rangeKeyValue (string) --
The range key value.
rangeKeyType (string) --
The range key type. Valid values are "STRING" or "NUMBER"
payloadField (string) --
The action payload. This name can be customized.
dynamoDBv2 (dict) --
Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the DynamoDB table.
putItem (dict) -- [REQUIRED]
Specifies the DynamoDB table to which the message data will be written. For example:
{ "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }
Each attribute in the message payload will be written to a separate column in the DynamoDB database.
tableName (string) -- [REQUIRED]
The table where the message data will be written.
lambda (dict) --
Invoke a Lambda function.
functionArn (string) -- [REQUIRED]
The ARN of the Lambda function.
sns (dict) --
Publish to an Amazon SNS topic.
targetArn (string) -- [REQUIRED]
The ARN of the SNS topic.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
messageFormat (string) --
(Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see https://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.
sqs (dict) --
Publish to an Amazon SQS queue.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
queueUrl (string) -- [REQUIRED]
The URL of the Amazon SQS queue.
useBase64 (boolean) --
Specifies whether to use Base64 encoding.
kinesis (dict) --
Write data to an Amazon Kinesis stream.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the Amazon Kinesis stream.
streamName (string) -- [REQUIRED]
The name of the Amazon Kinesis stream.
partitionKey (string) --
The partition key.
republish (dict) --
Publish to another MQTT topic.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
topic (string) -- [REQUIRED]
The name of the MQTT topic.
qos (integer) --
The Quality of Service (QoS) level to use when republishing messages. The default value is 0.
s3 (dict) --
Write to an Amazon S3 bucket.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
bucketName (string) -- [REQUIRED]
The Amazon S3 bucket.
key (string) -- [REQUIRED]
The object key.
cannedAcl (string) --
The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs.
firehose (dict) --
Write to an Amazon Kinesis Firehose stream.
roleArn (string) -- [REQUIRED]
The IAM role that grants access to the Amazon Kinesis Firehose stream.
deliveryStreamName (string) -- [REQUIRED]
The delivery stream name.
separator (string) --
A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).
cloudwatchMetric (dict) --
Capture a CloudWatch metric.
roleArn (string) -- [REQUIRED]
The IAM role that allows access to the CloudWatch metric.
metricNamespace (string) -- [REQUIRED]
The CloudWatch metric namespace name.
metricName (string) -- [REQUIRED]
The CloudWatch metric name.
metricValue (string) -- [REQUIRED]
The CloudWatch metric value.
metricUnit (string) -- [REQUIRED]
The metric unit supported by CloudWatch.
metricTimestamp (string) --
An optional Unix timestamp.
cloudwatchAlarm (dict) --
Change the state of a CloudWatch alarm.
roleArn (string) -- [REQUIRED]
The IAM role that allows access to the CloudWatch alarm.
alarmName (string) -- [REQUIRED]
The CloudWatch alarm name.
stateReason (string) -- [REQUIRED]
The reason for the alarm change.
stateValue (string) -- [REQUIRED]
The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.
elasticsearch (dict) --
Write data to an Amazon Elasticsearch Service domain.
roleArn (string) -- [REQUIRED]
The IAM role ARN that has access to Elasticsearch.
endpoint (string) -- [REQUIRED]
The endpoint of your Elasticsearch domain.
index (string) -- [REQUIRED]
The Elasticsearch index where you want to store your data.
type (string) -- [REQUIRED]
The type of document you are storing.
id (string) -- [REQUIRED]
The unique identifier for the document you are storing.
salesforce (dict) --
Send a message to a Salesforce IoT Cloud Input Stream.
token (string) -- [REQUIRED]
The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
url (string) -- [REQUIRED]
The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
iotAnalytics (dict) --
Sends message data to an AWS IoT Analytics channel.
channelArn (string) --
(deprecated) The ARN of the IoT Analytics channel to which message data will be sent.
channelName (string) --
The name of the IoT Analytics channel to which message data will be sent.
roleArn (string) --
The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).
iotEvents (dict) --
Sends an input to an AWS IoT Events detector.
inputName (string) -- [REQUIRED]
The name of the AWS IoT Events input.
messageId (string) --
[Optional] Use this to ensure that only one input (message) with a given messageId will be processed by an AWS IoT Events detector.
roleArn (string) -- [REQUIRED]
The ARN of the role that grants AWS IoT permission to send an input to an AWS IoT Events detector. ("Action":"iotevents:BatchPutMessage").
iotSiteWise (dict) --
Sends data from the MQTT message that triggered the rule to AWS IoT SiteWise asset properties.
putAssetPropertyValueEntries (list) -- [REQUIRED]
A list of asset property value entries.
(dict) --
An asset property value entry containing the following information.
entryId (string) --
Optional. A unique identifier for this entry that you can define to better track which message caused an error in case of failure. Accepts substitution templates. Defaults to a new UUID.
assetId (string) --
The ID of the AWS IoT SiteWise asset. You must specify either a propertyAlias or both an analiasId and a propertyId . Accepts substitution templates.
propertyId (string) --
The ID of the asset's property. You must specify either a propertyAlias or both an analiasId and a propertyId . Accepts substitution templates.
propertyAlias (string) --
The name of the property alias associated with your asset property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyValues (list) -- [REQUIRED]
A list of property values to insert that each contain timestamp, quality, and value (TQV) information.
(dict) --
An asset property value entry containing the following information.
value (dict) -- [REQUIRED]
The value of the asset property.
stringValue (string) --
Optional. The string value of the value entry. Accepts substitution templates.
integerValue (string) --
Optional. A string that contains the integer value of the value entry. Accepts substitution templates.
doubleValue (string) --
Optional. A string that contains the double value of the value entry. Accepts substitution templates.
booleanValue (string) --
Optional. A string that contains the boolean value ( true or false ) of the value entry. Accepts substitution templates.
timestamp (dict) -- [REQUIRED]
The asset property value timestamp.
timeInSeconds (string) -- [REQUIRED]
A string that contains the time in seconds since epoch. Accepts substitution templates.
offsetInNanos (string) --
Optional. A string that contains the nanosecond time offset. Accepts substitution templates.
quality (string) --
Optional. A string that describes the quality of the value. Accepts substitution templates. Must be GOOD , BAD , or UNCERTAIN .
roleArn (string) -- [REQUIRED]
The ARN of the role that grants AWS IoT permission to send an asset property value to AWS IoTSiteWise. ( "Action": "iotsitewise:BatchPutAssetPropertyValue" ). The trust policy can restrict access to specific asset hierarchy paths.
stepFunctions (dict) --
Starts execution of a Step Functions state machine.
executionNamePrefix (string) --
(Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.
stateMachineName (string) -- [REQUIRED]
The name of the Step Functions state machine whose execution will be started.
roleArn (string) -- [REQUIRED]
The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").
http (dict) --
Send data to an HTTPS endpoint.
url (string) -- [REQUIRED]
The endpoint URL. If substitution templates are used in the URL, you must also specify a confirmationUrl . If this is a new destination, a new TopicRuleDestination is created if possible.
confirmationUrl (string) --
The URL to which AWS IoT sends a confirmation message. The value of the confirmation URL must be a prefix of the endpoint URL. If you do not specify a confirmation URL AWS IoT uses the endpoint URL as the confirmation URL. If you use substitution templates in the confirmationUrl, you must create and enable topic rule destinations that match each possible value of the substituion template before traffic is allowed to your endpoint URL.
headers (list) --
The HTTP headers to send with the message data.
(dict) --
The HTTP action header.
key (string) -- [REQUIRED]
The HTTP header key.
value (string) -- [REQUIRED]
The HTTP header value. Substitution templates are supported.
auth (dict) --
The authentication method to use when sending data to an HTTPS endpoint.
sigv4 (dict) --
Use Sig V4 authorization. For more information, see Signature Version 4 Signing Process.
signingRegion (string) -- [REQUIRED]
The signing region.
serviceName (string) -- [REQUIRED]
The service name to use while signing with Sig V4.
roleArn (string) -- [REQUIRED]
The ARN of the signing role.
string
Metadata which can be used to manage the topic rule.
Note
For URI Request parameters use format: ...key1=value1&key2=value2...
For the CLI command-line parameter use format: --tags "key1=value1&key2=value2..."
For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."
None
{'finding': {'nonCompliantResource': {'resourceIdentifier': {'iamRoleArn': 'string',
'roleAliasArn': 'string'},
'resourceType': {'IAM_ROLE',
'ROLE_ALIAS'}},
'relatedResources': {'resourceIdentifier': {'iamRoleArn': 'string',
'roleAliasArn': 'string'},
'resourceType': {'ROLE_ALIAS', 'IAM_ROLE'}}}}
Gets information about a single audit finding. Properties include the reason for noncompliance, the severity of the issue, and when the audit that returned the finding was started.
See also: AWS API Documentation
Request Syntax
client.describe_audit_finding(
findingId='string'
)
string
[REQUIRED]
A unique identifier for a single audit finding. You can use this identifier to apply mitigation actions to the finding.
dict
Response Syntax
{
'finding': {
'findingId': 'string',
'taskId': 'string',
'checkName': 'string',
'taskStartTime': datetime(2015, 1, 1),
'findingTime': datetime(2015, 1, 1),
'severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW',
'nonCompliantResource': {
'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS'|'ROLE_ALIAS'|'IAM_ROLE',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string'
},
'additionalInfo': {
'string': 'string'
}
},
'relatedResources': [
{
'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS'|'ROLE_ALIAS'|'IAM_ROLE',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string'
},
'additionalInfo': {
'string': 'string'
}
},
],
'reasonForNonCompliance': 'string',
'reasonForNonComplianceCode': 'string'
}
}
Response Structure
(dict) --
finding (dict) --
The findings (results) of the audit.
findingId (string) --
A unique identifier for this set of audit findings. This identifier is used to apply mitigation tasks to one or more sets of findings.
taskId (string) --
The ID of the audit that generated this result (finding).
checkName (string) --
The audit check that generated this result.
taskStartTime (datetime) --
The time the audit started.
findingTime (datetime) --
The time the result (finding) was discovered.
severity (string) --
The severity of the result (finding).
nonCompliantResource (dict) --
The resource that was found to be noncompliant with the audit check.
resourceType (string) --
The type of the noncompliant resource.
resourceIdentifier (dict) --
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
additionalInfo (dict) --
Other information about the noncompliant resource.
(string) --
(string) --
relatedResources (list) --
The list of related resources.
(dict) --
Information about a related resource.
resourceType (string) --
The type of resource.
resourceIdentifier (dict) --
Information that identifies the resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
additionalInfo (dict) --
Other information about the resource.
(string) --
(string) --
reasonForNonCompliance (string) --
The reason the resource was noncompliant.
reasonForNonComplianceCode (string) --
A code that indicates the reason that the resource was noncompliant.
{'authorizerDescription': {'signingDisabled': 'boolean'}}
Describes an authorizer.
See also: AWS API Documentation
Request Syntax
client.describe_authorizer(
authorizerName='string'
)
string
[REQUIRED]
The name of the authorizer to describe.
dict
Response Syntax
{
'authorizerDescription': {
'authorizerName': 'string',
'authorizerArn': 'string',
'authorizerFunctionArn': 'string',
'tokenKeyName': 'string',
'tokenSigningPublicKeys': {
'string': 'string'
},
'status': 'ACTIVE'|'INACTIVE',
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1),
'signingDisabled': True|False
}
}
Response Structure
(dict) --
authorizerDescription (dict) --
The authorizer description.
authorizerName (string) --
The authorizer name.
authorizerArn (string) --
The authorizer ARN.
authorizerFunctionArn (string) --
The authorizer's Lambda function ARN.
tokenKeyName (string) --
The key used to extract the token from the HTTP headers.
tokenSigningPublicKeys (dict) --
The public keys used to validate the token signature returned by your custom authentication service.
(string) --
(string) --
status (string) --
The status of the authorizer.
creationDate (datetime) --
The UNIX timestamp of when the authorizer was created.
lastModifiedDate (datetime) --
The UNIX timestamp of when the authorizer was last updated.
signingDisabled (boolean) --
Specifies whether AWS IoT validates the token signature in an authorization request.
{'authorizerDescription': {'signingDisabled': 'boolean'}}
Describes the default authorizer.
See also: AWS API Documentation
Request Syntax
client.describe_default_authorizer()
dict
Response Syntax
{
'authorizerDescription': {
'authorizerName': 'string',
'authorizerArn': 'string',
'authorizerFunctionArn': 'string',
'tokenKeyName': 'string',
'tokenSigningPublicKeys': {
'string': 'string'
},
'status': 'ACTIVE'|'INACTIVE',
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1),
'signingDisabled': True|False
}
}
Response Structure
(dict) --
authorizerDescription (dict) --
The default authorizer's description.
authorizerName (string) --
The authorizer name.
authorizerArn (string) --
The authorizer ARN.
authorizerFunctionArn (string) --
The authorizer's Lambda function ARN.
tokenKeyName (string) --
The key used to extract the token from the HTTP headers.
tokenSigningPublicKeys (dict) --
The public keys used to validate the token signature returned by your custom authentication service.
(string) --
(string) --
status (string) --
The status of the authorizer.
creationDate (datetime) --
The UNIX timestamp of when the authorizer was created.
lastModifiedDate (datetime) --
The UNIX timestamp of when the authorizer was last updated.
signingDisabled (boolean) --
Specifies whether AWS IoT validates the token signature in an authorization request.
{'rule': {'actions': {'iotSiteWise': {'putAssetPropertyValueEntries': [{'assetId': 'string',
'entryId': 'string',
'propertyAlias': 'string',
'propertyId': 'string',
'propertyValues': [{'quality': 'string',
'timestamp': {'offsetInNanos': 'string',
'timeInSeconds': 'string'},
'value': {'booleanValue': 'string',
'doubleValue': 'string',
'integerValue': 'string',
'stringValue': 'string'}}]}],
'roleArn': 'string'}},
'errorAction': {'iotSiteWise': {'putAssetPropertyValueEntries': [{'assetId': 'string',
'entryId': 'string',
'propertyAlias': 'string',
'propertyId': 'string',
'propertyValues': [{'quality': 'string',
'timestamp': {'offsetInNanos': 'string',
'timeInSeconds': 'string'},
'value': {'booleanValue': 'string',
'doubleValue': 'string',
'integerValue': 'string',
'stringValue': 'string'}}]}],
'roleArn': 'string'}}}}
Gets information about the rule.
See also: AWS API Documentation
Request Syntax
client.get_topic_rule(
ruleName='string'
)
string
[REQUIRED]
The name of the rule.
dict
Response Syntax
{
'ruleArn': 'string',
'rule': {
'ruleName': 'string',
'sql': 'string',
'description': 'string',
'createdAt': datetime(2015, 1, 1),
'actions': [
{
'dynamoDB': {
'tableName': 'string',
'roleArn': 'string',
'operation': 'string',
'hashKeyField': 'string',
'hashKeyValue': 'string',
'hashKeyType': 'STRING'|'NUMBER',
'rangeKeyField': 'string',
'rangeKeyValue': 'string',
'rangeKeyType': 'STRING'|'NUMBER',
'payloadField': 'string'
},
'dynamoDBv2': {
'roleArn': 'string',
'putItem': {
'tableName': 'string'
}
},
'lambda': {
'functionArn': 'string'
},
'sns': {
'targetArn': 'string',
'roleArn': 'string',
'messageFormat': 'RAW'|'JSON'
},
'sqs': {
'roleArn': 'string',
'queueUrl': 'string',
'useBase64': True|False
},
'kinesis': {
'roleArn': 'string',
'streamName': 'string',
'partitionKey': 'string'
},
'republish': {
'roleArn': 'string',
'topic': 'string',
'qos': 123
},
's3': {
'roleArn': 'string',
'bucketName': 'string',
'key': 'string',
'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
},
'firehose': {
'roleArn': 'string',
'deliveryStreamName': 'string',
'separator': 'string'
},
'cloudwatchMetric': {
'roleArn': 'string',
'metricNamespace': 'string',
'metricName': 'string',
'metricValue': 'string',
'metricUnit': 'string',
'metricTimestamp': 'string'
},
'cloudwatchAlarm': {
'roleArn': 'string',
'alarmName': 'string',
'stateReason': 'string',
'stateValue': 'string'
},
'elasticsearch': {
'roleArn': 'string',
'endpoint': 'string',
'index': 'string',
'type': 'string',
'id': 'string'
},
'salesforce': {
'token': 'string',
'url': 'string'
},
'iotAnalytics': {
'channelArn': 'string',
'channelName': 'string',
'roleArn': 'string'
},
'iotEvents': {
'inputName': 'string',
'messageId': 'string',
'roleArn': 'string'
},
'iotSiteWise': {
'putAssetPropertyValueEntries': [
{
'entryId': 'string',
'assetId': 'string',
'propertyId': 'string',
'propertyAlias': 'string',
'propertyValues': [
{
'value': {
'stringValue': 'string',
'integerValue': 'string',
'doubleValue': 'string',
'booleanValue': 'string'
},
'timestamp': {
'timeInSeconds': 'string',
'offsetInNanos': 'string'
},
'quality': 'string'
},
]
},
],
'roleArn': 'string'
},
'stepFunctions': {
'executionNamePrefix': 'string',
'stateMachineName': 'string',
'roleArn': 'string'
},
'http': {
'url': 'string',
'confirmationUrl': 'string',
'headers': [
{
'key': 'string',
'value': 'string'
},
],
'auth': {
'sigv4': {
'signingRegion': 'string',
'serviceName': 'string',
'roleArn': 'string'
}
}
}
},
],
'ruleDisabled': True|False,
'awsIotSqlVersion': 'string',
'errorAction': {
'dynamoDB': {
'tableName': 'string',
'roleArn': 'string',
'operation': 'string',
'hashKeyField': 'string',
'hashKeyValue': 'string',
'hashKeyType': 'STRING'|'NUMBER',
'rangeKeyField': 'string',
'rangeKeyValue': 'string',
'rangeKeyType': 'STRING'|'NUMBER',
'payloadField': 'string'
},
'dynamoDBv2': {
'roleArn': 'string',
'putItem': {
'tableName': 'string'
}
},
'lambda': {
'functionArn': 'string'
},
'sns': {
'targetArn': 'string',
'roleArn': 'string',
'messageFormat': 'RAW'|'JSON'
},
'sqs': {
'roleArn': 'string',
'queueUrl': 'string',
'useBase64': True|False
},
'kinesis': {
'roleArn': 'string',
'streamName': 'string',
'partitionKey': 'string'
},
'republish': {
'roleArn': 'string',
'topic': 'string',
'qos': 123
},
's3': {
'roleArn': 'string',
'bucketName': 'string',
'key': 'string',
'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
},
'firehose': {
'roleArn': 'string',
'deliveryStreamName': 'string',
'separator': 'string'
},
'cloudwatchMetric': {
'roleArn': 'string',
'metricNamespace': 'string',
'metricName': 'string',
'metricValue': 'string',
'metricUnit': 'string',
'metricTimestamp': 'string'
},
'cloudwatchAlarm': {
'roleArn': 'string',
'alarmName': 'string',
'stateReason': 'string',
'stateValue': 'string'
},
'elasticsearch': {
'roleArn': 'string',
'endpoint': 'string',
'index': 'string',
'type': 'string',
'id': 'string'
},
'salesforce': {
'token': 'string',
'url': 'string'
},
'iotAnalytics': {
'channelArn': 'string',
'channelName': 'string',
'roleArn': 'string'
},
'iotEvents': {
'inputName': 'string',
'messageId': 'string',
'roleArn': 'string'
},
'iotSiteWise': {
'putAssetPropertyValueEntries': [
{
'entryId': 'string',
'assetId': 'string',
'propertyId': 'string',
'propertyAlias': 'string',
'propertyValues': [
{
'value': {
'stringValue': 'string',
'integerValue': 'string',
'doubleValue': 'string',
'booleanValue': 'string'
},
'timestamp': {
'timeInSeconds': 'string',
'offsetInNanos': 'string'
},
'quality': 'string'
},
]
},
],
'roleArn': 'string'
},
'stepFunctions': {
'executionNamePrefix': 'string',
'stateMachineName': 'string',
'roleArn': 'string'
},
'http': {
'url': 'string',
'confirmationUrl': 'string',
'headers': [
{
'key': 'string',
'value': 'string'
},
],
'auth': {
'sigv4': {
'signingRegion': 'string',
'serviceName': 'string',
'roleArn': 'string'
}
}
}
}
}
}
Response Structure
(dict) --
The output from the GetTopicRule operation.
ruleArn (string) --
The rule ARN.
rule (dict) --
The rule.
ruleName (string) --
The name of the rule.
sql (string) --
The SQL statement used to query the topic. When using a SQL query with multiple lines, be sure to escape the newline characters.
description (string) --
The description of the rule.
createdAt (datetime) --
The date and time the rule was created.
actions (list) --
The actions associated with the rule.
(dict) --
Describes the actions associated with a rule.
dynamoDB (dict) --
Write to a DynamoDB table.
tableName (string) --
The name of the DynamoDB table.
roleArn (string) --
The ARN of the IAM role that grants access to the DynamoDB table.
operation (string) --
The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .
hashKeyField (string) --
The hash key name.
hashKeyValue (string) --
The hash key value.
hashKeyType (string) --
The hash key type. Valid values are "STRING" or "NUMBER"
rangeKeyField (string) --
The range key name.
rangeKeyValue (string) --
The range key value.
rangeKeyType (string) --
The range key type. Valid values are "STRING" or "NUMBER"
payloadField (string) --
The action payload. This name can be customized.
dynamoDBv2 (dict) --
Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.
roleArn (string) --
The ARN of the IAM role that grants access to the DynamoDB table.
putItem (dict) --
Specifies the DynamoDB table to which the message data will be written. For example:
{ "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }
Each attribute in the message payload will be written to a separate column in the DynamoDB database.
tableName (string) --
The table where the message data will be written.
lambda (dict) --
Invoke a Lambda function.
functionArn (string) --
The ARN of the Lambda function.
sns (dict) --
Publish to an Amazon SNS topic.
targetArn (string) --
The ARN of the SNS topic.
roleArn (string) --
The ARN of the IAM role that grants access.
messageFormat (string) --
(Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see https://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.
sqs (dict) --
Publish to an Amazon SQS queue.
roleArn (string) --
The ARN of the IAM role that grants access.
queueUrl (string) --
The URL of the Amazon SQS queue.
useBase64 (boolean) --
Specifies whether to use Base64 encoding.
kinesis (dict) --
Write data to an Amazon Kinesis stream.
roleArn (string) --
The ARN of the IAM role that grants access to the Amazon Kinesis stream.
streamName (string) --
The name of the Amazon Kinesis stream.
partitionKey (string) --
The partition key.
republish (dict) --
Publish to another MQTT topic.
roleArn (string) --
The ARN of the IAM role that grants access.
topic (string) --
The name of the MQTT topic.
qos (integer) --
The Quality of Service (QoS) level to use when republishing messages. The default value is 0.
s3 (dict) --
Write to an Amazon S3 bucket.
roleArn (string) --
The ARN of the IAM role that grants access.
bucketName (string) --
The Amazon S3 bucket.
key (string) --
The object key.
cannedAcl (string) --
The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs.
firehose (dict) --
Write to an Amazon Kinesis Firehose stream.
roleArn (string) --
The IAM role that grants access to the Amazon Kinesis Firehose stream.
deliveryStreamName (string) --
The delivery stream name.
separator (string) --
A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).
cloudwatchMetric (dict) --
Capture a CloudWatch metric.
roleArn (string) --
The IAM role that allows access to the CloudWatch metric.
metricNamespace (string) --
The CloudWatch metric namespace name.
metricName (string) --
The CloudWatch metric name.
metricValue (string) --
The CloudWatch metric value.
metricUnit (string) --
The metric unit supported by CloudWatch.
metricTimestamp (string) --
An optional Unix timestamp.
cloudwatchAlarm (dict) --
Change the state of a CloudWatch alarm.
roleArn (string) --
The IAM role that allows access to the CloudWatch alarm.
alarmName (string) --
The CloudWatch alarm name.
stateReason (string) --
The reason for the alarm change.
stateValue (string) --
The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.
elasticsearch (dict) --
Write data to an Amazon Elasticsearch Service domain.
roleArn (string) --
The IAM role ARN that has access to Elasticsearch.
endpoint (string) --
The endpoint of your Elasticsearch domain.
index (string) --
The Elasticsearch index where you want to store your data.
type (string) --
The type of document you are storing.
id (string) --
The unique identifier for the document you are storing.
salesforce (dict) --
Send a message to a Salesforce IoT Cloud Input Stream.
token (string) --
The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
url (string) --
The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
iotAnalytics (dict) --
Sends message data to an AWS IoT Analytics channel.
channelArn (string) --
(deprecated) The ARN of the IoT Analytics channel to which message data will be sent.
channelName (string) --
The name of the IoT Analytics channel to which message data will be sent.
roleArn (string) --
The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).
iotEvents (dict) --
Sends an input to an AWS IoT Events detector.
inputName (string) --
The name of the AWS IoT Events input.
messageId (string) --
[Optional] Use this to ensure that only one input (message) with a given messageId will be processed by an AWS IoT Events detector.
roleArn (string) --
The ARN of the role that grants AWS IoT permission to send an input to an AWS IoT Events detector. ("Action":"iotevents:BatchPutMessage").
iotSiteWise (dict) --
Sends data from the MQTT message that triggered the rule to AWS IoT SiteWise asset properties.
putAssetPropertyValueEntries (list) --
A list of asset property value entries.
(dict) --
An asset property value entry containing the following information.
entryId (string) --
Optional. A unique identifier for this entry that you can define to better track which message caused an error in case of failure. Accepts substitution templates. Defaults to a new UUID.
assetId (string) --
The ID of the AWS IoT SiteWise asset. You must specify either a propertyAlias or both an analiasId and a propertyId . Accepts substitution templates.
propertyId (string) --
The ID of the asset's property. You must specify either a propertyAlias or both an analiasId and a propertyId . Accepts substitution templates.
propertyAlias (string) --
The name of the property alias associated with your asset property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyValues (list) --
A list of property values to insert that each contain timestamp, quality, and value (TQV) information.
(dict) --
An asset property value entry containing the following information.
value (dict) --
The value of the asset property.
stringValue (string) --
Optional. The string value of the value entry. Accepts substitution templates.
integerValue (string) --
Optional. A string that contains the integer value of the value entry. Accepts substitution templates.
doubleValue (string) --
Optional. A string that contains the double value of the value entry. Accepts substitution templates.
booleanValue (string) --
Optional. A string that contains the boolean value ( true or false ) of the value entry. Accepts substitution templates.
timestamp (dict) --
The asset property value timestamp.
timeInSeconds (string) --
A string that contains the time in seconds since epoch. Accepts substitution templates.
offsetInNanos (string) --
Optional. A string that contains the nanosecond time offset. Accepts substitution templates.
quality (string) --
Optional. A string that describes the quality of the value. Accepts substitution templates. Must be GOOD , BAD , or UNCERTAIN .
roleArn (string) --
The ARN of the role that grants AWS IoT permission to send an asset property value to AWS IoTSiteWise. ( "Action": "iotsitewise:BatchPutAssetPropertyValue" ). The trust policy can restrict access to specific asset hierarchy paths.
stepFunctions (dict) --
Starts execution of a Step Functions state machine.
executionNamePrefix (string) --
(Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.
stateMachineName (string) --
The name of the Step Functions state machine whose execution will be started.
roleArn (string) --
The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").
http (dict) --
Send data to an HTTPS endpoint.
url (string) --
The endpoint URL. If substitution templates are used in the URL, you must also specify a confirmationUrl . If this is a new destination, a new TopicRuleDestination is created if possible.
confirmationUrl (string) --
The URL to which AWS IoT sends a confirmation message. The value of the confirmation URL must be a prefix of the endpoint URL. If you do not specify a confirmation URL AWS IoT uses the endpoint URL as the confirmation URL. If you use substitution templates in the confirmationUrl, you must create and enable topic rule destinations that match each possible value of the substituion template before traffic is allowed to your endpoint URL.
headers (list) --
The HTTP headers to send with the message data.
(dict) --
The HTTP action header.
key (string) --
The HTTP header key.
value (string) --
The HTTP header value. Substitution templates are supported.
auth (dict) --
The authentication method to use when sending data to an HTTPS endpoint.
sigv4 (dict) --
Use Sig V4 authorization. For more information, see Signature Version 4 Signing Process.
signingRegion (string) --
The signing region.
serviceName (string) --
The service name to use while signing with Sig V4.
roleArn (string) --
The ARN of the signing role.
ruleDisabled (boolean) --
Specifies whether the rule is disabled.
awsIotSqlVersion (string) --
The version of the SQL rules engine to use when evaluating the rule.
errorAction (dict) --
The action to perform when an error occurs.
dynamoDB (dict) --
Write to a DynamoDB table.
tableName (string) --
The name of the DynamoDB table.
roleArn (string) --
The ARN of the IAM role that grants access to the DynamoDB table.
operation (string) --
The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .
hashKeyField (string) --
The hash key name.
hashKeyValue (string) --
The hash key value.
hashKeyType (string) --
The hash key type. Valid values are "STRING" or "NUMBER"
rangeKeyField (string) --
The range key name.
rangeKeyValue (string) --
The range key value.
rangeKeyType (string) --
The range key type. Valid values are "STRING" or "NUMBER"
payloadField (string) --
The action payload. This name can be customized.
dynamoDBv2 (dict) --
Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.
roleArn (string) --
The ARN of the IAM role that grants access to the DynamoDB table.
putItem (dict) --
Specifies the DynamoDB table to which the message data will be written. For example:
{ "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }
Each attribute in the message payload will be written to a separate column in the DynamoDB database.
tableName (string) --
The table where the message data will be written.
lambda (dict) --
Invoke a Lambda function.
functionArn (string) --
The ARN of the Lambda function.
sns (dict) --
Publish to an Amazon SNS topic.
targetArn (string) --
The ARN of the SNS topic.
roleArn (string) --
The ARN of the IAM role that grants access.
messageFormat (string) --
(Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see https://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.
sqs (dict) --
Publish to an Amazon SQS queue.
roleArn (string) --
The ARN of the IAM role that grants access.
queueUrl (string) --
The URL of the Amazon SQS queue.
useBase64 (boolean) --
Specifies whether to use Base64 encoding.
kinesis (dict) --
Write data to an Amazon Kinesis stream.
roleArn (string) --
The ARN of the IAM role that grants access to the Amazon Kinesis stream.
streamName (string) --
The name of the Amazon Kinesis stream.
partitionKey (string) --
The partition key.
republish (dict) --
Publish to another MQTT topic.
roleArn (string) --
The ARN of the IAM role that grants access.
topic (string) --
The name of the MQTT topic.
qos (integer) --
The Quality of Service (QoS) level to use when republishing messages. The default value is 0.
s3 (dict) --
Write to an Amazon S3 bucket.
roleArn (string) --
The ARN of the IAM role that grants access.
bucketName (string) --
The Amazon S3 bucket.
key (string) --
The object key.
cannedAcl (string) --
The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs.
firehose (dict) --
Write to an Amazon Kinesis Firehose stream.
roleArn (string) --
The IAM role that grants access to the Amazon Kinesis Firehose stream.
deliveryStreamName (string) --
The delivery stream name.
separator (string) --
A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).
cloudwatchMetric (dict) --
Capture a CloudWatch metric.
roleArn (string) --
The IAM role that allows access to the CloudWatch metric.
metricNamespace (string) --
The CloudWatch metric namespace name.
metricName (string) --
The CloudWatch metric name.
metricValue (string) --
The CloudWatch metric value.
metricUnit (string) --
The metric unit supported by CloudWatch.
metricTimestamp (string) --
An optional Unix timestamp.
cloudwatchAlarm (dict) --
Change the state of a CloudWatch alarm.
roleArn (string) --
The IAM role that allows access to the CloudWatch alarm.
alarmName (string) --
The CloudWatch alarm name.
stateReason (string) --
The reason for the alarm change.
stateValue (string) --
The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.
elasticsearch (dict) --
Write data to an Amazon Elasticsearch Service domain.
roleArn (string) --
The IAM role ARN that has access to Elasticsearch.
endpoint (string) --
The endpoint of your Elasticsearch domain.
index (string) --
The Elasticsearch index where you want to store your data.
type (string) --
The type of document you are storing.
id (string) --
The unique identifier for the document you are storing.
salesforce (dict) --
Send a message to a Salesforce IoT Cloud Input Stream.
token (string) --
The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
url (string) --
The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
iotAnalytics (dict) --
Sends message data to an AWS IoT Analytics channel.
channelArn (string) --
(deprecated) The ARN of the IoT Analytics channel to which message data will be sent.
channelName (string) --
The name of the IoT Analytics channel to which message data will be sent.
roleArn (string) --
The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).
iotEvents (dict) --
Sends an input to an AWS IoT Events detector.
inputName (string) --
The name of the AWS IoT Events input.
messageId (string) --
[Optional] Use this to ensure that only one input (message) with a given messageId will be processed by an AWS IoT Events detector.
roleArn (string) --
The ARN of the role that grants AWS IoT permission to send an input to an AWS IoT Events detector. ("Action":"iotevents:BatchPutMessage").
iotSiteWise (dict) --
Sends data from the MQTT message that triggered the rule to AWS IoT SiteWise asset properties.
putAssetPropertyValueEntries (list) --
A list of asset property value entries.
(dict) --
An asset property value entry containing the following information.
entryId (string) --
Optional. A unique identifier for this entry that you can define to better track which message caused an error in case of failure. Accepts substitution templates. Defaults to a new UUID.
assetId (string) --
The ID of the AWS IoT SiteWise asset. You must specify either a propertyAlias or both an analiasId and a propertyId . Accepts substitution templates.
propertyId (string) --
The ID of the asset's property. You must specify either a propertyAlias or both an analiasId and a propertyId . Accepts substitution templates.
propertyAlias (string) --
The name of the property alias associated with your asset property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyValues (list) --
A list of property values to insert that each contain timestamp, quality, and value (TQV) information.
(dict) --
An asset property value entry containing the following information.
value (dict) --
The value of the asset property.
stringValue (string) --
Optional. The string value of the value entry. Accepts substitution templates.
integerValue (string) --
Optional. A string that contains the integer value of the value entry. Accepts substitution templates.
doubleValue (string) --
Optional. A string that contains the double value of the value entry. Accepts substitution templates.
booleanValue (string) --
Optional. A string that contains the boolean value ( true or false ) of the value entry. Accepts substitution templates.
timestamp (dict) --
The asset property value timestamp.
timeInSeconds (string) --
A string that contains the time in seconds since epoch. Accepts substitution templates.
offsetInNanos (string) --
Optional. A string that contains the nanosecond time offset. Accepts substitution templates.
quality (string) --
Optional. A string that describes the quality of the value. Accepts substitution templates. Must be GOOD , BAD , or UNCERTAIN .
roleArn (string) --
The ARN of the role that grants AWS IoT permission to send an asset property value to AWS IoTSiteWise. ( "Action": "iotsitewise:BatchPutAssetPropertyValue" ). The trust policy can restrict access to specific asset hierarchy paths.
stepFunctions (dict) --
Starts execution of a Step Functions state machine.
executionNamePrefix (string) --
(Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.
stateMachineName (string) --
The name of the Step Functions state machine whose execution will be started.
roleArn (string) --
The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").
http (dict) --
Send data to an HTTPS endpoint.
url (string) --
The endpoint URL. If substitution templates are used in the URL, you must also specify a confirmationUrl . If this is a new destination, a new TopicRuleDestination is created if possible.
confirmationUrl (string) --
The URL to which AWS IoT sends a confirmation message. The value of the confirmation URL must be a prefix of the endpoint URL. If you do not specify a confirmation URL AWS IoT uses the endpoint URL as the confirmation URL. If you use substitution templates in the confirmationUrl, you must create and enable topic rule destinations that match each possible value of the substituion template before traffic is allowed to your endpoint URL.
headers (list) --
The HTTP headers to send with the message data.
(dict) --
The HTTP action header.
key (string) --
The HTTP header key.
value (string) --
The HTTP header value. Substitution templates are supported.
auth (dict) --
The authentication method to use when sending data to an HTTPS endpoint.
sigv4 (dict) --
Use Sig V4 authorization. For more information, see Signature Version 4 Signing Process.
signingRegion (string) --
The signing region.
serviceName (string) --
The service name to use while signing with Sig V4.
roleArn (string) --
The ARN of the signing role.
{'resourceIdentifier': {'iamRoleArn': 'string', 'roleAliasArn': 'string'}}
Response {'findings': {'nonCompliantResource': {'resourceIdentifier': {'iamRoleArn': 'string',
'roleAliasArn': 'string'},
'resourceType': {'IAM_ROLE',
'ROLE_ALIAS'}},
'relatedResources': {'resourceIdentifier': {'iamRoleArn': 'string',
'roleAliasArn': 'string'},
'resourceType': {'ROLE_ALIAS', 'IAM_ROLE'}}}}
Lists the findings (results) of a Device Defender audit or of the audits performed during a specified time period. (Findings are retained for 180 days.)
See also: AWS API Documentation
Request Syntax
client.list_audit_findings(
taskId='string',
checkName='string',
resourceIdentifier={
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string'
},
maxResults=123,
nextToken='string',
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1)
)
string
A filter to limit results to the audit with the specified ID. You must specify either the taskId or the startTime and endTime, but not both.
string
A filter to limit results to the findings for the specified audit check.
dict
Information identifying the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
integer
The maximum number of results to return at one time. The default is 25.
string
The token for the next set of results.
datetime
A filter to limit results to those found after the specified time. You must specify either the startTime and endTime or the taskId, but not both.
datetime
A filter to limit results to those found before the specified time. You must specify either the startTime and endTime or the taskId, but not both.
dict
Response Syntax
{
'findings': [
{
'findingId': 'string',
'taskId': 'string',
'checkName': 'string',
'taskStartTime': datetime(2015, 1, 1),
'findingTime': datetime(2015, 1, 1),
'severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW',
'nonCompliantResource': {
'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS'|'ROLE_ALIAS'|'IAM_ROLE',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string'
},
'additionalInfo': {
'string': 'string'
}
},
'relatedResources': [
{
'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS'|'ROLE_ALIAS'|'IAM_ROLE',
'resourceIdentifier': {
'deviceCertificateId': 'string',
'caCertificateId': 'string',
'cognitoIdentityPoolId': 'string',
'clientId': 'string',
'policyVersionIdentifier': {
'policyName': 'string',
'policyVersionId': 'string'
},
'account': 'string',
'iamRoleArn': 'string',
'roleAliasArn': 'string'
},
'additionalInfo': {
'string': 'string'
}
},
],
'reasonForNonCompliance': 'string',
'reasonForNonComplianceCode': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
findings (list) --
The findings (results) of the audit.
(dict) --
The findings (results) of the audit.
findingId (string) --
A unique identifier for this set of audit findings. This identifier is used to apply mitigation tasks to one or more sets of findings.
taskId (string) --
The ID of the audit that generated this result (finding).
checkName (string) --
The audit check that generated this result.
taskStartTime (datetime) --
The time the audit started.
findingTime (datetime) --
The time the result (finding) was discovered.
severity (string) --
The severity of the result (finding).
nonCompliantResource (dict) --
The resource that was found to be noncompliant with the audit check.
resourceType (string) --
The type of the noncompliant resource.
resourceIdentifier (dict) --
Information that identifies the noncompliant resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
additionalInfo (dict) --
Other information about the noncompliant resource.
(string) --
(string) --
relatedResources (list) --
The list of related resources.
(dict) --
Information about a related resource.
resourceType (string) --
The type of resource.
resourceIdentifier (dict) --
Information that identifies the resource.
deviceCertificateId (string) --
The ID of the certificate attached to the resource.
caCertificateId (string) --
The ID of the CA certificate used to authorize the certificate.
cognitoIdentityPoolId (string) --
The ID of the Amazon Cognito identity pool.
clientId (string) --
The client ID.
policyVersionIdentifier (dict) --
The version of the policy associated with the resource.
policyName (string) --
The name of the policy.
policyVersionId (string) --
The ID of the version of the policy associated with the resource.
account (string) --
The account with which the resource is associated.
iamRoleArn (string) --
The ARN of the IAM role that has overly permissive actions.
roleAliasArn (string) --
The ARN of the role alias that has overly permissive actions.
additionalInfo (dict) --
Other information about the resource.
(string) --
(string) --
reasonForNonCompliance (string) --
The reason the resource was noncompliant.
reasonForNonComplianceCode (string) --
A code that indicates the reason that the resource was noncompliant.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
{'topicRulePayload': {'actions': {'iotSiteWise': {'putAssetPropertyValueEntries': [{'assetId': 'string',
'entryId': 'string',
'propertyAlias': 'string',
'propertyId': 'string',
'propertyValues': [{'quality': 'string',
'timestamp': {'offsetInNanos': 'string',
'timeInSeconds': 'string'},
'value': {'booleanValue': 'string',
'doubleValue': 'string',
'integerValue': 'string',
'stringValue': 'string'}}]}],
'roleArn': 'string'}},
'errorAction': {'iotSiteWise': {'putAssetPropertyValueEntries': [{'assetId': 'string',
'entryId': 'string',
'propertyAlias': 'string',
'propertyId': 'string',
'propertyValues': [{'quality': 'string',
'timestamp': {'offsetInNanos': 'string',
'timeInSeconds': 'string'},
'value': {'booleanValue': 'string',
'doubleValue': 'string',
'integerValue': 'string',
'stringValue': 'string'}}]}],
'roleArn': 'string'}}}}
Replaces the rule. You must specify all parameters for the new rule. Creating rules is an administrator-level action. Any user who has permission to create rules will be able to access data processed by the rule.
See also: AWS API Documentation
Request Syntax
client.replace_topic_rule(
ruleName='string',
topicRulePayload={
'sql': 'string',
'description': 'string',
'actions': [
{
'dynamoDB': {
'tableName': 'string',
'roleArn': 'string',
'operation': 'string',
'hashKeyField': 'string',
'hashKeyValue': 'string',
'hashKeyType': 'STRING'|'NUMBER',
'rangeKeyField': 'string',
'rangeKeyValue': 'string',
'rangeKeyType': 'STRING'|'NUMBER',
'payloadField': 'string'
},
'dynamoDBv2': {
'roleArn': 'string',
'putItem': {
'tableName': 'string'
}
},
'lambda': {
'functionArn': 'string'
},
'sns': {
'targetArn': 'string',
'roleArn': 'string',
'messageFormat': 'RAW'|'JSON'
},
'sqs': {
'roleArn': 'string',
'queueUrl': 'string',
'useBase64': True|False
},
'kinesis': {
'roleArn': 'string',
'streamName': 'string',
'partitionKey': 'string'
},
'republish': {
'roleArn': 'string',
'topic': 'string',
'qos': 123
},
's3': {
'roleArn': 'string',
'bucketName': 'string',
'key': 'string',
'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
},
'firehose': {
'roleArn': 'string',
'deliveryStreamName': 'string',
'separator': 'string'
},
'cloudwatchMetric': {
'roleArn': 'string',
'metricNamespace': 'string',
'metricName': 'string',
'metricValue': 'string',
'metricUnit': 'string',
'metricTimestamp': 'string'
},
'cloudwatchAlarm': {
'roleArn': 'string',
'alarmName': 'string',
'stateReason': 'string',
'stateValue': 'string'
},
'elasticsearch': {
'roleArn': 'string',
'endpoint': 'string',
'index': 'string',
'type': 'string',
'id': 'string'
},
'salesforce': {
'token': 'string',
'url': 'string'
},
'iotAnalytics': {
'channelArn': 'string',
'channelName': 'string',
'roleArn': 'string'
},
'iotEvents': {
'inputName': 'string',
'messageId': 'string',
'roleArn': 'string'
},
'iotSiteWise': {
'putAssetPropertyValueEntries': [
{
'entryId': 'string',
'assetId': 'string',
'propertyId': 'string',
'propertyAlias': 'string',
'propertyValues': [
{
'value': {
'stringValue': 'string',
'integerValue': 'string',
'doubleValue': 'string',
'booleanValue': 'string'
},
'timestamp': {
'timeInSeconds': 'string',
'offsetInNanos': 'string'
},
'quality': 'string'
},
]
},
],
'roleArn': 'string'
},
'stepFunctions': {
'executionNamePrefix': 'string',
'stateMachineName': 'string',
'roleArn': 'string'
},
'http': {
'url': 'string',
'confirmationUrl': 'string',
'headers': [
{
'key': 'string',
'value': 'string'
},
],
'auth': {
'sigv4': {
'signingRegion': 'string',
'serviceName': 'string',
'roleArn': 'string'
}
}
}
},
],
'ruleDisabled': True|False,
'awsIotSqlVersion': 'string',
'errorAction': {
'dynamoDB': {
'tableName': 'string',
'roleArn': 'string',
'operation': 'string',
'hashKeyField': 'string',
'hashKeyValue': 'string',
'hashKeyType': 'STRING'|'NUMBER',
'rangeKeyField': 'string',
'rangeKeyValue': 'string',
'rangeKeyType': 'STRING'|'NUMBER',
'payloadField': 'string'
},
'dynamoDBv2': {
'roleArn': 'string',
'putItem': {
'tableName': 'string'
}
},
'lambda': {
'functionArn': 'string'
},
'sns': {
'targetArn': 'string',
'roleArn': 'string',
'messageFormat': 'RAW'|'JSON'
},
'sqs': {
'roleArn': 'string',
'queueUrl': 'string',
'useBase64': True|False
},
'kinesis': {
'roleArn': 'string',
'streamName': 'string',
'partitionKey': 'string'
},
'republish': {
'roleArn': 'string',
'topic': 'string',
'qos': 123
},
's3': {
'roleArn': 'string',
'bucketName': 'string',
'key': 'string',
'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
},
'firehose': {
'roleArn': 'string',
'deliveryStreamName': 'string',
'separator': 'string'
},
'cloudwatchMetric': {
'roleArn': 'string',
'metricNamespace': 'string',
'metricName': 'string',
'metricValue': 'string',
'metricUnit': 'string',
'metricTimestamp': 'string'
},
'cloudwatchAlarm': {
'roleArn': 'string',
'alarmName': 'string',
'stateReason': 'string',
'stateValue': 'string'
},
'elasticsearch': {
'roleArn': 'string',
'endpoint': 'string',
'index': 'string',
'type': 'string',
'id': 'string'
},
'salesforce': {
'token': 'string',
'url': 'string'
},
'iotAnalytics': {
'channelArn': 'string',
'channelName': 'string',
'roleArn': 'string'
},
'iotEvents': {
'inputName': 'string',
'messageId': 'string',
'roleArn': 'string'
},
'iotSiteWise': {
'putAssetPropertyValueEntries': [
{
'entryId': 'string',
'assetId': 'string',
'propertyId': 'string',
'propertyAlias': 'string',
'propertyValues': [
{
'value': {
'stringValue': 'string',
'integerValue': 'string',
'doubleValue': 'string',
'booleanValue': 'string'
},
'timestamp': {
'timeInSeconds': 'string',
'offsetInNanos': 'string'
},
'quality': 'string'
},
]
},
],
'roleArn': 'string'
},
'stepFunctions': {
'executionNamePrefix': 'string',
'stateMachineName': 'string',
'roleArn': 'string'
},
'http': {
'url': 'string',
'confirmationUrl': 'string',
'headers': [
{
'key': 'string',
'value': 'string'
},
],
'auth': {
'sigv4': {
'signingRegion': 'string',
'serviceName': 'string',
'roleArn': 'string'
}
}
}
}
}
)
string
[REQUIRED]
The name of the rule.
dict
[REQUIRED]
The rule payload.
sql (string) -- [REQUIRED]
The SQL statement used to query the topic. For more information, see AWS IoT SQL Reference in the AWS IoT Developer Guide .
description (string) --
The description of the rule.
actions (list) -- [REQUIRED]
The actions associated with the rule.
(dict) --
Describes the actions associated with a rule.
dynamoDB (dict) --
Write to a DynamoDB table.
tableName (string) -- [REQUIRED]
The name of the DynamoDB table.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the DynamoDB table.
operation (string) --
The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .
hashKeyField (string) -- [REQUIRED]
The hash key name.
hashKeyValue (string) -- [REQUIRED]
The hash key value.
hashKeyType (string) --
The hash key type. Valid values are "STRING" or "NUMBER"
rangeKeyField (string) --
The range key name.
rangeKeyValue (string) --
The range key value.
rangeKeyType (string) --
The range key type. Valid values are "STRING" or "NUMBER"
payloadField (string) --
The action payload. This name can be customized.
dynamoDBv2 (dict) --
Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the DynamoDB table.
putItem (dict) -- [REQUIRED]
Specifies the DynamoDB table to which the message data will be written. For example:
{ "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }
Each attribute in the message payload will be written to a separate column in the DynamoDB database.
tableName (string) -- [REQUIRED]
The table where the message data will be written.
lambda (dict) --
Invoke a Lambda function.
functionArn (string) -- [REQUIRED]
The ARN of the Lambda function.
sns (dict) --
Publish to an Amazon SNS topic.
targetArn (string) -- [REQUIRED]
The ARN of the SNS topic.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
messageFormat (string) --
(Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see https://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.
sqs (dict) --
Publish to an Amazon SQS queue.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
queueUrl (string) -- [REQUIRED]
The URL of the Amazon SQS queue.
useBase64 (boolean) --
Specifies whether to use Base64 encoding.
kinesis (dict) --
Write data to an Amazon Kinesis stream.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the Amazon Kinesis stream.
streamName (string) -- [REQUIRED]
The name of the Amazon Kinesis stream.
partitionKey (string) --
The partition key.
republish (dict) --
Publish to another MQTT topic.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
topic (string) -- [REQUIRED]
The name of the MQTT topic.
qos (integer) --
The Quality of Service (QoS) level to use when republishing messages. The default value is 0.
s3 (dict) --
Write to an Amazon S3 bucket.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
bucketName (string) -- [REQUIRED]
The Amazon S3 bucket.
key (string) -- [REQUIRED]
The object key.
cannedAcl (string) --
The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs.
firehose (dict) --
Write to an Amazon Kinesis Firehose stream.
roleArn (string) -- [REQUIRED]
The IAM role that grants access to the Amazon Kinesis Firehose stream.
deliveryStreamName (string) -- [REQUIRED]
The delivery stream name.
separator (string) --
A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).
cloudwatchMetric (dict) --
Capture a CloudWatch metric.
roleArn (string) -- [REQUIRED]
The IAM role that allows access to the CloudWatch metric.
metricNamespace (string) -- [REQUIRED]
The CloudWatch metric namespace name.
metricName (string) -- [REQUIRED]
The CloudWatch metric name.
metricValue (string) -- [REQUIRED]
The CloudWatch metric value.
metricUnit (string) -- [REQUIRED]
The metric unit supported by CloudWatch.
metricTimestamp (string) --
An optional Unix timestamp.
cloudwatchAlarm (dict) --
Change the state of a CloudWatch alarm.
roleArn (string) -- [REQUIRED]
The IAM role that allows access to the CloudWatch alarm.
alarmName (string) -- [REQUIRED]
The CloudWatch alarm name.
stateReason (string) -- [REQUIRED]
The reason for the alarm change.
stateValue (string) -- [REQUIRED]
The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.
elasticsearch (dict) --
Write data to an Amazon Elasticsearch Service domain.
roleArn (string) -- [REQUIRED]
The IAM role ARN that has access to Elasticsearch.
endpoint (string) -- [REQUIRED]
The endpoint of your Elasticsearch domain.
index (string) -- [REQUIRED]
The Elasticsearch index where you want to store your data.
type (string) -- [REQUIRED]
The type of document you are storing.
id (string) -- [REQUIRED]
The unique identifier for the document you are storing.
salesforce (dict) --
Send a message to a Salesforce IoT Cloud Input Stream.
token (string) -- [REQUIRED]
The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
url (string) -- [REQUIRED]
The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
iotAnalytics (dict) --
Sends message data to an AWS IoT Analytics channel.
channelArn (string) --
(deprecated) The ARN of the IoT Analytics channel to which message data will be sent.
channelName (string) --
The name of the IoT Analytics channel to which message data will be sent.
roleArn (string) --
The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).
iotEvents (dict) --
Sends an input to an AWS IoT Events detector.
inputName (string) -- [REQUIRED]
The name of the AWS IoT Events input.
messageId (string) --
[Optional] Use this to ensure that only one input (message) with a given messageId will be processed by an AWS IoT Events detector.
roleArn (string) -- [REQUIRED]
The ARN of the role that grants AWS IoT permission to send an input to an AWS IoT Events detector. ("Action":"iotevents:BatchPutMessage").
iotSiteWise (dict) --
Sends data from the MQTT message that triggered the rule to AWS IoT SiteWise asset properties.
putAssetPropertyValueEntries (list) -- [REQUIRED]
A list of asset property value entries.
(dict) --
An asset property value entry containing the following information.
entryId (string) --
Optional. A unique identifier for this entry that you can define to better track which message caused an error in case of failure. Accepts substitution templates. Defaults to a new UUID.
assetId (string) --
The ID of the AWS IoT SiteWise asset. You must specify either a propertyAlias or both an analiasId and a propertyId . Accepts substitution templates.
propertyId (string) --
The ID of the asset's property. You must specify either a propertyAlias or both an analiasId and a propertyId . Accepts substitution templates.
propertyAlias (string) --
The name of the property alias associated with your asset property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyValues (list) -- [REQUIRED]
A list of property values to insert that each contain timestamp, quality, and value (TQV) information.
(dict) --
An asset property value entry containing the following information.
value (dict) -- [REQUIRED]
The value of the asset property.
stringValue (string) --
Optional. The string value of the value entry. Accepts substitution templates.
integerValue (string) --
Optional. A string that contains the integer value of the value entry. Accepts substitution templates.
doubleValue (string) --
Optional. A string that contains the double value of the value entry. Accepts substitution templates.
booleanValue (string) --
Optional. A string that contains the boolean value ( true or false ) of the value entry. Accepts substitution templates.
timestamp (dict) -- [REQUIRED]
The asset property value timestamp.
timeInSeconds (string) -- [REQUIRED]
A string that contains the time in seconds since epoch. Accepts substitution templates.
offsetInNanos (string) --
Optional. A string that contains the nanosecond time offset. Accepts substitution templates.
quality (string) --
Optional. A string that describes the quality of the value. Accepts substitution templates. Must be GOOD , BAD , or UNCERTAIN .
roleArn (string) -- [REQUIRED]
The ARN of the role that grants AWS IoT permission to send an asset property value to AWS IoTSiteWise. ( "Action": "iotsitewise:BatchPutAssetPropertyValue" ). The trust policy can restrict access to specific asset hierarchy paths.
stepFunctions (dict) --
Starts execution of a Step Functions state machine.
executionNamePrefix (string) --
(Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.
stateMachineName (string) -- [REQUIRED]
The name of the Step Functions state machine whose execution will be started.
roleArn (string) -- [REQUIRED]
The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").
http (dict) --
Send data to an HTTPS endpoint.
url (string) -- [REQUIRED]
The endpoint URL. If substitution templates are used in the URL, you must also specify a confirmationUrl . If this is a new destination, a new TopicRuleDestination is created if possible.
confirmationUrl (string) --
The URL to which AWS IoT sends a confirmation message. The value of the confirmation URL must be a prefix of the endpoint URL. If you do not specify a confirmation URL AWS IoT uses the endpoint URL as the confirmation URL. If you use substitution templates in the confirmationUrl, you must create and enable topic rule destinations that match each possible value of the substituion template before traffic is allowed to your endpoint URL.
headers (list) --
The HTTP headers to send with the message data.
(dict) --
The HTTP action header.
key (string) -- [REQUIRED]
The HTTP header key.
value (string) -- [REQUIRED]
The HTTP header value. Substitution templates are supported.
auth (dict) --
The authentication method to use when sending data to an HTTPS endpoint.
sigv4 (dict) --
Use Sig V4 authorization. For more information, see Signature Version 4 Signing Process.
signingRegion (string) -- [REQUIRED]
The signing region.
serviceName (string) -- [REQUIRED]
The service name to use while signing with Sig V4.
roleArn (string) -- [REQUIRED]
The ARN of the signing role.
ruleDisabled (boolean) --
Specifies whether the rule is disabled.
awsIotSqlVersion (string) --
The version of the SQL rules engine to use when evaluating the rule.
errorAction (dict) --
The action to take when an error occurs.
dynamoDB (dict) --
Write to a DynamoDB table.
tableName (string) -- [REQUIRED]
The name of the DynamoDB table.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the DynamoDB table.
operation (string) --
The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .
hashKeyField (string) -- [REQUIRED]
The hash key name.
hashKeyValue (string) -- [REQUIRED]
The hash key value.
hashKeyType (string) --
The hash key type. Valid values are "STRING" or "NUMBER"
rangeKeyField (string) --
The range key name.
rangeKeyValue (string) --
The range key value.
rangeKeyType (string) --
The range key type. Valid values are "STRING" or "NUMBER"
payloadField (string) --
The action payload. This name can be customized.
dynamoDBv2 (dict) --
Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the DynamoDB table.
putItem (dict) -- [REQUIRED]
Specifies the DynamoDB table to which the message data will be written. For example:
{ "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }
Each attribute in the message payload will be written to a separate column in the DynamoDB database.
tableName (string) -- [REQUIRED]
The table where the message data will be written.
lambda (dict) --
Invoke a Lambda function.
functionArn (string) -- [REQUIRED]
The ARN of the Lambda function.
sns (dict) --
Publish to an Amazon SNS topic.
targetArn (string) -- [REQUIRED]
The ARN of the SNS topic.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
messageFormat (string) --
(Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see https://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.
sqs (dict) --
Publish to an Amazon SQS queue.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
queueUrl (string) -- [REQUIRED]
The URL of the Amazon SQS queue.
useBase64 (boolean) --
Specifies whether to use Base64 encoding.
kinesis (dict) --
Write data to an Amazon Kinesis stream.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the Amazon Kinesis stream.
streamName (string) -- [REQUIRED]
The name of the Amazon Kinesis stream.
partitionKey (string) --
The partition key.
republish (dict) --
Publish to another MQTT topic.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
topic (string) -- [REQUIRED]
The name of the MQTT topic.
qos (integer) --
The Quality of Service (QoS) level to use when republishing messages. The default value is 0.
s3 (dict) --
Write to an Amazon S3 bucket.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
bucketName (string) -- [REQUIRED]
The Amazon S3 bucket.
key (string) -- [REQUIRED]
The object key.
cannedAcl (string) --
The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs.
firehose (dict) --
Write to an Amazon Kinesis Firehose stream.
roleArn (string) -- [REQUIRED]
The IAM role that grants access to the Amazon Kinesis Firehose stream.
deliveryStreamName (string) -- [REQUIRED]
The delivery stream name.
separator (string) --
A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).
cloudwatchMetric (dict) --
Capture a CloudWatch metric.
roleArn (string) -- [REQUIRED]
The IAM role that allows access to the CloudWatch metric.
metricNamespace (string) -- [REQUIRED]
The CloudWatch metric namespace name.
metricName (string) -- [REQUIRED]
The CloudWatch metric name.
metricValue (string) -- [REQUIRED]
The CloudWatch metric value.
metricUnit (string) -- [REQUIRED]
The metric unit supported by CloudWatch.
metricTimestamp (string) --
An optional Unix timestamp.
cloudwatchAlarm (dict) --
Change the state of a CloudWatch alarm.
roleArn (string) -- [REQUIRED]
The IAM role that allows access to the CloudWatch alarm.
alarmName (string) -- [REQUIRED]
The CloudWatch alarm name.
stateReason (string) -- [REQUIRED]
The reason for the alarm change.
stateValue (string) -- [REQUIRED]
The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.
elasticsearch (dict) --
Write data to an Amazon Elasticsearch Service domain.
roleArn (string) -- [REQUIRED]
The IAM role ARN that has access to Elasticsearch.
endpoint (string) -- [REQUIRED]
The endpoint of your Elasticsearch domain.
index (string) -- [REQUIRED]
The Elasticsearch index where you want to store your data.
type (string) -- [REQUIRED]
The type of document you are storing.
id (string) -- [REQUIRED]
The unique identifier for the document you are storing.
salesforce (dict) --
Send a message to a Salesforce IoT Cloud Input Stream.
token (string) -- [REQUIRED]
The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
url (string) -- [REQUIRED]
The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
iotAnalytics (dict) --
Sends message data to an AWS IoT Analytics channel.
channelArn (string) --
(deprecated) The ARN of the IoT Analytics channel to which message data will be sent.
channelName (string) --
The name of the IoT Analytics channel to which message data will be sent.
roleArn (string) --
The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).
iotEvents (dict) --
Sends an input to an AWS IoT Events detector.
inputName (string) -- [REQUIRED]
The name of the AWS IoT Events input.
messageId (string) --
[Optional] Use this to ensure that only one input (message) with a given messageId will be processed by an AWS IoT Events detector.
roleArn (string) -- [REQUIRED]
The ARN of the role that grants AWS IoT permission to send an input to an AWS IoT Events detector. ("Action":"iotevents:BatchPutMessage").
iotSiteWise (dict) --
Sends data from the MQTT message that triggered the rule to AWS IoT SiteWise asset properties.
putAssetPropertyValueEntries (list) -- [REQUIRED]
A list of asset property value entries.
(dict) --
An asset property value entry containing the following information.
entryId (string) --
Optional. A unique identifier for this entry that you can define to better track which message caused an error in case of failure. Accepts substitution templates. Defaults to a new UUID.
assetId (string) --
The ID of the AWS IoT SiteWise asset. You must specify either a propertyAlias or both an analiasId and a propertyId . Accepts substitution templates.
propertyId (string) --
The ID of the asset's property. You must specify either a propertyAlias or both an analiasId and a propertyId . Accepts substitution templates.
propertyAlias (string) --
The name of the property alias associated with your asset property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyValues (list) -- [REQUIRED]
A list of property values to insert that each contain timestamp, quality, and value (TQV) information.
(dict) --
An asset property value entry containing the following information.
value (dict) -- [REQUIRED]
The value of the asset property.
stringValue (string) --
Optional. The string value of the value entry. Accepts substitution templates.
integerValue (string) --
Optional. A string that contains the integer value of the value entry. Accepts substitution templates.
doubleValue (string) --
Optional. A string that contains the double value of the value entry. Accepts substitution templates.
booleanValue (string) --
Optional. A string that contains the boolean value ( true or false ) of the value entry. Accepts substitution templates.
timestamp (dict) -- [REQUIRED]
The asset property value timestamp.
timeInSeconds (string) -- [REQUIRED]
A string that contains the time in seconds since epoch. Accepts substitution templates.
offsetInNanos (string) --
Optional. A string that contains the nanosecond time offset. Accepts substitution templates.
quality (string) --
Optional. A string that describes the quality of the value. Accepts substitution templates. Must be GOOD , BAD , or UNCERTAIN .
roleArn (string) -- [REQUIRED]
The ARN of the role that grants AWS IoT permission to send an asset property value to AWS IoTSiteWise. ( "Action": "iotsitewise:BatchPutAssetPropertyValue" ). The trust policy can restrict access to specific asset hierarchy paths.
stepFunctions (dict) --
Starts execution of a Step Functions state machine.
executionNamePrefix (string) --
(Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.
stateMachineName (string) -- [REQUIRED]
The name of the Step Functions state machine whose execution will be started.
roleArn (string) -- [REQUIRED]
The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").
http (dict) --
Send data to an HTTPS endpoint.
url (string) -- [REQUIRED]
The endpoint URL. If substitution templates are used in the URL, you must also specify a confirmationUrl . If this is a new destination, a new TopicRuleDestination is created if possible.
confirmationUrl (string) --
The URL to which AWS IoT sends a confirmation message. The value of the confirmation URL must be a prefix of the endpoint URL. If you do not specify a confirmation URL AWS IoT uses the endpoint URL as the confirmation URL. If you use substitution templates in the confirmationUrl, you must create and enable topic rule destinations that match each possible value of the substituion template before traffic is allowed to your endpoint URL.
headers (list) --
The HTTP headers to send with the message data.
(dict) --
The HTTP action header.
key (string) -- [REQUIRED]
The HTTP header key.
value (string) -- [REQUIRED]
The HTTP header value. Substitution templates are supported.
auth (dict) --
The authentication method to use when sending data to an HTTPS endpoint.
sigv4 (dict) --
Use Sig V4 authorization. For more information, see Signature Version 4 Signing Process.
signingRegion (string) -- [REQUIRED]
The signing region.
serviceName (string) -- [REQUIRED]
The service name to use while signing with Sig V4.
roleArn (string) -- [REQUIRED]
The ARN of the signing role.
None
{'httpContext': {'headers': {'string': 'string'}, 'queryString': 'string'},
'mqttContext': {'clientId': 'string',
'password': 'blob',
'username': 'string'},
'tlsContext': {'serverName': 'string'}}
Tests a custom authorization behavior by invoking a specified custom authorizer. Use this to test and debug the custom authorization behavior of devices that connect to the AWS IoT device gateway.
See also: AWS API Documentation
Request Syntax
client.test_invoke_authorizer(
authorizerName='string',
token='string',
tokenSignature='string',
httpContext={
'headers': {
'string': 'string'
},
'queryString': 'string'
},
mqttContext={
'username': 'string',
'password': b'bytes',
'clientId': 'string'
},
tlsContext={
'serverName': 'string'
}
)
string
[REQUIRED]
The custom authorizer name.
string
The token returned by your custom authentication service.
string
The signature made with the token and your custom authentication service's private key.
dict
Specifies a test HTTP authorization request.
headers (dict) --
The header keys and values in an HTTP authorization request.
(string) --
(string) --
queryString (string) --
The query string keys and values in an HTTP authorization request.
dict
Specifies a test MQTT authorization request.>
username (string) --
The value of the username key in an MQTT authorization request.
password (bytes) --
The value of the password key in an MQTT authorization request.
clientId (string) --
The value of the clientId key in an MQTT authorization request.
dict
Specifies a test TLS authorization request.
serverName (string) --
The value of the serverName key in a TLS authorization request.
dict
Response Syntax
{
'isAuthenticated': True|False,
'principalId': 'string',
'policyDocuments': [
'string',
],
'refreshAfterInSeconds': 123,
'disconnectAfterInSeconds': 123
}
Response Structure
(dict) --
isAuthenticated (boolean) --
True if the token is authenticated, otherwise false.
principalId (string) --
The principal ID.
policyDocuments (list) --
IAM policy documents.
(string) --
refreshAfterInSeconds (integer) --
The number of seconds after which the temporary credentials are refreshed.
disconnectAfterInSeconds (integer) --
The number of seconds after which the connection is terminated.