2020/12/15 - AWS IoT - 11 new 14 updated api methods
Changes AWS IoT Rules Engine adds Kafka Action that allows sending data to Apache Kafka clusters inside a VPC. AWS IoT Device Defender adds custom metrics and machine-learning based anomaly detection.
Starts a Device Defender ML Detect mitigation actions task.
See also: AWS API Documentation
Request Syntax
client.start_detect_mitigation_actions_task(
taskId='string',
target={
'violationIds': [
'string',
],
'securityProfileName': 'string',
'behaviorName': 'string'
},
actions=[
'string',
],
violationEventOccurrenceRange={
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1)
},
includeOnlyActiveViolations=True|False,
includeSuppressedAlerts=True|False,
clientRequestToken='string'
)
string
[REQUIRED]
The unique identifier of the task.
dict
[REQUIRED]
Specifies the ML Detect findings to which the mitigation actions are applied.
violationIds (list) --
The unique identifiers of the violations.
(string) --
securityProfileName (string) --
The name of the security profile.
behaviorName (string) --
The name of the behavior.
list
[REQUIRED]
The actions to be performed when a device has unexpected behavior.
(string) --
dict
Specifies the time period of which violation events occurred between.
startTime (datetime) -- [REQUIRED]
The start date and time of a time period in which violation events occurred.
endTime (datetime) -- [REQUIRED]
The end date and time of a time period in which violation events occurred.
boolean
Specifies to list only active violations.
boolean
Specifies to include suppressed alerts.
string
[REQUIRED]
Each mitigation action task must have a unique client request token. If you try to create a new task with the same token as a task that already exists, an exception occurs. If you omit this value, AWS SDKs will automatically generate a unique client request.
This field is autopopulated if not provided.
dict
Response Syntax
{
'taskId': 'string'
}
Response Structure
(dict) --
taskId (string) --
The unique identifier of the task.
Returns a Device Defender's ML Detect Security Profile training model's status.
See also: AWS API Documentation
Request Syntax
client.get_behavior_model_training_summaries(
securityProfileName='string',
maxResults=123,
nextToken='string'
)
string
The name of the security profile.
integer
The maximum number of results to return at one time. The default is 25.
string
The token for the next set of results.
dict
Response Syntax
{
'summaries': [
{
'securityProfileName': 'string',
'behaviorName': 'string',
'trainingDataCollectionStartDate': datetime(2015, 1, 1),
'modelStatus': 'PENDING_BUILD'|'ACTIVE'|'EXPIRED',
'datapointsCollectionPercentage': 123.0,
'lastModelRefreshDate': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
summaries (list) --
A list of all ML Detect behaviors and their model status for a given Security Profile.
(dict) --
The summary of an ML Detect behavior model.
securityProfileName (string) --
The name of the security profile.
behaviorName (string) --
The name of the behavior.
trainingDataCollectionStartDate (datetime) --
The date a training model started collecting data.
modelStatus (string) --
The status of the behavior model.
datapointsCollectionPercentage (float) --
The percentage of datapoints collected.
lastModelRefreshDate (datetime) --
The date the model was last refreshed.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
Use this API to define a Custom Metric published by your devices to Device Defender.
See also: AWS API Documentation
Request Syntax
client.create_custom_metric(
metricName='string',
displayName='string',
metricType='string-list'|'ip-address-list'|'number-list'|'number',
tags=[
{
'Key': 'string',
'Value': 'string'
},
],
clientRequestToken='string'
)
string
[REQUIRED]
The name of the custom metric. This will be used in the metric report submitted from the device/thing. Shouldn't begin with aws: . Cannot be updated once defined.
string
Field represents a friendly name in the console for the custom metric; it doesn't have to be unique. Don't use this name as the metric identifier in the device metric report. Can be updated once defined.
string
[REQUIRED]
The type of the custom metric. Types include string-list , ip-address-list , number-list , and number .
list
Metadata that can be used to manage the custom metric.
(dict) --
A set of key/value pairs that are used to manage the resource.
Key (string) -- [REQUIRED]
The tag's key.
Value (string) --
The tag's value.
string
[REQUIRED]
Each custom metric must have a unique client request token. If you try to create a new custom metric that already exists with a different token, an exception occurs. If you omit this value, AWS SDKs will automatically generate a unique client request.
This field is autopopulated if not provided.
dict
Response Syntax
{
'metricName': 'string',
'metricArn': 'string'
}
Response Structure
(dict) --
metricName (string) --
The name of the custom metric to be used in the metric report.
metricArn (string) --
The Amazon Resource Number (ARN) of the custom metric, e.g. arn:aws-partition:iot:region:accountId:custommetric/metricName
Updates a Device Defender detect custom metric.
See also: AWS API Documentation
Request Syntax
client.update_custom_metric(
metricName='string',
displayName='string'
)
string
[REQUIRED]
The name of the custom metric. Cannot be updated.
string
[REQUIRED]
Field represents a friendly name in the console for the custom metric, it doesn't have to be unique. Don't use this name as the metric identifier in the device metric report. Can be updated.
dict
Response Syntax
{
'metricName': 'string',
'metricArn': 'string',
'metricType': 'string-list'|'ip-address-list'|'number-list'|'number',
'displayName': 'string',
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1)
}
Response Structure
(dict) --
metricName (string) --
The name of the custom metric.
metricArn (string) --
The Amazon Resource Number (ARN) of the custom metric.
metricType (string) --
The type of the custom metric. Types include string-list , ip-address-list , number-list , and number .
displayName (string) --
A friendly name in the console for the custom metric
creationDate (datetime) --
The creation date of the custom metric in milliseconds since epoch.
lastModifiedDate (datetime) --
The time the custom metric was last modified in milliseconds since epoch.
Note
Before you can delete a custom metric, you must first remove the custom metric from all security profiles it's a part of. The security profile associated with the custom metric can be found using the ListSecurityProfiles API with metricName set to your custom metric name.
Deletes a Device Defender detect custom metric.
See also: AWS API Documentation
Request Syntax
client.delete_custom_metric(
metricName='string'
)
string
[REQUIRED]
The name of the custom metric.
dict
Response Syntax
{}
Response Structure
(dict) --
Lists your Device Defender detect custom metrics.
See also: AWS API Documentation
Request Syntax
client.list_custom_metrics(
nextToken='string',
maxResults=123
)
string
The token for the next set of results.
integer
The maximum number of results to return at one time. The default is 25.
dict
Response Syntax
{
'metricNames': [
'string',
],
'nextToken': 'string'
}
Response Structure
(dict) --
metricNames (list) --
The name of the custom metric.
(string) --
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
List of Device Defender ML Detect mitigation actions tasks.
See also: AWS API Documentation
Request Syntax
client.list_detect_mitigation_actions_tasks(
maxResults=123,
nextToken='string',
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1)
)
integer
The maximum number of results to return at one time. The default is 25.
string
The token for the next set of results.
datetime
[REQUIRED]
A filter to limit results to those found after the specified time. You must specify either the startTime and endTime or the taskId, but not both.
datetime
[REQUIRED]
The end of the time period for which ML Detect mitigation actions tasks are returned.
dict
Response Syntax
{
'tasks': [
{
'taskId': 'string',
'taskStatus': 'IN_PROGRESS'|'SUCCESSFUL'|'FAILED'|'CANCELED',
'taskStartTime': datetime(2015, 1, 1),
'taskEndTime': datetime(2015, 1, 1),
'target': {
'violationIds': [
'string',
],
'securityProfileName': 'string',
'behaviorName': 'string'
},
'violationEventOccurrenceRange': {
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1)
},
'onlyActiveViolationsIncluded': True|False,
'suppressedAlertsIncluded': True|False,
'actionsDefinition': [
{
'name': 'string',
'id': 'string',
'roleArn': 'string',
'actionParams': {
'updateDeviceCertificateParams': {
'action': 'DEACTIVATE'
},
'updateCACertificateParams': {
'action': 'DEACTIVATE'
},
'addThingsToThingGroupParams': {
'thingGroupNames': [
'string',
],
'overrideDynamicGroups': True|False
},
'replaceDefaultPolicyVersionParams': {
'templateName': 'BLANK_POLICY'
},
'enableIoTLoggingParams': {
'roleArnForLogging': 'string',
'logLevel': 'DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED'
},
'publishFindingToSnsParams': {
'topicArn': 'string'
}
}
},
],
'taskStatistics': {
'actionsExecuted': 123,
'actionsSkipped': 123,
'actionsFailed': 123
}
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
tasks (list) --
The collection of ML Detect mitigation tasks that matched the filter criteria.
(dict) --
The summary of the mitigation action tasks.
taskId (string) --
The unique identifier of the task.
taskStatus (string) --
The status of the task.
taskStartTime (datetime) --
The date the task started.
taskEndTime (datetime) --
The date the task ended.
target (dict) --
Specifies the ML Detect findings to which the mitigation actions are applied.
violationIds (list) --
The unique identifiers of the violations.
(string) --
securityProfileName (string) --
The name of the security profile.
behaviorName (string) --
The name of the behavior.
violationEventOccurrenceRange (dict) --
Specifies the time period of which violation events occurred between.
startTime (datetime) --
The start date and time of a time period in which violation events occurred.
endTime (datetime) --
The end date and time of a time period in which violation events occurred.
onlyActiveViolationsIncluded (boolean) --
Includes only active violations.
suppressedAlertsIncluded (boolean) --
Includes suppressed alerts.
actionsDefinition (list) --
The definition of the actions.
(dict) --
Describes which changes should be applied as part of a mitigation action.
name (string) --
A user-friendly name for the mitigation action.
id (string) --
A unique identifier for the mitigation action.
roleArn (string) --
The IAM role ARN used to apply this mitigation action.
actionParams (dict) --
The set of parameters for this mitigation action. The parameters vary, depending on the kind of action you apply.
updateDeviceCertificateParams (dict) --
Parameters to define a mitigation action that changes the state of the device certificate to inactive.
action (string) --
The action that you want to apply to the device certificate. The only supported value is DEACTIVATE .
updateCACertificateParams (dict) --
Parameters to define a mitigation action that changes the state of the CA certificate to inactive.
action (string) --
The action that you want to apply to the CA certificate. The only supported value is DEACTIVATE .
addThingsToThingGroupParams (dict) --
Parameters to define a mitigation action that moves devices associated with a certificate to one or more specified thing groups, typically for quarantine.
thingGroupNames (list) --
The list of groups to which you want to add the things that triggered the mitigation action. You can add a thing to a maximum of 10 groups, but you can't add a thing to more than one group in the same hierarchy.
(string) --
overrideDynamicGroups (boolean) --
Specifies if this mitigation action can move the things that triggered the mitigation action even if they are part of one or more dynamic thing groups.
replaceDefaultPolicyVersionParams (dict) --
Parameters to define a mitigation action that adds a blank policy to restrict permissions.
templateName (string) --
The name of the template to be applied. The only supported value is BLANK_POLICY .
enableIoTLoggingParams (dict) --
Parameters to define a mitigation action that enables AWS IoT logging at a specified level of detail.
roleArnForLogging (string) --
The Amazon Resource Name (ARN) of the IAM role used for logging.
logLevel (string) --
Specifies the type of information to be logged.
publishFindingToSnsParams (dict) --
Parameters to define a mitigation action that publishes findings to Amazon Simple Notification Service (Amazon SNS. You can implement your own custom actions in response to the Amazon SNS messages.
topicArn (string) --
The ARN of the topic to which you want to publish the findings.
taskStatistics (dict) --
The statistics of a mitigation action task.
actionsExecuted (integer) --
The actions that were performed.
actionsSkipped (integer) --
The actions that were skipped.
actionsFailed (integer) --
The actions that failed.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
Lists mitigation actions executions for a Device Defender ML Detect Security Profile.
See also: AWS API Documentation
Request Syntax
client.list_detect_mitigation_actions_executions(
taskId='string',
violationId='string',
thingName='string',
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1),
maxResults=123,
nextToken='string'
)
string
The unique identifier of the task.
string
The unique identifier of the violation.
string
The name of the thing whose mitigation actions are listed.
datetime
A filter to limit results to those found after the specified time. You must specify either the startTime and endTime or the taskId, but not both.
datetime
The end of the time period for which ML Detect mitigation actions executions are returned.
integer
The maximum number of results to return at one time. The default is 25.
string
The token for the next set of results.
dict
Response Syntax
{
'actionsExecutions': [
{
'taskId': 'string',
'violationId': 'string',
'actionName': 'string',
'thingName': 'string',
'executionStartDate': datetime(2015, 1, 1),
'executionEndDate': datetime(2015, 1, 1),
'status': 'IN_PROGRESS'|'SUCCESSFUL'|'FAILED'|'SKIPPED',
'errorCode': 'string',
'message': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
actionsExecutions (list) --
List of actions executions.
(dict) --
Describes which mitigation actions should be executed.
taskId (string) --
The unique identifier of the task.
violationId (string) --
The unique identifier of the violation.
actionName (string) --
The friendly name that uniquely identifies the mitigation action.
thingName (string) --
The name of the thing.
executionStartDate (datetime) --
The date a mitigation action was started.
executionEndDate (datetime) --
The date a mitigation action ended.
status (string) --
The status of a mitigation action.
errorCode (string) --
The error code of a mitigation action.
message (string) --
The message of a mitigation action.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
Gets information about a Device Defender detect custom metric.
See also: AWS API Documentation
Request Syntax
client.describe_custom_metric(
metricName='string'
)
string
[REQUIRED]
The name of the custom metric.
dict
Response Syntax
{
'metricName': 'string',
'metricArn': 'string',
'metricType': 'string-list'|'ip-address-list'|'number-list'|'number',
'displayName': 'string',
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1)
}
Response Structure
(dict) --
metricName (string) --
The name of the custom metric.
metricArn (string) --
The Amazon Resource Number (ARN) of the custom metric.
metricType (string) --
The type of the custom metric. Types include string-list , ip-address-list , number-list , and number .
displayName (string) --
Field represents a friendly name in the console for the custom metric; doesn't have to be unique. Don't use this name as the metric identifier in the device metric report. Can be updated.
creationDate (datetime) --
The creation date of the custom metric in milliseconds since epoch.
lastModifiedDate (datetime) --
The time the custom metric was last modified in milliseconds since epoch.
Gets information about a Device Defender ML Detect mitigation action.
See also: AWS API Documentation
Request Syntax
client.describe_detect_mitigation_actions_task(
taskId='string'
)
string
[REQUIRED]
The unique identifier of the task.
dict
Response Syntax
{
'taskSummary': {
'taskId': 'string',
'taskStatus': 'IN_PROGRESS'|'SUCCESSFUL'|'FAILED'|'CANCELED',
'taskStartTime': datetime(2015, 1, 1),
'taskEndTime': datetime(2015, 1, 1),
'target': {
'violationIds': [
'string',
],
'securityProfileName': 'string',
'behaviorName': 'string'
},
'violationEventOccurrenceRange': {
'startTime': datetime(2015, 1, 1),
'endTime': datetime(2015, 1, 1)
},
'onlyActiveViolationsIncluded': True|False,
'suppressedAlertsIncluded': True|False,
'actionsDefinition': [
{
'name': 'string',
'id': 'string',
'roleArn': 'string',
'actionParams': {
'updateDeviceCertificateParams': {
'action': 'DEACTIVATE'
},
'updateCACertificateParams': {
'action': 'DEACTIVATE'
},
'addThingsToThingGroupParams': {
'thingGroupNames': [
'string',
],
'overrideDynamicGroups': True|False
},
'replaceDefaultPolicyVersionParams': {
'templateName': 'BLANK_POLICY'
},
'enableIoTLoggingParams': {
'roleArnForLogging': 'string',
'logLevel': 'DEBUG'|'INFO'|'ERROR'|'WARN'|'DISABLED'
},
'publishFindingToSnsParams': {
'topicArn': 'string'
}
}
},
],
'taskStatistics': {
'actionsExecuted': 123,
'actionsSkipped': 123,
'actionsFailed': 123
}
}
}
Response Structure
(dict) --
taskSummary (dict) --
The description of a task.
taskId (string) --
The unique identifier of the task.
taskStatus (string) --
The status of the task.
taskStartTime (datetime) --
The date the task started.
taskEndTime (datetime) --
The date the task ended.
target (dict) --
Specifies the ML Detect findings to which the mitigation actions are applied.
violationIds (list) --
The unique identifiers of the violations.
(string) --
securityProfileName (string) --
The name of the security profile.
behaviorName (string) --
The name of the behavior.
violationEventOccurrenceRange (dict) --
Specifies the time period of which violation events occurred between.
startTime (datetime) --
The start date and time of a time period in which violation events occurred.
endTime (datetime) --
The end date and time of a time period in which violation events occurred.
onlyActiveViolationsIncluded (boolean) --
Includes only active violations.
suppressedAlertsIncluded (boolean) --
Includes suppressed alerts.
actionsDefinition (list) --
The definition of the actions.
(dict) --
Describes which changes should be applied as part of a mitigation action.
name (string) --
A user-friendly name for the mitigation action.
id (string) --
A unique identifier for the mitigation action.
roleArn (string) --
The IAM role ARN used to apply this mitigation action.
actionParams (dict) --
The set of parameters for this mitigation action. The parameters vary, depending on the kind of action you apply.
updateDeviceCertificateParams (dict) --
Parameters to define a mitigation action that changes the state of the device certificate to inactive.
action (string) --
The action that you want to apply to the device certificate. The only supported value is DEACTIVATE .
updateCACertificateParams (dict) --
Parameters to define a mitigation action that changes the state of the CA certificate to inactive.
action (string) --
The action that you want to apply to the CA certificate. The only supported value is DEACTIVATE .
addThingsToThingGroupParams (dict) --
Parameters to define a mitigation action that moves devices associated with a certificate to one or more specified thing groups, typically for quarantine.
thingGroupNames (list) --
The list of groups to which you want to add the things that triggered the mitigation action. You can add a thing to a maximum of 10 groups, but you can't add a thing to more than one group in the same hierarchy.
(string) --
overrideDynamicGroups (boolean) --
Specifies if this mitigation action can move the things that triggered the mitigation action even if they are part of one or more dynamic thing groups.
replaceDefaultPolicyVersionParams (dict) --
Parameters to define a mitigation action that adds a blank policy to restrict permissions.
templateName (string) --
The name of the template to be applied. The only supported value is BLANK_POLICY .
enableIoTLoggingParams (dict) --
Parameters to define a mitigation action that enables AWS IoT logging at a specified level of detail.
roleArnForLogging (string) --
The Amazon Resource Name (ARN) of the IAM role used for logging.
logLevel (string) --
Specifies the type of information to be logged.
publishFindingToSnsParams (dict) --
Parameters to define a mitigation action that publishes findings to Amazon Simple Notification Service (Amazon SNS. You can implement your own custom actions in response to the Amazon SNS messages.
topicArn (string) --
The ARN of the topic to which you want to publish the findings.
taskStatistics (dict) --
The statistics of a mitigation action task.
actionsExecuted (integer) --
The actions that were performed.
actionsSkipped (integer) --
The actions that were skipped.
actionsFailed (integer) --
The actions that failed.
Cancels a Device Defender ML Detect mitigation action.
See also: AWS API Documentation
Request Syntax
client.cancel_detect_mitigation_actions_task(
taskId='string'
)
string
[REQUIRED]
The unique identifier of the task.
dict
Response Syntax
{}
Response Structure
(dict) --
{'behaviors': {'criteria': {'comparisonOperator': {'in-set', 'not-in-set'},
'mlDetectionConfig': {'confidenceLevel': 'LOW | '
'MEDIUM | '
'HIGH'},
'value': {'number': 'double',
'numbers': ['double'],
'strings': ['string']}},
'suppressAlerts': 'boolean'}}
Creates a Device Defender security profile.
See also: AWS API Documentation
Request Syntax
client.create_security_profile(
securityProfileName='string',
securityProfileDescription='string',
behaviors=[
{
'name': 'string',
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
},
'criteria': {
'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set'|'in-set'|'not-in-set',
'value': {
'count': 123,
'cidrs': [
'string',
],
'ports': [
123,
],
'number': 123.0,
'numbers': [
123.0,
],
'strings': [
'string',
]
},
'durationSeconds': 123,
'consecutiveDatapointsToAlarm': 123,
'consecutiveDatapointsToClear': 123,
'statisticalThreshold': {
'statistic': 'string'
},
'mlDetectionConfig': {
'confidenceLevel': 'LOW'|'MEDIUM'|'HIGH'
}
},
'suppressAlerts': True|False
},
],
alertTargets={
'string': {
'alertTargetArn': 'string',
'roleArn': 'string'
}
},
additionalMetricsToRetain=[
'string',
],
additionalMetricsToRetainV2=[
{
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
}
},
],
tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
string
[REQUIRED]
The name you are giving to the security profile.
string
A description of the security profile.
list
Specifies the behaviors that, when violated by a device (thing), cause an alert.
(dict) --
A Device Defender security profile behavior.
name (string) -- [REQUIRED]
The name you've given to the behavior.
metric (string) --
What is measured by the behavior.
metricDimension (dict) --
The dimension for a metric in your behavior. For example, using a TOPIC_FILTER dimension, you can narrow down the scope of the metric to only MQTT topics where the name matches the pattern specified in the dimension. This can't be used with custom metrics.
dimensionName (string) -- [REQUIRED]
A unique identifier for the dimension.
operator (string) --
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
criteria (dict) --
The criteria that determine if a device is behaving normally in regard to the metric .
comparisonOperator (string) --
The operator that relates the thing measured ( metric ) to the criteria (containing a value or statisticalThreshold ). Valid operators include:
string-list : in-set and not-in-set
number-list : in-set and not-in-set
ip-address-list : in-cidr-set and not-in-cidr-set
number : less-than , less-than-equals , greater-than , and greater-than-equals
value (dict) --
The value to be compared with the metric .
count (integer) --
If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .
cidrs (list) --
If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .
(string) --
ports (list) --
If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .
(integer) --
number (float) --
The numeral value of a metric.
numbers (list) --
The numeral values of a metric.
(float) --
strings (list) --
The string values of a metric.
(string) --
durationSeconds (integer) --
Use this to specify the time duration over which the behavior is evaluated, for those criteria that have a time dimension (for example, NUM_MESSAGES_SENT ). For a statisticalThreshhold metric comparison, measurements from all devices are accumulated over this time duration before being used to calculate percentiles, and later, measurements from an individual device are also accumulated over this time duration before being given a percentile rank. Cannot be used with list-based metric datatypes.
consecutiveDatapointsToAlarm (integer) --
If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.
consecutiveDatapointsToClear (integer) --
If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.
statisticalThreshold (dict) --
A statistical ranking (percentile)that indicates a threshold value by which a behavior is determined to be in compliance or in violation of the behavior.
statistic (string) --
The percentile that resolves to a threshold value by which compliance with a behavior is determined. Metrics are collected over the specified period ( durationSeconds ) from all reporting devices in your account and statistical ranks are calculated. Then, the measurements from a device are collected over the same period. If the accumulated measurements from the device fall above or below ( comparisonOperator ) the value associated with the percentile specified, then the device is considered to be in compliance with the behavior, otherwise a violation occurs.
mlDetectionConfig (dict) --
The configuration of an ML Detect
confidenceLevel (string) -- [REQUIRED]
The sensitivity of anomalous behavior evaluation. Can be Low , Medium , or High .
suppressAlerts (boolean) --
Suppresses alerts.
dict
Specifies the destinations to which alerts are sent. (Alerts are always sent to the console.) Alerts are generated when a device (thing) violates a behavior.
(string) --
The type of alert target: one of "SNS".
(dict) --
A structure containing the alert target ARN and the role ARN.
alertTargetArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the notification target to which alerts are sent.
roleArn (string) -- [REQUIRED]
The ARN of the role that grants permission to send alerts to the notification target.
list
Please use CreateSecurityProfileRequest$additionalMetricsToRetainV2 instead.
A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors , but it is also retained for any metric specified here. Can be used with custom metrics; cannot be used with dimensions.
(string) --
list
A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors , but it is also retained for any metric specified here. Can be used with custom metrics; cannot be used with dimensions.
(dict) --
The metric you want to retain. Dimensions are optional.
metric (string) -- [REQUIRED]
What is measured by the behavior.
metricDimension (dict) --
The dimension of a metric. This can't be used with custom metrics.
dimensionName (string) -- [REQUIRED]
A unique identifier for the dimension.
operator (string) --
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
list
Metadata that can be used to manage the security profile.
(dict) --
A set of key/value pairs that are used to manage the resource.
Key (string) -- [REQUIRED]
The tag's key.
Value (string) --
The tag's value.
dict
Response Syntax
{
'securityProfileName': 'string',
'securityProfileArn': 'string'
}
Response Structure
(dict) --
securityProfileName (string) --
The name you gave to the security profile.
securityProfileArn (string) --
The ARN of the security profile.
{'topicRulePayload': {'actions': {'kafka': {'clientProperties': {'string': 'string'},
'destinationArn': 'string',
'key': 'string',
'partition': 'string',
'topic': 'string'}},
'errorAction': {'kafka': {'clientProperties': {'string': 'string'},
'destinationArn': 'string',
'key': 'string',
'partition': 'string',
'topic': 'string'}}}}
Creates a rule. Creating rules is an administrator-level action. Any user who has permission to create rules will be able to access data processed by the rule.
See also: AWS API Documentation
Request Syntax
client.create_topic_rule(
ruleName='string',
topicRulePayload={
'sql': 'string',
'description': 'string',
'actions': [
{
'dynamoDB': {
'tableName': 'string',
'roleArn': 'string',
'operation': 'string',
'hashKeyField': 'string',
'hashKeyValue': 'string',
'hashKeyType': 'STRING'|'NUMBER',
'rangeKeyField': 'string',
'rangeKeyValue': 'string',
'rangeKeyType': 'STRING'|'NUMBER',
'payloadField': 'string'
},
'dynamoDBv2': {
'roleArn': 'string',
'putItem': {
'tableName': 'string'
}
},
'lambda': {
'functionArn': 'string'
},
'sns': {
'targetArn': 'string',
'roleArn': 'string',
'messageFormat': 'RAW'|'JSON'
},
'sqs': {
'roleArn': 'string',
'queueUrl': 'string',
'useBase64': True|False
},
'kinesis': {
'roleArn': 'string',
'streamName': 'string',
'partitionKey': 'string'
},
'republish': {
'roleArn': 'string',
'topic': 'string',
'qos': 123
},
's3': {
'roleArn': 'string',
'bucketName': 'string',
'key': 'string',
'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
},
'firehose': {
'roleArn': 'string',
'deliveryStreamName': 'string',
'separator': 'string',
'batchMode': True|False
},
'cloudwatchMetric': {
'roleArn': 'string',
'metricNamespace': 'string',
'metricName': 'string',
'metricValue': 'string',
'metricUnit': 'string',
'metricTimestamp': 'string'
},
'cloudwatchAlarm': {
'roleArn': 'string',
'alarmName': 'string',
'stateReason': 'string',
'stateValue': 'string'
},
'cloudwatchLogs': {
'roleArn': 'string',
'logGroupName': 'string'
},
'elasticsearch': {
'roleArn': 'string',
'endpoint': 'string',
'index': 'string',
'type': 'string',
'id': 'string'
},
'salesforce': {
'token': 'string',
'url': 'string'
},
'iotAnalytics': {
'channelArn': 'string',
'channelName': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotEvents': {
'inputName': 'string',
'messageId': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotSiteWise': {
'putAssetPropertyValueEntries': [
{
'entryId': 'string',
'assetId': 'string',
'propertyId': 'string',
'propertyAlias': 'string',
'propertyValues': [
{
'value': {
'stringValue': 'string',
'integerValue': 'string',
'doubleValue': 'string',
'booleanValue': 'string'
},
'timestamp': {
'timeInSeconds': 'string',
'offsetInNanos': 'string'
},
'quality': 'string'
},
]
},
],
'roleArn': 'string'
},
'stepFunctions': {
'executionNamePrefix': 'string',
'stateMachineName': 'string',
'roleArn': 'string'
},
'timestream': {
'roleArn': 'string',
'databaseName': 'string',
'tableName': 'string',
'dimensions': [
{
'name': 'string',
'value': 'string'
},
],
'timestamp': {
'value': 'string',
'unit': 'string'
}
},
'http': {
'url': 'string',
'confirmationUrl': 'string',
'headers': [
{
'key': 'string',
'value': 'string'
},
],
'auth': {
'sigv4': {
'signingRegion': 'string',
'serviceName': 'string',
'roleArn': 'string'
}
}
},
'kafka': {
'destinationArn': 'string',
'topic': 'string',
'key': 'string',
'partition': 'string',
'clientProperties': {
'string': 'string'
}
}
},
],
'ruleDisabled': True|False,
'awsIotSqlVersion': 'string',
'errorAction': {
'dynamoDB': {
'tableName': 'string',
'roleArn': 'string',
'operation': 'string',
'hashKeyField': 'string',
'hashKeyValue': 'string',
'hashKeyType': 'STRING'|'NUMBER',
'rangeKeyField': 'string',
'rangeKeyValue': 'string',
'rangeKeyType': 'STRING'|'NUMBER',
'payloadField': 'string'
},
'dynamoDBv2': {
'roleArn': 'string',
'putItem': {
'tableName': 'string'
}
},
'lambda': {
'functionArn': 'string'
},
'sns': {
'targetArn': 'string',
'roleArn': 'string',
'messageFormat': 'RAW'|'JSON'
},
'sqs': {
'roleArn': 'string',
'queueUrl': 'string',
'useBase64': True|False
},
'kinesis': {
'roleArn': 'string',
'streamName': 'string',
'partitionKey': 'string'
},
'republish': {
'roleArn': 'string',
'topic': 'string',
'qos': 123
},
's3': {
'roleArn': 'string',
'bucketName': 'string',
'key': 'string',
'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
},
'firehose': {
'roleArn': 'string',
'deliveryStreamName': 'string',
'separator': 'string',
'batchMode': True|False
},
'cloudwatchMetric': {
'roleArn': 'string',
'metricNamespace': 'string',
'metricName': 'string',
'metricValue': 'string',
'metricUnit': 'string',
'metricTimestamp': 'string'
},
'cloudwatchAlarm': {
'roleArn': 'string',
'alarmName': 'string',
'stateReason': 'string',
'stateValue': 'string'
},
'cloudwatchLogs': {
'roleArn': 'string',
'logGroupName': 'string'
},
'elasticsearch': {
'roleArn': 'string',
'endpoint': 'string',
'index': 'string',
'type': 'string',
'id': 'string'
},
'salesforce': {
'token': 'string',
'url': 'string'
},
'iotAnalytics': {
'channelArn': 'string',
'channelName': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotEvents': {
'inputName': 'string',
'messageId': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotSiteWise': {
'putAssetPropertyValueEntries': [
{
'entryId': 'string',
'assetId': 'string',
'propertyId': 'string',
'propertyAlias': 'string',
'propertyValues': [
{
'value': {
'stringValue': 'string',
'integerValue': 'string',
'doubleValue': 'string',
'booleanValue': 'string'
},
'timestamp': {
'timeInSeconds': 'string',
'offsetInNanos': 'string'
},
'quality': 'string'
},
]
},
],
'roleArn': 'string'
},
'stepFunctions': {
'executionNamePrefix': 'string',
'stateMachineName': 'string',
'roleArn': 'string'
},
'timestream': {
'roleArn': 'string',
'databaseName': 'string',
'tableName': 'string',
'dimensions': [
{
'name': 'string',
'value': 'string'
},
],
'timestamp': {
'value': 'string',
'unit': 'string'
}
},
'http': {
'url': 'string',
'confirmationUrl': 'string',
'headers': [
{
'key': 'string',
'value': 'string'
},
],
'auth': {
'sigv4': {
'signingRegion': 'string',
'serviceName': 'string',
'roleArn': 'string'
}
}
},
'kafka': {
'destinationArn': 'string',
'topic': 'string',
'key': 'string',
'partition': 'string',
'clientProperties': {
'string': 'string'
}
}
}
},
tags='string'
)
string
[REQUIRED]
The name of the rule.
dict
[REQUIRED]
The rule payload.
sql (string) -- [REQUIRED]
The SQL statement used to query the topic. For more information, see AWS IoT SQL Reference in the AWS IoT Developer Guide .
description (string) --
The description of the rule.
actions (list) -- [REQUIRED]
The actions associated with the rule.
(dict) --
Describes the actions associated with a rule.
dynamoDB (dict) --
Write to a DynamoDB table.
tableName (string) -- [REQUIRED]
The name of the DynamoDB table.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the DynamoDB table.
operation (string) --
The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .
hashKeyField (string) -- [REQUIRED]
The hash key name.
hashKeyValue (string) -- [REQUIRED]
The hash key value.
hashKeyType (string) --
The hash key type. Valid values are "STRING" or "NUMBER"
rangeKeyField (string) --
The range key name.
rangeKeyValue (string) --
The range key value.
rangeKeyType (string) --
The range key type. Valid values are "STRING" or "NUMBER"
payloadField (string) --
The action payload. This name can be customized.
dynamoDBv2 (dict) --
Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the DynamoDB table.
putItem (dict) -- [REQUIRED]
Specifies the DynamoDB table to which the message data will be written. For example:
{ "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }
Each attribute in the message payload will be written to a separate column in the DynamoDB database.
tableName (string) -- [REQUIRED]
The table where the message data will be written.
lambda (dict) --
Invoke a Lambda function.
functionArn (string) -- [REQUIRED]
The ARN of the Lambda function.
sns (dict) --
Publish to an Amazon SNS topic.
targetArn (string) -- [REQUIRED]
The ARN of the SNS topic.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
messageFormat (string) --
(Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see https://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.
sqs (dict) --
Publish to an Amazon SQS queue.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
queueUrl (string) -- [REQUIRED]
The URL of the Amazon SQS queue.
useBase64 (boolean) --
Specifies whether to use Base64 encoding.
kinesis (dict) --
Write data to an Amazon Kinesis stream.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the Amazon Kinesis stream.
streamName (string) -- [REQUIRED]
The name of the Amazon Kinesis stream.
partitionKey (string) --
The partition key.
republish (dict) --
Publish to another MQTT topic.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
topic (string) -- [REQUIRED]
The name of the MQTT topic.
qos (integer) --
The Quality of Service (QoS) level to use when republishing messages. The default value is 0.
s3 (dict) --
Write to an Amazon S3 bucket.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
bucketName (string) -- [REQUIRED]
The Amazon S3 bucket.
key (string) -- [REQUIRED]
The object key. For more information, see Actions, resources, and condition keys for Amazon S3.
cannedAcl (string) --
The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs.
firehose (dict) --
Write to an Amazon Kinesis Firehose stream.
roleArn (string) -- [REQUIRED]
The IAM role that grants access to the Amazon Kinesis Firehose stream.
deliveryStreamName (string) -- [REQUIRED]
The delivery stream name.
separator (string) --
A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).
batchMode (boolean) --
Whether to deliver the Kinesis Data Firehose stream as a batch by using PutRecordBatch. The default value is false .
When batchMode is true and the rule's SQL statement evaluates to an Array, each Array element forms one record in the PutRecordBatch request. The resulting array can't have more than 500 records.
cloudwatchMetric (dict) --
Capture a CloudWatch metric.
roleArn (string) -- [REQUIRED]
The IAM role that allows access to the CloudWatch metric.
metricNamespace (string) -- [REQUIRED]
The CloudWatch metric namespace name.
metricName (string) -- [REQUIRED]
The CloudWatch metric name.
metricValue (string) -- [REQUIRED]
The CloudWatch metric value.
metricUnit (string) -- [REQUIRED]
The metric unit supported by CloudWatch.
metricTimestamp (string) --
An optional Unix timestamp.
cloudwatchAlarm (dict) --
Change the state of a CloudWatch alarm.
roleArn (string) -- [REQUIRED]
The IAM role that allows access to the CloudWatch alarm.
alarmName (string) -- [REQUIRED]
The CloudWatch alarm name.
stateReason (string) -- [REQUIRED]
The reason for the alarm change.
stateValue (string) -- [REQUIRED]
The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.
cloudwatchLogs (dict) --
Send data to CloudWatch Logs.
roleArn (string) -- [REQUIRED]
The IAM role that allows access to the CloudWatch log.
logGroupName (string) -- [REQUIRED]
The CloudWatch log group to which the action sends data.
elasticsearch (dict) --
Write data to an Amazon Elasticsearch Service domain.
roleArn (string) -- [REQUIRED]
The IAM role ARN that has access to Elasticsearch.
endpoint (string) -- [REQUIRED]
The endpoint of your Elasticsearch domain.
index (string) -- [REQUIRED]
The Elasticsearch index where you want to store your data.
type (string) -- [REQUIRED]
The type of document you are storing.
id (string) -- [REQUIRED]
The unique identifier for the document you are storing.
salesforce (dict) --
Send a message to a Salesforce IoT Cloud Input Stream.
token (string) -- [REQUIRED]
The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
url (string) -- [REQUIRED]
The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
iotAnalytics (dict) --
Sends message data to an AWS IoT Analytics channel.
channelArn (string) --
(deprecated) The ARN of the IoT Analytics channel to which message data will be sent.
channelName (string) --
The name of the IoT Analytics channel to which message data will be sent.
batchMode (boolean) --
Whether to process the action as a batch. The default value is false .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is delivered as a separate message when passed by BatchPutMessage to the AWS IoT Analytics channel. The resulting array can't have more than 100 messages.
roleArn (string) --
The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).
iotEvents (dict) --
Sends an input to an AWS IoT Events detector.
inputName (string) -- [REQUIRED]
The name of the AWS IoT Events input.
messageId (string) --
The ID of the message. The default messageId is a new UUID value.
When batchMode is true , you can't specify a messageId --a new UUID value will be assigned.
Assign a value to this property to ensure that only one input (message) with a given messageId will be processed by an AWS IoT Events detector.
batchMode (boolean) --
Whether to process the event actions as a batch. The default value is false .
When batchMode is true , you can't specify a messageId .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is treated as a separate message when it's sent to AWS IoT Events by calling BatchPutMessage. The resulting array can't have more than 10 messages.
roleArn (string) -- [REQUIRED]
The ARN of the role that grants AWS IoT permission to send an input to an AWS IoT Events detector. ("Action":"iotevents:BatchPutMessage").
iotSiteWise (dict) --
Sends data from the MQTT message that triggered the rule to AWS IoT SiteWise asset properties.
putAssetPropertyValueEntries (list) -- [REQUIRED]
A list of asset property value entries.
(dict) --
An asset property value entry containing the following information.
entryId (string) --
Optional. A unique identifier for this entry that you can define to better track which message caused an error in case of failure. Accepts substitution templates. Defaults to a new UUID.
assetId (string) --
The ID of the AWS IoT SiteWise asset. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyId (string) --
The ID of the asset's property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyAlias (string) --
The name of the property alias associated with your asset property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyValues (list) -- [REQUIRED]
A list of property values to insert that each contain timestamp, quality, and value (TQV) information.
(dict) --
An asset property value entry containing the following information.
value (dict) -- [REQUIRED]
The value of the asset property.
stringValue (string) --
Optional. The string value of the value entry. Accepts substitution templates.
integerValue (string) --
Optional. A string that contains the integer value of the value entry. Accepts substitution templates.
doubleValue (string) --
Optional. A string that contains the double value of the value entry. Accepts substitution templates.
booleanValue (string) --
Optional. A string that contains the boolean value ( true or false ) of the value entry. Accepts substitution templates.
timestamp (dict) -- [REQUIRED]
The asset property value timestamp.
timeInSeconds (string) -- [REQUIRED]
A string that contains the time in seconds since epoch. Accepts substitution templates.
offsetInNanos (string) --
Optional. A string that contains the nanosecond time offset. Accepts substitution templates.
quality (string) --
Optional. A string that describes the quality of the value. Accepts substitution templates. Must be GOOD , BAD , or UNCERTAIN .
roleArn (string) -- [REQUIRED]
The ARN of the role that grants AWS IoT permission to send an asset property value to AWS IoTSiteWise. ( "Action": "iotsitewise:BatchPutAssetPropertyValue" ). The trust policy can restrict access to specific asset hierarchy paths.
stepFunctions (dict) --
Starts execution of a Step Functions state machine.
executionNamePrefix (string) --
(Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.
stateMachineName (string) -- [REQUIRED]
The name of the Step Functions state machine whose execution will be started.
roleArn (string) -- [REQUIRED]
The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").
timestream (dict) --
The Timestream rule action writes attributes (measures) from an MQTT message into an Amazon Timestream table. For more information, see the Timestream topic rule action documentation.
roleArn (string) -- [REQUIRED]
The ARN of the role that grants permission to write to the Amazon Timestream database table.
databaseName (string) -- [REQUIRED]
The name of an Amazon Timestream database.
tableName (string) -- [REQUIRED]
The name of the database table into which to write the measure records.
dimensions (list) -- [REQUIRED]
Metadata attributes of the time series that are written in each measure record.
(dict) --
Metadata attributes of the time series that are written in each measure record.
name (string) -- [REQUIRED]
The metadata dimension name. This is the name of the column in the Amazon Timestream database table record.
Dimensions cannot be named: measure_name , measure_value , or time . These names are reserved. Dimension names cannot start with ts_ or measure_value and they cannot contain the colon ( : ) character.
value (string) -- [REQUIRED]
The value to write in this column of the database record.
timestamp (dict) --
Specifies an application-defined value to replace the default value assigned to the Timestream record's timestamp in the time column.
You can use this property to specify the value and the precision of the Timestream record's timestamp. You can specify a value from the message payload or a value computed by a substitution template.
If omitted, the topic rule action assigns the timestamp, in milliseconds, at the time it processed the rule.
value (string) -- [REQUIRED]
An expression that returns a long epoch time value.
unit (string) -- [REQUIRED]
The precision of the timestamp value that results from the expression described in value .
Valid values: SECONDS | MILLISECONDS | MICROSECONDS | NANOSECONDS . The default is MILLISECONDS .
http (dict) --
Send data to an HTTPS endpoint.
url (string) -- [REQUIRED]
The endpoint URL. If substitution templates are used in the URL, you must also specify a confirmationUrl . If this is a new destination, a new TopicRuleDestination is created if possible.
confirmationUrl (string) --
The URL to which AWS IoT sends a confirmation message. The value of the confirmation URL must be a prefix of the endpoint URL. If you do not specify a confirmation URL AWS IoT uses the endpoint URL as the confirmation URL. If you use substitution templates in the confirmationUrl, you must create and enable topic rule destinations that match each possible value of the substitution template before traffic is allowed to your endpoint URL.
headers (list) --
The HTTP headers to send with the message data.
(dict) --
The HTTP action header.
key (string) -- [REQUIRED]
The HTTP header key.
value (string) -- [REQUIRED]
The HTTP header value. Substitution templates are supported.
auth (dict) --
The authentication method to use when sending data to an HTTPS endpoint.
sigv4 (dict) --
Use Sig V4 authorization. For more information, see Signature Version 4 Signing Process.
signingRegion (string) -- [REQUIRED]
The signing region.
serviceName (string) -- [REQUIRED]
The service name to use while signing with Sig V4.
roleArn (string) -- [REQUIRED]
The ARN of the signing role.
kafka (dict) --
Send messages to an Amazon Managed Streaming for Apache Kafka (Amazon MSK) or self-managed Apache Kafka cluster.
destinationArn (string) -- [REQUIRED]
The ARN of Kafka action's VPC TopicRuleDestination .
topic (string) -- [REQUIRED]
The Kafka topic for messages to be sent to the Kafka broker.
key (string) --
The Kafka message key.
partition (string) --
The Kafka message partition.
clientProperties (dict) -- [REQUIRED]
Properties of the Apache Kafka producer client.
(string) --
(string) --
ruleDisabled (boolean) --
Specifies whether the rule is disabled.
awsIotSqlVersion (string) --
The version of the SQL rules engine to use when evaluating the rule.
errorAction (dict) --
The action to take when an error occurs.
dynamoDB (dict) --
Write to a DynamoDB table.
tableName (string) -- [REQUIRED]
The name of the DynamoDB table.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the DynamoDB table.
operation (string) --
The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .
hashKeyField (string) -- [REQUIRED]
The hash key name.
hashKeyValue (string) -- [REQUIRED]
The hash key value.
hashKeyType (string) --
The hash key type. Valid values are "STRING" or "NUMBER"
rangeKeyField (string) --
The range key name.
rangeKeyValue (string) --
The range key value.
rangeKeyType (string) --
The range key type. Valid values are "STRING" or "NUMBER"
payloadField (string) --
The action payload. This name can be customized.
dynamoDBv2 (dict) --
Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the DynamoDB table.
putItem (dict) -- [REQUIRED]
Specifies the DynamoDB table to which the message data will be written. For example:
{ "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }
Each attribute in the message payload will be written to a separate column in the DynamoDB database.
tableName (string) -- [REQUIRED]
The table where the message data will be written.
lambda (dict) --
Invoke a Lambda function.
functionArn (string) -- [REQUIRED]
The ARN of the Lambda function.
sns (dict) --
Publish to an Amazon SNS topic.
targetArn (string) -- [REQUIRED]
The ARN of the SNS topic.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
messageFormat (string) --
(Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see https://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.
sqs (dict) --
Publish to an Amazon SQS queue.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
queueUrl (string) -- [REQUIRED]
The URL of the Amazon SQS queue.
useBase64 (boolean) --
Specifies whether to use Base64 encoding.
kinesis (dict) --
Write data to an Amazon Kinesis stream.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the Amazon Kinesis stream.
streamName (string) -- [REQUIRED]
The name of the Amazon Kinesis stream.
partitionKey (string) --
The partition key.
republish (dict) --
Publish to another MQTT topic.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
topic (string) -- [REQUIRED]
The name of the MQTT topic.
qos (integer) --
The Quality of Service (QoS) level to use when republishing messages. The default value is 0.
s3 (dict) --
Write to an Amazon S3 bucket.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
bucketName (string) -- [REQUIRED]
The Amazon S3 bucket.
key (string) -- [REQUIRED]
The object key. For more information, see Actions, resources, and condition keys for Amazon S3.
cannedAcl (string) --
The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs.
firehose (dict) --
Write to an Amazon Kinesis Firehose stream.
roleArn (string) -- [REQUIRED]
The IAM role that grants access to the Amazon Kinesis Firehose stream.
deliveryStreamName (string) -- [REQUIRED]
The delivery stream name.
separator (string) --
A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).
batchMode (boolean) --
Whether to deliver the Kinesis Data Firehose stream as a batch by using PutRecordBatch. The default value is false .
When batchMode is true and the rule's SQL statement evaluates to an Array, each Array element forms one record in the PutRecordBatch request. The resulting array can't have more than 500 records.
cloudwatchMetric (dict) --
Capture a CloudWatch metric.
roleArn (string) -- [REQUIRED]
The IAM role that allows access to the CloudWatch metric.
metricNamespace (string) -- [REQUIRED]
The CloudWatch metric namespace name.
metricName (string) -- [REQUIRED]
The CloudWatch metric name.
metricValue (string) -- [REQUIRED]
The CloudWatch metric value.
metricUnit (string) -- [REQUIRED]
The metric unit supported by CloudWatch.
metricTimestamp (string) --
An optional Unix timestamp.
cloudwatchAlarm (dict) --
Change the state of a CloudWatch alarm.
roleArn (string) -- [REQUIRED]
The IAM role that allows access to the CloudWatch alarm.
alarmName (string) -- [REQUIRED]
The CloudWatch alarm name.
stateReason (string) -- [REQUIRED]
The reason for the alarm change.
stateValue (string) -- [REQUIRED]
The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.
cloudwatchLogs (dict) --
Send data to CloudWatch Logs.
roleArn (string) -- [REQUIRED]
The IAM role that allows access to the CloudWatch log.
logGroupName (string) -- [REQUIRED]
The CloudWatch log group to which the action sends data.
elasticsearch (dict) --
Write data to an Amazon Elasticsearch Service domain.
roleArn (string) -- [REQUIRED]
The IAM role ARN that has access to Elasticsearch.
endpoint (string) -- [REQUIRED]
The endpoint of your Elasticsearch domain.
index (string) -- [REQUIRED]
The Elasticsearch index where you want to store your data.
type (string) -- [REQUIRED]
The type of document you are storing.
id (string) -- [REQUIRED]
The unique identifier for the document you are storing.
salesforce (dict) --
Send a message to a Salesforce IoT Cloud Input Stream.
token (string) -- [REQUIRED]
The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
url (string) -- [REQUIRED]
The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
iotAnalytics (dict) --
Sends message data to an AWS IoT Analytics channel.
channelArn (string) --
(deprecated) The ARN of the IoT Analytics channel to which message data will be sent.
channelName (string) --
The name of the IoT Analytics channel to which message data will be sent.
batchMode (boolean) --
Whether to process the action as a batch. The default value is false .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is delivered as a separate message when passed by BatchPutMessage to the AWS IoT Analytics channel. The resulting array can't have more than 100 messages.
roleArn (string) --
The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).
iotEvents (dict) --
Sends an input to an AWS IoT Events detector.
inputName (string) -- [REQUIRED]
The name of the AWS IoT Events input.
messageId (string) --
The ID of the message. The default messageId is a new UUID value.
When batchMode is true , you can't specify a messageId --a new UUID value will be assigned.
Assign a value to this property to ensure that only one input (message) with a given messageId will be processed by an AWS IoT Events detector.
batchMode (boolean) --
Whether to process the event actions as a batch. The default value is false .
When batchMode is true , you can't specify a messageId .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is treated as a separate message when it's sent to AWS IoT Events by calling BatchPutMessage. The resulting array can't have more than 10 messages.
roleArn (string) -- [REQUIRED]
The ARN of the role that grants AWS IoT permission to send an input to an AWS IoT Events detector. ("Action":"iotevents:BatchPutMessage").
iotSiteWise (dict) --
Sends data from the MQTT message that triggered the rule to AWS IoT SiteWise asset properties.
putAssetPropertyValueEntries (list) -- [REQUIRED]
A list of asset property value entries.
(dict) --
An asset property value entry containing the following information.
entryId (string) --
Optional. A unique identifier for this entry that you can define to better track which message caused an error in case of failure. Accepts substitution templates. Defaults to a new UUID.
assetId (string) --
The ID of the AWS IoT SiteWise asset. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyId (string) --
The ID of the asset's property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyAlias (string) --
The name of the property alias associated with your asset property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyValues (list) -- [REQUIRED]
A list of property values to insert that each contain timestamp, quality, and value (TQV) information.
(dict) --
An asset property value entry containing the following information.
value (dict) -- [REQUIRED]
The value of the asset property.
stringValue (string) --
Optional. The string value of the value entry. Accepts substitution templates.
integerValue (string) --
Optional. A string that contains the integer value of the value entry. Accepts substitution templates.
doubleValue (string) --
Optional. A string that contains the double value of the value entry. Accepts substitution templates.
booleanValue (string) --
Optional. A string that contains the boolean value ( true or false ) of the value entry. Accepts substitution templates.
timestamp (dict) -- [REQUIRED]
The asset property value timestamp.
timeInSeconds (string) -- [REQUIRED]
A string that contains the time in seconds since epoch. Accepts substitution templates.
offsetInNanos (string) --
Optional. A string that contains the nanosecond time offset. Accepts substitution templates.
quality (string) --
Optional. A string that describes the quality of the value. Accepts substitution templates. Must be GOOD , BAD , or UNCERTAIN .
roleArn (string) -- [REQUIRED]
The ARN of the role that grants AWS IoT permission to send an asset property value to AWS IoTSiteWise. ( "Action": "iotsitewise:BatchPutAssetPropertyValue" ). The trust policy can restrict access to specific asset hierarchy paths.
stepFunctions (dict) --
Starts execution of a Step Functions state machine.
executionNamePrefix (string) --
(Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.
stateMachineName (string) -- [REQUIRED]
The name of the Step Functions state machine whose execution will be started.
roleArn (string) -- [REQUIRED]
The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").
timestream (dict) --
The Timestream rule action writes attributes (measures) from an MQTT message into an Amazon Timestream table. For more information, see the Timestream topic rule action documentation.
roleArn (string) -- [REQUIRED]
The ARN of the role that grants permission to write to the Amazon Timestream database table.
databaseName (string) -- [REQUIRED]
The name of an Amazon Timestream database.
tableName (string) -- [REQUIRED]
The name of the database table into which to write the measure records.
dimensions (list) -- [REQUIRED]
Metadata attributes of the time series that are written in each measure record.
(dict) --
Metadata attributes of the time series that are written in each measure record.
name (string) -- [REQUIRED]
The metadata dimension name. This is the name of the column in the Amazon Timestream database table record.
Dimensions cannot be named: measure_name , measure_value , or time . These names are reserved. Dimension names cannot start with ts_ or measure_value and they cannot contain the colon ( : ) character.
value (string) -- [REQUIRED]
The value to write in this column of the database record.
timestamp (dict) --
Specifies an application-defined value to replace the default value assigned to the Timestream record's timestamp in the time column.
You can use this property to specify the value and the precision of the Timestream record's timestamp. You can specify a value from the message payload or a value computed by a substitution template.
If omitted, the topic rule action assigns the timestamp, in milliseconds, at the time it processed the rule.
value (string) -- [REQUIRED]
An expression that returns a long epoch time value.
unit (string) -- [REQUIRED]
The precision of the timestamp value that results from the expression described in value .
Valid values: SECONDS | MILLISECONDS | MICROSECONDS | NANOSECONDS . The default is MILLISECONDS .
http (dict) --
Send data to an HTTPS endpoint.
url (string) -- [REQUIRED]
The endpoint URL. If substitution templates are used in the URL, you must also specify a confirmationUrl . If this is a new destination, a new TopicRuleDestination is created if possible.
confirmationUrl (string) --
The URL to which AWS IoT sends a confirmation message. The value of the confirmation URL must be a prefix of the endpoint URL. If you do not specify a confirmation URL AWS IoT uses the endpoint URL as the confirmation URL. If you use substitution templates in the confirmationUrl, you must create and enable topic rule destinations that match each possible value of the substitution template before traffic is allowed to your endpoint URL.
headers (list) --
The HTTP headers to send with the message data.
(dict) --
The HTTP action header.
key (string) -- [REQUIRED]
The HTTP header key.
value (string) -- [REQUIRED]
The HTTP header value. Substitution templates are supported.
auth (dict) --
The authentication method to use when sending data to an HTTPS endpoint.
sigv4 (dict) --
Use Sig V4 authorization. For more information, see Signature Version 4 Signing Process.
signingRegion (string) -- [REQUIRED]
The signing region.
serviceName (string) -- [REQUIRED]
The service name to use while signing with Sig V4.
roleArn (string) -- [REQUIRED]
The ARN of the signing role.
kafka (dict) --
Send messages to an Amazon Managed Streaming for Apache Kafka (Amazon MSK) or self-managed Apache Kafka cluster.
destinationArn (string) -- [REQUIRED]
The ARN of Kafka action's VPC TopicRuleDestination .
topic (string) -- [REQUIRED]
The Kafka topic for messages to be sent to the Kafka broker.
key (string) --
The Kafka message key.
partition (string) --
The Kafka message partition.
clientProperties (dict) -- [REQUIRED]
Properties of the Apache Kafka producer client.
(string) --
(string) --
string
Metadata which can be used to manage the topic rule.
Note
For URI Request parameters use format: ...key1=value1&key2=value2...
For the CLI command-line parameter use format: --tags "key1=value1&key2=value2..."
For the cli-input-json file use format: "tags": "key1=value1&key2=value2..."
None
{'destinationConfiguration': {'vpcConfiguration': {'roleArn': 'string',
'securityGroups': ['string'],
'subnetIds': ['string'],
'vpcId': 'string'}}}
Response {'topicRuleDestination': {'createdAt': 'timestamp',
'lastUpdatedAt': 'timestamp',
'status': {'DELETING'},
'vpcProperties': {'roleArn': 'string',
'securityGroups': ['string'],
'subnetIds': ['string'],
'vpcId': 'string'}}}
Creates a topic rule destination. The destination must be confirmed prior to use.
See also: AWS API Documentation
Request Syntax
client.create_topic_rule_destination(
destinationConfiguration={
'httpUrlConfiguration': {
'confirmationUrl': 'string'
},
'vpcConfiguration': {
'subnetIds': [
'string',
],
'securityGroups': [
'string',
],
'vpcId': 'string',
'roleArn': 'string'
}
}
)
dict
[REQUIRED]
The topic rule destination configuration.
httpUrlConfiguration (dict) --
Configuration of the HTTP URL.
confirmationUrl (string) -- [REQUIRED]
The URL AWS IoT uses to confirm ownership of or access to the topic rule destination URL.
vpcConfiguration (dict) --
Configuration of the virtual private cloud (VPC) connection.
subnetIds (list) -- [REQUIRED]
The subnet IDs of the VPC destination.
(string) --
securityGroups (list) --
The security groups of the VPC destination.
(string) --
vpcId (string) -- [REQUIRED]
The ID of the VPC.
roleArn (string) -- [REQUIRED]
The ARN of a role that has permission to create and attach to elastic network interfaces (ENIs).
dict
Response Syntax
{
'topicRuleDestination': {
'arn': 'string',
'status': 'ENABLED'|'IN_PROGRESS'|'DISABLED'|'ERROR'|'DELETING',
'createdAt': datetime(2015, 1, 1),
'lastUpdatedAt': datetime(2015, 1, 1),
'statusReason': 'string',
'httpUrlProperties': {
'confirmationUrl': 'string'
},
'vpcProperties': {
'subnetIds': [
'string',
],
'securityGroups': [
'string',
],
'vpcId': 'string',
'roleArn': 'string'
}
}
}
Response Structure
(dict) --
topicRuleDestination (dict) --
The topic rule destination.
arn (string) --
The topic rule destination URL.
status (string) --
The status of the topic rule destination. Valid values are:
IN_PROGRESS
A topic rule destination was created but has not been confirmed. You can set status to IN_PROGRESS by calling UpdateTopicRuleDestination . Calling UpdateTopicRuleDestination causes a new confirmation challenge to be sent to your confirmation endpoint.
ENABLED
Confirmation was completed, and traffic to this destination is allowed. You can set status to DISABLED by calling UpdateTopicRuleDestination .
DISABLED
Confirmation was completed, and traffic to this destination is not allowed. You can set status to ENABLED by calling UpdateTopicRuleDestination .
ERROR
Confirmation could not be completed, for example if the confirmation timed out. You can call GetTopicRuleDestination for details about the error. You can set status to IN_PROGRESS by calling UpdateTopicRuleDestination . Calling UpdateTopicRuleDestination causes a new confirmation challenge to be sent to your confirmation endpoint.
createdAt (datetime) --
The date and time when the topic rule destination was created.
lastUpdatedAt (datetime) --
The date and time when the topic rule destination was last updated.
statusReason (string) --
Additional details or reason why the topic rule destination is in the current status.
httpUrlProperties (dict) --
Properties of the HTTP URL.
confirmationUrl (string) --
The URL used to confirm the HTTP topic rule destination URL.
vpcProperties (dict) --
Properties of the virtual private cloud (VPC) connection.
subnetIds (list) --
The subnet IDs of the VPC destination.
(string) --
securityGroups (list) --
The security groups of the VPC destination.
(string) --
vpcId (string) --
The ID of the VPC.
roleArn (string) --
The ARN of a role that has permission to create and attach to elastic network interfaces (ENIs).
{'behaviors': {'criteria': {'comparisonOperator': {'in-set', 'not-in-set'},
'mlDetectionConfig': {'confidenceLevel': 'LOW | '
'MEDIUM | '
'HIGH'},
'value': {'number': 'double',
'numbers': ['double'],
'strings': ['string']}},
'suppressAlerts': 'boolean'}}
Gets information about a Device Defender security profile.
See also: AWS API Documentation
Request Syntax
client.describe_security_profile(
securityProfileName='string'
)
string
[REQUIRED]
The name of the security profile whose information you want to get.
dict
Response Syntax
{
'securityProfileName': 'string',
'securityProfileArn': 'string',
'securityProfileDescription': 'string',
'behaviors': [
{
'name': 'string',
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
},
'criteria': {
'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set'|'in-set'|'not-in-set',
'value': {
'count': 123,
'cidrs': [
'string',
],
'ports': [
123,
],
'number': 123.0,
'numbers': [
123.0,
],
'strings': [
'string',
]
},
'durationSeconds': 123,
'consecutiveDatapointsToAlarm': 123,
'consecutiveDatapointsToClear': 123,
'statisticalThreshold': {
'statistic': 'string'
},
'mlDetectionConfig': {
'confidenceLevel': 'LOW'|'MEDIUM'|'HIGH'
}
},
'suppressAlerts': True|False
},
],
'alertTargets': {
'string': {
'alertTargetArn': 'string',
'roleArn': 'string'
}
},
'additionalMetricsToRetain': [
'string',
],
'additionalMetricsToRetainV2': [
{
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
}
},
],
'version': 123,
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1)
}
Response Structure
(dict) --
securityProfileName (string) --
The name of the security profile.
securityProfileArn (string) --
The ARN of the security profile.
securityProfileDescription (string) --
A description of the security profile (associated with the security profile when it was created or updated).
behaviors (list) --
Specifies the behaviors that, when violated by a device (thing), cause an alert.
(dict) --
A Device Defender security profile behavior.
name (string) --
The name you've given to the behavior.
metric (string) --
What is measured by the behavior.
metricDimension (dict) --
The dimension for a metric in your behavior. For example, using a TOPIC_FILTER dimension, you can narrow down the scope of the metric to only MQTT topics where the name matches the pattern specified in the dimension. This can't be used with custom metrics.
dimensionName (string) --
A unique identifier for the dimension.
operator (string) --
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
criteria (dict) --
The criteria that determine if a device is behaving normally in regard to the metric .
comparisonOperator (string) --
The operator that relates the thing measured ( metric ) to the criteria (containing a value or statisticalThreshold ). Valid operators include:
string-list : in-set and not-in-set
number-list : in-set and not-in-set
ip-address-list : in-cidr-set and not-in-cidr-set
number : less-than , less-than-equals , greater-than , and greater-than-equals
value (dict) --
The value to be compared with the metric .
count (integer) --
If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .
cidrs (list) --
If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .
(string) --
ports (list) --
If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .
(integer) --
number (float) --
The numeral value of a metric.
numbers (list) --
The numeral values of a metric.
(float) --
strings (list) --
The string values of a metric.
(string) --
durationSeconds (integer) --
Use this to specify the time duration over which the behavior is evaluated, for those criteria that have a time dimension (for example, NUM_MESSAGES_SENT ). For a statisticalThreshhold metric comparison, measurements from all devices are accumulated over this time duration before being used to calculate percentiles, and later, measurements from an individual device are also accumulated over this time duration before being given a percentile rank. Cannot be used with list-based metric datatypes.
consecutiveDatapointsToAlarm (integer) --
If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.
consecutiveDatapointsToClear (integer) --
If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.
statisticalThreshold (dict) --
A statistical ranking (percentile)that indicates a threshold value by which a behavior is determined to be in compliance or in violation of the behavior.
statistic (string) --
The percentile that resolves to a threshold value by which compliance with a behavior is determined. Metrics are collected over the specified period ( durationSeconds ) from all reporting devices in your account and statistical ranks are calculated. Then, the measurements from a device are collected over the same period. If the accumulated measurements from the device fall above or below ( comparisonOperator ) the value associated with the percentile specified, then the device is considered to be in compliance with the behavior, otherwise a violation occurs.
mlDetectionConfig (dict) --
The configuration of an ML Detect
confidenceLevel (string) --
The sensitivity of anomalous behavior evaluation. Can be Low , Medium , or High .
suppressAlerts (boolean) --
Suppresses alerts.
alertTargets (dict) --
Where the alerts are sent. (Alerts are always sent to the console.)
(string) --
The type of alert target: one of "SNS".
(dict) --
A structure containing the alert target ARN and the role ARN.
alertTargetArn (string) --
The Amazon Resource Name (ARN) of the notification target to which alerts are sent.
roleArn (string) --
The ARN of the role that grants permission to send alerts to the notification target.
additionalMetricsToRetain (list) --
Please use DescribeSecurityProfileResponse$additionalMetricsToRetainV2 instead.
A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors , but it is also retained for any metric specified here.
(string) --
additionalMetricsToRetainV2 (list) --
A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors, but it is also retained for any metric specified here.
(dict) --
The metric you want to retain. Dimensions are optional.
metric (string) --
What is measured by the behavior.
metricDimension (dict) --
The dimension of a metric. This can't be used with custom metrics.
dimensionName (string) --
A unique identifier for the dimension.
operator (string) --
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
version (integer) --
The version of the security profile. A new version is generated whenever the security profile is updated.
creationDate (datetime) --
The time the security profile was created.
lastModifiedDate (datetime) --
The time the security profile was last modified.
{'rule': {'actions': {'kafka': {'clientProperties': {'string': 'string'},
'destinationArn': 'string',
'key': 'string',
'partition': 'string',
'topic': 'string'}},
'errorAction': {'kafka': {'clientProperties': {'string': 'string'},
'destinationArn': 'string',
'key': 'string',
'partition': 'string',
'topic': 'string'}}}}
Gets information about the rule.
See also: AWS API Documentation
Request Syntax
client.get_topic_rule(
ruleName='string'
)
string
[REQUIRED]
The name of the rule.
dict
Response Syntax
{
'ruleArn': 'string',
'rule': {
'ruleName': 'string',
'sql': 'string',
'description': 'string',
'createdAt': datetime(2015, 1, 1),
'actions': [
{
'dynamoDB': {
'tableName': 'string',
'roleArn': 'string',
'operation': 'string',
'hashKeyField': 'string',
'hashKeyValue': 'string',
'hashKeyType': 'STRING'|'NUMBER',
'rangeKeyField': 'string',
'rangeKeyValue': 'string',
'rangeKeyType': 'STRING'|'NUMBER',
'payloadField': 'string'
},
'dynamoDBv2': {
'roleArn': 'string',
'putItem': {
'tableName': 'string'
}
},
'lambda': {
'functionArn': 'string'
},
'sns': {
'targetArn': 'string',
'roleArn': 'string',
'messageFormat': 'RAW'|'JSON'
},
'sqs': {
'roleArn': 'string',
'queueUrl': 'string',
'useBase64': True|False
},
'kinesis': {
'roleArn': 'string',
'streamName': 'string',
'partitionKey': 'string'
},
'republish': {
'roleArn': 'string',
'topic': 'string',
'qos': 123
},
's3': {
'roleArn': 'string',
'bucketName': 'string',
'key': 'string',
'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
},
'firehose': {
'roleArn': 'string',
'deliveryStreamName': 'string',
'separator': 'string',
'batchMode': True|False
},
'cloudwatchMetric': {
'roleArn': 'string',
'metricNamespace': 'string',
'metricName': 'string',
'metricValue': 'string',
'metricUnit': 'string',
'metricTimestamp': 'string'
},
'cloudwatchAlarm': {
'roleArn': 'string',
'alarmName': 'string',
'stateReason': 'string',
'stateValue': 'string'
},
'cloudwatchLogs': {
'roleArn': 'string',
'logGroupName': 'string'
},
'elasticsearch': {
'roleArn': 'string',
'endpoint': 'string',
'index': 'string',
'type': 'string',
'id': 'string'
},
'salesforce': {
'token': 'string',
'url': 'string'
},
'iotAnalytics': {
'channelArn': 'string',
'channelName': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotEvents': {
'inputName': 'string',
'messageId': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotSiteWise': {
'putAssetPropertyValueEntries': [
{
'entryId': 'string',
'assetId': 'string',
'propertyId': 'string',
'propertyAlias': 'string',
'propertyValues': [
{
'value': {
'stringValue': 'string',
'integerValue': 'string',
'doubleValue': 'string',
'booleanValue': 'string'
},
'timestamp': {
'timeInSeconds': 'string',
'offsetInNanos': 'string'
},
'quality': 'string'
},
]
},
],
'roleArn': 'string'
},
'stepFunctions': {
'executionNamePrefix': 'string',
'stateMachineName': 'string',
'roleArn': 'string'
},
'timestream': {
'roleArn': 'string',
'databaseName': 'string',
'tableName': 'string',
'dimensions': [
{
'name': 'string',
'value': 'string'
},
],
'timestamp': {
'value': 'string',
'unit': 'string'
}
},
'http': {
'url': 'string',
'confirmationUrl': 'string',
'headers': [
{
'key': 'string',
'value': 'string'
},
],
'auth': {
'sigv4': {
'signingRegion': 'string',
'serviceName': 'string',
'roleArn': 'string'
}
}
},
'kafka': {
'destinationArn': 'string',
'topic': 'string',
'key': 'string',
'partition': 'string',
'clientProperties': {
'string': 'string'
}
}
},
],
'ruleDisabled': True|False,
'awsIotSqlVersion': 'string',
'errorAction': {
'dynamoDB': {
'tableName': 'string',
'roleArn': 'string',
'operation': 'string',
'hashKeyField': 'string',
'hashKeyValue': 'string',
'hashKeyType': 'STRING'|'NUMBER',
'rangeKeyField': 'string',
'rangeKeyValue': 'string',
'rangeKeyType': 'STRING'|'NUMBER',
'payloadField': 'string'
},
'dynamoDBv2': {
'roleArn': 'string',
'putItem': {
'tableName': 'string'
}
},
'lambda': {
'functionArn': 'string'
},
'sns': {
'targetArn': 'string',
'roleArn': 'string',
'messageFormat': 'RAW'|'JSON'
},
'sqs': {
'roleArn': 'string',
'queueUrl': 'string',
'useBase64': True|False
},
'kinesis': {
'roleArn': 'string',
'streamName': 'string',
'partitionKey': 'string'
},
'republish': {
'roleArn': 'string',
'topic': 'string',
'qos': 123
},
's3': {
'roleArn': 'string',
'bucketName': 'string',
'key': 'string',
'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
},
'firehose': {
'roleArn': 'string',
'deliveryStreamName': 'string',
'separator': 'string',
'batchMode': True|False
},
'cloudwatchMetric': {
'roleArn': 'string',
'metricNamespace': 'string',
'metricName': 'string',
'metricValue': 'string',
'metricUnit': 'string',
'metricTimestamp': 'string'
},
'cloudwatchAlarm': {
'roleArn': 'string',
'alarmName': 'string',
'stateReason': 'string',
'stateValue': 'string'
},
'cloudwatchLogs': {
'roleArn': 'string',
'logGroupName': 'string'
},
'elasticsearch': {
'roleArn': 'string',
'endpoint': 'string',
'index': 'string',
'type': 'string',
'id': 'string'
},
'salesforce': {
'token': 'string',
'url': 'string'
},
'iotAnalytics': {
'channelArn': 'string',
'channelName': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotEvents': {
'inputName': 'string',
'messageId': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotSiteWise': {
'putAssetPropertyValueEntries': [
{
'entryId': 'string',
'assetId': 'string',
'propertyId': 'string',
'propertyAlias': 'string',
'propertyValues': [
{
'value': {
'stringValue': 'string',
'integerValue': 'string',
'doubleValue': 'string',
'booleanValue': 'string'
},
'timestamp': {
'timeInSeconds': 'string',
'offsetInNanos': 'string'
},
'quality': 'string'
},
]
},
],
'roleArn': 'string'
},
'stepFunctions': {
'executionNamePrefix': 'string',
'stateMachineName': 'string',
'roleArn': 'string'
},
'timestream': {
'roleArn': 'string',
'databaseName': 'string',
'tableName': 'string',
'dimensions': [
{
'name': 'string',
'value': 'string'
},
],
'timestamp': {
'value': 'string',
'unit': 'string'
}
},
'http': {
'url': 'string',
'confirmationUrl': 'string',
'headers': [
{
'key': 'string',
'value': 'string'
},
],
'auth': {
'sigv4': {
'signingRegion': 'string',
'serviceName': 'string',
'roleArn': 'string'
}
}
},
'kafka': {
'destinationArn': 'string',
'topic': 'string',
'key': 'string',
'partition': 'string',
'clientProperties': {
'string': 'string'
}
}
}
}
}
Response Structure
(dict) --
The output from the GetTopicRule operation.
ruleArn (string) --
The rule ARN.
rule (dict) --
The rule.
ruleName (string) --
The name of the rule.
sql (string) --
The SQL statement used to query the topic. When using a SQL query with multiple lines, be sure to escape the newline characters.
description (string) --
The description of the rule.
createdAt (datetime) --
The date and time the rule was created.
actions (list) --
The actions associated with the rule.
(dict) --
Describes the actions associated with a rule.
dynamoDB (dict) --
Write to a DynamoDB table.
tableName (string) --
The name of the DynamoDB table.
roleArn (string) --
The ARN of the IAM role that grants access to the DynamoDB table.
operation (string) --
The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .
hashKeyField (string) --
The hash key name.
hashKeyValue (string) --
The hash key value.
hashKeyType (string) --
The hash key type. Valid values are "STRING" or "NUMBER"
rangeKeyField (string) --
The range key name.
rangeKeyValue (string) --
The range key value.
rangeKeyType (string) --
The range key type. Valid values are "STRING" or "NUMBER"
payloadField (string) --
The action payload. This name can be customized.
dynamoDBv2 (dict) --
Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.
roleArn (string) --
The ARN of the IAM role that grants access to the DynamoDB table.
putItem (dict) --
Specifies the DynamoDB table to which the message data will be written. For example:
{ "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }
Each attribute in the message payload will be written to a separate column in the DynamoDB database.
tableName (string) --
The table where the message data will be written.
lambda (dict) --
Invoke a Lambda function.
functionArn (string) --
The ARN of the Lambda function.
sns (dict) --
Publish to an Amazon SNS topic.
targetArn (string) --
The ARN of the SNS topic.
roleArn (string) --
The ARN of the IAM role that grants access.
messageFormat (string) --
(Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see https://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.
sqs (dict) --
Publish to an Amazon SQS queue.
roleArn (string) --
The ARN of the IAM role that grants access.
queueUrl (string) --
The URL of the Amazon SQS queue.
useBase64 (boolean) --
Specifies whether to use Base64 encoding.
kinesis (dict) --
Write data to an Amazon Kinesis stream.
roleArn (string) --
The ARN of the IAM role that grants access to the Amazon Kinesis stream.
streamName (string) --
The name of the Amazon Kinesis stream.
partitionKey (string) --
The partition key.
republish (dict) --
Publish to another MQTT topic.
roleArn (string) --
The ARN of the IAM role that grants access.
topic (string) --
The name of the MQTT topic.
qos (integer) --
The Quality of Service (QoS) level to use when republishing messages. The default value is 0.
s3 (dict) --
Write to an Amazon S3 bucket.
roleArn (string) --
The ARN of the IAM role that grants access.
bucketName (string) --
The Amazon S3 bucket.
key (string) --
The object key. For more information, see Actions, resources, and condition keys for Amazon S3.
cannedAcl (string) --
The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs.
firehose (dict) --
Write to an Amazon Kinesis Firehose stream.
roleArn (string) --
The IAM role that grants access to the Amazon Kinesis Firehose stream.
deliveryStreamName (string) --
The delivery stream name.
separator (string) --
A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).
batchMode (boolean) --
Whether to deliver the Kinesis Data Firehose stream as a batch by using PutRecordBatch. The default value is false .
When batchMode is true and the rule's SQL statement evaluates to an Array, each Array element forms one record in the PutRecordBatch request. The resulting array can't have more than 500 records.
cloudwatchMetric (dict) --
Capture a CloudWatch metric.
roleArn (string) --
The IAM role that allows access to the CloudWatch metric.
metricNamespace (string) --
The CloudWatch metric namespace name.
metricName (string) --
The CloudWatch metric name.
metricValue (string) --
The CloudWatch metric value.
metricUnit (string) --
The metric unit supported by CloudWatch.
metricTimestamp (string) --
An optional Unix timestamp.
cloudwatchAlarm (dict) --
Change the state of a CloudWatch alarm.
roleArn (string) --
The IAM role that allows access to the CloudWatch alarm.
alarmName (string) --
The CloudWatch alarm name.
stateReason (string) --
The reason for the alarm change.
stateValue (string) --
The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.
cloudwatchLogs (dict) --
Send data to CloudWatch Logs.
roleArn (string) --
The IAM role that allows access to the CloudWatch log.
logGroupName (string) --
The CloudWatch log group to which the action sends data.
elasticsearch (dict) --
Write data to an Amazon Elasticsearch Service domain.
roleArn (string) --
The IAM role ARN that has access to Elasticsearch.
endpoint (string) --
The endpoint of your Elasticsearch domain.
index (string) --
The Elasticsearch index where you want to store your data.
type (string) --
The type of document you are storing.
id (string) --
The unique identifier for the document you are storing.
salesforce (dict) --
Send a message to a Salesforce IoT Cloud Input Stream.
token (string) --
The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
url (string) --
The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
iotAnalytics (dict) --
Sends message data to an AWS IoT Analytics channel.
channelArn (string) --
(deprecated) The ARN of the IoT Analytics channel to which message data will be sent.
channelName (string) --
The name of the IoT Analytics channel to which message data will be sent.
batchMode (boolean) --
Whether to process the action as a batch. The default value is false .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is delivered as a separate message when passed by BatchPutMessage to the AWS IoT Analytics channel. The resulting array can't have more than 100 messages.
roleArn (string) --
The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).
iotEvents (dict) --
Sends an input to an AWS IoT Events detector.
inputName (string) --
The name of the AWS IoT Events input.
messageId (string) --
The ID of the message. The default messageId is a new UUID value.
When batchMode is true , you can't specify a messageId --a new UUID value will be assigned.
Assign a value to this property to ensure that only one input (message) with a given messageId will be processed by an AWS IoT Events detector.
batchMode (boolean) --
Whether to process the event actions as a batch. The default value is false .
When batchMode is true , you can't specify a messageId .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is treated as a separate message when it's sent to AWS IoT Events by calling BatchPutMessage. The resulting array can't have more than 10 messages.
roleArn (string) --
The ARN of the role that grants AWS IoT permission to send an input to an AWS IoT Events detector. ("Action":"iotevents:BatchPutMessage").
iotSiteWise (dict) --
Sends data from the MQTT message that triggered the rule to AWS IoT SiteWise asset properties.
putAssetPropertyValueEntries (list) --
A list of asset property value entries.
(dict) --
An asset property value entry containing the following information.
entryId (string) --
Optional. A unique identifier for this entry that you can define to better track which message caused an error in case of failure. Accepts substitution templates. Defaults to a new UUID.
assetId (string) --
The ID of the AWS IoT SiteWise asset. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyId (string) --
The ID of the asset's property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyAlias (string) --
The name of the property alias associated with your asset property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyValues (list) --
A list of property values to insert that each contain timestamp, quality, and value (TQV) information.
(dict) --
An asset property value entry containing the following information.
value (dict) --
The value of the asset property.
stringValue (string) --
Optional. The string value of the value entry. Accepts substitution templates.
integerValue (string) --
Optional. A string that contains the integer value of the value entry. Accepts substitution templates.
doubleValue (string) --
Optional. A string that contains the double value of the value entry. Accepts substitution templates.
booleanValue (string) --
Optional. A string that contains the boolean value ( true or false ) of the value entry. Accepts substitution templates.
timestamp (dict) --
The asset property value timestamp.
timeInSeconds (string) --
A string that contains the time in seconds since epoch. Accepts substitution templates.
offsetInNanos (string) --
Optional. A string that contains the nanosecond time offset. Accepts substitution templates.
quality (string) --
Optional. A string that describes the quality of the value. Accepts substitution templates. Must be GOOD , BAD , or UNCERTAIN .
roleArn (string) --
The ARN of the role that grants AWS IoT permission to send an asset property value to AWS IoTSiteWise. ( "Action": "iotsitewise:BatchPutAssetPropertyValue" ). The trust policy can restrict access to specific asset hierarchy paths.
stepFunctions (dict) --
Starts execution of a Step Functions state machine.
executionNamePrefix (string) --
(Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.
stateMachineName (string) --
The name of the Step Functions state machine whose execution will be started.
roleArn (string) --
The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").
timestream (dict) --
The Timestream rule action writes attributes (measures) from an MQTT message into an Amazon Timestream table. For more information, see the Timestream topic rule action documentation.
roleArn (string) --
The ARN of the role that grants permission to write to the Amazon Timestream database table.
databaseName (string) --
The name of an Amazon Timestream database.
tableName (string) --
The name of the database table into which to write the measure records.
dimensions (list) --
Metadata attributes of the time series that are written in each measure record.
(dict) --
Metadata attributes of the time series that are written in each measure record.
name (string) --
The metadata dimension name. This is the name of the column in the Amazon Timestream database table record.
Dimensions cannot be named: measure_name , measure_value , or time . These names are reserved. Dimension names cannot start with ts_ or measure_value and they cannot contain the colon ( : ) character.
value (string) --
The value to write in this column of the database record.
timestamp (dict) --
Specifies an application-defined value to replace the default value assigned to the Timestream record's timestamp in the time column.
You can use this property to specify the value and the precision of the Timestream record's timestamp. You can specify a value from the message payload or a value computed by a substitution template.
If omitted, the topic rule action assigns the timestamp, in milliseconds, at the time it processed the rule.
value (string) --
An expression that returns a long epoch time value.
unit (string) --
The precision of the timestamp value that results from the expression described in value .
Valid values: SECONDS | MILLISECONDS | MICROSECONDS | NANOSECONDS . The default is MILLISECONDS .
http (dict) --
Send data to an HTTPS endpoint.
url (string) --
The endpoint URL. If substitution templates are used in the URL, you must also specify a confirmationUrl . If this is a new destination, a new TopicRuleDestination is created if possible.
confirmationUrl (string) --
The URL to which AWS IoT sends a confirmation message. The value of the confirmation URL must be a prefix of the endpoint URL. If you do not specify a confirmation URL AWS IoT uses the endpoint URL as the confirmation URL. If you use substitution templates in the confirmationUrl, you must create and enable topic rule destinations that match each possible value of the substitution template before traffic is allowed to your endpoint URL.
headers (list) --
The HTTP headers to send with the message data.
(dict) --
The HTTP action header.
key (string) --
The HTTP header key.
value (string) --
The HTTP header value. Substitution templates are supported.
auth (dict) --
The authentication method to use when sending data to an HTTPS endpoint.
sigv4 (dict) --
Use Sig V4 authorization. For more information, see Signature Version 4 Signing Process.
signingRegion (string) --
The signing region.
serviceName (string) --
The service name to use while signing with Sig V4.
roleArn (string) --
The ARN of the signing role.
kafka (dict) --
Send messages to an Amazon Managed Streaming for Apache Kafka (Amazon MSK) or self-managed Apache Kafka cluster.
destinationArn (string) --
The ARN of Kafka action's VPC TopicRuleDestination .
topic (string) --
The Kafka topic for messages to be sent to the Kafka broker.
key (string) --
The Kafka message key.
partition (string) --
The Kafka message partition.
clientProperties (dict) --
Properties of the Apache Kafka producer client.
(string) --
(string) --
ruleDisabled (boolean) --
Specifies whether the rule is disabled.
awsIotSqlVersion (string) --
The version of the SQL rules engine to use when evaluating the rule.
errorAction (dict) --
The action to perform when an error occurs.
dynamoDB (dict) --
Write to a DynamoDB table.
tableName (string) --
The name of the DynamoDB table.
roleArn (string) --
The ARN of the IAM role that grants access to the DynamoDB table.
operation (string) --
The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .
hashKeyField (string) --
The hash key name.
hashKeyValue (string) --
The hash key value.
hashKeyType (string) --
The hash key type. Valid values are "STRING" or "NUMBER"
rangeKeyField (string) --
The range key name.
rangeKeyValue (string) --
The range key value.
rangeKeyType (string) --
The range key type. Valid values are "STRING" or "NUMBER"
payloadField (string) --
The action payload. This name can be customized.
dynamoDBv2 (dict) --
Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.
roleArn (string) --
The ARN of the IAM role that grants access to the DynamoDB table.
putItem (dict) --
Specifies the DynamoDB table to which the message data will be written. For example:
{ "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }
Each attribute in the message payload will be written to a separate column in the DynamoDB database.
tableName (string) --
The table where the message data will be written.
lambda (dict) --
Invoke a Lambda function.
functionArn (string) --
The ARN of the Lambda function.
sns (dict) --
Publish to an Amazon SNS topic.
targetArn (string) --
The ARN of the SNS topic.
roleArn (string) --
The ARN of the IAM role that grants access.
messageFormat (string) --
(Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see https://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.
sqs (dict) --
Publish to an Amazon SQS queue.
roleArn (string) --
The ARN of the IAM role that grants access.
queueUrl (string) --
The URL of the Amazon SQS queue.
useBase64 (boolean) --
Specifies whether to use Base64 encoding.
kinesis (dict) --
Write data to an Amazon Kinesis stream.
roleArn (string) --
The ARN of the IAM role that grants access to the Amazon Kinesis stream.
streamName (string) --
The name of the Amazon Kinesis stream.
partitionKey (string) --
The partition key.
republish (dict) --
Publish to another MQTT topic.
roleArn (string) --
The ARN of the IAM role that grants access.
topic (string) --
The name of the MQTT topic.
qos (integer) --
The Quality of Service (QoS) level to use when republishing messages. The default value is 0.
s3 (dict) --
Write to an Amazon S3 bucket.
roleArn (string) --
The ARN of the IAM role that grants access.
bucketName (string) --
The Amazon S3 bucket.
key (string) --
The object key. For more information, see Actions, resources, and condition keys for Amazon S3.
cannedAcl (string) --
The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs.
firehose (dict) --
Write to an Amazon Kinesis Firehose stream.
roleArn (string) --
The IAM role that grants access to the Amazon Kinesis Firehose stream.
deliveryStreamName (string) --
The delivery stream name.
separator (string) --
A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).
batchMode (boolean) --
Whether to deliver the Kinesis Data Firehose stream as a batch by using PutRecordBatch. The default value is false .
When batchMode is true and the rule's SQL statement evaluates to an Array, each Array element forms one record in the PutRecordBatch request. The resulting array can't have more than 500 records.
cloudwatchMetric (dict) --
Capture a CloudWatch metric.
roleArn (string) --
The IAM role that allows access to the CloudWatch metric.
metricNamespace (string) --
The CloudWatch metric namespace name.
metricName (string) --
The CloudWatch metric name.
metricValue (string) --
The CloudWatch metric value.
metricUnit (string) --
The metric unit supported by CloudWatch.
metricTimestamp (string) --
An optional Unix timestamp.
cloudwatchAlarm (dict) --
Change the state of a CloudWatch alarm.
roleArn (string) --
The IAM role that allows access to the CloudWatch alarm.
alarmName (string) --
The CloudWatch alarm name.
stateReason (string) --
The reason for the alarm change.
stateValue (string) --
The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.
cloudwatchLogs (dict) --
Send data to CloudWatch Logs.
roleArn (string) --
The IAM role that allows access to the CloudWatch log.
logGroupName (string) --
The CloudWatch log group to which the action sends data.
elasticsearch (dict) --
Write data to an Amazon Elasticsearch Service domain.
roleArn (string) --
The IAM role ARN that has access to Elasticsearch.
endpoint (string) --
The endpoint of your Elasticsearch domain.
index (string) --
The Elasticsearch index where you want to store your data.
type (string) --
The type of document you are storing.
id (string) --
The unique identifier for the document you are storing.
salesforce (dict) --
Send a message to a Salesforce IoT Cloud Input Stream.
token (string) --
The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
url (string) --
The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
iotAnalytics (dict) --
Sends message data to an AWS IoT Analytics channel.
channelArn (string) --
(deprecated) The ARN of the IoT Analytics channel to which message data will be sent.
channelName (string) --
The name of the IoT Analytics channel to which message data will be sent.
batchMode (boolean) --
Whether to process the action as a batch. The default value is false .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is delivered as a separate message when passed by BatchPutMessage to the AWS IoT Analytics channel. The resulting array can't have more than 100 messages.
roleArn (string) --
The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).
iotEvents (dict) --
Sends an input to an AWS IoT Events detector.
inputName (string) --
The name of the AWS IoT Events input.
messageId (string) --
The ID of the message. The default messageId is a new UUID value.
When batchMode is true , you can't specify a messageId --a new UUID value will be assigned.
Assign a value to this property to ensure that only one input (message) with a given messageId will be processed by an AWS IoT Events detector.
batchMode (boolean) --
Whether to process the event actions as a batch. The default value is false .
When batchMode is true , you can't specify a messageId .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is treated as a separate message when it's sent to AWS IoT Events by calling BatchPutMessage. The resulting array can't have more than 10 messages.
roleArn (string) --
The ARN of the role that grants AWS IoT permission to send an input to an AWS IoT Events detector. ("Action":"iotevents:BatchPutMessage").
iotSiteWise (dict) --
Sends data from the MQTT message that triggered the rule to AWS IoT SiteWise asset properties.
putAssetPropertyValueEntries (list) --
A list of asset property value entries.
(dict) --
An asset property value entry containing the following information.
entryId (string) --
Optional. A unique identifier for this entry that you can define to better track which message caused an error in case of failure. Accepts substitution templates. Defaults to a new UUID.
assetId (string) --
The ID of the AWS IoT SiteWise asset. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyId (string) --
The ID of the asset's property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyAlias (string) --
The name of the property alias associated with your asset property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyValues (list) --
A list of property values to insert that each contain timestamp, quality, and value (TQV) information.
(dict) --
An asset property value entry containing the following information.
value (dict) --
The value of the asset property.
stringValue (string) --
Optional. The string value of the value entry. Accepts substitution templates.
integerValue (string) --
Optional. A string that contains the integer value of the value entry. Accepts substitution templates.
doubleValue (string) --
Optional. A string that contains the double value of the value entry. Accepts substitution templates.
booleanValue (string) --
Optional. A string that contains the boolean value ( true or false ) of the value entry. Accepts substitution templates.
timestamp (dict) --
The asset property value timestamp.
timeInSeconds (string) --
A string that contains the time in seconds since epoch. Accepts substitution templates.
offsetInNanos (string) --
Optional. A string that contains the nanosecond time offset. Accepts substitution templates.
quality (string) --
Optional. A string that describes the quality of the value. Accepts substitution templates. Must be GOOD , BAD , or UNCERTAIN .
roleArn (string) --
The ARN of the role that grants AWS IoT permission to send an asset property value to AWS IoTSiteWise. ( "Action": "iotsitewise:BatchPutAssetPropertyValue" ). The trust policy can restrict access to specific asset hierarchy paths.
stepFunctions (dict) --
Starts execution of a Step Functions state machine.
executionNamePrefix (string) --
(Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.
stateMachineName (string) --
The name of the Step Functions state machine whose execution will be started.
roleArn (string) --
The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").
timestream (dict) --
The Timestream rule action writes attributes (measures) from an MQTT message into an Amazon Timestream table. For more information, see the Timestream topic rule action documentation.
roleArn (string) --
The ARN of the role that grants permission to write to the Amazon Timestream database table.
databaseName (string) --
The name of an Amazon Timestream database.
tableName (string) --
The name of the database table into which to write the measure records.
dimensions (list) --
Metadata attributes of the time series that are written in each measure record.
(dict) --
Metadata attributes of the time series that are written in each measure record.
name (string) --
The metadata dimension name. This is the name of the column in the Amazon Timestream database table record.
Dimensions cannot be named: measure_name , measure_value , or time . These names are reserved. Dimension names cannot start with ts_ or measure_value and they cannot contain the colon ( : ) character.
value (string) --
The value to write in this column of the database record.
timestamp (dict) --
Specifies an application-defined value to replace the default value assigned to the Timestream record's timestamp in the time column.
You can use this property to specify the value and the precision of the Timestream record's timestamp. You can specify a value from the message payload or a value computed by a substitution template.
If omitted, the topic rule action assigns the timestamp, in milliseconds, at the time it processed the rule.
value (string) --
An expression that returns a long epoch time value.
unit (string) --
The precision of the timestamp value that results from the expression described in value .
Valid values: SECONDS | MILLISECONDS | MICROSECONDS | NANOSECONDS . The default is MILLISECONDS .
http (dict) --
Send data to an HTTPS endpoint.
url (string) --
The endpoint URL. If substitution templates are used in the URL, you must also specify a confirmationUrl . If this is a new destination, a new TopicRuleDestination is created if possible.
confirmationUrl (string) --
The URL to which AWS IoT sends a confirmation message. The value of the confirmation URL must be a prefix of the endpoint URL. If you do not specify a confirmation URL AWS IoT uses the endpoint URL as the confirmation URL. If you use substitution templates in the confirmationUrl, you must create and enable topic rule destinations that match each possible value of the substitution template before traffic is allowed to your endpoint URL.
headers (list) --
The HTTP headers to send with the message data.
(dict) --
The HTTP action header.
key (string) --
The HTTP header key.
value (string) --
The HTTP header value. Substitution templates are supported.
auth (dict) --
The authentication method to use when sending data to an HTTPS endpoint.
sigv4 (dict) --
Use Sig V4 authorization. For more information, see Signature Version 4 Signing Process.
signingRegion (string) --
The signing region.
serviceName (string) --
The service name to use while signing with Sig V4.
roleArn (string) --
The ARN of the signing role.
kafka (dict) --
Send messages to an Amazon Managed Streaming for Apache Kafka (Amazon MSK) or self-managed Apache Kafka cluster.
destinationArn (string) --
The ARN of Kafka action's VPC TopicRuleDestination .
topic (string) --
The Kafka topic for messages to be sent to the Kafka broker.
key (string) --
The Kafka message key.
partition (string) --
The Kafka message partition.
clientProperties (dict) --
Properties of the Apache Kafka producer client.
(string) --
(string) --
{'topicRuleDestination': {'createdAt': 'timestamp',
'lastUpdatedAt': 'timestamp',
'status': {'DELETING'},
'vpcProperties': {'roleArn': 'string',
'securityGroups': ['string'],
'subnetIds': ['string'],
'vpcId': 'string'}}}
Gets information about a topic rule destination.
See also: AWS API Documentation
Request Syntax
client.get_topic_rule_destination(
arn='string'
)
string
[REQUIRED]
The ARN of the topic rule destination.
dict
Response Syntax
{
'topicRuleDestination': {
'arn': 'string',
'status': 'ENABLED'|'IN_PROGRESS'|'DISABLED'|'ERROR'|'DELETING',
'createdAt': datetime(2015, 1, 1),
'lastUpdatedAt': datetime(2015, 1, 1),
'statusReason': 'string',
'httpUrlProperties': {
'confirmationUrl': 'string'
},
'vpcProperties': {
'subnetIds': [
'string',
],
'securityGroups': [
'string',
],
'vpcId': 'string',
'roleArn': 'string'
}
}
}
Response Structure
(dict) --
topicRuleDestination (dict) --
The topic rule destination.
arn (string) --
The topic rule destination URL.
status (string) --
The status of the topic rule destination. Valid values are:
IN_PROGRESS
A topic rule destination was created but has not been confirmed. You can set status to IN_PROGRESS by calling UpdateTopicRuleDestination . Calling UpdateTopicRuleDestination causes a new confirmation challenge to be sent to your confirmation endpoint.
ENABLED
Confirmation was completed, and traffic to this destination is allowed. You can set status to DISABLED by calling UpdateTopicRuleDestination .
DISABLED
Confirmation was completed, and traffic to this destination is not allowed. You can set status to ENABLED by calling UpdateTopicRuleDestination .
ERROR
Confirmation could not be completed, for example if the confirmation timed out. You can call GetTopicRuleDestination for details about the error. You can set status to IN_PROGRESS by calling UpdateTopicRuleDestination . Calling UpdateTopicRuleDestination causes a new confirmation challenge to be sent to your confirmation endpoint.
createdAt (datetime) --
The date and time when the topic rule destination was created.
lastUpdatedAt (datetime) --
The date and time when the topic rule destination was last updated.
statusReason (string) --
Additional details or reason why the topic rule destination is in the current status.
httpUrlProperties (dict) --
Properties of the HTTP URL.
confirmationUrl (string) --
The URL used to confirm the HTTP topic rule destination URL.
vpcProperties (dict) --
Properties of the virtual private cloud (VPC) connection.
subnetIds (list) --
The subnet IDs of the VPC destination.
(string) --
securityGroups (list) --
The security groups of the VPC destination.
(string) --
vpcId (string) --
The ID of the VPC.
roleArn (string) --
The ARN of a role that has permission to create and attach to elastic network interfaces (ENIs).
{'behaviorCriteriaType': 'STATIC | STATISTICAL | MACHINE_LEARNING',
'listSuppressedAlerts': 'boolean'}
Response {'activeViolations': {'behavior': {'criteria': {'comparisonOperator': {'in-set',
'not-in-set'},
'mlDetectionConfig': {'confidenceLevel': 'LOW '
'| '
'MEDIUM '
'| '
'HIGH'},
'value': {'number': 'double',
'numbers': ['double'],
'strings': ['string']}},
'suppressAlerts': 'boolean'},
'lastViolationValue': {'number': 'double',
'numbers': ['double'],
'strings': ['string']},
'violationEventAdditionalInfo': {'confidenceLevel': 'LOW '
'| '
'MEDIUM '
'| '
'HIGH'}}}
Lists the active violations for a given Device Defender security profile.
See also: AWS API Documentation
Request Syntax
client.list_active_violations(
thingName='string',
securityProfileName='string',
behaviorCriteriaType='STATIC'|'STATISTICAL'|'MACHINE_LEARNING',
listSuppressedAlerts=True|False,
nextToken='string',
maxResults=123
)
string
The name of the thing whose active violations are listed.
string
The name of the Device Defender security profile for which violations are listed.
string
The criteria for a behavior.
boolean
A list of all suppressed alerts.
string
The token for the next set of results.
integer
The maximum number of results to return at one time.
dict
Response Syntax
{
'activeViolations': [
{
'violationId': 'string',
'thingName': 'string',
'securityProfileName': 'string',
'behavior': {
'name': 'string',
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
},
'criteria': {
'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set'|'in-set'|'not-in-set',
'value': {
'count': 123,
'cidrs': [
'string',
],
'ports': [
123,
],
'number': 123.0,
'numbers': [
123.0,
],
'strings': [
'string',
]
},
'durationSeconds': 123,
'consecutiveDatapointsToAlarm': 123,
'consecutiveDatapointsToClear': 123,
'statisticalThreshold': {
'statistic': 'string'
},
'mlDetectionConfig': {
'confidenceLevel': 'LOW'|'MEDIUM'|'HIGH'
}
},
'suppressAlerts': True|False
},
'lastViolationValue': {
'count': 123,
'cidrs': [
'string',
],
'ports': [
123,
],
'number': 123.0,
'numbers': [
123.0,
],
'strings': [
'string',
]
},
'violationEventAdditionalInfo': {
'confidenceLevel': 'LOW'|'MEDIUM'|'HIGH'
},
'lastViolationTime': datetime(2015, 1, 1),
'violationStartTime': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
activeViolations (list) --
The list of active violations.
(dict) --
Information about an active Device Defender security profile behavior violation.
violationId (string) --
The ID of the active violation.
thingName (string) --
The name of the thing responsible for the active violation.
securityProfileName (string) --
The security profile with the behavior is in violation.
behavior (dict) --
The behavior that is being violated.
name (string) --
The name you've given to the behavior.
metric (string) --
What is measured by the behavior.
metricDimension (dict) --
The dimension for a metric in your behavior. For example, using a TOPIC_FILTER dimension, you can narrow down the scope of the metric to only MQTT topics where the name matches the pattern specified in the dimension. This can't be used with custom metrics.
dimensionName (string) --
A unique identifier for the dimension.
operator (string) --
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
criteria (dict) --
The criteria that determine if a device is behaving normally in regard to the metric .
comparisonOperator (string) --
The operator that relates the thing measured ( metric ) to the criteria (containing a value or statisticalThreshold ). Valid operators include:
string-list : in-set and not-in-set
number-list : in-set and not-in-set
ip-address-list : in-cidr-set and not-in-cidr-set
number : less-than , less-than-equals , greater-than , and greater-than-equals
value (dict) --
The value to be compared with the metric .
count (integer) --
If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .
cidrs (list) --
If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .
(string) --
ports (list) --
If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .
(integer) --
number (float) --
The numeral value of a metric.
numbers (list) --
The numeral values of a metric.
(float) --
strings (list) --
The string values of a metric.
(string) --
durationSeconds (integer) --
Use this to specify the time duration over which the behavior is evaluated, for those criteria that have a time dimension (for example, NUM_MESSAGES_SENT ). For a statisticalThreshhold metric comparison, measurements from all devices are accumulated over this time duration before being used to calculate percentiles, and later, measurements from an individual device are also accumulated over this time duration before being given a percentile rank. Cannot be used with list-based metric datatypes.
consecutiveDatapointsToAlarm (integer) --
If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.
consecutiveDatapointsToClear (integer) --
If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.
statisticalThreshold (dict) --
A statistical ranking (percentile)that indicates a threshold value by which a behavior is determined to be in compliance or in violation of the behavior.
statistic (string) --
The percentile that resolves to a threshold value by which compliance with a behavior is determined. Metrics are collected over the specified period ( durationSeconds ) from all reporting devices in your account and statistical ranks are calculated. Then, the measurements from a device are collected over the same period. If the accumulated measurements from the device fall above or below ( comparisonOperator ) the value associated with the percentile specified, then the device is considered to be in compliance with the behavior, otherwise a violation occurs.
mlDetectionConfig (dict) --
The configuration of an ML Detect
confidenceLevel (string) --
The sensitivity of anomalous behavior evaluation. Can be Low , Medium , or High .
suppressAlerts (boolean) --
Suppresses alerts.
lastViolationValue (dict) --
The value of the metric (the measurement) that caused the most recent violation.
count (integer) --
If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .
cidrs (list) --
If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .
(string) --
ports (list) --
If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .
(integer) --
number (float) --
The numeral value of a metric.
numbers (list) --
The numeral values of a metric.
(float) --
strings (list) --
The string values of a metric.
(string) --
violationEventAdditionalInfo (dict) --
The details of a violation event.
confidenceLevel (string) --
The sensitivity of anomalous behavior evaluation. Can be Low , Medium , or High .
lastViolationTime (datetime) --
The time the most recent violation occurred.
violationStartTime (datetime) --
The time the violation started.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
{'metricName': 'string'}
Lists the Device Defender security profiles you've created. You can filter security profiles by dimension or custom metric.
Note
dimensionName and metricName cannot be used in the same request.
See also: AWS API Documentation
Request Syntax
client.list_security_profiles(
nextToken='string',
maxResults=123,
dimensionName='string',
metricName='string'
)
string
The token for the next set of results.
integer
The maximum number of results to return at one time.
string
A filter to limit results to the security profiles that use the defined dimension. Cannot be used with metricName
string
The name of the custom metric. Cannot be used with dimensionName .
dict
Response Syntax
{
'securityProfileIdentifiers': [
{
'name': 'string',
'arn': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
securityProfileIdentifiers (list) --
A list of security profile identifiers (names and ARNs).
(dict) --
Identifying information for a Device Defender security profile.
name (string) --
The name you've given to the security profile.
arn (string) --
The ARN of the security profile.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
{'destinationSummaries': {'createdAt': 'timestamp',
'lastUpdatedAt': 'timestamp',
'status': {'DELETING'},
'vpcDestinationSummary': {'roleArn': 'string',
'securityGroups': ['string'],
'subnetIds': ['string'],
'vpcId': 'string'}}}
Lists all the topic rule destinations in your AWS account.
See also: AWS API Documentation
Request Syntax
client.list_topic_rule_destinations(
maxResults=123,
nextToken='string'
)
integer
The maximum number of results to return at one time.
string
To retrieve the next set of results, the nextToken value from a previous response; otherwise null to receive the first set of results.
dict
Response Syntax
{
'destinationSummaries': [
{
'arn': 'string',
'status': 'ENABLED'|'IN_PROGRESS'|'DISABLED'|'ERROR'|'DELETING',
'createdAt': datetime(2015, 1, 1),
'lastUpdatedAt': datetime(2015, 1, 1),
'statusReason': 'string',
'httpUrlSummary': {
'confirmationUrl': 'string'
},
'vpcDestinationSummary': {
'subnetIds': [
'string',
],
'securityGroups': [
'string',
],
'vpcId': 'string',
'roleArn': 'string'
}
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
destinationSummaries (list) --
Information about a topic rule destination.
(dict) --
Information about the topic rule destination.
arn (string) --
The topic rule destination ARN.
status (string) --
The status of the topic rule destination. Valid values are:
IN_PROGRESS
A topic rule destination was created but has not been confirmed. You can set status to IN_PROGRESS by calling UpdateTopicRuleDestination . Calling UpdateTopicRuleDestination causes a new confirmation challenge to be sent to your confirmation endpoint.
ENABLED
Confirmation was completed, and traffic to this destination is allowed. You can set status to DISABLED by calling UpdateTopicRuleDestination .
DISABLED
Confirmation was completed, and traffic to this destination is not allowed. You can set status to ENABLED by calling UpdateTopicRuleDestination .
ERROR
Confirmation could not be completed, for example if the confirmation timed out. You can call GetTopicRuleDestination for details about the error. You can set status to IN_PROGRESS by calling UpdateTopicRuleDestination . Calling UpdateTopicRuleDestination causes a new confirmation challenge to be sent to your confirmation endpoint.
createdAt (datetime) --
The date and time when the topic rule destination was created.
lastUpdatedAt (datetime) --
The date and time when the topic rule destination was last updated.
statusReason (string) --
The reason the topic rule destination is in the current status.
httpUrlSummary (dict) --
Information about the HTTP URL.
confirmationUrl (string) --
The URL used to confirm ownership of or access to the HTTP topic rule destination URL.
vpcDestinationSummary (dict) --
Information about the virtual private cloud (VPC) connection.
subnetIds (list) --
The subnet IDs of the VPC destination.
(string) --
securityGroups (list) --
The security groups of the VPC destination.
(string) --
vpcId (string) --
The ID of the VPC.
roleArn (string) --
The ARN of a role that has permission to create and attach to elastic network interfaces (ENIs).
nextToken (string) --
The token to use to get the next set of results, or null if there are no additional results.
{'behaviorCriteriaType': 'STATIC | STATISTICAL | MACHINE_LEARNING',
'listSuppressedAlerts': 'boolean'}
Response {'violationEvents': {'behavior': {'criteria': {'comparisonOperator': {'in-set',
'not-in-set'},
'mlDetectionConfig': {'confidenceLevel': 'LOW '
'| '
'MEDIUM '
'| '
'HIGH'},
'value': {'number': 'double',
'numbers': ['double'],
'strings': ['string']}},
'suppressAlerts': 'boolean'},
'metricValue': {'number': 'double',
'numbers': ['double'],
'strings': ['string']},
'violationEventAdditionalInfo': {'confidenceLevel': 'LOW '
'| '
'MEDIUM '
'| '
'HIGH'}}}
Lists the Device Defender security profile violations discovered during the given time period. You can use filters to limit the results to those alerts issued for a particular security profile, behavior, or thing (device).
See also: AWS API Documentation
Request Syntax
client.list_violation_events(
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1),
thingName='string',
securityProfileName='string',
behaviorCriteriaType='STATIC'|'STATISTICAL'|'MACHINE_LEARNING',
listSuppressedAlerts=True|False,
nextToken='string',
maxResults=123
)
datetime
[REQUIRED]
The start time for the alerts to be listed.
datetime
[REQUIRED]
The end time for the alerts to be listed.
string
A filter to limit results to those alerts caused by the specified thing.
string
A filter to limit results to those alerts generated by the specified security profile.
string
The criteria for a behavior.
boolean
A list of all suppressed alerts.
string
The token for the next set of results.
integer
The maximum number of results to return at one time.
dict
Response Syntax
{
'violationEvents': [
{
'violationId': 'string',
'thingName': 'string',
'securityProfileName': 'string',
'behavior': {
'name': 'string',
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
},
'criteria': {
'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set'|'in-set'|'not-in-set',
'value': {
'count': 123,
'cidrs': [
'string',
],
'ports': [
123,
],
'number': 123.0,
'numbers': [
123.0,
],
'strings': [
'string',
]
},
'durationSeconds': 123,
'consecutiveDatapointsToAlarm': 123,
'consecutiveDatapointsToClear': 123,
'statisticalThreshold': {
'statistic': 'string'
},
'mlDetectionConfig': {
'confidenceLevel': 'LOW'|'MEDIUM'|'HIGH'
}
},
'suppressAlerts': True|False
},
'metricValue': {
'count': 123,
'cidrs': [
'string',
],
'ports': [
123,
],
'number': 123.0,
'numbers': [
123.0,
],
'strings': [
'string',
]
},
'violationEventAdditionalInfo': {
'confidenceLevel': 'LOW'|'MEDIUM'|'HIGH'
},
'violationEventType': 'in-alarm'|'alarm-cleared'|'alarm-invalidated',
'violationEventTime': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
violationEvents (list) --
The security profile violation alerts issued for this account during the given time period, potentially filtered by security profile, behavior violated, or thing (device) violating.
(dict) --
Information about a Device Defender security profile behavior violation.
violationId (string) --
The ID of the violation event.
thingName (string) --
The name of the thing responsible for the violation event.
securityProfileName (string) --
The name of the security profile whose behavior was violated.
behavior (dict) --
The behavior that was violated.
name (string) --
The name you've given to the behavior.
metric (string) --
What is measured by the behavior.
metricDimension (dict) --
The dimension for a metric in your behavior. For example, using a TOPIC_FILTER dimension, you can narrow down the scope of the metric to only MQTT topics where the name matches the pattern specified in the dimension. This can't be used with custom metrics.
dimensionName (string) --
A unique identifier for the dimension.
operator (string) --
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
criteria (dict) --
The criteria that determine if a device is behaving normally in regard to the metric .
comparisonOperator (string) --
The operator that relates the thing measured ( metric ) to the criteria (containing a value or statisticalThreshold ). Valid operators include:
string-list : in-set and not-in-set
number-list : in-set and not-in-set
ip-address-list : in-cidr-set and not-in-cidr-set
number : less-than , less-than-equals , greater-than , and greater-than-equals
value (dict) --
The value to be compared with the metric .
count (integer) --
If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .
cidrs (list) --
If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .
(string) --
ports (list) --
If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .
(integer) --
number (float) --
The numeral value of a metric.
numbers (list) --
The numeral values of a metric.
(float) --
strings (list) --
The string values of a metric.
(string) --
durationSeconds (integer) --
Use this to specify the time duration over which the behavior is evaluated, for those criteria that have a time dimension (for example, NUM_MESSAGES_SENT ). For a statisticalThreshhold metric comparison, measurements from all devices are accumulated over this time duration before being used to calculate percentiles, and later, measurements from an individual device are also accumulated over this time duration before being given a percentile rank. Cannot be used with list-based metric datatypes.
consecutiveDatapointsToAlarm (integer) --
If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.
consecutiveDatapointsToClear (integer) --
If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.
statisticalThreshold (dict) --
A statistical ranking (percentile)that indicates a threshold value by which a behavior is determined to be in compliance or in violation of the behavior.
statistic (string) --
The percentile that resolves to a threshold value by which compliance with a behavior is determined. Metrics are collected over the specified period ( durationSeconds ) from all reporting devices in your account and statistical ranks are calculated. Then, the measurements from a device are collected over the same period. If the accumulated measurements from the device fall above or below ( comparisonOperator ) the value associated with the percentile specified, then the device is considered to be in compliance with the behavior, otherwise a violation occurs.
mlDetectionConfig (dict) --
The configuration of an ML Detect
confidenceLevel (string) --
The sensitivity of anomalous behavior evaluation. Can be Low , Medium , or High .
suppressAlerts (boolean) --
Suppresses alerts.
metricValue (dict) --
The value of the metric (the measurement).
count (integer) --
If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .
cidrs (list) --
If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .
(string) --
ports (list) --
If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .
(integer) --
number (float) --
The numeral value of a metric.
numbers (list) --
The numeral values of a metric.
(float) --
strings (list) --
The string values of a metric.
(string) --
violationEventAdditionalInfo (dict) --
The details of a violation event.
confidenceLevel (string) --
The sensitivity of anomalous behavior evaluation. Can be Low , Medium , or High .
violationEventType (string) --
The type of violation event.
violationEventTime (datetime) --
The time the violation event occurred.
nextToken (string) --
A token that can be used to retrieve the next set of results, or null if there are no additional results.
{'topicRulePayload': {'actions': {'kafka': {'clientProperties': {'string': 'string'},
'destinationArn': 'string',
'key': 'string',
'partition': 'string',
'topic': 'string'}},
'errorAction': {'kafka': {'clientProperties': {'string': 'string'},
'destinationArn': 'string',
'key': 'string',
'partition': 'string',
'topic': 'string'}}}}
Replaces the rule. You must specify all parameters for the new rule. Creating rules is an administrator-level action. Any user who has permission to create rules will be able to access data processed by the rule.
See also: AWS API Documentation
Request Syntax
client.replace_topic_rule(
ruleName='string',
topicRulePayload={
'sql': 'string',
'description': 'string',
'actions': [
{
'dynamoDB': {
'tableName': 'string',
'roleArn': 'string',
'operation': 'string',
'hashKeyField': 'string',
'hashKeyValue': 'string',
'hashKeyType': 'STRING'|'NUMBER',
'rangeKeyField': 'string',
'rangeKeyValue': 'string',
'rangeKeyType': 'STRING'|'NUMBER',
'payloadField': 'string'
},
'dynamoDBv2': {
'roleArn': 'string',
'putItem': {
'tableName': 'string'
}
},
'lambda': {
'functionArn': 'string'
},
'sns': {
'targetArn': 'string',
'roleArn': 'string',
'messageFormat': 'RAW'|'JSON'
},
'sqs': {
'roleArn': 'string',
'queueUrl': 'string',
'useBase64': True|False
},
'kinesis': {
'roleArn': 'string',
'streamName': 'string',
'partitionKey': 'string'
},
'republish': {
'roleArn': 'string',
'topic': 'string',
'qos': 123
},
's3': {
'roleArn': 'string',
'bucketName': 'string',
'key': 'string',
'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
},
'firehose': {
'roleArn': 'string',
'deliveryStreamName': 'string',
'separator': 'string',
'batchMode': True|False
},
'cloudwatchMetric': {
'roleArn': 'string',
'metricNamespace': 'string',
'metricName': 'string',
'metricValue': 'string',
'metricUnit': 'string',
'metricTimestamp': 'string'
},
'cloudwatchAlarm': {
'roleArn': 'string',
'alarmName': 'string',
'stateReason': 'string',
'stateValue': 'string'
},
'cloudwatchLogs': {
'roleArn': 'string',
'logGroupName': 'string'
},
'elasticsearch': {
'roleArn': 'string',
'endpoint': 'string',
'index': 'string',
'type': 'string',
'id': 'string'
},
'salesforce': {
'token': 'string',
'url': 'string'
},
'iotAnalytics': {
'channelArn': 'string',
'channelName': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotEvents': {
'inputName': 'string',
'messageId': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotSiteWise': {
'putAssetPropertyValueEntries': [
{
'entryId': 'string',
'assetId': 'string',
'propertyId': 'string',
'propertyAlias': 'string',
'propertyValues': [
{
'value': {
'stringValue': 'string',
'integerValue': 'string',
'doubleValue': 'string',
'booleanValue': 'string'
},
'timestamp': {
'timeInSeconds': 'string',
'offsetInNanos': 'string'
},
'quality': 'string'
},
]
},
],
'roleArn': 'string'
},
'stepFunctions': {
'executionNamePrefix': 'string',
'stateMachineName': 'string',
'roleArn': 'string'
},
'timestream': {
'roleArn': 'string',
'databaseName': 'string',
'tableName': 'string',
'dimensions': [
{
'name': 'string',
'value': 'string'
},
],
'timestamp': {
'value': 'string',
'unit': 'string'
}
},
'http': {
'url': 'string',
'confirmationUrl': 'string',
'headers': [
{
'key': 'string',
'value': 'string'
},
],
'auth': {
'sigv4': {
'signingRegion': 'string',
'serviceName': 'string',
'roleArn': 'string'
}
}
},
'kafka': {
'destinationArn': 'string',
'topic': 'string',
'key': 'string',
'partition': 'string',
'clientProperties': {
'string': 'string'
}
}
},
],
'ruleDisabled': True|False,
'awsIotSqlVersion': 'string',
'errorAction': {
'dynamoDB': {
'tableName': 'string',
'roleArn': 'string',
'operation': 'string',
'hashKeyField': 'string',
'hashKeyValue': 'string',
'hashKeyType': 'STRING'|'NUMBER',
'rangeKeyField': 'string',
'rangeKeyValue': 'string',
'rangeKeyType': 'STRING'|'NUMBER',
'payloadField': 'string'
},
'dynamoDBv2': {
'roleArn': 'string',
'putItem': {
'tableName': 'string'
}
},
'lambda': {
'functionArn': 'string'
},
'sns': {
'targetArn': 'string',
'roleArn': 'string',
'messageFormat': 'RAW'|'JSON'
},
'sqs': {
'roleArn': 'string',
'queueUrl': 'string',
'useBase64': True|False
},
'kinesis': {
'roleArn': 'string',
'streamName': 'string',
'partitionKey': 'string'
},
'republish': {
'roleArn': 'string',
'topic': 'string',
'qos': 123
},
's3': {
'roleArn': 'string',
'bucketName': 'string',
'key': 'string',
'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
},
'firehose': {
'roleArn': 'string',
'deliveryStreamName': 'string',
'separator': 'string',
'batchMode': True|False
},
'cloudwatchMetric': {
'roleArn': 'string',
'metricNamespace': 'string',
'metricName': 'string',
'metricValue': 'string',
'metricUnit': 'string',
'metricTimestamp': 'string'
},
'cloudwatchAlarm': {
'roleArn': 'string',
'alarmName': 'string',
'stateReason': 'string',
'stateValue': 'string'
},
'cloudwatchLogs': {
'roleArn': 'string',
'logGroupName': 'string'
},
'elasticsearch': {
'roleArn': 'string',
'endpoint': 'string',
'index': 'string',
'type': 'string',
'id': 'string'
},
'salesforce': {
'token': 'string',
'url': 'string'
},
'iotAnalytics': {
'channelArn': 'string',
'channelName': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotEvents': {
'inputName': 'string',
'messageId': 'string',
'batchMode': True|False,
'roleArn': 'string'
},
'iotSiteWise': {
'putAssetPropertyValueEntries': [
{
'entryId': 'string',
'assetId': 'string',
'propertyId': 'string',
'propertyAlias': 'string',
'propertyValues': [
{
'value': {
'stringValue': 'string',
'integerValue': 'string',
'doubleValue': 'string',
'booleanValue': 'string'
},
'timestamp': {
'timeInSeconds': 'string',
'offsetInNanos': 'string'
},
'quality': 'string'
},
]
},
],
'roleArn': 'string'
},
'stepFunctions': {
'executionNamePrefix': 'string',
'stateMachineName': 'string',
'roleArn': 'string'
},
'timestream': {
'roleArn': 'string',
'databaseName': 'string',
'tableName': 'string',
'dimensions': [
{
'name': 'string',
'value': 'string'
},
],
'timestamp': {
'value': 'string',
'unit': 'string'
}
},
'http': {
'url': 'string',
'confirmationUrl': 'string',
'headers': [
{
'key': 'string',
'value': 'string'
},
],
'auth': {
'sigv4': {
'signingRegion': 'string',
'serviceName': 'string',
'roleArn': 'string'
}
}
},
'kafka': {
'destinationArn': 'string',
'topic': 'string',
'key': 'string',
'partition': 'string',
'clientProperties': {
'string': 'string'
}
}
}
}
)
string
[REQUIRED]
The name of the rule.
dict
[REQUIRED]
The rule payload.
sql (string) -- [REQUIRED]
The SQL statement used to query the topic. For more information, see AWS IoT SQL Reference in the AWS IoT Developer Guide .
description (string) --
The description of the rule.
actions (list) -- [REQUIRED]
The actions associated with the rule.
(dict) --
Describes the actions associated with a rule.
dynamoDB (dict) --
Write to a DynamoDB table.
tableName (string) -- [REQUIRED]
The name of the DynamoDB table.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the DynamoDB table.
operation (string) --
The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .
hashKeyField (string) -- [REQUIRED]
The hash key name.
hashKeyValue (string) -- [REQUIRED]
The hash key value.
hashKeyType (string) --
The hash key type. Valid values are "STRING" or "NUMBER"
rangeKeyField (string) --
The range key name.
rangeKeyValue (string) --
The range key value.
rangeKeyType (string) --
The range key type. Valid values are "STRING" or "NUMBER"
payloadField (string) --
The action payload. This name can be customized.
dynamoDBv2 (dict) --
Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the DynamoDB table.
putItem (dict) -- [REQUIRED]
Specifies the DynamoDB table to which the message data will be written. For example:
{ "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }
Each attribute in the message payload will be written to a separate column in the DynamoDB database.
tableName (string) -- [REQUIRED]
The table where the message data will be written.
lambda (dict) --
Invoke a Lambda function.
functionArn (string) -- [REQUIRED]
The ARN of the Lambda function.
sns (dict) --
Publish to an Amazon SNS topic.
targetArn (string) -- [REQUIRED]
The ARN of the SNS topic.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
messageFormat (string) --
(Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see https://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.
sqs (dict) --
Publish to an Amazon SQS queue.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
queueUrl (string) -- [REQUIRED]
The URL of the Amazon SQS queue.
useBase64 (boolean) --
Specifies whether to use Base64 encoding.
kinesis (dict) --
Write data to an Amazon Kinesis stream.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the Amazon Kinesis stream.
streamName (string) -- [REQUIRED]
The name of the Amazon Kinesis stream.
partitionKey (string) --
The partition key.
republish (dict) --
Publish to another MQTT topic.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
topic (string) -- [REQUIRED]
The name of the MQTT topic.
qos (integer) --
The Quality of Service (QoS) level to use when republishing messages. The default value is 0.
s3 (dict) --
Write to an Amazon S3 bucket.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
bucketName (string) -- [REQUIRED]
The Amazon S3 bucket.
key (string) -- [REQUIRED]
The object key. For more information, see Actions, resources, and condition keys for Amazon S3.
cannedAcl (string) --
The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs.
firehose (dict) --
Write to an Amazon Kinesis Firehose stream.
roleArn (string) -- [REQUIRED]
The IAM role that grants access to the Amazon Kinesis Firehose stream.
deliveryStreamName (string) -- [REQUIRED]
The delivery stream name.
separator (string) --
A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).
batchMode (boolean) --
Whether to deliver the Kinesis Data Firehose stream as a batch by using PutRecordBatch. The default value is false .
When batchMode is true and the rule's SQL statement evaluates to an Array, each Array element forms one record in the PutRecordBatch request. The resulting array can't have more than 500 records.
cloudwatchMetric (dict) --
Capture a CloudWatch metric.
roleArn (string) -- [REQUIRED]
The IAM role that allows access to the CloudWatch metric.
metricNamespace (string) -- [REQUIRED]
The CloudWatch metric namespace name.
metricName (string) -- [REQUIRED]
The CloudWatch metric name.
metricValue (string) -- [REQUIRED]
The CloudWatch metric value.
metricUnit (string) -- [REQUIRED]
The metric unit supported by CloudWatch.
metricTimestamp (string) --
An optional Unix timestamp.
cloudwatchAlarm (dict) --
Change the state of a CloudWatch alarm.
roleArn (string) -- [REQUIRED]
The IAM role that allows access to the CloudWatch alarm.
alarmName (string) -- [REQUIRED]
The CloudWatch alarm name.
stateReason (string) -- [REQUIRED]
The reason for the alarm change.
stateValue (string) -- [REQUIRED]
The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.
cloudwatchLogs (dict) --
Send data to CloudWatch Logs.
roleArn (string) -- [REQUIRED]
The IAM role that allows access to the CloudWatch log.
logGroupName (string) -- [REQUIRED]
The CloudWatch log group to which the action sends data.
elasticsearch (dict) --
Write data to an Amazon Elasticsearch Service domain.
roleArn (string) -- [REQUIRED]
The IAM role ARN that has access to Elasticsearch.
endpoint (string) -- [REQUIRED]
The endpoint of your Elasticsearch domain.
index (string) -- [REQUIRED]
The Elasticsearch index where you want to store your data.
type (string) -- [REQUIRED]
The type of document you are storing.
id (string) -- [REQUIRED]
The unique identifier for the document you are storing.
salesforce (dict) --
Send a message to a Salesforce IoT Cloud Input Stream.
token (string) -- [REQUIRED]
The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
url (string) -- [REQUIRED]
The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
iotAnalytics (dict) --
Sends message data to an AWS IoT Analytics channel.
channelArn (string) --
(deprecated) The ARN of the IoT Analytics channel to which message data will be sent.
channelName (string) --
The name of the IoT Analytics channel to which message data will be sent.
batchMode (boolean) --
Whether to process the action as a batch. The default value is false .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is delivered as a separate message when passed by BatchPutMessage to the AWS IoT Analytics channel. The resulting array can't have more than 100 messages.
roleArn (string) --
The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).
iotEvents (dict) --
Sends an input to an AWS IoT Events detector.
inputName (string) -- [REQUIRED]
The name of the AWS IoT Events input.
messageId (string) --
The ID of the message. The default messageId is a new UUID value.
When batchMode is true , you can't specify a messageId --a new UUID value will be assigned.
Assign a value to this property to ensure that only one input (message) with a given messageId will be processed by an AWS IoT Events detector.
batchMode (boolean) --
Whether to process the event actions as a batch. The default value is false .
When batchMode is true , you can't specify a messageId .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is treated as a separate message when it's sent to AWS IoT Events by calling BatchPutMessage. The resulting array can't have more than 10 messages.
roleArn (string) -- [REQUIRED]
The ARN of the role that grants AWS IoT permission to send an input to an AWS IoT Events detector. ("Action":"iotevents:BatchPutMessage").
iotSiteWise (dict) --
Sends data from the MQTT message that triggered the rule to AWS IoT SiteWise asset properties.
putAssetPropertyValueEntries (list) -- [REQUIRED]
A list of asset property value entries.
(dict) --
An asset property value entry containing the following information.
entryId (string) --
Optional. A unique identifier for this entry that you can define to better track which message caused an error in case of failure. Accepts substitution templates. Defaults to a new UUID.
assetId (string) --
The ID of the AWS IoT SiteWise asset. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyId (string) --
The ID of the asset's property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyAlias (string) --
The name of the property alias associated with your asset property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyValues (list) -- [REQUIRED]
A list of property values to insert that each contain timestamp, quality, and value (TQV) information.
(dict) --
An asset property value entry containing the following information.
value (dict) -- [REQUIRED]
The value of the asset property.
stringValue (string) --
Optional. The string value of the value entry. Accepts substitution templates.
integerValue (string) --
Optional. A string that contains the integer value of the value entry. Accepts substitution templates.
doubleValue (string) --
Optional. A string that contains the double value of the value entry. Accepts substitution templates.
booleanValue (string) --
Optional. A string that contains the boolean value ( true or false ) of the value entry. Accepts substitution templates.
timestamp (dict) -- [REQUIRED]
The asset property value timestamp.
timeInSeconds (string) -- [REQUIRED]
A string that contains the time in seconds since epoch. Accepts substitution templates.
offsetInNanos (string) --
Optional. A string that contains the nanosecond time offset. Accepts substitution templates.
quality (string) --
Optional. A string that describes the quality of the value. Accepts substitution templates. Must be GOOD , BAD , or UNCERTAIN .
roleArn (string) -- [REQUIRED]
The ARN of the role that grants AWS IoT permission to send an asset property value to AWS IoTSiteWise. ( "Action": "iotsitewise:BatchPutAssetPropertyValue" ). The trust policy can restrict access to specific asset hierarchy paths.
stepFunctions (dict) --
Starts execution of a Step Functions state machine.
executionNamePrefix (string) --
(Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.
stateMachineName (string) -- [REQUIRED]
The name of the Step Functions state machine whose execution will be started.
roleArn (string) -- [REQUIRED]
The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").
timestream (dict) --
The Timestream rule action writes attributes (measures) from an MQTT message into an Amazon Timestream table. For more information, see the Timestream topic rule action documentation.
roleArn (string) -- [REQUIRED]
The ARN of the role that grants permission to write to the Amazon Timestream database table.
databaseName (string) -- [REQUIRED]
The name of an Amazon Timestream database.
tableName (string) -- [REQUIRED]
The name of the database table into which to write the measure records.
dimensions (list) -- [REQUIRED]
Metadata attributes of the time series that are written in each measure record.
(dict) --
Metadata attributes of the time series that are written in each measure record.
name (string) -- [REQUIRED]
The metadata dimension name. This is the name of the column in the Amazon Timestream database table record.
Dimensions cannot be named: measure_name , measure_value , or time . These names are reserved. Dimension names cannot start with ts_ or measure_value and they cannot contain the colon ( : ) character.
value (string) -- [REQUIRED]
The value to write in this column of the database record.
timestamp (dict) --
Specifies an application-defined value to replace the default value assigned to the Timestream record's timestamp in the time column.
You can use this property to specify the value and the precision of the Timestream record's timestamp. You can specify a value from the message payload or a value computed by a substitution template.
If omitted, the topic rule action assigns the timestamp, in milliseconds, at the time it processed the rule.
value (string) -- [REQUIRED]
An expression that returns a long epoch time value.
unit (string) -- [REQUIRED]
The precision of the timestamp value that results from the expression described in value .
Valid values: SECONDS | MILLISECONDS | MICROSECONDS | NANOSECONDS . The default is MILLISECONDS .
http (dict) --
Send data to an HTTPS endpoint.
url (string) -- [REQUIRED]
The endpoint URL. If substitution templates are used in the URL, you must also specify a confirmationUrl . If this is a new destination, a new TopicRuleDestination is created if possible.
confirmationUrl (string) --
The URL to which AWS IoT sends a confirmation message. The value of the confirmation URL must be a prefix of the endpoint URL. If you do not specify a confirmation URL AWS IoT uses the endpoint URL as the confirmation URL. If you use substitution templates in the confirmationUrl, you must create and enable topic rule destinations that match each possible value of the substitution template before traffic is allowed to your endpoint URL.
headers (list) --
The HTTP headers to send with the message data.
(dict) --
The HTTP action header.
key (string) -- [REQUIRED]
The HTTP header key.
value (string) -- [REQUIRED]
The HTTP header value. Substitution templates are supported.
auth (dict) --
The authentication method to use when sending data to an HTTPS endpoint.
sigv4 (dict) --
Use Sig V4 authorization. For more information, see Signature Version 4 Signing Process.
signingRegion (string) -- [REQUIRED]
The signing region.
serviceName (string) -- [REQUIRED]
The service name to use while signing with Sig V4.
roleArn (string) -- [REQUIRED]
The ARN of the signing role.
kafka (dict) --
Send messages to an Amazon Managed Streaming for Apache Kafka (Amazon MSK) or self-managed Apache Kafka cluster.
destinationArn (string) -- [REQUIRED]
The ARN of Kafka action's VPC TopicRuleDestination .
topic (string) -- [REQUIRED]
The Kafka topic for messages to be sent to the Kafka broker.
key (string) --
The Kafka message key.
partition (string) --
The Kafka message partition.
clientProperties (dict) -- [REQUIRED]
Properties of the Apache Kafka producer client.
(string) --
(string) --
ruleDisabled (boolean) --
Specifies whether the rule is disabled.
awsIotSqlVersion (string) --
The version of the SQL rules engine to use when evaluating the rule.
errorAction (dict) --
The action to take when an error occurs.
dynamoDB (dict) --
Write to a DynamoDB table.
tableName (string) -- [REQUIRED]
The name of the DynamoDB table.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the DynamoDB table.
operation (string) --
The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .
hashKeyField (string) -- [REQUIRED]
The hash key name.
hashKeyValue (string) -- [REQUIRED]
The hash key value.
hashKeyType (string) --
The hash key type. Valid values are "STRING" or "NUMBER"
rangeKeyField (string) --
The range key name.
rangeKeyValue (string) --
The range key value.
rangeKeyType (string) --
The range key type. Valid values are "STRING" or "NUMBER"
payloadField (string) --
The action payload. This name can be customized.
dynamoDBv2 (dict) --
Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the DynamoDB table.
putItem (dict) -- [REQUIRED]
Specifies the DynamoDB table to which the message data will be written. For example:
{ "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }
Each attribute in the message payload will be written to a separate column in the DynamoDB database.
tableName (string) -- [REQUIRED]
The table where the message data will be written.
lambda (dict) --
Invoke a Lambda function.
functionArn (string) -- [REQUIRED]
The ARN of the Lambda function.
sns (dict) --
Publish to an Amazon SNS topic.
targetArn (string) -- [REQUIRED]
The ARN of the SNS topic.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
messageFormat (string) --
(Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see https://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.
sqs (dict) --
Publish to an Amazon SQS queue.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
queueUrl (string) -- [REQUIRED]
The URL of the Amazon SQS queue.
useBase64 (boolean) --
Specifies whether to use Base64 encoding.
kinesis (dict) --
Write data to an Amazon Kinesis stream.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access to the Amazon Kinesis stream.
streamName (string) -- [REQUIRED]
The name of the Amazon Kinesis stream.
partitionKey (string) --
The partition key.
republish (dict) --
Publish to another MQTT topic.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
topic (string) -- [REQUIRED]
The name of the MQTT topic.
qos (integer) --
The Quality of Service (QoS) level to use when republishing messages. The default value is 0.
s3 (dict) --
Write to an Amazon S3 bucket.
roleArn (string) -- [REQUIRED]
The ARN of the IAM role that grants access.
bucketName (string) -- [REQUIRED]
The Amazon S3 bucket.
key (string) -- [REQUIRED]
The object key. For more information, see Actions, resources, and condition keys for Amazon S3.
cannedAcl (string) --
The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs.
firehose (dict) --
Write to an Amazon Kinesis Firehose stream.
roleArn (string) -- [REQUIRED]
The IAM role that grants access to the Amazon Kinesis Firehose stream.
deliveryStreamName (string) -- [REQUIRED]
The delivery stream name.
separator (string) --
A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).
batchMode (boolean) --
Whether to deliver the Kinesis Data Firehose stream as a batch by using PutRecordBatch. The default value is false .
When batchMode is true and the rule's SQL statement evaluates to an Array, each Array element forms one record in the PutRecordBatch request. The resulting array can't have more than 500 records.
cloudwatchMetric (dict) --
Capture a CloudWatch metric.
roleArn (string) -- [REQUIRED]
The IAM role that allows access to the CloudWatch metric.
metricNamespace (string) -- [REQUIRED]
The CloudWatch metric namespace name.
metricName (string) -- [REQUIRED]
The CloudWatch metric name.
metricValue (string) -- [REQUIRED]
The CloudWatch metric value.
metricUnit (string) -- [REQUIRED]
The metric unit supported by CloudWatch.
metricTimestamp (string) --
An optional Unix timestamp.
cloudwatchAlarm (dict) --
Change the state of a CloudWatch alarm.
roleArn (string) -- [REQUIRED]
The IAM role that allows access to the CloudWatch alarm.
alarmName (string) -- [REQUIRED]
The CloudWatch alarm name.
stateReason (string) -- [REQUIRED]
The reason for the alarm change.
stateValue (string) -- [REQUIRED]
The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.
cloudwatchLogs (dict) --
Send data to CloudWatch Logs.
roleArn (string) -- [REQUIRED]
The IAM role that allows access to the CloudWatch log.
logGroupName (string) -- [REQUIRED]
The CloudWatch log group to which the action sends data.
elasticsearch (dict) --
Write data to an Amazon Elasticsearch Service domain.
roleArn (string) -- [REQUIRED]
The IAM role ARN that has access to Elasticsearch.
endpoint (string) -- [REQUIRED]
The endpoint of your Elasticsearch domain.
index (string) -- [REQUIRED]
The Elasticsearch index where you want to store your data.
type (string) -- [REQUIRED]
The type of document you are storing.
id (string) -- [REQUIRED]
The unique identifier for the document you are storing.
salesforce (dict) --
Send a message to a Salesforce IoT Cloud Input Stream.
token (string) -- [REQUIRED]
The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
url (string) -- [REQUIRED]
The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.
iotAnalytics (dict) --
Sends message data to an AWS IoT Analytics channel.
channelArn (string) --
(deprecated) The ARN of the IoT Analytics channel to which message data will be sent.
channelName (string) --
The name of the IoT Analytics channel to which message data will be sent.
batchMode (boolean) --
Whether to process the action as a batch. The default value is false .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is delivered as a separate message when passed by BatchPutMessage to the AWS IoT Analytics channel. The resulting array can't have more than 100 messages.
roleArn (string) --
The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).
iotEvents (dict) --
Sends an input to an AWS IoT Events detector.
inputName (string) -- [REQUIRED]
The name of the AWS IoT Events input.
messageId (string) --
The ID of the message. The default messageId is a new UUID value.
When batchMode is true , you can't specify a messageId --a new UUID value will be assigned.
Assign a value to this property to ensure that only one input (message) with a given messageId will be processed by an AWS IoT Events detector.
batchMode (boolean) --
Whether to process the event actions as a batch. The default value is false .
When batchMode is true , you can't specify a messageId .
When batchMode is true and the rule SQL statement evaluates to an Array, each Array element is treated as a separate message when it's sent to AWS IoT Events by calling BatchPutMessage. The resulting array can't have more than 10 messages.
roleArn (string) -- [REQUIRED]
The ARN of the role that grants AWS IoT permission to send an input to an AWS IoT Events detector. ("Action":"iotevents:BatchPutMessage").
iotSiteWise (dict) --
Sends data from the MQTT message that triggered the rule to AWS IoT SiteWise asset properties.
putAssetPropertyValueEntries (list) -- [REQUIRED]
A list of asset property value entries.
(dict) --
An asset property value entry containing the following information.
entryId (string) --
Optional. A unique identifier for this entry that you can define to better track which message caused an error in case of failure. Accepts substitution templates. Defaults to a new UUID.
assetId (string) --
The ID of the AWS IoT SiteWise asset. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyId (string) --
The ID of the asset's property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyAlias (string) --
The name of the property alias associated with your asset property. You must specify either a propertyAlias or both an aliasId and a propertyId . Accepts substitution templates.
propertyValues (list) -- [REQUIRED]
A list of property values to insert that each contain timestamp, quality, and value (TQV) information.
(dict) --
An asset property value entry containing the following information.
value (dict) -- [REQUIRED]
The value of the asset property.
stringValue (string) --
Optional. The string value of the value entry. Accepts substitution templates.
integerValue (string) --
Optional. A string that contains the integer value of the value entry. Accepts substitution templates.
doubleValue (string) --
Optional. A string that contains the double value of the value entry. Accepts substitution templates.
booleanValue (string) --
Optional. A string that contains the boolean value ( true or false ) of the value entry. Accepts substitution templates.
timestamp (dict) -- [REQUIRED]
The asset property value timestamp.
timeInSeconds (string) -- [REQUIRED]
A string that contains the time in seconds since epoch. Accepts substitution templates.
offsetInNanos (string) --
Optional. A string that contains the nanosecond time offset. Accepts substitution templates.
quality (string) --
Optional. A string that describes the quality of the value. Accepts substitution templates. Must be GOOD , BAD , or UNCERTAIN .
roleArn (string) -- [REQUIRED]
The ARN of the role that grants AWS IoT permission to send an asset property value to AWS IoTSiteWise. ( "Action": "iotsitewise:BatchPutAssetPropertyValue" ). The trust policy can restrict access to specific asset hierarchy paths.
stepFunctions (dict) --
Starts execution of a Step Functions state machine.
executionNamePrefix (string) --
(Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.
stateMachineName (string) -- [REQUIRED]
The name of the Step Functions state machine whose execution will be started.
roleArn (string) -- [REQUIRED]
The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").
timestream (dict) --
The Timestream rule action writes attributes (measures) from an MQTT message into an Amazon Timestream table. For more information, see the Timestream topic rule action documentation.
roleArn (string) -- [REQUIRED]
The ARN of the role that grants permission to write to the Amazon Timestream database table.
databaseName (string) -- [REQUIRED]
The name of an Amazon Timestream database.
tableName (string) -- [REQUIRED]
The name of the database table into which to write the measure records.
dimensions (list) -- [REQUIRED]
Metadata attributes of the time series that are written in each measure record.
(dict) --
Metadata attributes of the time series that are written in each measure record.
name (string) -- [REQUIRED]
The metadata dimension name. This is the name of the column in the Amazon Timestream database table record.
Dimensions cannot be named: measure_name , measure_value , or time . These names are reserved. Dimension names cannot start with ts_ or measure_value and they cannot contain the colon ( : ) character.
value (string) -- [REQUIRED]
The value to write in this column of the database record.
timestamp (dict) --
Specifies an application-defined value to replace the default value assigned to the Timestream record's timestamp in the time column.
You can use this property to specify the value and the precision of the Timestream record's timestamp. You can specify a value from the message payload or a value computed by a substitution template.
If omitted, the topic rule action assigns the timestamp, in milliseconds, at the time it processed the rule.
value (string) -- [REQUIRED]
An expression that returns a long epoch time value.
unit (string) -- [REQUIRED]
The precision of the timestamp value that results from the expression described in value .
Valid values: SECONDS | MILLISECONDS | MICROSECONDS | NANOSECONDS . The default is MILLISECONDS .
http (dict) --
Send data to an HTTPS endpoint.
url (string) -- [REQUIRED]
The endpoint URL. If substitution templates are used in the URL, you must also specify a confirmationUrl . If this is a new destination, a new TopicRuleDestination is created if possible.
confirmationUrl (string) --
The URL to which AWS IoT sends a confirmation message. The value of the confirmation URL must be a prefix of the endpoint URL. If you do not specify a confirmation URL AWS IoT uses the endpoint URL as the confirmation URL. If you use substitution templates in the confirmationUrl, you must create and enable topic rule destinations that match each possible value of the substitution template before traffic is allowed to your endpoint URL.
headers (list) --
The HTTP headers to send with the message data.
(dict) --
The HTTP action header.
key (string) -- [REQUIRED]
The HTTP header key.
value (string) -- [REQUIRED]
The HTTP header value. Substitution templates are supported.
auth (dict) --
The authentication method to use when sending data to an HTTPS endpoint.
sigv4 (dict) --
Use Sig V4 authorization. For more information, see Signature Version 4 Signing Process.
signingRegion (string) -- [REQUIRED]
The signing region.
serviceName (string) -- [REQUIRED]
The service name to use while signing with Sig V4.
roleArn (string) -- [REQUIRED]
The ARN of the signing role.
kafka (dict) --
Send messages to an Amazon Managed Streaming for Apache Kafka (Amazon MSK) or self-managed Apache Kafka cluster.
destinationArn (string) -- [REQUIRED]
The ARN of Kafka action's VPC TopicRuleDestination .
topic (string) -- [REQUIRED]
The Kafka topic for messages to be sent to the Kafka broker.
key (string) --
The Kafka message key.
partition (string) --
The Kafka message partition.
clientProperties (dict) -- [REQUIRED]
Properties of the Apache Kafka producer client.
(string) --
(string) --
None
{'behaviors': {'criteria': {'comparisonOperator': {'in-set', 'not-in-set'},
'mlDetectionConfig': {'confidenceLevel': 'LOW | '
'MEDIUM | '
'HIGH'},
'value': {'number': 'double',
'numbers': ['double'],
'strings': ['string']}},
'suppressAlerts': 'boolean'}}
Updates a Device Defender security profile.
See also: AWS API Documentation
Request Syntax
client.update_security_profile(
securityProfileName='string',
securityProfileDescription='string',
behaviors=[
{
'name': 'string',
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
},
'criteria': {
'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set'|'in-set'|'not-in-set',
'value': {
'count': 123,
'cidrs': [
'string',
],
'ports': [
123,
],
'number': 123.0,
'numbers': [
123.0,
],
'strings': [
'string',
]
},
'durationSeconds': 123,
'consecutiveDatapointsToAlarm': 123,
'consecutiveDatapointsToClear': 123,
'statisticalThreshold': {
'statistic': 'string'
},
'mlDetectionConfig': {
'confidenceLevel': 'LOW'|'MEDIUM'|'HIGH'
}
},
'suppressAlerts': True|False
},
],
alertTargets={
'string': {
'alertTargetArn': 'string',
'roleArn': 'string'
}
},
additionalMetricsToRetain=[
'string',
],
additionalMetricsToRetainV2=[
{
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
}
},
],
deleteBehaviors=True|False,
deleteAlertTargets=True|False,
deleteAdditionalMetricsToRetain=True|False,
expectedVersion=123
)
string
[REQUIRED]
The name of the security profile you want to update.
string
A description of the security profile.
list
Specifies the behaviors that, when violated by a device (thing), cause an alert.
(dict) --
A Device Defender security profile behavior.
name (string) -- [REQUIRED]
The name you've given to the behavior.
metric (string) --
What is measured by the behavior.
metricDimension (dict) --
The dimension for a metric in your behavior. For example, using a TOPIC_FILTER dimension, you can narrow down the scope of the metric to only MQTT topics where the name matches the pattern specified in the dimension. This can't be used with custom metrics.
dimensionName (string) -- [REQUIRED]
A unique identifier for the dimension.
operator (string) --
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
criteria (dict) --
The criteria that determine if a device is behaving normally in regard to the metric .
comparisonOperator (string) --
The operator that relates the thing measured ( metric ) to the criteria (containing a value or statisticalThreshold ). Valid operators include:
string-list : in-set and not-in-set
number-list : in-set and not-in-set
ip-address-list : in-cidr-set and not-in-cidr-set
number : less-than , less-than-equals , greater-than , and greater-than-equals
value (dict) --
The value to be compared with the metric .
count (integer) --
If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .
cidrs (list) --
If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .
(string) --
ports (list) --
If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .
(integer) --
number (float) --
The numeral value of a metric.
numbers (list) --
The numeral values of a metric.
(float) --
strings (list) --
The string values of a metric.
(string) --
durationSeconds (integer) --
Use this to specify the time duration over which the behavior is evaluated, for those criteria that have a time dimension (for example, NUM_MESSAGES_SENT ). For a statisticalThreshhold metric comparison, measurements from all devices are accumulated over this time duration before being used to calculate percentiles, and later, measurements from an individual device are also accumulated over this time duration before being given a percentile rank. Cannot be used with list-based metric datatypes.
consecutiveDatapointsToAlarm (integer) --
If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.
consecutiveDatapointsToClear (integer) --
If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.
statisticalThreshold (dict) --
A statistical ranking (percentile)that indicates a threshold value by which a behavior is determined to be in compliance or in violation of the behavior.
statistic (string) --
The percentile that resolves to a threshold value by which compliance with a behavior is determined. Metrics are collected over the specified period ( durationSeconds ) from all reporting devices in your account and statistical ranks are calculated. Then, the measurements from a device are collected over the same period. If the accumulated measurements from the device fall above or below ( comparisonOperator ) the value associated with the percentile specified, then the device is considered to be in compliance with the behavior, otherwise a violation occurs.
mlDetectionConfig (dict) --
The configuration of an ML Detect
confidenceLevel (string) -- [REQUIRED]
The sensitivity of anomalous behavior evaluation. Can be Low , Medium , or High .
suppressAlerts (boolean) --
Suppresses alerts.
dict
Where the alerts are sent. (Alerts are always sent to the console.)
(string) --
The type of alert target: one of "SNS".
(dict) --
A structure containing the alert target ARN and the role ARN.
alertTargetArn (string) -- [REQUIRED]
The Amazon Resource Name (ARN) of the notification target to which alerts are sent.
roleArn (string) -- [REQUIRED]
The ARN of the role that grants permission to send alerts to the notification target.
list
Please use UpdateSecurityProfileRequest$additionalMetricsToRetainV2 instead.
A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors , but it is also retained for any metric specified here. Can be used with custom metrics; cannot be used with dimensions.
(string) --
list
A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors, but it is also retained for any metric specified here. Can be used with custom metrics; cannot be used with dimensions.
(dict) --
The metric you want to retain. Dimensions are optional.
metric (string) -- [REQUIRED]
What is measured by the behavior.
metricDimension (dict) --
The dimension of a metric. This can't be used with custom metrics.
dimensionName (string) -- [REQUIRED]
A unique identifier for the dimension.
operator (string) --
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
boolean
If true, delete all behaviors defined for this security profile. If any behaviors are defined in the current invocation, an exception occurs.
boolean
If true, delete all alertTargets defined for this security profile. If any alertTargets are defined in the current invocation, an exception occurs.
boolean
If true, delete all additionalMetricsToRetain defined for this security profile. If any additionalMetricsToRetain are defined in the current invocation, an exception occurs.
integer
The expected version of the security profile. A new version is generated whenever the security profile is updated. If you specify a value that is different from the actual version, a VersionConflictException is thrown.
dict
Response Syntax
{
'securityProfileName': 'string',
'securityProfileArn': 'string',
'securityProfileDescription': 'string',
'behaviors': [
{
'name': 'string',
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
},
'criteria': {
'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set'|'in-set'|'not-in-set',
'value': {
'count': 123,
'cidrs': [
'string',
],
'ports': [
123,
],
'number': 123.0,
'numbers': [
123.0,
],
'strings': [
'string',
]
},
'durationSeconds': 123,
'consecutiveDatapointsToAlarm': 123,
'consecutiveDatapointsToClear': 123,
'statisticalThreshold': {
'statistic': 'string'
},
'mlDetectionConfig': {
'confidenceLevel': 'LOW'|'MEDIUM'|'HIGH'
}
},
'suppressAlerts': True|False
},
],
'alertTargets': {
'string': {
'alertTargetArn': 'string',
'roleArn': 'string'
}
},
'additionalMetricsToRetain': [
'string',
],
'additionalMetricsToRetainV2': [
{
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
}
},
],
'version': 123,
'creationDate': datetime(2015, 1, 1),
'lastModifiedDate': datetime(2015, 1, 1)
}
Response Structure
(dict) --
securityProfileName (string) --
The name of the security profile that was updated.
securityProfileArn (string) --
The ARN of the security profile that was updated.
securityProfileDescription (string) --
The description of the security profile.
behaviors (list) --
Specifies the behaviors that, when violated by a device (thing), cause an alert.
(dict) --
A Device Defender security profile behavior.
name (string) --
The name you've given to the behavior.
metric (string) --
What is measured by the behavior.
metricDimension (dict) --
The dimension for a metric in your behavior. For example, using a TOPIC_FILTER dimension, you can narrow down the scope of the metric to only MQTT topics where the name matches the pattern specified in the dimension. This can't be used with custom metrics.
dimensionName (string) --
A unique identifier for the dimension.
operator (string) --
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
criteria (dict) --
The criteria that determine if a device is behaving normally in regard to the metric .
comparisonOperator (string) --
The operator that relates the thing measured ( metric ) to the criteria (containing a value or statisticalThreshold ). Valid operators include:
string-list : in-set and not-in-set
number-list : in-set and not-in-set
ip-address-list : in-cidr-set and not-in-cidr-set
number : less-than , less-than-equals , greater-than , and greater-than-equals
value (dict) --
The value to be compared with the metric .
count (integer) --
If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .
cidrs (list) --
If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .
(string) --
ports (list) --
If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .
(integer) --
number (float) --
The numeral value of a metric.
numbers (list) --
The numeral values of a metric.
(float) --
strings (list) --
The string values of a metric.
(string) --
durationSeconds (integer) --
Use this to specify the time duration over which the behavior is evaluated, for those criteria that have a time dimension (for example, NUM_MESSAGES_SENT ). For a statisticalThreshhold metric comparison, measurements from all devices are accumulated over this time duration before being used to calculate percentiles, and later, measurements from an individual device are also accumulated over this time duration before being given a percentile rank. Cannot be used with list-based metric datatypes.
consecutiveDatapointsToAlarm (integer) --
If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.
consecutiveDatapointsToClear (integer) --
If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.
statisticalThreshold (dict) --
A statistical ranking (percentile)that indicates a threshold value by which a behavior is determined to be in compliance or in violation of the behavior.
statistic (string) --
The percentile that resolves to a threshold value by which compliance with a behavior is determined. Metrics are collected over the specified period ( durationSeconds ) from all reporting devices in your account and statistical ranks are calculated. Then, the measurements from a device are collected over the same period. If the accumulated measurements from the device fall above or below ( comparisonOperator ) the value associated with the percentile specified, then the device is considered to be in compliance with the behavior, otherwise a violation occurs.
mlDetectionConfig (dict) --
The configuration of an ML Detect
confidenceLevel (string) --
The sensitivity of anomalous behavior evaluation. Can be Low , Medium , or High .
suppressAlerts (boolean) --
Suppresses alerts.
alertTargets (dict) --
Where the alerts are sent. (Alerts are always sent to the console.)
(string) --
The type of alert target: one of "SNS".
(dict) --
A structure containing the alert target ARN and the role ARN.
alertTargetArn (string) --
The Amazon Resource Name (ARN) of the notification target to which alerts are sent.
roleArn (string) --
The ARN of the role that grants permission to send alerts to the notification target.
additionalMetricsToRetain (list) --
Please use UpdateSecurityProfileResponse$additionalMetricsToRetainV2 instead.
A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the security profile's behaviors , but it is also retained for any metric specified here.
(string) --
additionalMetricsToRetainV2 (list) --
A list of metrics whose data is retained (stored). By default, data is retained for any metric used in the profile's behaviors, but it is also retained for any metric specified here. Can be used with custom metrics; cannot be used with dimensions.
(dict) --
The metric you want to retain. Dimensions are optional.
metric (string) --
What is measured by the behavior.
metricDimension (dict) --
The dimension of a metric. This can't be used with custom metrics.
dimensionName (string) --
A unique identifier for the dimension.
operator (string) --
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
version (integer) --
The updated version of the security profile.
creationDate (datetime) --
The time the security profile was created.
lastModifiedDate (datetime) --
The time the security profile was last modified.
{'status': {'DELETING'}}
Updates a topic rule destination. You use this to change the status, endpoint URL, or confirmation URL of the destination.
See also: AWS API Documentation
Request Syntax
client.update_topic_rule_destination(
arn='string',
status='ENABLED'|'IN_PROGRESS'|'DISABLED'|'ERROR'|'DELETING'
)
string
[REQUIRED]
The ARN of the topic rule destination.
string
[REQUIRED]
The status of the topic rule destination. Valid values are:
IN_PROGRESS
A topic rule destination was created but has not been confirmed. You can set status to IN_PROGRESS by calling UpdateTopicRuleDestination . Calling UpdateTopicRuleDestination causes a new confirmation challenge to be sent to your confirmation endpoint.
ENABLED
Confirmation was completed, and traffic to this destination is allowed. You can set status to DISABLED by calling UpdateTopicRuleDestination .
DISABLED
Confirmation was completed, and traffic to this destination is not allowed. You can set status to ENABLED by calling UpdateTopicRuleDestination .
ERROR
Confirmation could not be completed, for example if the confirmation timed out. You can call GetTopicRuleDestination for details about the error. You can set status to IN_PROGRESS by calling UpdateTopicRuleDestination . Calling UpdateTopicRuleDestination causes a new confirmation challenge to be sent to your confirmation endpoint.
dict
Response Syntax
{}
Response Structure
(dict) --
{'behaviors': {'criteria': {'comparisonOperator': {'in-set', 'not-in-set'},
'mlDetectionConfig': {'confidenceLevel': 'LOW | '
'MEDIUM | '
'HIGH'},
'value': {'number': 'double',
'numbers': ['double'],
'strings': ['string']}},
'suppressAlerts': 'boolean'}}
Validates a Device Defender security profile behaviors specification.
See also: AWS API Documentation
Request Syntax
client.validate_security_profile_behaviors(
behaviors=[
{
'name': 'string',
'metric': 'string',
'metricDimension': {
'dimensionName': 'string',
'operator': 'IN'|'NOT_IN'
},
'criteria': {
'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set'|'in-set'|'not-in-set',
'value': {
'count': 123,
'cidrs': [
'string',
],
'ports': [
123,
],
'number': 123.0,
'numbers': [
123.0,
],
'strings': [
'string',
]
},
'durationSeconds': 123,
'consecutiveDatapointsToAlarm': 123,
'consecutiveDatapointsToClear': 123,
'statisticalThreshold': {
'statistic': 'string'
},
'mlDetectionConfig': {
'confidenceLevel': 'LOW'|'MEDIUM'|'HIGH'
}
},
'suppressAlerts': True|False
},
]
)
list
[REQUIRED]
Specifies the behaviors that, when violated by a device (thing), cause an alert.
(dict) --
A Device Defender security profile behavior.
name (string) -- [REQUIRED]
The name you've given to the behavior.
metric (string) --
What is measured by the behavior.
metricDimension (dict) --
The dimension for a metric in your behavior. For example, using a TOPIC_FILTER dimension, you can narrow down the scope of the metric to only MQTT topics where the name matches the pattern specified in the dimension. This can't be used with custom metrics.
dimensionName (string) -- [REQUIRED]
A unique identifier for the dimension.
operator (string) --
Defines how the dimensionValues of a dimension are interpreted. For example, for dimension type TOPIC_FILTER, the IN operator, a message will be counted only if its topic matches one of the topic filters. With NOT_IN operator, a message will be counted only if it doesn't match any of the topic filters. The operator is optional: if it's not provided (is null ), it will be interpreted as IN .
criteria (dict) --
The criteria that determine if a device is behaving normally in regard to the metric .
comparisonOperator (string) --
The operator that relates the thing measured ( metric ) to the criteria (containing a value or statisticalThreshold ). Valid operators include:
string-list : in-set and not-in-set
number-list : in-set and not-in-set
ip-address-list : in-cidr-set and not-in-cidr-set
number : less-than , less-than-equals , greater-than , and greater-than-equals
value (dict) --
The value to be compared with the metric .
count (integer) --
If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .
cidrs (list) --
If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .
(string) --
ports (list) --
If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .
(integer) --
number (float) --
The numeral value of a metric.
numbers (list) --
The numeral values of a metric.
(float) --
strings (list) --
The string values of a metric.
(string) --
durationSeconds (integer) --
Use this to specify the time duration over which the behavior is evaluated, for those criteria that have a time dimension (for example, NUM_MESSAGES_SENT ). For a statisticalThreshhold metric comparison, measurements from all devices are accumulated over this time duration before being used to calculate percentiles, and later, measurements from an individual device are also accumulated over this time duration before being given a percentile rank. Cannot be used with list-based metric datatypes.
consecutiveDatapointsToAlarm (integer) --
If a device is in violation of the behavior for the specified number of consecutive datapoints, an alarm occurs. If not specified, the default is 1.
consecutiveDatapointsToClear (integer) --
If an alarm has occurred and the offending device is no longer in violation of the behavior for the specified number of consecutive datapoints, the alarm is cleared. If not specified, the default is 1.
statisticalThreshold (dict) --
A statistical ranking (percentile)that indicates a threshold value by which a behavior is determined to be in compliance or in violation of the behavior.
statistic (string) --
The percentile that resolves to a threshold value by which compliance with a behavior is determined. Metrics are collected over the specified period ( durationSeconds ) from all reporting devices in your account and statistical ranks are calculated. Then, the measurements from a device are collected over the same period. If the accumulated measurements from the device fall above or below ( comparisonOperator ) the value associated with the percentile specified, then the device is considered to be in compliance with the behavior, otherwise a violation occurs.
mlDetectionConfig (dict) --
The configuration of an ML Detect
confidenceLevel (string) -- [REQUIRED]
The sensitivity of anomalous behavior evaluation. Can be Low , Medium , or High .
suppressAlerts (boolean) --
Suppresses alerts.
dict
Response Syntax
{
'valid': True|False,
'validationErrors': [
{
'errorMessage': 'string'
},
]
}
Response Structure
(dict) --
valid (boolean) --
True if the behaviors were valid.
validationErrors (list) --
The list of any errors found in the behaviors.
(dict) --
Information about an error found in a behavior specification.
errorMessage (string) --
The description of an error found in the behaviors.