AWS API Changes

2022/11/28 - CloudWatch Observability Access Manager - 15 new api methods

Changes Amazon CloudWatch Observability Access Manager is a new service that allows configuration of the CloudWatch cross-account observability feature.

DeleteSink (new)

Link ¶

Deletes a sink. You must delete all links to a sink before you can delete that sink.

See also: AWS API Documentation

Request Syntax

client.delete_sink(
    Identifier='string'
)

type Identifier:

string

param Identifier:

[REQUIRED]

The ARN of the sink to delete.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

(dict) --

ListLinks (new)

Link ¶

Use this operation in a source account to return a list of links to monitoring account sinks that this source account has.

To find a list of links for one monitoring account sink, use ListAttachedLinks from within the monitoring account.

See also: AWS API Documentation

Request Syntax

client.list_links(
    MaxResults=123,
    NextToken='string'
)

type MaxResults:

integer

param MaxResults:

Limits the number of returned links to the specified number.

type NextToken:

string

param NextToken:

The token for the next set of items to return. You received this token from a previous call.

rtype:

dict

returns:

Response Syntax

{
    'Items': [
        {
            'Arn': 'string',
            'Id': 'string',
            'Label': 'string',
            'ResourceTypes': [
                'string',
            ],
            'SinkArn': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

(dict) --
- Items (list) --
  
  An array of structures that contain the information about the returned links.
  - (dict) --
    
    A structure that contains information about one of this source account's links to a monitoring account.
    - Arn (string) --
      
      The ARN of the link.
    - Id (string) --
      
      The random ID string that Amazon Web Services generated as part of the link ARN.
    - Label (string) --
      
      The label that was assigned to this link at creation, with the variables resolved to their actual values.
    - ResourceTypes (list) --
      
      The resource types supported by this link.
      - (string) --
    - SinkArn (string) --
      
      The ARN of the sink that this link is attached to.
- NextToken (string) --
  
  The token to use when requesting the next set of links.

TagResource (new)

Link ¶

Assigns one or more tags (key-value pairs) to the specified resource. Both sinks and links can be tagged.

Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values.

Tags don't have any semantic meaning to Amazon Web Services and are interpreted strictly as strings of characters.

You can use the TagResource action with a resource that already has tags. If you specify a new tag key for the alarm, this tag is appended to the list of tags associated with the alarm. If you specify a tag key that is already associated with the alarm, the new tag value that you specify replaces the previous value for that tag.

You can associate as many as 50 tags with a resource.

See also: AWS API Documentation

Request Syntax

client.tag_resource(
    ResourceArn='string',
    Tags={
        'string': 'string'
    }
)

type ResourceArn:

string

param ResourceArn:

[REQUIRED]

The ARN of the resource that you're adding tags to.

The ARN format of a sink is arn:aws:oam:Region:account-id:sink/sink-id

The ARN format of a link is arn:aws:oam:Region:account-id:link/link-id

For more information about ARN format, see CloudWatch Logs resources and operations.

type Tags:

dict

param Tags:

[REQUIRED]

The list of key-value pairs to associate with the resource.

(string) --
- (string) --

rtype:

dict

returns:

Response Syntax

{}

Response Structure

(dict) --

UntagResource (new)

Link ¶

Removes one or more tags from the specified resource.

See also: AWS API Documentation

Request Syntax

client.untag_resource(
    ResourceArn='string',
    TagKeys=[
        'string',
    ]
)

type ResourceArn:

string

param ResourceArn:

[REQUIRED]

The ARN of the resource that you're removing tags from.

The ARN format of a sink is arn:aws:oam:Region:account-id:sink/sink-id

The ARN format of a link is arn:aws:oam:Region:account-id:link/link-id

For more information about ARN format, see CloudWatch Logs resources and operations.

type TagKeys:

list

param TagKeys:

[REQUIRED]

The list of tag keys to remove from the resource.

(string) --

rtype:

dict

returns:

Response Syntax

{}

Response Structure

(dict) --

CreateLink (new)

Link ¶

Creates a link between a source account and a sink that you have created in a monitoring account.

Before you create a link, you must create a sink in the monitoring account and create a sink policy in that account. The sink policy must permit the source account to link to it. You can grant permission to source accounts by granting permission to an entire organization or to individual accounts.

For more information, see CreateSink and PutSinkPolicy.

Each monitoring account can be linked to as many as 100,000 source accounts.

Each source account can be linked to as many as five monitoring accounts.

See also: AWS API Documentation

Request Syntax

client.create_link(
    LabelTemplate='string',
    ResourceTypes=[
        'AWS::CloudWatch::Metric'|'AWS::Logs::LogGroup'|'AWS::XRay::Trace',
    ],
    SinkIdentifier='string',
    Tags={
        'string': 'string'
    }
)

type LabelTemplate:

string

param LabelTemplate:

[REQUIRED]

Specify a friendly human-readable name to use to identify this source account when you are viewing data from it in the monitoring account.

You can use a custom label or use the following variables:

$AccountName is the name of the account
$AccountEmail is the globally unique email address of the account
$AccountEmailNoDomain is the email address of the account without the domain name

type ResourceTypes:

list

param ResourceTypes:

[REQUIRED]

An array of strings that define which types of data that the source account shares with the monitoring account.

(string) --

type SinkIdentifier:

string

param SinkIdentifier:

[REQUIRED]

The ARN of the sink to use to create this link. You can use ListSinks to find the ARNs of sinks.

For more information about sinks, see CreateSink.

type Tags:

dict

param Tags:

Assigns one or more tags (key-value pairs) to the link.

Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values.

For more information about using tags to control access, see Controlling access to Amazon Web Services resources using tags.

(string) --
- (string) --

rtype:

dict

returns:

Response Syntax

{
    'Arn': 'string',
    'Id': 'string',
    'Label': 'string',
    'LabelTemplate': 'string',
    'ResourceTypes': [
        'string',
    ],
    'SinkArn': 'string',
    'Tags': {
        'string': 'string'
    }
}

Response Structure

(dict) --
- Arn (string) --
  
  The ARN of the link that is newly created.
- Id (string) --
  
  The random ID string that Amazon Web Services generated as part of the link ARN.
- Label (string) --
  
  The label that you assigned to this link. If the labelTemplate includes variables, this field displays the variables resolved to their actual values.
- LabelTemplate (string) --
  
  The exact label template that you specified, with the variables not resolved.
- ResourceTypes (list) --
  
  The resource types supported by this link.
  - (string) --
- SinkArn (string) --
  
  The ARN of the sink that is used for this link.
- Tags (dict) --
  
  The tags assigned to the link.
  - (string) --
    - (string) --

DeleteLink (new)

Link ¶

Deletes a link between a monitoring account sink and a source account. You must run this operation in the source account.

See also: AWS API Documentation

Request Syntax

client.delete_link(
    Identifier='string'
)

type Identifier:

string

param Identifier:

[REQUIRED]

The ARN of the link to delete.

rtype:

dict

returns:

Response Syntax

{}

Response Structure

(dict) --

UpdateLink (new)

Link ¶

Use this operation to change what types of data are shared from a source account to its linked monitoring account sink. You can't change the sink or change the monitoring account with this operation.

To update the list of tags associated with the sink, use TagResource.

See also: AWS API Documentation

Request Syntax

client.update_link(
    Identifier='string',
    ResourceTypes=[
        'AWS::CloudWatch::Metric'|'AWS::Logs::LogGroup'|'AWS::XRay::Trace',
    ]
)

type Identifier:

string

param Identifier:

[REQUIRED]

The ARN of the link that you want to update.

type ResourceTypes:

list

param ResourceTypes:

[REQUIRED]

An array of strings that define which types of data that the source account will send to the monitoring account.

Your input here replaces the current set of data types that are shared.

(string) --

rtype:

dict

returns:

Response Syntax

{
    'Arn': 'string',
    'Id': 'string',
    'Label': 'string',
    'LabelTemplate': 'string',
    'ResourceTypes': [
        'string',
    ],
    'SinkArn': 'string',
    'Tags': {
        'string': 'string'
    }
}

Response Structure

(dict) --
- Arn (string) --
  
  The ARN of the link that you have updated.
- Id (string) --
  
  The random ID string that Amazon Web Services generated as part of the sink ARN.
- Label (string) --
  
  The label assigned to this link, with the variables resolved to their actual values.
- LabelTemplate (string) --
  
  The exact label template that was specified when the link was created, with the template variables not resolved.
- ResourceTypes (list) --
  
  The resource types now supported by this link.
  - (string) --
- SinkArn (string) --
  
  The ARN of the sink that is used for this link.
- Tags (dict) --
  
  The tags assigned to the link.
  - (string) --
    - (string) --

GetSink (new)

Link ¶

Returns complete information about one monitoring account sink.

To use this operation, provide the sink ARN. To retrieve a list of sink ARNs, use ListSinks.

See also: AWS API Documentation

Request Syntax

client.get_sink(
    Identifier='string'
)

type Identifier:

string

param Identifier:

[REQUIRED]

The ARN of the sink to retrieve information for.

rtype:

dict

returns:

Response Syntax

{
    'Arn': 'string',
    'Id': 'string',
    'Name': 'string',
    'Tags': {
        'string': 'string'
    }
}

Response Structure

(dict) --
- Arn (string) --
  
  The ARN of the sink.
- Id (string) --
  
  The random ID string that Amazon Web Services generated as part of the sink ARN.
- Name (string) --
  
  The name of the sink.
- Tags (dict) --
  
  The tags assigned to the sink.
  - (string) --
    - (string) --

ListAttachedLinks (new)

Link ¶

Returns a list of source account links that are linked to this monitoring account sink.

To use this operation, provide the sink ARN. To retrieve a list of sink ARNs, use ListSinks.

To find a list of links for one source account, use ListLinks.

See also: AWS API Documentation

Request Syntax

client.list_attached_links(
    MaxResults=123,
    NextToken='string',
    SinkIdentifier='string'
)

type MaxResults:

integer

param MaxResults:

Limits the number of returned links to the specified number.

type NextToken:

string

param NextToken:

The token for the next set of items to return. You received this token from a previous call.

type SinkIdentifier:

string

param SinkIdentifier:

[REQUIRED]

The ARN of the sink that you want to retrieve links for.

rtype:

dict

returns:

Response Syntax

{
    'Items': [
        {
            'Label': 'string',
            'LinkArn': 'string',
            'ResourceTypes': [
                'string',
            ]
        },
    ],
    'NextToken': 'string'
}

Response Structure

(dict) --
- Items (list) --
  
  An array of structures that contain the information about the attached links.
  - (dict) --
    
    A structure that contains information about one link attached to this monitoring account sink.
    - Label (string) --
      
      The label that was assigned to this link at creation, with the variables resolved to their actual values.
    - LinkArn (string) --
      
      The ARN of the link.
    - ResourceTypes (list) --
      
      The resource types supported by this link.
      - (string) --
- NextToken (string) --
  
  The token to use when requesting the next set of links.

ListSinks (new)

Link ¶

Use this operation in a monitoring account to return the list of sinks created in that account.

See also: AWS API Documentation

Request Syntax

client.list_sinks(
    MaxResults=123,
    NextToken='string'
)

type MaxResults:

integer

param MaxResults:

Limits the number of returned links to the specified number.

type NextToken:

string

param NextToken:

The token for the next set of items to return. You received this token from a previous call.

rtype:

dict

returns:

Response Syntax

{
    'Items': [
        {
            'Arn': 'string',
            'Id': 'string',
            'Name': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

(dict) --
- Items (list) --
  
  An array of structures that contain the information about the returned sinks.
  - (dict) --
    
    A structure that contains information about one of this monitoring account's sinks.
    - Arn (string) --
      
      The ARN of the sink.
    - Id (string) --
      
      The random ID string that Amazon Web Services generated as part of the sink ARN.
    - Name (string) --
      
      The name of the sink.
- NextToken (string) --
  
  The token to use when requesting the next set of sinks.

GetSinkPolicy (new)

Link ¶

Returns the current sink policy attached to this sink. The sink policy specifies what accounts can attach to this sink as source accounts, and what types of data they can share.

See also: AWS API Documentation

Request Syntax

client.get_sink_policy(
    SinkIdentifier='string'
)

type SinkIdentifier:

string

param SinkIdentifier:

[REQUIRED]

The ARN of the sink to retrieve the policy of.

rtype:

dict

returns:

Response Syntax

{
    'SinkArn': 'string',
    'SinkId': 'string',
    'Policy': 'string'
}

Response Structure

(dict) --
- SinkArn (string) --
  
  The ARN of the sink.
- SinkId (string) --
  
  The random ID string that Amazon Web Services generated as part of the sink ARN.
- Policy (string) --
  
  The policy that you specified, in JSON format.

CreateSink (new)

Link ¶

Use this to create a sink in the current account, so that it can be used as a monitoring account in CloudWatch cross-account observability. A sink is a resource that represents an attachment point in a monitoring account. Source accounts can link to the sink to send observability data.

After you create a sink, you must create a sink policy that allows source accounts to attach to it. For more information, see PutSinkPolicy.

Each account can contain one sink. If you delete a sink, you can then create a new one in that account.

See also: AWS API Documentation

Request Syntax

client.create_sink(
    Name='string',
    Tags={
        'string': 'string'
    }
)

type Name:

string

param Name:

[REQUIRED]

A name for the sink.

type Tags:

dict

param Tags:

Assigns one or more tags (key-value pairs) to the link.

Tags can help you organize and categorize your resources. You can also use them to scope user permissions by granting a user permission to access or change only resources with certain tag values.

For more information about using tags to control access, see Controlling access to Amazon Web Services resources using tags.

(string) --
- (string) --

rtype:

dict

returns:

Response Syntax

{
    'Arn': 'string',
    'Id': 'string',
    'Name': 'string',
    'Tags': {
        'string': 'string'
    }
}

Response Structure

(dict) --
- Arn (string) --
  
  The ARN of the sink that is newly created.
- Id (string) --
  
  The random ID string that Amazon Web Services generated as part of the sink ARN.
- Name (string) --
  
  The name of the sink.
- Tags (dict) --
  
  The tags assigned to the sink.
  - (string) --
    - (string) --

ListTagsForResource (new)

Link ¶

Displays the tags associated with a resource. Both sinks and links support tagging.

See also: AWS API Documentation

Request Syntax

client.list_tags_for_resource(
    ResourceArn='string'
)

type ResourceArn:

string

param ResourceArn:

[REQUIRED]

The ARN of the resource that you want to view tags for.

The ARN format of a sink is arn:aws:oam:Region:account-id:sink/sink-id

The ARN format of a link is arn:aws:oam:Region:account-id:link/link-id

For more information about ARN format, see CloudWatch Logs resources and operations.

rtype:

dict

returns:

Response Syntax

{
    'Tags': {
        'string': 'string'
    }
}

Response Structure

(dict) --
- Tags (dict) --
  
  The list of tags associated with the requested resource.>
  - (string) --
    - (string) --

GetLink (new)

Link ¶

Returns complete information about one link.

To use this operation, provide the link ARN. To retrieve a list of link ARNs, use ListLinks.

See also: AWS API Documentation

Request Syntax

client.get_link(
    Identifier='string'
)

type Identifier:

string

param Identifier:

[REQUIRED]

The ARN of the link to retrieve information for.

rtype:

dict

returns:

Response Syntax

{
    'Arn': 'string',
    'Id': 'string',
    'Label': 'string',
    'LabelTemplate': 'string',
    'ResourceTypes': [
        'string',
    ],
    'SinkArn': 'string',
    'Tags': {
        'string': 'string'
    }
}

Response Structure

(dict) --
- Arn (string) --
  
  The ARN of the link.
- Id (string) --
  
  The random ID string that Amazon Web Services generated as part of the link ARN.
- Label (string) --
  
  The label that you assigned to this link, with the variables resolved to their actual values.
- LabelTemplate (string) --
  
  The exact label template that was specified when the link was created, with the template variables not resolved.
- ResourceTypes (list) --
  
  The resource types supported by this link.
  - (string) --
- SinkArn (string) --
  
  The ARN of the sink that is used for this link.
- Tags (dict) --
  
  The tags assigned to the link.
  - (string) --
    - (string) --

PutSinkPolicy (new)

Link ¶

Creates or updates the resource policy that grants permissions to source accounts to link to the monitoring account sink. When you create a sink policy, you can grant permissions to all accounts in an organization or to individual accounts.

You can also use a sink policy to limit the types of data that is shared. The three types that you can allow or deny are:

Metrics - Specify with AWS::CloudWatch::Metric
Log groups - Specify with AWS::Logs::LogGroup
Traces - Specify with AWS::XRay::Trace

See the examples in this section to see how to specify permitted source accounts and data types.

See also: AWS API Documentation

Request Syntax

client.put_sink_policy(
    SinkIdentifier='string',
    Policy='string'
)

type SinkIdentifier:

string

param SinkIdentifier:

[REQUIRED]

The ARN of the sink to attach this policy to.

type Policy:

string

param Policy:

[REQUIRED]

The JSON policy to use. If you are updating an existing policy, the entire existing policy is replaced by what you specify here.

The policy must be in JSON string format with quotation marks escaped and no newlines.

For examples of different types of policies, see the Examples section on this page.

rtype:

dict

returns:

Response Syntax

{
    'SinkArn': 'string',
    'SinkId': 'string',
    'Policy': 'string'
}

Response Structure

(dict) --
- SinkArn (string) --
  
  The ARN of the sink.
- SinkId (string) --
  
  The random ID string that Amazon Web Services generated as part of the sink ARN.
- Policy (string) --
  
  The policy that you specified.