CloudWatch Observability Admin Service

2025/08/01 - CloudWatch Observability Admin Service - 13 new api methods

Changes  CloudWatch Observability Admin adds the ability to enable telemetry on AWS resources such as Amazon VPCs (Flow Logs) in customers AWS Accounts and Organizations. The release introduces new APIs to manage telemetry rules, which define telemetry settings to be applied on AWS resources.

GetTelemetryRule (new) Link ¶

Retrieves the details of a specific telemetry rule in your account.

See also: AWS API Documentation

Request Syntax

client.get_telemetry_rule(
    RuleIdentifier='string'
)
type RuleIdentifier:

string

param RuleIdentifier:

[REQUIRED]

The identifier (name or ARN) of the telemetry rule to retrieve.

rtype:

dict

returns:

Response Syntax

{
    'RuleName': 'string',
    'RuleArn': 'string',
    'CreatedTimeStamp': 123,
    'LastUpdateTimeStamp': 123,
    'TelemetryRule': {
        'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function',
        'TelemetryType': 'Logs'|'Metrics'|'Traces',
        'DestinationConfiguration': {
            'DestinationType': 'cloud-watch-logs',
            'DestinationPattern': 'string',
            'RetentionInDays': 123,
            'VPCFlowLogParameters': {
                'LogFormat': 'string',
                'TrafficType': 'string',
                'MaxAggregationInterval': 123
            }
        },
        'Scope': 'string',
        'SelectionCriteria': 'string'
    }
}

Response Structure

  • (dict) --

    • RuleName (string) --

      The name of the telemetry rule.

    • RuleArn (string) --

      The Amazon Resource Name (ARN) of the telemetry rule.

    • CreatedTimeStamp (integer) --

      The timestamp when the telemetry rule was created.

    • LastUpdateTimeStamp (integer) --

      The timestamp when the telemetry rule was last updated.

    • TelemetryRule (dict) --

      The configuration details of the telemetry rule.

      • ResourceType (string) --

        The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC").

      • TelemetryType (string) --

        The type of telemetry to collect (Logs, Metrics, or Traces).

      • DestinationConfiguration (dict) --

        Configuration specifying where and how the telemetry data should be delivered.

        • DestinationType (string) --

          The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").

        • DestinationPattern (string) --

          The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.

        • RetentionInDays (integer) --

          The number of days to retain the telemetry data in the destination.

        • VPCFlowLogParameters (dict) --

          Configuration parameters specific to VPC Flow Logs when VPC is the resource type.

          • LogFormat (string) --

            The format in which VPC Flow Log entries should be logged.

          • TrafficType (string) --

            The type of traffic to log (ACCEPT, REJECT, or ALL).

          • MaxAggregationInterval (integer) --

            The maximum interval in seconds between the capture of flow log records.

      • Scope (string) --

        The organizational scope to which the rule applies, specified using accounts or organizational units.

      • SelectionCriteria (string) --

        Criteria for selecting which resources the rule applies to, such as resource tags.

UpdateTelemetryRuleForOrganization (new) Link ¶

Updates an existing telemetry rule that applies across an Amazon Web Services Organization. This operation can only be called by the organization's management account or a delegated administrator account.

See also: AWS API Documentation

Request Syntax

client.update_telemetry_rule_for_organization(
    RuleIdentifier='string',
    Rule={
        'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function',
        'TelemetryType': 'Logs'|'Metrics'|'Traces',
        'DestinationConfiguration': {
            'DestinationType': 'cloud-watch-logs',
            'DestinationPattern': 'string',
            'RetentionInDays': 123,
            'VPCFlowLogParameters': {
                'LogFormat': 'string',
                'TrafficType': 'string',
                'MaxAggregationInterval': 123
            }
        },
        'Scope': 'string',
        'SelectionCriteria': 'string'
    }
)
type RuleIdentifier:

string

param RuleIdentifier:

[REQUIRED]

The identifier (name or ARN) of the organization telemetry rule to update.

type Rule:

dict

param Rule:

[REQUIRED]

The new configuration details for the organization telemetry rule, including resource type, telemetry type, and destination configuration.

  • ResourceType (string) --

    The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC").

  • TelemetryType (string) -- [REQUIRED]

    The type of telemetry to collect (Logs, Metrics, or Traces).

  • DestinationConfiguration (dict) --

    Configuration specifying where and how the telemetry data should be delivered.

    • DestinationType (string) --

      The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").

    • DestinationPattern (string) --

      The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.

    • RetentionInDays (integer) --

      The number of days to retain the telemetry data in the destination.

    • VPCFlowLogParameters (dict) --

      Configuration parameters specific to VPC Flow Logs when VPC is the resource type.

      • LogFormat (string) --

        The format in which VPC Flow Log entries should be logged.

      • TrafficType (string) --

        The type of traffic to log (ACCEPT, REJECT, or ALL).

      • MaxAggregationInterval (integer) --

        The maximum interval in seconds between the capture of flow log records.

  • Scope (string) --

    The organizational scope to which the rule applies, specified using accounts or organizational units.

  • SelectionCriteria (string) --

    Criteria for selecting which resources the rule applies to, such as resource tags.

rtype:

dict

returns:

Response Syntax

{
    'RuleArn': 'string'
}

Response Structure

  • (dict) --

    • RuleArn (string) --

      The Amazon Resource Name (ARN) of the updated organization telemetry rule.

CreateTelemetryRuleForOrganization (new) Link ¶

Creates a telemetry rule that applies across an Amazon Web Services Organization. This operation can only be called by the organization's management account or a delegated administrator account.

See also: AWS API Documentation

Request Syntax

client.create_telemetry_rule_for_organization(
    RuleName='string',
    Rule={
        'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function',
        'TelemetryType': 'Logs'|'Metrics'|'Traces',
        'DestinationConfiguration': {
            'DestinationType': 'cloud-watch-logs',
            'DestinationPattern': 'string',
            'RetentionInDays': 123,
            'VPCFlowLogParameters': {
                'LogFormat': 'string',
                'TrafficType': 'string',
                'MaxAggregationInterval': 123
            }
        },
        'Scope': 'string',
        'SelectionCriteria': 'string'
    },
    Tags={
        'string': 'string'
    }
)
type RuleName:

string

param RuleName:

[REQUIRED]

A unique name for the organization-wide telemetry rule being created.

type Rule:

dict

param Rule:

[REQUIRED]

The configuration details for the organization-wide telemetry rule, including the resource type, telemetry type, destination configuration, and selection criteria for which resources the rule applies to across the organization.

  • ResourceType (string) --

    The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC").

  • TelemetryType (string) -- [REQUIRED]

    The type of telemetry to collect (Logs, Metrics, or Traces).

  • DestinationConfiguration (dict) --

    Configuration specifying where and how the telemetry data should be delivered.

    • DestinationType (string) --

      The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").

    • DestinationPattern (string) --

      The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.

    • RetentionInDays (integer) --

      The number of days to retain the telemetry data in the destination.

    • VPCFlowLogParameters (dict) --

      Configuration parameters specific to VPC Flow Logs when VPC is the resource type.

      • LogFormat (string) --

        The format in which VPC Flow Log entries should be logged.

      • TrafficType (string) --

        The type of traffic to log (ACCEPT, REJECT, or ALL).

      • MaxAggregationInterval (integer) --

        The maximum interval in seconds between the capture of flow log records.

  • Scope (string) --

    The organizational scope to which the rule applies, specified using accounts or organizational units.

  • SelectionCriteria (string) --

    Criteria for selecting which resources the rule applies to, such as resource tags.

type Tags:

dict

param Tags:

The key-value pairs to associate with the organization telemetry rule resource for categorization and management purposes.

  • (string) --

    • (string) --

rtype:

dict

returns:

Response Syntax

{
    'RuleArn': 'string'
}

Response Structure

  • (dict) --

    • RuleArn (string) --

      The Amazon Resource Name (ARN) of the created organization telemetry rule.

GetTelemetryRuleForOrganization (new) Link ¶

Retrieves the details of a specific organization telemetry rule. This operation can only be called by the organization's management account or a delegated administrator account.

See also: AWS API Documentation

Request Syntax

client.get_telemetry_rule_for_organization(
    RuleIdentifier='string'
)
type RuleIdentifier:

string

param RuleIdentifier:

[REQUIRED]

The identifier (name or ARN) of the organization telemetry rule to retrieve.

rtype:

dict

returns:

Response Syntax

{
    'RuleName': 'string',
    'RuleArn': 'string',
    'CreatedTimeStamp': 123,
    'LastUpdateTimeStamp': 123,
    'TelemetryRule': {
        'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function',
        'TelemetryType': 'Logs'|'Metrics'|'Traces',
        'DestinationConfiguration': {
            'DestinationType': 'cloud-watch-logs',
            'DestinationPattern': 'string',
            'RetentionInDays': 123,
            'VPCFlowLogParameters': {
                'LogFormat': 'string',
                'TrafficType': 'string',
                'MaxAggregationInterval': 123
            }
        },
        'Scope': 'string',
        'SelectionCriteria': 'string'
    }
}

Response Structure

  • (dict) --

    • RuleName (string) --

      The name of the organization telemetry rule.

    • RuleArn (string) --

      The Amazon Resource Name (ARN) of the organization telemetry rule.

    • CreatedTimeStamp (integer) --

      The timestamp when the organization telemetry rule was created.

    • LastUpdateTimeStamp (integer) --

      The timestamp when the organization telemetry rule was last updated.

    • TelemetryRule (dict) --

      The configuration details of the organization telemetry rule.

      • ResourceType (string) --

        The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC").

      • TelemetryType (string) --

        The type of telemetry to collect (Logs, Metrics, or Traces).

      • DestinationConfiguration (dict) --

        Configuration specifying where and how the telemetry data should be delivered.

        • DestinationType (string) --

          The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").

        • DestinationPattern (string) --

          The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.

        • RetentionInDays (integer) --

          The number of days to retain the telemetry data in the destination.

        • VPCFlowLogParameters (dict) --

          Configuration parameters specific to VPC Flow Logs when VPC is the resource type.

          • LogFormat (string) --

            The format in which VPC Flow Log entries should be logged.

          • TrafficType (string) --

            The type of traffic to log (ACCEPT, REJECT, or ALL).

          • MaxAggregationInterval (integer) --

            The maximum interval in seconds between the capture of flow log records.

      • Scope (string) --

        The organizational scope to which the rule applies, specified using accounts or organizational units.

      • SelectionCriteria (string) --

        Criteria for selecting which resources the rule applies to, such as resource tags.

ListTelemetryRulesForOrganization (new) Link ¶

Lists all telemetry rules in your organization. This operation can only be called by the organization's management account or a delegated administrator account.

See also: AWS API Documentation

Request Syntax

client.list_telemetry_rules_for_organization(
    RuleNamePrefix='string',
    SourceAccountIds=[
        'string',
    ],
    SourceOrganizationUnitIds=[
        'string',
    ],
    MaxResults=123,
    NextToken='string'
)
type RuleNamePrefix:

string

param RuleNamePrefix:

A string to filter organization telemetry rules whose names begin with the specified prefix.

type SourceAccountIds:

list

param SourceAccountIds:

The list of account IDs to filter organization telemetry rules by their source accounts.

  • (string) --

type SourceOrganizationUnitIds:

list

param SourceOrganizationUnitIds:

The list of organizational unit IDs to filter organization telemetry rules by their source organizational units.

  • (string) --

type MaxResults:

integer

param MaxResults:

The maximum number of organization telemetry rules to return in a single call.

type NextToken:

string

param NextToken:

The token for the next set of results. A previous call generates this token.

rtype:

dict

returns:

Response Syntax

{
    'TelemetryRuleSummaries': [
        {
            'RuleName': 'string',
            'RuleArn': 'string',
            'CreatedTimeStamp': 123,
            'LastUpdateTimeStamp': 123,
            'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function',
            'TelemetryType': 'Logs'|'Metrics'|'Traces'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • TelemetryRuleSummaries (list) --

      A list of organization telemetry rule summaries.

      • (dict) --

        A summary of a telemetry rule's key properties.

        • RuleName (string) --

          The name of the telemetry rule.

        • RuleArn (string) --

          The Amazon Resource Name (ARN) of the telemetry rule.

        • CreatedTimeStamp (integer) --

          The timestamp when the telemetry rule was created.

        • LastUpdateTimeStamp (integer) --

          The timestamp when the telemetry rule was last modified.

        • ResourceType (string) --

          The type of Amazon Web Services resource the rule applies to.

        • TelemetryType (string) --

          The type of telemetry (Logs, Metrics, or Traces) the rule configures.

    • NextToken (string) --

      A token to resume pagination of results.

DeleteTelemetryRule (new) Link ¶

Deletes a telemetry rule from your account. Any telemetry configurations previously created by the rule will remain but no new resources will be configured by this rule.

See also: AWS API Documentation

Request Syntax

client.delete_telemetry_rule(
    RuleIdentifier='string'
)
type RuleIdentifier:

string

param RuleIdentifier:

[REQUIRED]

The identifier (name or ARN) of the telemetry rule to delete.

returns:

None

TagResource (new) Link ¶

Adds or updates tags for a telemetry rule resource.

See also: AWS API Documentation

Request Syntax

client.tag_resource(
    ResourceARN='string',
    Tags={
        'string': 'string'
    }
)
type ResourceARN:

string

param ResourceARN:

[REQUIRED]

The Amazon Resource Name (ARN) of the telemetry rule resource to tag.

type Tags:

dict

param Tags:

[REQUIRED]

The key-value pairs to add or update for the telemetry rule resource.

  • (string) --

    • (string) --

returns:

None

ListTagsForResource (new) Link ¶

Lists all tags attached to the specified telemetry rule resource.

See also: AWS API Documentation

Request Syntax

client.list_tags_for_resource(
    ResourceARN='string'
)
type ResourceARN:

string

param ResourceARN:

[REQUIRED]

The Amazon Resource Name (ARN) of the telemetry rule resource whose tags you want to list.

rtype:

dict

returns:

Response Syntax

{
    'Tags': {
        'string': 'string'
    }
}

Response Structure

  • (dict) --

    • Tags (dict) --

      The list of tags associated with the telemetry rule resource.

      • (string) --

        • (string) --

ListTelemetryRules (new) Link ¶

Lists all telemetry rules in your account. You can filter the results by specifying a rule name prefix.

See also: AWS API Documentation

Request Syntax

client.list_telemetry_rules(
    RuleNamePrefix='string',
    MaxResults=123,
    NextToken='string'
)
type RuleNamePrefix:

string

param RuleNamePrefix:

A string to filter telemetry rules whose names begin with the specified prefix.

type MaxResults:

integer

param MaxResults:

The maximum number of telemetry rules to return in a single call.

type NextToken:

string

param NextToken:

The token for the next set of results. A previous call generates this token.

rtype:

dict

returns:

Response Syntax

{
    'TelemetryRuleSummaries': [
        {
            'RuleName': 'string',
            'RuleArn': 'string',
            'CreatedTimeStamp': 123,
            'LastUpdateTimeStamp': 123,
            'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function',
            'TelemetryType': 'Logs'|'Metrics'|'Traces'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • TelemetryRuleSummaries (list) --

      A list of telemetry rule summaries.

      • (dict) --

        A summary of a telemetry rule's key properties.

        • RuleName (string) --

          The name of the telemetry rule.

        • RuleArn (string) --

          The Amazon Resource Name (ARN) of the telemetry rule.

        • CreatedTimeStamp (integer) --

          The timestamp when the telemetry rule was created.

        • LastUpdateTimeStamp (integer) --

          The timestamp when the telemetry rule was last modified.

        • ResourceType (string) --

          The type of Amazon Web Services resource the rule applies to.

        • TelemetryType (string) --

          The type of telemetry (Logs, Metrics, or Traces) the rule configures.

    • NextToken (string) --

      A token to resume pagination of results.

CreateTelemetryRule (new) Link ¶

Creates a telemetry rule that defines how telemetry should be configured for Amazon Web Services resources in your account. The rule specifies which resources should have telemetry enabled and how that telemetry data should be collected based on resource type, telemetry type, and selection criteria.

See also: AWS API Documentation

Request Syntax

client.create_telemetry_rule(
    RuleName='string',
    Rule={
        'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function',
        'TelemetryType': 'Logs'|'Metrics'|'Traces',
        'DestinationConfiguration': {
            'DestinationType': 'cloud-watch-logs',
            'DestinationPattern': 'string',
            'RetentionInDays': 123,
            'VPCFlowLogParameters': {
                'LogFormat': 'string',
                'TrafficType': 'string',
                'MaxAggregationInterval': 123
            }
        },
        'Scope': 'string',
        'SelectionCriteria': 'string'
    },
    Tags={
        'string': 'string'
    }
)
type RuleName:

string

param RuleName:

[REQUIRED]

A unique name for the telemetry rule being created.

type Rule:

dict

param Rule:

[REQUIRED]

The configuration details for the telemetry rule, including the resource type, telemetry type, destination configuration, and selection criteria for which resources the rule applies to.

  • ResourceType (string) --

    The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC").

  • TelemetryType (string) -- [REQUIRED]

    The type of telemetry to collect (Logs, Metrics, or Traces).

  • DestinationConfiguration (dict) --

    Configuration specifying where and how the telemetry data should be delivered.

    • DestinationType (string) --

      The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").

    • DestinationPattern (string) --

      The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.

    • RetentionInDays (integer) --

      The number of days to retain the telemetry data in the destination.

    • VPCFlowLogParameters (dict) --

      Configuration parameters specific to VPC Flow Logs when VPC is the resource type.

      • LogFormat (string) --

        The format in which VPC Flow Log entries should be logged.

      • TrafficType (string) --

        The type of traffic to log (ACCEPT, REJECT, or ALL).

      • MaxAggregationInterval (integer) --

        The maximum interval in seconds between the capture of flow log records.

  • Scope (string) --

    The organizational scope to which the rule applies, specified using accounts or organizational units.

  • SelectionCriteria (string) --

    Criteria for selecting which resources the rule applies to, such as resource tags.

type Tags:

dict

param Tags:

The key-value pairs to associate with the telemetry rule resource for categorization and management purposes.

  • (string) --

    • (string) --

rtype:

dict

returns:

Response Syntax

{
    'RuleArn': 'string'
}

Response Structure

  • (dict) --

    • RuleArn (string) --

      The Amazon Resource Name (ARN) of the created telemetry rule.

DeleteTelemetryRuleForOrganization (new) Link ¶

Deletes an organization-wide telemetry rule. This operation can only be called by the organization's management account or a delegated administrator account.

See also: AWS API Documentation

Request Syntax

client.delete_telemetry_rule_for_organization(
    RuleIdentifier='string'
)
type RuleIdentifier:

string

param RuleIdentifier:

[REQUIRED]

The identifier (name or ARN) of the organization telemetry rule to delete.

returns:

None

UpdateTelemetryRule (new) Link ¶

Updates an existing telemetry rule in your account.

See also: AWS API Documentation

Request Syntax

client.update_telemetry_rule(
    RuleIdentifier='string',
    Rule={
        'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function',
        'TelemetryType': 'Logs'|'Metrics'|'Traces',
        'DestinationConfiguration': {
            'DestinationType': 'cloud-watch-logs',
            'DestinationPattern': 'string',
            'RetentionInDays': 123,
            'VPCFlowLogParameters': {
                'LogFormat': 'string',
                'TrafficType': 'string',
                'MaxAggregationInterval': 123
            }
        },
        'Scope': 'string',
        'SelectionCriteria': 'string'
    }
)
type RuleIdentifier:

string

param RuleIdentifier:

[REQUIRED]

The identifier (name or ARN) of the telemetry rule to update.

type Rule:

dict

param Rule:

[REQUIRED]

The new configuration details for the telemetry rule.

  • ResourceType (string) --

    The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC").

  • TelemetryType (string) -- [REQUIRED]

    The type of telemetry to collect (Logs, Metrics, or Traces).

  • DestinationConfiguration (dict) --

    Configuration specifying where and how the telemetry data should be delivered.

    • DestinationType (string) --

      The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").

    • DestinationPattern (string) --

      The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.

    • RetentionInDays (integer) --

      The number of days to retain the telemetry data in the destination.

    • VPCFlowLogParameters (dict) --

      Configuration parameters specific to VPC Flow Logs when VPC is the resource type.

      • LogFormat (string) --

        The format in which VPC Flow Log entries should be logged.

      • TrafficType (string) --

        The type of traffic to log (ACCEPT, REJECT, or ALL).

      • MaxAggregationInterval (integer) --

        The maximum interval in seconds between the capture of flow log records.

  • Scope (string) --

    The organizational scope to which the rule applies, specified using accounts or organizational units.

  • SelectionCriteria (string) --

    Criteria for selecting which resources the rule applies to, such as resource tags.

rtype:

dict

returns:

Response Syntax

{
    'RuleArn': 'string'
}

Response Structure

  • (dict) --

    • RuleArn (string) --

      The Amazon Resource Name (ARN) of the updated telemetry rule.

UntagResource (new) Link ¶

Removes tags from a telemetry rule resource.

See also: AWS API Documentation

Request Syntax

client.untag_resource(
    ResourceARN='string',
    TagKeys=[
        'string',
    ]
)
type ResourceARN:

string

param ResourceARN:

[REQUIRED]

The Amazon Resource Name (ARN) of the telemetry rule resource to remove tags from.

type TagKeys:

list

param TagKeys:

[REQUIRED]

The list of tag keys to remove from the telemetry rule resource.

  • (string) --

returns:

None