2025/12/02 - CloudWatch Observability Admin Service - 11 new10 updated api methods
Changes CloudWatch Observability Admin adds pipelines configuration for third party log ingestion and transformation of all logs ingested, integration of CloudWatch logs with S3 Tables, and AWS account or organization level enablement for 7 AWS services.
Creates an integration between CloudWatch and S3 Tables for analytics. This integration enables querying CloudWatch telemetry data using analytics engines like Amazon Athena, Amazon Redshift, and Apache Spark.
See also: AWS API Documentation
Request Syntax
client.create_s3_table_integration(
Encryption={
'SseAlgorithm': 'aws:kms'|'AES256',
'KmsKeyArn': 'string'
},
RoleArn='string',
Tags={
'string': 'string'
}
)
dict
[REQUIRED]
The encryption configuration for the S3 Table integration, including the encryption algorithm and KMS key settings.
SseAlgorithm (string) -- [REQUIRED]
The server-side encryption algorithm used for encrypting data in the S3 Table integration.
KmsKeyArn (string) --
The Amazon Resource Name (ARN) of the KMS key used for encryption when using customer-managed keys.
string
[REQUIRED]
The Amazon Resource Name (ARN) of the IAM role that grants permissions for the S3 Table integration to access necessary resources.
dict
The key-value pairs to associate with the S3 Table integration resource for categorization and management purposes.
(string) --
(string) --
dict
Response Syntax
{
'Arn': 'string'
}
Response Structure
(dict) --
Arn (string) --
The Amazon Resource Name (ARN) of the created S3 Table integration.
Updates the configuration of an existing telemetry pipeline.
Source-Specific Update Rules
CloudWatch Logs Sources (Vended and Custom)
Updatable: sts_role_arn
Fixed: data_source_name, data_source_type, sink (must remain @original)
S3 Sources (Crowdstrike, Zscaler, SentinelOne, Custom)
Updatable: All SQS configuration parameters, sts_role_arn, codec settings, compression type, bucket ownership settings, sink log group
Fixed: notification_type, aws.region
GitHub Audit Logs
Updatable: All Amazon Web Services Secrets Manager attributes, scope (can switch between ORGANIZATION/ENTERPRISE), organization or enterprise name, range, authentication credentials (PAT or GitHub App)
Microsoft Sources (Entra ID, Office365, Windows)
Updatable: All Amazon Web Services Secrets Manager attributes, tenant_id, workspace_id (Windows only), OAuth2 credentials ( client_id, client_secret)
Okta Sources (SSO, Auth0)
Updatable: All Amazon Web Services Secrets Manager attributes, domain, range (SSO only), OAuth2 credentials ( client_id, client_secret)
Palo Alto Networks
Updatable: All Amazon Web Services Secrets Manager attributes, hostname, basic authentication credentials ( username, password)
ServiceNow CMDB
Updatable: All Amazon Web Services Secrets Manager attributes, instance_url, range, OAuth2 credentials ( client_id, client_secret)
Wiz CNAPP
Updatable: All Amazon Web Services Secrets Manager attributes, region, range, OAuth2 credentials ( client_id, client_secret)
See also: AWS API Documentation
Request Syntax
client.update_telemetry_pipeline(
PipelineIdentifier='string',
Configuration={
'Body': 'string'
}
)
string
[REQUIRED]
The ARN of the telemetry pipeline to update.
dict
[REQUIRED]
The new configuration for the telemetry pipeline, including updated sources, processors, and destinations.
Body (string) -- [REQUIRED]
The pipeline configuration body that defines the data processing rules and transformations.
dict
Response Syntax
{}
Response Structure
(dict) --
Deletes a telemetry pipeline and its associated resources. This operation stops data processing and removes the pipeline configuration.
See also: AWS API Documentation
Request Syntax
client.delete_telemetry_pipeline(
PipelineIdentifier='string'
)
string
[REQUIRED]
The ARN of the telemetry pipeline to delete.
dict
Response Syntax
{}
Response Structure
(dict) --
Lists all S3 Table integrations in your account. We recommend using pagination to ensure that the operation returns quickly and successfully.
See also: AWS API Documentation
Request Syntax
client.list_s3_table_integrations(
MaxResults=123,
NextToken='string'
)
integer
The maximum number of S3 Table integrations to return in a single call.
string
The token for the next set of results. A previous call generates this token.
dict
Response Syntax
{
'IntegrationSummaries': [
{
'Arn': 'string',
'Status': 'ACTIVE'|'DELETING'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
IntegrationSummaries (list) --
A list of S3 Table integration summaries containing key information about each integration.
(dict) --
Contains summary information about an S3 Table integration for listing operations.
Arn (string) --
The Amazon Resource Name (ARN) of the S3 Table integration.
Status (string) --
The current status of the S3 Table integration.
NextToken (string) --
A token to resume pagination of results.
Returns a list of telemetry pipelines in your account. Returns up to 100 results. If more than 100 telemetry pipelines exist, include the NextToken value from the response to retrieve the next set of results.
See also: AWS API Documentation
Request Syntax
client.list_telemetry_pipelines(
MaxResults=123,
NextToken='string'
)
integer
The maximum number of telemetry pipelines to return in a single call.
string
The token for the next set of results. A previous call generates this token.
dict
Response Syntax
{
'PipelineSummaries': [
{
'CreatedTimeStamp': 123,
'LastUpdateTimeStamp': 123,
'Arn': 'string',
'Name': 'string',
'Status': 'CREATING'|'ACTIVE'|'UPDATING'|'DELETING'|'CREATE_FAILED'|'UPDATE_FAILED',
'Tags': {
'string': 'string'
},
'ConfigurationSummary': {
'Sources': [
{
'Type': 'string'
},
],
'DataSources': [
{
'Name': 'string',
'Type': 'string'
},
],
'Processors': [
'string',
],
'ProcessorCount': 123,
'Sinks': [
'string',
]
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
PipelineSummaries (list) --
A list of telemetry pipeline summaries containing key information about each pipeline.
(dict) --
Contains summary information about a telemetry pipeline for listing operations.
CreatedTimeStamp (integer) --
The timestamp when the telemetry pipeline was created.
LastUpdateTimeStamp (integer) --
The timestamp when the telemetry pipeline was last updated.
Arn (string) --
The Amazon Resource Name (ARN) of the telemetry pipeline.
Name (string) --
The name of the telemetry pipeline.
Status (string) --
The current status of the telemetry pipeline.
Tags (dict) --
The key-value pairs associated with the telemetry pipeline resource.
(string) --
(string) --
ConfigurationSummary (dict) --
A summary of the pipeline configuration components.
Sources (list) --
The list of data sources configured in the pipeline.
(dict) --
A list of source plugin types used in the pipeline configuration (such as cloudwatch_logs or s3). Currently supports a single source per pipeline, but is structured as a list to accommodate multiple pipelines in the configuration.
Type (string) --
The plugin name of the source, such as cloudwatch_logs or s3.
DataSources (list) --
The list of data sources that provide telemetry data to the pipeline.
(dict) --
Information about a data source associated with the telemetry pipeline. For CloudWatch Logs sources, this includes both a name and type extracted from the log event metadata. For third-party sources (such as S3), this includes only a name, with the type field left empty.
Name (string) --
The name of the data source. For CloudWatch Logs sources, this corresponds to the data_source_name from the log event metadata. For third-party sources, this is either the configured data_source_name or defaults to the plugin name if not specified.
Type (string) --
The type of the data source. For CloudWatch Logs sources, this corresponds to the data_source_type from the log event metadata. For third-party sources, this field is empty.
Processors (list) --
The list of processors configured in the pipeline for data transformation.
(string) --
ProcessorCount (integer) --
The total number of processors configured in the pipeline.
Sinks (list) --
The list of destinations where processed data is sent.
(string) --
NextToken (string) --
A token to resume pagination of results.
Deletes an S3 Table integration and its associated data. This operation removes the connection between CloudWatch Observability Admin and S3 Tables.
See also: AWS API Documentation
Request Syntax
client.delete_s3_table_integration(
Arn='string'
)
string
[REQUIRED]
The Amazon Resource Name (ARN) of the S3 Table integration to delete.
None
Validates a pipeline configuration without creating the pipeline. This operation checks the configuration for syntax errors and compatibility issues.
See also: AWS API Documentation
Request Syntax
client.validate_telemetry_pipeline_configuration(
Configuration={
'Body': 'string'
}
)
dict
[REQUIRED]
The pipeline configuration to validate for syntax and compatibility.
Body (string) -- [REQUIRED]
The pipeline configuration body that defines the data processing rules and transformations.
dict
Response Syntax
{
'Errors': [
{
'Message': 'string',
'Reason': 'string',
'FieldMap': {
'string': 'string'
}
},
]
}
Response Structure
(dict) --
Errors (list) --
A list of validation errors found in the pipeline configuration, if any.
(dict) --
Represents a detailed validation error with message, reason, and field mapping for comprehensive error reporting.
Message (string) --
The error message describing the validation issue.
Reason (string) --
The reason code or category for the validation error.
FieldMap (dict) --
A mapping of field names to specific validation issues within the configuration.
(string) --
(string) --
Creates a telemetry pipeline for processing and transforming telemetry data. The pipeline defines how data flows from sources through processors to destinations, enabling data transformation and delivering capabilities.
See also: AWS API Documentation
Request Syntax
client.create_telemetry_pipeline(
Name='string',
Configuration={
'Body': 'string'
},
Tags={
'string': 'string'
}
)
string
[REQUIRED]
The name of the telemetry pipeline to create. The name must be unique within your account.
dict
[REQUIRED]
The configuration that defines how the telemetry pipeline processes data, including sources, processors, and destinations. For more information about pipeline components, see the Amazon CloudWatch User Guide
Body (string) -- [REQUIRED]
The pipeline configuration body that defines the data processing rules and transformations.
dict
The key-value pairs to associate with the telemetry pipeline resource for categorization and management purposes.
(string) --
(string) --
dict
Response Syntax
{
'Arn': 'string'
}
Response Structure
(dict) --
Arn (string) --
The Amazon Resource Name (ARN) of the created telemetry pipeline.
Retrieves information about a specific S3 Table integration, including its configuration, status, and metadata.
See also: AWS API Documentation
Request Syntax
client.get_s3_table_integration(
Arn='string'
)
string
[REQUIRED]
The Amazon Resource Name (ARN) of the S3 Table integration to retrieve.
dict
Response Syntax
{
'Arn': 'string',
'RoleArn': 'string',
'Status': 'ACTIVE'|'DELETING',
'Encryption': {
'SseAlgorithm': 'aws:kms'|'AES256',
'KmsKeyArn': 'string'
},
'DestinationTableBucketArn': 'string',
'CreatedTimeStamp': 123
}
Response Structure
(dict) --
Arn (string) --
The Amazon Resource Name (ARN) of the S3 Table integration.
RoleArn (string) --
The Amazon Resource Name (ARN) of the IAM role used by the S3 Table integration.
Status (string) --
The current status of the S3 Table integration.
Encryption (dict) --
The encryption configuration for the S3 Table integration.
SseAlgorithm (string) --
The server-side encryption algorithm used for encrypting data in the S3 Table integration.
KmsKeyArn (string) --
The Amazon Resource Name (ARN) of the KMS key used for encryption when using customer-managed keys.
DestinationTableBucketArn (string) --
The Amazon Resource Name (ARN) of the S3 bucket used as the destination for the table data.
CreatedTimeStamp (integer) --
The timestamp when the S3 Table integration was created.
Retrieves information about a specific telemetry pipeline, including its configuration, status, and metadata.
See also: AWS API Documentation
Request Syntax
client.get_telemetry_pipeline(
PipelineIdentifier='string'
)
string
[REQUIRED]
The identifier (name or ARN) of the telemetry pipeline to retrieve.
dict
Response Syntax
{
'Pipeline': {
'CreatedTimeStamp': 123,
'LastUpdateTimeStamp': 123,
'Arn': 'string',
'Name': 'string',
'Configuration': {
'Body': 'string'
},
'Status': 'CREATING'|'ACTIVE'|'UPDATING'|'DELETING'|'CREATE_FAILED'|'UPDATE_FAILED',
'StatusReason': {
'Description': 'string'
},
'Tags': {
'string': 'string'
}
}
}
Response Structure
(dict) --
Pipeline (dict) --
The complete telemetry pipeline resource information, including configuration, status, and metadata.
CreatedTimeStamp (integer) --
The timestamp when the telemetry pipeline was created.
LastUpdateTimeStamp (integer) --
The timestamp when the telemetry pipeline was last updated.
Arn (string) --
The Amazon Resource Name (ARN) of the telemetry pipeline.
Name (string) --
The name of the telemetry pipeline.
Configuration (dict) --
The configuration that defines how the telemetry pipeline processes data.
Body (string) --
The pipeline configuration body that defines the data processing rules and transformations.
Status (string) --
The current status of the telemetry pipeline.
StatusReason (dict) --
Additional information about the pipeline status, including reasons for failure states.
Description (string) --
A description of the pipeline status reason, providing additional context about the current state.
Tags (dict) --
The key-value pairs associated with the telemetry pipeline resource.
(string) --
(string) --
Tests a pipeline configuration with sample records to validate data processing before deployment. This operation helps ensure your pipeline configuration works as expected.
See also: AWS API Documentation
Request Syntax
client.test_telemetry_pipeline(
Records=[
{
'Data': 'string',
'Type': 'STRING'|'JSON'
},
],
Configuration={
'Body': 'string'
}
)
list
[REQUIRED]
The sample records to process through the pipeline configuration for testing purposes.
(dict) --
Represents a test record structure used for pipeline testing operations to validate data processing.
Data (string) --
The data content of the test record used for pipeline validation.
Type (string) --
The type of the test record, indicating the format or category of the data.
dict
[REQUIRED]
The pipeline configuration to test with the provided sample records.
Body (string) -- [REQUIRED]
The pipeline configuration body that defines the data processing rules and transformations.
dict
Response Syntax
{
'Results': [
{
'Record': {
'Data': 'string',
'Type': 'STRING'|'JSON'
},
'Error': {
'Message': 'string'
}
},
]
}
Response Structure
(dict) --
Results (list) --
The results of processing the test records through the pipeline configuration, including any outputs or errors.
(dict) --
Contains the output from pipeline test operations, including processed records and any errors encountered.
Record (dict) --
The processed record output from the pipeline test operation.
Data (string) --
The data content of the test record used for pipeline validation.
Type (string) --
The type of the test record, indicating the format or category of the data.
Error (dict) --
Any error that occurred during the pipeline test operation for this record.
Message (string) --
The detailed error message describing what went wrong during the pipeline test operation for this record.
{'Rule': {'DestinationConfiguration': {'CloudtrailParameters': {'AdvancedEventSelectors': [{'FieldSelectors': [{'EndsWith': ['string'],
'Equals': ['string'],
'Field': 'string',
'NotEndsWith': ['string'],
'NotEquals': ['string'],
'NotStartsWith': ['string'],
'StartsWith': ['string']}],
'Name': 'string'}]},
'ELBLoadBalancerLoggingParameters': {'FieldDelimiter': 'string',
'OutputFormat': 'plain '
'| '
'json'},
'LogDeliveryParameters': {'LogTypes': ['APPLICATION_LOGS '
'| '
'USAGE_LOGS']},
'WAFLoggingParameters': {'LogType': 'WAF_LOGS',
'LoggingFilter': {'DefaultBehavior': 'KEEP '
'| '
'DROP',
'Filters': [{'Behavior': 'KEEP '
'| '
'DROP',
'Conditions': [{'ActionCondition': {'Action': 'ALLOW '
'| '
'BLOCK '
'| '
'COUNT '
'| '
'CAPTCHA '
'| '
'CHALLENGE '
'| '
'EXCLUDED_AS_COUNT'},
'LabelNameCondition': {'LabelName': 'string'}}],
'Requirement': 'MEETS_ALL '
'| '
'MEETS_ANY'}]},
'RedactedFields': [{'Method': 'string',
'QueryString': 'string',
'SingleHeader': {'Name': 'string'},
'UriPath': 'string'}]}},
'ResourceType': {'AWS::BedrockAgentCore::Browser',
'AWS::BedrockAgentCore::CodeInterpreter',
'AWS::BedrockAgentCore::Runtime',
'AWS::CloudTrail',
'AWS::EKS::Cluster',
'AWS::ElasticLoadBalancingV2::LoadBalancer',
'AWS::Route53Resolver::ResolverEndpoint',
'AWS::WAFv2::WebACL'},
'TelemetrySourceTypes': ['VPC_FLOW_LOGS | '
'ROUTE53_RESOLVER_QUERY_LOGS | '
'EKS_AUDIT_LOGS | EKS_AUTHENTICATOR_LOGS | '
'EKS_CONTROLLER_MANAGER_LOGS | '
'EKS_SCHEDULER_LOGS | EKS_API_LOGS']}}
Creates a telemetry rule that defines how telemetry should be configured for Amazon Web Services resources in your account. The rule specifies which resources should have telemetry enabled and how that telemetry data should be collected based on resource type, telemetry type, and selection criteria.
See also: AWS API Documentation
Request Syntax
client.create_telemetry_rule(
RuleName='string',
Rule={
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter',
'TelemetryType': 'Logs'|'Metrics'|'Traces',
'TelemetrySourceTypes': [
'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
],
'DestinationConfiguration': {
'DestinationType': 'cloud-watch-logs',
'DestinationPattern': 'string',
'RetentionInDays': 123,
'VPCFlowLogParameters': {
'LogFormat': 'string',
'TrafficType': 'string',
'MaxAggregationInterval': 123
},
'CloudtrailParameters': {
'AdvancedEventSelectors': [
{
'Name': 'string',
'FieldSelectors': [
{
'Field': 'string',
'Equals': [
'string',
],
'StartsWith': [
'string',
],
'EndsWith': [
'string',
],
'NotEquals': [
'string',
],
'NotStartsWith': [
'string',
],
'NotEndsWith': [
'string',
]
},
]
},
]
},
'ELBLoadBalancerLoggingParameters': {
'OutputFormat': 'plain'|'json',
'FieldDelimiter': 'string'
},
'WAFLoggingParameters': {
'RedactedFields': [
{
'SingleHeader': {
'Name': 'string'
},
'UriPath': 'string',
'QueryString': 'string',
'Method': 'string'
},
],
'LoggingFilter': {
'Filters': [
{
'Behavior': 'KEEP'|'DROP',
'Requirement': 'MEETS_ALL'|'MEETS_ANY',
'Conditions': [
{
'ActionCondition': {
'Action': 'ALLOW'|'BLOCK'|'COUNT'|'CAPTCHA'|'CHALLENGE'|'EXCLUDED_AS_COUNT'
},
'LabelNameCondition': {
'LabelName': 'string'
}
},
]
},
],
'DefaultBehavior': 'KEEP'|'DROP'
},
'LogType': 'WAF_LOGS'
},
'LogDeliveryParameters': {
'LogTypes': [
'APPLICATION_LOGS'|'USAGE_LOGS',
]
}
},
'Scope': 'string',
'SelectionCriteria': 'string'
},
Tags={
'string': 'string'
}
)
string
[REQUIRED]
A unique name for the telemetry rule being created.
dict
[REQUIRED]
The configuration details for the telemetry rule, including the resource type, telemetry type, destination configuration, and selection criteria for which resources the rule applies to.
ResourceType (string) --
The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC", "AWS::EKS::Cluster", "AWS::WAFv2::WebACL").
TelemetryType (string) -- [REQUIRED]
The type of telemetry to collect (Logs, Metrics, or Traces).
TelemetrySourceTypes (list) --
The specific telemetry source types to configure for the resource, such as VPC_FLOW_LOGS or EKS_AUDIT_LOGS. TelemetrySourceTypes must be correlated with the specific resource type.
(string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
DestinationConfiguration (dict) --
Configuration specifying where and how the telemetry data should be delivered.
DestinationType (string) --
The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").
DestinationPattern (string) --
The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.
RetentionInDays (integer) --
The number of days to retain the telemetry data in the destination.
VPCFlowLogParameters (dict) --
Configuration parameters specific to VPC Flow Logs when VPC is the resource type.
LogFormat (string) --
The format in which VPC Flow Log entries should be logged.
TrafficType (string) --
The type of traffic to log (ACCEPT, REJECT, or ALL).
MaxAggregationInterval (integer) --
The maximum interval in seconds between the capture of flow log records.
CloudtrailParameters (dict) --
Configuration parameters specific to Amazon Web Services CloudTrail when CloudTrail is the source type.
AdvancedEventSelectors (list) -- [REQUIRED]
The advanced event selectors to use for filtering Amazon Web Services CloudTrail events.
(dict) --
Advanced event selectors let you create fine-grained selectors for management, data, and network activity events.
Name (string) --
An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets".
FieldSelectors (list) -- [REQUIRED]
Contains all selector statements in an advanced event selector.
(dict) --
Defines criteria for selecting resources based on field values.
Field (string) -- [REQUIRED]
The name of the field to use for selection.
Equals (list) --
Matches if the field value equals the specified value.
(string) --
StartsWith (list) --
Matches if the field value starts with the specified value.
(string) --
EndsWith (list) --
Matches if the field value ends with the specified value.
(string) --
NotEquals (list) --
Matches if the field value does not equal the specified value.
(string) --
NotStartsWith (list) --
Matches if the field value does not start with the specified value.
(string) --
NotEndsWith (list) --
Matches if the field value does not end with the specified value.
(string) --
ELBLoadBalancerLoggingParameters (dict) --
Configuration parameters specific to ELB load balancer logging when ELB is the resource type.
OutputFormat (string) --
The format for ELB access log entries (plain text or JSON format).
FieldDelimiter (string) --
The delimiter character used to separate fields in ELB access log entries when using plain text format.
WAFLoggingParameters (dict) --
Configuration parameters specific to WAF logging when WAF is the resource type.
RedactedFields (list) --
The fields to redact from WAF logs to protect sensitive information.
(dict) --
Specifies a field in the request to redact from WAF logs, such as headers, query parameters, or body content.
SingleHeader (dict) --
Redacts a specific header field by name from WAF logs.
Name (string) --
The name value, limited to 64 characters.
UriPath (string) --
Redacts the URI path from WAF logs.
QueryString (string) --
Redacts the entire query string from WAF logs.
Method (string) --
Redacts the HTTP method from WAF logs.
LoggingFilter (dict) --
A filter configuration that determines which WAF log records to include or exclude.
Filters (list) --
A list of filter conditions that determine log record handling behavior.
(dict) --
A single filter condition that specifies behavior, requirement, and matching conditions for WAF log records.
Behavior (string) --
The action to take for log records matching this filter (KEEP or DROP).
Requirement (string) --
Whether the log record must meet all conditions (MEETS_ALL) or any condition (MEETS_ANY) to match this filter.
Conditions (list) --
The list of conditions that determine if a log record matches this filter.
(dict) --
A single condition that can match based on WAF rule action or label name.
ActionCondition (dict) --
Matches log records based on the WAF rule action taken (ALLOW, BLOCK, COUNT, etc.).
Action (string) --
The WAF action to match against (ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT).
LabelNameCondition (dict) --
Matches log records based on WAF rule labels applied to the request.
LabelName (string) --
The label name to match, supporting alphanumeric characters, underscores, hyphens, and colons.
DefaultBehavior (string) --
The default action (KEEP or DROP) for log records that don't match any filter conditions.
LogType (string) --
The type of WAF logs to collect (currently supports WAF_LOGS).
LogDeliveryParameters (dict) --
Configuration parameters specific to Amazon Bedrock AgentCore logging when Amazon Bedrock AgentCore is the resource type.
LogTypes (list) --
The type of log that the source is sending.
(string) --
Scope (string) --
The organizational scope to which the rule applies, specified using accounts or organizational units.
SelectionCriteria (string) --
Criteria for selecting which resources the rule applies to, such as resource tags.
dict
The key-value pairs to associate with the telemetry rule resource for categorization and management purposes.
(string) --
(string) --
dict
Response Syntax
{
'RuleArn': 'string'
}
Response Structure
(dict) --
RuleArn (string) --
The Amazon Resource Name (ARN) of the created telemetry rule.
{'Rule': {'DestinationConfiguration': {'CloudtrailParameters': {'AdvancedEventSelectors': [{'FieldSelectors': [{'EndsWith': ['string'],
'Equals': ['string'],
'Field': 'string',
'NotEndsWith': ['string'],
'NotEquals': ['string'],
'NotStartsWith': ['string'],
'StartsWith': ['string']}],
'Name': 'string'}]},
'ELBLoadBalancerLoggingParameters': {'FieldDelimiter': 'string',
'OutputFormat': 'plain '
'| '
'json'},
'LogDeliveryParameters': {'LogTypes': ['APPLICATION_LOGS '
'| '
'USAGE_LOGS']},
'WAFLoggingParameters': {'LogType': 'WAF_LOGS',
'LoggingFilter': {'DefaultBehavior': 'KEEP '
'| '
'DROP',
'Filters': [{'Behavior': 'KEEP '
'| '
'DROP',
'Conditions': [{'ActionCondition': {'Action': 'ALLOW '
'| '
'BLOCK '
'| '
'COUNT '
'| '
'CAPTCHA '
'| '
'CHALLENGE '
'| '
'EXCLUDED_AS_COUNT'},
'LabelNameCondition': {'LabelName': 'string'}}],
'Requirement': 'MEETS_ALL '
'| '
'MEETS_ANY'}]},
'RedactedFields': [{'Method': 'string',
'QueryString': 'string',
'SingleHeader': {'Name': 'string'},
'UriPath': 'string'}]}},
'ResourceType': {'AWS::BedrockAgentCore::Browser',
'AWS::BedrockAgentCore::CodeInterpreter',
'AWS::BedrockAgentCore::Runtime',
'AWS::CloudTrail',
'AWS::EKS::Cluster',
'AWS::ElasticLoadBalancingV2::LoadBalancer',
'AWS::Route53Resolver::ResolverEndpoint',
'AWS::WAFv2::WebACL'},
'TelemetrySourceTypes': ['VPC_FLOW_LOGS | '
'ROUTE53_RESOLVER_QUERY_LOGS | '
'EKS_AUDIT_LOGS | EKS_AUTHENTICATOR_LOGS | '
'EKS_CONTROLLER_MANAGER_LOGS | '
'EKS_SCHEDULER_LOGS | EKS_API_LOGS']}}
Creates a telemetry rule that applies across an Amazon Web Services Organization. This operation can only be called by the organization's management account or a delegated administrator account.
See also: AWS API Documentation
Request Syntax
client.create_telemetry_rule_for_organization(
RuleName='string',
Rule={
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter',
'TelemetryType': 'Logs'|'Metrics'|'Traces',
'TelemetrySourceTypes': [
'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
],
'DestinationConfiguration': {
'DestinationType': 'cloud-watch-logs',
'DestinationPattern': 'string',
'RetentionInDays': 123,
'VPCFlowLogParameters': {
'LogFormat': 'string',
'TrafficType': 'string',
'MaxAggregationInterval': 123
},
'CloudtrailParameters': {
'AdvancedEventSelectors': [
{
'Name': 'string',
'FieldSelectors': [
{
'Field': 'string',
'Equals': [
'string',
],
'StartsWith': [
'string',
],
'EndsWith': [
'string',
],
'NotEquals': [
'string',
],
'NotStartsWith': [
'string',
],
'NotEndsWith': [
'string',
]
},
]
},
]
},
'ELBLoadBalancerLoggingParameters': {
'OutputFormat': 'plain'|'json',
'FieldDelimiter': 'string'
},
'WAFLoggingParameters': {
'RedactedFields': [
{
'SingleHeader': {
'Name': 'string'
},
'UriPath': 'string',
'QueryString': 'string',
'Method': 'string'
},
],
'LoggingFilter': {
'Filters': [
{
'Behavior': 'KEEP'|'DROP',
'Requirement': 'MEETS_ALL'|'MEETS_ANY',
'Conditions': [
{
'ActionCondition': {
'Action': 'ALLOW'|'BLOCK'|'COUNT'|'CAPTCHA'|'CHALLENGE'|'EXCLUDED_AS_COUNT'
},
'LabelNameCondition': {
'LabelName': 'string'
}
},
]
},
],
'DefaultBehavior': 'KEEP'|'DROP'
},
'LogType': 'WAF_LOGS'
},
'LogDeliveryParameters': {
'LogTypes': [
'APPLICATION_LOGS'|'USAGE_LOGS',
]
}
},
'Scope': 'string',
'SelectionCriteria': 'string'
},
Tags={
'string': 'string'
}
)
string
[REQUIRED]
A unique name for the organization-wide telemetry rule being created.
dict
[REQUIRED]
The configuration details for the organization-wide telemetry rule, including the resource type, telemetry type, destination configuration, and selection criteria for which resources the rule applies to across the organization.
ResourceType (string) --
The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC", "AWS::EKS::Cluster", "AWS::WAFv2::WebACL").
TelemetryType (string) -- [REQUIRED]
The type of telemetry to collect (Logs, Metrics, or Traces).
TelemetrySourceTypes (list) --
The specific telemetry source types to configure for the resource, such as VPC_FLOW_LOGS or EKS_AUDIT_LOGS. TelemetrySourceTypes must be correlated with the specific resource type.
(string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
DestinationConfiguration (dict) --
Configuration specifying where and how the telemetry data should be delivered.
DestinationType (string) --
The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").
DestinationPattern (string) --
The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.
RetentionInDays (integer) --
The number of days to retain the telemetry data in the destination.
VPCFlowLogParameters (dict) --
Configuration parameters specific to VPC Flow Logs when VPC is the resource type.
LogFormat (string) --
The format in which VPC Flow Log entries should be logged.
TrafficType (string) --
The type of traffic to log (ACCEPT, REJECT, or ALL).
MaxAggregationInterval (integer) --
The maximum interval in seconds between the capture of flow log records.
CloudtrailParameters (dict) --
Configuration parameters specific to Amazon Web Services CloudTrail when CloudTrail is the source type.
AdvancedEventSelectors (list) -- [REQUIRED]
The advanced event selectors to use for filtering Amazon Web Services CloudTrail events.
(dict) --
Advanced event selectors let you create fine-grained selectors for management, data, and network activity events.
Name (string) --
An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets".
FieldSelectors (list) -- [REQUIRED]
Contains all selector statements in an advanced event selector.
(dict) --
Defines criteria for selecting resources based on field values.
Field (string) -- [REQUIRED]
The name of the field to use for selection.
Equals (list) --
Matches if the field value equals the specified value.
(string) --
StartsWith (list) --
Matches if the field value starts with the specified value.
(string) --
EndsWith (list) --
Matches if the field value ends with the specified value.
(string) --
NotEquals (list) --
Matches if the field value does not equal the specified value.
(string) --
NotStartsWith (list) --
Matches if the field value does not start with the specified value.
(string) --
NotEndsWith (list) --
Matches if the field value does not end with the specified value.
(string) --
ELBLoadBalancerLoggingParameters (dict) --
Configuration parameters specific to ELB load balancer logging when ELB is the resource type.
OutputFormat (string) --
The format for ELB access log entries (plain text or JSON format).
FieldDelimiter (string) --
The delimiter character used to separate fields in ELB access log entries when using plain text format.
WAFLoggingParameters (dict) --
Configuration parameters specific to WAF logging when WAF is the resource type.
RedactedFields (list) --
The fields to redact from WAF logs to protect sensitive information.
(dict) --
Specifies a field in the request to redact from WAF logs, such as headers, query parameters, or body content.
SingleHeader (dict) --
Redacts a specific header field by name from WAF logs.
Name (string) --
The name value, limited to 64 characters.
UriPath (string) --
Redacts the URI path from WAF logs.
QueryString (string) --
Redacts the entire query string from WAF logs.
Method (string) --
Redacts the HTTP method from WAF logs.
LoggingFilter (dict) --
A filter configuration that determines which WAF log records to include or exclude.
Filters (list) --
A list of filter conditions that determine log record handling behavior.
(dict) --
A single filter condition that specifies behavior, requirement, and matching conditions for WAF log records.
Behavior (string) --
The action to take for log records matching this filter (KEEP or DROP).
Requirement (string) --
Whether the log record must meet all conditions (MEETS_ALL) or any condition (MEETS_ANY) to match this filter.
Conditions (list) --
The list of conditions that determine if a log record matches this filter.
(dict) --
A single condition that can match based on WAF rule action or label name.
ActionCondition (dict) --
Matches log records based on the WAF rule action taken (ALLOW, BLOCK, COUNT, etc.).
Action (string) --
The WAF action to match against (ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT).
LabelNameCondition (dict) --
Matches log records based on WAF rule labels applied to the request.
LabelName (string) --
The label name to match, supporting alphanumeric characters, underscores, hyphens, and colons.
DefaultBehavior (string) --
The default action (KEEP or DROP) for log records that don't match any filter conditions.
LogType (string) --
The type of WAF logs to collect (currently supports WAF_LOGS).
LogDeliveryParameters (dict) --
Configuration parameters specific to Amazon Bedrock AgentCore logging when Amazon Bedrock AgentCore is the resource type.
LogTypes (list) --
The type of log that the source is sending.
(string) --
Scope (string) --
The organizational scope to which the rule applies, specified using accounts or organizational units.
SelectionCriteria (string) --
Criteria for selecting which resources the rule applies to, such as resource tags.
dict
The key-value pairs to associate with the organization telemetry rule resource for categorization and management purposes.
(string) --
(string) --
dict
Response Syntax
{
'RuleArn': 'string'
}
Response Structure
(dict) --
RuleArn (string) --
The Amazon Resource Name (ARN) of the created organization telemetry rule.
{'TelemetryRule': {'DestinationConfiguration': {'CloudtrailParameters': {'AdvancedEventSelectors': [{'FieldSelectors': [{'EndsWith': ['string'],
'Equals': ['string'],
'Field': 'string',
'NotEndsWith': ['string'],
'NotEquals': ['string'],
'NotStartsWith': ['string'],
'StartsWith': ['string']}],
'Name': 'string'}]},
'ELBLoadBalancerLoggingParameters': {'FieldDelimiter': 'string',
'OutputFormat': 'plain '
'| '
'json'},
'LogDeliveryParameters': {'LogTypes': ['APPLICATION_LOGS '
'| '
'USAGE_LOGS']},
'WAFLoggingParameters': {'LogType': 'WAF_LOGS',
'LoggingFilter': {'DefaultBehavior': 'KEEP '
'| '
'DROP',
'Filters': [{'Behavior': 'KEEP '
'| '
'DROP',
'Conditions': [{'ActionCondition': {'Action': 'ALLOW '
'| '
'BLOCK '
'| '
'COUNT '
'| '
'CAPTCHA '
'| '
'CHALLENGE '
'| '
'EXCLUDED_AS_COUNT'},
'LabelNameCondition': {'LabelName': 'string'}}],
'Requirement': 'MEETS_ALL '
'| '
'MEETS_ANY'}]},
'RedactedFields': [{'Method': 'string',
'QueryString': 'string',
'SingleHeader': {'Name': 'string'},
'UriPath': 'string'}]}},
'ResourceType': {'AWS::BedrockAgentCore::Browser',
'AWS::BedrockAgentCore::CodeInterpreter',
'AWS::BedrockAgentCore::Runtime',
'AWS::CloudTrail',
'AWS::EKS::Cluster',
'AWS::ElasticLoadBalancingV2::LoadBalancer',
'AWS::Route53Resolver::ResolverEndpoint',
'AWS::WAFv2::WebACL'},
'TelemetrySourceTypes': ['VPC_FLOW_LOGS | '
'ROUTE53_RESOLVER_QUERY_LOGS | '
'EKS_AUDIT_LOGS | '
'EKS_AUTHENTICATOR_LOGS | '
'EKS_CONTROLLER_MANAGER_LOGS | '
'EKS_SCHEDULER_LOGS | '
'EKS_API_LOGS']}}
Retrieves the details of a specific telemetry rule in your account.
See also: AWS API Documentation
Request Syntax
client.get_telemetry_rule(
RuleIdentifier='string'
)
string
[REQUIRED]
The identifier (name or ARN) of the telemetry rule to retrieve.
dict
Response Syntax
{
'RuleName': 'string',
'RuleArn': 'string',
'CreatedTimeStamp': 123,
'LastUpdateTimeStamp': 123,
'TelemetryRule': {
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter',
'TelemetryType': 'Logs'|'Metrics'|'Traces',
'TelemetrySourceTypes': [
'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
],
'DestinationConfiguration': {
'DestinationType': 'cloud-watch-logs',
'DestinationPattern': 'string',
'RetentionInDays': 123,
'VPCFlowLogParameters': {
'LogFormat': 'string',
'TrafficType': 'string',
'MaxAggregationInterval': 123
},
'CloudtrailParameters': {
'AdvancedEventSelectors': [
{
'Name': 'string',
'FieldSelectors': [
{
'Field': 'string',
'Equals': [
'string',
],
'StartsWith': [
'string',
],
'EndsWith': [
'string',
],
'NotEquals': [
'string',
],
'NotStartsWith': [
'string',
],
'NotEndsWith': [
'string',
]
},
]
},
]
},
'ELBLoadBalancerLoggingParameters': {
'OutputFormat': 'plain'|'json',
'FieldDelimiter': 'string'
},
'WAFLoggingParameters': {
'RedactedFields': [
{
'SingleHeader': {
'Name': 'string'
},
'UriPath': 'string',
'QueryString': 'string',
'Method': 'string'
},
],
'LoggingFilter': {
'Filters': [
{
'Behavior': 'KEEP'|'DROP',
'Requirement': 'MEETS_ALL'|'MEETS_ANY',
'Conditions': [
{
'ActionCondition': {
'Action': 'ALLOW'|'BLOCK'|'COUNT'|'CAPTCHA'|'CHALLENGE'|'EXCLUDED_AS_COUNT'
},
'LabelNameCondition': {
'LabelName': 'string'
}
},
]
},
],
'DefaultBehavior': 'KEEP'|'DROP'
},
'LogType': 'WAF_LOGS'
},
'LogDeliveryParameters': {
'LogTypes': [
'APPLICATION_LOGS'|'USAGE_LOGS',
]
}
},
'Scope': 'string',
'SelectionCriteria': 'string'
}
}
Response Structure
(dict) --
RuleName (string) --
The name of the telemetry rule.
RuleArn (string) --
The Amazon Resource Name (ARN) of the telemetry rule.
CreatedTimeStamp (integer) --
The timestamp when the telemetry rule was created.
LastUpdateTimeStamp (integer) --
The timestamp when the telemetry rule was last updated.
TelemetryRule (dict) --
The configuration details of the telemetry rule.
ResourceType (string) --
The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC", "AWS::EKS::Cluster", "AWS::WAFv2::WebACL").
TelemetryType (string) --
The type of telemetry to collect (Logs, Metrics, or Traces).
TelemetrySourceTypes (list) --
The specific telemetry source types to configure for the resource, such as VPC_FLOW_LOGS or EKS_AUDIT_LOGS. TelemetrySourceTypes must be correlated with the specific resource type.
(string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
DestinationConfiguration (dict) --
Configuration specifying where and how the telemetry data should be delivered.
DestinationType (string) --
The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").
DestinationPattern (string) --
The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.
RetentionInDays (integer) --
The number of days to retain the telemetry data in the destination.
VPCFlowLogParameters (dict) --
Configuration parameters specific to VPC Flow Logs when VPC is the resource type.
LogFormat (string) --
The format in which VPC Flow Log entries should be logged.
TrafficType (string) --
The type of traffic to log (ACCEPT, REJECT, or ALL).
MaxAggregationInterval (integer) --
The maximum interval in seconds between the capture of flow log records.
CloudtrailParameters (dict) --
Configuration parameters specific to Amazon Web Services CloudTrail when CloudTrail is the source type.
AdvancedEventSelectors (list) --
The advanced event selectors to use for filtering Amazon Web Services CloudTrail events.
(dict) --
Advanced event selectors let you create fine-grained selectors for management, data, and network activity events.
Name (string) --
An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets".
FieldSelectors (list) --
Contains all selector statements in an advanced event selector.
(dict) --
Defines criteria for selecting resources based on field values.
Field (string) --
The name of the field to use for selection.
Equals (list) --
Matches if the field value equals the specified value.
(string) --
StartsWith (list) --
Matches if the field value starts with the specified value.
(string) --
EndsWith (list) --
Matches if the field value ends with the specified value.
(string) --
NotEquals (list) --
Matches if the field value does not equal the specified value.
(string) --
NotStartsWith (list) --
Matches if the field value does not start with the specified value.
(string) --
NotEndsWith (list) --
Matches if the field value does not end with the specified value.
(string) --
ELBLoadBalancerLoggingParameters (dict) --
Configuration parameters specific to ELB load balancer logging when ELB is the resource type.
OutputFormat (string) --
The format for ELB access log entries (plain text or JSON format).
FieldDelimiter (string) --
The delimiter character used to separate fields in ELB access log entries when using plain text format.
WAFLoggingParameters (dict) --
Configuration parameters specific to WAF logging when WAF is the resource type.
RedactedFields (list) --
The fields to redact from WAF logs to protect sensitive information.
(dict) --
Specifies a field in the request to redact from WAF logs, such as headers, query parameters, or body content.
SingleHeader (dict) --
Redacts a specific header field by name from WAF logs.
Name (string) --
The name value, limited to 64 characters.
UriPath (string) --
Redacts the URI path from WAF logs.
QueryString (string) --
Redacts the entire query string from WAF logs.
Method (string) --
Redacts the HTTP method from WAF logs.
LoggingFilter (dict) --
A filter configuration that determines which WAF log records to include or exclude.
Filters (list) --
A list of filter conditions that determine log record handling behavior.
(dict) --
A single filter condition that specifies behavior, requirement, and matching conditions for WAF log records.
Behavior (string) --
The action to take for log records matching this filter (KEEP or DROP).
Requirement (string) --
Whether the log record must meet all conditions (MEETS_ALL) or any condition (MEETS_ANY) to match this filter.
Conditions (list) --
The list of conditions that determine if a log record matches this filter.
(dict) --
A single condition that can match based on WAF rule action or label name.
ActionCondition (dict) --
Matches log records based on the WAF rule action taken (ALLOW, BLOCK, COUNT, etc.).
Action (string) --
The WAF action to match against (ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT).
LabelNameCondition (dict) --
Matches log records based on WAF rule labels applied to the request.
LabelName (string) --
The label name to match, supporting alphanumeric characters, underscores, hyphens, and colons.
DefaultBehavior (string) --
The default action (KEEP or DROP) for log records that don't match any filter conditions.
LogType (string) --
The type of WAF logs to collect (currently supports WAF_LOGS).
LogDeliveryParameters (dict) --
Configuration parameters specific to Amazon Bedrock AgentCore logging when Amazon Bedrock AgentCore is the resource type.
LogTypes (list) --
The type of log that the source is sending.
(string) --
Scope (string) --
The organizational scope to which the rule applies, specified using accounts or organizational units.
SelectionCriteria (string) --
Criteria for selecting which resources the rule applies to, such as resource tags.
{'TelemetryRule': {'DestinationConfiguration': {'CloudtrailParameters': {'AdvancedEventSelectors': [{'FieldSelectors': [{'EndsWith': ['string'],
'Equals': ['string'],
'Field': 'string',
'NotEndsWith': ['string'],
'NotEquals': ['string'],
'NotStartsWith': ['string'],
'StartsWith': ['string']}],
'Name': 'string'}]},
'ELBLoadBalancerLoggingParameters': {'FieldDelimiter': 'string',
'OutputFormat': 'plain '
'| '
'json'},
'LogDeliveryParameters': {'LogTypes': ['APPLICATION_LOGS '
'| '
'USAGE_LOGS']},
'WAFLoggingParameters': {'LogType': 'WAF_LOGS',
'LoggingFilter': {'DefaultBehavior': 'KEEP '
'| '
'DROP',
'Filters': [{'Behavior': 'KEEP '
'| '
'DROP',
'Conditions': [{'ActionCondition': {'Action': 'ALLOW '
'| '
'BLOCK '
'| '
'COUNT '
'| '
'CAPTCHA '
'| '
'CHALLENGE '
'| '
'EXCLUDED_AS_COUNT'},
'LabelNameCondition': {'LabelName': 'string'}}],
'Requirement': 'MEETS_ALL '
'| '
'MEETS_ANY'}]},
'RedactedFields': [{'Method': 'string',
'QueryString': 'string',
'SingleHeader': {'Name': 'string'},
'UriPath': 'string'}]}},
'ResourceType': {'AWS::BedrockAgentCore::Browser',
'AWS::BedrockAgentCore::CodeInterpreter',
'AWS::BedrockAgentCore::Runtime',
'AWS::CloudTrail',
'AWS::EKS::Cluster',
'AWS::ElasticLoadBalancingV2::LoadBalancer',
'AWS::Route53Resolver::ResolverEndpoint',
'AWS::WAFv2::WebACL'},
'TelemetrySourceTypes': ['VPC_FLOW_LOGS | '
'ROUTE53_RESOLVER_QUERY_LOGS | '
'EKS_AUDIT_LOGS | '
'EKS_AUTHENTICATOR_LOGS | '
'EKS_CONTROLLER_MANAGER_LOGS | '
'EKS_SCHEDULER_LOGS | '
'EKS_API_LOGS']}}
Retrieves the details of a specific organization telemetry rule. This operation can only be called by the organization's management account or a delegated administrator account.
See also: AWS API Documentation
Request Syntax
client.get_telemetry_rule_for_organization(
RuleIdentifier='string'
)
string
[REQUIRED]
The identifier (name or ARN) of the organization telemetry rule to retrieve.
dict
Response Syntax
{
'RuleName': 'string',
'RuleArn': 'string',
'CreatedTimeStamp': 123,
'LastUpdateTimeStamp': 123,
'TelemetryRule': {
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter',
'TelemetryType': 'Logs'|'Metrics'|'Traces',
'TelemetrySourceTypes': [
'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
],
'DestinationConfiguration': {
'DestinationType': 'cloud-watch-logs',
'DestinationPattern': 'string',
'RetentionInDays': 123,
'VPCFlowLogParameters': {
'LogFormat': 'string',
'TrafficType': 'string',
'MaxAggregationInterval': 123
},
'CloudtrailParameters': {
'AdvancedEventSelectors': [
{
'Name': 'string',
'FieldSelectors': [
{
'Field': 'string',
'Equals': [
'string',
],
'StartsWith': [
'string',
],
'EndsWith': [
'string',
],
'NotEquals': [
'string',
],
'NotStartsWith': [
'string',
],
'NotEndsWith': [
'string',
]
},
]
},
]
},
'ELBLoadBalancerLoggingParameters': {
'OutputFormat': 'plain'|'json',
'FieldDelimiter': 'string'
},
'WAFLoggingParameters': {
'RedactedFields': [
{
'SingleHeader': {
'Name': 'string'
},
'UriPath': 'string',
'QueryString': 'string',
'Method': 'string'
},
],
'LoggingFilter': {
'Filters': [
{
'Behavior': 'KEEP'|'DROP',
'Requirement': 'MEETS_ALL'|'MEETS_ANY',
'Conditions': [
{
'ActionCondition': {
'Action': 'ALLOW'|'BLOCK'|'COUNT'|'CAPTCHA'|'CHALLENGE'|'EXCLUDED_AS_COUNT'
},
'LabelNameCondition': {
'LabelName': 'string'
}
},
]
},
],
'DefaultBehavior': 'KEEP'|'DROP'
},
'LogType': 'WAF_LOGS'
},
'LogDeliveryParameters': {
'LogTypes': [
'APPLICATION_LOGS'|'USAGE_LOGS',
]
}
},
'Scope': 'string',
'SelectionCriteria': 'string'
}
}
Response Structure
(dict) --
RuleName (string) --
The name of the organization telemetry rule.
RuleArn (string) --
The Amazon Resource Name (ARN) of the organization telemetry rule.
CreatedTimeStamp (integer) --
The timestamp when the organization telemetry rule was created.
LastUpdateTimeStamp (integer) --
The timestamp when the organization telemetry rule was last updated.
TelemetryRule (dict) --
The configuration details of the organization telemetry rule.
ResourceType (string) --
The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC", "AWS::EKS::Cluster", "AWS::WAFv2::WebACL").
TelemetryType (string) --
The type of telemetry to collect (Logs, Metrics, or Traces).
TelemetrySourceTypes (list) --
The specific telemetry source types to configure for the resource, such as VPC_FLOW_LOGS or EKS_AUDIT_LOGS. TelemetrySourceTypes must be correlated with the specific resource type.
(string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
DestinationConfiguration (dict) --
Configuration specifying where and how the telemetry data should be delivered.
DestinationType (string) --
The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").
DestinationPattern (string) --
The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.
RetentionInDays (integer) --
The number of days to retain the telemetry data in the destination.
VPCFlowLogParameters (dict) --
Configuration parameters specific to VPC Flow Logs when VPC is the resource type.
LogFormat (string) --
The format in which VPC Flow Log entries should be logged.
TrafficType (string) --
The type of traffic to log (ACCEPT, REJECT, or ALL).
MaxAggregationInterval (integer) --
The maximum interval in seconds between the capture of flow log records.
CloudtrailParameters (dict) --
Configuration parameters specific to Amazon Web Services CloudTrail when CloudTrail is the source type.
AdvancedEventSelectors (list) --
The advanced event selectors to use for filtering Amazon Web Services CloudTrail events.
(dict) --
Advanced event selectors let you create fine-grained selectors for management, data, and network activity events.
Name (string) --
An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets".
FieldSelectors (list) --
Contains all selector statements in an advanced event selector.
(dict) --
Defines criteria for selecting resources based on field values.
Field (string) --
The name of the field to use for selection.
Equals (list) --
Matches if the field value equals the specified value.
(string) --
StartsWith (list) --
Matches if the field value starts with the specified value.
(string) --
EndsWith (list) --
Matches if the field value ends with the specified value.
(string) --
NotEquals (list) --
Matches if the field value does not equal the specified value.
(string) --
NotStartsWith (list) --
Matches if the field value does not start with the specified value.
(string) --
NotEndsWith (list) --
Matches if the field value does not end with the specified value.
(string) --
ELBLoadBalancerLoggingParameters (dict) --
Configuration parameters specific to ELB load balancer logging when ELB is the resource type.
OutputFormat (string) --
The format for ELB access log entries (plain text or JSON format).
FieldDelimiter (string) --
The delimiter character used to separate fields in ELB access log entries when using plain text format.
WAFLoggingParameters (dict) --
Configuration parameters specific to WAF logging when WAF is the resource type.
RedactedFields (list) --
The fields to redact from WAF logs to protect sensitive information.
(dict) --
Specifies a field in the request to redact from WAF logs, such as headers, query parameters, or body content.
SingleHeader (dict) --
Redacts a specific header field by name from WAF logs.
Name (string) --
The name value, limited to 64 characters.
UriPath (string) --
Redacts the URI path from WAF logs.
QueryString (string) --
Redacts the entire query string from WAF logs.
Method (string) --
Redacts the HTTP method from WAF logs.
LoggingFilter (dict) --
A filter configuration that determines which WAF log records to include or exclude.
Filters (list) --
A list of filter conditions that determine log record handling behavior.
(dict) --
A single filter condition that specifies behavior, requirement, and matching conditions for WAF log records.
Behavior (string) --
The action to take for log records matching this filter (KEEP or DROP).
Requirement (string) --
Whether the log record must meet all conditions (MEETS_ALL) or any condition (MEETS_ANY) to match this filter.
Conditions (list) --
The list of conditions that determine if a log record matches this filter.
(dict) --
A single condition that can match based on WAF rule action or label name.
ActionCondition (dict) --
Matches log records based on the WAF rule action taken (ALLOW, BLOCK, COUNT, etc.).
Action (string) --
The WAF action to match against (ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT).
LabelNameCondition (dict) --
Matches log records based on WAF rule labels applied to the request.
LabelName (string) --
The label name to match, supporting alphanumeric characters, underscores, hyphens, and colons.
DefaultBehavior (string) --
The default action (KEEP or DROP) for log records that don't match any filter conditions.
LogType (string) --
The type of WAF logs to collect (currently supports WAF_LOGS).
LogDeliveryParameters (dict) --
Configuration parameters specific to Amazon Bedrock AgentCore logging when Amazon Bedrock AgentCore is the resource type.
LogTypes (list) --
The type of log that the source is sending.
(string) --
Scope (string) --
The organizational scope to which the rule applies, specified using accounts or organizational units.
SelectionCriteria (string) --
Criteria for selecting which resources the rule applies to, such as resource tags.
{'ResourceTypes': {'AWS::BedrockAgentCore::Browser',
'AWS::BedrockAgentCore::CodeInterpreter',
'AWS::BedrockAgentCore::Runtime',
'AWS::CloudTrail',
'AWS::EKS::Cluster',
'AWS::ElasticLoadBalancingV2::LoadBalancer',
'AWS::Route53Resolver::ResolverEndpoint',
'AWS::WAFv2::WebACL'}}
Response {'TelemetryConfigurations': {'ResourceType': {'AWS::BedrockAgentCore::Browser',
'AWS::BedrockAgentCore::CodeInterpreter',
'AWS::BedrockAgentCore::Runtime',
'AWS::CloudTrail',
'AWS::EKS::Cluster',
'AWS::ElasticLoadBalancingV2::LoadBalancer',
'AWS::Route53Resolver::ResolverEndpoint',
'AWS::WAFv2::WebACL'}}}
Returns a list of telemetry configurations for Amazon Web Services resources supported by telemetry config. For more information, see Auditing CloudWatch telemetry configurations.
See also: AWS API Documentation
Request Syntax
client.list_resource_telemetry(
ResourceIdentifierPrefix='string',
ResourceTypes=[
'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter',
],
TelemetryConfigurationState={
'string': 'Enabled'|'Disabled'|'NotApplicable'
},
ResourceTags={
'string': 'string'
},
MaxResults=123,
NextToken='string'
)
string
A string used to filter resources which have a ResourceIdentifier starting with the ResourceIdentifierPrefix.
list
A list of resource types used to filter resources supported by telemetry config. If this parameter is provided, the resources will be returned in the same order used in the request.
(string) --
dict
A key-value pair to filter resources based on the telemetry type and the state of the telemetry configuration. The key is the telemetry type and the value is the state.
(string) --
(string) --
dict
A key-value pair to filter resources based on tags associated with the resource. For more information about tags, see What are tags?
(string) --
(string) --
integer
A number field used to limit the number of results within the returned list.
string
The token for the next set of items to return. A previous call generates this token.
dict
Response Syntax
{
'TelemetryConfigurations': [
{
'AccountIdentifier': 'string',
'TelemetryConfigurationState': {
'string': 'Enabled'|'Disabled'|'NotApplicable'
},
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter',
'ResourceIdentifier': 'string',
'ResourceTags': {
'string': 'string'
},
'LastUpdateTimeStamp': 123
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
TelemetryConfigurations (list) --
A list of telemetry configurations for Amazon Web Services resources supported by telemetry config in the caller's account.
(dict) --
A model representing the state of a resource within an account according to telemetry config.
AccountIdentifier (string) --
The account ID which contains the resource managed in telemetry configuration. An example of a valid account ID is 012345678901.
TelemetryConfigurationState (dict) --
The configuration state for the resource, for example { Logs: NotApplicable; Metrics: Enabled; Traces: NotApplicable; }.
(string) --
(string) --
ResourceType (string) --
The type of resource, for example Amazon Web Services::EC2::Instance, or Amazon Web Services::EKS::Cluster, etc.
ResourceIdentifier (string) --
The identifier of the resource, for example for Amazon VPC, it would be vpc-1a2b3c4d5e6f1a2b3.
ResourceTags (dict) --
Tags associated with the resource, for example { Name: "ExampleInstance", Environment: "Development" }.
(string) --
(string) --
LastUpdateTimeStamp (integer) --
The timestamp of the last change to the telemetry configuration for the resource. For example, 1728679196318.
NextToken (string) --
The token for the next set of items to return. A previous call generates this token.
{'ResourceTypes': {'AWS::BedrockAgentCore::Browser',
'AWS::BedrockAgentCore::CodeInterpreter',
'AWS::BedrockAgentCore::Runtime',
'AWS::CloudTrail',
'AWS::EKS::Cluster',
'AWS::ElasticLoadBalancingV2::LoadBalancer',
'AWS::Route53Resolver::ResolverEndpoint',
'AWS::WAFv2::WebACL'}}
Response {'TelemetryConfigurations': {'ResourceType': {'AWS::BedrockAgentCore::Browser',
'AWS::BedrockAgentCore::CodeInterpreter',
'AWS::BedrockAgentCore::Runtime',
'AWS::CloudTrail',
'AWS::EKS::Cluster',
'AWS::ElasticLoadBalancingV2::LoadBalancer',
'AWS::Route53Resolver::ResolverEndpoint',
'AWS::WAFv2::WebACL'}}}
Returns a list of telemetry configurations for Amazon Web Services resources supported by telemetry config in the organization.
See also: AWS API Documentation
Request Syntax
client.list_resource_telemetry_for_organization(
AccountIdentifiers=[
'string',
],
ResourceIdentifierPrefix='string',
ResourceTypes=[
'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter',
],
TelemetryConfigurationState={
'string': 'Enabled'|'Disabled'|'NotApplicable'
},
ResourceTags={
'string': 'string'
},
MaxResults=123,
NextToken='string'
)
list
A list of Amazon Web Services accounts used to filter the resources to those associated with the specified accounts.
(string) --
string
A string used to filter resources in the organization which have a ResourceIdentifier starting with the ResourceIdentifierPrefix.
list
A list of resource types used to filter resources in the organization. If this parameter is provided, the resources will be returned in the same order used in the request.
(string) --
dict
A key-value pair to filter resources in the organization based on the telemetry type and the state of the telemetry configuration. The key is the telemetry type and the value is the state.
(string) --
(string) --
dict
A key-value pair to filter resources in the organization based on tags associated with the resource. Fore more information about tags, see What are tags?
(string) --
(string) --
integer
A number field used to limit the number of results within the returned list.
string
The token for the next set of items to return. A previous call provides this token.
dict
Response Syntax
{
'TelemetryConfigurations': [
{
'AccountIdentifier': 'string',
'TelemetryConfigurationState': {
'string': 'Enabled'|'Disabled'|'NotApplicable'
},
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter',
'ResourceIdentifier': 'string',
'ResourceTags': {
'string': 'string'
},
'LastUpdateTimeStamp': 123
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
TelemetryConfigurations (list) --
A list of telemetry configurations for Amazon Web Services resources supported by telemetry config in the organization.
(dict) --
A model representing the state of a resource within an account according to telemetry config.
AccountIdentifier (string) --
The account ID which contains the resource managed in telemetry configuration. An example of a valid account ID is 012345678901.
TelemetryConfigurationState (dict) --
The configuration state for the resource, for example { Logs: NotApplicable; Metrics: Enabled; Traces: NotApplicable; }.
(string) --
(string) --
ResourceType (string) --
The type of resource, for example Amazon Web Services::EC2::Instance, or Amazon Web Services::EKS::Cluster, etc.
ResourceIdentifier (string) --
The identifier of the resource, for example for Amazon VPC, it would be vpc-1a2b3c4d5e6f1a2b3.
ResourceTags (dict) --
Tags associated with the resource, for example { Name: "ExampleInstance", Environment: "Development" }.
(string) --
(string) --
LastUpdateTimeStamp (integer) --
The timestamp of the last change to the telemetry configuration for the resource. For example, 1728679196318.
NextToken (string) --
The token for the next set of items to return. A previous call provides this token.
{'TelemetryRuleSummaries': {'ResourceType': {'AWS::BedrockAgentCore::Browser',
'AWS::BedrockAgentCore::CodeInterpreter',
'AWS::BedrockAgentCore::Runtime',
'AWS::CloudTrail',
'AWS::EKS::Cluster',
'AWS::ElasticLoadBalancingV2::LoadBalancer',
'AWS::Route53Resolver::ResolverEndpoint',
'AWS::WAFv2::WebACL'},
'TelemetrySourceTypes': ['VPC_FLOW_LOGS | '
'ROUTE53_RESOLVER_QUERY_LOGS '
'| EKS_AUDIT_LOGS | '
'EKS_AUTHENTICATOR_LOGS | '
'EKS_CONTROLLER_MANAGER_LOGS '
'| EKS_SCHEDULER_LOGS | '
'EKS_API_LOGS']}}
Lists all telemetry rules in your account. You can filter the results by specifying a rule name prefix.
See also: AWS API Documentation
Request Syntax
client.list_telemetry_rules(
RuleNamePrefix='string',
MaxResults=123,
NextToken='string'
)
string
A string to filter telemetry rules whose names begin with the specified prefix.
integer
The maximum number of telemetry rules to return in a single call.
string
The token for the next set of results. A previous call generates this token.
dict
Response Syntax
{
'TelemetryRuleSummaries': [
{
'RuleName': 'string',
'RuleArn': 'string',
'CreatedTimeStamp': 123,
'LastUpdateTimeStamp': 123,
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter',
'TelemetryType': 'Logs'|'Metrics'|'Traces',
'TelemetrySourceTypes': [
'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
]
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
TelemetryRuleSummaries (list) --
A list of telemetry rule summaries.
(dict) --
A summary of a telemetry rule's key properties.
RuleName (string) --
The name of the telemetry rule.
RuleArn (string) --
The Amazon Resource Name (ARN) of the telemetry rule.
CreatedTimeStamp (integer) --
The timestamp when the telemetry rule was created.
LastUpdateTimeStamp (integer) --
The timestamp when the telemetry rule was last modified.
ResourceType (string) --
The type of Amazon Web Services resource the rule applies to.
TelemetryType (string) --
The type of telemetry (Logs, Metrics, or Traces) the rule configures.
TelemetrySourceTypes (list) --
The types of telemetry sources configured for this rule, such as VPC Flow Logs or EKS audit logs. TelemetrySourceTypes must be correlated with the specific resource type.
(string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
NextToken (string) --
A token to resume pagination of results.
{'TelemetryRuleSummaries': {'ResourceType': {'AWS::BedrockAgentCore::Browser',
'AWS::BedrockAgentCore::CodeInterpreter',
'AWS::BedrockAgentCore::Runtime',
'AWS::CloudTrail',
'AWS::EKS::Cluster',
'AWS::ElasticLoadBalancingV2::LoadBalancer',
'AWS::Route53Resolver::ResolverEndpoint',
'AWS::WAFv2::WebACL'},
'TelemetrySourceTypes': ['VPC_FLOW_LOGS | '
'ROUTE53_RESOLVER_QUERY_LOGS '
'| EKS_AUDIT_LOGS | '
'EKS_AUTHENTICATOR_LOGS | '
'EKS_CONTROLLER_MANAGER_LOGS '
'| EKS_SCHEDULER_LOGS | '
'EKS_API_LOGS']}}
Lists all telemetry rules in your organization. This operation can only be called by the organization's management account or a delegated administrator account.
See also: AWS API Documentation
Request Syntax
client.list_telemetry_rules_for_organization(
RuleNamePrefix='string',
SourceAccountIds=[
'string',
],
SourceOrganizationUnitIds=[
'string',
],
MaxResults=123,
NextToken='string'
)
string
A string to filter organization telemetry rules whose names begin with the specified prefix.
list
The list of account IDs to filter organization telemetry rules by their source accounts.
(string) --
list
The list of organizational unit IDs to filter organization telemetry rules by their source organizational units.
(string) --
integer
The maximum number of organization telemetry rules to return in a single call.
string
The token for the next set of results. A previous call generates this token.
dict
Response Syntax
{
'TelemetryRuleSummaries': [
{
'RuleName': 'string',
'RuleArn': 'string',
'CreatedTimeStamp': 123,
'LastUpdateTimeStamp': 123,
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter',
'TelemetryType': 'Logs'|'Metrics'|'Traces',
'TelemetrySourceTypes': [
'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
]
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
TelemetryRuleSummaries (list) --
A list of organization telemetry rule summaries.
(dict) --
A summary of a telemetry rule's key properties.
RuleName (string) --
The name of the telemetry rule.
RuleArn (string) --
The Amazon Resource Name (ARN) of the telemetry rule.
CreatedTimeStamp (integer) --
The timestamp when the telemetry rule was created.
LastUpdateTimeStamp (integer) --
The timestamp when the telemetry rule was last modified.
ResourceType (string) --
The type of Amazon Web Services resource the rule applies to.
TelemetryType (string) --
The type of telemetry (Logs, Metrics, or Traces) the rule configures.
TelemetrySourceTypes (list) --
The types of telemetry sources configured for this rule, such as VPC Flow Logs or EKS audit logs. TelemetrySourceTypes must be correlated with the specific resource type.
(string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
NextToken (string) --
A token to resume pagination of results.
{'Rule': {'DestinationConfiguration': {'CloudtrailParameters': {'AdvancedEventSelectors': [{'FieldSelectors': [{'EndsWith': ['string'],
'Equals': ['string'],
'Field': 'string',
'NotEndsWith': ['string'],
'NotEquals': ['string'],
'NotStartsWith': ['string'],
'StartsWith': ['string']}],
'Name': 'string'}]},
'ELBLoadBalancerLoggingParameters': {'FieldDelimiter': 'string',
'OutputFormat': 'plain '
'| '
'json'},
'LogDeliveryParameters': {'LogTypes': ['APPLICATION_LOGS '
'| '
'USAGE_LOGS']},
'WAFLoggingParameters': {'LogType': 'WAF_LOGS',
'LoggingFilter': {'DefaultBehavior': 'KEEP '
'| '
'DROP',
'Filters': [{'Behavior': 'KEEP '
'| '
'DROP',
'Conditions': [{'ActionCondition': {'Action': 'ALLOW '
'| '
'BLOCK '
'| '
'COUNT '
'| '
'CAPTCHA '
'| '
'CHALLENGE '
'| '
'EXCLUDED_AS_COUNT'},
'LabelNameCondition': {'LabelName': 'string'}}],
'Requirement': 'MEETS_ALL '
'| '
'MEETS_ANY'}]},
'RedactedFields': [{'Method': 'string',
'QueryString': 'string',
'SingleHeader': {'Name': 'string'},
'UriPath': 'string'}]}},
'ResourceType': {'AWS::BedrockAgentCore::Browser',
'AWS::BedrockAgentCore::CodeInterpreter',
'AWS::BedrockAgentCore::Runtime',
'AWS::CloudTrail',
'AWS::EKS::Cluster',
'AWS::ElasticLoadBalancingV2::LoadBalancer',
'AWS::Route53Resolver::ResolverEndpoint',
'AWS::WAFv2::WebACL'},
'TelemetrySourceTypes': ['VPC_FLOW_LOGS | '
'ROUTE53_RESOLVER_QUERY_LOGS | '
'EKS_AUDIT_LOGS | EKS_AUTHENTICATOR_LOGS | '
'EKS_CONTROLLER_MANAGER_LOGS | '
'EKS_SCHEDULER_LOGS | EKS_API_LOGS']}}
Updates an existing telemetry rule in your account. If multiple users attempt to modify the same telemetry rule simultaneously, a ConflictException is returned to provide specific error information for concurrent modification scenarios.
See also: AWS API Documentation
Request Syntax
client.update_telemetry_rule(
RuleIdentifier='string',
Rule={
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter',
'TelemetryType': 'Logs'|'Metrics'|'Traces',
'TelemetrySourceTypes': [
'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
],
'DestinationConfiguration': {
'DestinationType': 'cloud-watch-logs',
'DestinationPattern': 'string',
'RetentionInDays': 123,
'VPCFlowLogParameters': {
'LogFormat': 'string',
'TrafficType': 'string',
'MaxAggregationInterval': 123
},
'CloudtrailParameters': {
'AdvancedEventSelectors': [
{
'Name': 'string',
'FieldSelectors': [
{
'Field': 'string',
'Equals': [
'string',
],
'StartsWith': [
'string',
],
'EndsWith': [
'string',
],
'NotEquals': [
'string',
],
'NotStartsWith': [
'string',
],
'NotEndsWith': [
'string',
]
},
]
},
]
},
'ELBLoadBalancerLoggingParameters': {
'OutputFormat': 'plain'|'json',
'FieldDelimiter': 'string'
},
'WAFLoggingParameters': {
'RedactedFields': [
{
'SingleHeader': {
'Name': 'string'
},
'UriPath': 'string',
'QueryString': 'string',
'Method': 'string'
},
],
'LoggingFilter': {
'Filters': [
{
'Behavior': 'KEEP'|'DROP',
'Requirement': 'MEETS_ALL'|'MEETS_ANY',
'Conditions': [
{
'ActionCondition': {
'Action': 'ALLOW'|'BLOCK'|'COUNT'|'CAPTCHA'|'CHALLENGE'|'EXCLUDED_AS_COUNT'
},
'LabelNameCondition': {
'LabelName': 'string'
}
},
]
},
],
'DefaultBehavior': 'KEEP'|'DROP'
},
'LogType': 'WAF_LOGS'
},
'LogDeliveryParameters': {
'LogTypes': [
'APPLICATION_LOGS'|'USAGE_LOGS',
]
}
},
'Scope': 'string',
'SelectionCriteria': 'string'
}
)
string
[REQUIRED]
The identifier (name or ARN) of the telemetry rule to update.
dict
[REQUIRED]
The new configuration details for the telemetry rule.
ResourceType (string) --
The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC", "AWS::EKS::Cluster", "AWS::WAFv2::WebACL").
TelemetryType (string) -- [REQUIRED]
The type of telemetry to collect (Logs, Metrics, or Traces).
TelemetrySourceTypes (list) --
The specific telemetry source types to configure for the resource, such as VPC_FLOW_LOGS or EKS_AUDIT_LOGS. TelemetrySourceTypes must be correlated with the specific resource type.
(string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
DestinationConfiguration (dict) --
Configuration specifying where and how the telemetry data should be delivered.
DestinationType (string) --
The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").
DestinationPattern (string) --
The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.
RetentionInDays (integer) --
The number of days to retain the telemetry data in the destination.
VPCFlowLogParameters (dict) --
Configuration parameters specific to VPC Flow Logs when VPC is the resource type.
LogFormat (string) --
The format in which VPC Flow Log entries should be logged.
TrafficType (string) --
The type of traffic to log (ACCEPT, REJECT, or ALL).
MaxAggregationInterval (integer) --
The maximum interval in seconds between the capture of flow log records.
CloudtrailParameters (dict) --
Configuration parameters specific to Amazon Web Services CloudTrail when CloudTrail is the source type.
AdvancedEventSelectors (list) -- [REQUIRED]
The advanced event selectors to use for filtering Amazon Web Services CloudTrail events.
(dict) --
Advanced event selectors let you create fine-grained selectors for management, data, and network activity events.
Name (string) --
An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets".
FieldSelectors (list) -- [REQUIRED]
Contains all selector statements in an advanced event selector.
(dict) --
Defines criteria for selecting resources based on field values.
Field (string) -- [REQUIRED]
The name of the field to use for selection.
Equals (list) --
Matches if the field value equals the specified value.
(string) --
StartsWith (list) --
Matches if the field value starts with the specified value.
(string) --
EndsWith (list) --
Matches if the field value ends with the specified value.
(string) --
NotEquals (list) --
Matches if the field value does not equal the specified value.
(string) --
NotStartsWith (list) --
Matches if the field value does not start with the specified value.
(string) --
NotEndsWith (list) --
Matches if the field value does not end with the specified value.
(string) --
ELBLoadBalancerLoggingParameters (dict) --
Configuration parameters specific to ELB load balancer logging when ELB is the resource type.
OutputFormat (string) --
The format for ELB access log entries (plain text or JSON format).
FieldDelimiter (string) --
The delimiter character used to separate fields in ELB access log entries when using plain text format.
WAFLoggingParameters (dict) --
Configuration parameters specific to WAF logging when WAF is the resource type.
RedactedFields (list) --
The fields to redact from WAF logs to protect sensitive information.
(dict) --
Specifies a field in the request to redact from WAF logs, such as headers, query parameters, or body content.
SingleHeader (dict) --
Redacts a specific header field by name from WAF logs.
Name (string) --
The name value, limited to 64 characters.
UriPath (string) --
Redacts the URI path from WAF logs.
QueryString (string) --
Redacts the entire query string from WAF logs.
Method (string) --
Redacts the HTTP method from WAF logs.
LoggingFilter (dict) --
A filter configuration that determines which WAF log records to include or exclude.
Filters (list) --
A list of filter conditions that determine log record handling behavior.
(dict) --
A single filter condition that specifies behavior, requirement, and matching conditions for WAF log records.
Behavior (string) --
The action to take for log records matching this filter (KEEP or DROP).
Requirement (string) --
Whether the log record must meet all conditions (MEETS_ALL) or any condition (MEETS_ANY) to match this filter.
Conditions (list) --
The list of conditions that determine if a log record matches this filter.
(dict) --
A single condition that can match based on WAF rule action or label name.
ActionCondition (dict) --
Matches log records based on the WAF rule action taken (ALLOW, BLOCK, COUNT, etc.).
Action (string) --
The WAF action to match against (ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT).
LabelNameCondition (dict) --
Matches log records based on WAF rule labels applied to the request.
LabelName (string) --
The label name to match, supporting alphanumeric characters, underscores, hyphens, and colons.
DefaultBehavior (string) --
The default action (KEEP or DROP) for log records that don't match any filter conditions.
LogType (string) --
The type of WAF logs to collect (currently supports WAF_LOGS).
LogDeliveryParameters (dict) --
Configuration parameters specific to Amazon Bedrock AgentCore logging when Amazon Bedrock AgentCore is the resource type.
LogTypes (list) --
The type of log that the source is sending.
(string) --
Scope (string) --
The organizational scope to which the rule applies, specified using accounts or organizational units.
SelectionCriteria (string) --
Criteria for selecting which resources the rule applies to, such as resource tags.
dict
Response Syntax
{
'RuleArn': 'string'
}
Response Structure
(dict) --
RuleArn (string) --
The Amazon Resource Name (ARN) of the updated telemetry rule.
{'Rule': {'DestinationConfiguration': {'CloudtrailParameters': {'AdvancedEventSelectors': [{'FieldSelectors': [{'EndsWith': ['string'],
'Equals': ['string'],
'Field': 'string',
'NotEndsWith': ['string'],
'NotEquals': ['string'],
'NotStartsWith': ['string'],
'StartsWith': ['string']}],
'Name': 'string'}]},
'ELBLoadBalancerLoggingParameters': {'FieldDelimiter': 'string',
'OutputFormat': 'plain '
'| '
'json'},
'LogDeliveryParameters': {'LogTypes': ['APPLICATION_LOGS '
'| '
'USAGE_LOGS']},
'WAFLoggingParameters': {'LogType': 'WAF_LOGS',
'LoggingFilter': {'DefaultBehavior': 'KEEP '
'| '
'DROP',
'Filters': [{'Behavior': 'KEEP '
'| '
'DROP',
'Conditions': [{'ActionCondition': {'Action': 'ALLOW '
'| '
'BLOCK '
'| '
'COUNT '
'| '
'CAPTCHA '
'| '
'CHALLENGE '
'| '
'EXCLUDED_AS_COUNT'},
'LabelNameCondition': {'LabelName': 'string'}}],
'Requirement': 'MEETS_ALL '
'| '
'MEETS_ANY'}]},
'RedactedFields': [{'Method': 'string',
'QueryString': 'string',
'SingleHeader': {'Name': 'string'},
'UriPath': 'string'}]}},
'ResourceType': {'AWS::BedrockAgentCore::Browser',
'AWS::BedrockAgentCore::CodeInterpreter',
'AWS::BedrockAgentCore::Runtime',
'AWS::CloudTrail',
'AWS::EKS::Cluster',
'AWS::ElasticLoadBalancingV2::LoadBalancer',
'AWS::Route53Resolver::ResolverEndpoint',
'AWS::WAFv2::WebACL'},
'TelemetrySourceTypes': ['VPC_FLOW_LOGS | '
'ROUTE53_RESOLVER_QUERY_LOGS | '
'EKS_AUDIT_LOGS | EKS_AUTHENTICATOR_LOGS | '
'EKS_CONTROLLER_MANAGER_LOGS | '
'EKS_SCHEDULER_LOGS | EKS_API_LOGS']}}
Updates an existing telemetry rule that applies across an Amazon Web Services Organization. This operation can only be called by the organization's management account or a delegated administrator account.
See also: AWS API Documentation
Request Syntax
client.update_telemetry_rule_for_organization(
RuleIdentifier='string',
Rule={
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter',
'TelemetryType': 'Logs'|'Metrics'|'Traces',
'TelemetrySourceTypes': [
'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
],
'DestinationConfiguration': {
'DestinationType': 'cloud-watch-logs',
'DestinationPattern': 'string',
'RetentionInDays': 123,
'VPCFlowLogParameters': {
'LogFormat': 'string',
'TrafficType': 'string',
'MaxAggregationInterval': 123
},
'CloudtrailParameters': {
'AdvancedEventSelectors': [
{
'Name': 'string',
'FieldSelectors': [
{
'Field': 'string',
'Equals': [
'string',
],
'StartsWith': [
'string',
],
'EndsWith': [
'string',
],
'NotEquals': [
'string',
],
'NotStartsWith': [
'string',
],
'NotEndsWith': [
'string',
]
},
]
},
]
},
'ELBLoadBalancerLoggingParameters': {
'OutputFormat': 'plain'|'json',
'FieldDelimiter': 'string'
},
'WAFLoggingParameters': {
'RedactedFields': [
{
'SingleHeader': {
'Name': 'string'
},
'UriPath': 'string',
'QueryString': 'string',
'Method': 'string'
},
],
'LoggingFilter': {
'Filters': [
{
'Behavior': 'KEEP'|'DROP',
'Requirement': 'MEETS_ALL'|'MEETS_ANY',
'Conditions': [
{
'ActionCondition': {
'Action': 'ALLOW'|'BLOCK'|'COUNT'|'CAPTCHA'|'CHALLENGE'|'EXCLUDED_AS_COUNT'
},
'LabelNameCondition': {
'LabelName': 'string'
}
},
]
},
],
'DefaultBehavior': 'KEEP'|'DROP'
},
'LogType': 'WAF_LOGS'
},
'LogDeliveryParameters': {
'LogTypes': [
'APPLICATION_LOGS'|'USAGE_LOGS',
]
}
},
'Scope': 'string',
'SelectionCriteria': 'string'
}
)
string
[REQUIRED]
The identifier (name or ARN) of the organization telemetry rule to update.
dict
[REQUIRED]
The new configuration details for the organization telemetry rule, including resource type, telemetry type, and destination configuration.
ResourceType (string) --
The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC", "AWS::EKS::Cluster", "AWS::WAFv2::WebACL").
TelemetryType (string) -- [REQUIRED]
The type of telemetry to collect (Logs, Metrics, or Traces).
TelemetrySourceTypes (list) --
The specific telemetry source types to configure for the resource, such as VPC_FLOW_LOGS or EKS_AUDIT_LOGS. TelemetrySourceTypes must be correlated with the specific resource type.
(string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
DestinationConfiguration (dict) --
Configuration specifying where and how the telemetry data should be delivered.
DestinationType (string) --
The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").
DestinationPattern (string) --
The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.
RetentionInDays (integer) --
The number of days to retain the telemetry data in the destination.
VPCFlowLogParameters (dict) --
Configuration parameters specific to VPC Flow Logs when VPC is the resource type.
LogFormat (string) --
The format in which VPC Flow Log entries should be logged.
TrafficType (string) --
The type of traffic to log (ACCEPT, REJECT, or ALL).
MaxAggregationInterval (integer) --
The maximum interval in seconds between the capture of flow log records.
CloudtrailParameters (dict) --
Configuration parameters specific to Amazon Web Services CloudTrail when CloudTrail is the source type.
AdvancedEventSelectors (list) -- [REQUIRED]
The advanced event selectors to use for filtering Amazon Web Services CloudTrail events.
(dict) --
Advanced event selectors let you create fine-grained selectors for management, data, and network activity events.
Name (string) --
An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets".
FieldSelectors (list) -- [REQUIRED]
Contains all selector statements in an advanced event selector.
(dict) --
Defines criteria for selecting resources based on field values.
Field (string) -- [REQUIRED]
The name of the field to use for selection.
Equals (list) --
Matches if the field value equals the specified value.
(string) --
StartsWith (list) --
Matches if the field value starts with the specified value.
(string) --
EndsWith (list) --
Matches if the field value ends with the specified value.
(string) --
NotEquals (list) --
Matches if the field value does not equal the specified value.
(string) --
NotStartsWith (list) --
Matches if the field value does not start with the specified value.
(string) --
NotEndsWith (list) --
Matches if the field value does not end with the specified value.
(string) --
ELBLoadBalancerLoggingParameters (dict) --
Configuration parameters specific to ELB load balancer logging when ELB is the resource type.
OutputFormat (string) --
The format for ELB access log entries (plain text or JSON format).
FieldDelimiter (string) --
The delimiter character used to separate fields in ELB access log entries when using plain text format.
WAFLoggingParameters (dict) --
Configuration parameters specific to WAF logging when WAF is the resource type.
RedactedFields (list) --
The fields to redact from WAF logs to protect sensitive information.
(dict) --
Specifies a field in the request to redact from WAF logs, such as headers, query parameters, or body content.
SingleHeader (dict) --
Redacts a specific header field by name from WAF logs.
Name (string) --
The name value, limited to 64 characters.
UriPath (string) --
Redacts the URI path from WAF logs.
QueryString (string) --
Redacts the entire query string from WAF logs.
Method (string) --
Redacts the HTTP method from WAF logs.
LoggingFilter (dict) --
A filter configuration that determines which WAF log records to include or exclude.
Filters (list) --
A list of filter conditions that determine log record handling behavior.
(dict) --
A single filter condition that specifies behavior, requirement, and matching conditions for WAF log records.
Behavior (string) --
The action to take for log records matching this filter (KEEP or DROP).
Requirement (string) --
Whether the log record must meet all conditions (MEETS_ALL) or any condition (MEETS_ANY) to match this filter.
Conditions (list) --
The list of conditions that determine if a log record matches this filter.
(dict) --
A single condition that can match based on WAF rule action or label name.
ActionCondition (dict) --
Matches log records based on the WAF rule action taken (ALLOW, BLOCK, COUNT, etc.).
Action (string) --
The WAF action to match against (ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT).
LabelNameCondition (dict) --
Matches log records based on WAF rule labels applied to the request.
LabelName (string) --
The label name to match, supporting alphanumeric characters, underscores, hyphens, and colons.
DefaultBehavior (string) --
The default action (KEEP or DROP) for log records that don't match any filter conditions.
LogType (string) --
The type of WAF logs to collect (currently supports WAF_LOGS).
LogDeliveryParameters (dict) --
Configuration parameters specific to Amazon Bedrock AgentCore logging when Amazon Bedrock AgentCore is the resource type.
LogTypes (list) --
The type of log that the source is sending.
(string) --
Scope (string) --
The organizational scope to which the rule applies, specified using accounts or organizational units.
SelectionCriteria (string) --
Criteria for selecting which resources the rule applies to, such as resource tags.
dict
Response Syntax
{
'RuleArn': 'string'
}
Response Structure
(dict) --
RuleArn (string) --
The Amazon Resource Name (ARN) of the updated organization telemetry rule.