2026/03/31 - CloudWatch Observability Admin Service - 10 updated api methods
Changes This release adds the Bedrock and Security Hub resource types for Omnia Enablement launch for March 31.
{'Rule': {'DestinationConfiguration': {'LogDeliveryParameters': {'LogTypes': {'ACCESS_LOGS',
'CONNECTION_LOGS',
'SECURITY_FINDING_LOGS'}}},
'ResourceType': {'AWS::BedrockAgentCore::Gateway',
'AWS::BedrockAgentCore::Memory',
'AWS::CloudFront::Distribution',
'AWS::SecurityHub::Hub'}}}
Creates a telemetry rule that defines how telemetry should be configured for Amazon Web Services resources in your account. The rule specifies which resources should have telemetry enabled and how that telemetry data should be collected based on resource type, telemetry type, and selection criteria.
See also: AWS API Documentation
Request Syntax
client.create_telemetry_rule(
RuleName='string',
Rule={
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter'|'AWS::BedrockAgentCore::Gateway'|'AWS::BedrockAgentCore::Memory'|'AWS::SecurityHub::Hub'|'AWS::CloudFront::Distribution',
'TelemetryType': 'Logs'|'Metrics'|'Traces',
'TelemetrySourceTypes': [
'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
],
'DestinationConfiguration': {
'DestinationType': 'cloud-watch-logs',
'DestinationPattern': 'string',
'RetentionInDays': 123,
'VPCFlowLogParameters': {
'LogFormat': 'string',
'TrafficType': 'string',
'MaxAggregationInterval': 123
},
'CloudtrailParameters': {
'AdvancedEventSelectors': [
{
'Name': 'string',
'FieldSelectors': [
{
'Field': 'string',
'Equals': [
'string',
],
'StartsWith': [
'string',
],
'EndsWith': [
'string',
],
'NotEquals': [
'string',
],
'NotStartsWith': [
'string',
],
'NotEndsWith': [
'string',
]
},
]
},
]
},
'ELBLoadBalancerLoggingParameters': {
'OutputFormat': 'plain'|'json',
'FieldDelimiter': 'string'
},
'WAFLoggingParameters': {
'RedactedFields': [
{
'SingleHeader': {
'Name': 'string'
},
'UriPath': 'string',
'QueryString': 'string',
'Method': 'string'
},
],
'LoggingFilter': {
'Filters': [
{
'Behavior': 'KEEP'|'DROP',
'Requirement': 'MEETS_ALL'|'MEETS_ANY',
'Conditions': [
{
'ActionCondition': {
'Action': 'ALLOW'|'BLOCK'|'COUNT'|'CAPTCHA'|'CHALLENGE'|'EXCLUDED_AS_COUNT'
},
'LabelNameCondition': {
'LabelName': 'string'
}
},
]
},
],
'DefaultBehavior': 'KEEP'|'DROP'
},
'LogType': 'WAF_LOGS'
},
'LogDeliveryParameters': {
'LogTypes': [
'APPLICATION_LOGS'|'USAGE_LOGS'|'SECURITY_FINDING_LOGS'|'ACCESS_LOGS'|'CONNECTION_LOGS',
]
}
},
'Scope': 'string',
'SelectionCriteria': 'string'
},
Tags={
'string': 'string'
}
)
string
[REQUIRED]
A unique name for the telemetry rule being created.
dict
[REQUIRED]
The configuration details for the telemetry rule, including the resource type, telemetry type, destination configuration, and selection criteria for which resources the rule applies to.
ResourceType (string) --
The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC", "AWS::EKS::Cluster", "AWS::WAFv2::WebACL").
TelemetryType (string) -- [REQUIRED]
The type of telemetry to collect (Logs, Metrics, or Traces).
TelemetrySourceTypes (list) --
The specific telemetry source types to configure for the resource, such as VPC_FLOW_LOGS or EKS_AUDIT_LOGS. TelemetrySourceTypes must be correlated with the specific resource type.
(string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
DestinationConfiguration (dict) --
Configuration specifying where and how the telemetry data should be delivered.
DestinationType (string) --
The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").
DestinationPattern (string) --
The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.
RetentionInDays (integer) --
The number of days to retain the telemetry data in the destination.
VPCFlowLogParameters (dict) --
Configuration parameters specific to VPC Flow Logs when VPC is the resource type.
LogFormat (string) --
The format in which VPC Flow Log entries should be logged.
TrafficType (string) --
The type of traffic to log (ACCEPT, REJECT, or ALL).
MaxAggregationInterval (integer) --
The maximum interval in seconds between the capture of flow log records.
CloudtrailParameters (dict) --
Configuration parameters specific to Amazon Web Services CloudTrail when CloudTrail is the source type.
AdvancedEventSelectors (list) -- [REQUIRED]
The advanced event selectors to use for filtering Amazon Web Services CloudTrail events.
(dict) --
Advanced event selectors let you create fine-grained selectors for management, data, and network activity events.
Name (string) --
An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets".
FieldSelectors (list) -- [REQUIRED]
Contains all selector statements in an advanced event selector.
(dict) --
Defines criteria for selecting resources based on field values.
Field (string) -- [REQUIRED]
The name of the field to use for selection.
Equals (list) --
Matches if the field value equals the specified value.
(string) --
StartsWith (list) --
Matches if the field value starts with the specified value.
(string) --
EndsWith (list) --
Matches if the field value ends with the specified value.
(string) --
NotEquals (list) --
Matches if the field value does not equal the specified value.
(string) --
NotStartsWith (list) --
Matches if the field value does not start with the specified value.
(string) --
NotEndsWith (list) --
Matches if the field value does not end with the specified value.
(string) --
ELBLoadBalancerLoggingParameters (dict) --
Configuration parameters specific to ELB load balancer logging when ELB is the resource type.
OutputFormat (string) --
The format for ELB access log entries (plain text or JSON format).
FieldDelimiter (string) --
The delimiter character used to separate fields in ELB access log entries when using plain text format.
WAFLoggingParameters (dict) --
Configuration parameters specific to WAF logging when WAF is the resource type.
RedactedFields (list) --
The fields to redact from WAF logs to protect sensitive information.
(dict) --
Specifies a field in the request to redact from WAF logs, such as headers, query parameters, or body content.
SingleHeader (dict) --
Redacts a specific header field by name from WAF logs.
Name (string) --
The name value, limited to 64 characters.
UriPath (string) --
Redacts the URI path from WAF logs.
QueryString (string) --
Redacts the entire query string from WAF logs.
Method (string) --
Redacts the HTTP method from WAF logs.
LoggingFilter (dict) --
A filter configuration that determines which WAF log records to include or exclude.
Filters (list) --
A list of filter conditions that determine log record handling behavior.
(dict) --
A single filter condition that specifies behavior, requirement, and matching conditions for WAF log records.
Behavior (string) --
The action to take for log records matching this filter (KEEP or DROP).
Requirement (string) --
Whether the log record must meet all conditions (MEETS_ALL) or any condition (MEETS_ANY) to match this filter.
Conditions (list) --
The list of conditions that determine if a log record matches this filter.
(dict) --
A single condition that can match based on WAF rule action or label name.
ActionCondition (dict) --
Matches log records based on the WAF rule action taken (ALLOW, BLOCK, COUNT, etc.).
Action (string) --
The WAF action to match against (ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT).
LabelNameCondition (dict) --
Matches log records based on WAF rule labels applied to the request.
LabelName (string) --
The label name to match, supporting alphanumeric characters, underscores, hyphens, and colons.
DefaultBehavior (string) --
The default action (KEEP or DROP) for log records that don't match any filter conditions.
LogType (string) --
The type of WAF logs to collect (currently supports WAF_LOGS).
LogDeliveryParameters (dict) --
Configuration parameters specific to Amazon Bedrock AgentCore logging when Amazon Bedrock AgentCore is the resource type.
LogTypes (list) --
The type of log that the source is sending.
(string) --
Scope (string) --
The organizational scope to which the rule applies, specified using accounts or organizational units.
SelectionCriteria (string) --
Criteria for selecting which resources the rule applies to, such as resource tags.
dict
The key-value pairs to associate with the telemetry rule resource for categorization and management purposes.
(string) --
(string) --
dict
Response Syntax
{
'RuleArn': 'string'
}
Response Structure
(dict) --
RuleArn (string) --
The Amazon Resource Name (ARN) of the created telemetry rule.
{'Rule': {'DestinationConfiguration': {'LogDeliveryParameters': {'LogTypes': {'ACCESS_LOGS',
'CONNECTION_LOGS',
'SECURITY_FINDING_LOGS'}}},
'ResourceType': {'AWS::BedrockAgentCore::Gateway',
'AWS::BedrockAgentCore::Memory',
'AWS::CloudFront::Distribution',
'AWS::SecurityHub::Hub'}}}
Creates a telemetry rule that applies across an Amazon Web Services Organization. This operation can only be called by the organization's management account or a delegated administrator account.
See also: AWS API Documentation
Request Syntax
client.create_telemetry_rule_for_organization(
RuleName='string',
Rule={
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter'|'AWS::BedrockAgentCore::Gateway'|'AWS::BedrockAgentCore::Memory'|'AWS::SecurityHub::Hub'|'AWS::CloudFront::Distribution',
'TelemetryType': 'Logs'|'Metrics'|'Traces',
'TelemetrySourceTypes': [
'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
],
'DestinationConfiguration': {
'DestinationType': 'cloud-watch-logs',
'DestinationPattern': 'string',
'RetentionInDays': 123,
'VPCFlowLogParameters': {
'LogFormat': 'string',
'TrafficType': 'string',
'MaxAggregationInterval': 123
},
'CloudtrailParameters': {
'AdvancedEventSelectors': [
{
'Name': 'string',
'FieldSelectors': [
{
'Field': 'string',
'Equals': [
'string',
],
'StartsWith': [
'string',
],
'EndsWith': [
'string',
],
'NotEquals': [
'string',
],
'NotStartsWith': [
'string',
],
'NotEndsWith': [
'string',
]
},
]
},
]
},
'ELBLoadBalancerLoggingParameters': {
'OutputFormat': 'plain'|'json',
'FieldDelimiter': 'string'
},
'WAFLoggingParameters': {
'RedactedFields': [
{
'SingleHeader': {
'Name': 'string'
},
'UriPath': 'string',
'QueryString': 'string',
'Method': 'string'
},
],
'LoggingFilter': {
'Filters': [
{
'Behavior': 'KEEP'|'DROP',
'Requirement': 'MEETS_ALL'|'MEETS_ANY',
'Conditions': [
{
'ActionCondition': {
'Action': 'ALLOW'|'BLOCK'|'COUNT'|'CAPTCHA'|'CHALLENGE'|'EXCLUDED_AS_COUNT'
},
'LabelNameCondition': {
'LabelName': 'string'
}
},
]
},
],
'DefaultBehavior': 'KEEP'|'DROP'
},
'LogType': 'WAF_LOGS'
},
'LogDeliveryParameters': {
'LogTypes': [
'APPLICATION_LOGS'|'USAGE_LOGS'|'SECURITY_FINDING_LOGS'|'ACCESS_LOGS'|'CONNECTION_LOGS',
]
}
},
'Scope': 'string',
'SelectionCriteria': 'string'
},
Tags={
'string': 'string'
}
)
string
[REQUIRED]
A unique name for the organization-wide telemetry rule being created.
dict
[REQUIRED]
The configuration details for the organization-wide telemetry rule, including the resource type, telemetry type, destination configuration, and selection criteria for which resources the rule applies to across the organization.
ResourceType (string) --
The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC", "AWS::EKS::Cluster", "AWS::WAFv2::WebACL").
TelemetryType (string) -- [REQUIRED]
The type of telemetry to collect (Logs, Metrics, or Traces).
TelemetrySourceTypes (list) --
The specific telemetry source types to configure for the resource, such as VPC_FLOW_LOGS or EKS_AUDIT_LOGS. TelemetrySourceTypes must be correlated with the specific resource type.
(string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
DestinationConfiguration (dict) --
Configuration specifying where and how the telemetry data should be delivered.
DestinationType (string) --
The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").
DestinationPattern (string) --
The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.
RetentionInDays (integer) --
The number of days to retain the telemetry data in the destination.
VPCFlowLogParameters (dict) --
Configuration parameters specific to VPC Flow Logs when VPC is the resource type.
LogFormat (string) --
The format in which VPC Flow Log entries should be logged.
TrafficType (string) --
The type of traffic to log (ACCEPT, REJECT, or ALL).
MaxAggregationInterval (integer) --
The maximum interval in seconds between the capture of flow log records.
CloudtrailParameters (dict) --
Configuration parameters specific to Amazon Web Services CloudTrail when CloudTrail is the source type.
AdvancedEventSelectors (list) -- [REQUIRED]
The advanced event selectors to use for filtering Amazon Web Services CloudTrail events.
(dict) --
Advanced event selectors let you create fine-grained selectors for management, data, and network activity events.
Name (string) --
An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets".
FieldSelectors (list) -- [REQUIRED]
Contains all selector statements in an advanced event selector.
(dict) --
Defines criteria for selecting resources based on field values.
Field (string) -- [REQUIRED]
The name of the field to use for selection.
Equals (list) --
Matches if the field value equals the specified value.
(string) --
StartsWith (list) --
Matches if the field value starts with the specified value.
(string) --
EndsWith (list) --
Matches if the field value ends with the specified value.
(string) --
NotEquals (list) --
Matches if the field value does not equal the specified value.
(string) --
NotStartsWith (list) --
Matches if the field value does not start with the specified value.
(string) --
NotEndsWith (list) --
Matches if the field value does not end with the specified value.
(string) --
ELBLoadBalancerLoggingParameters (dict) --
Configuration parameters specific to ELB load balancer logging when ELB is the resource type.
OutputFormat (string) --
The format for ELB access log entries (plain text or JSON format).
FieldDelimiter (string) --
The delimiter character used to separate fields in ELB access log entries when using plain text format.
WAFLoggingParameters (dict) --
Configuration parameters specific to WAF logging when WAF is the resource type.
RedactedFields (list) --
The fields to redact from WAF logs to protect sensitive information.
(dict) --
Specifies a field in the request to redact from WAF logs, such as headers, query parameters, or body content.
SingleHeader (dict) --
Redacts a specific header field by name from WAF logs.
Name (string) --
The name value, limited to 64 characters.
UriPath (string) --
Redacts the URI path from WAF logs.
QueryString (string) --
Redacts the entire query string from WAF logs.
Method (string) --
Redacts the HTTP method from WAF logs.
LoggingFilter (dict) --
A filter configuration that determines which WAF log records to include or exclude.
Filters (list) --
A list of filter conditions that determine log record handling behavior.
(dict) --
A single filter condition that specifies behavior, requirement, and matching conditions for WAF log records.
Behavior (string) --
The action to take for log records matching this filter (KEEP or DROP).
Requirement (string) --
Whether the log record must meet all conditions (MEETS_ALL) or any condition (MEETS_ANY) to match this filter.
Conditions (list) --
The list of conditions that determine if a log record matches this filter.
(dict) --
A single condition that can match based on WAF rule action or label name.
ActionCondition (dict) --
Matches log records based on the WAF rule action taken (ALLOW, BLOCK, COUNT, etc.).
Action (string) --
The WAF action to match against (ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT).
LabelNameCondition (dict) --
Matches log records based on WAF rule labels applied to the request.
LabelName (string) --
The label name to match, supporting alphanumeric characters, underscores, hyphens, and colons.
DefaultBehavior (string) --
The default action (KEEP or DROP) for log records that don't match any filter conditions.
LogType (string) --
The type of WAF logs to collect (currently supports WAF_LOGS).
LogDeliveryParameters (dict) --
Configuration parameters specific to Amazon Bedrock AgentCore logging when Amazon Bedrock AgentCore is the resource type.
LogTypes (list) --
The type of log that the source is sending.
(string) --
Scope (string) --
The organizational scope to which the rule applies, specified using accounts or organizational units.
SelectionCriteria (string) --
Criteria for selecting which resources the rule applies to, such as resource tags.
dict
The key-value pairs to associate with the organization telemetry rule resource for categorization and management purposes.
(string) --
(string) --
dict
Response Syntax
{
'RuleArn': 'string'
}
Response Structure
(dict) --
RuleArn (string) --
The Amazon Resource Name (ARN) of the created organization telemetry rule.
{'TelemetryRule': {'DestinationConfiguration': {'LogDeliveryParameters': {'LogTypes': {'ACCESS_LOGS',
'CONNECTION_LOGS',
'SECURITY_FINDING_LOGS'}}},
'ResourceType': {'AWS::BedrockAgentCore::Gateway',
'AWS::BedrockAgentCore::Memory',
'AWS::CloudFront::Distribution',
'AWS::SecurityHub::Hub'}}}
Retrieves the details of a specific telemetry rule in your account.
See also: AWS API Documentation
Request Syntax
client.get_telemetry_rule(
RuleIdentifier='string'
)
string
[REQUIRED]
The identifier (name or ARN) of the telemetry rule to retrieve.
dict
Response Syntax
{
'RuleName': 'string',
'RuleArn': 'string',
'CreatedTimeStamp': 123,
'LastUpdateTimeStamp': 123,
'TelemetryRule': {
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter'|'AWS::BedrockAgentCore::Gateway'|'AWS::BedrockAgentCore::Memory'|'AWS::SecurityHub::Hub'|'AWS::CloudFront::Distribution',
'TelemetryType': 'Logs'|'Metrics'|'Traces',
'TelemetrySourceTypes': [
'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
],
'DestinationConfiguration': {
'DestinationType': 'cloud-watch-logs',
'DestinationPattern': 'string',
'RetentionInDays': 123,
'VPCFlowLogParameters': {
'LogFormat': 'string',
'TrafficType': 'string',
'MaxAggregationInterval': 123
},
'CloudtrailParameters': {
'AdvancedEventSelectors': [
{
'Name': 'string',
'FieldSelectors': [
{
'Field': 'string',
'Equals': [
'string',
],
'StartsWith': [
'string',
],
'EndsWith': [
'string',
],
'NotEquals': [
'string',
],
'NotStartsWith': [
'string',
],
'NotEndsWith': [
'string',
]
},
]
},
]
},
'ELBLoadBalancerLoggingParameters': {
'OutputFormat': 'plain'|'json',
'FieldDelimiter': 'string'
},
'WAFLoggingParameters': {
'RedactedFields': [
{
'SingleHeader': {
'Name': 'string'
},
'UriPath': 'string',
'QueryString': 'string',
'Method': 'string'
},
],
'LoggingFilter': {
'Filters': [
{
'Behavior': 'KEEP'|'DROP',
'Requirement': 'MEETS_ALL'|'MEETS_ANY',
'Conditions': [
{
'ActionCondition': {
'Action': 'ALLOW'|'BLOCK'|'COUNT'|'CAPTCHA'|'CHALLENGE'|'EXCLUDED_AS_COUNT'
},
'LabelNameCondition': {
'LabelName': 'string'
}
},
]
},
],
'DefaultBehavior': 'KEEP'|'DROP'
},
'LogType': 'WAF_LOGS'
},
'LogDeliveryParameters': {
'LogTypes': [
'APPLICATION_LOGS'|'USAGE_LOGS'|'SECURITY_FINDING_LOGS'|'ACCESS_LOGS'|'CONNECTION_LOGS',
]
}
},
'Scope': 'string',
'SelectionCriteria': 'string'
}
}
Response Structure
(dict) --
RuleName (string) --
The name of the telemetry rule.
RuleArn (string) --
The Amazon Resource Name (ARN) of the telemetry rule.
CreatedTimeStamp (integer) --
The timestamp when the telemetry rule was created.
LastUpdateTimeStamp (integer) --
The timestamp when the telemetry rule was last updated.
TelemetryRule (dict) --
The configuration details of the telemetry rule.
ResourceType (string) --
The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC", "AWS::EKS::Cluster", "AWS::WAFv2::WebACL").
TelemetryType (string) --
The type of telemetry to collect (Logs, Metrics, or Traces).
TelemetrySourceTypes (list) --
The specific telemetry source types to configure for the resource, such as VPC_FLOW_LOGS or EKS_AUDIT_LOGS. TelemetrySourceTypes must be correlated with the specific resource type.
(string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
DestinationConfiguration (dict) --
Configuration specifying where and how the telemetry data should be delivered.
DestinationType (string) --
The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").
DestinationPattern (string) --
The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.
RetentionInDays (integer) --
The number of days to retain the telemetry data in the destination.
VPCFlowLogParameters (dict) --
Configuration parameters specific to VPC Flow Logs when VPC is the resource type.
LogFormat (string) --
The format in which VPC Flow Log entries should be logged.
TrafficType (string) --
The type of traffic to log (ACCEPT, REJECT, or ALL).
MaxAggregationInterval (integer) --
The maximum interval in seconds between the capture of flow log records.
CloudtrailParameters (dict) --
Configuration parameters specific to Amazon Web Services CloudTrail when CloudTrail is the source type.
AdvancedEventSelectors (list) --
The advanced event selectors to use for filtering Amazon Web Services CloudTrail events.
(dict) --
Advanced event selectors let you create fine-grained selectors for management, data, and network activity events.
Name (string) --
An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets".
FieldSelectors (list) --
Contains all selector statements in an advanced event selector.
(dict) --
Defines criteria for selecting resources based on field values.
Field (string) --
The name of the field to use for selection.
Equals (list) --
Matches if the field value equals the specified value.
(string) --
StartsWith (list) --
Matches if the field value starts with the specified value.
(string) --
EndsWith (list) --
Matches if the field value ends with the specified value.
(string) --
NotEquals (list) --
Matches if the field value does not equal the specified value.
(string) --
NotStartsWith (list) --
Matches if the field value does not start with the specified value.
(string) --
NotEndsWith (list) --
Matches if the field value does not end with the specified value.
(string) --
ELBLoadBalancerLoggingParameters (dict) --
Configuration parameters specific to ELB load balancer logging when ELB is the resource type.
OutputFormat (string) --
The format for ELB access log entries (plain text or JSON format).
FieldDelimiter (string) --
The delimiter character used to separate fields in ELB access log entries when using plain text format.
WAFLoggingParameters (dict) --
Configuration parameters specific to WAF logging when WAF is the resource type.
RedactedFields (list) --
The fields to redact from WAF logs to protect sensitive information.
(dict) --
Specifies a field in the request to redact from WAF logs, such as headers, query parameters, or body content.
SingleHeader (dict) --
Redacts a specific header field by name from WAF logs.
Name (string) --
The name value, limited to 64 characters.
UriPath (string) --
Redacts the URI path from WAF logs.
QueryString (string) --
Redacts the entire query string from WAF logs.
Method (string) --
Redacts the HTTP method from WAF logs.
LoggingFilter (dict) --
A filter configuration that determines which WAF log records to include or exclude.
Filters (list) --
A list of filter conditions that determine log record handling behavior.
(dict) --
A single filter condition that specifies behavior, requirement, and matching conditions for WAF log records.
Behavior (string) --
The action to take for log records matching this filter (KEEP or DROP).
Requirement (string) --
Whether the log record must meet all conditions (MEETS_ALL) or any condition (MEETS_ANY) to match this filter.
Conditions (list) --
The list of conditions that determine if a log record matches this filter.
(dict) --
A single condition that can match based on WAF rule action or label name.
ActionCondition (dict) --
Matches log records based on the WAF rule action taken (ALLOW, BLOCK, COUNT, etc.).
Action (string) --
The WAF action to match against (ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT).
LabelNameCondition (dict) --
Matches log records based on WAF rule labels applied to the request.
LabelName (string) --
The label name to match, supporting alphanumeric characters, underscores, hyphens, and colons.
DefaultBehavior (string) --
The default action (KEEP or DROP) for log records that don't match any filter conditions.
LogType (string) --
The type of WAF logs to collect (currently supports WAF_LOGS).
LogDeliveryParameters (dict) --
Configuration parameters specific to Amazon Bedrock AgentCore logging when Amazon Bedrock AgentCore is the resource type.
LogTypes (list) --
The type of log that the source is sending.
(string) --
Scope (string) --
The organizational scope to which the rule applies, specified using accounts or organizational units.
SelectionCriteria (string) --
Criteria for selecting which resources the rule applies to, such as resource tags.
{'TelemetryRule': {'DestinationConfiguration': {'LogDeliveryParameters': {'LogTypes': {'ACCESS_LOGS',
'CONNECTION_LOGS',
'SECURITY_FINDING_LOGS'}}},
'ResourceType': {'AWS::BedrockAgentCore::Gateway',
'AWS::BedrockAgentCore::Memory',
'AWS::CloudFront::Distribution',
'AWS::SecurityHub::Hub'}}}
Retrieves the details of a specific organization telemetry rule. This operation can only be called by the organization's management account or a delegated administrator account.
See also: AWS API Documentation
Request Syntax
client.get_telemetry_rule_for_organization(
RuleIdentifier='string'
)
string
[REQUIRED]
The identifier (name or ARN) of the organization telemetry rule to retrieve.
dict
Response Syntax
{
'RuleName': 'string',
'RuleArn': 'string',
'CreatedTimeStamp': 123,
'LastUpdateTimeStamp': 123,
'TelemetryRule': {
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter'|'AWS::BedrockAgentCore::Gateway'|'AWS::BedrockAgentCore::Memory'|'AWS::SecurityHub::Hub'|'AWS::CloudFront::Distribution',
'TelemetryType': 'Logs'|'Metrics'|'Traces',
'TelemetrySourceTypes': [
'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
],
'DestinationConfiguration': {
'DestinationType': 'cloud-watch-logs',
'DestinationPattern': 'string',
'RetentionInDays': 123,
'VPCFlowLogParameters': {
'LogFormat': 'string',
'TrafficType': 'string',
'MaxAggregationInterval': 123
},
'CloudtrailParameters': {
'AdvancedEventSelectors': [
{
'Name': 'string',
'FieldSelectors': [
{
'Field': 'string',
'Equals': [
'string',
],
'StartsWith': [
'string',
],
'EndsWith': [
'string',
],
'NotEquals': [
'string',
],
'NotStartsWith': [
'string',
],
'NotEndsWith': [
'string',
]
},
]
},
]
},
'ELBLoadBalancerLoggingParameters': {
'OutputFormat': 'plain'|'json',
'FieldDelimiter': 'string'
},
'WAFLoggingParameters': {
'RedactedFields': [
{
'SingleHeader': {
'Name': 'string'
},
'UriPath': 'string',
'QueryString': 'string',
'Method': 'string'
},
],
'LoggingFilter': {
'Filters': [
{
'Behavior': 'KEEP'|'DROP',
'Requirement': 'MEETS_ALL'|'MEETS_ANY',
'Conditions': [
{
'ActionCondition': {
'Action': 'ALLOW'|'BLOCK'|'COUNT'|'CAPTCHA'|'CHALLENGE'|'EXCLUDED_AS_COUNT'
},
'LabelNameCondition': {
'LabelName': 'string'
}
},
]
},
],
'DefaultBehavior': 'KEEP'|'DROP'
},
'LogType': 'WAF_LOGS'
},
'LogDeliveryParameters': {
'LogTypes': [
'APPLICATION_LOGS'|'USAGE_LOGS'|'SECURITY_FINDING_LOGS'|'ACCESS_LOGS'|'CONNECTION_LOGS',
]
}
},
'Scope': 'string',
'SelectionCriteria': 'string'
}
}
Response Structure
(dict) --
RuleName (string) --
The name of the organization telemetry rule.
RuleArn (string) --
The Amazon Resource Name (ARN) of the organization telemetry rule.
CreatedTimeStamp (integer) --
The timestamp when the organization telemetry rule was created.
LastUpdateTimeStamp (integer) --
The timestamp when the organization telemetry rule was last updated.
TelemetryRule (dict) --
The configuration details of the organization telemetry rule.
ResourceType (string) --
The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC", "AWS::EKS::Cluster", "AWS::WAFv2::WebACL").
TelemetryType (string) --
The type of telemetry to collect (Logs, Metrics, or Traces).
TelemetrySourceTypes (list) --
The specific telemetry source types to configure for the resource, such as VPC_FLOW_LOGS or EKS_AUDIT_LOGS. TelemetrySourceTypes must be correlated with the specific resource type.
(string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
DestinationConfiguration (dict) --
Configuration specifying where and how the telemetry data should be delivered.
DestinationType (string) --
The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").
DestinationPattern (string) --
The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.
RetentionInDays (integer) --
The number of days to retain the telemetry data in the destination.
VPCFlowLogParameters (dict) --
Configuration parameters specific to VPC Flow Logs when VPC is the resource type.
LogFormat (string) --
The format in which VPC Flow Log entries should be logged.
TrafficType (string) --
The type of traffic to log (ACCEPT, REJECT, or ALL).
MaxAggregationInterval (integer) --
The maximum interval in seconds between the capture of flow log records.
CloudtrailParameters (dict) --
Configuration parameters specific to Amazon Web Services CloudTrail when CloudTrail is the source type.
AdvancedEventSelectors (list) --
The advanced event selectors to use for filtering Amazon Web Services CloudTrail events.
(dict) --
Advanced event selectors let you create fine-grained selectors for management, data, and network activity events.
Name (string) --
An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets".
FieldSelectors (list) --
Contains all selector statements in an advanced event selector.
(dict) --
Defines criteria for selecting resources based on field values.
Field (string) --
The name of the field to use for selection.
Equals (list) --
Matches if the field value equals the specified value.
(string) --
StartsWith (list) --
Matches if the field value starts with the specified value.
(string) --
EndsWith (list) --
Matches if the field value ends with the specified value.
(string) --
NotEquals (list) --
Matches if the field value does not equal the specified value.
(string) --
NotStartsWith (list) --
Matches if the field value does not start with the specified value.
(string) --
NotEndsWith (list) --
Matches if the field value does not end with the specified value.
(string) --
ELBLoadBalancerLoggingParameters (dict) --
Configuration parameters specific to ELB load balancer logging when ELB is the resource type.
OutputFormat (string) --
The format for ELB access log entries (plain text or JSON format).
FieldDelimiter (string) --
The delimiter character used to separate fields in ELB access log entries when using plain text format.
WAFLoggingParameters (dict) --
Configuration parameters specific to WAF logging when WAF is the resource type.
RedactedFields (list) --
The fields to redact from WAF logs to protect sensitive information.
(dict) --
Specifies a field in the request to redact from WAF logs, such as headers, query parameters, or body content.
SingleHeader (dict) --
Redacts a specific header field by name from WAF logs.
Name (string) --
The name value, limited to 64 characters.
UriPath (string) --
Redacts the URI path from WAF logs.
QueryString (string) --
Redacts the entire query string from WAF logs.
Method (string) --
Redacts the HTTP method from WAF logs.
LoggingFilter (dict) --
A filter configuration that determines which WAF log records to include or exclude.
Filters (list) --
A list of filter conditions that determine log record handling behavior.
(dict) --
A single filter condition that specifies behavior, requirement, and matching conditions for WAF log records.
Behavior (string) --
The action to take for log records matching this filter (KEEP or DROP).
Requirement (string) --
Whether the log record must meet all conditions (MEETS_ALL) or any condition (MEETS_ANY) to match this filter.
Conditions (list) --
The list of conditions that determine if a log record matches this filter.
(dict) --
A single condition that can match based on WAF rule action or label name.
ActionCondition (dict) --
Matches log records based on the WAF rule action taken (ALLOW, BLOCK, COUNT, etc.).
Action (string) --
The WAF action to match against (ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT).
LabelNameCondition (dict) --
Matches log records based on WAF rule labels applied to the request.
LabelName (string) --
The label name to match, supporting alphanumeric characters, underscores, hyphens, and colons.
DefaultBehavior (string) --
The default action (KEEP or DROP) for log records that don't match any filter conditions.
LogType (string) --
The type of WAF logs to collect (currently supports WAF_LOGS).
LogDeliveryParameters (dict) --
Configuration parameters specific to Amazon Bedrock AgentCore logging when Amazon Bedrock AgentCore is the resource type.
LogTypes (list) --
The type of log that the source is sending.
(string) --
Scope (string) --
The organizational scope to which the rule applies, specified using accounts or organizational units.
SelectionCriteria (string) --
Criteria for selecting which resources the rule applies to, such as resource tags.
{'ResourceTypes': {'AWS::BedrockAgentCore::Gateway',
'AWS::BedrockAgentCore::Memory',
'AWS::CloudFront::Distribution',
'AWS::SecurityHub::Hub'}}
Response {'TelemetryConfigurations': {'ResourceType': {'AWS::BedrockAgentCore::Gateway',
'AWS::BedrockAgentCore::Memory',
'AWS::CloudFront::Distribution',
'AWS::SecurityHub::Hub'}}}
Returns a list of telemetry configurations for Amazon Web Services resources supported by telemetry config. For more information, see Auditing CloudWatch telemetry configurations.
See also: AWS API Documentation
Request Syntax
client.list_resource_telemetry(
ResourceIdentifierPrefix='string',
ResourceTypes=[
'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter'|'AWS::BedrockAgentCore::Gateway'|'AWS::BedrockAgentCore::Memory'|'AWS::SecurityHub::Hub'|'AWS::CloudFront::Distribution',
],
TelemetryConfigurationState={
'string': 'Enabled'|'Disabled'|'NotApplicable'
},
ResourceTags={
'string': 'string'
},
MaxResults=123,
NextToken='string'
)
string
A string used to filter resources which have a ResourceIdentifier starting with the ResourceIdentifierPrefix.
list
A list of resource types used to filter resources supported by telemetry config. If this parameter is provided, the resources will be returned in the same order used in the request.
(string) --
dict
A key-value pair to filter resources based on the telemetry type and the state of the telemetry configuration. The key is the telemetry type and the value is the state.
(string) --
(string) --
dict
A key-value pair to filter resources based on tags associated with the resource. For more information about tags, see What are tags?
(string) --
(string) --
integer
A number field used to limit the number of results within the returned list.
string
The token for the next set of items to return. A previous call generates this token.
dict
Response Syntax
{
'TelemetryConfigurations': [
{
'AccountIdentifier': 'string',
'TelemetryConfigurationState': {
'string': 'Enabled'|'Disabled'|'NotApplicable'
},
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter'|'AWS::BedrockAgentCore::Gateway'|'AWS::BedrockAgentCore::Memory'|'AWS::SecurityHub::Hub'|'AWS::CloudFront::Distribution',
'ResourceIdentifier': 'string',
'ResourceTags': {
'string': 'string'
},
'LastUpdateTimeStamp': 123,
'TelemetrySourceType': 'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
TelemetryConfigurations (list) --
A list of telemetry configurations for Amazon Web Services resources supported by telemetry config in the caller's account.
(dict) --
A model representing the state of a resource within an account according to telemetry config.
AccountIdentifier (string) --
The account ID which contains the resource managed in telemetry configuration. An example of a valid account ID is 012345678901.
TelemetryConfigurationState (dict) --
The configuration state for the resource, for example { Logs: NotApplicable; Metrics: Enabled; Traces: NotApplicable; }.
(string) --
(string) --
ResourceType (string) --
The type of resource, for example Amazon Web Services::EC2::Instance, or Amazon Web Services::EKS::Cluster, etc.
ResourceIdentifier (string) --
The identifier of the resource, for example for Amazon VPC, it would be vpc-1a2b3c4d5e6f1a2b3.
ResourceTags (dict) --
Tags associated with the resource, for example { Name: "ExampleInstance", Environment: "Development" }.
(string) --
(string) --
LastUpdateTimeStamp (integer) --
The timestamp of the last change to the telemetry configuration for the resource. For example, 1728679196318.
TelemetrySourceType (string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
NextToken (string) --
The token for the next set of items to return. A previous call generates this token.
{'ResourceTypes': {'AWS::BedrockAgentCore::Gateway',
'AWS::BedrockAgentCore::Memory',
'AWS::CloudFront::Distribution',
'AWS::SecurityHub::Hub'}}
Response {'TelemetryConfigurations': {'ResourceType': {'AWS::BedrockAgentCore::Gateway',
'AWS::BedrockAgentCore::Memory',
'AWS::CloudFront::Distribution',
'AWS::SecurityHub::Hub'}}}
Returns a list of telemetry configurations for Amazon Web Services resources supported by telemetry config in the organization.
See also: AWS API Documentation
Request Syntax
client.list_resource_telemetry_for_organization(
AccountIdentifiers=[
'string',
],
ResourceIdentifierPrefix='string',
ResourceTypes=[
'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter'|'AWS::BedrockAgentCore::Gateway'|'AWS::BedrockAgentCore::Memory'|'AWS::SecurityHub::Hub'|'AWS::CloudFront::Distribution',
],
TelemetryConfigurationState={
'string': 'Enabled'|'Disabled'|'NotApplicable'
},
ResourceTags={
'string': 'string'
},
MaxResults=123,
NextToken='string'
)
list
A list of Amazon Web Services accounts used to filter the resources to those associated with the specified accounts.
(string) --
string
A string used to filter resources in the organization which have a ResourceIdentifier starting with the ResourceIdentifierPrefix.
list
A list of resource types used to filter resources in the organization. If this parameter is provided, the resources will be returned in the same order used in the request.
(string) --
dict
A key-value pair to filter resources in the organization based on the telemetry type and the state of the telemetry configuration. The key is the telemetry type and the value is the state.
(string) --
(string) --
dict
A key-value pair to filter resources in the organization based on tags associated with the resource. Fore more information about tags, see What are tags?
(string) --
(string) --
integer
A number field used to limit the number of results within the returned list.
string
The token for the next set of items to return. A previous call provides this token.
dict
Response Syntax
{
'TelemetryConfigurations': [
{
'AccountIdentifier': 'string',
'TelemetryConfigurationState': {
'string': 'Enabled'|'Disabled'|'NotApplicable'
},
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter'|'AWS::BedrockAgentCore::Gateway'|'AWS::BedrockAgentCore::Memory'|'AWS::SecurityHub::Hub'|'AWS::CloudFront::Distribution',
'ResourceIdentifier': 'string',
'ResourceTags': {
'string': 'string'
},
'LastUpdateTimeStamp': 123,
'TelemetrySourceType': 'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
TelemetryConfigurations (list) --
A list of telemetry configurations for Amazon Web Services resources supported by telemetry config in the organization.
(dict) --
A model representing the state of a resource within an account according to telemetry config.
AccountIdentifier (string) --
The account ID which contains the resource managed in telemetry configuration. An example of a valid account ID is 012345678901.
TelemetryConfigurationState (dict) --
The configuration state for the resource, for example { Logs: NotApplicable; Metrics: Enabled; Traces: NotApplicable; }.
(string) --
(string) --
ResourceType (string) --
The type of resource, for example Amazon Web Services::EC2::Instance, or Amazon Web Services::EKS::Cluster, etc.
ResourceIdentifier (string) --
The identifier of the resource, for example for Amazon VPC, it would be vpc-1a2b3c4d5e6f1a2b3.
ResourceTags (dict) --
Tags associated with the resource, for example { Name: "ExampleInstance", Environment: "Development" }.
(string) --
(string) --
LastUpdateTimeStamp (integer) --
The timestamp of the last change to the telemetry configuration for the resource. For example, 1728679196318.
TelemetrySourceType (string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
NextToken (string) --
The token for the next set of items to return. A previous call provides this token.
{'TelemetryRuleSummaries': {'ResourceType': {'AWS::BedrockAgentCore::Gateway',
'AWS::BedrockAgentCore::Memory',
'AWS::CloudFront::Distribution',
'AWS::SecurityHub::Hub'}}}
Lists all telemetry rules in your account. You can filter the results by specifying a rule name prefix.
See also: AWS API Documentation
Request Syntax
client.list_telemetry_rules(
RuleNamePrefix='string',
MaxResults=123,
NextToken='string'
)
string
A string to filter telemetry rules whose names begin with the specified prefix.
integer
The maximum number of telemetry rules to return in a single call.
string
The token for the next set of results. A previous call generates this token.
dict
Response Syntax
{
'TelemetryRuleSummaries': [
{
'RuleName': 'string',
'RuleArn': 'string',
'CreatedTimeStamp': 123,
'LastUpdateTimeStamp': 123,
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter'|'AWS::BedrockAgentCore::Gateway'|'AWS::BedrockAgentCore::Memory'|'AWS::SecurityHub::Hub'|'AWS::CloudFront::Distribution',
'TelemetryType': 'Logs'|'Metrics'|'Traces',
'TelemetrySourceTypes': [
'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
]
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
TelemetryRuleSummaries (list) --
A list of telemetry rule summaries.
(dict) --
A summary of a telemetry rule's key properties.
RuleName (string) --
The name of the telemetry rule.
RuleArn (string) --
The Amazon Resource Name (ARN) of the telemetry rule.
CreatedTimeStamp (integer) --
The timestamp when the telemetry rule was created.
LastUpdateTimeStamp (integer) --
The timestamp when the telemetry rule was last modified.
ResourceType (string) --
The type of Amazon Web Services resource the rule applies to.
TelemetryType (string) --
The type of telemetry (Logs, Metrics, or Traces) the rule configures.
TelemetrySourceTypes (list) --
The types of telemetry sources configured for this rule, such as VPC Flow Logs or EKS audit logs. TelemetrySourceTypes must be correlated with the specific resource type.
(string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
NextToken (string) --
A token to resume pagination of results.
{'TelemetryRuleSummaries': {'ResourceType': {'AWS::BedrockAgentCore::Gateway',
'AWS::BedrockAgentCore::Memory',
'AWS::CloudFront::Distribution',
'AWS::SecurityHub::Hub'}}}
Lists all telemetry rules in your organization. This operation can only be called by the organization's management account or a delegated administrator account.
See also: AWS API Documentation
Request Syntax
client.list_telemetry_rules_for_organization(
RuleNamePrefix='string',
SourceAccountIds=[
'string',
],
SourceOrganizationUnitIds=[
'string',
],
MaxResults=123,
NextToken='string'
)
string
A string to filter organization telemetry rules whose names begin with the specified prefix.
list
The list of account IDs to filter organization telemetry rules by their source accounts.
(string) --
list
The list of organizational unit IDs to filter organization telemetry rules by their source organizational units.
(string) --
integer
The maximum number of organization telemetry rules to return in a single call.
string
The token for the next set of results. A previous call generates this token.
dict
Response Syntax
{
'TelemetryRuleSummaries': [
{
'RuleName': 'string',
'RuleArn': 'string',
'CreatedTimeStamp': 123,
'LastUpdateTimeStamp': 123,
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter'|'AWS::BedrockAgentCore::Gateway'|'AWS::BedrockAgentCore::Memory'|'AWS::SecurityHub::Hub'|'AWS::CloudFront::Distribution',
'TelemetryType': 'Logs'|'Metrics'|'Traces',
'TelemetrySourceTypes': [
'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
]
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
TelemetryRuleSummaries (list) --
A list of organization telemetry rule summaries.
(dict) --
A summary of a telemetry rule's key properties.
RuleName (string) --
The name of the telemetry rule.
RuleArn (string) --
The Amazon Resource Name (ARN) of the telemetry rule.
CreatedTimeStamp (integer) --
The timestamp when the telemetry rule was created.
LastUpdateTimeStamp (integer) --
The timestamp when the telemetry rule was last modified.
ResourceType (string) --
The type of Amazon Web Services resource the rule applies to.
TelemetryType (string) --
The type of telemetry (Logs, Metrics, or Traces) the rule configures.
TelemetrySourceTypes (list) --
The types of telemetry sources configured for this rule, such as VPC Flow Logs or EKS audit logs. TelemetrySourceTypes must be correlated with the specific resource type.
(string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
NextToken (string) --
A token to resume pagination of results.
{'Rule': {'DestinationConfiguration': {'LogDeliveryParameters': {'LogTypes': {'ACCESS_LOGS',
'CONNECTION_LOGS',
'SECURITY_FINDING_LOGS'}}},
'ResourceType': {'AWS::BedrockAgentCore::Gateway',
'AWS::BedrockAgentCore::Memory',
'AWS::CloudFront::Distribution',
'AWS::SecurityHub::Hub'}}}
Updates an existing telemetry rule in your account. If multiple users attempt to modify the same telemetry rule simultaneously, a ConflictException is returned to provide specific error information for concurrent modification scenarios.
See also: AWS API Documentation
Request Syntax
client.update_telemetry_rule(
RuleIdentifier='string',
Rule={
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter'|'AWS::BedrockAgentCore::Gateway'|'AWS::BedrockAgentCore::Memory'|'AWS::SecurityHub::Hub'|'AWS::CloudFront::Distribution',
'TelemetryType': 'Logs'|'Metrics'|'Traces',
'TelemetrySourceTypes': [
'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
],
'DestinationConfiguration': {
'DestinationType': 'cloud-watch-logs',
'DestinationPattern': 'string',
'RetentionInDays': 123,
'VPCFlowLogParameters': {
'LogFormat': 'string',
'TrafficType': 'string',
'MaxAggregationInterval': 123
},
'CloudtrailParameters': {
'AdvancedEventSelectors': [
{
'Name': 'string',
'FieldSelectors': [
{
'Field': 'string',
'Equals': [
'string',
],
'StartsWith': [
'string',
],
'EndsWith': [
'string',
],
'NotEquals': [
'string',
],
'NotStartsWith': [
'string',
],
'NotEndsWith': [
'string',
]
},
]
},
]
},
'ELBLoadBalancerLoggingParameters': {
'OutputFormat': 'plain'|'json',
'FieldDelimiter': 'string'
},
'WAFLoggingParameters': {
'RedactedFields': [
{
'SingleHeader': {
'Name': 'string'
},
'UriPath': 'string',
'QueryString': 'string',
'Method': 'string'
},
],
'LoggingFilter': {
'Filters': [
{
'Behavior': 'KEEP'|'DROP',
'Requirement': 'MEETS_ALL'|'MEETS_ANY',
'Conditions': [
{
'ActionCondition': {
'Action': 'ALLOW'|'BLOCK'|'COUNT'|'CAPTCHA'|'CHALLENGE'|'EXCLUDED_AS_COUNT'
},
'LabelNameCondition': {
'LabelName': 'string'
}
},
]
},
],
'DefaultBehavior': 'KEEP'|'DROP'
},
'LogType': 'WAF_LOGS'
},
'LogDeliveryParameters': {
'LogTypes': [
'APPLICATION_LOGS'|'USAGE_LOGS'|'SECURITY_FINDING_LOGS'|'ACCESS_LOGS'|'CONNECTION_LOGS',
]
}
},
'Scope': 'string',
'SelectionCriteria': 'string'
}
)
string
[REQUIRED]
The identifier (name or ARN) of the telemetry rule to update.
dict
[REQUIRED]
The new configuration details for the telemetry rule.
ResourceType (string) --
The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC", "AWS::EKS::Cluster", "AWS::WAFv2::WebACL").
TelemetryType (string) -- [REQUIRED]
The type of telemetry to collect (Logs, Metrics, or Traces).
TelemetrySourceTypes (list) --
The specific telemetry source types to configure for the resource, such as VPC_FLOW_LOGS or EKS_AUDIT_LOGS. TelemetrySourceTypes must be correlated with the specific resource type.
(string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
DestinationConfiguration (dict) --
Configuration specifying where and how the telemetry data should be delivered.
DestinationType (string) --
The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").
DestinationPattern (string) --
The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.
RetentionInDays (integer) --
The number of days to retain the telemetry data in the destination.
VPCFlowLogParameters (dict) --
Configuration parameters specific to VPC Flow Logs when VPC is the resource type.
LogFormat (string) --
The format in which VPC Flow Log entries should be logged.
TrafficType (string) --
The type of traffic to log (ACCEPT, REJECT, or ALL).
MaxAggregationInterval (integer) --
The maximum interval in seconds between the capture of flow log records.
CloudtrailParameters (dict) --
Configuration parameters specific to Amazon Web Services CloudTrail when CloudTrail is the source type.
AdvancedEventSelectors (list) -- [REQUIRED]
The advanced event selectors to use for filtering Amazon Web Services CloudTrail events.
(dict) --
Advanced event selectors let you create fine-grained selectors for management, data, and network activity events.
Name (string) --
An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets".
FieldSelectors (list) -- [REQUIRED]
Contains all selector statements in an advanced event selector.
(dict) --
Defines criteria for selecting resources based on field values.
Field (string) -- [REQUIRED]
The name of the field to use for selection.
Equals (list) --
Matches if the field value equals the specified value.
(string) --
StartsWith (list) --
Matches if the field value starts with the specified value.
(string) --
EndsWith (list) --
Matches if the field value ends with the specified value.
(string) --
NotEquals (list) --
Matches if the field value does not equal the specified value.
(string) --
NotStartsWith (list) --
Matches if the field value does not start with the specified value.
(string) --
NotEndsWith (list) --
Matches if the field value does not end with the specified value.
(string) --
ELBLoadBalancerLoggingParameters (dict) --
Configuration parameters specific to ELB load balancer logging when ELB is the resource type.
OutputFormat (string) --
The format for ELB access log entries (plain text or JSON format).
FieldDelimiter (string) --
The delimiter character used to separate fields in ELB access log entries when using plain text format.
WAFLoggingParameters (dict) --
Configuration parameters specific to WAF logging when WAF is the resource type.
RedactedFields (list) --
The fields to redact from WAF logs to protect sensitive information.
(dict) --
Specifies a field in the request to redact from WAF logs, such as headers, query parameters, or body content.
SingleHeader (dict) --
Redacts a specific header field by name from WAF logs.
Name (string) --
The name value, limited to 64 characters.
UriPath (string) --
Redacts the URI path from WAF logs.
QueryString (string) --
Redacts the entire query string from WAF logs.
Method (string) --
Redacts the HTTP method from WAF logs.
LoggingFilter (dict) --
A filter configuration that determines which WAF log records to include or exclude.
Filters (list) --
A list of filter conditions that determine log record handling behavior.
(dict) --
A single filter condition that specifies behavior, requirement, and matching conditions for WAF log records.
Behavior (string) --
The action to take for log records matching this filter (KEEP or DROP).
Requirement (string) --
Whether the log record must meet all conditions (MEETS_ALL) or any condition (MEETS_ANY) to match this filter.
Conditions (list) --
The list of conditions that determine if a log record matches this filter.
(dict) --
A single condition that can match based on WAF rule action or label name.
ActionCondition (dict) --
Matches log records based on the WAF rule action taken (ALLOW, BLOCK, COUNT, etc.).
Action (string) --
The WAF action to match against (ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT).
LabelNameCondition (dict) --
Matches log records based on WAF rule labels applied to the request.
LabelName (string) --
The label name to match, supporting alphanumeric characters, underscores, hyphens, and colons.
DefaultBehavior (string) --
The default action (KEEP or DROP) for log records that don't match any filter conditions.
LogType (string) --
The type of WAF logs to collect (currently supports WAF_LOGS).
LogDeliveryParameters (dict) --
Configuration parameters specific to Amazon Bedrock AgentCore logging when Amazon Bedrock AgentCore is the resource type.
LogTypes (list) --
The type of log that the source is sending.
(string) --
Scope (string) --
The organizational scope to which the rule applies, specified using accounts or organizational units.
SelectionCriteria (string) --
Criteria for selecting which resources the rule applies to, such as resource tags.
dict
Response Syntax
{
'RuleArn': 'string'
}
Response Structure
(dict) --
RuleArn (string) --
The Amazon Resource Name (ARN) of the updated telemetry rule.
{'Rule': {'DestinationConfiguration': {'LogDeliveryParameters': {'LogTypes': {'ACCESS_LOGS',
'CONNECTION_LOGS',
'SECURITY_FINDING_LOGS'}}},
'ResourceType': {'AWS::BedrockAgentCore::Gateway',
'AWS::BedrockAgentCore::Memory',
'AWS::CloudFront::Distribution',
'AWS::SecurityHub::Hub'}}}
Updates an existing telemetry rule that applies across an Amazon Web Services Organization. This operation can only be called by the organization's management account or a delegated administrator account.
See also: AWS API Documentation
Request Syntax
client.update_telemetry_rule_for_organization(
RuleIdentifier='string',
Rule={
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter'|'AWS::BedrockAgentCore::Gateway'|'AWS::BedrockAgentCore::Memory'|'AWS::SecurityHub::Hub'|'AWS::CloudFront::Distribution',
'TelemetryType': 'Logs'|'Metrics'|'Traces',
'TelemetrySourceTypes': [
'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
],
'DestinationConfiguration': {
'DestinationType': 'cloud-watch-logs',
'DestinationPattern': 'string',
'RetentionInDays': 123,
'VPCFlowLogParameters': {
'LogFormat': 'string',
'TrafficType': 'string',
'MaxAggregationInterval': 123
},
'CloudtrailParameters': {
'AdvancedEventSelectors': [
{
'Name': 'string',
'FieldSelectors': [
{
'Field': 'string',
'Equals': [
'string',
],
'StartsWith': [
'string',
],
'EndsWith': [
'string',
],
'NotEquals': [
'string',
],
'NotStartsWith': [
'string',
],
'NotEndsWith': [
'string',
]
},
]
},
]
},
'ELBLoadBalancerLoggingParameters': {
'OutputFormat': 'plain'|'json',
'FieldDelimiter': 'string'
},
'WAFLoggingParameters': {
'RedactedFields': [
{
'SingleHeader': {
'Name': 'string'
},
'UriPath': 'string',
'QueryString': 'string',
'Method': 'string'
},
],
'LoggingFilter': {
'Filters': [
{
'Behavior': 'KEEP'|'DROP',
'Requirement': 'MEETS_ALL'|'MEETS_ANY',
'Conditions': [
{
'ActionCondition': {
'Action': 'ALLOW'|'BLOCK'|'COUNT'|'CAPTCHA'|'CHALLENGE'|'EXCLUDED_AS_COUNT'
},
'LabelNameCondition': {
'LabelName': 'string'
}
},
]
},
],
'DefaultBehavior': 'KEEP'|'DROP'
},
'LogType': 'WAF_LOGS'
},
'LogDeliveryParameters': {
'LogTypes': [
'APPLICATION_LOGS'|'USAGE_LOGS'|'SECURITY_FINDING_LOGS'|'ACCESS_LOGS'|'CONNECTION_LOGS',
]
}
},
'Scope': 'string',
'SelectionCriteria': 'string'
}
)
string
[REQUIRED]
The identifier (name or ARN) of the organization telemetry rule to update.
dict
[REQUIRED]
The new configuration details for the organization telemetry rule, including resource type, telemetry type, and destination configuration.
ResourceType (string) --
The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC", "AWS::EKS::Cluster", "AWS::WAFv2::WebACL").
TelemetryType (string) -- [REQUIRED]
The type of telemetry to collect (Logs, Metrics, or Traces).
TelemetrySourceTypes (list) --
The specific telemetry source types to configure for the resource, such as VPC_FLOW_LOGS or EKS_AUDIT_LOGS. TelemetrySourceTypes must be correlated with the specific resource type.
(string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
DestinationConfiguration (dict) --
Configuration specifying where and how the telemetry data should be delivered.
DestinationType (string) --
The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").
DestinationPattern (string) --
The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.
RetentionInDays (integer) --
The number of days to retain the telemetry data in the destination.
VPCFlowLogParameters (dict) --
Configuration parameters specific to VPC Flow Logs when VPC is the resource type.
LogFormat (string) --
The format in which VPC Flow Log entries should be logged.
TrafficType (string) --
The type of traffic to log (ACCEPT, REJECT, or ALL).
MaxAggregationInterval (integer) --
The maximum interval in seconds between the capture of flow log records.
CloudtrailParameters (dict) --
Configuration parameters specific to Amazon Web Services CloudTrail when CloudTrail is the source type.
AdvancedEventSelectors (list) -- [REQUIRED]
The advanced event selectors to use for filtering Amazon Web Services CloudTrail events.
(dict) --
Advanced event selectors let you create fine-grained selectors for management, data, and network activity events.
Name (string) --
An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets".
FieldSelectors (list) -- [REQUIRED]
Contains all selector statements in an advanced event selector.
(dict) --
Defines criteria for selecting resources based on field values.
Field (string) -- [REQUIRED]
The name of the field to use for selection.
Equals (list) --
Matches if the field value equals the specified value.
(string) --
StartsWith (list) --
Matches if the field value starts with the specified value.
(string) --
EndsWith (list) --
Matches if the field value ends with the specified value.
(string) --
NotEquals (list) --
Matches if the field value does not equal the specified value.
(string) --
NotStartsWith (list) --
Matches if the field value does not start with the specified value.
(string) --
NotEndsWith (list) --
Matches if the field value does not end with the specified value.
(string) --
ELBLoadBalancerLoggingParameters (dict) --
Configuration parameters specific to ELB load balancer logging when ELB is the resource type.
OutputFormat (string) --
The format for ELB access log entries (plain text or JSON format).
FieldDelimiter (string) --
The delimiter character used to separate fields in ELB access log entries when using plain text format.
WAFLoggingParameters (dict) --
Configuration parameters specific to WAF logging when WAF is the resource type.
RedactedFields (list) --
The fields to redact from WAF logs to protect sensitive information.
(dict) --
Specifies a field in the request to redact from WAF logs, such as headers, query parameters, or body content.
SingleHeader (dict) --
Redacts a specific header field by name from WAF logs.
Name (string) --
The name value, limited to 64 characters.
UriPath (string) --
Redacts the URI path from WAF logs.
QueryString (string) --
Redacts the entire query string from WAF logs.
Method (string) --
Redacts the HTTP method from WAF logs.
LoggingFilter (dict) --
A filter configuration that determines which WAF log records to include or exclude.
Filters (list) --
A list of filter conditions that determine log record handling behavior.
(dict) --
A single filter condition that specifies behavior, requirement, and matching conditions for WAF log records.
Behavior (string) --
The action to take for log records matching this filter (KEEP or DROP).
Requirement (string) --
Whether the log record must meet all conditions (MEETS_ALL) or any condition (MEETS_ANY) to match this filter.
Conditions (list) --
The list of conditions that determine if a log record matches this filter.
(dict) --
A single condition that can match based on WAF rule action or label name.
ActionCondition (dict) --
Matches log records based on the WAF rule action taken (ALLOW, BLOCK, COUNT, etc.).
Action (string) --
The WAF action to match against (ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT).
LabelNameCondition (dict) --
Matches log records based on WAF rule labels applied to the request.
LabelName (string) --
The label name to match, supporting alphanumeric characters, underscores, hyphens, and colons.
DefaultBehavior (string) --
The default action (KEEP or DROP) for log records that don't match any filter conditions.
LogType (string) --
The type of WAF logs to collect (currently supports WAF_LOGS).
LogDeliveryParameters (dict) --
Configuration parameters specific to Amazon Bedrock AgentCore logging when Amazon Bedrock AgentCore is the resource type.
LogTypes (list) --
The type of log that the source is sending.
(string) --
Scope (string) --
The organizational scope to which the rule applies, specified using accounts or organizational units.
SelectionCriteria (string) --
Criteria for selecting which resources the rule applies to, such as resource tags.
dict
Response Syntax
{
'RuleArn': 'string'
}
Response Structure
(dict) --
RuleArn (string) --
The Amazon Resource Name (ARN) of the updated organization telemetry rule.