AWS Resource Groups

2023/01/13 - AWS Resource Groups - 2 new 2 updated api methods

Changes  AWS Resource Groups customers can now turn on Group Lifecycle Events in their AWS account. When you turn this on, Resource Groups monitors your groups for changes to group state or membership. Those changes are sent to Amazon EventBridge as events that you can respond to using rules you create.

GetAccountSettings (new) Link ¶

Retrieves the current status of optional features in Resource Groups.

See also: AWS API Documentation

Request Syntax

client.get_account_settings()
rtype

dict

returns

Response Syntax

{
    'AccountSettings': {
        'GroupLifecycleEventsDesiredStatus': 'ACTIVE'|'INACTIVE',
        'GroupLifecycleEventsStatus': 'ACTIVE'|'INACTIVE'|'IN_PROGRESS'|'ERROR',
        'GroupLifecycleEventsStatusMessage': 'string'
    }
}

Response Structure

  • (dict) --

    • AccountSettings (dict) --

      The current settings for the optional features in Resource Groups.

      • GroupLifecycleEventsDesiredStatus (string) --

        The desired target status of the group lifecycle events feature. If

      • GroupLifecycleEventsStatus (string) --

        The current status of the group lifecycle events feature.

      • GroupLifecycleEventsStatusMessage (string) --

        The text of any error message occurs during an attempt to turn group lifecycle events on or off.

UpdateAccountSettings (new) Link ¶

Turns on or turns off optional features in Resource Groups.

The preceding example shows that the request to turn on group lifecycle events is IN_PROGRESS . You can call the GetAccountSettings operation to check for completion by looking for GroupLifecycleEventsStatus to change to ACTIVE .

See also: AWS API Documentation

Request Syntax

client.update_account_settings(
    GroupLifecycleEventsDesiredStatus='ACTIVE'|'INACTIVE'
)
type GroupLifecycleEventsDesiredStatus

string

param GroupLifecycleEventsDesiredStatus

Specifies whether you want to turn group lifecycle events on or off.

rtype

dict

returns

Response Syntax

{
    'AccountSettings': {
        'GroupLifecycleEventsDesiredStatus': 'ACTIVE'|'INACTIVE',
        'GroupLifecycleEventsStatus': 'ACTIVE'|'INACTIVE'|'IN_PROGRESS'|'ERROR',
        'GroupLifecycleEventsStatusMessage': 'string'
    }
}

Response Structure

  • (dict) --

    • AccountSettings (dict) --

      A structure that displays the status of the optional features in the account.

      • GroupLifecycleEventsDesiredStatus (string) --

        The desired target status of the group lifecycle events feature. If

      • GroupLifecycleEventsStatus (string) --

        The current status of the group lifecycle events feature.

      • GroupLifecycleEventsStatusMessage (string) --

        The text of any error message occurs during an attempt to turn group lifecycle events on or off.

ListGroupResources (updated) Link ¶
Changes (response)
{'QueryErrors': {'ErrorCode': {'CLOUDFORMATION_STACK_UNASSUMABLE_ROLE'}}}

Returns a list of ARNs of the resources that are members of a specified resource group.

Minimum permissions

To run this command, you must have the following permissions:

  • resource-groups:ListGroupResources

  • cloudformation:DescribeStacks

  • cloudformation:ListStackResources

  • tag:GetResources

See also: AWS API Documentation

Request Syntax

client.list_group_resources(
    GroupName='string',
    Group='string',
    Filters=[
        {
            'Name': 'resource-type',
            'Values': [
                'string',
            ]
        },
    ],
    MaxResults=123,
    NextToken='string'
)
type GroupName

string

param GroupName

Warning

  • Deprecated - don't use this parameter. Use the ``Group`` request field instead. *

type Group

string

param Group

The name or the ARN of the resource group

type Filters

list

param Filters

Filters, formatted as ResourceFilter objects, that you want to apply to a ListGroupResources operation. Filters the results to include only those of the specified resource types.

  • resource-type - Filter resources by their type. Specify up to five resource types in the format AWS::ServiceCode::ResourceType . For example, AWS::EC2::Instance , or AWS::S3::Bucket .

When you specify a resource-type filter for ListGroupResources , Resource Groups validates your filter resource types against the types that are defined in the query associated with the group. For example, if a group contains only S3 buckets because its query specifies only that resource type, but your resource-type filter includes EC2 instances, AWS Resource Groups does not filter for EC2 instances. In this case, a ListGroupResources request returns a BadRequestException error with a message similar to the following:

The resource types specified as filters in the request are not valid.

The error includes a list of resource types that failed the validation because they are not part of the query associated with the group. This validation doesn't occur when the group query specifies AWS::AllSupported , because a group based on such a query can contain any of the allowed resource types for the query type (tag-based or Amazon CloudFront stack-based queries).

  • (dict) --

    A filter name and value pair that is used to obtain more specific results from a list of resources.

    • Name (string) -- [REQUIRED]

      The name of the filter. Filter names are case-sensitive.

    • Values (list) -- [REQUIRED]

      One or more filter values. Allowed filter values vary by resource filter name, and are case-sensitive.

      • (string) --

type MaxResults

integer

param MaxResults

The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

type NextToken

string

param NextToken

The parameter for receiving additional results if you receive a NextToken response in a previous request. A NextToken response indicates that more output is available. Set this parameter to the value provided by a previous call's NextToken response to indicate where the output should continue from.

rtype

dict

returns

Response Syntax

{
    'Resources': [
        {
            'Identifier': {
                'ResourceArn': 'string',
                'ResourceType': 'string'
            },
            'Status': {
                'Name': 'PENDING'
            }
        },
    ],
    'ResourceIdentifiers': [
        {
            'ResourceArn': 'string',
            'ResourceType': 'string'
        },
    ],
    'NextToken': 'string',
    'QueryErrors': [
        {
            'ErrorCode': 'CLOUDFORMATION_STACK_INACTIVE'|'CLOUDFORMATION_STACK_NOT_EXISTING'|'CLOUDFORMATION_STACK_UNASSUMABLE_ROLE',
            'Message': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • Resources (list) --

      An array of resources from which you can determine each resource's identity, type, and group membership status.

      • (dict) --

        A structure returned by the ListGroupResources operation that contains identity and group membership status information for one of the resources in the group.

        • Identifier (dict) --

          A structure that contains the ARN of a resource and its resource type.

          • ResourceArn (string) --

            The ARN of a resource.

          • ResourceType (string) --

            The resource type of a resource, such as AWS::EC2::Instance .

        • Status (dict) --

          A structure that contains the status of this resource's membership in the group.

          Note

          This field is present in the response only if the group is of type AWS::EC2::HostManagement .

          • Name (string) --

            The current status.

    • ResourceIdentifiers (list) --

      Warning

      ** Deprecated - don't use this parameter. Use the ``Resources`` response field instead. **

      • (dict) --

        A structure that contains the ARN of a resource and its resource type.

        • ResourceArn (string) --

          The ARN of a resource.

        • ResourceType (string) --

          The resource type of a resource, such as AWS::EC2::Instance .

    • NextToken (string) --

      If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null .

    • QueryErrors (list) --

      A list of QueryError objects. Each error is an object that contains ErrorCode and Message structures. Possible values for ErrorCode are CLOUDFORMATION_STACK_INACTIVE and CLOUDFORMATION_STACK_NOT_EXISTING .

      • (dict) --

        A two-part error structure that can occur in ListGroupResources or SearchResources operations on CloudFront stack-based queries. The error occurs if the CloudFront stack on which the query is based either does not exist, or has a status that renders the stack inactive. A QueryError occurrence does not necessarily mean that Resource Groups could not complete the operation, but the resulting group might have no member resources.

        • ErrorCode (string) --

          Specifies the error code that was raised.

        • Message (string) --

          A message that explains the ErrorCode value. Messages might state that the specified CloudFront stack does not exist (or no longer exists). For CLOUDFORMATION_STACK_INACTIVE , the message typically states that the CloudFront stack has a status that is not (or no longer) active, such as CREATE_FAILED .

SearchResources (updated) Link ¶
Changes (response)
{'QueryErrors': {'ErrorCode': {'CLOUDFORMATION_STACK_UNASSUMABLE_ROLE'}}}

Returns a list of Amazon Web Services resource identifiers that matches the specified query. The query uses the same format as a resource query in a CreateGroup or UpdateGroupQuery operation.

Minimum permissions

To run this command, you must have the following permissions:

  • resource-groups:SearchResources

  • cloudformation:DescribeStacks

  • cloudformation:ListStackResources

  • tag:GetResources

See also: AWS API Documentation

Request Syntax

client.search_resources(
    ResourceQuery={
        'Type': 'TAG_FILTERS_1_0'|'CLOUDFORMATION_STACK_1_0',
        'Query': 'string'
    },
    MaxResults=123,
    NextToken='string'
)
type ResourceQuery

dict

param ResourceQuery

[REQUIRED]

The search query, using the same formats that are supported for resource group definition. For more information, see CreateGroup .

  • Type (string) -- [REQUIRED]

    The type of the query to perform. This can have one of two values:

    • *CLOUDFORMATION_STACK_1_0: * Specifies that you want the group to contain the members of an CloudFormation stack. The Query contains a StackIdentifier element with an ARN for a CloudFormation stack.

    • *TAG_FILTERS_1_0: * Specifies that you want the group to include resource that have tags that match the query.

  • Query (string) -- [REQUIRED]

    The query that defines a group or a search. The contents depends on the value of the Type element.

    • ResourceTypeFilters – Applies to all ResourceQuery objects of either Type . This element contains one of the following two items:

      • The value AWS::AllSupported . This causes the ResourceQuery to match resources of any resource type that also match the query.

      • A list (a JSON array) of resource type identifiers that limit the query to only resources of the specified types. For the complete list of resource types that you can use in the array value for ResourceTypeFilters , see Resources you can use with Resource Groups and Tag Editor in the Resource Groups User Guide .

    Example: "ResourceTypeFilters": ["AWS::AllSupported"] or "ResourceTypeFilters": ["AWS::EC2::Instance", "AWS::S3::Bucket"]

    • TagFilters – applicable only if Type = TAG_FILTERS_1_0 . The Query contains a JSON string that represents a collection of simple tag filters. The JSON string uses a syntax similar to the `` GetResources `` operation, but uses only the `` ResourceTypeFilters `` and `` TagFilters `` fields. If you specify more than one tag key, only resources that match all tag keys, and at least one value of each specified tag key, are returned in your query. If you specify more than one value for a tag key, a resource matches the filter if it has a tag key value that matches any of the specified values. For example, consider the following sample query for resources that have two tags, Stage and Version , with two values each: [{"Stage":["Test","Deploy"]},{"Version":["1","2"]}] The results of this resource query could include the following.

      • An Amazon EC2 instance that has the following two tags: {"Stage":"Deploy"} , and {"Version":"2"}

      • An S3 bucket that has the following two tags: {"Stage":"Test"} , and {"Version":"1"}

    The resource query results would not include the following items in the results, however.

    • An Amazon EC2 instance that has only the following tag: {"Stage":"Deploy"} . The instance does not have all of the tag keys specified in the filter, so it is excluded from the results.

    • An RDS database that has the following two tags: {"Stage":"Archived"} and {"Version":"4"} The database has all of the tag keys, but none of those keys has an associated value that matches at least one of the specified values in the filter.

    Example: "TagFilters": [ { "Key": "Stage", "Values": [ "Gamma", "Beta" ] }

    • StackIdentifier – applicable only if Type = CLOUDFORMATION_STACK_1_0 . The value of this parameter is the Amazon Resource Name (ARN) of the CloudFormation stack whose resources you want included in the group.

type MaxResults

integer

param MaxResults

The total number of results that you want included on each page of the response. If you do not include this parameter, it defaults to a value that is specific to the operation. If additional items exist beyond the maximum you specify, the NextToken response element is present and has a value (is not null). Include that value as the NextToken request parameter in the next call to the operation to get the next part of the results. Note that the service might return fewer results than the maximum even when there are more results available. You should check NextToken after every operation to ensure that you receive all of the results.

type NextToken

string

param NextToken

The parameter for receiving additional results if you receive a NextToken response in a previous request. A NextToken response indicates that more output is available. Set this parameter to the value provided by a previous call's NextToken response to indicate where the output should continue from.

rtype

dict

returns

Response Syntax

{
    'ResourceIdentifiers': [
        {
            'ResourceArn': 'string',
            'ResourceType': 'string'
        },
    ],
    'NextToken': 'string',
    'QueryErrors': [
        {
            'ErrorCode': 'CLOUDFORMATION_STACK_INACTIVE'|'CLOUDFORMATION_STACK_NOT_EXISTING'|'CLOUDFORMATION_STACK_UNASSUMABLE_ROLE',
            'Message': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • ResourceIdentifiers (list) --

      The ARNs and resource types of resources that are members of the group that you specified.

      • (dict) --

        A structure that contains the ARN of a resource and its resource type.

        • ResourceArn (string) --

          The ARN of a resource.

        • ResourceType (string) --

          The resource type of a resource, such as AWS::EC2::Instance .

    • NextToken (string) --

      If present, indicates that more output is available than is included in the current response. Use this value in the NextToken request parameter in a subsequent call to the operation to get the next part of the output. You should repeat this until the NextToken response element comes back as null .

    • QueryErrors (list) --

      A list of QueryError objects. Each error is an object that contains ErrorCode and Message structures.

      Possible values for ErrorCode :

      • CLOUDFORMATION_STACK_INACTIVE

      • CLOUDFORMATION_STACK_NOT_EXISTING

      • (dict) --

        A two-part error structure that can occur in ListGroupResources or SearchResources operations on CloudFront stack-based queries. The error occurs if the CloudFront stack on which the query is based either does not exist, or has a status that renders the stack inactive. A QueryError occurrence does not necessarily mean that Resource Groups could not complete the operation, but the resulting group might have no member resources.

        • ErrorCode (string) --

          Specifies the error code that was raised.

        • Message (string) --

          A message that explains the ErrorCode value. Messages might state that the specified CloudFront stack does not exist (or no longer exists). For CLOUDFORMATION_STACK_INACTIVE , the message typically states that the CloudFront stack has a status that is not (or no longer) active, such as CREATE_FAILED .