2026/04/10 - CloudWatch Observability Admin Service - 8 updated api methods
Changes CloudWatch Observability Admin adds support for multi-region telemetry evaluation and telemetry enablement rules.
{'Rule': {'AllRegions': 'boolean', 'Regions': ['string']}}
Creates a telemetry rule that defines how telemetry should be configured for Amazon Web Services resources in your account. The rule specifies which resources should have telemetry enabled and how that telemetry data should be collected based on resource type, telemetry type, and selection criteria.
See also: AWS API Documentation
Request Syntax
client.create_telemetry_rule(
RuleName='string',
Rule={
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter'|'AWS::BedrockAgentCore::Gateway'|'AWS::BedrockAgentCore::Memory'|'AWS::SecurityHub::Hub'|'AWS::CloudFront::Distribution',
'TelemetryType': 'Logs'|'Metrics'|'Traces',
'TelemetrySourceTypes': [
'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
],
'DestinationConfiguration': {
'DestinationType': 'cloud-watch-logs',
'DestinationPattern': 'string',
'RetentionInDays': 123,
'VPCFlowLogParameters': {
'LogFormat': 'string',
'TrafficType': 'string',
'MaxAggregationInterval': 123
},
'CloudtrailParameters': {
'AdvancedEventSelectors': [
{
'Name': 'string',
'FieldSelectors': [
{
'Field': 'string',
'Equals': [
'string',
],
'StartsWith': [
'string',
],
'EndsWith': [
'string',
],
'NotEquals': [
'string',
],
'NotStartsWith': [
'string',
],
'NotEndsWith': [
'string',
]
},
]
},
]
},
'ELBLoadBalancerLoggingParameters': {
'OutputFormat': 'plain'|'json',
'FieldDelimiter': 'string'
},
'WAFLoggingParameters': {
'RedactedFields': [
{
'SingleHeader': {
'Name': 'string'
},
'UriPath': 'string',
'QueryString': 'string',
'Method': 'string'
},
],
'LoggingFilter': {
'Filters': [
{
'Behavior': 'KEEP'|'DROP',
'Requirement': 'MEETS_ALL'|'MEETS_ANY',
'Conditions': [
{
'ActionCondition': {
'Action': 'ALLOW'|'BLOCK'|'COUNT'|'CAPTCHA'|'CHALLENGE'|'EXCLUDED_AS_COUNT'
},
'LabelNameCondition': {
'LabelName': 'string'
}
},
]
},
],
'DefaultBehavior': 'KEEP'|'DROP'
},
'LogType': 'WAF_LOGS'
},
'LogDeliveryParameters': {
'LogTypes': [
'APPLICATION_LOGS'|'USAGE_LOGS'|'SECURITY_FINDING_LOGS'|'ACCESS_LOGS'|'CONNECTION_LOGS',
]
}
},
'Scope': 'string',
'SelectionCriteria': 'string',
'Regions': [
'string',
],
'AllRegions': True|False
},
Tags={
'string': 'string'
}
)
string
[REQUIRED]
A unique name for the telemetry rule being created.
dict
[REQUIRED]
The configuration details for the telemetry rule, including the resource type, telemetry type, destination configuration, and selection criteria for which resources the rule applies to.
ResourceType (string) --
The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC", "AWS::EKS::Cluster", "AWS::WAFv2::WebACL").
TelemetryType (string) -- [REQUIRED]
The type of telemetry to collect (Logs, Metrics, or Traces).
TelemetrySourceTypes (list) --
The specific telemetry source types to configure for the resource, such as VPC_FLOW_LOGS or EKS_AUDIT_LOGS. TelemetrySourceTypes must be correlated with the specific resource type.
(string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
DestinationConfiguration (dict) --
Configuration specifying where and how the telemetry data should be delivered.
DestinationType (string) --
The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").
DestinationPattern (string) --
The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.
RetentionInDays (integer) --
The number of days to retain the telemetry data in the destination.
VPCFlowLogParameters (dict) --
Configuration parameters specific to VPC Flow Logs when VPC is the resource type.
LogFormat (string) --
The format in which VPC Flow Log entries should be logged.
TrafficType (string) --
The type of traffic to log (ACCEPT, REJECT, or ALL).
MaxAggregationInterval (integer) --
The maximum interval in seconds between the capture of flow log records.
CloudtrailParameters (dict) --
Configuration parameters specific to Amazon Web Services CloudTrail when CloudTrail is the source type.
AdvancedEventSelectors (list) -- [REQUIRED]
The advanced event selectors to use for filtering Amazon Web Services CloudTrail events.
(dict) --
Advanced event selectors let you create fine-grained selectors for management, data, and network activity events.
Name (string) --
An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets".
FieldSelectors (list) -- [REQUIRED]
Contains all selector statements in an advanced event selector.
(dict) --
Defines criteria for selecting resources based on field values.
Field (string) -- [REQUIRED]
The name of the field to use for selection.
Equals (list) --
Matches if the field value equals the specified value.
(string) --
StartsWith (list) --
Matches if the field value starts with the specified value.
(string) --
EndsWith (list) --
Matches if the field value ends with the specified value.
(string) --
NotEquals (list) --
Matches if the field value does not equal the specified value.
(string) --
NotStartsWith (list) --
Matches if the field value does not start with the specified value.
(string) --
NotEndsWith (list) --
Matches if the field value does not end with the specified value.
(string) --
ELBLoadBalancerLoggingParameters (dict) --
Configuration parameters specific to ELB load balancer logging when ELB is the resource type.
OutputFormat (string) --
The format for ELB access log entries (plain text or JSON format).
FieldDelimiter (string) --
The delimiter character used to separate fields in ELB access log entries when using plain text format.
WAFLoggingParameters (dict) --
Configuration parameters specific to WAF logging when WAF is the resource type.
RedactedFields (list) --
The fields to redact from WAF logs to protect sensitive information.
(dict) --
Specifies a field in the request to redact from WAF logs, such as headers, query parameters, or body content.
SingleHeader (dict) --
Redacts a specific header field by name from WAF logs.
Name (string) --
The name value, limited to 64 characters.
UriPath (string) --
Redacts the URI path from WAF logs.
QueryString (string) --
Redacts the entire query string from WAF logs.
Method (string) --
Redacts the HTTP method from WAF logs.
LoggingFilter (dict) --
A filter configuration that determines which WAF log records to include or exclude.
Filters (list) --
A list of filter conditions that determine log record handling behavior.
(dict) --
A single filter condition that specifies behavior, requirement, and matching conditions for WAF log records.
Behavior (string) --
The action to take for log records matching this filter (KEEP or DROP).
Requirement (string) --
Whether the log record must meet all conditions (MEETS_ALL) or any condition (MEETS_ANY) to match this filter.
Conditions (list) --
The list of conditions that determine if a log record matches this filter.
(dict) --
A single condition that can match based on WAF rule action or label name.
ActionCondition (dict) --
Matches log records based on the WAF rule action taken (ALLOW, BLOCK, COUNT, etc.).
Action (string) --
The WAF action to match against (ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT).
LabelNameCondition (dict) --
Matches log records based on WAF rule labels applied to the request.
LabelName (string) --
The label name to match, supporting alphanumeric characters, underscores, hyphens, and colons.
DefaultBehavior (string) --
The default action (KEEP or DROP) for log records that don't match any filter conditions.
LogType (string) --
The type of WAF logs to collect (currently supports WAF_LOGS).
LogDeliveryParameters (dict) --
Configuration parameters specific to Amazon Bedrock AgentCore logging when Amazon Bedrock AgentCore is the resource type.
LogTypes (list) --
The type of log that the source is sending.
(string) --
Scope (string) --
The organizational scope to which the rule applies, specified using accounts or organizational units.
SelectionCriteria (string) --
Criteria for selecting which resources the rule applies to, such as resource tags.
Regions (list) --
An optional list of Amazon Web Services Regions where this telemetry rule should be replicated. When specified, the rule is created in the home region and automatically replicated to all listed regions. Mutually exclusive with AllRegions.
(string) --
AllRegions (boolean) --
If set to true, the telemetry rule is replicated to all Amazon Web Services Regions where Amazon CloudWatch Observability Admin is available in the current partition. When new regions become available, the rule automatically replicates to them. Mutually exclusive with Regions.
dict
The key-value pairs to associate with the telemetry rule resource for categorization and management purposes.
(string) --
(string) --
dict
Response Syntax
{
'RuleArn': 'string'
}
Response Structure
(dict) --
RuleArn (string) --
The Amazon Resource Name (ARN) of the created telemetry rule.
{'Rule': {'AllRegions': 'boolean', 'Regions': ['string']}}
Creates a telemetry rule that applies across an Amazon Web Services Organization. This operation can only be called by the organization's management account or a delegated administrator account.
See also: AWS API Documentation
Request Syntax
client.create_telemetry_rule_for_organization(
RuleName='string',
Rule={
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter'|'AWS::BedrockAgentCore::Gateway'|'AWS::BedrockAgentCore::Memory'|'AWS::SecurityHub::Hub'|'AWS::CloudFront::Distribution',
'TelemetryType': 'Logs'|'Metrics'|'Traces',
'TelemetrySourceTypes': [
'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
],
'DestinationConfiguration': {
'DestinationType': 'cloud-watch-logs',
'DestinationPattern': 'string',
'RetentionInDays': 123,
'VPCFlowLogParameters': {
'LogFormat': 'string',
'TrafficType': 'string',
'MaxAggregationInterval': 123
},
'CloudtrailParameters': {
'AdvancedEventSelectors': [
{
'Name': 'string',
'FieldSelectors': [
{
'Field': 'string',
'Equals': [
'string',
],
'StartsWith': [
'string',
],
'EndsWith': [
'string',
],
'NotEquals': [
'string',
],
'NotStartsWith': [
'string',
],
'NotEndsWith': [
'string',
]
},
]
},
]
},
'ELBLoadBalancerLoggingParameters': {
'OutputFormat': 'plain'|'json',
'FieldDelimiter': 'string'
},
'WAFLoggingParameters': {
'RedactedFields': [
{
'SingleHeader': {
'Name': 'string'
},
'UriPath': 'string',
'QueryString': 'string',
'Method': 'string'
},
],
'LoggingFilter': {
'Filters': [
{
'Behavior': 'KEEP'|'DROP',
'Requirement': 'MEETS_ALL'|'MEETS_ANY',
'Conditions': [
{
'ActionCondition': {
'Action': 'ALLOW'|'BLOCK'|'COUNT'|'CAPTCHA'|'CHALLENGE'|'EXCLUDED_AS_COUNT'
},
'LabelNameCondition': {
'LabelName': 'string'
}
},
]
},
],
'DefaultBehavior': 'KEEP'|'DROP'
},
'LogType': 'WAF_LOGS'
},
'LogDeliveryParameters': {
'LogTypes': [
'APPLICATION_LOGS'|'USAGE_LOGS'|'SECURITY_FINDING_LOGS'|'ACCESS_LOGS'|'CONNECTION_LOGS',
]
}
},
'Scope': 'string',
'SelectionCriteria': 'string',
'Regions': [
'string',
],
'AllRegions': True|False
},
Tags={
'string': 'string'
}
)
string
[REQUIRED]
A unique name for the organization-wide telemetry rule being created.
dict
[REQUIRED]
The configuration details for the organization-wide telemetry rule, including the resource type, telemetry type, destination configuration, and selection criteria for which resources the rule applies to across the organization.
ResourceType (string) --
The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC", "AWS::EKS::Cluster", "AWS::WAFv2::WebACL").
TelemetryType (string) -- [REQUIRED]
The type of telemetry to collect (Logs, Metrics, or Traces).
TelemetrySourceTypes (list) --
The specific telemetry source types to configure for the resource, such as VPC_FLOW_LOGS or EKS_AUDIT_LOGS. TelemetrySourceTypes must be correlated with the specific resource type.
(string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
DestinationConfiguration (dict) --
Configuration specifying where and how the telemetry data should be delivered.
DestinationType (string) --
The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").
DestinationPattern (string) --
The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.
RetentionInDays (integer) --
The number of days to retain the telemetry data in the destination.
VPCFlowLogParameters (dict) --
Configuration parameters specific to VPC Flow Logs when VPC is the resource type.
LogFormat (string) --
The format in which VPC Flow Log entries should be logged.
TrafficType (string) --
The type of traffic to log (ACCEPT, REJECT, or ALL).
MaxAggregationInterval (integer) --
The maximum interval in seconds between the capture of flow log records.
CloudtrailParameters (dict) --
Configuration parameters specific to Amazon Web Services CloudTrail when CloudTrail is the source type.
AdvancedEventSelectors (list) -- [REQUIRED]
The advanced event selectors to use for filtering Amazon Web Services CloudTrail events.
(dict) --
Advanced event selectors let you create fine-grained selectors for management, data, and network activity events.
Name (string) --
An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets".
FieldSelectors (list) -- [REQUIRED]
Contains all selector statements in an advanced event selector.
(dict) --
Defines criteria for selecting resources based on field values.
Field (string) -- [REQUIRED]
The name of the field to use for selection.
Equals (list) --
Matches if the field value equals the specified value.
(string) --
StartsWith (list) --
Matches if the field value starts with the specified value.
(string) --
EndsWith (list) --
Matches if the field value ends with the specified value.
(string) --
NotEquals (list) --
Matches if the field value does not equal the specified value.
(string) --
NotStartsWith (list) --
Matches if the field value does not start with the specified value.
(string) --
NotEndsWith (list) --
Matches if the field value does not end with the specified value.
(string) --
ELBLoadBalancerLoggingParameters (dict) --
Configuration parameters specific to ELB load balancer logging when ELB is the resource type.
OutputFormat (string) --
The format for ELB access log entries (plain text or JSON format).
FieldDelimiter (string) --
The delimiter character used to separate fields in ELB access log entries when using plain text format.
WAFLoggingParameters (dict) --
Configuration parameters specific to WAF logging when WAF is the resource type.
RedactedFields (list) --
The fields to redact from WAF logs to protect sensitive information.
(dict) --
Specifies a field in the request to redact from WAF logs, such as headers, query parameters, or body content.
SingleHeader (dict) --
Redacts a specific header field by name from WAF logs.
Name (string) --
The name value, limited to 64 characters.
UriPath (string) --
Redacts the URI path from WAF logs.
QueryString (string) --
Redacts the entire query string from WAF logs.
Method (string) --
Redacts the HTTP method from WAF logs.
LoggingFilter (dict) --
A filter configuration that determines which WAF log records to include or exclude.
Filters (list) --
A list of filter conditions that determine log record handling behavior.
(dict) --
A single filter condition that specifies behavior, requirement, and matching conditions for WAF log records.
Behavior (string) --
The action to take for log records matching this filter (KEEP or DROP).
Requirement (string) --
Whether the log record must meet all conditions (MEETS_ALL) or any condition (MEETS_ANY) to match this filter.
Conditions (list) --
The list of conditions that determine if a log record matches this filter.
(dict) --
A single condition that can match based on WAF rule action or label name.
ActionCondition (dict) --
Matches log records based on the WAF rule action taken (ALLOW, BLOCK, COUNT, etc.).
Action (string) --
The WAF action to match against (ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT).
LabelNameCondition (dict) --
Matches log records based on WAF rule labels applied to the request.
LabelName (string) --
The label name to match, supporting alphanumeric characters, underscores, hyphens, and colons.
DefaultBehavior (string) --
The default action (KEEP or DROP) for log records that don't match any filter conditions.
LogType (string) --
The type of WAF logs to collect (currently supports WAF_LOGS).
LogDeliveryParameters (dict) --
Configuration parameters specific to Amazon Bedrock AgentCore logging when Amazon Bedrock AgentCore is the resource type.
LogTypes (list) --
The type of log that the source is sending.
(string) --
Scope (string) --
The organizational scope to which the rule applies, specified using accounts or organizational units.
SelectionCriteria (string) --
Criteria for selecting which resources the rule applies to, such as resource tags.
Regions (list) --
An optional list of Amazon Web Services Regions where this telemetry rule should be replicated. When specified, the rule is created in the home region and automatically replicated to all listed regions. Mutually exclusive with AllRegions.
(string) --
AllRegions (boolean) --
If set to true, the telemetry rule is replicated to all Amazon Web Services Regions where Amazon CloudWatch Observability Admin is available in the current partition. When new regions become available, the rule automatically replicates to them. Mutually exclusive with Regions.
dict
The key-value pairs to associate with the organization telemetry rule resource for categorization and management purposes.
(string) --
(string) --
dict
Response Syntax
{
'RuleArn': 'string'
}
Response Structure
(dict) --
RuleArn (string) --
The Amazon Resource Name (ARN) of the created organization telemetry rule.
{'HomeRegion': 'string',
'RegionStatuses': [{'FailureReason': 'string',
'Region': 'string',
'RuleArn': 'string',
'Status': 'string'}]}
Returns the current onboarding status of the telemetry config feature, including the status of the feature and reason the feature failed to start or stop.
See also: AWS API Documentation
Request Syntax
client.get_telemetry_evaluation_status()
dict
Response Syntax
{
'Status': 'NOT_STARTED'|'STARTING'|'FAILED_START'|'RUNNING'|'STOPPING'|'FAILED_STOP'|'STOPPED',
'FailureReason': 'string',
'HomeRegion': 'string',
'RegionStatuses': [
{
'Region': 'string',
'Status': 'string',
'FailureReason': 'string',
'RuleArn': 'string'
},
]
}
Response Structure
(dict) --
Status (string) --
The onboarding status of the telemetry config feature.
FailureReason (string) --
Describes the reason for the failure status. The field will only be populated if Status is FAILED_START or FAILED_STOP.
HomeRegion (string) --
The Amazon Web Services Region that is designated as the home region for multi-region telemetry evaluation. The home region is the single management point for all multi-region operations on this account. This field is only present when multi-region telemetry evaluation is active.
RegionStatuses (list) --
A list of per-region telemetry evaluation statuses. Each entry indicates the evaluation status for a specific spoke region included in the multi-region configuration. This field is only present when multi-region telemetry evaluation is active.
(dict) --
Represents the status of a multi-region operation in a specific Amazon Web Services Region. This structure is used to report per-region progress for both telemetry evaluation and telemetry rule replication.
Region (string) --
The Amazon Web Services Region code (for example, eu-west-1 or us-west-2) that this status applies to.
Status (string) --
The status of the operation in this region. For telemetry evaluation, valid values include STARTING, RUNNING, and FAILED_START. For telemetry rules, valid values include PENDING, ACTIVE, and FAILED.
FailureReason (string) --
The reason for a failure status in this region. This field is only populated when Status indicates a failure.
RuleArn (string) --
The Amazon Resource Name (ARN) of the telemetry rule in this spoke region. This field is only present for telemetry rule region statuses and is populated when the rule has been successfully created in the spoke region (status is ACTIVE).
{'HomeRegion': 'string',
'RegionStatuses': [{'FailureReason': 'string',
'Region': 'string',
'RuleArn': 'string',
'Status': 'string'}]}
This returns the onboarding status of the telemetry configuration feature for the organization. It can only be called by a Management Account of an Amazon Web Services Organization or an assigned Delegated Admin Account of Amazon CloudWatch telemetry config.
See also: AWS API Documentation
Request Syntax
client.get_telemetry_evaluation_status_for_organization()
dict
Response Syntax
{
'Status': 'NOT_STARTED'|'STARTING'|'FAILED_START'|'RUNNING'|'STOPPING'|'FAILED_STOP'|'STOPPED',
'FailureReason': 'string',
'HomeRegion': 'string',
'RegionStatuses': [
{
'Region': 'string',
'Status': 'string',
'FailureReason': 'string',
'RuleArn': 'string'
},
]
}
Response Structure
(dict) --
Status (string) --
The onboarding status of the telemetry config feature for the organization.
FailureReason (string) --
This field describes the reason for the failure status. The field will only be populated if Status is FAILED_START or FAILED_STOP.
HomeRegion (string) --
The Amazon Web Services Region that is designated as the home region for multi-region telemetry evaluation for the organization. The home region is the single management point for all multi-region operations on this organization. This field is only present when multi-region telemetry evaluation is active.
RegionStatuses (list) --
A list of per-region telemetry evaluation statuses for the organization. Each entry indicates the evaluation status for a specific spoke region included in the multi-region configuration. This field is only present when multi-region telemetry evaluation is active.
(dict) --
Represents the status of a multi-region operation in a specific Amazon Web Services Region. This structure is used to report per-region progress for both telemetry evaluation and telemetry rule replication.
Region (string) --
The Amazon Web Services Region code (for example, eu-west-1 or us-west-2) that this status applies to.
Status (string) --
The status of the operation in this region. For telemetry evaluation, valid values include STARTING, RUNNING, and FAILED_START. For telemetry rules, valid values include PENDING, ACTIVE, and FAILED.
FailureReason (string) --
The reason for a failure status in this region. This field is only populated when Status indicates a failure.
RuleArn (string) --
The Amazon Resource Name (ARN) of the telemetry rule in this spoke region. This field is only present for telemetry rule region statuses and is populated when the rule has been successfully created in the spoke region (status is ACTIVE).
{'HomeRegion': 'string',
'IsReplicated': 'boolean',
'RegionStatuses': [{'FailureReason': 'string',
'Region': 'string',
'RuleArn': 'string',
'Status': 'string'}],
'TelemetryRule': {'AllRegions': 'boolean', 'Regions': ['string']}}
Retrieves the details of a specific telemetry rule in your account.
See also: AWS API Documentation
Request Syntax
client.get_telemetry_rule(
RuleIdentifier='string'
)
string
[REQUIRED]
The identifier (name or ARN) of the telemetry rule to retrieve.
dict
Response Syntax
{
'RuleName': 'string',
'RuleArn': 'string',
'CreatedTimeStamp': 123,
'LastUpdateTimeStamp': 123,
'TelemetryRule': {
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter'|'AWS::BedrockAgentCore::Gateway'|'AWS::BedrockAgentCore::Memory'|'AWS::SecurityHub::Hub'|'AWS::CloudFront::Distribution',
'TelemetryType': 'Logs'|'Metrics'|'Traces',
'TelemetrySourceTypes': [
'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
],
'DestinationConfiguration': {
'DestinationType': 'cloud-watch-logs',
'DestinationPattern': 'string',
'RetentionInDays': 123,
'VPCFlowLogParameters': {
'LogFormat': 'string',
'TrafficType': 'string',
'MaxAggregationInterval': 123
},
'CloudtrailParameters': {
'AdvancedEventSelectors': [
{
'Name': 'string',
'FieldSelectors': [
{
'Field': 'string',
'Equals': [
'string',
],
'StartsWith': [
'string',
],
'EndsWith': [
'string',
],
'NotEquals': [
'string',
],
'NotStartsWith': [
'string',
],
'NotEndsWith': [
'string',
]
},
]
},
]
},
'ELBLoadBalancerLoggingParameters': {
'OutputFormat': 'plain'|'json',
'FieldDelimiter': 'string'
},
'WAFLoggingParameters': {
'RedactedFields': [
{
'SingleHeader': {
'Name': 'string'
},
'UriPath': 'string',
'QueryString': 'string',
'Method': 'string'
},
],
'LoggingFilter': {
'Filters': [
{
'Behavior': 'KEEP'|'DROP',
'Requirement': 'MEETS_ALL'|'MEETS_ANY',
'Conditions': [
{
'ActionCondition': {
'Action': 'ALLOW'|'BLOCK'|'COUNT'|'CAPTCHA'|'CHALLENGE'|'EXCLUDED_AS_COUNT'
},
'LabelNameCondition': {
'LabelName': 'string'
}
},
]
},
],
'DefaultBehavior': 'KEEP'|'DROP'
},
'LogType': 'WAF_LOGS'
},
'LogDeliveryParameters': {
'LogTypes': [
'APPLICATION_LOGS'|'USAGE_LOGS'|'SECURITY_FINDING_LOGS'|'ACCESS_LOGS'|'CONNECTION_LOGS',
]
}
},
'Scope': 'string',
'SelectionCriteria': 'string',
'Regions': [
'string',
],
'AllRegions': True|False
},
'HomeRegion': 'string',
'IsReplicated': True|False,
'RegionStatuses': [
{
'Region': 'string',
'Status': 'string',
'FailureReason': 'string',
'RuleArn': 'string'
},
]
}
Response Structure
(dict) --
RuleName (string) --
The name of the telemetry rule.
RuleArn (string) --
The Amazon Resource Name (ARN) of the telemetry rule.
CreatedTimeStamp (integer) --
The timestamp when the telemetry rule was created.
LastUpdateTimeStamp (integer) --
The timestamp when the telemetry rule was last updated.
TelemetryRule (dict) --
The configuration details of the telemetry rule.
ResourceType (string) --
The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC", "AWS::EKS::Cluster", "AWS::WAFv2::WebACL").
TelemetryType (string) --
The type of telemetry to collect (Logs, Metrics, or Traces).
TelemetrySourceTypes (list) --
The specific telemetry source types to configure for the resource, such as VPC_FLOW_LOGS or EKS_AUDIT_LOGS. TelemetrySourceTypes must be correlated with the specific resource type.
(string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
DestinationConfiguration (dict) --
Configuration specifying where and how the telemetry data should be delivered.
DestinationType (string) --
The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").
DestinationPattern (string) --
The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.
RetentionInDays (integer) --
The number of days to retain the telemetry data in the destination.
VPCFlowLogParameters (dict) --
Configuration parameters specific to VPC Flow Logs when VPC is the resource type.
LogFormat (string) --
The format in which VPC Flow Log entries should be logged.
TrafficType (string) --
The type of traffic to log (ACCEPT, REJECT, or ALL).
MaxAggregationInterval (integer) --
The maximum interval in seconds between the capture of flow log records.
CloudtrailParameters (dict) --
Configuration parameters specific to Amazon Web Services CloudTrail when CloudTrail is the source type.
AdvancedEventSelectors (list) --
The advanced event selectors to use for filtering Amazon Web Services CloudTrail events.
(dict) --
Advanced event selectors let you create fine-grained selectors for management, data, and network activity events.
Name (string) --
An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets".
FieldSelectors (list) --
Contains all selector statements in an advanced event selector.
(dict) --
Defines criteria for selecting resources based on field values.
Field (string) --
The name of the field to use for selection.
Equals (list) --
Matches if the field value equals the specified value.
(string) --
StartsWith (list) --
Matches if the field value starts with the specified value.
(string) --
EndsWith (list) --
Matches if the field value ends with the specified value.
(string) --
NotEquals (list) --
Matches if the field value does not equal the specified value.
(string) --
NotStartsWith (list) --
Matches if the field value does not start with the specified value.
(string) --
NotEndsWith (list) --
Matches if the field value does not end with the specified value.
(string) --
ELBLoadBalancerLoggingParameters (dict) --
Configuration parameters specific to ELB load balancer logging when ELB is the resource type.
OutputFormat (string) --
The format for ELB access log entries (plain text or JSON format).
FieldDelimiter (string) --
The delimiter character used to separate fields in ELB access log entries when using plain text format.
WAFLoggingParameters (dict) --
Configuration parameters specific to WAF logging when WAF is the resource type.
RedactedFields (list) --
The fields to redact from WAF logs to protect sensitive information.
(dict) --
Specifies a field in the request to redact from WAF logs, such as headers, query parameters, or body content.
SingleHeader (dict) --
Redacts a specific header field by name from WAF logs.
Name (string) --
The name value, limited to 64 characters.
UriPath (string) --
Redacts the URI path from WAF logs.
QueryString (string) --
Redacts the entire query string from WAF logs.
Method (string) --
Redacts the HTTP method from WAF logs.
LoggingFilter (dict) --
A filter configuration that determines which WAF log records to include or exclude.
Filters (list) --
A list of filter conditions that determine log record handling behavior.
(dict) --
A single filter condition that specifies behavior, requirement, and matching conditions for WAF log records.
Behavior (string) --
The action to take for log records matching this filter (KEEP or DROP).
Requirement (string) --
Whether the log record must meet all conditions (MEETS_ALL) or any condition (MEETS_ANY) to match this filter.
Conditions (list) --
The list of conditions that determine if a log record matches this filter.
(dict) --
A single condition that can match based on WAF rule action or label name.
ActionCondition (dict) --
Matches log records based on the WAF rule action taken (ALLOW, BLOCK, COUNT, etc.).
Action (string) --
The WAF action to match against (ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT).
LabelNameCondition (dict) --
Matches log records based on WAF rule labels applied to the request.
LabelName (string) --
The label name to match, supporting alphanumeric characters, underscores, hyphens, and colons.
DefaultBehavior (string) --
The default action (KEEP or DROP) for log records that don't match any filter conditions.
LogType (string) --
The type of WAF logs to collect (currently supports WAF_LOGS).
LogDeliveryParameters (dict) --
Configuration parameters specific to Amazon Bedrock AgentCore logging when Amazon Bedrock AgentCore is the resource type.
LogTypes (list) --
The type of log that the source is sending.
(string) --
Scope (string) --
The organizational scope to which the rule applies, specified using accounts or organizational units.
SelectionCriteria (string) --
Criteria for selecting which resources the rule applies to, such as resource tags.
Regions (list) --
An optional list of Amazon Web Services Regions where this telemetry rule should be replicated. When specified, the rule is created in the home region and automatically replicated to all listed regions. Mutually exclusive with AllRegions.
(string) --
AllRegions (boolean) --
If set to true, the telemetry rule is replicated to all Amazon Web Services Regions where Amazon CloudWatch Observability Admin is available in the current partition. When new regions become available, the rule automatically replicates to them. Mutually exclusive with Regions.
HomeRegion (string) --
The Amazon Web Services Region where the telemetry rule was originally created. For replicated rules in spoke regions, this indicates the region that manages the rule. For rules created without multi-region scope, this field is not present.
IsReplicated (boolean) --
Indicates whether this telemetry rule is a replica that was created in this region through multi-region fan-out from the home region. Replicated rules cannot be directly updated or deleted in the spoke region. To modify a replicated rule, make changes in the home region.
RegionStatuses (list) --
A list of per-region replication statuses for the telemetry rule. Each entry indicates the replication status of the rule in a specific spoke region. This field is only present for rules created with multi-region scope.
(dict) --
Represents the status of a multi-region operation in a specific Amazon Web Services Region. This structure is used to report per-region progress for both telemetry evaluation and telemetry rule replication.
Region (string) --
The Amazon Web Services Region code (for example, eu-west-1 or us-west-2) that this status applies to.
Status (string) --
The status of the operation in this region. For telemetry evaluation, valid values include STARTING, RUNNING, and FAILED_START. For telemetry rules, valid values include PENDING, ACTIVE, and FAILED.
FailureReason (string) --
The reason for a failure status in this region. This field is only populated when Status indicates a failure.
RuleArn (string) --
The Amazon Resource Name (ARN) of the telemetry rule in this spoke region. This field is only present for telemetry rule region statuses and is populated when the rule has been successfully created in the spoke region (status is ACTIVE).
{'HomeRegion': 'string',
'IsReplicated': 'boolean',
'RegionStatuses': [{'FailureReason': 'string',
'Region': 'string',
'RuleArn': 'string',
'Status': 'string'}],
'TelemetryRule': {'AllRegions': 'boolean', 'Regions': ['string']}}
Retrieves the details of a specific organization telemetry rule. This operation can only be called by the organization's management account or a delegated administrator account.
See also: AWS API Documentation
Request Syntax
client.get_telemetry_rule_for_organization(
RuleIdentifier='string'
)
string
[REQUIRED]
The identifier (name or ARN) of the organization telemetry rule to retrieve.
dict
Response Syntax
{
'RuleName': 'string',
'RuleArn': 'string',
'CreatedTimeStamp': 123,
'LastUpdateTimeStamp': 123,
'TelemetryRule': {
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter'|'AWS::BedrockAgentCore::Gateway'|'AWS::BedrockAgentCore::Memory'|'AWS::SecurityHub::Hub'|'AWS::CloudFront::Distribution',
'TelemetryType': 'Logs'|'Metrics'|'Traces',
'TelemetrySourceTypes': [
'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
],
'DestinationConfiguration': {
'DestinationType': 'cloud-watch-logs',
'DestinationPattern': 'string',
'RetentionInDays': 123,
'VPCFlowLogParameters': {
'LogFormat': 'string',
'TrafficType': 'string',
'MaxAggregationInterval': 123
},
'CloudtrailParameters': {
'AdvancedEventSelectors': [
{
'Name': 'string',
'FieldSelectors': [
{
'Field': 'string',
'Equals': [
'string',
],
'StartsWith': [
'string',
],
'EndsWith': [
'string',
],
'NotEquals': [
'string',
],
'NotStartsWith': [
'string',
],
'NotEndsWith': [
'string',
]
},
]
},
]
},
'ELBLoadBalancerLoggingParameters': {
'OutputFormat': 'plain'|'json',
'FieldDelimiter': 'string'
},
'WAFLoggingParameters': {
'RedactedFields': [
{
'SingleHeader': {
'Name': 'string'
},
'UriPath': 'string',
'QueryString': 'string',
'Method': 'string'
},
],
'LoggingFilter': {
'Filters': [
{
'Behavior': 'KEEP'|'DROP',
'Requirement': 'MEETS_ALL'|'MEETS_ANY',
'Conditions': [
{
'ActionCondition': {
'Action': 'ALLOW'|'BLOCK'|'COUNT'|'CAPTCHA'|'CHALLENGE'|'EXCLUDED_AS_COUNT'
},
'LabelNameCondition': {
'LabelName': 'string'
}
},
]
},
],
'DefaultBehavior': 'KEEP'|'DROP'
},
'LogType': 'WAF_LOGS'
},
'LogDeliveryParameters': {
'LogTypes': [
'APPLICATION_LOGS'|'USAGE_LOGS'|'SECURITY_FINDING_LOGS'|'ACCESS_LOGS'|'CONNECTION_LOGS',
]
}
},
'Scope': 'string',
'SelectionCriteria': 'string',
'Regions': [
'string',
],
'AllRegions': True|False
},
'HomeRegion': 'string',
'IsReplicated': True|False,
'RegionStatuses': [
{
'Region': 'string',
'Status': 'string',
'FailureReason': 'string',
'RuleArn': 'string'
},
]
}
Response Structure
(dict) --
RuleName (string) --
The name of the organization telemetry rule.
RuleArn (string) --
The Amazon Resource Name (ARN) of the organization telemetry rule.
CreatedTimeStamp (integer) --
The timestamp when the organization telemetry rule was created.
LastUpdateTimeStamp (integer) --
The timestamp when the organization telemetry rule was last updated.
TelemetryRule (dict) --
The configuration details of the organization telemetry rule.
ResourceType (string) --
The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC", "AWS::EKS::Cluster", "AWS::WAFv2::WebACL").
TelemetryType (string) --
The type of telemetry to collect (Logs, Metrics, or Traces).
TelemetrySourceTypes (list) --
The specific telemetry source types to configure for the resource, such as VPC_FLOW_LOGS or EKS_AUDIT_LOGS. TelemetrySourceTypes must be correlated with the specific resource type.
(string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
DestinationConfiguration (dict) --
Configuration specifying where and how the telemetry data should be delivered.
DestinationType (string) --
The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").
DestinationPattern (string) --
The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.
RetentionInDays (integer) --
The number of days to retain the telemetry data in the destination.
VPCFlowLogParameters (dict) --
Configuration parameters specific to VPC Flow Logs when VPC is the resource type.
LogFormat (string) --
The format in which VPC Flow Log entries should be logged.
TrafficType (string) --
The type of traffic to log (ACCEPT, REJECT, or ALL).
MaxAggregationInterval (integer) --
The maximum interval in seconds between the capture of flow log records.
CloudtrailParameters (dict) --
Configuration parameters specific to Amazon Web Services CloudTrail when CloudTrail is the source type.
AdvancedEventSelectors (list) --
The advanced event selectors to use for filtering Amazon Web Services CloudTrail events.
(dict) --
Advanced event selectors let you create fine-grained selectors for management, data, and network activity events.
Name (string) --
An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets".
FieldSelectors (list) --
Contains all selector statements in an advanced event selector.
(dict) --
Defines criteria for selecting resources based on field values.
Field (string) --
The name of the field to use for selection.
Equals (list) --
Matches if the field value equals the specified value.
(string) --
StartsWith (list) --
Matches if the field value starts with the specified value.
(string) --
EndsWith (list) --
Matches if the field value ends with the specified value.
(string) --
NotEquals (list) --
Matches if the field value does not equal the specified value.
(string) --
NotStartsWith (list) --
Matches if the field value does not start with the specified value.
(string) --
NotEndsWith (list) --
Matches if the field value does not end with the specified value.
(string) --
ELBLoadBalancerLoggingParameters (dict) --
Configuration parameters specific to ELB load balancer logging when ELB is the resource type.
OutputFormat (string) --
The format for ELB access log entries (plain text or JSON format).
FieldDelimiter (string) --
The delimiter character used to separate fields in ELB access log entries when using plain text format.
WAFLoggingParameters (dict) --
Configuration parameters specific to WAF logging when WAF is the resource type.
RedactedFields (list) --
The fields to redact from WAF logs to protect sensitive information.
(dict) --
Specifies a field in the request to redact from WAF logs, such as headers, query parameters, or body content.
SingleHeader (dict) --
Redacts a specific header field by name from WAF logs.
Name (string) --
The name value, limited to 64 characters.
UriPath (string) --
Redacts the URI path from WAF logs.
QueryString (string) --
Redacts the entire query string from WAF logs.
Method (string) --
Redacts the HTTP method from WAF logs.
LoggingFilter (dict) --
A filter configuration that determines which WAF log records to include or exclude.
Filters (list) --
A list of filter conditions that determine log record handling behavior.
(dict) --
A single filter condition that specifies behavior, requirement, and matching conditions for WAF log records.
Behavior (string) --
The action to take for log records matching this filter (KEEP or DROP).
Requirement (string) --
Whether the log record must meet all conditions (MEETS_ALL) or any condition (MEETS_ANY) to match this filter.
Conditions (list) --
The list of conditions that determine if a log record matches this filter.
(dict) --
A single condition that can match based on WAF rule action or label name.
ActionCondition (dict) --
Matches log records based on the WAF rule action taken (ALLOW, BLOCK, COUNT, etc.).
Action (string) --
The WAF action to match against (ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT).
LabelNameCondition (dict) --
Matches log records based on WAF rule labels applied to the request.
LabelName (string) --
The label name to match, supporting alphanumeric characters, underscores, hyphens, and colons.
DefaultBehavior (string) --
The default action (KEEP or DROP) for log records that don't match any filter conditions.
LogType (string) --
The type of WAF logs to collect (currently supports WAF_LOGS).
LogDeliveryParameters (dict) --
Configuration parameters specific to Amazon Bedrock AgentCore logging when Amazon Bedrock AgentCore is the resource type.
LogTypes (list) --
The type of log that the source is sending.
(string) --
Scope (string) --
The organizational scope to which the rule applies, specified using accounts or organizational units.
SelectionCriteria (string) --
Criteria for selecting which resources the rule applies to, such as resource tags.
Regions (list) --
An optional list of Amazon Web Services Regions where this telemetry rule should be replicated. When specified, the rule is created in the home region and automatically replicated to all listed regions. Mutually exclusive with AllRegions.
(string) --
AllRegions (boolean) --
If set to true, the telemetry rule is replicated to all Amazon Web Services Regions where Amazon CloudWatch Observability Admin is available in the current partition. When new regions become available, the rule automatically replicates to them. Mutually exclusive with Regions.
HomeRegion (string) --
The Amazon Web Services Region where the organization telemetry rule was originally created. For replicated rules in spoke regions, this indicates the region that manages the rule. For rules created without multi-region scope, this field is not present.
IsReplicated (boolean) --
Indicates whether this organization telemetry rule is a replica that was created in this region through multi-region fan-out from the home region. Replicated rules cannot be directly updated or deleted in the spoke region. To modify a replicated rule, make changes in the home region.
RegionStatuses (list) --
A list of per-region replication statuses for the organization telemetry rule. Each entry indicates the replication status of the rule in a specific spoke region. This field is only present for rules created with multi-region scope.
(dict) --
Represents the status of a multi-region operation in a specific Amazon Web Services Region. This structure is used to report per-region progress for both telemetry evaluation and telemetry rule replication.
Region (string) --
The Amazon Web Services Region code (for example, eu-west-1 or us-west-2) that this status applies to.
Status (string) --
The status of the operation in this region. For telemetry evaluation, valid values include STARTING, RUNNING, and FAILED_START. For telemetry rules, valid values include PENDING, ACTIVE, and FAILED.
FailureReason (string) --
The reason for a failure status in this region. This field is only populated when Status indicates a failure.
RuleArn (string) --
The Amazon Resource Name (ARN) of the telemetry rule in this spoke region. This field is only present for telemetry rule region statuses and is populated when the rule has been successfully created in the spoke region (status is ACTIVE).
{'Rule': {'AllRegions': 'boolean', 'Regions': ['string']}}
Updates an existing telemetry rule in your account. If multiple users attempt to modify the same telemetry rule simultaneously, a ConflictException is returned to provide specific error information for concurrent modification scenarios.
See also: AWS API Documentation
Request Syntax
client.update_telemetry_rule(
RuleIdentifier='string',
Rule={
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter'|'AWS::BedrockAgentCore::Gateway'|'AWS::BedrockAgentCore::Memory'|'AWS::SecurityHub::Hub'|'AWS::CloudFront::Distribution',
'TelemetryType': 'Logs'|'Metrics'|'Traces',
'TelemetrySourceTypes': [
'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
],
'DestinationConfiguration': {
'DestinationType': 'cloud-watch-logs',
'DestinationPattern': 'string',
'RetentionInDays': 123,
'VPCFlowLogParameters': {
'LogFormat': 'string',
'TrafficType': 'string',
'MaxAggregationInterval': 123
},
'CloudtrailParameters': {
'AdvancedEventSelectors': [
{
'Name': 'string',
'FieldSelectors': [
{
'Field': 'string',
'Equals': [
'string',
],
'StartsWith': [
'string',
],
'EndsWith': [
'string',
],
'NotEquals': [
'string',
],
'NotStartsWith': [
'string',
],
'NotEndsWith': [
'string',
]
},
]
},
]
},
'ELBLoadBalancerLoggingParameters': {
'OutputFormat': 'plain'|'json',
'FieldDelimiter': 'string'
},
'WAFLoggingParameters': {
'RedactedFields': [
{
'SingleHeader': {
'Name': 'string'
},
'UriPath': 'string',
'QueryString': 'string',
'Method': 'string'
},
],
'LoggingFilter': {
'Filters': [
{
'Behavior': 'KEEP'|'DROP',
'Requirement': 'MEETS_ALL'|'MEETS_ANY',
'Conditions': [
{
'ActionCondition': {
'Action': 'ALLOW'|'BLOCK'|'COUNT'|'CAPTCHA'|'CHALLENGE'|'EXCLUDED_AS_COUNT'
},
'LabelNameCondition': {
'LabelName': 'string'
}
},
]
},
],
'DefaultBehavior': 'KEEP'|'DROP'
},
'LogType': 'WAF_LOGS'
},
'LogDeliveryParameters': {
'LogTypes': [
'APPLICATION_LOGS'|'USAGE_LOGS'|'SECURITY_FINDING_LOGS'|'ACCESS_LOGS'|'CONNECTION_LOGS',
]
}
},
'Scope': 'string',
'SelectionCriteria': 'string',
'Regions': [
'string',
],
'AllRegions': True|False
}
)
string
[REQUIRED]
The identifier (name or ARN) of the telemetry rule to update.
dict
[REQUIRED]
The new configuration details for the telemetry rule.
ResourceType (string) --
The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC", "AWS::EKS::Cluster", "AWS::WAFv2::WebACL").
TelemetryType (string) -- [REQUIRED]
The type of telemetry to collect (Logs, Metrics, or Traces).
TelemetrySourceTypes (list) --
The specific telemetry source types to configure for the resource, such as VPC_FLOW_LOGS or EKS_AUDIT_LOGS. TelemetrySourceTypes must be correlated with the specific resource type.
(string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
DestinationConfiguration (dict) --
Configuration specifying where and how the telemetry data should be delivered.
DestinationType (string) --
The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").
DestinationPattern (string) --
The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.
RetentionInDays (integer) --
The number of days to retain the telemetry data in the destination.
VPCFlowLogParameters (dict) --
Configuration parameters specific to VPC Flow Logs when VPC is the resource type.
LogFormat (string) --
The format in which VPC Flow Log entries should be logged.
TrafficType (string) --
The type of traffic to log (ACCEPT, REJECT, or ALL).
MaxAggregationInterval (integer) --
The maximum interval in seconds between the capture of flow log records.
CloudtrailParameters (dict) --
Configuration parameters specific to Amazon Web Services CloudTrail when CloudTrail is the source type.
AdvancedEventSelectors (list) -- [REQUIRED]
The advanced event selectors to use for filtering Amazon Web Services CloudTrail events.
(dict) --
Advanced event selectors let you create fine-grained selectors for management, data, and network activity events.
Name (string) --
An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets".
FieldSelectors (list) -- [REQUIRED]
Contains all selector statements in an advanced event selector.
(dict) --
Defines criteria for selecting resources based on field values.
Field (string) -- [REQUIRED]
The name of the field to use for selection.
Equals (list) --
Matches if the field value equals the specified value.
(string) --
StartsWith (list) --
Matches if the field value starts with the specified value.
(string) --
EndsWith (list) --
Matches if the field value ends with the specified value.
(string) --
NotEquals (list) --
Matches if the field value does not equal the specified value.
(string) --
NotStartsWith (list) --
Matches if the field value does not start with the specified value.
(string) --
NotEndsWith (list) --
Matches if the field value does not end with the specified value.
(string) --
ELBLoadBalancerLoggingParameters (dict) --
Configuration parameters specific to ELB load balancer logging when ELB is the resource type.
OutputFormat (string) --
The format for ELB access log entries (plain text or JSON format).
FieldDelimiter (string) --
The delimiter character used to separate fields in ELB access log entries when using plain text format.
WAFLoggingParameters (dict) --
Configuration parameters specific to WAF logging when WAF is the resource type.
RedactedFields (list) --
The fields to redact from WAF logs to protect sensitive information.
(dict) --
Specifies a field in the request to redact from WAF logs, such as headers, query parameters, or body content.
SingleHeader (dict) --
Redacts a specific header field by name from WAF logs.
Name (string) --
The name value, limited to 64 characters.
UriPath (string) --
Redacts the URI path from WAF logs.
QueryString (string) --
Redacts the entire query string from WAF logs.
Method (string) --
Redacts the HTTP method from WAF logs.
LoggingFilter (dict) --
A filter configuration that determines which WAF log records to include or exclude.
Filters (list) --
A list of filter conditions that determine log record handling behavior.
(dict) --
A single filter condition that specifies behavior, requirement, and matching conditions for WAF log records.
Behavior (string) --
The action to take for log records matching this filter (KEEP or DROP).
Requirement (string) --
Whether the log record must meet all conditions (MEETS_ALL) or any condition (MEETS_ANY) to match this filter.
Conditions (list) --
The list of conditions that determine if a log record matches this filter.
(dict) --
A single condition that can match based on WAF rule action or label name.
ActionCondition (dict) --
Matches log records based on the WAF rule action taken (ALLOW, BLOCK, COUNT, etc.).
Action (string) --
The WAF action to match against (ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT).
LabelNameCondition (dict) --
Matches log records based on WAF rule labels applied to the request.
LabelName (string) --
The label name to match, supporting alphanumeric characters, underscores, hyphens, and colons.
DefaultBehavior (string) --
The default action (KEEP or DROP) for log records that don't match any filter conditions.
LogType (string) --
The type of WAF logs to collect (currently supports WAF_LOGS).
LogDeliveryParameters (dict) --
Configuration parameters specific to Amazon Bedrock AgentCore logging when Amazon Bedrock AgentCore is the resource type.
LogTypes (list) --
The type of log that the source is sending.
(string) --
Scope (string) --
The organizational scope to which the rule applies, specified using accounts or organizational units.
SelectionCriteria (string) --
Criteria for selecting which resources the rule applies to, such as resource tags.
Regions (list) --
An optional list of Amazon Web Services Regions where this telemetry rule should be replicated. When specified, the rule is created in the home region and automatically replicated to all listed regions. Mutually exclusive with AllRegions.
(string) --
AllRegions (boolean) --
If set to true, the telemetry rule is replicated to all Amazon Web Services Regions where Amazon CloudWatch Observability Admin is available in the current partition. When new regions become available, the rule automatically replicates to them. Mutually exclusive with Regions.
dict
Response Syntax
{
'RuleArn': 'string'
}
Response Structure
(dict) --
RuleArn (string) --
The Amazon Resource Name (ARN) of the updated telemetry rule.
{'Rule': {'AllRegions': 'boolean', 'Regions': ['string']}}
Updates an existing telemetry rule that applies across an Amazon Web Services Organization. This operation can only be called by the organization's management account or a delegated administrator account.
See also: AWS API Documentation
Request Syntax
client.update_telemetry_rule_for_organization(
RuleIdentifier='string',
Rule={
'ResourceType': 'AWS::EC2::Instance'|'AWS::EC2::VPC'|'AWS::Lambda::Function'|'AWS::CloudTrail'|'AWS::EKS::Cluster'|'AWS::WAFv2::WebACL'|'AWS::ElasticLoadBalancingV2::LoadBalancer'|'AWS::Route53Resolver::ResolverEndpoint'|'AWS::BedrockAgentCore::Runtime'|'AWS::BedrockAgentCore::Browser'|'AWS::BedrockAgentCore::CodeInterpreter'|'AWS::BedrockAgentCore::Gateway'|'AWS::BedrockAgentCore::Memory'|'AWS::SecurityHub::Hub'|'AWS::CloudFront::Distribution',
'TelemetryType': 'Logs'|'Metrics'|'Traces',
'TelemetrySourceTypes': [
'VPC_FLOW_LOGS'|'ROUTE53_RESOLVER_QUERY_LOGS'|'EKS_AUDIT_LOGS'|'EKS_AUTHENTICATOR_LOGS'|'EKS_CONTROLLER_MANAGER_LOGS'|'EKS_SCHEDULER_LOGS'|'EKS_API_LOGS',
],
'DestinationConfiguration': {
'DestinationType': 'cloud-watch-logs',
'DestinationPattern': 'string',
'RetentionInDays': 123,
'VPCFlowLogParameters': {
'LogFormat': 'string',
'TrafficType': 'string',
'MaxAggregationInterval': 123
},
'CloudtrailParameters': {
'AdvancedEventSelectors': [
{
'Name': 'string',
'FieldSelectors': [
{
'Field': 'string',
'Equals': [
'string',
],
'StartsWith': [
'string',
],
'EndsWith': [
'string',
],
'NotEquals': [
'string',
],
'NotStartsWith': [
'string',
],
'NotEndsWith': [
'string',
]
},
]
},
]
},
'ELBLoadBalancerLoggingParameters': {
'OutputFormat': 'plain'|'json',
'FieldDelimiter': 'string'
},
'WAFLoggingParameters': {
'RedactedFields': [
{
'SingleHeader': {
'Name': 'string'
},
'UriPath': 'string',
'QueryString': 'string',
'Method': 'string'
},
],
'LoggingFilter': {
'Filters': [
{
'Behavior': 'KEEP'|'DROP',
'Requirement': 'MEETS_ALL'|'MEETS_ANY',
'Conditions': [
{
'ActionCondition': {
'Action': 'ALLOW'|'BLOCK'|'COUNT'|'CAPTCHA'|'CHALLENGE'|'EXCLUDED_AS_COUNT'
},
'LabelNameCondition': {
'LabelName': 'string'
}
},
]
},
],
'DefaultBehavior': 'KEEP'|'DROP'
},
'LogType': 'WAF_LOGS'
},
'LogDeliveryParameters': {
'LogTypes': [
'APPLICATION_LOGS'|'USAGE_LOGS'|'SECURITY_FINDING_LOGS'|'ACCESS_LOGS'|'CONNECTION_LOGS',
]
}
},
'Scope': 'string',
'SelectionCriteria': 'string',
'Regions': [
'string',
],
'AllRegions': True|False
}
)
string
[REQUIRED]
The identifier (name or ARN) of the organization telemetry rule to update.
dict
[REQUIRED]
The new configuration details for the organization telemetry rule, including resource type, telemetry type, and destination configuration.
ResourceType (string) --
The type of Amazon Web Services resource to configure telemetry for (e.g., "AWS::EC2::VPC", "AWS::EKS::Cluster", "AWS::WAFv2::WebACL").
TelemetryType (string) -- [REQUIRED]
The type of telemetry to collect (Logs, Metrics, or Traces).
TelemetrySourceTypes (list) --
The specific telemetry source types to configure for the resource, such as VPC_FLOW_LOGS or EKS_AUDIT_LOGS. TelemetrySourceTypes must be correlated with the specific resource type.
(string) --
Specifies the type of telemetry source for a resource, such as EKS cluster logs.
DestinationConfiguration (dict) --
Configuration specifying where and how the telemetry data should be delivered.
DestinationType (string) --
The type of destination for the telemetry data (e.g., "Amazon CloudWatch Logs", "S3").
DestinationPattern (string) --
The pattern used to generate the destination path or name, supporting macros like <resourceId> and <accountId>.
RetentionInDays (integer) --
The number of days to retain the telemetry data in the destination.
VPCFlowLogParameters (dict) --
Configuration parameters specific to VPC Flow Logs when VPC is the resource type.
LogFormat (string) --
The format in which VPC Flow Log entries should be logged.
TrafficType (string) --
The type of traffic to log (ACCEPT, REJECT, or ALL).
MaxAggregationInterval (integer) --
The maximum interval in seconds between the capture of flow log records.
CloudtrailParameters (dict) --
Configuration parameters specific to Amazon Web Services CloudTrail when CloudTrail is the source type.
AdvancedEventSelectors (list) -- [REQUIRED]
The advanced event selectors to use for filtering Amazon Web Services CloudTrail events.
(dict) --
Advanced event selectors let you create fine-grained selectors for management, data, and network activity events.
Name (string) --
An optional, descriptive name for an advanced event selector, such as "Log data events for only two S3 buckets".
FieldSelectors (list) -- [REQUIRED]
Contains all selector statements in an advanced event selector.
(dict) --
Defines criteria for selecting resources based on field values.
Field (string) -- [REQUIRED]
The name of the field to use for selection.
Equals (list) --
Matches if the field value equals the specified value.
(string) --
StartsWith (list) --
Matches if the field value starts with the specified value.
(string) --
EndsWith (list) --
Matches if the field value ends with the specified value.
(string) --
NotEquals (list) --
Matches if the field value does not equal the specified value.
(string) --
NotStartsWith (list) --
Matches if the field value does not start with the specified value.
(string) --
NotEndsWith (list) --
Matches if the field value does not end with the specified value.
(string) --
ELBLoadBalancerLoggingParameters (dict) --
Configuration parameters specific to ELB load balancer logging when ELB is the resource type.
OutputFormat (string) --
The format for ELB access log entries (plain text or JSON format).
FieldDelimiter (string) --
The delimiter character used to separate fields in ELB access log entries when using plain text format.
WAFLoggingParameters (dict) --
Configuration parameters specific to WAF logging when WAF is the resource type.
RedactedFields (list) --
The fields to redact from WAF logs to protect sensitive information.
(dict) --
Specifies a field in the request to redact from WAF logs, such as headers, query parameters, or body content.
SingleHeader (dict) --
Redacts a specific header field by name from WAF logs.
Name (string) --
The name value, limited to 64 characters.
UriPath (string) --
Redacts the URI path from WAF logs.
QueryString (string) --
Redacts the entire query string from WAF logs.
Method (string) --
Redacts the HTTP method from WAF logs.
LoggingFilter (dict) --
A filter configuration that determines which WAF log records to include or exclude.
Filters (list) --
A list of filter conditions that determine log record handling behavior.
(dict) --
A single filter condition that specifies behavior, requirement, and matching conditions for WAF log records.
Behavior (string) --
The action to take for log records matching this filter (KEEP or DROP).
Requirement (string) --
Whether the log record must meet all conditions (MEETS_ALL) or any condition (MEETS_ANY) to match this filter.
Conditions (list) --
The list of conditions that determine if a log record matches this filter.
(dict) --
A single condition that can match based on WAF rule action or label name.
ActionCondition (dict) --
Matches log records based on the WAF rule action taken (ALLOW, BLOCK, COUNT, etc.).
Action (string) --
The WAF action to match against (ALLOW, BLOCK, COUNT, CAPTCHA, CHALLENGE, EXCLUDED_AS_COUNT).
LabelNameCondition (dict) --
Matches log records based on WAF rule labels applied to the request.
LabelName (string) --
The label name to match, supporting alphanumeric characters, underscores, hyphens, and colons.
DefaultBehavior (string) --
The default action (KEEP or DROP) for log records that don't match any filter conditions.
LogType (string) --
The type of WAF logs to collect (currently supports WAF_LOGS).
LogDeliveryParameters (dict) --
Configuration parameters specific to Amazon Bedrock AgentCore logging when Amazon Bedrock AgentCore is the resource type.
LogTypes (list) --
The type of log that the source is sending.
(string) --
Scope (string) --
The organizational scope to which the rule applies, specified using accounts or organizational units.
SelectionCriteria (string) --
Criteria for selecting which resources the rule applies to, such as resource tags.
Regions (list) --
An optional list of Amazon Web Services Regions where this telemetry rule should be replicated. When specified, the rule is created in the home region and automatically replicated to all listed regions. Mutually exclusive with AllRegions.
(string) --
AllRegions (boolean) --
If set to true, the telemetry rule is replicated to all Amazon Web Services Regions where Amazon CloudWatch Observability Admin is available in the current partition. When new regions become available, the rule automatically replicates to them. Mutually exclusive with Regions.
dict
Response Syntax
{
'RuleArn': 'string'
}
Response Structure
(dict) --
RuleArn (string) --
The Amazon Resource Name (ARN) of the updated organization telemetry rule.