2026/06/11 - Amazon HealthLake - 1 new 4 updated api methods
Changes Adds the UpdateFHIRDatastore API and adds analytics, NLP, and profile configuration support to CreateFHIRDatastore and DescribeFHIRDatastore.
Update the properties of a FHIR-enabled data store.
See also: AWS API Documentation
Request Syntax
client.update_fhir_datastore(
DatastoreId='string',
DatastoreName='string',
AnalyticsConfiguration={
'Status': 'ENABLED'|'ENABLING'|'DISABLED'|'DISABLING'|'PAUSING'|'PAUSED'
},
NlpConfiguration={
'Status': 'ENABLED'|'DISABLED'|'ENABLING'|'DISABLING'
},
ProfileConfiguration={
'DefaultProfiles': [
'string',
]
},
IdentityProviderConfiguration={
'AuthorizationStrategy': 'SMART_ON_FHIR_V1'|'SMART_ON_FHIR'|'AWS_AUTH',
'FineGrainedAuthorizationEnabled': True|False,
'Metadata': 'string',
'IdpLambdaArn': 'string'
}
)
string
[REQUIRED] The data store identifier.
string
The data store name.
dict
The analytics configuration for the data store.
Status (string) -- The status of the analytics configuration.
dict
The NLP configuration for the data store.
Status (string) -- The status of the NLP configuration.
dict
The profile configuration for the data store.
DefaultProfiles (list) -- The list of default profiles for the data store.
(string) --
dict
The identity provider configuration for the data store.
AuthorizationStrategy (string) -- [REQUIRED]
The authorization strategy selected when the HealthLake data store is created.
FineGrainedAuthorizationEnabled (boolean) --
The parameter to enable SMART on FHIR fine-grained authorization for the data store.
Metadata (string) --
The JSON metadata elements to use in your identity provider configuration. Required elements are listed based on the launch specification of the SMART application. For more information on all possible elements, see Metadata in SMART's App Launch specification.
authorization_endpoint: The URL to the OAuth2 authorization endpoint.
grant_types_supported: An array of grant types that are supported at the token endpoint. You must provide at least one grant type option. Valid options are authorization_code and client_credentials.
token_endpoint: The URL to the OAuth2 token endpoint.
capabilities: An array of strings of the SMART capabilities that the authorization server supports.
code_challenge_methods_supported: An array of strings of supported PKCE code challenge methods. You must include the S256 method in the array of PKCE code challenge methods.
IdpLambdaArn (string) --
The Amazon Resource Name (ARN) of the Lambda function to use to decode the access token created by the authorization server.
dict
Response Syntax
{
'DatastoreProperties': {
'DatastoreId': 'string',
'DatastoreArn': 'string',
'DatastoreName': 'string',
'DatastoreStatus': 'CREATING'|'ACTIVE'|'DELETING'|'DELETED'|'CREATE_FAILED'|'UPDATING'|'UPDATE_FAILED',
'CreatedAt': datetime(2015, 1, 1),
'DatastoreTypeVersion': 'R4',
'DatastoreEndpoint': 'string',
'SseConfiguration': {
'KmsEncryptionConfig': {
'CmkType': 'CUSTOMER_MANAGED_KMS_KEY'|'AWS_OWNED_KMS_KEY',
'KmsKeyId': 'string'
}
},
'PreloadDataConfig': {
'PreloadDataType': 'SYNTHEA'
},
'IdentityProviderConfiguration': {
'AuthorizationStrategy': 'SMART_ON_FHIR_V1'|'SMART_ON_FHIR'|'AWS_AUTH',
'FineGrainedAuthorizationEnabled': True|False,
'Metadata': 'string',
'IdpLambdaArn': 'string'
},
'ErrorCause': {
'ErrorMessage': 'string',
'ErrorCategory': 'RETRYABLE_ERROR'|'NON_RETRYABLE_ERROR'
},
'NlpConfiguration': {
'Status': 'ENABLED'|'DISABLED'|'ENABLING'|'DISABLING'
},
'AnalyticsConfiguration': {
'Status': 'ENABLED'|'ENABLING'|'DISABLED'|'DISABLING'|'PAUSING'|'PAUSED'
},
'ProfileConfiguration': {
'DefaultProfiles': [
'string',
]
}
}
}
Response Structure
(dict) --
DatastoreProperties (dict) -- The data store properties.
DatastoreId (string) --
The data store identifier.
DatastoreArn (string) --
The Amazon Resource Name (ARN) used in the creation of the data store.
DatastoreName (string) --
The data store name.
DatastoreStatus (string) --
The data store status.
CreatedAt (datetime) --
The time the data store was created.
DatastoreTypeVersion (string) --
The FHIR release version supported by the data store. Current support is for version R4.
DatastoreEndpoint (string) --
The AWS endpoint for the data store.
SseConfiguration (dict) --
The server-side encryption key configuration for a customer provided encryption key.
KmsEncryptionConfig (dict) --
The Key Management Service (KMS) encryption configuration used to provide details for data encryption.
CmkType (string) --
The type of customer-managed-key (CMK) used for encryption.
KmsKeyId (string) --
The Key Management Service (KMS) encryption key id/alias used to encrypt the data store contents at rest.
PreloadDataConfig (dict) --
The preloaded Synthea data configuration for the data store.
PreloadDataType (string) --
The type of preloaded data. Only Synthea preloaded data is supported.
IdentityProviderConfiguration (dict) --
The identity provider selected during data store creation.
AuthorizationStrategy (string) --
The authorization strategy selected when the HealthLake data store is created.
FineGrainedAuthorizationEnabled (boolean) --
The parameter to enable SMART on FHIR fine-grained authorization for the data store.
Metadata (string) --
The JSON metadata elements to use in your identity provider configuration. Required elements are listed based on the launch specification of the SMART application. For more information on all possible elements, see Metadata in SMART's App Launch specification.
authorization_endpoint: The URL to the OAuth2 authorization endpoint.
grant_types_supported: An array of grant types that are supported at the token endpoint. You must provide at least one grant type option. Valid options are authorization_code and client_credentials.
token_endpoint: The URL to the OAuth2 token endpoint.
capabilities: An array of strings of the SMART capabilities that the authorization server supports.
code_challenge_methods_supported: An array of strings of supported PKCE code challenge methods. You must include the S256 method in the array of PKCE code challenge methods.
IdpLambdaArn (string) --
The Amazon Resource Name (ARN) of the Lambda function to use to decode the access token created by the authorization server.
ErrorCause (dict) --
The error cause for the current data store operation.
ErrorMessage (string) --
The error message text for ErrorCause.
ErrorCategory (string) --
The error category for ErrorCause.
NlpConfiguration (dict) -- The natural language processing (NLP) configuration for the data store.
Status (string) -- The status of the NLP configuration.
AnalyticsConfiguration (dict) -- The analytics configuration for the data store.
Status (string) -- The status of the analytics configuration.
ProfileConfiguration (dict) -- The profile configuration for the data store.
DefaultProfiles (list) -- The list of default profiles for the data store.
(string) --
{'DatastoreStatus': {'UPDATING', 'UPDATE_FAILED'}}
Create a FHIR-enabled data store.
See also: AWS API Documentation
Request Syntax
client.create_fhir_datastore(
DatastoreName='string',
DatastoreTypeVersion='R4',
SseConfiguration={
'KmsEncryptionConfig': {
'CmkType': 'CUSTOMER_MANAGED_KMS_KEY'|'AWS_OWNED_KMS_KEY',
'KmsKeyId': 'string'
}
},
PreloadDataConfig={
'PreloadDataType': 'SYNTHEA'
},
ClientToken='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
],
IdentityProviderConfiguration={
'AuthorizationStrategy': 'SMART_ON_FHIR_V1'|'SMART_ON_FHIR'|'AWS_AUTH',
'FineGrainedAuthorizationEnabled': True|False,
'Metadata': 'string',
'IdpLambdaArn': 'string'
}
)
string
The data store name (user-generated).
string
[REQUIRED]
The FHIR release version supported by the data store. Current support is for version R4.
dict
The server-side encryption key configuration for a customer-provided encryption key specified for creating a data store.
KmsEncryptionConfig (dict) -- [REQUIRED]
The Key Management Service (KMS) encryption configuration used to provide details for data encryption.
CmkType (string) -- [REQUIRED]
The type of customer-managed-key (CMK) used for encryption.
KmsKeyId (string) --
The Key Management Service (KMS) encryption key id/alias used to encrypt the data store contents at rest.
dict
An optional parameter to preload (import) open source Synthea FHIR data upon creation of the data store.
PreloadDataType (string) -- [REQUIRED]
The type of preloaded data. Only Synthea preloaded data is supported.
string
An optional user-provided token to ensure API idempotency.
This field is autopopulated if not provided.
list
The resource tags applied to a data store when it is created.
(dict) --
A label consisting of a user-defined key and value. The form for tags is {"Key", "Value"}
Key (string) -- [REQUIRED]
The key portion of a tag. Tag keys are case sensitive.
Value (string) -- [REQUIRED]
The value portion of a tag. Tag values are case-sensitive.
dict
The identity provider configuration to use for the data store.
AuthorizationStrategy (string) -- [REQUIRED]
The authorization strategy selected when the HealthLake data store is created.
FineGrainedAuthorizationEnabled (boolean) --
The parameter to enable SMART on FHIR fine-grained authorization for the data store.
Metadata (string) --
The JSON metadata elements to use in your identity provider configuration. Required elements are listed based on the launch specification of the SMART application. For more information on all possible elements, see Metadata in SMART's App Launch specification.
authorization_endpoint: The URL to the OAuth2 authorization endpoint.
grant_types_supported: An array of grant types that are supported at the token endpoint. You must provide at least one grant type option. Valid options are authorization_code and client_credentials.
token_endpoint: The URL to the OAuth2 token endpoint.
capabilities: An array of strings of the SMART capabilities that the authorization server supports.
code_challenge_methods_supported: An array of strings of supported PKCE code challenge methods. You must include the S256 method in the array of PKCE code challenge methods.
IdpLambdaArn (string) --
The Amazon Resource Name (ARN) of the Lambda function to use to decode the access token created by the authorization server.
dict
Response Syntax
{
'DatastoreId': 'string',
'DatastoreArn': 'string',
'DatastoreStatus': 'CREATING'|'ACTIVE'|'DELETING'|'DELETED'|'CREATE_FAILED'|'UPDATING'|'UPDATE_FAILED',
'DatastoreEndpoint': 'string'
}
Response Structure
(dict) --
DatastoreId (string) --
The data store identifier.
DatastoreArn (string) --
The Amazon Resource Name (ARN) for the data store.
DatastoreStatus (string) --
The data store status.
DatastoreEndpoint (string) --
The AWS endpoint created for the data store.
{'DatastoreStatus': {'UPDATING', 'UPDATE_FAILED'}}
Delete a FHIR-enabled data store.
See also: AWS API Documentation
Request Syntax
client.delete_fhir_datastore(
DatastoreId='string'
)
string
[REQUIRED]
The AWS-generated identifier for the data store to be deleted.
dict
Response Syntax
{
'DatastoreId': 'string',
'DatastoreArn': 'string',
'DatastoreStatus': 'CREATING'|'ACTIVE'|'DELETING'|'DELETED'|'CREATE_FAILED'|'UPDATING'|'UPDATE_FAILED',
'DatastoreEndpoint': 'string'
}
Response Structure
(dict) --
DatastoreId (string) --
The AWS-generated ID for the deleted data store.
DatastoreArn (string) --
The Amazon Resource Name (ARN) that grants access permission to AWS HealthLake.
DatastoreStatus (string) --
The data store status.
DatastoreEndpoint (string) --
The AWS endpoint of the data store to be deleted.
{'DatastoreProperties': {'AnalyticsConfiguration': {'Status': 'ENABLED | '
'ENABLING | '
'DISABLED | '
'DISABLING | '
'PAUSING | '
'PAUSED'},
'DatastoreStatus': {'UPDATING', 'UPDATE_FAILED'},
'NlpConfiguration': {'Status': 'ENABLED | DISABLED | '
'ENABLING | DISABLING'},
'ProfileConfiguration': {'DefaultProfiles': ['string']}}}
Get properties for a FHIR-enabled data store.
See also: AWS API Documentation
Request Syntax
client.describe_fhir_datastore(
DatastoreId='string'
)
string
[REQUIRED]
The data store identifier.
dict
Response Syntax
{
'DatastoreProperties': {
'DatastoreId': 'string',
'DatastoreArn': 'string',
'DatastoreName': 'string',
'DatastoreStatus': 'CREATING'|'ACTIVE'|'DELETING'|'DELETED'|'CREATE_FAILED'|'UPDATING'|'UPDATE_FAILED',
'CreatedAt': datetime(2015, 1, 1),
'DatastoreTypeVersion': 'R4',
'DatastoreEndpoint': 'string',
'SseConfiguration': {
'KmsEncryptionConfig': {
'CmkType': 'CUSTOMER_MANAGED_KMS_KEY'|'AWS_OWNED_KMS_KEY',
'KmsKeyId': 'string'
}
},
'PreloadDataConfig': {
'PreloadDataType': 'SYNTHEA'
},
'IdentityProviderConfiguration': {
'AuthorizationStrategy': 'SMART_ON_FHIR_V1'|'SMART_ON_FHIR'|'AWS_AUTH',
'FineGrainedAuthorizationEnabled': True|False,
'Metadata': 'string',
'IdpLambdaArn': 'string'
},
'ErrorCause': {
'ErrorMessage': 'string',
'ErrorCategory': 'RETRYABLE_ERROR'|'NON_RETRYABLE_ERROR'
},
'NlpConfiguration': {
'Status': 'ENABLED'|'DISABLED'|'ENABLING'|'DISABLING'
},
'AnalyticsConfiguration': {
'Status': 'ENABLED'|'ENABLING'|'DISABLED'|'DISABLING'|'PAUSING'|'PAUSED'
},
'ProfileConfiguration': {
'DefaultProfiles': [
'string',
]
}
}
}
Response Structure
(dict) --
DatastoreProperties (dict) --
The data store properties.
DatastoreId (string) --
The data store identifier.
DatastoreArn (string) --
The Amazon Resource Name (ARN) used in the creation of the data store.
DatastoreName (string) --
The data store name.
DatastoreStatus (string) --
The data store status.
CreatedAt (datetime) --
The time the data store was created.
DatastoreTypeVersion (string) --
The FHIR release version supported by the data store. Current support is for version R4.
DatastoreEndpoint (string) --
The AWS endpoint for the data store.
SseConfiguration (dict) --
The server-side encryption key configuration for a customer provided encryption key.
KmsEncryptionConfig (dict) --
The Key Management Service (KMS) encryption configuration used to provide details for data encryption.
CmkType (string) --
The type of customer-managed-key (CMK) used for encryption.
KmsKeyId (string) --
The Key Management Service (KMS) encryption key id/alias used to encrypt the data store contents at rest.
PreloadDataConfig (dict) --
The preloaded Synthea data configuration for the data store.
PreloadDataType (string) --
The type of preloaded data. Only Synthea preloaded data is supported.
IdentityProviderConfiguration (dict) --
The identity provider selected during data store creation.
AuthorizationStrategy (string) --
The authorization strategy selected when the HealthLake data store is created.
FineGrainedAuthorizationEnabled (boolean) --
The parameter to enable SMART on FHIR fine-grained authorization for the data store.
Metadata (string) --
The JSON metadata elements to use in your identity provider configuration. Required elements are listed based on the launch specification of the SMART application. For more information on all possible elements, see Metadata in SMART's App Launch specification.
authorization_endpoint: The URL to the OAuth2 authorization endpoint.
grant_types_supported: An array of grant types that are supported at the token endpoint. You must provide at least one grant type option. Valid options are authorization_code and client_credentials.
token_endpoint: The URL to the OAuth2 token endpoint.
capabilities: An array of strings of the SMART capabilities that the authorization server supports.
code_challenge_methods_supported: An array of strings of supported PKCE code challenge methods. You must include the S256 method in the array of PKCE code challenge methods.
IdpLambdaArn (string) --
The Amazon Resource Name (ARN) of the Lambda function to use to decode the access token created by the authorization server.
ErrorCause (dict) --
The error cause for the current data store operation.
ErrorMessage (string) --
The error message text for ErrorCause.
ErrorCategory (string) --
The error category for ErrorCause.
NlpConfiguration (dict) -- The natural language processing (NLP) configuration for the data store.
Status (string) -- The status of the NLP configuration.
AnalyticsConfiguration (dict) -- The analytics configuration for the data store.
Status (string) -- The status of the analytics configuration.
ProfileConfiguration (dict) -- The profile configuration for the data store.
DefaultProfiles (list) -- The list of default profiles for the data store.
(string) --
{'Filter': {'DatastoreStatus': {'UPDATING', 'UPDATE_FAILED'}}}
Response {'DatastorePropertiesList': {'AnalyticsConfiguration': {'Status': 'ENABLED | '
'ENABLING | '
'DISABLED | '
'DISABLING | '
'PAUSING | '
'PAUSED'},
'DatastoreStatus': {'UPDATING', 'UPDATE_FAILED'},
'NlpConfiguration': {'Status': 'ENABLED | '
'DISABLED | '
'ENABLING | '
'DISABLING'},
'ProfileConfiguration': {'DefaultProfiles': ['string']}}}
List all FHIR-enabled data stores in a user’s account, regardless of data store status.
See also: AWS API Documentation
Request Syntax
client.list_fhir_datastores(
Filter={
'DatastoreName': 'string',
'DatastoreStatus': 'CREATING'|'ACTIVE'|'DELETING'|'DELETED'|'CREATE_FAILED'|'UPDATING'|'UPDATE_FAILED',
'CreatedBefore': datetime(2015, 1, 1),
'CreatedAfter': datetime(2015, 1, 1)
},
NextToken='string',
MaxResults=123
)
dict
List all filters associated with a FHIR data store request.
DatastoreName (string) --
Filter data store results by name.
DatastoreStatus (string) --
Filter data store results by status.
CreatedBefore (datetime) --
Filter to set cutoff dates for records. All data stores created before the specified date are included in the results.
CreatedAfter (datetime) --
Filter to set cutoff dates for records. All data stores created after the specified date are included in the results.
string
The token used to retrieve the next page of data stores when results are paginated.
integer
The maximum number of data stores returned on a page.
dict
Response Syntax
{
'DatastorePropertiesList': [
{
'DatastoreId': 'string',
'DatastoreArn': 'string',
'DatastoreName': 'string',
'DatastoreStatus': 'CREATING'|'ACTIVE'|'DELETING'|'DELETED'|'CREATE_FAILED'|'UPDATING'|'UPDATE_FAILED',
'CreatedAt': datetime(2015, 1, 1),
'DatastoreTypeVersion': 'R4',
'DatastoreEndpoint': 'string',
'SseConfiguration': {
'KmsEncryptionConfig': {
'CmkType': 'CUSTOMER_MANAGED_KMS_KEY'|'AWS_OWNED_KMS_KEY',
'KmsKeyId': 'string'
}
},
'PreloadDataConfig': {
'PreloadDataType': 'SYNTHEA'
},
'IdentityProviderConfiguration': {
'AuthorizationStrategy': 'SMART_ON_FHIR_V1'|'SMART_ON_FHIR'|'AWS_AUTH',
'FineGrainedAuthorizationEnabled': True|False,
'Metadata': 'string',
'IdpLambdaArn': 'string'
},
'ErrorCause': {
'ErrorMessage': 'string',
'ErrorCategory': 'RETRYABLE_ERROR'|'NON_RETRYABLE_ERROR'
},
'NlpConfiguration': {
'Status': 'ENABLED'|'DISABLED'|'ENABLING'|'DISABLING'
},
'AnalyticsConfiguration': {
'Status': 'ENABLED'|'ENABLING'|'DISABLED'|'DISABLING'|'PAUSING'|'PAUSED'
},
'ProfileConfiguration': {
'DefaultProfiles': [
'string',
]
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
DatastorePropertiesList (list) --
The properties associated with all listed data stores.
(dict) --
The data store properties.
DatastoreId (string) --
The data store identifier.
DatastoreArn (string) --
The Amazon Resource Name (ARN) used in the creation of the data store.
DatastoreName (string) --
The data store name.
DatastoreStatus (string) --
The data store status.
CreatedAt (datetime) --
The time the data store was created.
DatastoreTypeVersion (string) --
The FHIR release version supported by the data store. Current support is for version R4.
DatastoreEndpoint (string) --
The AWS endpoint for the data store.
SseConfiguration (dict) --
The server-side encryption key configuration for a customer provided encryption key.
KmsEncryptionConfig (dict) --
The Key Management Service (KMS) encryption configuration used to provide details for data encryption.
CmkType (string) --
The type of customer-managed-key (CMK) used for encryption.
KmsKeyId (string) --
The Key Management Service (KMS) encryption key id/alias used to encrypt the data store contents at rest.
PreloadDataConfig (dict) --
The preloaded Synthea data configuration for the data store.
PreloadDataType (string) --
The type of preloaded data. Only Synthea preloaded data is supported.
IdentityProviderConfiguration (dict) --
The identity provider selected during data store creation.
AuthorizationStrategy (string) --
The authorization strategy selected when the HealthLake data store is created.
FineGrainedAuthorizationEnabled (boolean) --
The parameter to enable SMART on FHIR fine-grained authorization for the data store.
Metadata (string) --
The JSON metadata elements to use in your identity provider configuration. Required elements are listed based on the launch specification of the SMART application. For more information on all possible elements, see Metadata in SMART's App Launch specification.
authorization_endpoint: The URL to the OAuth2 authorization endpoint.
grant_types_supported: An array of grant types that are supported at the token endpoint. You must provide at least one grant type option. Valid options are authorization_code and client_credentials.
token_endpoint: The URL to the OAuth2 token endpoint.
capabilities: An array of strings of the SMART capabilities that the authorization server supports.
code_challenge_methods_supported: An array of strings of supported PKCE code challenge methods. You must include the S256 method in the array of PKCE code challenge methods.
IdpLambdaArn (string) --
The Amazon Resource Name (ARN) of the Lambda function to use to decode the access token created by the authorization server.
ErrorCause (dict) --
The error cause for the current data store operation.
ErrorMessage (string) --
The error message text for ErrorCause.
ErrorCategory (string) --
The error category for ErrorCause.
NlpConfiguration (dict) -- The natural language processing (NLP) configuration for the data store.
Status (string) -- The status of the NLP configuration.
AnalyticsConfiguration (dict) -- The analytics configuration for the data store.
Status (string) -- The status of the analytics configuration.
ProfileConfiguration (dict) -- The profile configuration for the data store.
DefaultProfiles (list) -- The list of default profiles for the data store.
(string) --
NextToken (string) --
The pagination token used to retrieve the next page of results.