AWS IoT

2018/07/31 - AWS IoT - 25 new 5 updated api methods

Changes  As part of this release we are introducing a new IoT security service, AWS IoT Device Defender, and extending capability of AWS IoT to support Step Functions rule action. The AWS IoT Device Defender is a fully managed service that helps you secure your fleet of IoT devices. For more details on this new service, go to https://aws.amazon.com/iot-device-defender. The Step Functions rule action lets you start an execution of AWS Step Functions state machine from a rule.

ListAuditFindings (new) Link ¶

Lists the findings (results) of a Device Defender audit or of the audits performed during a specified time period. (Findings are retained for 180 days.)

See also: AWS API Documentation

Request Syntax

client.list_audit_findings(
    taskId='string',
    checkName='string',
    resourceIdentifier={
        'deviceCertificateId': 'string',
        'caCertificateId': 'string',
        'cognitoIdentityPoolId': 'string',
        'clientId': 'string',
        'policyVersionIdentifier': {
            'policyName': 'string',
            'policyVersionId': 'string'
        },
        'account': 'string'
    },
    maxResults=123,
    nextToken='string',
    startTime=datetime(2015, 1, 1),
    endTime=datetime(2015, 1, 1)
)
type taskId

string

param taskId

A filter to limit results to the audit with the specified ID. You must specify either the taskId or the startTime and endTime, but not both.

type checkName

string

param checkName

A filter to limit results to the findings for the specified audit check.

type resourceIdentifier

dict

param resourceIdentifier

Information identifying the non-compliant resource.

  • deviceCertificateId (string) --

    The ID of the certificate attached to the resource.

  • caCertificateId (string) --

    The ID of the CA certificate used to authorize the certificate.

  • cognitoIdentityPoolId (string) --

    The ID of the Cognito Identity Pool.

  • clientId (string) --

    The client ID.

  • policyVersionIdentifier (dict) --

    The version of the policy associated with the resource.

    • policyName (string) --

      The name of the policy.

    • policyVersionId (string) --

      The ID of the version of the policy associated with the resource.

  • account (string) --

    The account with which the resource is associated.

type maxResults

integer

param maxResults

The maximum number of results to return at one time. The default is 25.

type nextToken

string

param nextToken

The token for the next set of results.

type startTime

datetime

param startTime

A filter to limit results to those found after the specified time. You must specify either the startTime and endTime or the taskId, but not both.

type endTime

datetime

param endTime

A filter to limit results to those found before the specified time. You must specify either the startTime and endTime or the taskId, but not both.

rtype

dict

returns

Response Syntax

{
    'findings': [
        {
            'taskId': 'string',
            'checkName': 'string',
            'taskStartTime': datetime(2015, 1, 1),
            'findingTime': datetime(2015, 1, 1),
            'severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW',
            'nonCompliantResource': {
                'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS',
                'resourceIdentifier': {
                    'deviceCertificateId': 'string',
                    'caCertificateId': 'string',
                    'cognitoIdentityPoolId': 'string',
                    'clientId': 'string',
                    'policyVersionIdentifier': {
                        'policyName': 'string',
                        'policyVersionId': 'string'
                    },
                    'account': 'string'
                },
                'additionalInfo': {
                    'string': 'string'
                }
            },
            'relatedResources': [
                {
                    'resourceType': 'DEVICE_CERTIFICATE'|'CA_CERTIFICATE'|'IOT_POLICY'|'COGNITO_IDENTITY_POOL'|'CLIENT_ID'|'ACCOUNT_SETTINGS',
                    'resourceIdentifier': {
                        'deviceCertificateId': 'string',
                        'caCertificateId': 'string',
                        'cognitoIdentityPoolId': 'string',
                        'clientId': 'string',
                        'policyVersionIdentifier': {
                            'policyName': 'string',
                            'policyVersionId': 'string'
                        },
                        'account': 'string'
                    },
                    'additionalInfo': {
                        'string': 'string'
                    }
                },
            ],
            'reasonForNonCompliance': 'string',
            'reasonForNonComplianceCode': 'string'
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • findings (list) --

      The findings (results) of the audit.

      • (dict) --

        The findings (results) of the audit.

        • taskId (string) --

          The ID of the audit that generated this result (finding)

        • checkName (string) --

          The audit check that generated this result.

        • taskStartTime (datetime) --

          The time the audit started.

        • findingTime (datetime) --

          The time the result (finding) was discovered.

        • severity (string) --

          The severity of the result (finding).

        • nonCompliantResource (dict) --

          The resource that was found to be non-compliant with the audit check.

          • resourceType (string) --

            The type of the non-compliant resource.

          • resourceIdentifier (dict) --

            Information identifying the non-compliant resource.

            • deviceCertificateId (string) --

              The ID of the certificate attached to the resource.

            • caCertificateId (string) --

              The ID of the CA certificate used to authorize the certificate.

            • cognitoIdentityPoolId (string) --

              The ID of the Cognito Identity Pool.

            • clientId (string) --

              The client ID.

            • policyVersionIdentifier (dict) --

              The version of the policy associated with the resource.

              • policyName (string) --

                The name of the policy.

              • policyVersionId (string) --

                The ID of the version of the policy associated with the resource.

            • account (string) --

              The account with which the resource is associated.

          • additionalInfo (dict) --

            Additional information about the non-compliant resource.

            • (string) --

              • (string) --

        • relatedResources (list) --

          The list of related resources.

          • (dict) --

            Information about a related resource.

            • resourceType (string) --

              The type of resource.

            • resourceIdentifier (dict) --

              Information identifying the resource.

              • deviceCertificateId (string) --

                The ID of the certificate attached to the resource.

              • caCertificateId (string) --

                The ID of the CA certificate used to authorize the certificate.

              • cognitoIdentityPoolId (string) --

                The ID of the Cognito Identity Pool.

              • clientId (string) --

                The client ID.

              • policyVersionIdentifier (dict) --

                The version of the policy associated with the resource.

                • policyName (string) --

                  The name of the policy.

                • policyVersionId (string) --

                  The ID of the version of the policy associated with the resource.

              • account (string) --

                The account with which the resource is associated.

            • additionalInfo (dict) --

              Additional information about the resource.

              • (string) --

                • (string) --

        • reasonForNonCompliance (string) --

          The reason the resource was non-compliant.

        • reasonForNonComplianceCode (string) --

          A code which indicates the reason that the resource was non-compliant.

    • nextToken (string) --

      A token that can be used to retrieve the next set of results, or null if there are no additional results.

CreateScheduledAudit (new) Link ¶

Creates a scheduled audit that is run at a specified time interval.

See also: AWS API Documentation

Request Syntax

client.create_scheduled_audit(
    frequency='DAILY'|'WEEKLY'|'BIWEEKLY'|'MONTHLY',
    dayOfMonth='string',
    dayOfWeek='SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT',
    targetCheckNames=[
        'string',
    ],
    scheduledAuditName='string'
)
type frequency

string

param frequency

[REQUIRED]

How often the scheduled audit takes place. Can be one of "DAILY", "WEEKLY", "BIWEEKLY" or "MONTHLY". The actual start time of each audit is determined by the system.

type dayOfMonth

string

param dayOfMonth

The day of the month on which the scheduled audit takes place. Can be "1" through "31" or "LAST". This field is required if the "frequency" parameter is set to "MONTHLY". If days 29-31 are specified, and the month does not have that many days, the audit takes place on the "LAST" day of the month.

type dayOfWeek

string

param dayOfWeek

The day of the week on which the scheduled audit takes place. Can be one of "SUN", "MON", "TUE", "WED", "THU", "FRI" or "SAT". This field is required if the "frequency" parameter is set to "WEEKLY" or "BIWEEKLY".

type targetCheckNames

list

param targetCheckNames

[REQUIRED]

Which checks are performed during the scheduled audit. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks including those that are enabled or UpdateAccountAuditConfiguration to select which checks are enabled.)

  • (string) --

    An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks including those that are enabled or UpdateAccountAuditConfiguration to select which checks are enabled.)

type scheduledAuditName

string

param scheduledAuditName

[REQUIRED]

The name you want to give to the scheduled audit. (Max. 128 chars)

rtype

dict

returns

Response Syntax

{
    'scheduledAuditArn': 'string'
}

Response Structure

  • (dict) --

    • scheduledAuditArn (string) --

      The ARN of the scheduled audit.

DeleteSecurityProfile (new) Link ¶

Deletes a Device Defender security profile.

See also: AWS API Documentation

Request Syntax

client.delete_security_profile(
    securityProfileName='string',
    expectedVersion=123
)
type securityProfileName

string

param securityProfileName

[REQUIRED]

The name of the security profile to be deleted.

type expectedVersion

integer

param expectedVersion

The expected version of the security profile. A new version is generated whenever the security profile is updated. If you specify a value that is different than the actual version, a VersionConflictException is thrown.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

ListActiveViolations (new) Link ¶

Lists the active violations for a given Device Defender security profile.

See also: AWS API Documentation

Request Syntax

client.list_active_violations(
    thingName='string',
    securityProfileName='string',
    nextToken='string',
    maxResults=123
)
type thingName

string

param thingName

The name of the thing whose active violations are listed.

type securityProfileName

string

param securityProfileName

The name of the Device Defender security profile for which violations are listed.

type nextToken

string

param nextToken

The token for the next set of results.

type maxResults

integer

param maxResults

The maximum number of results to return at one time.

rtype

dict

returns

Response Syntax

{
    'activeViolations': [
        {
            'violationId': 'string',
            'thingName': 'string',
            'securityProfileName': 'string',
            'behavior': {
                'name': 'string',
                'metric': 'string',
                'criteria': {
                    'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set',
                    'value': {
                        'count': 123,
                        'cidrs': [
                            'string',
                        ],
                        'ports': [
                            123,
                        ]
                    },
                    'durationSeconds': 123
                }
            },
            'lastViolationValue': {
                'count': 123,
                'cidrs': [
                    'string',
                ],
                'ports': [
                    123,
                ]
            },
            'lastViolationTime': datetime(2015, 1, 1),
            'violationStartTime': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • activeViolations (list) --

      The list of active violations.

      • (dict) --

        Information about an active Device Defender security profile behavior violation.

        • violationId (string) --

          The ID of the active violation.

        • thingName (string) --

          The name of the thing responsible for the active violation.

        • securityProfileName (string) --

          The security profile whose behavior is in violation.

        • behavior (dict) --

          The behavior which is being violated.

          • name (string) --

            The name you have given to the behavior.

          • metric (string) --

            What is measured by the behavior.

          • criteria (dict) --

            The criteria that determine if a device is behaving normally in regard to the metric .

            • comparisonOperator (string) --

              The operator that relates the thing measured (metric ) to the criteria (value ).

            • value (dict) --

              The value to be compared with the metric .

              • count (integer) --

                If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .

              • cidrs (list) --

                If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .

                • (string) --

              • ports (list) --

                If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .

                • (integer) --

            • durationSeconds (integer) --

              Use this to specify the period of time over which the behavior is evaluated, for those criteria which have a time dimension (for example, NUM_MESSAGES_SENT ).

        • lastViolationValue (dict) --

          The value of the metric (the measurement) which caused the most recent violation.

          • count (integer) --

            If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .

          • cidrs (list) --

            If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .

            • (string) --

          • ports (list) --

            If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .

            • (integer) --

        • lastViolationTime (datetime) --

          The time the most recent violation occurred.

        • violationStartTime (datetime) --

          The time the violation started.

    • nextToken (string) --

      A token that can be used to retrieve the next set of results, or null if there are no additional results.

CancelAuditTask (new) Link ¶

Cancels an audit that is in progress. The audit can be either scheduled or on-demand. If the audit is not in progress, an "InvalidRequestException" occurs.

See also: AWS API Documentation

Request Syntax

client.cancel_audit_task(
    taskId='string'
)
type taskId

string

param taskId

[REQUIRED]

The ID of the audit you want to cancel. You can only cancel an audit that is "IN_PROGRESS".

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

StartOnDemandAuditTask (new) Link ¶

Starts an on-demand Device Defender audit.

See also: AWS API Documentation

Request Syntax

client.start_on_demand_audit_task(
    targetCheckNames=[
        'string',
    ]
)
type targetCheckNames

list

param targetCheckNames

[REQUIRED]

Which checks are performed during the audit. The checks you specify must be enabled for your account or an exception occurs. Use DescribeAccountAuditConfiguration to see the list of all checks including those that are enabled or UpdateAccountAuditConfiguration to select which checks are enabled.

  • (string) --

    An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks including those that are enabled or UpdateAccountAuditConfiguration to select which checks are enabled.)

rtype

dict

returns

Response Syntax

{
    'taskId': 'string'
}

Response Structure

  • (dict) --

    • taskId (string) --

      The ID of the on-demand audit you started.

UpdateSecurityProfile (new) Link ¶

Updates a Device Defender security profile.

See also: AWS API Documentation

Request Syntax

client.update_security_profile(
    securityProfileName='string',
    securityProfileDescription='string',
    behaviors=[
        {
            'name': 'string',
            'metric': 'string',
            'criteria': {
                'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set',
                'value': {
                    'count': 123,
                    'cidrs': [
                        'string',
                    ],
                    'ports': [
                        123,
                    ]
                },
                'durationSeconds': 123
            }
        },
    ],
    alertTargets={
        'string': {
            'alertTargetArn': 'string',
            'roleArn': 'string'
        }
    },
    expectedVersion=123
)
type securityProfileName

string

param securityProfileName

[REQUIRED]

The name of the security profile you want to update.

type securityProfileDescription

string

param securityProfileDescription

A description of the security profile.

type behaviors

list

param behaviors

Specifies the behaviors that, when violated by a device (thing), cause an alert.

  • (dict) --

    A Device Defender security profile behavior.

    • name (string) -- [REQUIRED]

      The name you have given to the behavior.

    • metric (string) --

      What is measured by the behavior.

    • criteria (dict) --

      The criteria that determine if a device is behaving normally in regard to the metric .

      • comparisonOperator (string) --

        The operator that relates the thing measured (metric ) to the criteria (value ).

      • value (dict) --

        The value to be compared with the metric .

        • count (integer) --

          If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .

        • cidrs (list) --

          If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .

          • (string) --

        • ports (list) --

          If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .

          • (integer) --

      • durationSeconds (integer) --

        Use this to specify the period of time over which the behavior is evaluated, for those criteria which have a time dimension (for example, NUM_MESSAGES_SENT ).

type alertTargets

dict

param alertTargets

Where the alerts are sent. (Alerts are always sent to the console.)

  • (string) --

    The type of alert target: one of "SNS".

    • (dict) --

      A structure containing the alert target ARN and the role ARN.

      • alertTargetArn (string) -- [REQUIRED]

        The ARN of the notification target to which alerts are sent.

      • roleArn (string) -- [REQUIRED]

        The ARN of the role that grants permission to send alerts to the notification target.

type expectedVersion

integer

param expectedVersion

The expected version of the security profile. A new version is generated whenever the security profile is updated. If you specify a value that is different than the actual version, a VersionConflictException is thrown.

rtype

dict

returns

Response Syntax

{
    'securityProfileName': 'string',
    'securityProfileArn': 'string',
    'securityProfileDescription': 'string',
    'behaviors': [
        {
            'name': 'string',
            'metric': 'string',
            'criteria': {
                'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set',
                'value': {
                    'count': 123,
                    'cidrs': [
                        'string',
                    ],
                    'ports': [
                        123,
                    ]
                },
                'durationSeconds': 123
            }
        },
    ],
    'alertTargets': {
        'string': {
            'alertTargetArn': 'string',
            'roleArn': 'string'
        }
    },
    'version': 123,
    'creationDate': datetime(2015, 1, 1),
    'lastModifiedDate': datetime(2015, 1, 1)
}

Response Structure

  • (dict) --

    • securityProfileName (string) --

      The name of the security profile that was updated.

    • securityProfileArn (string) --

      The ARN of the security profile that was updated.

    • securityProfileDescription (string) --

      The description of the security profile.

    • behaviors (list) --

      Specifies the behaviors that, when violated by a device (thing), cause an alert.

      • (dict) --

        A Device Defender security profile behavior.

        • name (string) --

          The name you have given to the behavior.

        • metric (string) --

          What is measured by the behavior.

        • criteria (dict) --

          The criteria that determine if a device is behaving normally in regard to the metric .

          • comparisonOperator (string) --

            The operator that relates the thing measured (metric ) to the criteria (value ).

          • value (dict) --

            The value to be compared with the metric .

            • count (integer) --

              If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .

            • cidrs (list) --

              If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .

              • (string) --

            • ports (list) --

              If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .

              • (integer) --

          • durationSeconds (integer) --

            Use this to specify the period of time over which the behavior is evaluated, for those criteria which have a time dimension (for example, NUM_MESSAGES_SENT ).

    • alertTargets (dict) --

      Where the alerts are sent. (Alerts are always sent to the console.)

      • (string) --

        The type of alert target: one of "SNS".

        • (dict) --

          A structure containing the alert target ARN and the role ARN.

          • alertTargetArn (string) --

            The ARN of the notification target to which alerts are sent.

          • roleArn (string) --

            The ARN of the role that grants permission to send alerts to the notification target.

    • version (integer) --

      The updated version of the security profile.

    • creationDate (datetime) --

      The time the security profile was created.

    • lastModifiedDate (datetime) --

      The time the security profile was last modified.

ListAuditTasks (new) Link ¶

Lists the Device Defender audits that have been performed during a given time period.

See also: AWS API Documentation

Request Syntax

client.list_audit_tasks(
    startTime=datetime(2015, 1, 1),
    endTime=datetime(2015, 1, 1),
    taskType='ON_DEMAND_AUDIT_TASK'|'SCHEDULED_AUDIT_TASK',
    taskStatus='IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED',
    nextToken='string',
    maxResults=123
)
type startTime

datetime

param startTime

[REQUIRED]

The beginning of the time period. Note that audit information is retained for a limited time (180 days). Requesting a start time prior to what is retained results in an "InvalidRequestException".

type endTime

datetime

param endTime

[REQUIRED]

The end of the time period.

type taskType

string

param taskType

A filter to limit the output to the specified type of audit: can be one of "ON_DEMAND_AUDIT_TASK" or "SCHEDULED__AUDIT_TASK".

type taskStatus

string

param taskStatus

A filter to limit the output to audits with the specified completion status: can be one of "IN_PROGRESS", "COMPLETED", "FAILED" or "CANCELED".

type nextToken

string

param nextToken

The token for the next set of results.

type maxResults

integer

param maxResults

The maximum number of results to return at one time. The default is 25.

rtype

dict

returns

Response Syntax

{
    'tasks': [
        {
            'taskId': 'string',
            'taskStatus': 'IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED',
            'taskType': 'ON_DEMAND_AUDIT_TASK'|'SCHEDULED_AUDIT_TASK'
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • tasks (list) --

      The audits that were performed during the specified time period.

      • (dict) --

        The audits that were performed.

        • taskId (string) --

          The ID of this audit.

        • taskStatus (string) --

          The status of this audit: one of "IN_PROGRESS", "COMPLETED", "FAILED" or "CANCELED".

        • taskType (string) --

          The type of this audit: one of "ON_DEMAND_AUDIT_TASK" or "SCHEDULED_AUDIT_TASK".

    • nextToken (string) --

      A token that can be used to retrieve the next set of results, or null if there are no additional results.

DescribeSecurityProfile (new) Link ¶

Gets information about a Device Defender security profile.

See also: AWS API Documentation

Request Syntax

client.describe_security_profile(
    securityProfileName='string'
)
type securityProfileName

string

param securityProfileName

[REQUIRED]

The name of the security profile whose information you want to get.

rtype

dict

returns

Response Syntax

{
    'securityProfileName': 'string',
    'securityProfileArn': 'string',
    'securityProfileDescription': 'string',
    'behaviors': [
        {
            'name': 'string',
            'metric': 'string',
            'criteria': {
                'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set',
                'value': {
                    'count': 123,
                    'cidrs': [
                        'string',
                    ],
                    'ports': [
                        123,
                    ]
                },
                'durationSeconds': 123
            }
        },
    ],
    'alertTargets': {
        'string': {
            'alertTargetArn': 'string',
            'roleArn': 'string'
        }
    },
    'version': 123,
    'creationDate': datetime(2015, 1, 1),
    'lastModifiedDate': datetime(2015, 1, 1)
}

Response Structure

  • (dict) --

    • securityProfileName (string) --

      The name of the security profile.

    • securityProfileArn (string) --

      The ARN of the security profile.

    • securityProfileDescription (string) --

      A description of the security profile (associated with the security profile when it was created or updated).

    • behaviors (list) --

      Specifies the behaviors that, when violated by a device (thing), cause an alert.

      • (dict) --

        A Device Defender security profile behavior.

        • name (string) --

          The name you have given to the behavior.

        • metric (string) --

          What is measured by the behavior.

        • criteria (dict) --

          The criteria that determine if a device is behaving normally in regard to the metric .

          • comparisonOperator (string) --

            The operator that relates the thing measured (metric ) to the criteria (value ).

          • value (dict) --

            The value to be compared with the metric .

            • count (integer) --

              If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .

            • cidrs (list) --

              If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .

              • (string) --

            • ports (list) --

              If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .

              • (integer) --

          • durationSeconds (integer) --

            Use this to specify the period of time over which the behavior is evaluated, for those criteria which have a time dimension (for example, NUM_MESSAGES_SENT ).

    • alertTargets (dict) --

      Where the alerts are sent. (Alerts are always sent to the console.)

      • (string) --

        The type of alert target: one of "SNS".

        • (dict) --

          A structure containing the alert target ARN and the role ARN.

          • alertTargetArn (string) --

            The ARN of the notification target to which alerts are sent.

          • roleArn (string) --

            The ARN of the role that grants permission to send alerts to the notification target.

    • version (integer) --

      The version of the security profile. A new version is generated whenever the security profile is updated.

    • creationDate (datetime) --

      The time the security profile was created.

    • lastModifiedDate (datetime) --

      The time the security profile was last modified.

DescribeAccountAuditConfiguration (new) Link ¶

Gets information about the Device Defender audit settings for this account. Settings include how audit notifications are sent and which audit checks are enabled or disabled.

See also: AWS API Documentation

Request Syntax

client.describe_account_audit_configuration()
rtype

dict

returns

Response Syntax

{
    'roleArn': 'string',
    'auditNotificationTargetConfigurations': {
        'string': {
            'targetArn': 'string',
            'roleArn': 'string',
            'enabled': True|False
        }
    },
    'auditCheckConfigurations': {
        'string': {
            'enabled': True|False
        }
    }
}

Response Structure

  • (dict) --

    • roleArn (string) --

      The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as necessary when performing an audit.

      On the first call to UpdateAccountAuditConfiguration this parameter is required.

    • auditNotificationTargetConfigurations (dict) --

      Information about the targets to which audit notifications are sent for this account.

      • (string) --

        • (dict) --

          Information about the targets to which audit notifications are sent.

          • targetArn (string) --

            The ARN of the target (SNS topic) to which audit notifications are sent.

          • roleArn (string) --

            The ARN of the role that grants permission to send notifications to the target.

          • enabled (boolean) --

            True if notifications to the target are enabled.

    • auditCheckConfigurations (dict) --

      Which audit checks are enabled and disabled for this account.

      • (string) --

        An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks including those that are enabled or UpdateAccountAuditConfiguration to select which checks are enabled.)

        • (dict) --

          Which audit checks are enabled and disabled for this account.

          • enabled (boolean) --

            True if this audit check is enabled for this account.

DetachSecurityProfile (new) Link ¶

Disassociates a Device Defender security profile from a thing group or from this account.

See also: AWS API Documentation

Request Syntax

client.detach_security_profile(
    securityProfileName='string',
    securityProfileTargetArn='string'
)
type securityProfileName

string

param securityProfileName

[REQUIRED]

The security profile that is detached.

type securityProfileTargetArn

string

param securityProfileTargetArn

[REQUIRED]

The ARN of the thing group from which the security profile is detached.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

ListScheduledAudits (new) Link ¶

Lists all of your scheduled audits.

See also: AWS API Documentation

Request Syntax

client.list_scheduled_audits(
    nextToken='string',
    maxResults=123
)
type nextToken

string

param nextToken

The token for the next set of results.

type maxResults

integer

param maxResults

The maximum number of results to return at one time. The default is 25.

rtype

dict

returns

Response Syntax

{
    'scheduledAudits': [
        {
            'scheduledAuditName': 'string',
            'scheduledAuditArn': 'string',
            'frequency': 'DAILY'|'WEEKLY'|'BIWEEKLY'|'MONTHLY',
            'dayOfMonth': 'string',
            'dayOfWeek': 'SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT'
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • scheduledAudits (list) --

      The list of scheduled audits.

      • (dict) --

        Information about the scheduled audit.

        • scheduledAuditName (string) --

          The name of the scheduled audit.

        • scheduledAuditArn (string) --

          The ARN of the scheduled audit.

        • frequency (string) --

          How often the scheduled audit takes place.

        • dayOfMonth (string) --

          The day of the month on which the scheduled audit is run (if the frequency is "MONTHLY"). If days 29-31 are specified, and the month does not have that many days, the audit takes place on the "LAST" day of the month.

        • dayOfWeek (string) --

          The day of the week on which the scheduled audit is run (if the frequency is "WEEKLY" or "BIWEEKLY").

    • nextToken (string) --

      A token that can be used to retrieve the next set of results, or null if there are no additional results.

CreateSecurityProfile (new) Link ¶

Creates a Device Defender security profile.

See also: AWS API Documentation

Request Syntax

client.create_security_profile(
    securityProfileName='string',
    securityProfileDescription='string',
    behaviors=[
        {
            'name': 'string',
            'metric': 'string',
            'criteria': {
                'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set',
                'value': {
                    'count': 123,
                    'cidrs': [
                        'string',
                    ],
                    'ports': [
                        123,
                    ]
                },
                'durationSeconds': 123
            }
        },
    ],
    alertTargets={
        'string': {
            'alertTargetArn': 'string',
            'roleArn': 'string'
        }
    }
)
type securityProfileName

string

param securityProfileName

[REQUIRED]

The name you are giving to the security profile.

type securityProfileDescription

string

param securityProfileDescription

A description of the security profile.

type behaviors

list

param behaviors

[REQUIRED]

Specifies the behaviors that, when violated by a device (thing), cause an alert.

  • (dict) --

    A Device Defender security profile behavior.

    • name (string) -- [REQUIRED]

      The name you have given to the behavior.

    • metric (string) --

      What is measured by the behavior.

    • criteria (dict) --

      The criteria that determine if a device is behaving normally in regard to the metric .

      • comparisonOperator (string) --

        The operator that relates the thing measured (metric ) to the criteria (value ).

      • value (dict) --

        The value to be compared with the metric .

        • count (integer) --

          If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .

        • cidrs (list) --

          If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .

          • (string) --

        • ports (list) --

          If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .

          • (integer) --

      • durationSeconds (integer) --

        Use this to specify the period of time over which the behavior is evaluated, for those criteria which have a time dimension (for example, NUM_MESSAGES_SENT ).

type alertTargets

dict

param alertTargets

Specifies the destinations to which alerts are sent. (Alerts are always sent to the console.) Alerts are generated when a device (thing) violates a behavior.

  • (string) --

    The type of alert target: one of "SNS".

    • (dict) --

      A structure containing the alert target ARN and the role ARN.

      • alertTargetArn (string) -- [REQUIRED]

        The ARN of the notification target to which alerts are sent.

      • roleArn (string) -- [REQUIRED]

        The ARN of the role that grants permission to send alerts to the notification target.

rtype

dict

returns

Response Syntax

{
    'securityProfileName': 'string',
    'securityProfileArn': 'string'
}

Response Structure

  • (dict) --

    • securityProfileName (string) --

      The name you gave to the security profile.

    • securityProfileArn (string) --

      The ARN of the security profile.

DeleteAccountAuditConfiguration (new) Link ¶

Restores the default settings for Device Defender audits for this account. Any configuration data you entered is deleted and all audit checks are reset to disabled.

See also: AWS API Documentation

Request Syntax

client.delete_account_audit_configuration(
    deleteScheduledAudits=True|False
)
type deleteScheduledAudits

boolean

param deleteScheduledAudits

If true, all scheduled audits are deleted.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

DescribeScheduledAudit (new) Link ¶

Gets information about a scheduled audit.

See also: AWS API Documentation

Request Syntax

client.describe_scheduled_audit(
    scheduledAuditName='string'
)
type scheduledAuditName

string

param scheduledAuditName

[REQUIRED]

The name of the scheduled audit whose information you want to get.

rtype

dict

returns

Response Syntax

{
    'frequency': 'DAILY'|'WEEKLY'|'BIWEEKLY'|'MONTHLY',
    'dayOfMonth': 'string',
    'dayOfWeek': 'SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT',
    'targetCheckNames': [
        'string',
    ],
    'scheduledAuditName': 'string',
    'scheduledAuditArn': 'string'
}

Response Structure

  • (dict) --

    • frequency (string) --

      How often the scheduled audit takes place. One of "DAILY", "WEEKLY", "BIWEEKLY" or "MONTHLY". The actual start time of each audit is determined by the system.

    • dayOfMonth (string) --

      The day of the month on which the scheduled audit takes place. Will be "1" through "31" or "LAST". If days 29-31 are specified, and the month does not have that many days, the audit takes place on the "LAST" day of the month.

    • dayOfWeek (string) --

      The day of the week on which the scheduled audit takes place. One of "SUN", "MON", "TUE", "WED", "THU", "FRI" or "SAT".

    • targetCheckNames (list) --

      Which checks are performed during the scheduled audit. (Note that checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks including those that are enabled or UpdateAccountAuditConfiguration to select which checks are enabled.)

      • (string) --

        An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks including those that are enabled or UpdateAccountAuditConfiguration to select which checks are enabled.)

    • scheduledAuditName (string) --

      The name of the scheduled audit.

    • scheduledAuditArn (string) --

      The ARN of the scheduled audit.

UpdateScheduledAudit (new) Link ¶

Updates a scheduled audit, including what checks are performed and how often the audit takes place.

See also: AWS API Documentation

Request Syntax

client.update_scheduled_audit(
    frequency='DAILY'|'WEEKLY'|'BIWEEKLY'|'MONTHLY',
    dayOfMonth='string',
    dayOfWeek='SUN'|'MON'|'TUE'|'WED'|'THU'|'FRI'|'SAT',
    targetCheckNames=[
        'string',
    ],
    scheduledAuditName='string'
)
type frequency

string

param frequency

How often the scheduled audit takes place. Can be one of "DAILY", "WEEKLY", "BIWEEKLY" or "MONTHLY". The actual start time of each audit is determined by the system.

type dayOfMonth

string

param dayOfMonth

The day of the month on which the scheduled audit takes place. Can be "1" through "31" or "LAST". This field is required if the "frequency" parameter is set to "MONTHLY". If days 29-31 are specified, and the month does not have that many days, the audit takes place on the "LAST" day of the month.

type dayOfWeek

string

param dayOfWeek

The day of the week on which the scheduled audit takes place. Can be one of "SUN", "MON", "TUE", "WED", "THU", "FRI" or "SAT". This field is required if the "frequency" parameter is set to "WEEKLY" or "BIWEEKLY".

type targetCheckNames

list

param targetCheckNames

Which checks are performed during the scheduled audit. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks including those that are enabled or UpdateAccountAuditConfiguration to select which checks are enabled.)

  • (string) --

    An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks including those that are enabled or UpdateAccountAuditConfiguration to select which checks are enabled.)

type scheduledAuditName

string

param scheduledAuditName

[REQUIRED]

The name of the scheduled audit. (Max. 128 chars)

rtype

dict

returns

Response Syntax

{
    'scheduledAuditArn': 'string'
}

Response Structure

  • (dict) --

    • scheduledAuditArn (string) --

      The ARN of the scheduled audit.

ListViolationEvents (new) Link ¶

Lists the Device Defender security profile violations discovered during the given time period. You can use filters to limit the results to those alerts issued for a particular security profile, behavior or thing (device).

See also: AWS API Documentation

Request Syntax

client.list_violation_events(
    startTime=datetime(2015, 1, 1),
    endTime=datetime(2015, 1, 1),
    thingName='string',
    securityProfileName='string',
    nextToken='string',
    maxResults=123
)
type startTime

datetime

param startTime

[REQUIRED]

The start time for the alerts to be listed.

type endTime

datetime

param endTime

[REQUIRED]

The end time for the alerts to be listed.

type thingName

string

param thingName

A filter to limit results to those alerts caused by the specified thing.

type securityProfileName

string

param securityProfileName

A filter to limit results to those alerts generated by the specified security profile.

type nextToken

string

param nextToken

The token for the next set of results.

type maxResults

integer

param maxResults

The maximum number of results to return at one time.

rtype

dict

returns

Response Syntax

{
    'violationEvents': [
        {
            'violationId': 'string',
            'thingName': 'string',
            'securityProfileName': 'string',
            'behavior': {
                'name': 'string',
                'metric': 'string',
                'criteria': {
                    'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set',
                    'value': {
                        'count': 123,
                        'cidrs': [
                            'string',
                        ],
                        'ports': [
                            123,
                        ]
                    },
                    'durationSeconds': 123
                }
            },
            'metricValue': {
                'count': 123,
                'cidrs': [
                    'string',
                ],
                'ports': [
                    123,
                ]
            },
            'violationEventType': 'in-alarm'|'alarm-cleared'|'alarm-invalidated',
            'violationEventTime': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • violationEvents (list) --

      The security profile violation alerts issued for this account during the given time frame, potentially filtered by security profile, behavior violated, or thing (device) violating.

      • (dict) --

        Information about a Device Defender security profile behavior violation.

        • violationId (string) --

          The ID of the violation event.

        • thingName (string) --

          The name of the thing responsible for the violation event.

        • securityProfileName (string) --

          The name of the security profile whose behavior was violated.

        • behavior (dict) --

          The behavior which was violated.

          • name (string) --

            The name you have given to the behavior.

          • metric (string) --

            What is measured by the behavior.

          • criteria (dict) --

            The criteria that determine if a device is behaving normally in regard to the metric .

            • comparisonOperator (string) --

              The operator that relates the thing measured (metric ) to the criteria (value ).

            • value (dict) --

              The value to be compared with the metric .

              • count (integer) --

                If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .

              • cidrs (list) --

                If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .

                • (string) --

              • ports (list) --

                If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .

                • (integer) --

            • durationSeconds (integer) --

              Use this to specify the period of time over which the behavior is evaluated, for those criteria which have a time dimension (for example, NUM_MESSAGES_SENT ).

        • metricValue (dict) --

          The value of the metric (the measurement).

          • count (integer) --

            If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .

          • cidrs (list) --

            If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .

            • (string) --

          • ports (list) --

            If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .

            • (integer) --

        • violationEventType (string) --

          The type of violation event.

        • violationEventTime (datetime) --

          The time the violation event occurred.

    • nextToken (string) --

      A token that can be used to retrieve the next set of results, or null if there are no additional results.

UpdateAccountAuditConfiguration (new) Link ¶

Configures or reconfigures the Device Defender audit settings for this account. Settings include how audit notifications are sent and which audit checks are enabled or disabled.

See also: AWS API Documentation

Request Syntax

client.update_account_audit_configuration(
    roleArn='string',
    auditNotificationTargetConfigurations={
        'string': {
            'targetArn': 'string',
            'roleArn': 'string',
            'enabled': True|False
        }
    },
    auditCheckConfigurations={
        'string': {
            'enabled': True|False
        }
    }
)
type roleArn

string

param roleArn

The ARN of the role that grants permission to AWS IoT to access information about your devices, policies, certificates and other items as necessary when performing an audit.

type auditNotificationTargetConfigurations

dict

param auditNotificationTargetConfigurations

Information about the targets to which audit notifications are sent.

  • (string) --

    • (dict) --

      Information about the targets to which audit notifications are sent.

      • targetArn (string) --

        The ARN of the target (SNS topic) to which audit notifications are sent.

      • roleArn (string) --

        The ARN of the role that grants permission to send notifications to the target.

      • enabled (boolean) --

        True if notifications to the target are enabled.

type auditCheckConfigurations

dict

param auditCheckConfigurations

Specifies which audit checks are enabled and disabled for this account. Use DescribeAccountAuditConfiguration to see the list of all checks including those that are currently enabled.

Note that some data collection may begin immediately when certain checks are enabled. When a check is disabled, any data collected so far in relation to the check is deleted.

You cannot disable a check if it is used by any scheduled audit. You must first delete the check from the scheduled audit or delete the scheduled audit itself.

On the first call to UpdateAccountAuditConfiguration this parameter is required and must specify at least one enabled check.

  • (string) --

    An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks including those that are enabled or UpdateAccountAuditConfiguration to select which checks are enabled.)

    • (dict) --

      Which audit checks are enabled and disabled for this account.

      • enabled (boolean) --

        True if this audit check is enabled for this account.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

DescribeAuditTask (new) Link ¶

Gets information about a Device Defender audit.

See also: AWS API Documentation

Request Syntax

client.describe_audit_task(
    taskId='string'
)
type taskId

string

param taskId

[REQUIRED]

The ID of the audit whose information you want to get.

rtype

dict

returns

Response Syntax

{
    'taskStatus': 'IN_PROGRESS'|'COMPLETED'|'FAILED'|'CANCELED',
    'taskType': 'ON_DEMAND_AUDIT_TASK'|'SCHEDULED_AUDIT_TASK',
    'taskStartTime': datetime(2015, 1, 1),
    'taskStatistics': {
        'totalChecks': 123,
        'inProgressChecks': 123,
        'waitingForDataCollectionChecks': 123,
        'compliantChecks': 123,
        'nonCompliantChecks': 123,
        'failedChecks': 123,
        'canceledChecks': 123
    },
    'scheduledAuditName': 'string',
    'auditDetails': {
        'string': {
            'checkRunStatus': 'IN_PROGRESS'|'WAITING_FOR_DATA_COLLECTION'|'CANCELED'|'COMPLETED_COMPLIANT'|'COMPLETED_NON_COMPLIANT'|'FAILED',
            'checkCompliant': True|False,
            'totalResourcesCount': 123,
            'nonCompliantResourcesCount': 123,
            'errorCode': 'string',
            'message': 'string'
        }
    }
}

Response Structure

  • (dict) --

    • taskStatus (string) --

      The status of the audit: one of "IN_PROGRESS", "COMPLETED", "FAILED", or "CANCELED".

    • taskType (string) --

      The type of audit: "ON_DEMAND_AUDIT_TASK" or "SCHEDULED_AUDIT_TASK".

    • taskStartTime (datetime) --

      The time the audit started.

    • taskStatistics (dict) --

      Statistical information about the audit.

      • totalChecks (integer) --

        The number of checks in this audit.

      • inProgressChecks (integer) --

        The number of checks in progress.

      • waitingForDataCollectionChecks (integer) --

        The number of checks waiting for data collection.

      • compliantChecks (integer) --

        The number of checks that found compliant resources.

      • nonCompliantChecks (integer) --

        The number of checks that found non-compliant resources.

      • failedChecks (integer) --

        The number of checks

      • canceledChecks (integer) --

        The number of checks that did not run because the audit was canceled.

    • scheduledAuditName (string) --

      The name of the scheduled audit (only if the audit was a scheduled audit).

    • auditDetails (dict) --

      Detailed information about each check performed during this audit.

      • (string) --

        An audit check name. Checks must be enabled for your account. (Use DescribeAccountAuditConfiguration to see the list of all checks including those that are enabled or UpdateAccountAuditConfiguration to select which checks are enabled.)

        • (dict) --

          Information about the audit check.

          • checkRunStatus (string) --

            The completion status of this check, one of "IN_PROGRESS", "WAITING_FOR_DATA_COLLECTION", "CANCELED", "COMPLETED_COMPLIANT", "COMPLETED_NON_COMPLIANT", or "FAILED".

          • checkCompliant (boolean) --

            True if the check completed and found all resources compliant.

          • totalResourcesCount (integer) --

            The number of resources on which the check was performed.

          • nonCompliantResourcesCount (integer) --

            The number of resources that the check found non-compliant.

          • errorCode (string) --

            The code of any error encountered when performing this check during this audit. One of "INSUFFICIENT_PERMISSIONS", or "AUDIT_CHECK_DISABLED".

          • message (string) --

            The message associated with any error encountered when performing this check during this audit.

ListTargetsForSecurityProfile (new) Link ¶

Lists the targets (thing groups) associated with a given Device Defender security profile.

See also: AWS API Documentation

Request Syntax

client.list_targets_for_security_profile(
    securityProfileName='string',
    nextToken='string',
    maxResults=123
)
type securityProfileName

string

param securityProfileName

[REQUIRED]

The security profile.

type nextToken

string

param nextToken

The token for the next set of results.

type maxResults

integer

param maxResults

The maximum number of results to return at one time.

rtype

dict

returns

Response Syntax

{
    'securityProfileTargets': [
        {
            'arn': 'string'
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • securityProfileTargets (list) --

      The thing groups to which the security profile is attached.

      • (dict) --

        A target to which an alert is sent when a security profile behavior is violated.

        • arn (string) --

          The ARN of the security profile.

    • nextToken (string) --

      A token that can be used to retrieve the next set of results, or null if there are no additional results.

ListSecurityProfiles (new) Link ¶

Lists the Device Defender security profiles you have created. You can use filters to list only those security profiles associated with a thing group or only those associated with your account.

See also: AWS API Documentation

Request Syntax

client.list_security_profiles(
    nextToken='string',
    maxResults=123
)
type nextToken

string

param nextToken

The token for the next set of results.

type maxResults

integer

param maxResults

The maximum number of results to return at one time.

rtype

dict

returns

Response Syntax

{
    'securityProfileIdentifiers': [
        {
            'name': 'string',
            'arn': 'string'
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • securityProfileIdentifiers (list) --

      A list of security profile identifiers (names and ARNs).

      • (dict) --

        Identifying information for a Device Defender security profile.

        • name (string) --

          The name you have given to the security profile.

        • arn (string) --

          The ARN of the security profile.

    • nextToken (string) --

      A token that can be used to retrieve the next set of results, or null if there are no additional results.

ValidateSecurityProfileBehaviors (new) Link ¶

Validates a Device Defender security profile behaviors specification.

See also: AWS API Documentation

Request Syntax

client.validate_security_profile_behaviors(
    behaviors=[
        {
            'name': 'string',
            'metric': 'string',
            'criteria': {
                'comparisonOperator': 'less-than'|'less-than-equals'|'greater-than'|'greater-than-equals'|'in-cidr-set'|'not-in-cidr-set'|'in-port-set'|'not-in-port-set',
                'value': {
                    'count': 123,
                    'cidrs': [
                        'string',
                    ],
                    'ports': [
                        123,
                    ]
                },
                'durationSeconds': 123
            }
        },
    ]
)
type behaviors

list

param behaviors

[REQUIRED]

Specifies the behaviors that, when violated by a device (thing), cause an alert.

  • (dict) --

    A Device Defender security profile behavior.

    • name (string) -- [REQUIRED]

      The name you have given to the behavior.

    • metric (string) --

      What is measured by the behavior.

    • criteria (dict) --

      The criteria that determine if a device is behaving normally in regard to the metric .

      • comparisonOperator (string) --

        The operator that relates the thing measured (metric ) to the criteria (value ).

      • value (dict) --

        The value to be compared with the metric .

        • count (integer) --

          If the comparisonOperator calls for a numeric value, use this to specify that numeric value to be compared with the metric .

        • cidrs (list) --

          If the comparisonOperator calls for a set of CIDRs, use this to specify that set to be compared with the metric .

          • (string) --

        • ports (list) --

          If the comparisonOperator calls for a set of ports, use this to specify that set to be compared with the metric .

          • (integer) --

      • durationSeconds (integer) --

        Use this to specify the period of time over which the behavior is evaluated, for those criteria which have a time dimension (for example, NUM_MESSAGES_SENT ).

rtype

dict

returns

Response Syntax

{
    'valid': True|False,
    'validationErrors': [
        {
            'errorMessage': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • valid (boolean) --

      True if the behaviors were valid.

    • validationErrors (list) --

      The list of any errors found in the behaviors.

      • (dict) --

        Information about an error found in a behavior specification.

        • errorMessage (string) --

          The description of an error found in the behaviors.

ListSecurityProfilesForTarget (new) Link ¶

Lists the Device Defender security profiles attached to a target (thing group).

See also: AWS API Documentation

Request Syntax

client.list_security_profiles_for_target(
    nextToken='string',
    maxResults=123,
    recursive=True|False,
    securityProfileTargetArn='string'
)
type nextToken

string

param nextToken

The token for the next set of results.

type maxResults

integer

param maxResults

The maximum number of results to return at one time.

type recursive

boolean

param recursive

If true, return child groups as well.

type securityProfileTargetArn

string

param securityProfileTargetArn

[REQUIRED]

The ARN of the target (thing group) whose attached security profiles you want to get.

rtype

dict

returns

Response Syntax

{
    'securityProfileTargetMappings': [
        {
            'securityProfileIdentifier': {
                'name': 'string',
                'arn': 'string'
            },
            'target': {
                'arn': 'string'
            }
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • securityProfileTargetMappings (list) --

      A list of security profiles and their associated targets.

      • (dict) --

        Information about a security profile and the target associated with it.

        • securityProfileIdentifier (dict) --

          Information that identifies the security profile.

          • name (string) --

            The name you have given to the security profile.

          • arn (string) --

            The ARN of the security profile.

        • target (dict) --

          Information about the target (thing group) associated with the security profile.

          • arn (string) --

            The ARN of the security profile.

    • nextToken (string) --

      A token that can be used to retrieve the next set of results, or null if there are no additional results.

DeleteScheduledAudit (new) Link ¶

Deletes a scheduled audit.

See also: AWS API Documentation

Request Syntax

client.delete_scheduled_audit(
    scheduledAuditName='string'
)
type scheduledAuditName

string

param scheduledAuditName

[REQUIRED]

The name of the scheduled audit you want to delete.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

AttachSecurityProfile (new) Link ¶

Associates a Device Defender security profile with a thing group or with this account. Each thing group or account can have up to five security profiles associated with it.

See also: AWS API Documentation

Request Syntax

client.attach_security_profile(
    securityProfileName='string',
    securityProfileTargetArn='string'
)
type securityProfileName

string

param securityProfileName

[REQUIRED]

The security profile that is attached.

type securityProfileTargetArn

string

param securityProfileTargetArn

[REQUIRED]

The ARN of the target (thing group) to which the security profile is attached.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --

CreateTopicRule (updated) Link ¶
Changes (request)
{'topicRulePayload': {'actions': {'stepFunctions': {'executionNamePrefix': 'string',
                                                    'roleArn': 'string',
                                                    'stateMachineName': 'string'}},
                      'errorAction': {'stepFunctions': {'executionNamePrefix': 'string',
                                                        'roleArn': 'string',
                                                        'stateMachineName': 'string'}}}}

Creates a rule. Creating rules is an administrator-level action. Any user who has permission to create rules will be able to access data processed by the rule.

See also: AWS API Documentation

Request Syntax

client.create_topic_rule(
    ruleName='string',
    topicRulePayload={
        'sql': 'string',
        'description': 'string',
        'actions': [
            {
                'dynamoDB': {
                    'tableName': 'string',
                    'roleArn': 'string',
                    'operation': 'string',
                    'hashKeyField': 'string',
                    'hashKeyValue': 'string',
                    'hashKeyType': 'STRING'|'NUMBER',
                    'rangeKeyField': 'string',
                    'rangeKeyValue': 'string',
                    'rangeKeyType': 'STRING'|'NUMBER',
                    'payloadField': 'string'
                },
                'dynamoDBv2': {
                    'roleArn': 'string',
                    'putItem': {
                        'tableName': 'string'
                    }
                },
                'lambda': {
                    'functionArn': 'string'
                },
                'sns': {
                    'targetArn': 'string',
                    'roleArn': 'string',
                    'messageFormat': 'RAW'|'JSON'
                },
                'sqs': {
                    'roleArn': 'string',
                    'queueUrl': 'string',
                    'useBase64': True|False
                },
                'kinesis': {
                    'roleArn': 'string',
                    'streamName': 'string',
                    'partitionKey': 'string'
                },
                'republish': {
                    'roleArn': 'string',
                    'topic': 'string'
                },
                's3': {
                    'roleArn': 'string',
                    'bucketName': 'string',
                    'key': 'string',
                    'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
                },
                'firehose': {
                    'roleArn': 'string',
                    'deliveryStreamName': 'string',
                    'separator': 'string'
                },
                'cloudwatchMetric': {
                    'roleArn': 'string',
                    'metricNamespace': 'string',
                    'metricName': 'string',
                    'metricValue': 'string',
                    'metricUnit': 'string',
                    'metricTimestamp': 'string'
                },
                'cloudwatchAlarm': {
                    'roleArn': 'string',
                    'alarmName': 'string',
                    'stateReason': 'string',
                    'stateValue': 'string'
                },
                'elasticsearch': {
                    'roleArn': 'string',
                    'endpoint': 'string',
                    'index': 'string',
                    'type': 'string',
                    'id': 'string'
                },
                'salesforce': {
                    'token': 'string',
                    'url': 'string'
                },
                'iotAnalytics': {
                    'channelArn': 'string',
                    'channelName': 'string',
                    'roleArn': 'string'
                },
                'stepFunctions': {
                    'executionNamePrefix': 'string',
                    'stateMachineName': 'string',
                    'roleArn': 'string'
                }
            },
        ],
        'ruleDisabled': True|False,
        'awsIotSqlVersion': 'string',
        'errorAction': {
            'dynamoDB': {
                'tableName': 'string',
                'roleArn': 'string',
                'operation': 'string',
                'hashKeyField': 'string',
                'hashKeyValue': 'string',
                'hashKeyType': 'STRING'|'NUMBER',
                'rangeKeyField': 'string',
                'rangeKeyValue': 'string',
                'rangeKeyType': 'STRING'|'NUMBER',
                'payloadField': 'string'
            },
            'dynamoDBv2': {
                'roleArn': 'string',
                'putItem': {
                    'tableName': 'string'
                }
            },
            'lambda': {
                'functionArn': 'string'
            },
            'sns': {
                'targetArn': 'string',
                'roleArn': 'string',
                'messageFormat': 'RAW'|'JSON'
            },
            'sqs': {
                'roleArn': 'string',
                'queueUrl': 'string',
                'useBase64': True|False
            },
            'kinesis': {
                'roleArn': 'string',
                'streamName': 'string',
                'partitionKey': 'string'
            },
            'republish': {
                'roleArn': 'string',
                'topic': 'string'
            },
            's3': {
                'roleArn': 'string',
                'bucketName': 'string',
                'key': 'string',
                'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
            },
            'firehose': {
                'roleArn': 'string',
                'deliveryStreamName': 'string',
                'separator': 'string'
            },
            'cloudwatchMetric': {
                'roleArn': 'string',
                'metricNamespace': 'string',
                'metricName': 'string',
                'metricValue': 'string',
                'metricUnit': 'string',
                'metricTimestamp': 'string'
            },
            'cloudwatchAlarm': {
                'roleArn': 'string',
                'alarmName': 'string',
                'stateReason': 'string',
                'stateValue': 'string'
            },
            'elasticsearch': {
                'roleArn': 'string',
                'endpoint': 'string',
                'index': 'string',
                'type': 'string',
                'id': 'string'
            },
            'salesforce': {
                'token': 'string',
                'url': 'string'
            },
            'iotAnalytics': {
                'channelArn': 'string',
                'channelName': 'string',
                'roleArn': 'string'
            },
            'stepFunctions': {
                'executionNamePrefix': 'string',
                'stateMachineName': 'string',
                'roleArn': 'string'
            }
        }
    }
)
type ruleName

string

param ruleName

[REQUIRED]

The name of the rule.

type topicRulePayload

dict

param topicRulePayload

[REQUIRED]

The rule payload.

  • sql (string) -- [REQUIRED]

    The SQL statement used to query the topic. For more information, see AWS IoT SQL Reference in the AWS IoT Developer Guide .

  • description (string) --

    The description of the rule.

  • actions (list) -- [REQUIRED]

    The actions associated with the rule.

    • (dict) --

      Describes the actions associated with a rule.

      • dynamoDB (dict) --

        Write to a DynamoDB table.

        • tableName (string) -- [REQUIRED]

          The name of the DynamoDB table.

        • roleArn (string) -- [REQUIRED]

          The ARN of the IAM role that grants access to the DynamoDB table.

        • operation (string) --

          The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .

        • hashKeyField (string) -- [REQUIRED]

          The hash key name.

        • hashKeyValue (string) -- [REQUIRED]

          The hash key value.

        • hashKeyType (string) --

          The hash key type. Valid values are "STRING" or "NUMBER"

        • rangeKeyField (string) --

          The range key name.

        • rangeKeyValue (string) --

          The range key value.

        • rangeKeyType (string) --

          The range key type. Valid values are "STRING" or "NUMBER"

        • payloadField (string) --

          The action payload. This name can be customized.

      • dynamoDBv2 (dict) --

        Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.

        • roleArn (string) --

          The ARN of the IAM role that grants access to the DynamoDB table.

        • putItem (dict) --

          Specifies the DynamoDB table to which the message data will be written. For example:

          { "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }

          Each attribute in the message payload will be written to a separate column in the DynamoDB database.

          • tableName (string) -- [REQUIRED]

            The table where the message data will be written

      • lambda (dict) --

        Invoke a Lambda function.

        • functionArn (string) -- [REQUIRED]

          The ARN of the Lambda function.

      • sns (dict) --

        Publish to an Amazon SNS topic.

        • targetArn (string) -- [REQUIRED]

          The ARN of the SNS topic.

        • roleArn (string) -- [REQUIRED]

          The ARN of the IAM role that grants access.

        • messageFormat (string) --

          (Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see http://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.

      • sqs (dict) --

        Publish to an Amazon SQS queue.

        • roleArn (string) -- [REQUIRED]

          The ARN of the IAM role that grants access.

        • queueUrl (string) -- [REQUIRED]

          The URL of the Amazon SQS queue.

        • useBase64 (boolean) --

          Specifies whether to use Base64 encoding.

      • kinesis (dict) --

        Write data to an Amazon Kinesis stream.

        • roleArn (string) -- [REQUIRED]

          The ARN of the IAM role that grants access to the Amazon Kinesis stream.

        • streamName (string) -- [REQUIRED]

          The name of the Amazon Kinesis stream.

        • partitionKey (string) --

          The partition key.

      • republish (dict) --

        Publish to another MQTT topic.

        • roleArn (string) -- [REQUIRED]

          The ARN of the IAM role that grants access.

        • topic (string) -- [REQUIRED]

          The name of the MQTT topic.

      • s3 (dict) --

        Write to an Amazon S3 bucket.

        • roleArn (string) -- [REQUIRED]

          The ARN of the IAM role that grants access.

        • bucketName (string) -- [REQUIRED]

          The Amazon S3 bucket.

        • key (string) -- [REQUIRED]

          The object key.

        • cannedAcl (string) --

          The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs .

      • firehose (dict) --

        Write to an Amazon Kinesis Firehose stream.

        • roleArn (string) -- [REQUIRED]

          The IAM role that grants access to the Amazon Kinesis Firehose stream.

        • deliveryStreamName (string) -- [REQUIRED]

          The delivery stream name.

        • separator (string) --

          A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).

      • cloudwatchMetric (dict) --

        Capture a CloudWatch metric.

        • roleArn (string) -- [REQUIRED]

          The IAM role that allows access to the CloudWatch metric.

        • metricNamespace (string) -- [REQUIRED]

          The CloudWatch metric namespace name.

        • metricName (string) -- [REQUIRED]

          The CloudWatch metric name.

        • metricValue (string) -- [REQUIRED]

          The CloudWatch metric value.

        • metricUnit (string) -- [REQUIRED]

          The metric unit supported by CloudWatch.

        • metricTimestamp (string) --

          An optional Unix timestamp .

      • cloudwatchAlarm (dict) --

        Change the state of a CloudWatch alarm.

        • roleArn (string) -- [REQUIRED]

          The IAM role that allows access to the CloudWatch alarm.

        • alarmName (string) -- [REQUIRED]

          The CloudWatch alarm name.

        • stateReason (string) -- [REQUIRED]

          The reason for the alarm change.

        • stateValue (string) -- [REQUIRED]

          The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.

      • elasticsearch (dict) --

        Write data to an Amazon Elasticsearch Service domain.

        • roleArn (string) -- [REQUIRED]

          The IAM role ARN that has access to Elasticsearch.

        • endpoint (string) -- [REQUIRED]

          The endpoint of your Elasticsearch domain.

        • index (string) -- [REQUIRED]

          The Elasticsearch index where you want to store your data.

        • type (string) -- [REQUIRED]

          The type of document you are storing.

        • id (string) -- [REQUIRED]

          The unique identifier for the document you are storing.

      • salesforce (dict) --

        Send a message to a Salesforce IoT Cloud Input Stream.

        • token (string) -- [REQUIRED]

          The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.

        • url (string) -- [REQUIRED]

          The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.

      • iotAnalytics (dict) --

        Sends message data to an AWS IoT Analytics channel.

        • channelArn (string) --

          (deprecated) The ARN of the IoT Analytics channel to which message data will be sent.

        • channelName (string) --

          The name of the IoT Analytics channel to which message data will be sent.

        • roleArn (string) --

          The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).

      • stepFunctions (dict) --

        Starts execution of a Step Functions state machine.

        • executionNamePrefix (string) --

          (Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.

        • stateMachineName (string) -- [REQUIRED]

          The name of the Step Functions state machine whose execution will be started.

        • roleArn (string) -- [REQUIRED]

          The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").

  • ruleDisabled (boolean) --

    Specifies whether the rule is disabled.

  • awsIotSqlVersion (string) --

    The version of the SQL rules engine to use when evaluating the rule.

  • errorAction (dict) --

    The action to take when an error occurs.

    • dynamoDB (dict) --

      Write to a DynamoDB table.

      • tableName (string) -- [REQUIRED]

        The name of the DynamoDB table.

      • roleArn (string) -- [REQUIRED]

        The ARN of the IAM role that grants access to the DynamoDB table.

      • operation (string) --

        The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .

      • hashKeyField (string) -- [REQUIRED]

        The hash key name.

      • hashKeyValue (string) -- [REQUIRED]

        The hash key value.

      • hashKeyType (string) --

        The hash key type. Valid values are "STRING" or "NUMBER"

      • rangeKeyField (string) --

        The range key name.

      • rangeKeyValue (string) --

        The range key value.

      • rangeKeyType (string) --

        The range key type. Valid values are "STRING" or "NUMBER"

      • payloadField (string) --

        The action payload. This name can be customized.

    • dynamoDBv2 (dict) --

      Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.

      • roleArn (string) --

        The ARN of the IAM role that grants access to the DynamoDB table.

      • putItem (dict) --

        Specifies the DynamoDB table to which the message data will be written. For example:

        { "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }

        Each attribute in the message payload will be written to a separate column in the DynamoDB database.

        • tableName (string) -- [REQUIRED]

          The table where the message data will be written

    • lambda (dict) --

      Invoke a Lambda function.

      • functionArn (string) -- [REQUIRED]

        The ARN of the Lambda function.

    • sns (dict) --

      Publish to an Amazon SNS topic.

      • targetArn (string) -- [REQUIRED]

        The ARN of the SNS topic.

      • roleArn (string) -- [REQUIRED]

        The ARN of the IAM role that grants access.

      • messageFormat (string) --

        (Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see http://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.

    • sqs (dict) --

      Publish to an Amazon SQS queue.

      • roleArn (string) -- [REQUIRED]

        The ARN of the IAM role that grants access.

      • queueUrl (string) -- [REQUIRED]

        The URL of the Amazon SQS queue.

      • useBase64 (boolean) --

        Specifies whether to use Base64 encoding.

    • kinesis (dict) --

      Write data to an Amazon Kinesis stream.

      • roleArn (string) -- [REQUIRED]

        The ARN of the IAM role that grants access to the Amazon Kinesis stream.

      • streamName (string) -- [REQUIRED]

        The name of the Amazon Kinesis stream.

      • partitionKey (string) --

        The partition key.

    • republish (dict) --

      Publish to another MQTT topic.

      • roleArn (string) -- [REQUIRED]

        The ARN of the IAM role that grants access.

      • topic (string) -- [REQUIRED]

        The name of the MQTT topic.

    • s3 (dict) --

      Write to an Amazon S3 bucket.

      • roleArn (string) -- [REQUIRED]

        The ARN of the IAM role that grants access.

      • bucketName (string) -- [REQUIRED]

        The Amazon S3 bucket.

      • key (string) -- [REQUIRED]

        The object key.

      • cannedAcl (string) --

        The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs .

    • firehose (dict) --

      Write to an Amazon Kinesis Firehose stream.

      • roleArn (string) -- [REQUIRED]

        The IAM role that grants access to the Amazon Kinesis Firehose stream.

      • deliveryStreamName (string) -- [REQUIRED]

        The delivery stream name.

      • separator (string) --

        A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).

    • cloudwatchMetric (dict) --

      Capture a CloudWatch metric.

      • roleArn (string) -- [REQUIRED]

        The IAM role that allows access to the CloudWatch metric.

      • metricNamespace (string) -- [REQUIRED]

        The CloudWatch metric namespace name.

      • metricName (string) -- [REQUIRED]

        The CloudWatch metric name.

      • metricValue (string) -- [REQUIRED]

        The CloudWatch metric value.

      • metricUnit (string) -- [REQUIRED]

        The metric unit supported by CloudWatch.

      • metricTimestamp (string) --

        An optional Unix timestamp .

    • cloudwatchAlarm (dict) --

      Change the state of a CloudWatch alarm.

      • roleArn (string) -- [REQUIRED]

        The IAM role that allows access to the CloudWatch alarm.

      • alarmName (string) -- [REQUIRED]

        The CloudWatch alarm name.

      • stateReason (string) -- [REQUIRED]

        The reason for the alarm change.

      • stateValue (string) -- [REQUIRED]

        The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.

    • elasticsearch (dict) --

      Write data to an Amazon Elasticsearch Service domain.

      • roleArn (string) -- [REQUIRED]

        The IAM role ARN that has access to Elasticsearch.

      • endpoint (string) -- [REQUIRED]

        The endpoint of your Elasticsearch domain.

      • index (string) -- [REQUIRED]

        The Elasticsearch index where you want to store your data.

      • type (string) -- [REQUIRED]

        The type of document you are storing.

      • id (string) -- [REQUIRED]

        The unique identifier for the document you are storing.

    • salesforce (dict) --

      Send a message to a Salesforce IoT Cloud Input Stream.

      • token (string) -- [REQUIRED]

        The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.

      • url (string) -- [REQUIRED]

        The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.

    • iotAnalytics (dict) --

      Sends message data to an AWS IoT Analytics channel.

      • channelArn (string) --

        (deprecated) The ARN of the IoT Analytics channel to which message data will be sent.

      • channelName (string) --

        The name of the IoT Analytics channel to which message data will be sent.

      • roleArn (string) --

        The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).

    • stepFunctions (dict) --

      Starts execution of a Step Functions state machine.

      • executionNamePrefix (string) --

        (Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.

      • stateMachineName (string) -- [REQUIRED]

        The name of the Step Functions state machine whose execution will be started.

      • roleArn (string) -- [REQUIRED]

        The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").

returns

None

DescribeCACertificate (updated) Link ¶
Changes (response)
{'certificateDescription': {'validity': {'notAfter': 'timestamp',
                                         'notBefore': 'timestamp'}}}

Describes a registered CA certificate.

See also: AWS API Documentation

Request Syntax

client.describe_ca_certificate(
    certificateId='string'
)
type certificateId

string

param certificateId

[REQUIRED]

The CA certificate identifier.

rtype

dict

returns

Response Syntax

{
    'certificateDescription': {
        'certificateArn': 'string',
        'certificateId': 'string',
        'status': 'ACTIVE'|'INACTIVE',
        'certificatePem': 'string',
        'ownedBy': 'string',
        'creationDate': datetime(2015, 1, 1),
        'autoRegistrationStatus': 'ENABLE'|'DISABLE',
        'lastModifiedDate': datetime(2015, 1, 1),
        'customerVersion': 123,
        'generationId': 'string',
        'validity': {
            'notBefore': datetime(2015, 1, 1),
            'notAfter': datetime(2015, 1, 1)
        }
    },
    'registrationConfig': {
        'templateBody': 'string',
        'roleArn': 'string'
    }
}

Response Structure

  • (dict) --

    The output from the DescribeCACertificate operation.

    • certificateDescription (dict) --

      The CA certificate description.

      • certificateArn (string) --

        The CA certificate ARN.

      • certificateId (string) --

        The CA certificate ID.

      • status (string) --

        The status of a CA certificate.

      • certificatePem (string) --

        The CA certificate data, in PEM format.

      • ownedBy (string) --

        The owner of the CA certificate.

      • creationDate (datetime) --

        The date the CA certificate was created.

      • autoRegistrationStatus (string) --

        Whether the CA certificate configured for auto registration of device certificates. Valid values are "ENABLE" and "DISABLE"

      • lastModifiedDate (datetime) --

        The date the CA certificate was last modified.

      • customerVersion (integer) --

        The customer version of the CA certificate.

      • generationId (string) --

        The generation ID of the CA certificate.

      • validity (dict) --

        When the CA certificate is valid.

        • notBefore (datetime) --

          The certificate is not valid before this date.

        • notAfter (datetime) --

          The certificate is not valid after this date.

    • registrationConfig (dict) --

      Information about the registration configuration.

      • templateBody (string) --

        The template body.

      • roleArn (string) --

        The ARN of the role.

DescribeCertificate (updated) Link ¶
Changes (response)
{'certificateDescription': {'validity': {'notAfter': 'timestamp',
                                         'notBefore': 'timestamp'}}}

Gets information about the specified certificate.

See also: AWS API Documentation

Request Syntax

client.describe_certificate(
    certificateId='string'
)
type certificateId

string

param certificateId

[REQUIRED]

The ID of the certificate. (The last part of the certificate ARN contains the certificate ID.)

rtype

dict

returns

Response Syntax

{
    'certificateDescription': {
        'certificateArn': 'string',
        'certificateId': 'string',
        'caCertificateId': 'string',
        'status': 'ACTIVE'|'INACTIVE'|'REVOKED'|'PENDING_TRANSFER'|'REGISTER_INACTIVE'|'PENDING_ACTIVATION',
        'certificatePem': 'string',
        'ownedBy': 'string',
        'previousOwnedBy': 'string',
        'creationDate': datetime(2015, 1, 1),
        'lastModifiedDate': datetime(2015, 1, 1),
        'customerVersion': 123,
        'transferData': {
            'transferMessage': 'string',
            'rejectReason': 'string',
            'transferDate': datetime(2015, 1, 1),
            'acceptDate': datetime(2015, 1, 1),
            'rejectDate': datetime(2015, 1, 1)
        },
        'generationId': 'string',
        'validity': {
            'notBefore': datetime(2015, 1, 1),
            'notAfter': datetime(2015, 1, 1)
        }
    }
}

Response Structure

  • (dict) --

    The output of the DescribeCertificate operation.

    • certificateDescription (dict) --

      The description of the certificate.

      • certificateArn (string) --

        The ARN of the certificate.

      • certificateId (string) --

        The ID of the certificate.

      • caCertificateId (string) --

        The certificate ID of the CA certificate used to sign this certificate.

      • status (string) --

        The status of the certificate.

      • certificatePem (string) --

        The certificate data, in PEM format.

      • ownedBy (string) --

        The ID of the AWS account that owns the certificate.

      • previousOwnedBy (string) --

        The ID of the AWS account of the previous owner of the certificate.

      • creationDate (datetime) --

        The date and time the certificate was created.

      • lastModifiedDate (datetime) --

        The date and time the certificate was last modified.

      • customerVersion (integer) --

        The customer version of the certificate.

      • transferData (dict) --

        The transfer data.

        • transferMessage (string) --

          The transfer message.

        • rejectReason (string) --

          The reason why the transfer was rejected.

        • transferDate (datetime) --

          The date the transfer took place.

        • acceptDate (datetime) --

          The date the transfer was accepted.

        • rejectDate (datetime) --

          The date the transfer was rejected.

      • generationId (string) --

        The generation ID of the certificate.

      • validity (dict) --

        When the certificate is valid.

        • notBefore (datetime) --

          The certificate is not valid before this date.

        • notAfter (datetime) --

          The certificate is not valid after this date.

GetTopicRule (updated) Link ¶
Changes (response)
{'rule': {'actions': {'stepFunctions': {'executionNamePrefix': 'string',
                                        'roleArn': 'string',
                                        'stateMachineName': 'string'}},
          'errorAction': {'stepFunctions': {'executionNamePrefix': 'string',
                                            'roleArn': 'string',
                                            'stateMachineName': 'string'}}}}

Gets information about the rule.

See also: AWS API Documentation

Request Syntax

client.get_topic_rule(
    ruleName='string'
)
type ruleName

string

param ruleName

[REQUIRED]

The name of the rule.

rtype

dict

returns

Response Syntax

{
    'ruleArn': 'string',
    'rule': {
        'ruleName': 'string',
        'sql': 'string',
        'description': 'string',
        'createdAt': datetime(2015, 1, 1),
        'actions': [
            {
                'dynamoDB': {
                    'tableName': 'string',
                    'roleArn': 'string',
                    'operation': 'string',
                    'hashKeyField': 'string',
                    'hashKeyValue': 'string',
                    'hashKeyType': 'STRING'|'NUMBER',
                    'rangeKeyField': 'string',
                    'rangeKeyValue': 'string',
                    'rangeKeyType': 'STRING'|'NUMBER',
                    'payloadField': 'string'
                },
                'dynamoDBv2': {
                    'roleArn': 'string',
                    'putItem': {
                        'tableName': 'string'
                    }
                },
                'lambda': {
                    'functionArn': 'string'
                },
                'sns': {
                    'targetArn': 'string',
                    'roleArn': 'string',
                    'messageFormat': 'RAW'|'JSON'
                },
                'sqs': {
                    'roleArn': 'string',
                    'queueUrl': 'string',
                    'useBase64': True|False
                },
                'kinesis': {
                    'roleArn': 'string',
                    'streamName': 'string',
                    'partitionKey': 'string'
                },
                'republish': {
                    'roleArn': 'string',
                    'topic': 'string'
                },
                's3': {
                    'roleArn': 'string',
                    'bucketName': 'string',
                    'key': 'string',
                    'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
                },
                'firehose': {
                    'roleArn': 'string',
                    'deliveryStreamName': 'string',
                    'separator': 'string'
                },
                'cloudwatchMetric': {
                    'roleArn': 'string',
                    'metricNamespace': 'string',
                    'metricName': 'string',
                    'metricValue': 'string',
                    'metricUnit': 'string',
                    'metricTimestamp': 'string'
                },
                'cloudwatchAlarm': {
                    'roleArn': 'string',
                    'alarmName': 'string',
                    'stateReason': 'string',
                    'stateValue': 'string'
                },
                'elasticsearch': {
                    'roleArn': 'string',
                    'endpoint': 'string',
                    'index': 'string',
                    'type': 'string',
                    'id': 'string'
                },
                'salesforce': {
                    'token': 'string',
                    'url': 'string'
                },
                'iotAnalytics': {
                    'channelArn': 'string',
                    'channelName': 'string',
                    'roleArn': 'string'
                },
                'stepFunctions': {
                    'executionNamePrefix': 'string',
                    'stateMachineName': 'string',
                    'roleArn': 'string'
                }
            },
        ],
        'ruleDisabled': True|False,
        'awsIotSqlVersion': 'string',
        'errorAction': {
            'dynamoDB': {
                'tableName': 'string',
                'roleArn': 'string',
                'operation': 'string',
                'hashKeyField': 'string',
                'hashKeyValue': 'string',
                'hashKeyType': 'STRING'|'NUMBER',
                'rangeKeyField': 'string',
                'rangeKeyValue': 'string',
                'rangeKeyType': 'STRING'|'NUMBER',
                'payloadField': 'string'
            },
            'dynamoDBv2': {
                'roleArn': 'string',
                'putItem': {
                    'tableName': 'string'
                }
            },
            'lambda': {
                'functionArn': 'string'
            },
            'sns': {
                'targetArn': 'string',
                'roleArn': 'string',
                'messageFormat': 'RAW'|'JSON'
            },
            'sqs': {
                'roleArn': 'string',
                'queueUrl': 'string',
                'useBase64': True|False
            },
            'kinesis': {
                'roleArn': 'string',
                'streamName': 'string',
                'partitionKey': 'string'
            },
            'republish': {
                'roleArn': 'string',
                'topic': 'string'
            },
            's3': {
                'roleArn': 'string',
                'bucketName': 'string',
                'key': 'string',
                'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
            },
            'firehose': {
                'roleArn': 'string',
                'deliveryStreamName': 'string',
                'separator': 'string'
            },
            'cloudwatchMetric': {
                'roleArn': 'string',
                'metricNamespace': 'string',
                'metricName': 'string',
                'metricValue': 'string',
                'metricUnit': 'string',
                'metricTimestamp': 'string'
            },
            'cloudwatchAlarm': {
                'roleArn': 'string',
                'alarmName': 'string',
                'stateReason': 'string',
                'stateValue': 'string'
            },
            'elasticsearch': {
                'roleArn': 'string',
                'endpoint': 'string',
                'index': 'string',
                'type': 'string',
                'id': 'string'
            },
            'salesforce': {
                'token': 'string',
                'url': 'string'
            },
            'iotAnalytics': {
                'channelArn': 'string',
                'channelName': 'string',
                'roleArn': 'string'
            },
            'stepFunctions': {
                'executionNamePrefix': 'string',
                'stateMachineName': 'string',
                'roleArn': 'string'
            }
        }
    }
}

Response Structure

  • (dict) --

    The output from the GetTopicRule operation.

    • ruleArn (string) --

      The rule ARN.

    • rule (dict) --

      The rule.

      • ruleName (string) --

        The name of the rule.

      • sql (string) --

        The SQL statement used to query the topic. When using a SQL query with multiple lines, be sure to escape the newline characters.

      • description (string) --

        The description of the rule.

      • createdAt (datetime) --

        The date and time the rule was created.

      • actions (list) --

        The actions associated with the rule.

        • (dict) --

          Describes the actions associated with a rule.

          • dynamoDB (dict) --

            Write to a DynamoDB table.

            • tableName (string) --

              The name of the DynamoDB table.

            • roleArn (string) --

              The ARN of the IAM role that grants access to the DynamoDB table.

            • operation (string) --

              The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .

            • hashKeyField (string) --

              The hash key name.

            • hashKeyValue (string) --

              The hash key value.

            • hashKeyType (string) --

              The hash key type. Valid values are "STRING" or "NUMBER"

            • rangeKeyField (string) --

              The range key name.

            • rangeKeyValue (string) --

              The range key value.

            • rangeKeyType (string) --

              The range key type. Valid values are "STRING" or "NUMBER"

            • payloadField (string) --

              The action payload. This name can be customized.

          • dynamoDBv2 (dict) --

            Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.

            • roleArn (string) --

              The ARN of the IAM role that grants access to the DynamoDB table.

            • putItem (dict) --

              Specifies the DynamoDB table to which the message data will be written. For example:

              { "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }

              Each attribute in the message payload will be written to a separate column in the DynamoDB database.

              • tableName (string) --

                The table where the message data will be written

          • lambda (dict) --

            Invoke a Lambda function.

            • functionArn (string) --

              The ARN of the Lambda function.

          • sns (dict) --

            Publish to an Amazon SNS topic.

            • targetArn (string) --

              The ARN of the SNS topic.

            • roleArn (string) --

              The ARN of the IAM role that grants access.

            • messageFormat (string) --

              (Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see http://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.

          • sqs (dict) --

            Publish to an Amazon SQS queue.

            • roleArn (string) --

              The ARN of the IAM role that grants access.

            • queueUrl (string) --

              The URL of the Amazon SQS queue.

            • useBase64 (boolean) --

              Specifies whether to use Base64 encoding.

          • kinesis (dict) --

            Write data to an Amazon Kinesis stream.

            • roleArn (string) --

              The ARN of the IAM role that grants access to the Amazon Kinesis stream.

            • streamName (string) --

              The name of the Amazon Kinesis stream.

            • partitionKey (string) --

              The partition key.

          • republish (dict) --

            Publish to another MQTT topic.

            • roleArn (string) --

              The ARN of the IAM role that grants access.

            • topic (string) --

              The name of the MQTT topic.

          • s3 (dict) --

            Write to an Amazon S3 bucket.

            • roleArn (string) --

              The ARN of the IAM role that grants access.

            • bucketName (string) --

              The Amazon S3 bucket.

            • key (string) --

              The object key.

            • cannedAcl (string) --

              The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs .

          • firehose (dict) --

            Write to an Amazon Kinesis Firehose stream.

            • roleArn (string) --

              The IAM role that grants access to the Amazon Kinesis Firehose stream.

            • deliveryStreamName (string) --

              The delivery stream name.

            • separator (string) --

              A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).

          • cloudwatchMetric (dict) --

            Capture a CloudWatch metric.

            • roleArn (string) --

              The IAM role that allows access to the CloudWatch metric.

            • metricNamespace (string) --

              The CloudWatch metric namespace name.

            • metricName (string) --

              The CloudWatch metric name.

            • metricValue (string) --

              The CloudWatch metric value.

            • metricUnit (string) --

              The metric unit supported by CloudWatch.

            • metricTimestamp (string) --

              An optional Unix timestamp .

          • cloudwatchAlarm (dict) --

            Change the state of a CloudWatch alarm.

            • roleArn (string) --

              The IAM role that allows access to the CloudWatch alarm.

            • alarmName (string) --

              The CloudWatch alarm name.

            • stateReason (string) --

              The reason for the alarm change.

            • stateValue (string) --

              The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.

          • elasticsearch (dict) --

            Write data to an Amazon Elasticsearch Service domain.

            • roleArn (string) --

              The IAM role ARN that has access to Elasticsearch.

            • endpoint (string) --

              The endpoint of your Elasticsearch domain.

            • index (string) --

              The Elasticsearch index where you want to store your data.

            • type (string) --

              The type of document you are storing.

            • id (string) --

              The unique identifier for the document you are storing.

          • salesforce (dict) --

            Send a message to a Salesforce IoT Cloud Input Stream.

            • token (string) --

              The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.

            • url (string) --

              The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.

          • iotAnalytics (dict) --

            Sends message data to an AWS IoT Analytics channel.

            • channelArn (string) --

              (deprecated) The ARN of the IoT Analytics channel to which message data will be sent.

            • channelName (string) --

              The name of the IoT Analytics channel to which message data will be sent.

            • roleArn (string) --

              The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).

          • stepFunctions (dict) --

            Starts execution of a Step Functions state machine.

            • executionNamePrefix (string) --

              (Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.

            • stateMachineName (string) --

              The name of the Step Functions state machine whose execution will be started.

            • roleArn (string) --

              The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").

      • ruleDisabled (boolean) --

        Specifies whether the rule is disabled.

      • awsIotSqlVersion (string) --

        The version of the SQL rules engine to use when evaluating the rule.

      • errorAction (dict) --

        The action to perform when an error occurs.

        • dynamoDB (dict) --

          Write to a DynamoDB table.

          • tableName (string) --

            The name of the DynamoDB table.

          • roleArn (string) --

            The ARN of the IAM role that grants access to the DynamoDB table.

          • operation (string) --

            The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .

          • hashKeyField (string) --

            The hash key name.

          • hashKeyValue (string) --

            The hash key value.

          • hashKeyType (string) --

            The hash key type. Valid values are "STRING" or "NUMBER"

          • rangeKeyField (string) --

            The range key name.

          • rangeKeyValue (string) --

            The range key value.

          • rangeKeyType (string) --

            The range key type. Valid values are "STRING" or "NUMBER"

          • payloadField (string) --

            The action payload. This name can be customized.

        • dynamoDBv2 (dict) --

          Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.

          • roleArn (string) --

            The ARN of the IAM role that grants access to the DynamoDB table.

          • putItem (dict) --

            Specifies the DynamoDB table to which the message data will be written. For example:

            { "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }

            Each attribute in the message payload will be written to a separate column in the DynamoDB database.

            • tableName (string) --

              The table where the message data will be written

        • lambda (dict) --

          Invoke a Lambda function.

          • functionArn (string) --

            The ARN of the Lambda function.

        • sns (dict) --

          Publish to an Amazon SNS topic.

          • targetArn (string) --

            The ARN of the SNS topic.

          • roleArn (string) --

            The ARN of the IAM role that grants access.

          • messageFormat (string) --

            (Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see http://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.

        • sqs (dict) --

          Publish to an Amazon SQS queue.

          • roleArn (string) --

            The ARN of the IAM role that grants access.

          • queueUrl (string) --

            The URL of the Amazon SQS queue.

          • useBase64 (boolean) --

            Specifies whether to use Base64 encoding.

        • kinesis (dict) --

          Write data to an Amazon Kinesis stream.

          • roleArn (string) --

            The ARN of the IAM role that grants access to the Amazon Kinesis stream.

          • streamName (string) --

            The name of the Amazon Kinesis stream.

          • partitionKey (string) --

            The partition key.

        • republish (dict) --

          Publish to another MQTT topic.

          • roleArn (string) --

            The ARN of the IAM role that grants access.

          • topic (string) --

            The name of the MQTT topic.

        • s3 (dict) --

          Write to an Amazon S3 bucket.

          • roleArn (string) --

            The ARN of the IAM role that grants access.

          • bucketName (string) --

            The Amazon S3 bucket.

          • key (string) --

            The object key.

          • cannedAcl (string) --

            The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs .

        • firehose (dict) --

          Write to an Amazon Kinesis Firehose stream.

          • roleArn (string) --

            The IAM role that grants access to the Amazon Kinesis Firehose stream.

          • deliveryStreamName (string) --

            The delivery stream name.

          • separator (string) --

            A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).

        • cloudwatchMetric (dict) --

          Capture a CloudWatch metric.

          • roleArn (string) --

            The IAM role that allows access to the CloudWatch metric.

          • metricNamespace (string) --

            The CloudWatch metric namespace name.

          • metricName (string) --

            The CloudWatch metric name.

          • metricValue (string) --

            The CloudWatch metric value.

          • metricUnit (string) --

            The metric unit supported by CloudWatch.

          • metricTimestamp (string) --

            An optional Unix timestamp .

        • cloudwatchAlarm (dict) --

          Change the state of a CloudWatch alarm.

          • roleArn (string) --

            The IAM role that allows access to the CloudWatch alarm.

          • alarmName (string) --

            The CloudWatch alarm name.

          • stateReason (string) --

            The reason for the alarm change.

          • stateValue (string) --

            The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.

        • elasticsearch (dict) --

          Write data to an Amazon Elasticsearch Service domain.

          • roleArn (string) --

            The IAM role ARN that has access to Elasticsearch.

          • endpoint (string) --

            The endpoint of your Elasticsearch domain.

          • index (string) --

            The Elasticsearch index where you want to store your data.

          • type (string) --

            The type of document you are storing.

          • id (string) --

            The unique identifier for the document you are storing.

        • salesforce (dict) --

          Send a message to a Salesforce IoT Cloud Input Stream.

          • token (string) --

            The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.

          • url (string) --

            The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.

        • iotAnalytics (dict) --

          Sends message data to an AWS IoT Analytics channel.

          • channelArn (string) --

            (deprecated) The ARN of the IoT Analytics channel to which message data will be sent.

          • channelName (string) --

            The name of the IoT Analytics channel to which message data will be sent.

          • roleArn (string) --

            The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).

        • stepFunctions (dict) --

          Starts execution of a Step Functions state machine.

          • executionNamePrefix (string) --

            (Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.

          • stateMachineName (string) --

            The name of the Step Functions state machine whose execution will be started.

          • roleArn (string) --

            The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").

ReplaceTopicRule (updated) Link ¶
Changes (request)
{'topicRulePayload': {'actions': {'stepFunctions': {'executionNamePrefix': 'string',
                                                    'roleArn': 'string',
                                                    'stateMachineName': 'string'}},
                      'errorAction': {'stepFunctions': {'executionNamePrefix': 'string',
                                                        'roleArn': 'string',
                                                        'stateMachineName': 'string'}}}}

Replaces the rule. You must specify all parameters for the new rule. Creating rules is an administrator-level action. Any user who has permission to create rules will be able to access data processed by the rule.

See also: AWS API Documentation

Request Syntax

client.replace_topic_rule(
    ruleName='string',
    topicRulePayload={
        'sql': 'string',
        'description': 'string',
        'actions': [
            {
                'dynamoDB': {
                    'tableName': 'string',
                    'roleArn': 'string',
                    'operation': 'string',
                    'hashKeyField': 'string',
                    'hashKeyValue': 'string',
                    'hashKeyType': 'STRING'|'NUMBER',
                    'rangeKeyField': 'string',
                    'rangeKeyValue': 'string',
                    'rangeKeyType': 'STRING'|'NUMBER',
                    'payloadField': 'string'
                },
                'dynamoDBv2': {
                    'roleArn': 'string',
                    'putItem': {
                        'tableName': 'string'
                    }
                },
                'lambda': {
                    'functionArn': 'string'
                },
                'sns': {
                    'targetArn': 'string',
                    'roleArn': 'string',
                    'messageFormat': 'RAW'|'JSON'
                },
                'sqs': {
                    'roleArn': 'string',
                    'queueUrl': 'string',
                    'useBase64': True|False
                },
                'kinesis': {
                    'roleArn': 'string',
                    'streamName': 'string',
                    'partitionKey': 'string'
                },
                'republish': {
                    'roleArn': 'string',
                    'topic': 'string'
                },
                's3': {
                    'roleArn': 'string',
                    'bucketName': 'string',
                    'key': 'string',
                    'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
                },
                'firehose': {
                    'roleArn': 'string',
                    'deliveryStreamName': 'string',
                    'separator': 'string'
                },
                'cloudwatchMetric': {
                    'roleArn': 'string',
                    'metricNamespace': 'string',
                    'metricName': 'string',
                    'metricValue': 'string',
                    'metricUnit': 'string',
                    'metricTimestamp': 'string'
                },
                'cloudwatchAlarm': {
                    'roleArn': 'string',
                    'alarmName': 'string',
                    'stateReason': 'string',
                    'stateValue': 'string'
                },
                'elasticsearch': {
                    'roleArn': 'string',
                    'endpoint': 'string',
                    'index': 'string',
                    'type': 'string',
                    'id': 'string'
                },
                'salesforce': {
                    'token': 'string',
                    'url': 'string'
                },
                'iotAnalytics': {
                    'channelArn': 'string',
                    'channelName': 'string',
                    'roleArn': 'string'
                },
                'stepFunctions': {
                    'executionNamePrefix': 'string',
                    'stateMachineName': 'string',
                    'roleArn': 'string'
                }
            },
        ],
        'ruleDisabled': True|False,
        'awsIotSqlVersion': 'string',
        'errorAction': {
            'dynamoDB': {
                'tableName': 'string',
                'roleArn': 'string',
                'operation': 'string',
                'hashKeyField': 'string',
                'hashKeyValue': 'string',
                'hashKeyType': 'STRING'|'NUMBER',
                'rangeKeyField': 'string',
                'rangeKeyValue': 'string',
                'rangeKeyType': 'STRING'|'NUMBER',
                'payloadField': 'string'
            },
            'dynamoDBv2': {
                'roleArn': 'string',
                'putItem': {
                    'tableName': 'string'
                }
            },
            'lambda': {
                'functionArn': 'string'
            },
            'sns': {
                'targetArn': 'string',
                'roleArn': 'string',
                'messageFormat': 'RAW'|'JSON'
            },
            'sqs': {
                'roleArn': 'string',
                'queueUrl': 'string',
                'useBase64': True|False
            },
            'kinesis': {
                'roleArn': 'string',
                'streamName': 'string',
                'partitionKey': 'string'
            },
            'republish': {
                'roleArn': 'string',
                'topic': 'string'
            },
            's3': {
                'roleArn': 'string',
                'bucketName': 'string',
                'key': 'string',
                'cannedAcl': 'private'|'public-read'|'public-read-write'|'aws-exec-read'|'authenticated-read'|'bucket-owner-read'|'bucket-owner-full-control'|'log-delivery-write'
            },
            'firehose': {
                'roleArn': 'string',
                'deliveryStreamName': 'string',
                'separator': 'string'
            },
            'cloudwatchMetric': {
                'roleArn': 'string',
                'metricNamespace': 'string',
                'metricName': 'string',
                'metricValue': 'string',
                'metricUnit': 'string',
                'metricTimestamp': 'string'
            },
            'cloudwatchAlarm': {
                'roleArn': 'string',
                'alarmName': 'string',
                'stateReason': 'string',
                'stateValue': 'string'
            },
            'elasticsearch': {
                'roleArn': 'string',
                'endpoint': 'string',
                'index': 'string',
                'type': 'string',
                'id': 'string'
            },
            'salesforce': {
                'token': 'string',
                'url': 'string'
            },
            'iotAnalytics': {
                'channelArn': 'string',
                'channelName': 'string',
                'roleArn': 'string'
            },
            'stepFunctions': {
                'executionNamePrefix': 'string',
                'stateMachineName': 'string',
                'roleArn': 'string'
            }
        }
    }
)
type ruleName

string

param ruleName

[REQUIRED]

The name of the rule.

type topicRulePayload

dict

param topicRulePayload

[REQUIRED]

The rule payload.

  • sql (string) -- [REQUIRED]

    The SQL statement used to query the topic. For more information, see AWS IoT SQL Reference in the AWS IoT Developer Guide .

  • description (string) --

    The description of the rule.

  • actions (list) -- [REQUIRED]

    The actions associated with the rule.

    • (dict) --

      Describes the actions associated with a rule.

      • dynamoDB (dict) --

        Write to a DynamoDB table.

        • tableName (string) -- [REQUIRED]

          The name of the DynamoDB table.

        • roleArn (string) -- [REQUIRED]

          The ARN of the IAM role that grants access to the DynamoDB table.

        • operation (string) --

          The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .

        • hashKeyField (string) -- [REQUIRED]

          The hash key name.

        • hashKeyValue (string) -- [REQUIRED]

          The hash key value.

        • hashKeyType (string) --

          The hash key type. Valid values are "STRING" or "NUMBER"

        • rangeKeyField (string) --

          The range key name.

        • rangeKeyValue (string) --

          The range key value.

        • rangeKeyType (string) --

          The range key type. Valid values are "STRING" or "NUMBER"

        • payloadField (string) --

          The action payload. This name can be customized.

      • dynamoDBv2 (dict) --

        Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.

        • roleArn (string) --

          The ARN of the IAM role that grants access to the DynamoDB table.

        • putItem (dict) --

          Specifies the DynamoDB table to which the message data will be written. For example:

          { "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }

          Each attribute in the message payload will be written to a separate column in the DynamoDB database.

          • tableName (string) -- [REQUIRED]

            The table where the message data will be written

      • lambda (dict) --

        Invoke a Lambda function.

        • functionArn (string) -- [REQUIRED]

          The ARN of the Lambda function.

      • sns (dict) --

        Publish to an Amazon SNS topic.

        • targetArn (string) -- [REQUIRED]

          The ARN of the SNS topic.

        • roleArn (string) -- [REQUIRED]

          The ARN of the IAM role that grants access.

        • messageFormat (string) --

          (Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see http://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.

      • sqs (dict) --

        Publish to an Amazon SQS queue.

        • roleArn (string) -- [REQUIRED]

          The ARN of the IAM role that grants access.

        • queueUrl (string) -- [REQUIRED]

          The URL of the Amazon SQS queue.

        • useBase64 (boolean) --

          Specifies whether to use Base64 encoding.

      • kinesis (dict) --

        Write data to an Amazon Kinesis stream.

        • roleArn (string) -- [REQUIRED]

          The ARN of the IAM role that grants access to the Amazon Kinesis stream.

        • streamName (string) -- [REQUIRED]

          The name of the Amazon Kinesis stream.

        • partitionKey (string) --

          The partition key.

      • republish (dict) --

        Publish to another MQTT topic.

        • roleArn (string) -- [REQUIRED]

          The ARN of the IAM role that grants access.

        • topic (string) -- [REQUIRED]

          The name of the MQTT topic.

      • s3 (dict) --

        Write to an Amazon S3 bucket.

        • roleArn (string) -- [REQUIRED]

          The ARN of the IAM role that grants access.

        • bucketName (string) -- [REQUIRED]

          The Amazon S3 bucket.

        • key (string) -- [REQUIRED]

          The object key.

        • cannedAcl (string) --

          The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs .

      • firehose (dict) --

        Write to an Amazon Kinesis Firehose stream.

        • roleArn (string) -- [REQUIRED]

          The IAM role that grants access to the Amazon Kinesis Firehose stream.

        • deliveryStreamName (string) -- [REQUIRED]

          The delivery stream name.

        • separator (string) --

          A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).

      • cloudwatchMetric (dict) --

        Capture a CloudWatch metric.

        • roleArn (string) -- [REQUIRED]

          The IAM role that allows access to the CloudWatch metric.

        • metricNamespace (string) -- [REQUIRED]

          The CloudWatch metric namespace name.

        • metricName (string) -- [REQUIRED]

          The CloudWatch metric name.

        • metricValue (string) -- [REQUIRED]

          The CloudWatch metric value.

        • metricUnit (string) -- [REQUIRED]

          The metric unit supported by CloudWatch.

        • metricTimestamp (string) --

          An optional Unix timestamp .

      • cloudwatchAlarm (dict) --

        Change the state of a CloudWatch alarm.

        • roleArn (string) -- [REQUIRED]

          The IAM role that allows access to the CloudWatch alarm.

        • alarmName (string) -- [REQUIRED]

          The CloudWatch alarm name.

        • stateReason (string) -- [REQUIRED]

          The reason for the alarm change.

        • stateValue (string) -- [REQUIRED]

          The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.

      • elasticsearch (dict) --

        Write data to an Amazon Elasticsearch Service domain.

        • roleArn (string) -- [REQUIRED]

          The IAM role ARN that has access to Elasticsearch.

        • endpoint (string) -- [REQUIRED]

          The endpoint of your Elasticsearch domain.

        • index (string) -- [REQUIRED]

          The Elasticsearch index where you want to store your data.

        • type (string) -- [REQUIRED]

          The type of document you are storing.

        • id (string) -- [REQUIRED]

          The unique identifier for the document you are storing.

      • salesforce (dict) --

        Send a message to a Salesforce IoT Cloud Input Stream.

        • token (string) -- [REQUIRED]

          The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.

        • url (string) -- [REQUIRED]

          The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.

      • iotAnalytics (dict) --

        Sends message data to an AWS IoT Analytics channel.

        • channelArn (string) --

          (deprecated) The ARN of the IoT Analytics channel to which message data will be sent.

        • channelName (string) --

          The name of the IoT Analytics channel to which message data will be sent.

        • roleArn (string) --

          The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).

      • stepFunctions (dict) --

        Starts execution of a Step Functions state machine.

        • executionNamePrefix (string) --

          (Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.

        • stateMachineName (string) -- [REQUIRED]

          The name of the Step Functions state machine whose execution will be started.

        • roleArn (string) -- [REQUIRED]

          The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").

  • ruleDisabled (boolean) --

    Specifies whether the rule is disabled.

  • awsIotSqlVersion (string) --

    The version of the SQL rules engine to use when evaluating the rule.

  • errorAction (dict) --

    The action to take when an error occurs.

    • dynamoDB (dict) --

      Write to a DynamoDB table.

      • tableName (string) -- [REQUIRED]

        The name of the DynamoDB table.

      • roleArn (string) -- [REQUIRED]

        The ARN of the IAM role that grants access to the DynamoDB table.

      • operation (string) --

        The type of operation to be performed. This follows the substitution template, so it can be ${operation} , but the substitution must result in one of the following: INSERT , UPDATE , or DELETE .

      • hashKeyField (string) -- [REQUIRED]

        The hash key name.

      • hashKeyValue (string) -- [REQUIRED]

        The hash key value.

      • hashKeyType (string) --

        The hash key type. Valid values are "STRING" or "NUMBER"

      • rangeKeyField (string) --

        The range key name.

      • rangeKeyValue (string) --

        The range key value.

      • rangeKeyType (string) --

        The range key type. Valid values are "STRING" or "NUMBER"

      • payloadField (string) --

        The action payload. This name can be customized.

    • dynamoDBv2 (dict) --

      Write to a DynamoDB table. This is a new version of the DynamoDB action. It allows you to write each attribute in an MQTT message payload into a separate DynamoDB column.

      • roleArn (string) --

        The ARN of the IAM role that grants access to the DynamoDB table.

      • putItem (dict) --

        Specifies the DynamoDB table to which the message data will be written. For example:

        { "dynamoDBv2": { "roleArn": "aws:iam:12341251:my-role" "putItem": { "tableName": "my-table" } } }

        Each attribute in the message payload will be written to a separate column in the DynamoDB database.

        • tableName (string) -- [REQUIRED]

          The table where the message data will be written

    • lambda (dict) --

      Invoke a Lambda function.

      • functionArn (string) -- [REQUIRED]

        The ARN of the Lambda function.

    • sns (dict) --

      Publish to an Amazon SNS topic.

      • targetArn (string) -- [REQUIRED]

        The ARN of the SNS topic.

      • roleArn (string) -- [REQUIRED]

        The ARN of the IAM role that grants access.

      • messageFormat (string) --

        (Optional) The message format of the message to publish. Accepted values are "JSON" and "RAW". The default value of the attribute is "RAW". SNS uses this setting to determine if the payload should be parsed and relevant platform-specific bits of the payload should be extracted. To read more about SNS message formats, see http://docs.aws.amazon.com/sns/latest/dg/json-formats.html refer to their official documentation.

    • sqs (dict) --

      Publish to an Amazon SQS queue.

      • roleArn (string) -- [REQUIRED]

        The ARN of the IAM role that grants access.

      • queueUrl (string) -- [REQUIRED]

        The URL of the Amazon SQS queue.

      • useBase64 (boolean) --

        Specifies whether to use Base64 encoding.

    • kinesis (dict) --

      Write data to an Amazon Kinesis stream.

      • roleArn (string) -- [REQUIRED]

        The ARN of the IAM role that grants access to the Amazon Kinesis stream.

      • streamName (string) -- [REQUIRED]

        The name of the Amazon Kinesis stream.

      • partitionKey (string) --

        The partition key.

    • republish (dict) --

      Publish to another MQTT topic.

      • roleArn (string) -- [REQUIRED]

        The ARN of the IAM role that grants access.

      • topic (string) -- [REQUIRED]

        The name of the MQTT topic.

    • s3 (dict) --

      Write to an Amazon S3 bucket.

      • roleArn (string) -- [REQUIRED]

        The ARN of the IAM role that grants access.

      • bucketName (string) -- [REQUIRED]

        The Amazon S3 bucket.

      • key (string) -- [REQUIRED]

        The object key.

      • cannedAcl (string) --

        The Amazon S3 canned ACL that controls access to the object identified by the object key. For more information, see S3 canned ACLs .

    • firehose (dict) --

      Write to an Amazon Kinesis Firehose stream.

      • roleArn (string) -- [REQUIRED]

        The IAM role that grants access to the Amazon Kinesis Firehose stream.

      • deliveryStreamName (string) -- [REQUIRED]

        The delivery stream name.

      • separator (string) --

        A character separator that will be used to separate records written to the Firehose stream. Valid values are: 'n' (newline), 't' (tab), 'rn' (Windows newline), ',' (comma).

    • cloudwatchMetric (dict) --

      Capture a CloudWatch metric.

      • roleArn (string) -- [REQUIRED]

        The IAM role that allows access to the CloudWatch metric.

      • metricNamespace (string) -- [REQUIRED]

        The CloudWatch metric namespace name.

      • metricName (string) -- [REQUIRED]

        The CloudWatch metric name.

      • metricValue (string) -- [REQUIRED]

        The CloudWatch metric value.

      • metricUnit (string) -- [REQUIRED]

        The metric unit supported by CloudWatch.

      • metricTimestamp (string) --

        An optional Unix timestamp .

    • cloudwatchAlarm (dict) --

      Change the state of a CloudWatch alarm.

      • roleArn (string) -- [REQUIRED]

        The IAM role that allows access to the CloudWatch alarm.

      • alarmName (string) -- [REQUIRED]

        The CloudWatch alarm name.

      • stateReason (string) -- [REQUIRED]

        The reason for the alarm change.

      • stateValue (string) -- [REQUIRED]

        The value of the alarm state. Acceptable values are: OK, ALARM, INSUFFICIENT_DATA.

    • elasticsearch (dict) --

      Write data to an Amazon Elasticsearch Service domain.

      • roleArn (string) -- [REQUIRED]

        The IAM role ARN that has access to Elasticsearch.

      • endpoint (string) -- [REQUIRED]

        The endpoint of your Elasticsearch domain.

      • index (string) -- [REQUIRED]

        The Elasticsearch index where you want to store your data.

      • type (string) -- [REQUIRED]

        The type of document you are storing.

      • id (string) -- [REQUIRED]

        The unique identifier for the document you are storing.

    • salesforce (dict) --

      Send a message to a Salesforce IoT Cloud Input Stream.

      • token (string) -- [REQUIRED]

        The token used to authenticate access to the Salesforce IoT Cloud Input Stream. The token is available from the Salesforce IoT Cloud platform after creation of the Input Stream.

      • url (string) -- [REQUIRED]

        The URL exposed by the Salesforce IoT Cloud Input Stream. The URL is available from the Salesforce IoT Cloud platform after creation of the Input Stream.

    • iotAnalytics (dict) --

      Sends message data to an AWS IoT Analytics channel.

      • channelArn (string) --

        (deprecated) The ARN of the IoT Analytics channel to which message data will be sent.

      • channelName (string) --

        The name of the IoT Analytics channel to which message data will be sent.

      • roleArn (string) --

        The ARN of the role which has a policy that grants IoT Analytics permission to send message data via IoT Analytics (iotanalytics:BatchPutMessage).

    • stepFunctions (dict) --

      Starts execution of a Step Functions state machine.

      • executionNamePrefix (string) --

        (Optional) A name will be given to the state machine execution consisting of this prefix followed by a UUID. Step Functions automatically creates a unique name for each state machine execution if one is not provided.

      • stateMachineName (string) -- [REQUIRED]

        The name of the Step Functions state machine whose execution will be started.

      • roleArn (string) -- [REQUIRED]

        The ARN of the role that grants IoT permission to start execution of a state machine ("Action":"states:StartExecution").

returns

None